1 1.1 kamil //===- FuzzerMerge.h - merging corpa ----------------------------*- C++ -* ===// 2 1.1 kamil // 3 1.1 kamil // The LLVM Compiler Infrastructure 4 1.1 kamil // 5 1.1 kamil // This file is distributed under the University of Illinois Open Source 6 1.1 kamil // License. See LICENSE.TXT for details. 7 1.1 kamil // 8 1.1 kamil //===----------------------------------------------------------------------===// 9 1.1 kamil // Merging Corpora. 10 1.1 kamil // 11 1.1 kamil // The task: 12 1.1 kamil // Take the existing corpus (possibly empty) and merge new inputs into 13 1.1 kamil // it so that only inputs with new coverage ('features') are added. 14 1.1 kamil // The process should tolerate the crashes, OOMs, leaks, etc. 15 1.1 kamil // 16 1.1 kamil // Algorithm: 17 1.1 kamil // The outter process collects the set of files and writes their names 18 1.1 kamil // into a temporary "control" file, then repeatedly launches the inner 19 1.1 kamil // process until all inputs are processed. 20 1.1 kamil // The outer process does not actually execute the target code. 21 1.1 kamil // 22 1.1 kamil // The inner process reads the control file and sees a) list of all the inputs 23 1.1 kamil // and b) the last processed input. Then it starts processing the inputs one 24 1.1 kamil // by one. Before processing every input it writes one line to control file: 25 1.1 kamil // STARTED INPUT_ID INPUT_SIZE 26 1.1 kamil // After processing an input it write another line: 27 1.1 kamil // DONE INPUT_ID Feature1 Feature2 Feature3 ... 28 1.1 kamil // If a crash happens while processing an input the last line in the control 29 1.1 kamil // file will be "STARTED INPUT_ID" and so the next process will know 30 1.1 kamil // where to resume. 31 1.1 kamil // 32 1.1 kamil // Once all inputs are processed by the innner process(es) the outer process 33 1.1 kamil // reads the control files and does the merge based entirely on the contents 34 1.1 kamil // of control file. 35 1.1 kamil // It uses a single pass greedy algorithm choosing first the smallest inputs 36 1.1 kamil // within the same size the inputs that have more new features. 37 1.1 kamil // 38 1.1 kamil //===----------------------------------------------------------------------===// 39 1.1 kamil 40 1.1 kamil #ifndef LLVM_FUZZER_MERGE_H 41 1.1 kamil #define LLVM_FUZZER_MERGE_H 42 1.1 kamil 43 1.1 kamil #include "FuzzerDefs.h" 44 1.1 kamil 45 1.1 kamil #include <istream> 46 1.1 kamil #include <ostream> 47 1.1 kamil #include <set> 48 1.1 kamil #include <vector> 49 1.1 kamil 50 1.1 kamil namespace fuzzer { 51 1.1 kamil 52 1.1 kamil struct MergeFileInfo { 53 1.1 kamil std::string Name; 54 1.1 kamil size_t Size = 0; 55 1.1 kamil Vector<uint32_t> Features; 56 1.1 kamil }; 57 1.1 kamil 58 1.1 kamil struct Merger { 59 1.1 kamil Vector<MergeFileInfo> Files; 60 1.1 kamil size_t NumFilesInFirstCorpus = 0; 61 1.1 kamil size_t FirstNotProcessedFile = 0; 62 1.1 kamil std::string LastFailure; 63 1.1 kamil 64 1.1 kamil bool Parse(std::istream &IS, bool ParseCoverage); 65 1.1 kamil bool Parse(const std::string &Str, bool ParseCoverage); 66 1.1 kamil void ParseOrExit(std::istream &IS, bool ParseCoverage); 67 1.1 kamil void PrintSummary(std::ostream &OS); 68 1.1 kamil Set<uint32_t> ParseSummary(std::istream &IS); 69 1.1 kamil size_t Merge(const Set<uint32_t> &InitialFeatures, 70 1.1 kamil Vector<std::string> *NewFiles); 71 1.1 kamil size_t Merge(Vector<std::string> *NewFiles) { 72 1.1 kamil return Merge(Set<uint32_t>{}, NewFiles); 73 1.1 kamil } 74 1.1 kamil size_t ApproximateMemoryConsumption() const; 75 1.1 kamil Set<uint32_t> AllFeatures() const; 76 1.1 kamil }; 77 1.1 kamil 78 1.1 kamil } // namespace fuzzer 79 1.1 kamil 80 1.1 kamil #endif // LLVM_FUZZER_MERGE_H 81
Indexes created Sun Sep 21 16:09:51 GMT 2025