diff options
Diffstat (limited to 'gnu/llvm/compiler-rt/lib/fuzzer/FuzzerDriver.cpp')
| -rw-r--r-- | gnu/llvm/compiler-rt/lib/fuzzer/FuzzerDriver.cpp | 64 |
1 files changed, 41 insertions, 23 deletions
diff --git a/gnu/llvm/compiler-rt/lib/fuzzer/FuzzerDriver.cpp b/gnu/llvm/compiler-rt/lib/fuzzer/FuzzerDriver.cpp index dd3cab0ee8d..a847c76e292 100644 --- a/gnu/llvm/compiler-rt/lib/fuzzer/FuzzerDriver.cpp +++ b/gnu/llvm/compiler-rt/lib/fuzzer/FuzzerDriver.cpp @@ -16,6 +16,7 @@ #include "FuzzerInternal.h" #include "FuzzerMerge.h" #include "FuzzerMutate.h" +#include "FuzzerPlatform.h" #include "FuzzerRandom.h" #include "FuzzerTracePC.h" #include <algorithm> @@ -195,8 +196,11 @@ static void ParseFlags(const Vector<std::string> &Args, } // Disable len_control by default, if LLVMFuzzerCustomMutator is used. - if (EF->LLVMFuzzerCustomMutator) + if (EF->LLVMFuzzerCustomMutator) { Flags.len_control = 0; + Printf("INFO: found LLVMFuzzerCustomMutator (%p). " + "Disabling -len_control by default.\n", EF->LLVMFuzzerCustomMutator); + } Inputs = new Vector<std::string>; for (size_t A = 1; A < Args.size(); A++) { @@ -303,8 +307,7 @@ static bool AllInputsAreFiles() { return true; } -static std::string GetDedupTokenFromFile(const std::string &Path) { - auto S = FileToString(Path); +static std::string GetDedupTokenFromCmdOutput(const std::string &S) { auto Beg = S.find("DEDUP_TOKEN:"); if (Beg == std::string::npos) return ""; @@ -329,10 +332,9 @@ int CleanseCrashInput(const Vector<std::string> &Args, assert(Cmd.hasArgument(InputFilePath)); Cmd.removeArgument(InputFilePath); - auto LogFilePath = TempPath(".txt"); - auto TmpFilePath = TempPath(".repro"); + auto TmpFilePath = TempPath("CleanseCrashInput", ".repro"); Cmd.addArgument(TmpFilePath); - Cmd.setOutputFile(LogFilePath); + Cmd.setOutputFile(getDevNull()); Cmd.combineOutAndErr(); std::string CurrentFilePath = InputFilePath; @@ -367,7 +369,6 @@ int CleanseCrashInput(const Vector<std::string> &Args, } if (!Changed) break; } - RemoveFile(LogFilePath); return 0; } @@ -390,8 +391,6 @@ int MinimizeCrashInput(const Vector<std::string> &Args, BaseCmd.addFlag("max_total_time", "600"); } - auto LogFilePath = TempPath(".txt"); - BaseCmd.setOutputFile(LogFilePath); BaseCmd.combineOutAndErr(); std::string CurrentFilePath = InputFilePath; @@ -403,17 +402,17 @@ int MinimizeCrashInput(const Vector<std::string> &Args, Command Cmd(BaseCmd); Cmd.addArgument(CurrentFilePath); - std::string CommandLine = Cmd.toString(); - Printf("CRASH_MIN: executing: %s\n", CommandLine.c_str()); - int ExitCode = ExecuteCommand(Cmd); - if (ExitCode == 0) { + Printf("CRASH_MIN: executing: %s\n", Cmd.toString().c_str()); + std::string CmdOutput; + bool Success = ExecuteCommand(Cmd, &CmdOutput); + if (Success) { Printf("ERROR: the input %s did not crash\n", CurrentFilePath.c_str()); exit(1); } Printf("CRASH_MIN: '%s' (%zd bytes) caused a crash. Will try to minimize " "it further\n", CurrentFilePath.c_str(), U.size()); - auto DedupToken1 = GetDedupTokenFromFile(LogFilePath); + auto DedupToken1 = GetDedupTokenFromCmdOutput(CmdOutput); if (!DedupToken1.empty()) Printf("CRASH_MIN: DedupToken1: %s\n", DedupToken1.c_str()); @@ -423,11 +422,11 @@ int MinimizeCrashInput(const Vector<std::string> &Args, : Options.ArtifactPrefix + "minimized-from-" + Hash(U); Cmd.addFlag("minimize_crash_internal_step", "1"); Cmd.addFlag("exact_artifact_path", ArtifactPath); - CommandLine = Cmd.toString(); - Printf("CRASH_MIN: executing: %s\n", CommandLine.c_str()); - ExitCode = ExecuteCommand(Cmd); - CopyFileToErr(LogFilePath); - if (ExitCode == 0) { + Printf("CRASH_MIN: executing: %s\n", Cmd.toString().c_str()); + CmdOutput.clear(); + Success = ExecuteCommand(Cmd, &CmdOutput); + Printf("%s", CmdOutput.c_str()); + if (Success) { if (Flags.exact_artifact_path) { CurrentFilePath = Flags.exact_artifact_path; WriteToFile(U, CurrentFilePath); @@ -436,7 +435,7 @@ int MinimizeCrashInput(const Vector<std::string> &Args, CurrentFilePath.c_str(), U.size()); break; } - auto DedupToken2 = GetDedupTokenFromFile(LogFilePath); + auto DedupToken2 = GetDedupTokenFromCmdOutput(CmdOutput); if (!DedupToken2.empty()) Printf("CRASH_MIN: DedupToken2: %s\n", DedupToken2.c_str()); @@ -453,7 +452,6 @@ int MinimizeCrashInput(const Vector<std::string> &Args, CurrentFilePath = ArtifactPath; Printf("*********************************\n"); } - RemoveFile(LogFilePath); return 0; } @@ -488,7 +486,7 @@ void Merge(Fuzzer *F, FuzzingOptions &Options, const Vector<std::string> &Args, std::sort(OldCorpus.begin(), OldCorpus.end()); std::sort(NewCorpus.begin(), NewCorpus.end()); - std::string CFPath = CFPathOrNull ? CFPathOrNull : TempPath(".txt"); + std::string CFPath = CFPathOrNull ? CFPathOrNull : TempPath("Merge", ".txt"); Vector<std::string> NewFiles; Set<uint32_t> NewFeatures, NewCov; CrashResistantMerge(Args, OldCorpus, NewCorpus, &NewFiles, {}, &NewFeatures, @@ -711,6 +709,26 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { Options.CollectDataFlow = Flags.collect_data_flow; if (Flags.stop_file) Options.StopFile = Flags.stop_file; + Options.Entropic = Flags.entropic; + Options.EntropicFeatureFrequencyThreshold = + (size_t)Flags.entropic_feature_frequency_threshold; + Options.EntropicNumberOfRarestFeatures = + (size_t)Flags.entropic_number_of_rarest_features; + if (Options.Entropic) { + if (!Options.FocusFunction.empty()) { + Printf("ERROR: The parameters `--entropic` and `--focus_function` cannot " + "be used together.\n"); + exit(1); + } + Printf("INFO: Running with entropic power schedule (0x%X, %d).\n", + Options.EntropicFeatureFrequencyThreshold, + Options.EntropicNumberOfRarestFeatures); + } + struct EntropicOptions Entropic; + Entropic.Enabled = Options.Entropic; + Entropic.FeatureFrequencyThreshold = + Options.EntropicFeatureFrequencyThreshold; + Entropic.NumberOfRarestFeatures = Options.EntropicNumberOfRarestFeatures; unsigned Seed = Flags.seed; // Initialize Seed. @@ -731,7 +749,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { Random Rand(Seed); auto *MD = new MutationDispatcher(Rand, Options); - auto *Corpus = new InputCorpus(Options.OutputCorpus); + auto *Corpus = new InputCorpus(Options.OutputCorpus, Entropic); auto *F = new Fuzzer(Callback, *Corpus, *MD, Options); for (auto &U: Dictionary) |