diff options
| author | Kostya Serebryany <kcc@google.com> | 2015-12-19 02:49:09 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2015-12-19 02:49:09 +0000 |
| commit | 27ab2d759f4612126ea3ed9698ff7466804cf7bc (patch) | |
| tree | 539df51e3d0d86cabdf404001d4d3947bc60037a /llvm/lib/Fuzzer/FuzzerMutate.cpp | |
| parent | d63db6ef1f23e597277005c9ba177184b0e4065e (diff) | |
| download | llvm-27ab2d759f4612126ea3ed9698ff7466804cf7bc.zip llvm-27ab2d759f4612126ea3ed9698ff7466804cf7bc.tar.gz llvm-27ab2d759f4612126ea3ed9698ff7466804cf7bc.tar.bz2 | |
[libFuzzer] make CrossOver just one of the other mutations
llvm-svn: 256081
Diffstat (limited to 'llvm/lib/Fuzzer/FuzzerMutate.cpp')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerMutate.cpp | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerMutate.cpp b/llvm/lib/Fuzzer/FuzzerMutate.cpp index 471ae6c..c3fa37a 100644 --- a/llvm/lib/Fuzzer/FuzzerMutate.cpp +++ b/llvm/lib/Fuzzer/FuzzerMutate.cpp @@ -26,6 +26,7 @@ struct MutationDispatcher::Impl { std::vector<Unit> Dictionary; std::vector<Mutator> Mutators; std::vector<Mutator> CurrentMutatorSequence; + const std::vector<Unit> *Corpus = nullptr; void Add(Mutator M) { Mutators.push_back(M); } Impl() { @@ -35,6 +36,7 @@ struct MutationDispatcher::Impl { Add({&MutationDispatcher::Mutate_ChangeBit, "ChangeBit"}); Add({&MutationDispatcher::Mutate_ShuffleBytes, "ShuffleBytes"}); Add({&MutationDispatcher::Mutate_ChangeASCIIInteger, "ChangeASCIIInt"}); + Add({&MutationDispatcher::Mutate_CrossOver, "CrossOver"}); } void AddWordToDictionary(const uint8_t *Word, size_t Size) { if (Dictionary.empty()) { @@ -42,6 +44,7 @@ struct MutationDispatcher::Impl { } Dictionary.push_back(Unit(Word, Word + Size)); } + void SetCorpus(const std::vector<Unit> *Corpus) { this->Corpus = Corpus; } }; static char FlipRandomBit(char X, FuzzerRandomBase &Rand) { @@ -154,6 +157,22 @@ size_t MutationDispatcher::Mutate_ChangeASCIIInteger(uint8_t *Data, size_t Size, return Size; } +size_t MutationDispatcher::Mutate_CrossOver(uint8_t *Data, size_t Size, + size_t MaxSize) { + auto Corpus = MDImpl->Corpus; + if (!Corpus || Corpus->size() < 2 || Size == 0) return 0; + size_t Idx = Rand(Corpus->size()); + const Unit &Other = (*Corpus)[Idx]; + if (Other.empty()) return 0; + Unit U(MaxSize); + size_t NewSize = + CrossOver(Data, Size, Other.data(), Other.size(), U.data(), U.size()); + assert(NewSize > 0 && "CrossOver returned empty unit"); + assert(NewSize <= MaxSize && "CrossOver returned overisized unit"); + memcpy(Data, U.data(), NewSize); + return NewSize; +} + void MutationDispatcher::StartMutationSequence() { MDImpl->CurrentMutatorSequence.clear(); } @@ -189,6 +208,10 @@ size_t MutationDispatcher::Mutate(uint8_t *Data, size_t Size, size_t MaxSize) { return Size; } +void MutationDispatcher::SetCorpus(const std::vector<Unit> *Corpus) { + MDImpl->SetCorpus(Corpus); +} + void MutationDispatcher::AddWordToDictionary(const uint8_t *Word, size_t Size) { MDImpl->AddWordToDictionary(Word, Size); } |