[libFuzzer] use std::mt19937 for generating random numbers by default. Fix MyStoll to handle negative values. Use std::any_of instead of std::find_if

llvm-svn: 258178
2024-12-02 00:16:25 +00:00 · 2016-01-19 20:33:57 +00:00 · 2016-01-19 20:33:57 +00:00 · 8820217862
commit 8820217862
parent ff21b77f07
5 changed files with 43 additions and 8 deletions
--- a/lib/Fuzzer/FuzzerDriver.cpp
+++ b/lib/Fuzzer/FuzzerDriver.cpp
@ -100,13 +100,18 @@ static const char *FlagValue(const char *Param, const char *Name) {
 // Avoid calling stol as it triggers a bug in clang/glibc build.
 static long MyStol(const char *Str) {
  long Res = 0;
+  long Sign = 1;
+  if (*Str == '-') {
+    Str++;
+    Sign = -1;
+  }
  for (size_t i = 0; Str[i]; i++) {
    char Ch = Str[i];
    if (Ch < '0' || Ch > '9')
      return Res;
    Res = Res * 10 + (Ch - '0');
  }
-  return Res;
+  return Res * Sign;
 }

 static bool ParseOneFlag(const char *Param) {
@ -223,7 +228,7 @@ int RunOneTest(Fuzzer *F, const char *InputFilePath) {
 }

 int FuzzerDriver(int argc, char **argv, UserCallback Callback) {
-  FuzzerRandomLibc Rand(0);
+  FuzzerRandom_mt19937 Rand(0);
  SimpleUserSuppliedFuzzer SUSF(&Rand, Callback);
  return FuzzerDriver(argc, argv, SUSF);
 }
@ -234,7 +239,7 @@ int FuzzerDriver(int argc, char **argv, UserSuppliedFuzzer &USF) {
 }

 int FuzzerDriver(const std::vector<std::string> &Args, UserCallback Callback) {
-  FuzzerRandomLibc Rand(0);
+  FuzzerRandom_mt19937 Rand(0);
  SimpleUserSuppliedFuzzer SUSF(&Rand, Callback);
  return FuzzerDriver(Args, SUSF);
 }
@ -326,7 +331,8 @@ int FuzzerDriver(const std::vector<std::string> &Args,
  unsigned Seed = Flags.seed;
  // Initialize Seed.
  if (Seed == 0)
-    Seed = time(0) * 10000 + getpid();
+    Seed = (std::chrono::system_clock::now().time_since_epoch().count() << 10) +
+           getpid();
  if (Flags.verbosity)
    Printf("Seed: %u\n", Seed);
  USF.GetRand().ResetSeed(Seed);
--- a/lib/Fuzzer/FuzzerInterface.cpp
+++ b/lib/Fuzzer/FuzzerInterface.cpp
@ -12,6 +12,7 @@

 #include "FuzzerInterface.h"
 #include "FuzzerInternal.h"
+#include <random>

 namespace fuzzer {

@ -19,6 +20,19 @@ void FuzzerRandomLibc::ResetSeed(unsigned int seed) { srand(seed); }

 size_t FuzzerRandomLibc::Rand() { return rand(); }

+struct FuzzerRandom_mt19937::Impl : public std::mt19937 {
+  Impl(unsigned seed) : std::mt19937(seed) {}
+};
+
+void FuzzerRandom_mt19937::ResetSeed(unsigned int seed) {
+  delete R;
+  R = new Impl(seed);
+}
+
+FuzzerRandom_mt19937::~FuzzerRandom_mt19937() { delete R; }
+
+size_t FuzzerRandom_mt19937::Rand() { return (*R)(); }
+
 UserSuppliedFuzzer::UserSuppliedFuzzer(FuzzerRandomBase *Rand)
    : Rand(Rand), MD(new MutationDispatcher(*Rand)) {}

--- a/lib/Fuzzer/FuzzerInterface.h
+++ b/lib/Fuzzer/FuzzerInterface.h
@ -68,14 +68,27 @@ class FuzzerRandomBase {
  bool RandBool() { return Rand() % 2; }
 };

+// Using libc's stand/rand.
 class FuzzerRandomLibc : public FuzzerRandomBase {
 public:
  FuzzerRandomLibc(unsigned int seed) { ResetSeed(seed); }
  void ResetSeed(unsigned int seed) override;
-  ~FuzzerRandomLibc() override {}
+  ~FuzzerRandomLibc() override {};
  size_t Rand() override;
 };

+// Using std::mt19937
+class FuzzerRandom_mt19937 : public FuzzerRandomBase {
+ public:
+  FuzzerRandom_mt19937(unsigned int seed) { ResetSeed(seed); }
+  void ResetSeed(unsigned int seed) override;
+  ~FuzzerRandom_mt19937() override;
+  size_t Rand() override;
+ private:
+  struct Impl;
+  Impl *R = nullptr;
+};
+
 // For backward compatibility only, deprecated.
 size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize,
              FuzzerRandomBase &Rand);
--- a/lib/Fuzzer/FuzzerMutate.cpp
+++ b/lib/Fuzzer/FuzzerMutate.cpp
@ -29,9 +29,8 @@ struct DictionaryEntry {

 struct Dictionary : public std::vector<DictionaryEntry>{
  bool ContainsWord(const Word &W) const {
-    return end() !=
-           std::find_if(begin(), end(),
-                        [&](const DictionaryEntry &DE) { return DE.W == W; });
+    return std::any_of(begin(), end(),
+                       [&](const DictionaryEntry &DE) { return DE.W == W; });
  }
 };

--- a/lib/Fuzzer/test/fuzzer.test
+++ b/lib/Fuzzer/test/fuzzer.test
@ -39,3 +39,6 @@ OOB: AddressSanitizer: heap-buffer-overflow
 OOB: is located 0 bytes to the right of 3-byte region

 RUN: not LLVMFuzzer-InitializeTest 2>&1 | FileCheck %s
+
+RUN: LLVMFuzzer-SimpleCmpTest -seed=-1 -runs=0 2>&1 | FileCheck %s --check-prefix=CHECK_SEED_MINUS_ONE
+CHECK_SEED_MINUS_ONE: Seed: 4294967295