From 397ed3e704b42b19af6e1b12b09df29970cac4e7 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Thu, 6 Aug 2015 19:19:55 +0000 Subject: [PATCH] [libFuzzer] move the mutators to public interface so that custom mutators may reuse these functions directly git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244250 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Fuzzer/FuzzerInterface.cpp | 11 ------ lib/Fuzzer/FuzzerInterface.h | 39 +++++++++++++++++----- lib/Fuzzer/FuzzerInternal.h | 17 ---------- lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp | 4 +-- 4 files changed, 33 insertions(+), 38 deletions(-) diff --git a/lib/Fuzzer/FuzzerInterface.cpp b/lib/Fuzzer/FuzzerInterface.cpp index c7553f421fb..5df182ec595 100644 --- a/lib/Fuzzer/FuzzerInterface.cpp +++ b/lib/Fuzzer/FuzzerInterface.cpp @@ -29,15 +29,4 @@ UserSuppliedFuzzer::~UserSuppliedFuzzer() { delete Rand; } -size_t UserSuppliedFuzzer::BasicMutate(uint8_t *Data, size_t Size, - size_t MaxSize) { - return ::fuzzer::Mutate(Data, Size, MaxSize, *Rand); -} -size_t UserSuppliedFuzzer::BasicCrossOver(const uint8_t *Data1, size_t Size1, - const uint8_t *Data2, size_t Size2, - uint8_t *Out, size_t MaxOutSize) { - return ::fuzzer::CrossOver(Data1, Size1, Data2, Size2, Out, MaxOutSize, - *Rand); -} - } // namespace fuzzer. diff --git a/lib/Fuzzer/FuzzerInterface.h b/lib/Fuzzer/FuzzerInterface.h index 6acae6c67af..c4582d61f1a 100644 --- a/lib/Fuzzer/FuzzerInterface.h +++ b/lib/Fuzzer/FuzzerInterface.h @@ -62,6 +62,34 @@ class FuzzerRandomLibc : public FuzzerRandomBase { size_t Rand() override; }; + +/// Mutates data by shuffling bytes. +size_t Mutate_ShuffleBytes(uint8_t *Data, size_t Size, size_t MaxSize, + FuzzerRandomBase &Rand); +/// Mutates data by erasing a byte. +size_t Mutate_EraseByte(uint8_t *Data, size_t Size, size_t MaxSize, + FuzzerRandomBase &Rand); +/// Mutates data by inserting a byte. +size_t Mutate_InsertByte(uint8_t *Data, size_t Size, size_t MaxSize, + FuzzerRandomBase &Rand); +/// Mutates data by chanding one byte. +size_t Mutate_ChangeByte(uint8_t *Data, size_t Size, size_t MaxSize, + FuzzerRandomBase &Rand); +/// Mutates data by chanding one bit. +size_t Mutate_ChangeBit(uint8_t *Data, size_t Size, size_t MaxSize, + FuzzerRandomBase &Rand); + +/// Applies one of the above mutations. +/// Returns the new size of data which could be up to MaxSize. +size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, + FuzzerRandomBase &Rand); + +/// Creates a cross-over of two pieces of Data, returns its size. +size_t CrossOver(const uint8_t *Data1, size_t Size1, const uint8_t *Data2, + size_t Size2, uint8_t *Out, size_t MaxOutSize, + FuzzerRandomBase &Rand); + + /** An abstract class that allows to use user-supplied mutators with libFuzzer. Usage: @@ -94,25 +122,20 @@ class UserSuppliedFuzzer { /// Mutates 'Size' bytes of data in 'Data' inplace into up to 'MaxSize' bytes, /// returns the new size of the data, which should be positive. virtual size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) { - return BasicMutate(Data, Size, MaxSize); + return ::fuzzer::Mutate(Data, Size, MaxSize, GetRand()); } /// Crosses 'Data1' and 'Data2', writes up to 'MaxOutSize' bytes into Out, /// returns the number of bytes written, which should be positive. virtual size_t CrossOver(const uint8_t *Data1, size_t Size1, const uint8_t *Data2, size_t Size2, uint8_t *Out, size_t MaxOutSize) { - return BasicCrossOver(Data1, Size1, Data2, Size2, Out, MaxOutSize); + return ::fuzzer::CrossOver(Data1, Size1, Data2, Size2, Out, MaxOutSize, + GetRand()); } virtual ~UserSuppliedFuzzer(); FuzzerRandomBase &GetRand() { return *Rand; } - protected: - /// These can be called internally by Mutate and CrossOver. - size_t BasicMutate(uint8_t *Data, size_t Size, size_t MaxSize); - size_t BasicCrossOver(const uint8_t *Data1, size_t Size1, - const uint8_t *Data2, size_t Size2, - uint8_t *Out, size_t MaxOutSize); private: bool OwnRand = false; FuzzerRandomBase *Rand; diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h index e33ab702178..7e119d6f616 100644 --- a/lib/Fuzzer/FuzzerInternal.h +++ b/lib/Fuzzer/FuzzerInternal.h @@ -33,23 +33,6 @@ void CopyFileToErr(const std::string &Path); std::string DirPlusFile(const std::string &DirPath, const std::string &FileName); -size_t Mutate_ShuffleBytes(uint8_t *Data, size_t Size, size_t MaxSize, - FuzzerRandomBase &Rand); -size_t Mutate_EraseByte(uint8_t *Data, size_t Size, size_t MaxSize, - FuzzerRandomBase &Rand); -size_t Mutate_InsertByte(uint8_t *Data, size_t Size, size_t MaxSize, - FuzzerRandomBase &Rand); -size_t Mutate_ChangeByte(uint8_t *Data, size_t Size, size_t MaxSize, - FuzzerRandomBase &Rand); -size_t Mutate_ChangeBit(uint8_t *Data, size_t Size, size_t MaxSize, - FuzzerRandomBase &Rand); -size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, - FuzzerRandomBase &Rand); - -size_t CrossOver(const uint8_t *Data1, size_t Size1, const uint8_t *Data2, - size_t Size2, uint8_t *Out, size_t MaxOutSize, - FuzzerRandomBase &Rand); - void Printf(const char *Fmt, ...); void Print(const Unit &U, const char *PrintAfter = ""); void PrintASCII(const Unit &U, const char *PrintAfter = ""); diff --git a/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp b/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp index 8ebe1575ad0..1e497cb28fa 100644 --- a/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp +++ b/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp @@ -37,8 +37,8 @@ class MyFuzzer : public fuzzer::UserSuppliedFuzzer { Size = sizeof(kMagic); // "Fix" the data, then mutate. memcpy(Data, &kMagic, std::min(MaxSize, sizeof(kMagic))); - return BasicMutate(Data + sizeof(kMagic), Size - sizeof(kMagic), - MaxSize - sizeof(kMagic)); + return fuzzer::UserSuppliedFuzzer::Mutate( + Data + sizeof(kMagic), Size - sizeof(kMagic), MaxSize - sizeof(kMagic)); } // No need to redefine CrossOver() here. }; -- 2.34.1