aboutsummaryrefslogtreecommitdiffstats
path: root/lib/Fuzzer/FuzzerInternal.h
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Fuzzer/FuzzerInternal.h')
-rw-r--r--lib/Fuzzer/FuzzerInternal.h104
1 files changed, 104 insertions, 0 deletions
diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h
new file mode 100644
index 0000000..980b00e
--- /dev/null
+++ b/lib/Fuzzer/FuzzerInternal.h
@@ -0,0 +1,104 @@
+//===- FuzzerInternal.h - Internal header for the Fuzzer --------*- C++ -* ===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+// Define the main class fuzzer::Fuzzer and most functions.
+//===----------------------------------------------------------------------===//
+#include <cassert>
+#include <climits>
+#include <chrono>
+#include <cstddef>
+#include <cstdlib>
+#include <string>
+#include <vector>
+#include <unordered_set>
+
+#include "FuzzerInterface.h"
+
+namespace fuzzer {
+typedef std::vector<uint8_t> Unit;
+using namespace std::chrono;
+
+Unit ReadFile(const char *Path);
+void ReadDirToVectorOfUnits(const char *Path, std::vector<Unit> *V);
+void WriteToFile(const Unit &U, const std::string &Path);
+void CopyFileToErr(const std::string &Path);
+// Returns "Dir/FileName" or equivalent for the current OS.
+std::string DirPlusFile(const std::string &DirPath,
+ const std::string &FileName);
+
+void Mutate(Unit *U, size_t MaxLen);
+
+void CrossOver(const Unit &A, const Unit &B, Unit *U, size_t MaxLen);
+
+void Print(const Unit &U, const char *PrintAfter = "");
+void PrintASCII(const Unit &U, const char *PrintAfter = "");
+std::string Hash(const Unit &U);
+void SetTimer(int Seconds);
+
+class Fuzzer {
+ public:
+ struct FuzzingOptions {
+ int Verbosity = 1;
+ int MaxLen = 0;
+ bool DoCrossOver = true;
+ int MutateDepth = 5;
+ bool ExitOnFirst = false;
+ bool UseFullCoverageSet = false;
+ bool UseCoveragePairs = false;
+ int PreferSmallDuringInitialShuffle = -1;
+ size_t MaxNumberOfRuns = ULONG_MAX;
+ std::string OutputCorpus;
+ };
+ Fuzzer(UserCallback Callback, FuzzingOptions Options)
+ : Callback(Callback), Options(Options) {
+ SetDeathCallback();
+ }
+ void AddToCorpus(const Unit &U) { Corpus.push_back(U); }
+ size_t Loop(size_t NumIterations);
+ void ShuffleAndMinimize();
+ size_t CorpusSize() const { return Corpus.size(); }
+ void ReadDir(const std::string &Path) {
+ ReadDirToVectorOfUnits(Path.c_str(), &Corpus);
+ }
+ // Save the current corpus to OutputCorpus.
+ void SaveCorpus();
+
+ size_t secondsSinceProcessStartUp() {
+ return duration_cast<seconds>(system_clock::now() - ProcessStartTime)
+ .count();
+ }
+
+ size_t getTotalNumberOfRuns() { return TotalNumberOfRuns; }
+
+ static void AlarmCallback();
+
+ private:
+ size_t MutateAndTestOne(Unit *U);
+ size_t RunOne(const Unit &U);
+ size_t RunOneMaximizeTotalCoverage(const Unit &U);
+ size_t RunOneMaximizeFullCoverageSet(const Unit &U);
+ size_t RunOneMaximizeCoveragePairs(const Unit &U);
+ void WriteToOutputCorpus(const Unit &U);
+ static void WriteToCrash(const Unit &U, const char *Prefix);
+
+ void SetDeathCallback();
+ static void DeathCallback();
+ static Unit CurrentUnit;
+
+ size_t TotalNumberOfRuns = 0;
+
+ std::vector<Unit> Corpus;
+ std::unordered_set<uintptr_t> FullCoverageSets;
+ std::unordered_set<uint64_t> CoveragePairs;
+ UserCallback Callback;
+ FuzzingOptions Options;
+ system_clock::time_point ProcessStartTime = system_clock::now();
+ static system_clock::time_point UnitStartTime;
+};
+
+}; // namespace fuzzer