replica
/
hanchenye-llvm-project
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[libFuzzer] simplify the code around Random. NFC 

llvm-svn: 260797
This commit is contained in:
Kostya Serebryany 2016-02-13 03:00:53 +00:00
parent ecab57b3ce
commit a399221c32
5 changed files with 39 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
llvm/lib/Fuzzer/FuzzerDriver.cpp
View File

@ -242,15 +242,12 @@ static bool AllInputsAreFiles() {
}
int FuzzerDriver(int argc, char **argv, UserCallback Callback) {
FuzzerRandom_mt19937 Rand(0);
std::vector<std::string> Args(argv, argv + argc);
return FuzzerDriver(Args, Callback);
}
int FuzzerDriver(const std::vector<std::string> &Args, UserCallback Callback) {
using namespace fuzzer;
FuzzerRandom_mt19937 Rand(0);
SimpleUserSuppliedFuzzer USF(&Rand, Callback);
assert(!Args.empty());
ProgName = new std::string(Args[0]);
ParseFlags(Args);
@ -309,6 +306,16 @@ int FuzzerDriver(const std::vector<std::string> &Args, UserCallback Callback) {
Options.SaveArtifacts = !Flags.test_single_input;
Options.PrintNewCovPcs = Flags.print_new_cov_pcs;
unsigned Seed = Flags.seed;
// Initialize Seed.
if (Seed == 0)
Seed = (std::chrono::system_clock::now().time_since_epoch().count() << 10) +
getpid();
if (Flags.verbosity)
Printf("Seed: %u\n", Seed);
Random Rand(Seed);
SimpleUserSuppliedFuzzer USF(&Rand, Callback);
Fuzzer F(USF, Options);
for (auto &U: Dictionary)
@ -349,14 +356,6 @@ int FuzzerDriver(const std::vector<std::string> &Args, UserCallback Callback) {
exit(0);
}
unsigned Seed = Flags.seed;
// Initialize Seed.
if (Seed == 0)
Seed = (std::chrono::system_clock::now().time_since_epoch().count() << 10) +
getpid();
if (Flags.verbosity)
Printf("Seed: %u\n", Seed);
USF.GetRand().ResetSeed(Seed);
F.RereadOutputCorpus();
for (auto &inp : *Inputs)

26
llvm/lib/Fuzzer/FuzzerInterface.cpp
View File

@ -16,24 +16,7 @@
namespace fuzzer {
void FuzzerRandomLibc::ResetSeed(unsigned int seed) { srand(seed); }
size_t FuzzerRandomLibc::Rand() { return rand(); }
struct FuzzerRandom_mt19937::Impl : public std::mt19937 {
Impl(unsigned seed) : std::mt19937(seed) {}
};
void FuzzerRandom_mt19937::ResetSeed(unsigned int seed) {
delete R;
R = new Impl(seed);
}
FuzzerRandom_mt19937::~FuzzerRandom_mt19937() { delete R; }
size_t FuzzerRandom_mt19937::Rand() { return (*R)(); }
UserSuppliedFuzzer::UserSuppliedFuzzer(FuzzerRandomBase *Rand)
UserSuppliedFuzzer::UserSuppliedFuzzer(Random *Rand)
: Rand(Rand), MD(new MutationDispatcher(*Rand)) {}
UserSuppliedFuzzer::~UserSuppliedFuzzer() {
@ -52,14 +35,9 @@ size_t UserSuppliedFuzzer::CrossOver(const uint8_t *Data1, size_t Size1,
return GetMD().CrossOver(Data1, Size1, Data2, Size2, Out, MaxOutSize);
}
size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize,
FuzzerRandomBase &Rand) {
MutationDispatcher MD(Rand);
return MD.Mutate(Data, Size, MaxSize);
}
size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed) {
FuzzerRandom_mt19937 R(Seed);
Random R(Seed);
MutationDispatcher MD(R);
return MD.Mutate(Data, Size, MaxSize);
}

47
llvm/lib/Fuzzer/FuzzerInternal.h
View File

@ -98,41 +98,16 @@ bool IsASCII(const Unit &U);
int NumberOfCpuCores();
int GetPid();
class FuzzerRandomBase {
class Random {
public:
FuzzerRandomBase(){}
virtual ~FuzzerRandomBase(){};
virtual void ResetSeed(unsigned int seed) = 0;
// Return a random number.
virtual size_t Rand() = 0;
// Return a random number in range [0,n).
Random(unsigned int seed) : R(seed) {}
size_t Rand() { return R(); }
size_t RandBool() { return Rand() % 2; }
size_t operator()(size_t n) { return n ? Rand() % n : 0; }
bool RandBool() { return Rand() % 2; }
};
// Using libc's stand/rand.
class FuzzerRandomLibc : public FuzzerRandomBase {
public:
FuzzerRandomLibc(unsigned int seed) { ResetSeed(seed); }
void ResetSeed(unsigned int seed) override;
~FuzzerRandomLibc() override {};
size_t Rand() override;
};
// Using std::mt19937
class FuzzerRandom_mt19937 : public FuzzerRandomBase {
public:
FuzzerRandom_mt19937(unsigned int seed) { ResetSeed(seed); }
void ResetSeed(unsigned int seed) override;
~FuzzerRandom_mt19937() override;
size_t Rand() override;
private:
struct Impl;
Impl *R = nullptr;
std::mt19937 R;
};
// Dictionary.
// Parses one dictionary entry.
@ -145,7 +120,7 @@ bool ParseDictionaryFile(const std::string &Text, std::vector<Unit> *Units);
class MutationDispatcher {
public:
MutationDispatcher(FuzzerRandomBase &Rand);
MutationDispatcher(Random &Rand);
~MutationDispatcher();
/// Indicate that we are about to start a new sequence of mutations.
void StartMutationSequence();
@ -199,14 +174,14 @@ public:
void SetCorpus(const std::vector<Unit> *Corpus);
private:
FuzzerRandomBase &Rand;
Random &Rand;
struct Impl;
Impl *MDImpl;
};
class UserSuppliedFuzzer {
public:
UserSuppliedFuzzer(FuzzerRandomBase *Rand);
UserSuppliedFuzzer(Random *Rand);
/// Executes the target function on 'Size' bytes of 'Data'.
virtual int TargetFunction(const uint8_t *Data, size_t Size) = 0;
/// Mutates 'Size' bytes of data in 'Data' inplace into up to 'MaxSize' bytes,
@ -219,13 +194,13 @@ class UserSuppliedFuzzer {
uint8_t *Out, size_t MaxOutSize);
virtual ~UserSuppliedFuzzer();
FuzzerRandomBase &GetRand() { return *Rand; }
Random &GetRand() { return *Rand; }
MutationDispatcher &GetMD() { return *MD; }
private:
bool OwnRand = false;
FuzzerRandomBase *Rand;
Random *Rand;
MutationDispatcher *MD;
};
@ -370,7 +345,7 @@ private:
class SimpleUserSuppliedFuzzer : public UserSuppliedFuzzer {
public:
SimpleUserSuppliedFuzzer(FuzzerRandomBase *Rand, UserCallback Callback)
SimpleUserSuppliedFuzzer(Random *Rand, UserCallback Callback)
: UserSuppliedFuzzer(Rand), Callback(Callback) {}
virtual int TargetFunction(const uint8_t *Data, size_t Size) override {

10
llvm/lib/Fuzzer/FuzzerMutate.cpp
View File

@ -90,10 +90,10 @@ struct MutationDispatcher::Impl {
std::vector<Mutator> CurrentMutatorSequence;
std::vector<DictionaryEntry *> CurrentDictionaryEntrySequence;
const std::vector<Unit> *Corpus = nullptr;
FuzzerRandomBase &Rand;
Random &Rand;
void Add(Mutator M) { Mutators.push_back(M); }
Impl(FuzzerRandomBase &Rand) : Rand(Rand) {
Impl(Random &Rand) : Rand(Rand) {
Add({&MutationDispatcher::Mutate_EraseByte, "EraseByte"});
Add({&MutationDispatcher::Mutate_InsertByte, "InsertByte"});
Add({&MutationDispatcher::Mutate_ChangeByte, "ChangeByte"});
@ -113,7 +113,7 @@ struct MutationDispatcher::Impl {
size_t MaxSize);
};
static char FlipRandomBit(char X, FuzzerRandomBase &Rand) {
static char FlipRandomBit(char X, Random &Rand) {
int Bit = Rand(8);
char Mask = 1 << Bit;
char R;
@ -125,7 +125,7 @@ static char FlipRandomBit(char X, FuzzerRandomBase &Rand) {
return R;
}
static char RandCh(FuzzerRandomBase &Rand) {
static char RandCh(Random &Rand) {
if (Rand.RandBool()) return Rand(256);
const char *Special = "!*'();:@&=+$,/?%#[]123ABCxyz-`~.";
return Special[Rand(sizeof(Special) - 1)];
@ -359,7 +359,7 @@ void MutationDispatcher::ClearAutoDictionary() {
MDImpl->TempAutoDictionary.clear();
}
MutationDispatcher::MutationDispatcher(FuzzerRandomBase &Rand) : Rand(Rand) {
MutationDispatcher::MutationDispatcher(Random &Rand) : Rand(Rand) {
MDImpl = new Impl(Rand);
}

22
llvm/lib/Fuzzer/test/FuzzerUnittest.cpp
View File

@ -11,7 +11,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
}
TEST(Fuzzer, CrossOver) {
FuzzerRandomLibc Rand(0);
Random Rand(0);
MutationDispatcher MD(Rand);
Unit A({0, 1, 2}), B({5, 6, 7});
Unit C;
@ -87,7 +87,7 @@ void TestEraseByte(Mutator M, int NumIter) {
uint8_t REM5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x66, 0x77};
uint8_t REM6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x77};
uint8_t REM7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
FuzzerRandomLibc Rand(0);
Random Rand(0);
MutationDispatcher MD(Rand);
int FoundMask = 0;
for (int i = 0; i < NumIter; i++) {
@ -113,7 +113,7 @@ TEST(FuzzerMutate, EraseByte2) {
}
void TestInsertByte(Mutator M, int NumIter) {
FuzzerRandomLibc Rand(0);
Random Rand(0);
MutationDispatcher MD(Rand);
int FoundMask = 0;
uint8_t INS0[8] = {0xF1, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
@ -147,7 +147,7 @@ TEST(FuzzerMutate, InsertByte2) {
}
void TestChangeByte(Mutator M, int NumIter) {
FuzzerRandomLibc Rand(0);
Random Rand(0);
MutationDispatcher MD(Rand);
int FoundMask = 0;
uint8_t CH0[8] = {0xF0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
@ -181,7 +181,7 @@ TEST(FuzzerMutate, ChangeByte2) {
}
void TestChangeBit(Mutator M, int NumIter) {
FuzzerRandomLibc Rand(0);
Random Rand(0);
MutationDispatcher MD(Rand);
int FoundMask = 0;
uint8_t CH0[8] = {0x01, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
@ -215,7 +215,7 @@ TEST(FuzzerMutate, ChangeBit2) {
}
void TestShuffleBytes(Mutator M, int NumIter) {
FuzzerRandomLibc Rand(0);
Random Rand(0);
MutationDispatcher MD(Rand);
int FoundMask = 0;
uint8_t CH0[7] = {0x00, 0x22, 0x11, 0x33, 0x44, 0x55, 0x66};
@ -236,14 +236,14 @@ void TestShuffleBytes(Mutator M, int NumIter) {
}
TEST(FuzzerMutate, ShuffleBytes1) {
TestShuffleBytes(&MutationDispatcher::Mutate_ShuffleBytes, 1 << 15);
TestShuffleBytes(&MutationDispatcher::Mutate_ShuffleBytes, 1 << 16);
}
TEST(FuzzerMutate, ShuffleBytes2) {
TestShuffleBytes(&MutationDispatcher::Mutate, 1 << 19);
}
void TestAddWordFromDictionary(Mutator M, int NumIter) {
FuzzerRandomLibc Rand(0);
Random Rand(0);
MutationDispatcher MD(Rand);
uint8_t Word1[4] = {0xAA, 0xBB, 0xCC, 0xDD};
uint8_t Word2[3] = {0xFF, 0xEE, 0xEF};
@ -283,7 +283,7 @@ TEST(FuzzerMutate, AddWordFromDictionary2) {
}
void TestAddWordFromDictionaryWithHint(Mutator M, int NumIter) {
FuzzerRandomLibc Rand(0);
Random Rand(0);
MutationDispatcher MD(Rand);
uint8_t W[] = {0xAA, 0xBB, 0xCC, 0xDD, 0xFF, 0xEE, 0xEF};
size_t PosHint = 7777;
@ -310,7 +310,7 @@ TEST(FuzzerMutate, AddWordFromDictionaryWithHint2) {
}
void TestChangeASCIIInteger(Mutator M, int NumIter) {
FuzzerRandomLibc Rand(0);
Random Rand(0);
MutationDispatcher MD(Rand);
uint8_t CH0[8] = {'1', '2', '3', '4', '5', '6', '7', '7'};
@ -402,7 +402,7 @@ TEST(FuzzerUtil, Base64) {
}
TEST(Corpus, Distribution) {
FuzzerRandomLibc Rand(0);
Random Rand(0);
SimpleUserSuppliedFuzzer USF(&Rand, LLVMFuzzerTestOneInput);
Fuzzer::FuzzingOptions Options;
Fuzzer Fuzz(USF, Options);