File Manager

003 File Manager

Current Path: /usr/src/contrib/llvm-project/compiler-rt/lib/fuzzer

usr / src / contrib / llvm-project / compiler-rt / lib / fuzzer /

📁 ..
📄 FuzzerBuiltins.h(1.25 KB)
📄 FuzzerBuiltinsMsvc.h(2.33 KB)
📄 FuzzerCommand.h(5.95 KB)
📄 FuzzerCorpus.h(16.93 KB)
📄 FuzzerCrossOver.cpp(1.85 KB)
📄 FuzzerDataFlowTrace.cpp(9.93 KB)
📄 FuzzerDataFlowTrace.h(3.98 KB)
📄 FuzzerDefs.h(1.99 KB)
📄 FuzzerDictionary.h(3.32 KB)
📄 FuzzerDriver.cpp(28.35 KB)
📄 FuzzerExtFunctions.def(2.5 KB)
📄 FuzzerExtFunctions.h(1.04 KB)
📄 FuzzerExtFunctionsDlsym.cpp(1.63 KB)
📄 FuzzerExtFunctionsWeak.cpp(1.9 KB)
📄 FuzzerExtFunctionsWindows.cpp(2.79 KB)
📄 FuzzerExtraCounters.cpp(1.55 KB)
📄 FuzzerFlags.def(10.02 KB)
📄 FuzzerFork.cpp(12.53 KB)
📄 FuzzerFork.h(778 B)
📄 FuzzerIO.cpp(4.47 KB)
📄 FuzzerIO.h(3.31 KB)
📄 FuzzerIOPosix.cpp(4.47 KB)
📄 FuzzerIOWindows.cpp(11.59 KB)
📄 FuzzerInterface.h(3.03 KB)
📄 FuzzerInternal.h(5.33 KB)
📄 FuzzerLoop.cpp(28.54 KB)
📄 FuzzerMain.cpp(791 B)
📄 FuzzerMerge.cpp(13.75 KB)
📄 FuzzerMerge.h(3.31 KB)
📄 FuzzerMutate.cpp(20.02 KB)
📄 FuzzerMutate.h(6.57 KB)
📄 FuzzerOptions.h(2.36 KB)
📄 FuzzerPlatform.h(4.69 KB)
📄 FuzzerRandom.h(1.21 KB)
📄 FuzzerSHA1.cpp(5.56 KB)
📄 FuzzerSHA1.h(978 B)
📄 FuzzerTracePC.cpp(22.56 KB)
📄 FuzzerTracePC.h(8.87 KB)
📄 FuzzerUtil.cpp(6.75 KB)
📄 FuzzerUtil.h(3.25 KB)
📄 FuzzerUtilDarwin.cpp(5.87 KB)
📄 FuzzerUtilFuchsia.cpp(20.16 KB)
📄 FuzzerUtilLinux.cpp(1.12 KB)
📄 FuzzerUtilPosix.cpp(5.07 KB)
📄 FuzzerUtilWindows.cpp(5.93 KB)
📄 FuzzerValueBitMap.h(2.24 KB)
📄 README.txt(40 B)

Editing: FuzzerInternal.h

//===- FuzzerInternal.h - Internal header for the Fuzzer --------*- C++ -* ===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// Define the main class fuzzer::Fuzzer and most functions.
//===----------------------------------------------------------------------===//

#ifndef LLVM_FUZZER_INTERNAL_H
#define LLVM_FUZZER_INTERNAL_H

#include "FuzzerDataFlowTrace.h"
#include "FuzzerDefs.h"
#include "FuzzerExtFunctions.h"
#include "FuzzerInterface.h"
#include "FuzzerOptions.h"
#include "FuzzerSHA1.h"
#include "FuzzerValueBitMap.h"
#include <algorithm>
#include <atomic>
#include <chrono>
#include <climits>
#include <cstdlib>
#include <string.h>

namespace fuzzer {

using namespace std::chrono;

class Fuzzer {
public:

Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD,
         FuzzingOptions Options);
  ~Fuzzer();
  void Loop(Vector<SizedFile> &CorporaFiles);
  void ReadAndExecuteSeedCorpora(Vector<SizedFile> &CorporaFiles);
  void MinimizeCrashLoop(const Unit &U);
  void RereadOutputCorpus(size_t MaxSize);

size_t secondsSinceProcessStartUp() {
    return duration_cast<seconds>(system_clock::now() - ProcessStartTime)
        .count();
  }

bool TimedOut() {
    return Options.MaxTotalTimeSec > 0 &&
           secondsSinceProcessStartUp() >
               static_cast<size_t>(Options.MaxTotalTimeSec);
  }

size_t execPerSec() {
    size_t Seconds = secondsSinceProcessStartUp();
    return Seconds ? TotalNumberOfRuns / Seconds : 0;
  }

size_t getTotalNumberOfRuns() { return TotalNumberOfRuns; }

static void StaticAlarmCallback();
  static void StaticCrashSignalCallback();
  static void StaticExitCallback();
  static void StaticInterruptCallback();
  static void StaticFileSizeExceedCallback();
  static void StaticGracefulExitCallback();

void ExecuteCallback(const uint8_t *Data, size_t Size);
  bool RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile = false,
              InputInfo *II = nullptr, bool *FoundUniqFeatures = nullptr);

// Merge Corpora[1:] into Corpora[0].
  void Merge(const Vector<std::string> &Corpora);
  void CrashResistantMergeInternalStep(const std::string &ControlFilePath);
  MutationDispatcher &GetMD() { return MD; }
  void PrintFinalStats();
  void SetMaxInputLen(size_t MaxInputLen);
  void SetMaxMutationLen(size_t MaxMutationLen);
  void RssLimitCallback();

bool InFuzzingThread() const { return IsMyThread; }
  size_t GetCurrentUnitInFuzzingThead(const uint8_t **Data) const;
  void TryDetectingAMemoryLeak(const uint8_t *Data, size_t Size,
                               bool DuringInitialCorpusExecution);

void HandleMalloc(size_t Size);
  static void MaybeExitGracefully();
  std::string WriteToOutputCorpus(const Unit &U);

private:
  void AlarmCallback();
  void CrashCallback();
  void ExitCallback();
  void CrashOnOverwrittenData();
  void InterruptCallback();
  void MutateAndTestOne();
  void PurgeAllocator();
  void ReportNewCoverage(InputInfo *II, const Unit &U);
  void PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size);
  void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix);
  void PrintStats(const char *Where, const char *End = "\n", size_t Units = 0,
                  size_t Features = 0);
  void PrintStatusForNewUnit(const Unit &U, const char *Text);
  void CheckExitOnSrcPosOrItem();

static void StaticDeathCallback();
  void DumpCurrentUnit(const char *Prefix);
  void DeathCallback();

void AllocateCurrentUnitData();
  uint8_t *CurrentUnitData = nullptr;
  std::atomic<size_t> CurrentUnitSize;
  uint8_t BaseSha1[kSHA1NumBytes];  // Checksum of the base unit.

bool GracefulExitRequested = false;

size_t TotalNumberOfRuns = 0;
  size_t NumberOfNewUnitsAdded = 0;

size_t LastCorpusUpdateRun = 0;

bool HasMoreMallocsThanFrees = false;
  size_t NumberOfLeakDetectionAttempts = 0;

system_clock::time_point LastAllocatorPurgeAttemptTime = system_clock::now();

UserCallback CB;
  InputCorpus &Corpus;
  MutationDispatcher &MD;
  FuzzingOptions Options;
  DataFlowTrace DFT;

system_clock::time_point ProcessStartTime = system_clock::now();
  system_clock::time_point UnitStartTime, UnitStopTime;
  long TimeOfLongestUnitInSeconds = 0;
  long EpochOfLastReadOfOutputCorpus = 0;

size_t MaxInputLen = 0;
  size_t MaxMutationLen = 0;
  size_t TmpMaxMutationLen = 0;

Vector<uint32_t> UniqFeatureSetTmp;

// Need to know our own thread.
  static thread_local bool IsMyThread;
};

struct ScopedEnableMsanInterceptorChecks {
  ScopedEnableMsanInterceptorChecks() {
    if (EF->__msan_scoped_enable_interceptor_checks)
      EF->__msan_scoped_enable_interceptor_checks();
  }
  ~ScopedEnableMsanInterceptorChecks() {
    if (EF->__msan_scoped_disable_interceptor_checks)
      EF->__msan_scoped_disable_interceptor_checks();
  }
};

struct ScopedDisableMsanInterceptorChecks {
  ScopedDisableMsanInterceptorChecks() {
    if (EF->__msan_scoped_disable_interceptor_checks)
      EF->__msan_scoped_disable_interceptor_checks();
  }
  ~ScopedDisableMsanInterceptorChecks() {
    if (EF->__msan_scoped_enable_interceptor_checks)
      EF->__msan_scoped_enable_interceptor_checks();
  }
};

} // namespace fuzzer

#endif // LLVM_FUZZER_INTERNAL_H

003 File Manager

Editing: FuzzerInternal.h

Upload File

Create Folder