[libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260810 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Fuzzer/FuzzerInterface.h

@@ -70,9 +70,10 @@ int main(int argc, char **argv) {
 */
 int FuzzerDriver(int argc, char **argv, UserCallback Callback);
 
-// Same interface as LLVMFuzzerTestOneInput.
+// Mutates raw data in [Data, Data+Size] inplace.
+// Returns the new size, which is not greater than MaxSize.
 // Can be used inside the user-supplied LLVMFuzzerTestOneInput.
-size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed);
+size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize);
 
 }  // namespace fuzzer
 

lib/Fuzzer/FuzzerInternal.h

@@ -322,6 +322,7 @@ public:
 
   // Merge Corpora[1:] into Corpora[0].
   void Merge(const std::vector<std::string> &Corpora);
+  MutationDispatcher &GetMD() { return MD; }
 
 private:
   void AlarmCallback();

lib/Fuzzer/FuzzerLoop.cpp

@@ -60,6 +60,11 @@ static void MissingWeakApiFunction(const char *FnName) {
 // Only one Fuzzer per process.
 static Fuzzer *F;
 
+size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) {
+  assert(F);
+  return F->GetMD().Mutate(Data, Size, MaxSize);
+}
+
 Fuzzer::Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options)
     : CB(CB), MD(MD), Options(Options) {
   SetDeathCallback();

lib/Fuzzer/FuzzerMutate.cpp

@@ -34,12 +34,6 @@ MutationDispatcher::Mutator MutationDispatcher::Mutators[] = {
     "AddFromPersAutoDict"},
 };
 
-size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed) {
-  Random R(Seed);
-  MutationDispatcher MD(R);
-  return MD.Mutate(Data, Size, MaxSize);
-}
-
 static char FlipRandomBit(char X, Random &Rand) {
   int Bit = Rand(8);
   char Mask = 1 << Bit;

lib/Fuzzer/test/CustomMutatorTest.cpp

@@ -7,11 +7,19 @@
 
 #include "FuzzerInterface.h"
 
+static volatile int Sink;
+
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   assert(Data);
-  if (Size > 0 && Data[0] == 'F') {
-    std::cout << "BINGO; Found the target, exiting\n";
-    exit(1);
+  if (Size > 0 && Data[0] == 'H') {
+    Sink = 1;
+    if (Size > 1 && Data[1] == 'i') {
+      Sink = 2;
+      if (Size > 2 && Data[2] == '!') {
+        std::cout << "BINGO; Found the target, exiting\n";
+        exit(1);
+      }
+    }
   }
   return 0;
 }
@@ -23,5 +31,5 @@ extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
     std::cerr << "In LLVMFuzzerCustomMutator\n";
     Printed = true;
   }
-  return fuzzer::Mutate(Data, Size, MaxSize, Seed);
+  return fuzzer::Mutate(Data, Size, MaxSize);
 }