[llvm] r260796 - [libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea).
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Fri Feb 12 18:39:32 PST 2016
Author: kcc
Date: Fri Feb 12 20:39:30 2016
New Revision: 260796
URL: http://llvm.org/viewvc/llvm-project?rev=260796&view=rev
Log:
[libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea).
Removed:
llvm/trunk/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp
Modified:
llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
llvm/trunk/lib/Fuzzer/FuzzerInterface.h
llvm/trunk/lib/Fuzzer/FuzzerInternal.h
llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
llvm/trunk/lib/Fuzzer/test/fuzzer.test
Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=260796&r1=260795&r2=260796&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Fri Feb 12 20:39:30 2016
@@ -243,24 +243,14 @@ static bool AllInputsAreFiles() {
int FuzzerDriver(int argc, char **argv, UserCallback Callback) {
FuzzerRandom_mt19937 Rand(0);
- SimpleUserSuppliedFuzzer SUSF(&Rand, Callback);
- return FuzzerDriver(argc, argv, SUSF);
-}
-
-int FuzzerDriver(int argc, char **argv, UserSuppliedFuzzer &USF) {
std::vector<std::string> Args(argv, argv + argc);
- return FuzzerDriver(Args, USF);
+ return FuzzerDriver(Args, Callback);
}
int FuzzerDriver(const std::vector<std::string> &Args, UserCallback Callback) {
- FuzzerRandom_mt19937 Rand(0);
- SimpleUserSuppliedFuzzer SUSF(&Rand, Callback);
- return FuzzerDriver(Args, SUSF);
-}
-
-int FuzzerDriver(const std::vector<std::string> &Args,
- UserSuppliedFuzzer &USF) {
using namespace fuzzer;
+ FuzzerRandom_mt19937 Rand(0);
+ SimpleUserSuppliedFuzzer USF(&Rand, Callback);
assert(!Args.empty());
ProgName = new std::string(Args[0]);
ParseFlags(Args);
Modified: llvm/trunk/lib/Fuzzer/FuzzerInterface.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInterface.h?rev=260796&r1=260795&r2=260796&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInterface.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInterface.h Fri Feb 12 20:39:30 2016
@@ -64,6 +64,7 @@ int LLVMFuzzerInitialize(int *argc, char
}
// Implement your own main() or use the one from FuzzerMain.cpp.
+// *NOT* recommended for most cases.
int main(int argc, char **argv) {
InitializeMeIfNeeded();
return fuzzer::FuzzerDriver(argc, argv, LLVMFuzzerTestOneInput);
@@ -72,102 +73,13 @@ int main(int argc, char **argv) {
*/
int FuzzerDriver(int argc, char **argv, UserCallback Callback);
-class FuzzerRandomBase {
- public:
- FuzzerRandomBase(){}
- virtual ~FuzzerRandomBase(){};
- virtual void ResetSeed(unsigned int seed) = 0;
- // Return a random number.
- virtual size_t Rand() = 0;
- // Return a random number in range [0,n).
- size_t operator()(size_t n) { return n ? Rand() % n : 0; }
- bool RandBool() { return Rand() % 2; }
-};
-
-// Using libc's stand/rand.
-class FuzzerRandomLibc : public FuzzerRandomBase {
- public:
- FuzzerRandomLibc(unsigned int seed) { ResetSeed(seed); }
- void ResetSeed(unsigned int seed) override;
- ~FuzzerRandomLibc() override {};
- size_t Rand() override;
-};
-
-// Using std::mt19937
-class FuzzerRandom_mt19937 : public FuzzerRandomBase {
- public:
- FuzzerRandom_mt19937(unsigned int seed) { ResetSeed(seed); }
- void ResetSeed(unsigned int seed) override;
- ~FuzzerRandom_mt19937() override;
- size_t Rand() override;
- private:
- struct Impl;
- Impl *R = nullptr;
-};
-
-// For backward compatibility only, deprecated.
-size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize,
- FuzzerRandomBase &Rand);
-
-size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed);
-
-class MutationDispatcher;
-
-/** An abstract class that allows to use user-supplied mutators with libFuzzer.
-
-Usage:
-
-#\code
-#include "FuzzerInterface.h"
-class MyFuzzer : public fuzzer::UserSuppliedFuzzer {
- public:
- MyFuzzer(fuzzer::FuzzerRandomBase *Rand);
- // Must define the target function.
- int TargetFunction(...) { ...; return 0; }
- // Optionally define the mutator.
- size_t Mutate(...) { ... }
- // Optionally define the CrossOver method.
- size_t CrossOver(...) { ... }
-};
-
-int main(int argc, char **argv) {
- MyFuzzer F;
- fuzzer::FuzzerDriver(argc, argv, F);
-}
-#\endcode
-*/
-class UserSuppliedFuzzer {
- public:
- UserSuppliedFuzzer(FuzzerRandomBase *Rand);
- /// Executes the target function on 'Size' bytes of 'Data'.
- virtual int TargetFunction(const uint8_t *Data, size_t Size) = 0;
- /// Mutates 'Size' bytes of data in 'Data' inplace into up to 'MaxSize' bytes,
- /// returns the new size of the data, which should be positive.
- virtual size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize);
- /// Crosses 'Data1' and 'Data2', writes up to 'MaxOutSize' bytes into Out,
- /// returns the number of bytes written, which should be positive.
- virtual size_t CrossOver(const uint8_t *Data1, size_t Size1,
- const uint8_t *Data2, size_t Size2,
- uint8_t *Out, size_t MaxOutSize);
- virtual ~UserSuppliedFuzzer();
-
- FuzzerRandomBase &GetRand() { return *Rand; }
-
- MutationDispatcher &GetMD() { return *MD; }
-
- private:
- bool OwnRand = false;
- FuzzerRandomBase *Rand;
- MutationDispatcher *MD;
-};
-
-/// Runs the fuzzing with the UserSuppliedFuzzer.
-int FuzzerDriver(int argc, char **argv, UserSuppliedFuzzer &USF);
-
/// More C++-ish interface.
-int FuzzerDriver(const std::vector<std::string> &Args, UserSuppliedFuzzer &USF);
int FuzzerDriver(const std::vector<std::string> &Args, UserCallback Callback);
+// Same interface as LLVMFuzzerTestOneInput.
+// Can be used inside the user-supplied LLVMFuzzerTestOneInput.
+size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed);
+
} // namespace fuzzer
#endif // LLVM_FUZZER_INTERFACE_H
Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=260796&r1=260795&r2=260796&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Fri Feb 12 20:39:30 2016
@@ -98,6 +98,41 @@ bool IsASCII(const Unit &U);
int NumberOfCpuCores();
int GetPid();
+class FuzzerRandomBase {
+ public:
+ FuzzerRandomBase(){}
+ virtual ~FuzzerRandomBase(){};
+ virtual void ResetSeed(unsigned int seed) = 0;
+ // Return a random number.
+ virtual size_t Rand() = 0;
+ // Return a random number in range [0,n).
+ size_t operator()(size_t n) { return n ? Rand() % n : 0; }
+ bool RandBool() { return Rand() % 2; }
+};
+
+// Using libc's stand/rand.
+class FuzzerRandomLibc : public FuzzerRandomBase {
+ public:
+ FuzzerRandomLibc(unsigned int seed) { ResetSeed(seed); }
+ void ResetSeed(unsigned int seed) override;
+ ~FuzzerRandomLibc() override {};
+ size_t Rand() override;
+};
+
+// Using std::mt19937
+class FuzzerRandom_mt19937 : public FuzzerRandomBase {
+ public:
+ FuzzerRandom_mt19937(unsigned int seed) { ResetSeed(seed); }
+ void ResetSeed(unsigned int seed) override;
+ ~FuzzerRandom_mt19937() override;
+ size_t Rand() override;
+ private:
+ struct Impl;
+ Impl *R = nullptr;
+};
+
+
+
// Dictionary.
// Parses one dictionary entry.
@@ -169,6 +204,31 @@ private:
Impl *MDImpl;
};
+class UserSuppliedFuzzer {
+ public:
+ UserSuppliedFuzzer(FuzzerRandomBase *Rand);
+ /// Executes the target function on 'Size' bytes of 'Data'.
+ virtual int TargetFunction(const uint8_t *Data, size_t Size) = 0;
+ /// Mutates 'Size' bytes of data in 'Data' inplace into up to 'MaxSize' bytes,
+ /// returns the new size of the data, which should be positive.
+ virtual size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize);
+ /// Crosses 'Data1' and 'Data2', writes up to 'MaxOutSize' bytes into Out,
+ /// returns the number of bytes written, which should be positive.
+ virtual size_t CrossOver(const uint8_t *Data1, size_t Size1,
+ const uint8_t *Data2, size_t Size2,
+ uint8_t *Out, size_t MaxOutSize);
+ virtual ~UserSuppliedFuzzer();
+
+ FuzzerRandomBase &GetRand() { return *Rand; }
+
+ MutationDispatcher &GetMD() { return *MD; }
+
+ private:
+ bool OwnRand = false;
+ FuzzerRandomBase *Rand;
+ MutationDispatcher *MD;
+};
+
class Fuzzer {
public:
struct FuzzingOptions {
Modified: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CMakeLists.txt?rev=260796&r1=260795&r2=260796&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt (original)
+++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt Fri Feb 12 20:39:30 2016
@@ -37,7 +37,6 @@ set(Tests
)
set(CustomMainTests
- UserSuppliedFuzzerTest
)
set(UninstrumentedTests
Removed: llvm/trunk/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp?rev=260795&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp (removed)
@@ -1,51 +0,0 @@
-// Simple test for a fuzzer.
-// The fuzzer must find the string "Hi!" preceded by a magic value.
-// Uses UserSuppliedFuzzer which ensures that the magic is present.
-#include <cstdint>
-#include <cassert>
-#include <cstdlib>
-#include <cstddef>
-#include <cstring>
-#include <iostream>
-
-#include "FuzzerInterface.h"
-
-static const uint64_t kMagic = 8860221463604ULL;
-
-class MyFuzzer : public fuzzer::UserSuppliedFuzzer {
- public:
- MyFuzzer(fuzzer::FuzzerRandomBase *Rand)
- : fuzzer::UserSuppliedFuzzer(Rand) {}
- int TargetFunction(const uint8_t *Data, size_t Size) {
- if (Size <= 10) return 0;
- if (memcmp(Data, &kMagic, sizeof(kMagic))) return 0;
- // It's hard to get here w/o advanced fuzzing techniques (e.g. cmp tracing).
- // So, we simply 'fix' the data in the custom mutator.
- if (Data[8] == 'H') {
- if (Data[9] == 'i') {
- if (Data[10] == '!') {
- std::cout << "BINGO; Found the target, exiting\n";
- exit(1);
- }
- }
- }
- return 0;
- }
- // Custom mutator.
- virtual size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) {
- assert(MaxSize > sizeof(kMagic));
- if (Size < sizeof(kMagic))
- Size = sizeof(kMagic);
- // "Fix" the data, then mutate.
- memcpy(Data, &kMagic, std::min(MaxSize, sizeof(kMagic)));
- return fuzzer::UserSuppliedFuzzer::Mutate(
- Data + sizeof(kMagic), Size - sizeof(kMagic), MaxSize - sizeof(kMagic));
- }
- // No need to redefine CrossOver() here.
-};
-
-int main(int argc, char **argv) {
- fuzzer::FuzzerRandomLibc Rand(0);
- MyFuzzer F(&Rand);
- fuzzer::FuzzerDriver(argc, argv, F);
-}
Modified: llvm/trunk/lib/Fuzzer/test/fuzzer.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer.test?rev=260796&r1=260795&r2=260796&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer.test Fri Feb 12 20:39:30 2016
@@ -24,8 +24,6 @@ RUN: not LLVMFuzzer-CallerCalleeTest
# LLVMFuzzer-CallerCalleeTest -use_indir_calls=0 -cross_over=0 -max_len=6 -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000
-RUN: not LLVMFuzzer-UserSuppliedFuzzerTest -seed=1 -timeout=15 2>&1 | FileCheck %s
-
RUN: not LLVMFuzzer-UninstrumentedTest-Uninstrumented 2>&1 | FileCheck %s --check-prefix=UNINSTRUMENTED
UNINSTRUMENTED: ERROR: __sanitizer_set_death_callback is not defined. Exiting.
More information about the llvm-commits
mailing list