[llvm] r244559 - [libFuzzer] add -only_ascii flag
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Mon Aug 10 18:44:42 PDT 2015
Author: kcc
Date: Mon Aug 10 20:44:42 2015
New Revision: 244559
URL: http://llvm.org/viewvc/llvm-project?rev=244559&view=rev
Log:
[libFuzzer] add -only_ascii flag
Modified:
llvm/trunk/docs/LibFuzzer.rst
llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
llvm/trunk/lib/Fuzzer/FuzzerFlags.def
llvm/trunk/lib/Fuzzer/FuzzerInternal.h
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp
Modified: llvm/trunk/docs/LibFuzzer.rst
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/docs/LibFuzzer.rst?rev=244559&r1=244558&r2=244559&view=diff
==============================================================================
--- llvm/trunk/docs/LibFuzzer.rst (original)
+++ llvm/trunk/docs/LibFuzzer.rst Mon Aug 10 20:44:42 2015
@@ -69,6 +69,7 @@ The most important flags are::
sync_command 0 Execute an external command "<sync_command> <test_corpus>" to synchronize the test corpus.
sync_timeout 600 Minimum timeout between syncs.
use_traces 0 Experimental: use instruction traces
+ only_ascii 0 If 1, generate only ASCII (isprint+isspace) inputs.
For the full list of flags run the fuzzer binary with ``-help=1``.
Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=244559&r1=244558&r2=244559&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Mon Aug 10 20:44:42 2015
@@ -240,6 +240,7 @@ int FuzzerDriver(int argc, char **argv,
Flags.prefer_small_during_initial_shuffle;
Options.Tokens = ReadTokensFile(Flags.tokens);
Options.Reload = Flags.reload;
+ Options.OnlyASCII = Flags.only_ascii;
if (Flags.runs >= 0)
Options.MaxNumberOfRuns = Flags.runs;
if (!inputs.empty())
Modified: llvm/trunk/lib/Fuzzer/FuzzerFlags.def
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerFlags.def?rev=244559&r1=244558&r2=244559&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerFlags.def (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerFlags.def Mon Aug 10 20:44:42 2015
@@ -60,3 +60,5 @@ FUZZER_FLAG_STRING(sync_command, "Execut
FUZZER_FLAG_INT(sync_timeout, 600, "Minimum timeout between syncs.")
FUZZER_FLAG_INT(report_slow_units, 10,
"Report slowest units if they run for more than this number of seconds.")
+FUZZER_FLAG_INT(only_ascii, 0,
+ "If 1, generate only ASCII (isprint+isspace) inputs.")
Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=244559&r1=244558&r2=244559&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Mon Aug 10 20:44:42 2015
@@ -50,6 +50,10 @@ static const int kSHA1NumBytes = 20;
// Computes SHA1 hash of 'Len' bytes in 'Data', writes kSHA1NumBytes to 'Out'.
void ComputeSHA1(const uint8_t *Data, size_t Len, uint8_t *Out);
+// Changes U to contain only ASCII (isprint+isspace) characters.
+// Returns true iff U has been changed.
+bool ToASCII(Unit &U);
+
int NumberOfCpuCores();
class Fuzzer {
@@ -69,6 +73,7 @@ class Fuzzer {
size_t MaxNumberOfRuns = ULONG_MAX;
int SyncTimeout = 600;
int ReportSlowUnits = 10;
+ bool OnlyASCII = false;
std::string OutputCorpus;
std::string SyncCommand;
std::vector<std::string> Tokens;
@@ -103,7 +108,7 @@ class Fuzzer {
void MutateAndTestOne(Unit *U);
void ReportNewCoverage(size_t NewCoverage, const Unit &U);
size_t RunOne(const Unit &U);
- void RunOneAndUpdateCorpus(const Unit &U);
+ void RunOneAndUpdateCorpus(Unit &U);
size_t RunOneMaximizeTotalCoverage(const Unit &U);
size_t RunOneMaximizeFullCoverageSet(const Unit &U);
size_t RunOneMaximizeCoveragePairs(const Unit &U);
Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=244559&r1=244558&r2=244559&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Mon Aug 10 20:44:42 2015
@@ -170,9 +170,11 @@ size_t Fuzzer::RunOne(const Unit &U) {
return Res;
}
-void Fuzzer::RunOneAndUpdateCorpus(const Unit &U) {
+void Fuzzer::RunOneAndUpdateCorpus(Unit &U) {
if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
return;
+ if (Options.OnlyASCII)
+ ToASCII(U);
ReportNewCoverage(RunOne(U), U);
}
@@ -251,6 +253,9 @@ void Fuzzer::WriteToOutputCorpus(const U
WriteToFile(U, Path);
if (Options.Verbosity >= 2)
Printf("Written to %s\n", Path.c_str());
+ if (Options.OnlyASCII)
+ for (auto X : U)
+ assert(isprint(X) || isspace(X));
}
void Fuzzer::WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix) {
Modified: llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp?rev=244559&r1=244558&r2=244559&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp Mon Aug 10 20:44:42 2015
@@ -73,4 +73,17 @@ void ExecuteCommand(const std::string &C
system(Command.c_str());
}
+bool ToASCII(Unit &U) {
+ bool Changed = false;
+ for (auto &X : U) {
+ auto NewX = X;
+ NewX &= 127;
+ if (!isspace(NewX) && !isprint(NewX))
+ NewX = ' ';
+ Changed |= NewX != X;
+ X = NewX;
+ }
+ return Changed;
+}
+
} // namespace fuzzer
More information about the llvm-commits
mailing list