[llvm] r285109 - [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Tue Oct 25 13:15:16 PDT 2016
Author: kcc
Date: Tue Oct 25 15:15:15 2016
New Revision: 285109
URL: http://llvm.org/viewvc/llvm-project?rev=285109&view=rev
Log:
[libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp
Added:
llvm/trunk/lib/Fuzzer/test/simple-cmp.test
Modified:
llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp
llvm/trunk/lib/Fuzzer/FuzzerRandom.h
Modified: llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp?rev=285109&r1=285108&r2=285109&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp Tue Oct 25 15:15:15 2016
@@ -205,8 +205,6 @@ template <class T>
DictionaryEntry MutationDispatcher::MakeDictionaryEntryFromCMP(
T Arg1, T Arg2, const uint8_t *Data, size_t Size) {
ScopedDoingMyOwnMemmem scoped_doing_my_own_memmem;
- if (Rand.RandBool()) Arg1 = Bswap(Arg1);
- if (Rand.RandBool()) Arg2 = Bswap(Arg2);
bool HandleFirst = Rand.RandBool();
T ExistingBytes, DesiredBytes;
Word W;
@@ -214,6 +212,9 @@ DictionaryEntry MutationDispatcher::Make
for (int Arg = 0; Arg < 2; Arg++) {
ExistingBytes = HandleFirst ? Arg1 : Arg2;
DesiredBytes = HandleFirst ? Arg2 : Arg1;
+ DesiredBytes += Rand(-1, 1);
+ if (Rand.RandBool()) ExistingBytes = Bswap(ExistingBytes);
+ if (Rand.RandBool()) DesiredBytes = Bswap(DesiredBytes);
HandleFirst = !HandleFirst;
W.Set(reinterpret_cast<uint8_t*>(&DesiredBytes), sizeof(T));
const size_t kMaxNumPositions = 8;
@@ -236,15 +237,9 @@ size_t MutationDispatcher::Mutate_AddWor
uint8_t *Data, size_t Size, size_t MaxSize) {
Word W;
DictionaryEntry DE;
- bool Debug = false;
if (Rand.RandBool()) {
auto X = TPC.TORC8.Get(Rand.Rand());
DE = MakeDictionaryEntryFromCMP(X.A, X.B, Data, Size);
- if (X.A > 10000 &&X.B > 10000) Debug = false;
- if (Debug) {
- Printf("ZZZ %zx %zx\n", X.A, X.B);
- DE.Print();
- }
} else {
auto X = TPC.TORC4.Get(Rand.Rand());
if ((X.A >> 16) == 0 && (X.B >> 16) == 0 && Rand.RandBool())
@@ -255,9 +250,6 @@ size_t MutationDispatcher::Mutate_AddWor
}
Size = ApplyDictionaryEntry(Data, Size, MaxSize, DE);
if (!Size) return 0;
- if (Debug) {
- Printf("DONE\n");
- }
DictionaryEntry &DERef =
CmpDictionaryEntriesDeque[CmpDictionaryEntriesDequeIdx++ %
kCmpDictionaryEntriesDequeSize];
Modified: llvm/trunk/lib/Fuzzer/FuzzerRandom.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerRandom.h?rev=285109&r1=285108&r2=285109&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerRandom.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerRandom.h Tue Oct 25 15:15:15 2016
@@ -21,6 +21,11 @@ class Random {
size_t Rand() { return R(); }
size_t RandBool() { return Rand() % 2; }
size_t operator()(size_t n) { return n ? Rand() % n : 0; }
+ intptr_t operator()(intptr_t From, intptr_t To) {
+ assert(From < To);
+ intptr_t RangeSize = To - From + 1;
+ return operator()(RangeSize) + From;
+ }
std::mt19937 &Get_mt19937() { return R; }
private:
std::mt19937 R;
Added: llvm/trunk/lib/Fuzzer/test/simple-cmp.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/simple-cmp.test?rev=285109&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/simple-cmp.test (added)
+++ llvm/trunk/lib/Fuzzer/test/simple-cmp.test Tue Oct 25 15:15:15 2016
@@ -0,0 +1,2 @@
+CHECK: BINGO
+RUN: not LLVMFuzzer-SimpleCmpTest -seed=1 -use_cmp=1 -runs=100000000 2>&1 | FileCheck %s
More information about the llvm-commits
mailing list