Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / 1c73f1bf274edcadfcd4cc95f4adc89dff8cb5fb / . / llvm / lib / Fuzzer / FuzzerCorpus.h
blob: a46f1dccb45ef68964979f19a85e95ee3a57b7c8 [file] [log] [blame]
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]1//===- FuzzerCorpus.h - Internal header for the Fuzzer ----------*- C++ -* ===//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9// fuzzer::InputCorpus
10//===----------------------------------------------------------------------===//
11
12#ifndef LLVM_FUZZER_CORPUS
13#define LLVM_FUZZER_CORPUS
14
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]15#include <random>
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]16#include <unordered_set>
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]17
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]18#include "FuzzerDefs.h"
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]19#include "FuzzerRandom.h"
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]20#include "FuzzerTracePC.h"
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]21
22namespace fuzzer {
23
24struct InputInfo {
25 Unit U; // The actual input data.
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]26 uint8_t Sha1[kSHA1NumBytes]; // Checksum.
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]27 // Number of features that this input has and no smaller input has.
28 size_t NumFeatures = 0;
29 size_t Tmp = 0; // Used by ValidateFeatureSet.
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]30 // Stats.
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]31 size_t NumExecutedMutations = 0;
32 size_t NumSuccessfullMutations = 0;
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]33};
34
35class InputCorpus {
36 public:
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]37 static const size_t kFeatureSetSize = 1 << 16;
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]38 InputCorpus() {
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]39 Inputs.reserve(1 << 14); // Avoid too many resizes.
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]40 memset(InputSizesPerFeature, 0, sizeof(InputSizesPerFeature));
41 memset(SmallestElementPerFeature, 0, sizeof(SmallestElementPerFeature));
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]42 }
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]43 size_t size() const { return Inputs.size(); }
Kostya Serebryany2455f0d2016-10-05 00:25:17 +0000[diff] [blame]44 size_t SizeInBytes() const {
45 size_t Res = 0;
46 for (auto &II : Inputs)
47 Res += II.U.size();
48 return Res;
49 }
50 size_t NumActiveUnits() const {
51 size_t Res = 0;
52 for (auto &II : Inputs)
53 Res += !II.U.empty();
54 return Res;
55 }
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]56 bool empty() const { return Inputs.empty(); }
57 const Unit &operator[] (size_t Idx) const { return Inputs[Idx].U; }
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]58 void AddToCorpus(const Unit &U, size_t NumFeatures) {
Kostya Serebryany2455f0d2016-10-05 00:25:17 +0000[diff] [blame]59 assert(!U.empty());
Kostya Serebryany624f59f2016-09-22 01:34:58 +0000[diff] [blame]60 uint8_t Hash[kSHA1NumBytes];
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]61 if (FeatureDebug)
62 Printf("ADD_TO_CORPUS %zd NF %zd\n", Inputs.size(), NumFeatures);
Kostya Serebryany624f59f2016-09-22 01:34:58 +0000[diff] [blame]63 ComputeSHA1(U.data(), U.size(), Hash);
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]64 Hashes.insert(Sha1ToString(Hash));
Kostya Serebryany624f59f2016-09-22 01:34:58 +0000[diff] [blame]65 Inputs.push_back(InputInfo());
66 InputInfo &II = Inputs.back();
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]67 II.U = U;
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]68 II.NumFeatures = NumFeatures;
Kostya Serebryany624f59f2016-09-22 01:34:58 +0000[diff] [blame]69 memcpy(II.Sha1, Hash, kSHA1NumBytes);
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]70 UpdateCorpusDistribution();
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]71 ValidateFeatureSet();
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]72 }
73
74 typedef const std::vector<InputInfo>::const_iterator ConstIter;
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]75 ConstIter begin() const { return Inputs.begin(); }
76 ConstIter end() const { return Inputs.end(); }
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]77
78 bool HasUnit(const Unit &U) { return Hashes.count(Hash(U)); }
Kostya Serebryanyd2169222016-10-01 01:04:29 +0000[diff] [blame]79 bool HasUnit(const std::string &H) { return Hashes.count(H); }
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]80 InputInfo &ChooseUnitToMutate(Random &Rand) {
Kostya Serebryany2455f0d2016-10-05 00:25:17 +0000[diff] [blame]81 InputInfo &II = Inputs[ChooseUnitIdxToMutate(Rand)];
82 assert(!II.U.empty());
83 return II;
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]84 };
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]85
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]86 // Returns an index of random unit from the corpus to mutate.
87 // Hypothesis: units added to the corpus last are more likely to be
88 // interesting. This function gives more weight to the more recent units.
89 size_t ChooseUnitIdxToMutate(Random &Rand) {
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]90 size_t Idx = static_cast<size_t>(CorpusDistribution(Rand.Get_mt19937()));
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]91 assert(Idx < Inputs.size());
92 return Idx;
93 }
94
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]95 void PrintStats() {
96 for (size_t i = 0; i < Inputs.size(); i++) {
97 const auto &II = Inputs[i];
Kostya Serebryany16a145f2016-09-23 01:58:51 +0000[diff] [blame]98 Printf(" [%zd %s]\tsz: %zd\truns: %zd\tsucc: %zd\n", i,
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]99 Sha1ToString(II.Sha1).c_str(), II.U.size(),
Kostya Serebryany16a145f2016-09-23 01:58:51 +0000[diff] [blame]100 II.NumExecutedMutations, II.NumSuccessfullMutations);
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]101 }
102 }
103
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]104 void PrintFeatureSet() {
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]105 for (size_t i = 0; i < kFeatureSetSize; i++) {
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]106 if(size_t Sz = GetFeature(i))
107 Printf("[%zd: id %zd sz%zd] ", i, SmallestElementPerFeature[i], Sz);
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]108 }
109 Printf("\n\t");
110 for (size_t i = 0; i < Inputs.size(); i++)
111 if (size_t N = Inputs[i].NumFeatures)
112 Printf(" %zd=>%zd ", i, N);
113 Printf("\n");
114 }
115
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]116 bool AddFeature(size_t Idx, uint32_t NewSize, bool Shrink) {
117 assert(NewSize);
118 Idx = Idx % kFeatureSetSize;
119 uint32_t OldSize = GetFeature(Idx);
120 if (OldSize == 0 || (Shrink && OldSize > NewSize)) {
121 if (OldSize > 0) {
122 InputInfo &II = Inputs[SmallestElementPerFeature[Idx]];
123 assert(II.NumFeatures > 0);
124 II.NumFeatures--;
125 if (II.NumFeatures == 0) {
126 II.U.clear();
127 if (FeatureDebug)
128 Printf("EVICTED %zd\n", SmallestElementPerFeature[Idx]);
129 }
130 }
131 if (FeatureDebug)
132 Printf("ADD FEATURE %zd sz %d\n", Idx, NewSize);
133 SmallestElementPerFeature[Idx] = Inputs.size();
134 InputSizesPerFeature[Idx] = NewSize;
135 CountingFeatures = true;
136 return true;
137 }
138 return false;
139 }
140
141 size_t NumFeatures() const {
142 size_t Res = 0;
143 for (size_t i = 0; i < kFeatureSetSize; i++)
144 Res += GetFeature(i) != 0;
145 return Res;
146 }
147
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]148private:
149
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]150 static const bool FeatureDebug = false;
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]151
152 size_t GetFeature(size_t Idx) const { return InputSizesPerFeature[Idx]; }
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]153
154 void ValidateFeatureSet() {
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]155 if (!CountingFeatures) return;
156 if (FeatureDebug)
157 PrintFeatureSet();
158 for (size_t Idx = 0; Idx < kFeatureSetSize; Idx++)
159 if (GetFeature(Idx))
160 Inputs[SmallestElementPerFeature[Idx]].Tmp++;
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]161 for (auto &II: Inputs) {
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]162 if (II.Tmp != II.NumFeatures)
163 Printf("ZZZ %zd %zd\n", II.Tmp, II.NumFeatures);
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]164 assert(II.Tmp == II.NumFeatures);
165 II.Tmp = 0;
166 }
167 }
168
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]169 // Updates the probability distribution for the units in the corpus.
170 // Must be called whenever the corpus or unit weights are changed.
171 void UpdateCorpusDistribution() {
172 size_t N = Inputs.size();
Kostya Serebryany5a52a112016-10-04 01:51:44 +0000[diff] [blame]173 Intervals.resize(N + 1);
174 Weights.resize(N);
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]175 std::iota(Intervals.begin(), Intervals.end(), 0);
Kostya Serebryany5a52a112016-10-04 01:51:44 +0000[diff] [blame]176 if (CountingFeatures)
177 for (size_t i = 0; i < N; i++)
178 Weights[i] = Inputs[i].NumFeatures * (i + 1);
179 else
180 std::iota(Weights.begin(), Weights.end(), 1);
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]181 CorpusDistribution = std::piecewise_constant_distribution<double>(
182 Intervals.begin(), Intervals.end(), Weights.begin());
183 }
184 std::piecewise_constant_distribution<double> CorpusDistribution;
185
Kostya Serebryany5a52a112016-10-04 01:51:44 +0000[diff] [blame]186 std::vector<double> Intervals;
187 std::vector<double> Weights;
188
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]189 std::unordered_set<std::string> Hashes;
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]190 std::vector<InputInfo> Inputs;
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]191
Kostya Serebryany5a52a112016-10-04 01:51:44 +0000[diff] [blame]192 bool CountingFeatures = false;
Kostya Serebryany1c73f1b2016-10-05 22:56:21 +0000[diff] [blame^]193 uint32_t InputSizesPerFeature[kFeatureSetSize];
194 uint32_t SmallestElementPerFeature[kFeatureSetSize];
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]195};
196
197} // namespace fuzzer
198
199#endif // LLVM_FUZZER_CORPUS