1 1.1 kamil //===- FuzzerInternal.h - Internal header for the Fuzzer --------*- C++ -* ===// 2 1.1 kamil // 3 1.1 kamil // The LLVM Compiler Infrastructure 4 1.1 kamil // 5 1.1 kamil // This file is distributed under the University of Illinois Open Source 6 1.1 kamil // License. See LICENSE.TXT for details. 7 1.1 kamil // 8 1.1 kamil //===----------------------------------------------------------------------===// 9 1.1 kamil // Define the main class fuzzer::Fuzzer and most functions. 10 1.1 kamil //===----------------------------------------------------------------------===// 11 1.1 kamil 12 1.1 kamil #ifndef LLVM_FUZZER_INTERNAL_H 13 1.1 kamil #define LLVM_FUZZER_INTERNAL_H 14 1.1 kamil 15 1.1 kamil #include "FuzzerDataFlowTrace.h" 16 1.1 kamil #include "FuzzerDefs.h" 17 1.1 kamil #include "FuzzerExtFunctions.h" 18 1.1 kamil #include "FuzzerInterface.h" 19 1.1 kamil #include "FuzzerOptions.h" 20 1.1 kamil #include "FuzzerSHA1.h" 21 1.1 kamil #include "FuzzerValueBitMap.h" 22 1.1 kamil #include <algorithm> 23 1.1 kamil #include <atomic> 24 1.1 kamil #include <chrono> 25 1.1 kamil #include <climits> 26 1.1 kamil #include <cstdlib> 27 1.1 kamil #include <string.h> 28 1.1 kamil 29 1.1 kamil namespace fuzzer { 30 1.1 kamil 31 1.1 kamil using namespace std::chrono; 32 1.1 kamil 33 1.1 kamil class Fuzzer { 34 1.1 kamil public: 35 1.1 kamil 36 1.1 kamil Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD, 37 1.1 kamil FuzzingOptions Options); 38 1.1 kamil ~Fuzzer(); 39 1.1 kamil void Loop(const Vector<std::string> &CorpusDirs); 40 1.1 kamil void ReadAndExecuteSeedCorpora(const Vector<std::string> &CorpusDirs); 41 1.1 kamil void MinimizeCrashLoop(const Unit &U); 42 1.1 kamil void RereadOutputCorpus(size_t MaxSize); 43 1.1 kamil 44 1.1 kamil size_t secondsSinceProcessStartUp() { 45 1.1 kamil return duration_cast<seconds>(system_clock::now() - ProcessStartTime) 46 1.1 kamil .count(); 47 1.1 kamil } 48 1.1 kamil 49 1.1 kamil bool TimedOut() { 50 1.1 kamil return Options.MaxTotalTimeSec > 0 && 51 1.1 kamil secondsSinceProcessStartUp() > 52 1.1 kamil static_cast<size_t>(Options.MaxTotalTimeSec); 53 1.1 kamil } 54 1.1 kamil 55 1.1 kamil size_t execPerSec() { 56 1.1 kamil size_t Seconds = secondsSinceProcessStartUp(); 57 1.1 kamil return Seconds ? TotalNumberOfRuns / Seconds : 0; 58 1.1 kamil } 59 1.1 kamil 60 1.1 kamil size_t getTotalNumberOfRuns() { return TotalNumberOfRuns; } 61 1.1 kamil 62 1.1 kamil static void StaticAlarmCallback(); 63 1.1 kamil static void StaticCrashSignalCallback(); 64 1.1 kamil static void StaticExitCallback(); 65 1.1 kamil static void StaticInterruptCallback(); 66 1.1 kamil static void StaticFileSizeExceedCallback(); 67 1.1 kamil static void StaticGracefulExitCallback(); 68 1.1 kamil 69 1.1 kamil void ExecuteCallback(const uint8_t *Data, size_t Size); 70 1.1 kamil void CheckForUnstableCounters(const uint8_t *Data, size_t Size); 71 1.1 kamil bool RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile = false, 72 1.1 kamil InputInfo *II = nullptr, bool *FoundUniqFeatures = nullptr); 73 1.1 kamil 74 1.1 kamil // Merge Corpora[1:] into Corpora[0]. 75 1.1 kamil void Merge(const Vector<std::string> &Corpora); 76 1.1 kamil void CrashResistantMerge(const Vector<std::string> &Args, 77 1.1 kamil const Vector<std::string> &Corpora, 78 1.1 kamil const char *CoverageSummaryInputPathOrNull, 79 1.1 kamil const char *CoverageSummaryOutputPathOrNull, 80 1.1 kamil const char *MergeControlFilePathOrNull); 81 1.1 kamil void CrashResistantMergeInternalStep(const std::string &ControlFilePath); 82 1.1 kamil MutationDispatcher &GetMD() { return MD; } 83 1.1 kamil void PrintFinalStats(); 84 1.1 kamil void SetMaxInputLen(size_t MaxInputLen); 85 1.1 kamil void SetMaxMutationLen(size_t MaxMutationLen); 86 1.1 kamil void RssLimitCallback(); 87 1.1 kamil 88 1.1 kamil bool InFuzzingThread() const { return IsMyThread; } 89 1.1 kamil size_t GetCurrentUnitInFuzzingThead(const uint8_t **Data) const; 90 1.1 kamil void TryDetectingAMemoryLeak(const uint8_t *Data, size_t Size, 91 1.1 kamil bool DuringInitialCorpusExecution); 92 1.1 kamil 93 1.1 kamil void HandleMalloc(size_t Size); 94 1.1 kamil void AnnounceOutput(const uint8_t *Data, size_t Size); 95 1.1 kamil 96 1.1 kamil private: 97 1.1 kamil void AlarmCallback(); 98 1.1 kamil void CrashCallback(); 99 1.1 kamil void ExitCallback(); 100 1.1 kamil void MaybeExitGracefully(); 101 1.1 kamil void CrashOnOverwrittenData(); 102 1.1 kamil void InterruptCallback(); 103 1.1 kamil void MutateAndTestOne(); 104 1.1 kamil void PurgeAllocator(); 105 1.1 kamil void ReportNewCoverage(InputInfo *II, const Unit &U); 106 1.1 kamil void PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size); 107 1.1 kamil void WriteToOutputCorpus(const Unit &U); 108 1.1 kamil void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix); 109 1.1 kamil void PrintStats(const char *Where, const char *End = "\n", size_t Units = 0); 110 1.1 kamil void PrintStatusForNewUnit(const Unit &U, const char *Text); 111 1.1 kamil void CheckExitOnSrcPosOrItem(); 112 1.1 kamil 113 1.1 kamil static void StaticDeathCallback(); 114 1.1 kamil void DumpCurrentUnit(const char *Prefix); 115 1.1 kamil void DeathCallback(); 116 1.1 kamil 117 1.1 kamil void AllocateCurrentUnitData(); 118 1.1 kamil uint8_t *CurrentUnitData = nullptr; 119 1.1 kamil std::atomic<size_t> CurrentUnitSize; 120 1.1 kamil uint8_t BaseSha1[kSHA1NumBytes]; // Checksum of the base unit. 121 1.1 kamil 122 1.1 kamil bool GracefulExitRequested = false; 123 1.1 kamil 124 1.1 kamil size_t TotalNumberOfRuns = 0; 125 1.1 kamil size_t NumberOfNewUnitsAdded = 0; 126 1.1 kamil 127 1.1 kamil size_t LastCorpusUpdateRun = 0; 128 1.1 kamil 129 1.1 kamil bool HasMoreMallocsThanFrees = false; 130 1.1 kamil size_t NumberOfLeakDetectionAttempts = 0; 131 1.1 kamil 132 1.1 kamil system_clock::time_point LastAllocatorPurgeAttemptTime = system_clock::now(); 133 1.1 kamil 134 1.1 kamil UserCallback CB; 135 1.1 kamil InputCorpus &Corpus; 136 1.1 kamil MutationDispatcher &MD; 137 1.1 kamil FuzzingOptions Options; 138 1.1 kamil DataFlowTrace DFT; 139 1.1 kamil 140 1.1 kamil system_clock::time_point ProcessStartTime = system_clock::now(); 141 1.1 kamil system_clock::time_point UnitStartTime, UnitStopTime; 142 1.1 kamil long TimeOfLongestUnitInSeconds = 0; 143 1.1 kamil long EpochOfLastReadOfOutputCorpus = 0; 144 1.1 kamil 145 1.1 kamil size_t MaxInputLen = 0; 146 1.1 kamil size_t MaxMutationLen = 0; 147 1.1 kamil size_t TmpMaxMutationLen = 0; 148 1.1 kamil 149 1.1 kamil Vector<uint32_t> UniqFeatureSetTmp; 150 1.1 kamil 151 1.1 kamil // Need to know our own thread. 152 1.1 kamil static thread_local bool IsMyThread; 153 1.1 kamil }; 154 1.1 kamil 155 1.1 kamil struct ScopedEnableMsanInterceptorChecks { 156 1.1 kamil ScopedEnableMsanInterceptorChecks() { 157 1.1 kamil if (EF->__msan_scoped_enable_interceptor_checks) 158 1.1 kamil EF->__msan_scoped_enable_interceptor_checks(); 159 1.1 kamil } 160 1.1 kamil ~ScopedEnableMsanInterceptorChecks() { 161 1.1 kamil if (EF->__msan_scoped_disable_interceptor_checks) 162 1.1 kamil EF->__msan_scoped_disable_interceptor_checks(); 163 1.1 kamil } 164 1.1 kamil }; 165 1.1 kamil 166 1.1 kamil struct ScopedDisableMsanInterceptorChecks { 167 1.1 kamil ScopedDisableMsanInterceptorChecks() { 168 1.1 kamil if (EF->__msan_scoped_disable_interceptor_checks) 169 1.1 kamil EF->__msan_scoped_disable_interceptor_checks(); 170 1.1 kamil } 171 1.1 kamil ~ScopedDisableMsanInterceptorChecks() { 172 1.1 kamil if (EF->__msan_scoped_enable_interceptor_checks) 173 1.1 kamil EF->__msan_scoped_enable_interceptor_checks(); 174 1.1 kamil } 175 1.1 kamil }; 176 1.1 kamil 177 1.1 kamil } // namespace fuzzer 178 1.1 kamil 179 1.1 kamil #endif // LLVM_FUZZER_INTERNAL_H 180
Indexes created Sun Sep 21 16:09:51 GMT 2025