[libFuzzer] add -merge flag to merge corpora

[oota-llvm.git] / lib / Fuzzer / FuzzerInternal.h

diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h
index 7391e5ff0bdbcb8afbf1641a4ce5eb0cb479e0e9..d6e1cb85a2350f97f8e9ab8244f6bd3f57b4a4a4 100644 (file)
--- a/lib/Fuzzer/FuzzerInternal.h
+++ b/lib/Fuzzer/FuzzerInternal.h
@@ -79,6 +79,7 @@ class Fuzzer {
     int  MutateDepth = 5;
     bool ExitOnFirst = false;
     bool UseCounters = false;
+    bool UseIndirCalls = true;
     bool UseTraces = false;
     bool UseFullCoverageSet  = false;
     bool Reload = true;
@@ -93,7 +94,6 @@ class Fuzzer {
     std::string OutputCorpus;
     std::string SyncCommand;
     std::string ArtifactPrefix = "./";
-    std::vector<std::string> Tokens;
     std::vector<Unit> Dictionary;
     bool SaveArtifacts = true;
   };
@@ -104,6 +104,7 @@ class Fuzzer {
   void InitializeTraceState();
   size_t CorpusSize() const { return Corpus.size(); }
   void ReadDir(const std::string &Path, long *Epoch) {
+    Printf("Loading corpus: %s\n", Path.c_str());
     ReadDirToVectorOfUnits(Path.c_str(), &Corpus, Epoch);
   }
   void RereadOutputCorpus();
@@ -119,24 +120,30 @@ class Fuzzer {
 
   static void StaticAlarmCallback();
 
-  Unit SubstituteTokens(const Unit &U) const;
   void ExecuteCallback(const Unit &U);
 
+  // Merge Corpora[1:] into Corpora[0].
+  void Merge(const std::vector<std::string> &Corpora);
+
  private:
   void AlarmCallback();
   void MutateAndTestOne(Unit *U);
-  void ReportNewCoverage(size_t NewCoverage, const Unit &U);
-  size_t RunOne(const Unit &U);
+  void ReportNewCoverage(const Unit &U);
+  bool RunOne(const Unit &U);
   void RunOneAndUpdateCorpus(Unit &U);
-  size_t RunOneMaximizeTotalCoverage(const Unit &U);
-  size_t RunOneMaximizeCoveragePairs(const Unit &U);
   void WriteToOutputCorpus(const Unit &U);
   void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix);
-  void PrintStats(const char *Where, size_t Cov, const char *End = "\n");
-  void PrintUnitInASCIIOrTokens(const Unit &U, const char *PrintAfter = "");
+  void PrintStats(const char *Where, const char *End = "\n");
+  void PrintUnitInASCII(const Unit &U, const char *PrintAfter = "");
 
   void SyncCorpus();
 
+  size_t RecordBlockCoverage();
+  size_t RecordCallerCalleeCoverage();
+  void PrepareCoverageBeforeRun();
+  bool CheckCoverageAfterRun();
+
+
   // Trace-based fuzzing: we run a unit with some kind of tracing
   // enabled and record potentially useful mutations. Then
   // We apply these mutations one by one to the unit and run it again.
@@ -174,6 +181,8 @@ class Fuzzer {
   system_clock::time_point UnitStartTime;
   long TimeOfLongestUnitInSeconds = 0;
   long EpochOfLastReadOfOutputCorpus = 0;
+  size_t LastRecordedBlockCoverage = 0;
+  size_t LastRecordedCallerCalleeCoverage = 0;
 };
 
 class SimpleUserSuppliedFuzzer: public UserSuppliedFuzzer {
@@ -181,17 +190,11 @@ class SimpleUserSuppliedFuzzer: public UserSuppliedFuzzer {
   SimpleUserSuppliedFuzzer(FuzzerRandomBase *Rand, UserCallback Callback)
       : UserSuppliedFuzzer(Rand), Callback(Callback) {}
 
-  SimpleUserSuppliedFuzzer(FuzzerRandomBase *Rand, DeprecatedUserCallback Callback)
-      : UserSuppliedFuzzer(Rand), DeprecatedCallback(Callback) {}
-
   virtual int TargetFunction(const uint8_t *Data, size_t Size) override {
-    if (Callback) return Callback(Data, Size);
-    DeprecatedCallback(Data, Size);
-    return 0;
+    return Callback(Data, Size);
   }
 
  private:
-  DeprecatedUserCallback DeprecatedCallback = nullptr;
   UserCallback Callback = nullptr;
 };