[libFuzzer] when a new unit is discovered using a dictionary, print all used dictiona...

author Kostya Serebryany <kcc@google.com>

Tue, 12 Jan 2016 02:36:59 +0000 (02:36 +0000)

committer Kostya Serebryany <kcc@google.com>

Tue, 12 Jan 2016 02:36:59 +0000 (02:36 +0000)
author Kostya Serebryany <kcc@google.com>
Tue, 12 Jan 2016 02:36:59 +0000 (02:36 +0000)
committer Kostya Serebryany <kcc@google.com>
Tue, 12 Jan 2016 02:36:59 +0000 (02:36 +0000)
diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h

index 1f4f8fb336b21face822341d7031379b117f28b9..c1e9daac98089c902cc5c84ffbe7894c6f86b536 100644 (file)
--- a/lib/Fuzzer/FuzzerInternal.h
+++ b/lib/Fuzzer/FuzzerInternal.h
@@ -38,6 +38,7 @@ std::string DirPlusFile(const std::string &DirPath,
  
  void Printf(const char *Fmt, ...);
  void Print(const Unit &U, const char *PrintAfter = "");
+void PrintASCII(const uint8_t *Data, size_t Size, const char *PrintAfter = "");
  void PrintASCII(const Unit &U, const char *PrintAfter = "");
  std::string Hash(const Unit &U);
  void SetTimer(int Seconds);
diff --git a/lib/Fuzzer/FuzzerMutate.cpp b/lib/Fuzzer/FuzzerMutate.cpp

index 219837f4a0fa031e60db1d9efa36f46c4f0b1663..30e5b43c0839005f0392e99ed1088a5dba53ffef 100644 (file)
--- a/lib/Fuzzer/FuzzerMutate.cpp
+++ b/lib/Fuzzer/FuzzerMutate.cpp
@@ -32,6 +32,7 @@ struct MutationDispatcher::Impl {
    std::vector<DictionaryEntry> AutoDictionary;
    std::vector<Mutator> Mutators;
    std::vector<Mutator> CurrentMutatorSequence;
+  std::vector<DictionaryEntry> CurrentDictionaryEntrySequence;
    const std::vector<Unit> *Corpus = nullptr;
    FuzzerRandomBase &Rand;
  
@@ -146,13 +147,14 @@ size_t MutationDispatcher::Impl::AddWordFromDictionary(
      size_t Idx = UsePositionHint ? PositionHint : Rand(Size + 1);
      memmove(Data + Idx + Word.size(), Data + Idx, Size - Idx);
      memcpy(Data + Idx, Word.data(), Word.size());
-    return Size + Word.size();
+    Size += Word.size();
    } else {  // Overwrite some bytes with Word.
      if (Word.size() > Size) return 0;
      size_t Idx = UsePositionHint ? PositionHint : Rand(Size - Word.size());
      memcpy(Data + Idx, Word.data(), Word.size());
-    return Size;
    }
+  CurrentDictionaryEntrySequence.push_back(DE);
+  return Size;
  }
  
  size_t MutationDispatcher::Mutate_ChangeASCIIInteger(uint8_t *Data, size_t Size,
@@ -206,12 +208,20 @@ size_t MutationDispatcher::Mutate_CrossOver(uint8_t *Data, size_t Size,
  
  void MutationDispatcher::StartMutationSequence() {
    MDImpl->CurrentMutatorSequence.clear();
+  MDImpl->CurrentDictionaryEntrySequence.clear();
  }
  
  void MutationDispatcher::PrintMutationSequence() {
    Printf("MS: %zd ", MDImpl->CurrentMutatorSequence.size());
    for (auto M : MDImpl->CurrentMutatorSequence)
      Printf("%s-", M.Name);
+  if (!MDImpl->CurrentDictionaryEntrySequence.empty()) {
+    Printf(" DE: ");
+    for (auto DE : MDImpl->CurrentDictionaryEntrySequence) {
+      Printf("\"");
+      PrintASCII(DE.Word, "\"-");
+    }
+  }
  }
  
  // Mutates Data in place, returns new size.
diff --git a/lib/Fuzzer/FuzzerTraceState.cpp b/lib/Fuzzer/FuzzerTraceState.cpp

index 975cfbdf1d1b3a12fa9210300980b41dedcc14e1..00f1ebd0619b1a7f1d9500aa6cdc4d9083122544 100644 (file)
--- a/lib/Fuzzer/FuzzerTraceState.cpp
+++ b/lib/Fuzzer/FuzzerTraceState.cpp
@@ -170,25 +170,6 @@ struct TraceBasedMutation {
    uint8_t  Data[kMaxSize];
  };
  
-static void PrintDataByte(uint8_t Byte) {
-  if (Byte == '\\')
-    Printf("\\\\");
-  else if (Byte == '"')
-    Printf("\\\"");
-  else if (Byte >= 32 && Byte < 127)
-    Printf("%c", Byte);
-  else
-    Printf("\\x%02x", Byte);
-}
-
-static void PrintData(const uint8_t *Data, size_t Size) {
-  Printf("\"");
-  for (size_t i = 0; i < Size; i++) {
-    PrintDataByte(Data[i]);
-  }
-  Printf("\"");
-}
-
  const size_t TraceBasedMutation::kMaxSize;
  
  class TraceState {
@@ -249,7 +230,7 @@ class TraceState {
            Printf("AutoDict:\n");
            for (auto &I : CountedUnits) {
              Printf("   %zd ", I.first);
-            PrintData(I.second.data(), I.second.size());
+            PrintASCII(I.second);
              Printf("\n");
            }
          }
@@ -440,8 +421,8 @@ void TraceState::TraceMemcmpCallback(size_t CmpSize, const uint8_t *Data1,
    int Added1 = TryToAddDesiredData(Data2, Data1, CmpSize);
    if ((Added1 || Added2) && Options.Verbosity >= 3) {
      Printf("MemCmp Added %d%d: ", Added1, Added2);
-    if (Added1) PrintData(Data1, CmpSize);
-    if (Added2) PrintData(Data2, CmpSize);
+    if (Added1) PrintASCII(Data1, CmpSize);
+    if (Added2) PrintASCII(Data2, CmpSize);
      Printf("\n");
    }
  }
diff --git a/lib/Fuzzer/FuzzerUtil.cpp b/lib/Fuzzer/FuzzerUtil.cpp

index 6c1133fffd37951b198df687d712318c6f7b4815..d7226cfce966e28d5cc4f404d2f86dcc994ef4c2 100644 (file)
--- a/lib/Fuzzer/FuzzerUtil.cpp
+++ b/lib/Fuzzer/FuzzerUtil.cpp
@@ -27,13 +27,26 @@ void Print(const Unit &v, const char *PrintAfter) {
    Printf("%s", PrintAfter);
  }
  
+void PrintASCIIByte(uint8_t Byte) {
+  if (Byte == '\\')
+    Printf("\\\\");
+  else if (Byte == '"')
+    Printf("\\\"");
+  else if (Byte >= 32 && Byte < 127)
+    Printf("%c", Byte);
+  else
+    Printf("\\x%02x", Byte);
+}
+
+void PrintASCII(const uint8_t *Data, size_t Size, const char *PrintAfter) {
+  for (size_t i = 0; i < Size; i++)
+    PrintASCIIByte(Data[i]);
+  Printf("%s", PrintAfter);
+}
+
  void PrintASCII(const Unit &U, const char *PrintAfter) {
-  for (auto X : U) {
-    if (isprint(X))
-      Printf("%c", X);
-    else
-      Printf("\\x%x", (unsigned)X);
-  }
+  for (auto X : U)
+    PrintASCIIByte(X);
    Printf("%s", PrintAfter);
  }
author	Kostya Serebryany <kcc@google.com>
	Tue, 12 Jan 2016 02:36:59 +0000 (02:36 +0000)
committer	Kostya Serebryany <kcc@google.com>
	Tue, 12 Jan 2016 02:36:59 +0000 (02:36 +0000)
lib/Fuzzer/FuzzerInternal.h		patch \| blob \| history
lib/Fuzzer/FuzzerMutate.cpp		patch \| blob \| history
lib/Fuzzer/FuzzerTraceState.cpp		patch \| blob \| history
lib/Fuzzer/FuzzerUtil.cpp		patch \| blob \| history