Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / cbc7ee45f985cfea154b97c6ca40a8ed31f7be70 / . / llvm / lib / Fuzzer / FuzzerInternal.h
blob: 1d68c01908f0fbb2ac5794f61b05d95c8a303518 [file] [log] [blame]
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]1//===- FuzzerInternal.h - Internal header for the Fuzzer --------*- C++ -* ===//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9// Define the main class fuzzer::Fuzzer and most functions.
10//===----------------------------------------------------------------------===//
Yaron Keren347663b2015-08-10 16:37:40 +0000[diff] [blame]11
12#ifndef LLVM_FUZZER_INTERNAL_H
13#define LLVM_FUZZER_INTERNAL_H
14
Kostya Serebryany6f5a8042016-09-21 01:50:50 +0000[diff] [blame]15#include "FuzzerDefs.h"
Kostya Serebryanybceadcf2016-08-24 01:38:42 +0000[diff] [blame]16#include "FuzzerExtFunctions.h"
17#include "FuzzerInterface.h"
Kostya Serebryany556894f2016-09-21 02:05:39 +0000[diff] [blame]18#include "FuzzerOptions.h"
Zachary Turner24a148b2016-11-30 19:06:14 +0000[diff] [blame]19#include "FuzzerSHA1.h"
Kostya Serebryanybceadcf2016-08-24 01:38:42 +0000[diff] [blame]20#include "FuzzerValueBitMap.h"
Marcos Pividori178fe582016-12-13 17:46:11 +0000[diff] [blame]21#include <algorithm>
22#include <atomic>
23#include <chrono>
24#include <climits>
25#include <cstdlib>
26#include <string.h>
Kostya Serebryanybceadcf2016-08-24 01:38:42 +0000[diff] [blame]27
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]28namespace fuzzer {
Kostya Serebryany8b0d90a2016-05-13 18:04:35 +0000[diff] [blame]29
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]30using namespace std::chrono;
Kostya Serebryany9690fcf2015-05-12 18:51:57 +0000[diff] [blame]31
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]32class Fuzzer {
Ivan Krasindf919102016-01-22 22:28:27 +0000[diff] [blame]33public:
Mike Aizatsky1aa501e2016-05-10 23:43:15 +0000[diff] [blame]34
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]35 Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD,
36 FuzzingOptions Options);
Mike Aizatskyb4bbc3b2016-08-05 20:09:53 +0000[diff] [blame]37 ~Fuzzer();
Kostya Serebryany468ed782015-09-08 17:30:35 +0000[diff] [blame]38 void Loop();
Kostya Serebryanyf9b8e8b2016-10-15 01:00:24 +0000[diff] [blame]39 void MinimizeCrashLoop(const Unit &U);
Kostya Serebryany09aa01a2016-09-21 01:04:43 +0000[diff] [blame]40 void ShuffleAndMinimize(UnitVector *V);
Kostya Serebryany64d24572016-03-12 01:57:04 +0000[diff] [blame]41 void RereadOutputCorpus(size_t MaxSize);
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]42
Kostya Serebryany92e04762015-02-04 23:42:42 +0000[diff] [blame]43 size_t secondsSinceProcessStartUp() {
44 return duration_cast<seconds>(system_clock::now() - ProcessStartTime)
45 .count();
46 }
Kostya Serebryanyf9b8e8b2016-10-15 01:00:24 +0000[diff] [blame]47
48 bool TimedOut() {
49 return Options.MaxTotalTimeSec > 0 &&
50 secondsSinceProcessStartUp() >
51 static_cast<size_t>(Options.MaxTotalTimeSec);
52 }
53
Kostya Serebryany66ff0752016-02-26 22:42:23 +0000[diff] [blame]54 size_t execPerSec() {
55 size_t Seconds = secondsSinceProcessStartUp();
56 return Seconds ? TotalNumberOfRuns / Seconds : 0;
57 }
Kostya Serebryany92e04762015-02-04 23:42:42 +0000[diff] [blame]58
59 size_t getTotalNumberOfRuns() { return TotalNumberOfRuns; }
60
Kostya Serebryany52a788e2015-03-31 20:13:20 +0000[diff] [blame]61 static void StaticAlarmCallback();
Kostya Serebryany228d5b12016-03-01 22:19:21 +0000[diff] [blame]62 static void StaticCrashSignalCallback();
Matt Morehouse9e689792017-07-20 20:43:39 +0000[diff] [blame]63 static void StaticExitCallback();
Kostya Serebryany228d5b12016-03-01 22:19:21 +0000[diff] [blame]64 static void StaticInterruptCallback();
Kostya Serebryany4aa05902017-01-05 22:05:47 +0000[diff] [blame]65 static void StaticFileSizeExceedCallback();
Kostya Serebryany52a788e2015-03-31 20:13:20 +0000[diff] [blame]66
Kostya Serebryany8a5bef02016-02-13 17:56:51 +0000[diff] [blame]67 void ExecuteCallback(const uint8_t *Data, size_t Size);
Kostya Serebryany1ca73882017-07-13 01:08:53 +0000[diff] [blame]68 bool RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile = false,
69 InputInfo *II = nullptr);
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]70
Kostya Serebryany9cc3b0d2015-10-24 01:16:40 +0000[diff] [blame]71 // Merge Corpora[1:] into Corpora[0].
72 void Merge(const std::vector<std::string> &Corpora);
Kostya Serebryany111e1d62016-12-09 01:17:24 +0000[diff] [blame]73 void CrashResistantMerge(const std::vector<std::string> &Args,
Kostya Serebryany4fc6dd72017-03-22 20:32:44 +0000[diff] [blame]74 const std::vector<std::string> &Corpora,
75 const char *CoverageSummaryInputPathOrNull,
76 const char *CoverageSummaryOutputPathOrNull);
Kostya Serebryany111e1d62016-12-09 01:17:24 +0000[diff] [blame]77 void CrashResistantMergeInternalStep(const std::string &ControlFilePath);
Kostya Serebryany1deb0492016-02-13 06:24:18 +0000[diff] [blame]78 MutationDispatcher &GetMD() { return MD; }
Kostya Serebryany66ff0752016-02-26 22:42:23 +0000[diff] [blame]79 void PrintFinalStats();
Kostya Serebryanybe0ed592016-09-22 23:16:36 +0000[diff] [blame]80 void SetMaxInputLen(size_t MaxInputLen);
81 void SetMaxMutationLen(size_t MaxMutationLen);
Kostya Serebryany8b8f7a32016-05-06 23:38:07 +0000[diff] [blame]82 void RssLimitCallback();
Kostya Serebryany9cc3b0d2015-10-24 01:16:40 +0000[diff] [blame]83
Kostya Serebryanyf26017b2016-05-26 21:32:30 +0000[diff] [blame]84 bool InFuzzingThread() const { return IsMyThread; }
Kostya Serebryanyd8384122016-05-26 22:17:32 +0000[diff] [blame]85 size_t GetCurrentUnitInFuzzingThead(const uint8_t **Data) const;
Kostya Serebryanybb59ef72016-10-18 18:38:08 +0000[diff] [blame]86 void TryDetectingAMemoryLeak(const uint8_t *Data, size_t Size,
87 bool DuringInitialCorpusExecution);
Kostya Serebryanyf26017b2016-05-26 21:32:30 +0000[diff] [blame]88
Kostya Serebryany05f77912016-11-30 22:39:35 +0000[diff] [blame]89 void HandleMalloc(size_t Size);
Kostya Serebryany98d592c2017-01-20 20:57:07 +0000[diff] [blame]90 void AnnounceOutput(const uint8_t *Data, size_t Size);
Kostya Serebryany05f77912016-11-30 22:39:35 +0000[diff] [blame]91
Ivan Krasindf919102016-01-22 22:28:27 +0000[diff] [blame]92private:
Kostya Serebryany52a788e2015-03-31 20:13:20 +0000[diff] [blame]93 void AlarmCallback();
Kostya Serebryany228d5b12016-03-01 22:19:21 +0000[diff] [blame]94 void CrashCallback();
Matt Morehouse9e689792017-07-20 20:43:39 +0000[diff] [blame]95 void ExitCallback();
Kostya Serebryanyfe4ed9b2017-05-09 01:17:29 +0000[diff] [blame]96 void CrashOnOverwrittenData();
Kostya Serebryany228d5b12016-03-01 22:19:21 +0000[diff] [blame]97 void InterruptCallback();
Kostya Serebryany27ab2d72015-12-19 02:49:09 +0000[diff] [blame]98 void MutateAndTestOne();
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]99 void ReportNewCoverage(InputInfo *II, const Unit &U);
Kostya Serebryany1e99d542017-07-12 22:20:04 +0000[diff] [blame]100 void PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size);
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]101 void WriteToOutputCorpus(const Unit &U);
Kostya Serebryany2b7d2e92015-07-23 18:37:22 +0000[diff] [blame]102 void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix);
Kostya Serebryany16a145f2016-09-23 01:58:51 +0000[diff] [blame]103 void PrintStats(const char *Where, const char *End = "\n", size_t Units = 0);
Kostya Serebryanyd01e9562017-07-18 18:47:36 +0000[diff] [blame]104 void PrintStatusForNewUnit(const Unit &U, const char *Text);
Kostya Serebryany945761b2016-03-18 00:23:29 +0000[diff] [blame]105 void ShuffleCorpus(UnitVector *V);
Kostya Serebryany8dfed452016-10-18 18:06:05 +0000[diff] [blame]106 void CheckExitOnSrcPosOrItem();
Kostya Serebryany945761b2016-03-18 00:23:29 +0000[diff] [blame]107
Kostya Serebryany52a788e2015-03-31 20:13:20 +0000[diff] [blame]108 static void StaticDeathCallback();
Kostya Serebryany228d5b12016-03-01 22:19:21 +0000[diff] [blame]109 void DumpCurrentUnit(const char *Prefix);
Kostya Serebryany52a788e2015-03-31 20:13:20 +0000[diff] [blame]110 void DeathCallback();
Kostya Serebryany98abb2c2016-01-13 23:46:01 +0000[diff] [blame]111
Kostya Serebryanybe0ed592016-09-22 23:16:36 +0000[diff] [blame]112 void AllocateCurrentUnitData();
Kostya Serebryany8fc3a272016-05-27 00:21:33 +0000[diff] [blame]113 uint8_t *CurrentUnitData = nullptr;
Kostya Serebryany0edb5632016-05-27 00:54:15 +0000[diff] [blame]114 std::atomic<size_t> CurrentUnitSize;
Kostya Serebryanya9a54802016-08-17 20:45:23 +0000[diff] [blame]115 uint8_t BaseSha1[kSHA1NumBytes]; // Checksum of the base unit.
Marcos Pividori64d41472016-12-13 17:46:25 +0000[diff] [blame]116 bool RunningCB = false;
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]117
118 size_t TotalNumberOfRuns = 0;
Kostya Serebryany66ff0752016-02-26 22:42:23 +0000[diff] [blame]119 size_t NumberOfNewUnitsAdded = 0;
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]120
Kostya Serebryany8cb63ec2017-07-22 00:10:29 +0000[diff] [blame]121 size_t LastCorpusUpdateRun = 0;
122 system_clock::time_point LastCorpusUpdateTime = system_clock::now();
123
124
Kostya Serebryany1bfd5832016-04-20 00:24:21 +0000[diff] [blame]125 bool HasMoreMallocsThanFrees = false;
Kostya Serebryany7018a1a2016-04-27 19:52:34 +0000[diff] [blame]126 size_t NumberOfLeakDetectionAttempts = 0;
Kostya Serebryany1bfd5832016-04-20 00:24:21 +0000[diff] [blame]127
Kostya Serebryany7ec0c562016-02-13 03:25:16 +0000[diff] [blame]128 UserCallback CB;
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]129 InputCorpus &Corpus;
Kostya Serebryany7ec0c562016-02-13 03:25:16 +0000[diff] [blame]130 MutationDispatcher &MD;
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]131 FuzzingOptions Options;
Kostya Serebryany29bb6642016-09-21 22:42:17 +0000[diff] [blame]132
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]133 system_clock::time_point ProcessStartTime = system_clock::now();
Kostya Serebryany624f59f2016-09-22 01:34:58 +0000[diff] [blame]134 system_clock::time_point UnitStartTime, UnitStopTime;
Kostya Serebryany16901a92015-03-30 23:04:35 +0000[diff] [blame]135 long TimeOfLongestUnitInSeconds = 0;
Kostya Serebryany1ac80552015-05-08 21:30:55 +0000[diff] [blame]136 long EpochOfLastReadOfOutputCorpus = 0;
Mike Aizatsky1aa501e2016-05-10 23:43:15 +0000[diff] [blame]137
Kostya Serebryanybe0ed592016-09-22 23:16:36 +0000[diff] [blame]138 size_t MaxInputLen = 0;
139 size_t MaxMutationLen = 0;
Kostya Serebryany8cb63ec2017-07-22 00:10:29 +0000[diff] [blame]140 size_t TmpMaxMutationLen = 0;
Kostya Serebryanybe0ed592016-09-22 23:16:36 +0000[diff] [blame]141
Kostya Serebryanyf1b5c642017-07-18 01:36:50 +0000[diff] [blame]142 std::vector<uint32_t> UniqFeatureSetTmp;
Kostya Serebryany1e99d542017-07-12 22:20:04 +0000[diff] [blame]143
Kostya Serebryanyf26017b2016-05-26 21:32:30 +0000[diff] [blame]144 // Need to know our own thread.
145 static thread_local bool IsMyThread;
Aaron Ballmanef116982015-01-29 16:58:29 +0000[diff] [blame]146};
147
Sanjoy Das730edcc2017-04-28 04:49:32 +0000[diff] [blame]148} // namespace fuzzer
Yaron Keren347663b2015-08-10 16:37:40 +0000[diff] [blame]149
150#endif // LLVM_FUZZER_INTERNAL_H