Blame - llvm/lib/Fuzzer/FuzzerCorpus.h - toolchain/llvm-project

blob: d1a3efebe2d3ea9854c65583608dbdf3de763044 [file] [log] [blame]

Kostya Serebryany	6f5a804	2016-09-21 01:50:50 +0000	[diff] [blame]	1	//===- FuzzerCorpus.h - Internal header for the Fuzzer ----------- C++ - ===//
				2	//
				3	// The LLVM Compiler Infrastructure
				4	//
				5	// This file is distributed under the University of Illinois Open Source
				6	// License. See LICENSE.TXT for details.
				7	//
				8	//===----------------------------------------------------------------------===//
				9	// fuzzer::InputCorpus
				10	//===----------------------------------------------------------------------===//
				11
				12	#ifndef LLVM_FUZZER_CORPUS
				13	#define LLVM_FUZZER_CORPUS
				14
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	15	#include <random>
Kostya Serebryany	29bb664	2016-09-21 22:42:17 +0000	[diff] [blame]	16	#include <unordered_set>
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	17
Kostya Serebryany	6f5a804	2016-09-21 01:50:50 +0000	[diff] [blame]	18	#include "FuzzerDefs.h"
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	19	#include "FuzzerRandom.h"
Kostya Serebryany	6f5a804	2016-09-21 01:50:50 +0000	[diff] [blame]	20
				21	namespace fuzzer {
				22
				23	struct InputInfo {
				24	Unit U; // The actual input data.
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	25	uint8_t Sha1[kSHA1NumBytes]; // Checksum.
Kostya Serebryany	29bb664	2016-09-21 22:42:17 +0000	[diff] [blame]	26	// Stats.
				27	uintptr_t NumExecutedMutations = 0;
				28	uintptr_t NumSuccessfullMutations = 0;
Kostya Serebryany	624f59f	2016-09-22 01:34:58 +0000	[diff] [blame^]	29
				30	// A set of features (PCIDs, etc) that were first found with this unit.
				31	std::vector<uintptr_t> Features;
Kostya Serebryany	6f5a804	2016-09-21 01:50:50 +0000	[diff] [blame]	32	};
				33
				34	class InputCorpus {
				35	public:
				36	InputCorpus() {
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	37	Inputs.reserve(1 << 14); // Avoid too many resizes.
Kostya Serebryany	6f5a804	2016-09-21 01:50:50 +0000	[diff] [blame]	38	}
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	39	size_t size() const { return Inputs.size(); }
				40	bool empty() const { return Inputs.empty(); }
				41	const Unit &operator[] (size_t Idx) const { return Inputs[Idx].U; }
Kostya Serebryany	624f59f	2016-09-22 01:34:58 +0000	[diff] [blame^]	42	void AddToCorpus(const Unit &U, uintptr_t *Features, size_t NumFeatures) {
				43	uint8_t Hash[kSHA1NumBytes];
				44	ComputeSHA1(U.data(), U.size(), Hash);
				45	if (!Hashes.insert(Sha1ToString(Hash)).second) return;
				46	Inputs.push_back(InputInfo());
				47	InputInfo &II = Inputs.back();
Kostya Serebryany	6f5a804	2016-09-21 01:50:50 +0000	[diff] [blame]	48	II.U = U;
Kostya Serebryany	624f59f	2016-09-22 01:34:58 +0000	[diff] [blame^]	49	II.Features.insert(II.Features.begin(), Features, Features + NumFeatures);
				50	memcpy(II.Sha1, Hash, kSHA1NumBytes);
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	51	UpdateCorpusDistribution();
Kostya Serebryany	6f5a804	2016-09-21 01:50:50 +0000	[diff] [blame]	52	}
				53
				54	typedef const std::vector<InputInfo>::const_iterator ConstIter;
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	55	ConstIter begin() const { return Inputs.begin(); }
				56	ConstIter end() const { return Inputs.end(); }
Kostya Serebryany	6f5a804	2016-09-21 01:50:50 +0000	[diff] [blame]	57
				58	bool HasUnit(const Unit &U) { return Hashes.count(Hash(U)); }
Kostya Serebryany	29bb664	2016-09-21 22:42:17 +0000	[diff] [blame]	59	InputInfo &ChooseUnitToMutate(Random &Rand) {
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	60	return Inputs[ChooseUnitIdxToMutate(Rand)];
				61	};
Kostya Serebryany	6f5a804	2016-09-21 01:50:50 +0000	[diff] [blame]	62
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	63	// Returns an index of random unit from the corpus to mutate.
				64	// Hypothesis: units added to the corpus last are more likely to be
				65	// interesting. This function gives more weight to the more recent units.
				66	size_t ChooseUnitIdxToMutate(Random &Rand) {
Kostya Serebryany	29bb664	2016-09-21 22:42:17 +0000	[diff] [blame]	67	size_t Idx = static_cast<size_t>(CorpusDistribution(Rand.Get_mt19937()));
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	68	assert(Idx < Inputs.size());
				69	return Idx;
				70	}
				71
Kostya Serebryany	29bb664	2016-09-21 22:42:17 +0000	[diff] [blame]	72	void PrintStats() {
				73	for (size_t i = 0; i < Inputs.size(); i++) {
				74	const auto &II = Inputs[i];
Kostya Serebryany	624f59f	2016-09-22 01:34:58 +0000	[diff] [blame^]	75	Printf(" [%zd %s]\tsz: %zd\truns: %zd\tsucc: %zd\tfea: %zd\n", i,
Kostya Serebryany	29bb664	2016-09-21 22:42:17 +0000	[diff] [blame]	76	Sha1ToString(II.Sha1).c_str(), II.U.size(),
Kostya Serebryany	624f59f	2016-09-22 01:34:58 +0000	[diff] [blame^]	77	II.NumExecutedMutations, II.NumSuccessfullMutations,
				78	II.Features.size());
Kostya Serebryany	29bb664	2016-09-21 22:42:17 +0000	[diff] [blame]	79	}
				80	}
				81
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	82	private:
				83
				84	// Updates the probability distribution for the units in the corpus.
				85	// Must be called whenever the corpus or unit weights are changed.
				86	void UpdateCorpusDistribution() {
				87	size_t N = Inputs.size();
				88	std::vector<double> Intervals(N + 1);
				89	std::vector<double> Weights(N);
				90	std::iota(Intervals.begin(), Intervals.end(), 0);
				91	std::iota(Weights.begin(), Weights.end(), 1);
				92	CorpusDistribution = std::piecewise_constant_distribution<double>(
				93	Intervals.begin(), Intervals.end(), Weights.begin());
				94	}
				95	std::piecewise_constant_distribution<double> CorpusDistribution;
				96
Kostya Serebryany	6f5a804	2016-09-21 01:50:50 +0000	[diff] [blame]	97	std::unordered_set<std::string> Hashes;
Kostya Serebryany	20801e1	2016-09-21 21:41:48 +0000	[diff] [blame]	98	std::vector<InputInfo> Inputs;
Kostya Serebryany	6f5a804	2016-09-21 01:50:50 +0000	[diff] [blame]	99	};
				100
				101	} // namespace fuzzer
				102
				103	#endif // LLVM_FUZZER_CORPUS