Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / 20801e1b8a07f2866944531ceeee59c7a0ac1ec4 / . / llvm / lib / Fuzzer / FuzzerCorpus.h
blob: d42e7be475b9590d6e9e7b1d70b10c6e8c40f4f3 [file] [log] [blame]
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]1//===- FuzzerCorpus.h - Internal header for the Fuzzer ----------*- C++ -* ===//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9// fuzzer::InputCorpus
10//===----------------------------------------------------------------------===//
11
12#ifndef LLVM_FUZZER_CORPUS
13#define LLVM_FUZZER_CORPUS
14
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame^]15#include <random>
16
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]17#include "FuzzerDefs.h"
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame^]18#include "FuzzerRandom.h"
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]19
20namespace fuzzer {
21
22struct InputInfo {
23 Unit U; // The actual input data.
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame^]24 uint8_t Sha1[kSHA1NumBytes]; // Checksum.
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]25};
26
27class InputCorpus {
28 public:
29 InputCorpus() {
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame^]30 Inputs.reserve(1 << 14); // Avoid too many resizes.
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]31 }
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame^]32 size_t size() const { return Inputs.size(); }
33 bool empty() const { return Inputs.empty(); }
34 const Unit &operator[] (size_t Idx) const { return Inputs[Idx].U; }
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]35 void Append(const std::vector<Unit> &V) {
36 for (auto &U : V)
37 push_back(U);
38 }
39 void push_back(const Unit &U) {
40 auto H = Hash(U);
41 if (!Hashes.insert(H).second) return;
42 InputInfo II;
43 II.U = U;
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame^]44 memcpy(II.Sha1, H.data(), kSHA1NumBytes);
45 Inputs.push_back(II);
46 UpdateCorpusDistribution();
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]47 }
48
49 typedef const std::vector<InputInfo>::const_iterator ConstIter;
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame^]50 ConstIter begin() const { return Inputs.begin(); }
51 ConstIter end() const { return Inputs.end(); }
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]52
53 bool HasUnit(const Unit &U) { return Hashes.count(Hash(U)); }
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame^]54 const InputInfo &ChooseUnitToMutate(Random &Rand) {
55 return Inputs[ChooseUnitIdxToMutate(Rand)];
56 };
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]57
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame^]58 // Returns an index of random unit from the corpus to mutate.
59 // Hypothesis: units added to the corpus last are more likely to be
60 // interesting. This function gives more weight to the more recent units.
61 size_t ChooseUnitIdxToMutate(Random &Rand) {
62 size_t Idx =
63 static_cast<size_t>(CorpusDistribution(Rand.Get_mt19937()));
64 assert(Idx < Inputs.size());
65 return Idx;
66 }
67
68private:
69
70 // Updates the probability distribution for the units in the corpus.
71 // Must be called whenever the corpus or unit weights are changed.
72 void UpdateCorpusDistribution() {
73 size_t N = Inputs.size();
74 std::vector<double> Intervals(N + 1);
75 std::vector<double> Weights(N);
76 std::iota(Intervals.begin(), Intervals.end(), 0);
77 std::iota(Weights.begin(), Weights.end(), 1);
78 CorpusDistribution = std::piecewise_constant_distribution<double>(
79 Intervals.begin(), Intervals.end(), Weights.begin());
80 }
81 std::piecewise_constant_distribution<double> CorpusDistribution;
82
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]83 std::unordered_set<std::string> Hashes;
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame^]84 std::vector<InputInfo> Inputs;
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]85};
86
87} // namespace fuzzer
88
89#endif // LLVM_FUZZER_CORPUS