// Define the main class fuzzer::Fuzzer and most functions.
//===----------------------------------------------------------------------===//
#include <cassert>
+#include <climits>
#include <chrono>
#include <cstddef>
#include <cstdlib>
#include <vector>
#include <unordered_set>
+#include "FuzzerInterface.h"
+
namespace fuzzer {
typedef std::vector<uint8_t> Unit;
using namespace std::chrono;
Unit ReadFile(const char *Path);
void ReadDirToVectorOfUnits(const char *Path, std::vector<Unit> *V);
void WriteToFile(const Unit &U, const std::string &Path);
+void CopyFileToErr(const std::string &Path);
// Returns "Dir/FileName" or equivalent for the current OS.
std::string DirPlusFile(const std::string &DirPath,
const std::string &FileName);
int Verbosity = 1;
int MaxLen = 0;
bool DoCrossOver = true;
- bool MutateDepth = 10;
+ int MutateDepth = 5;
bool ExitOnFirst = false;
+ bool UseCounters = false;
bool UseFullCoverageSet = false;
+ bool UseCoveragePairs = false;
+ int PreferSmallDuringInitialShuffle = -1;
+ size_t MaxNumberOfRuns = ULONG_MAX;
std::string OutputCorpus;
};
- Fuzzer(FuzzingOptions Options) : Options(Options) {
+ Fuzzer(UserCallback Callback, FuzzingOptions Options)
+ : Callback(Callback), Options(Options) {
SetDeathCallback();
}
void AddToCorpus(const Unit &U) { Corpus.push_back(U); }
// Save the current corpus to OutputCorpus.
void SaveCorpus();
+ size_t secondsSinceProcessStartUp() {
+ return duration_cast<seconds>(system_clock::now() - ProcessStartTime)
+ .count();
+ }
+
+ size_t getTotalNumberOfRuns() { return TotalNumberOfRuns; }
+
static void AlarmCallback();
private:
size_t RunOne(const Unit &U);
size_t RunOneMaximizeTotalCoverage(const Unit &U);
size_t RunOneMaximizeFullCoverageSet(const Unit &U);
+ size_t RunOneMaximizeCoveragePairs(const Unit &U);
void WriteToOutputCorpus(const Unit &U);
static void WriteToCrash(const Unit &U, const char *Prefix);
std::vector<Unit> Corpus;
std::unordered_set<uintptr_t> FullCoverageSets;
+ std::unordered_set<uint64_t> CoveragePairs;
+
+ // For UseCounters
+ std::vector<uint8_t> CounterBitmap;
+ size_t TotalBits() { // Slow. Call it only for printing stats.
+ size_t Res = 0;
+ for (auto x : CounterBitmap) Res += __builtin_popcount(x);
+ return Res;
+ }
+
+ UserCallback Callback;
FuzzingOptions Options;
system_clock::time_point ProcessStartTime = system_clock::now();
static system_clock::time_point UnitStartTime;