Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / 5a52a11ce49b11bbc4c3db71bea43a3bd3667a53 / . / llvm / lib / Fuzzer / FuzzerCorpus.h
blob: 3b76471db6e2d1174f0e1d69c7e462b46c12d5ad [file] [log] [blame]
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]1//===- FuzzerCorpus.h - Internal header for the Fuzzer ----------*- C++ -* ===//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9// fuzzer::InputCorpus
10//===----------------------------------------------------------------------===//
11
12#ifndef LLVM_FUZZER_CORPUS
13#define LLVM_FUZZER_CORPUS
14
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]15#include <random>
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]16#include <unordered_set>
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]17
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]18#include "FuzzerDefs.h"
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]19#include "FuzzerRandom.h"
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]20#include "FuzzerTracePC.h"
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]21
22namespace fuzzer {
23
24struct InputInfo {
25 Unit U; // The actual input data.
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]26 uint8_t Sha1[kSHA1NumBytes]; // Checksum.
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]27 // Number of features that this input has and no smaller input has.
28 size_t NumFeatures = 0;
29 size_t Tmp = 0; // Used by ValidateFeatureSet.
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]30 // Stats.
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]31 size_t NumExecutedMutations = 0;
32 size_t NumSuccessfullMutations = 0;
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]33};
34
35class InputCorpus {
36 public:
37 InputCorpus() {
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]38 Inputs.reserve(1 << 14); // Avoid too many resizes.
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]39 memset(FeatureSet, 0, sizeof(FeatureSet));
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]40 }
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]41 size_t size() const { return Inputs.size(); }
42 bool empty() const { return Inputs.empty(); }
43 const Unit &operator[] (size_t Idx) const { return Inputs[Idx].U; }
Kostya Serebryany16a145f2016-09-23 01:58:51 +0000[diff] [blame]44 void AddToCorpus(const Unit &U) {
Kostya Serebryany624f59f2016-09-22 01:34:58 +0000[diff] [blame]45 uint8_t Hash[kSHA1NumBytes];
46 ComputeSHA1(U.data(), U.size(), Hash);
47 if (!Hashes.insert(Sha1ToString(Hash)).second) return;
48 Inputs.push_back(InputInfo());
49 InputInfo &II = Inputs.back();
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]50 II.U = U;
Kostya Serebryany624f59f2016-09-22 01:34:58 +0000[diff] [blame]51 memcpy(II.Sha1, Hash, kSHA1NumBytes);
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]52 UpdateFeatureSet(Inputs.size() - 1);
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]53 UpdateCorpusDistribution();
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]54 }
55
56 typedef const std::vector<InputInfo>::const_iterator ConstIter;
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]57 ConstIter begin() const { return Inputs.begin(); }
58 ConstIter end() const { return Inputs.end(); }
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]59
60 bool HasUnit(const Unit &U) { return Hashes.count(Hash(U)); }
Kostya Serebryanyd2169222016-10-01 01:04:29 +0000[diff] [blame]61 bool HasUnit(const std::string &H) { return Hashes.count(H); }
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]62 InputInfo &ChooseUnitToMutate(Random &Rand) {
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]63 return Inputs[ChooseUnitIdxToMutate(Rand)];
64 };
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]65
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]66 // Returns an index of random unit from the corpus to mutate.
67 // Hypothesis: units added to the corpus last are more likely to be
68 // interesting. This function gives more weight to the more recent units.
69 size_t ChooseUnitIdxToMutate(Random &Rand) {
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]70 size_t Idx = static_cast<size_t>(CorpusDistribution(Rand.Get_mt19937()));
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]71 assert(Idx < Inputs.size());
72 return Idx;
73 }
74
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]75 void PrintStats() {
76 for (size_t i = 0; i < Inputs.size(); i++) {
77 const auto &II = Inputs[i];
Kostya Serebryany16a145f2016-09-23 01:58:51 +0000[diff] [blame]78 Printf(" [%zd %s]\tsz: %zd\truns: %zd\tsucc: %zd\n", i,
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]79 Sha1ToString(II.Sha1).c_str(), II.U.size(),
Kostya Serebryany16a145f2016-09-23 01:58:51 +0000[diff] [blame]80 II.NumExecutedMutations, II.NumSuccessfullMutations);
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]81 }
82 }
83
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]84 void PrintFeatureSet() {
Kostya Serebryanyd2169222016-10-01 01:04:29 +0000[diff] [blame]85 Printf("Features [id: idx sz] ");
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]86 for (size_t i = 0; i < kFeatureSetSize; i++) {
87 auto &Fe = FeatureSet[i];
88 if (!Fe.Count) continue;
89 Printf("[%zd: %zd %zd] ", i, Fe.SmallestElementIdx,
90 Fe.SmallestElementSize);
91 }
92 Printf("\n\t");
93 for (size_t i = 0; i < Inputs.size(); i++)
94 if (size_t N = Inputs[i].NumFeatures)
95 Printf(" %zd=>%zd ", i, N);
96 Printf("\n");
97 }
98
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]99private:
100
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]101 static const bool FeatureDebug = false;
102 static const size_t kFeatureSetSize = TracePC::kFeatureSetSize;
103
104 void ValidateFeatureSet() {
105 for (size_t Idx = 0; Idx < kFeatureSetSize; Idx++) {
106 Feature &Fe = FeatureSet[Idx];
107 if(Fe.Count && Fe.SmallestElementSize)
108 Inputs[Fe.SmallestElementIdx].Tmp++;
109 }
110 for (auto &II: Inputs) {
111 assert(II.Tmp == II.NumFeatures);
112 II.Tmp = 0;
113 }
114 }
115
116 void UpdateFeatureSet(size_t CurrentElementIdx) {
117 auto &II = Inputs[CurrentElementIdx];
118 size_t Size = II.U.size();
119 if (!Size)
120 return;
121 bool Updated = false;
122 for (size_t Idx = 0; Idx < kFeatureSetSize; Idx++) {
123 if (!TPC.HasFeature(Idx))
124 continue;
125 Feature &Fe = FeatureSet[Idx];
126 Fe.Count++;
127 if (!Fe.SmallestElementSize ||
128 Fe.SmallestElementSize > Size) {
129 II.NumFeatures++;
Kostya Serebryany5a52a112016-10-04 01:51:44 +0000[diff] [blame^]130 CountingFeatures = true;
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]131 if (Fe.SmallestElementSize > Size) {
132 auto &OlderII = Inputs[Fe.SmallestElementIdx];
133 assert(OlderII.NumFeatures > 0);
134 OlderII.NumFeatures--;
135 if (!OlderII.NumFeatures && FeatureDebug)
136 Printf("EVICTED %zd\n", Fe.SmallestElementIdx);
137 }
138 Fe.SmallestElementIdx = CurrentElementIdx;
139 Fe.SmallestElementSize = Size;
140 Updated = true;
141 }
142 }
143 if (Updated && FeatureDebug) PrintFeatureSet();
144 ValidateFeatureSet();
145 }
146
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]147 // Updates the probability distribution for the units in the corpus.
148 // Must be called whenever the corpus or unit weights are changed.
149 void UpdateCorpusDistribution() {
150 size_t N = Inputs.size();
Kostya Serebryany5a52a112016-10-04 01:51:44 +0000[diff] [blame^]151 Intervals.resize(N + 1);
152 Weights.resize(N);
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]153 std::iota(Intervals.begin(), Intervals.end(), 0);
Kostya Serebryany5a52a112016-10-04 01:51:44 +0000[diff] [blame^]154 if (CountingFeatures)
155 for (size_t i = 0; i < N; i++)
156 Weights[i] = Inputs[i].NumFeatures * (i + 1);
157 else
158 std::iota(Weights.begin(), Weights.end(), 1);
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]159 CorpusDistribution = std::piecewise_constant_distribution<double>(
160 Intervals.begin(), Intervals.end(), Weights.begin());
161 }
162 std::piecewise_constant_distribution<double> CorpusDistribution;
163
Kostya Serebryany5a52a112016-10-04 01:51:44 +0000[diff] [blame^]164 std::vector<double> Intervals;
165 std::vector<double> Weights;
166
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]167 std::unordered_set<std::string> Hashes;
Kostya Serebryany20801e12016-09-21 21:41:48 +0000[diff] [blame]168 std::vector<InputInfo> Inputs;
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]169
170 struct Feature {
171 size_t Count;
172 size_t SmallestElementIdx;
173 size_t SmallestElementSize;
174 };
Kostya Serebryany5a52a112016-10-04 01:51:44 +0000[diff] [blame^]175 bool CountingFeatures = false;
Kostya Serebryany2c556132016-09-30 01:19:56 +0000[diff] [blame]176 Feature FeatureSet[kFeatureSetSize];
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]177};
178
179} // namespace fuzzer
180
181#endif // LLVM_FUZZER_CORPUS