[llvm] r260810 - [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast

Fri Feb 12 22:24:19 PST 2016

Author: kcc
Date: Sat Feb 13 00:24:18 2016
New Revision: 260810

URL: http://llvm.org/viewvc/llvm-project?rev=260810&view=rev
Log:
[libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast

Modified:
    llvm/trunk/lib/Fuzzer/FuzzerInterface.h
    llvm/trunk/lib/Fuzzer/FuzzerInternal.h
    llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
    llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp
    llvm/trunk/lib/Fuzzer/test/CustomMutatorTest.cpp

Modified: llvm/trunk/lib/Fuzzer/FuzzerInterface.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInterface.h?rev=260810&r1=260809&r2=260810&view=diff
==============================================================================

--- llvm/trunk/lib/Fuzzer/FuzzerInterface.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInterface.h Sat Feb 13 00:24:18 2016
@@ -70,9 +70,10 @@ int main(int argc, char **argv) {
 */
 int FuzzerDriver(int argc, char **argv, UserCallback Callback);
 
-// Same interface as LLVMFuzzerTestOneInput.
+// Mutates raw data in [Data, Data+Size] inplace.
+// Returns the new size, which is not greater than MaxSize.
 // Can be used inside the user-supplied LLVMFuzzerTestOneInput.
-size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed);
+size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize);
 
 }  // namespace fuzzer
 

Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=260810&r1=260809&r2=260810&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Sat Feb 13 00:24:18 2016
@@ -322,6 +322,7 @@ public:
 
   // Merge Corpora[1:] into Corpora[0].
   void Merge(const std::vector<std::string> &Corpora);
+  MutationDispatcher &GetMD() { return MD; }
 
 private:
   void AlarmCallback();

Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=260810&r1=260809&r2=260810&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Sat Feb 13 00:24:18 2016
@@ -60,6 +60,11 @@ static void MissingWeakApiFunction(const
 // Only one Fuzzer per process.
 static Fuzzer *F;
 
+size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) {
+  assert(F);
+  return F->GetMD().Mutate(Data, Size, MaxSize);
+}
+
 Fuzzer::Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options)
     : CB(CB), MD(MD), Options(Options) {
   SetDeathCallback();

Modified: llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp?rev=260810&r1=260809&r2=260810&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp Sat Feb 13 00:24:18 2016
@@ -34,12 +34,6 @@ MutationDispatcher::Mutator MutationDisp
     "AddFromPersAutoDict"},
 };
 
-size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed) {
-  Random R(Seed);
-  MutationDispatcher MD(R);
-  return MD.Mutate(Data, Size, MaxSize);
-}
-
 static char FlipRandomBit(char X, Random &Rand) {
   int Bit = Rand(8);
   char Mask = 1 << Bit;

Modified: llvm/trunk/lib/Fuzzer/test/CustomMutatorTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CustomMutatorTest.cpp?rev=260810&r1=260809&r2=260810&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CustomMutatorTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/CustomMutatorTest.cpp Sat Feb 13 00:24:18 2016
@@ -7,11 +7,19 @@
 
 #include "FuzzerInterface.h"
 
+static volatile int Sink;
+
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   assert(Data);
-  if (Size > 0 && Data[0] == 'F') {
-    std::cout << "BINGO; Found the target, exiting\n";
-    exit(1);
+  if (Size > 0 && Data[0] == 'H') {
+    Sink = 1;
+    if (Size > 1 && Data[1] == 'i') {
+      Sink = 2;
+      if (Size > 2 && Data[2] == '!') {
+        std::cout << "BINGO; Found the target, exiting\n";
+        exit(1);
+      }
+    }
   }
   return 0;
 }
@@ -23,5 +31,5 @@ extern "C" size_t LLVMFuzzerCustomMutato
     std::cerr << "In LLVMFuzzerCustomMutator\n";
     Printed = true;
   }
-  return fuzzer::Mutate(Data, Size, MaxSize, Seed);
+  return fuzzer::Mutate(Data, Size, MaxSize);
 }


