git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227395
91177308-0d34-0410-b5e6-
96231b3b80d8
"If 1, exit after the first new interesting input is found.")
FUZZER_FLAG(int, timeout, -1, "Timeout in seconds (if positive).")
FUZZER_FLAG(int, help, 0, "Print help.")
"If 1, exit after the first new interesting input is found.")
FUZZER_FLAG(int, timeout, -1, "Timeout in seconds (if positive).")
FUZZER_FLAG(int, help, 0, "Print help.")
+FUZZER_FLAG(
+ int, save_minimized_corpus, 0,
+ "If 1, the minimized corpus is saved into the first input directory")
#include <dirent.h>
namespace fuzzer {
#include <dirent.h>
namespace fuzzer {
-std::vector<std::string> ListFilesInDir(const std::string &Dir) {
+static std::vector<std::string> ListFilesInDir(const std::string &Dir) {
std::vector<std::string> V;
DIR *D = opendir(Dir.c_str());
if (!D) return V;
std::vector<std::string> V;
DIR *D = opendir(Dir.c_str());
if (!D) return V;
void ReadDirToVectorOfUnits(const char *Path, std::vector<Unit> *V) {
for (auto &X : ListFilesInDir(Path))
void ReadDirToVectorOfUnits(const char *Path, std::vector<Unit> *V) {
for (auto &X : ListFilesInDir(Path))
- V->push_back(FileToVector(std::string(Path) + "/" + X));
+ V->push_back(FileToVector(DirPlusFile(Path, X)));
+}
+
+std::string DirPlusFile(const std::string &DirPath,
+ const std::string &FileName) {
+ return DirPath + "/" + FileName;
using namespace std::chrono;
Unit ReadFile(const char *Path);
using namespace std::chrono;
Unit ReadFile(const char *Path);
-std::vector<std::string> ListFilesInDir(const std::string &Dir);
void ReadDirToVectorOfUnits(const char *Path, std::vector<Unit> *V);
void WriteToFile(const Unit &U, const std::string &Path);
void ReadDirToVectorOfUnits(const char *Path, std::vector<Unit> *V);
void WriteToFile(const Unit &U, const std::string &Path);
+// Returns "Dir/FileName" or equivalent for the current OS.
+std::string DirPlusFile(const std::string &DirPath,
+ const std::string &FileName);
void Mutate(Unit *U, size_t MaxLen);
void Mutate(Unit *U, size_t MaxLen);
void ReadDir(const std::string &Path) {
ReadDirToVectorOfUnits(Path.c_str(), &Corpus);
}
void ReadDir(const std::string &Path) {
ReadDirToVectorOfUnits(Path.c_str(), &Corpus);
}
+ // Save the current corpus to OutputCorpus.
+ void SaveCorpus();
static void AlarmCallback();
static void AlarmCallback();
void Fuzzer::WriteToOutputCorpus(const Unit &U) {
if (Options.OutputCorpus.empty()) return;
void Fuzzer::WriteToOutputCorpus(const Unit &U) {
if (Options.OutputCorpus.empty()) return;
- std::string Path = Options.OutputCorpus + "/" + Hash(U);
+ std::string Path = DirPlusFile(Options.OutputCorpus, Hash(U));
WriteToFile(U, Path);
if (Options.Verbosity >= 2)
std::cerr << "Written to " << Path << std::endl;
WriteToFile(U, Path);
if (Options.Verbosity >= 2)
std::cerr << "Written to " << Path << std::endl;
std::cerr << "CRASHED; file written to " << Path << std::endl;
}
std::cerr << "CRASHED; file written to " << Path << std::endl;
}
+void Fuzzer::SaveCorpus() {
+ if (Options.OutputCorpus.empty()) return;
+ for (const auto &U : Corpus)
+ WriteToFile(U, DirPlusFile(Options.OutputCorpus, Hash(U)));
+ if (Options.Verbosity)
+ std::cerr << "Written corpus of " << Corpus.size() << " files to "
+ << Options.OutputCorpus << "\n";
+}
+
size_t Fuzzer::MutateAndTestOne(Unit *U) {
size_t NewUnits = 0;
for (size_t i = 0; i < Options.MutateDepth; i++) {
size_t Fuzzer::MutateAndTestOne(Unit *U) {
size_t NewUnits = 0;
for (size_t i = 0; i < Options.MutateDepth; i++) {
if (F.CorpusSize() == 0)
F.AddToCorpus(Unit()); // Can't fuzz empty corpus, so add an empty input.
F.ShuffleAndMinimize();
if (F.CorpusSize() == 0)
F.AddToCorpus(Unit()); // Can't fuzz empty corpus, so add an empty input.
F.ShuffleAndMinimize();
+ if (Flags.save_minimized_corpus)
+ F.SaveCorpus();
F.Loop(Flags.iterations < 0 ? INT_MAX : Flags.iterations);
if (Flags.verbosity)
std::cerr << "Done\n";
F.Loop(Flags.iterations < 0 ? INT_MAX : Flags.iterations);
if (Flags.verbosity)
std::cerr << "Done\n";
projects / oota-llvm.git / commitdiff