[libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270900 91177308-0d34-0410-b5e6-96231b3b80d8
2025-02-04 03:17:51 +00:00 · 2016-05-26 20:03:02 +00:00 · 2016-05-26 20:03:02 +00:00 · 34fca4b9ec
commit 34fca4b9ec
parent 67faeedf47
5 changed files with 20 additions and 13 deletions
--- a/lib/Fuzzer/FuzzerInternal.h
+++ b/lib/Fuzzer/FuzzerInternal.h
@ -122,6 +122,7 @@ void ComputeSHA1(const uint8_t *Data, size_t Len, uint8_t *Out);
 // Returns true iff U has been changed.
 bool ToASCII(uint8_t *Data, size_t Size);
 bool IsASCII(const Unit &U);
+bool IsASCII(const uint8_t *Data, size_t Size);

 int NumberOfCpuCores();
 int GetPid();
@ -408,13 +409,13 @@ private:
  void MutateAndTestOne();
  void ReportNewCoverage(const Unit &U);
  bool RunOne(const Unit &U) { return RunOne(U.data(), U.size()); }
-  void RunOneAndUpdateCorpus(uint8_t *Data, size_t Size);
+  void RunOneAndUpdateCorpus(const uint8_t *Data, size_t Size);
  void WriteToOutputCorpus(const Unit &U);
  void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix);
  void PrintStats(const char *Where, const char *End = "\n");
  void PrintStatusForNewUnit(const Unit &U);
  void ShuffleCorpus(UnitVector *V);
-  void TryDetectingAMemoryLeak(uint8_t *Data, size_t Size);
+  void TryDetectingAMemoryLeak(const uint8_t *Data, size_t Size);
  void CheckForMemoryLeaks();

  // Updates the probability distribution for the units in the corpus.
@ -437,7 +438,7 @@ private:
  void DumpCurrentUnit(const char *Prefix);
  void DeathCallback();

-  uint8_t *CurrentUnitData = nullptr;
+  const uint8_t *CurrentUnitData = nullptr;
  size_t CurrentUnitSize = 0;
  bool InOOMState = false;

--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@ -457,11 +457,9 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size) {
  return Res;
 }

-void Fuzzer::RunOneAndUpdateCorpus(uint8_t *Data, size_t Size) {
+void Fuzzer::RunOneAndUpdateCorpus(const uint8_t *Data, size_t Size) {
  if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
    return;
-  if (Options.OnlyASCII)
-    ToASCII(Data, Size);
  if (RunOne(Data, Size))
    ReportNewCoverage({Data, Data + Size});
 }
@ -525,13 +523,14 @@ std::string Fuzzer::Coverage::DebugString() const {
 }

 void Fuzzer::WriteToOutputCorpus(const Unit &U) {
+  if (Options.OnlyASCII)
+    assert(IsASCII(U));
  if (Options.OutputCorpus.empty())
    return;
  std::string Path = DirPlusFile(Options.OutputCorpus, Hash(U));
  WriteToFile(U, Path);
  if (Options.Verbosity >= 2)
    Printf("Written to %s\n", Path.c_str());
-  assert(!Options.OnlyASCII || IsASCII(U));
 }

 void Fuzzer::WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix) {
@ -659,7 +658,7 @@ void Fuzzer::CheckForMemoryLeaks() {

 // Tries detecting a memory leak on the particular input that we have just
 // executed before calling this function.
-void Fuzzer::TryDetectingAMemoryLeak(uint8_t *Data, size_t Size) {
+void Fuzzer::TryDetectingAMemoryLeak(const uint8_t *Data, size_t Size) {
  if (!HasMoreMallocsThanFrees) return;  // mallocs==frees, a leak is unlikely.
  if (!Options.DetectLeaks) return;
  if (!&__lsan_enable || !&__lsan_disable || !__lsan_do_recoverable_leak_check)
@ -710,6 +709,8 @@ void Fuzzer::MutateAndTestOne() {
    assert(NewSize <= Options.MaxLen &&
           "Mutator return overisized unit");
    Size = NewSize;
+    if (Options.OnlyASCII)
+      ToASCII(MutateInPlaceHere.data(), Size);
    if (i == 0)
      StartTraceRecording();
    RunOneAndUpdateCorpus(MutateInPlaceHere.data(), Size);
--- a/lib/Fuzzer/FuzzerTraceState.cpp
+++ b/lib/Fuzzer/FuzzerTraceState.cpp
@ -175,7 +175,7 @@ static bool RecordingMemcmp = false;
 class TraceState {
 public:
   TraceState(MutationDispatcher &MD, const Fuzzer::FuzzingOptions &Options,
-              uint8_t **CurrentUnitData, size_t *CurrentUnitSize)
+              const uint8_t **CurrentUnitData, size_t *CurrentUnitSize)
       : MD(MD), Options(Options), CurrentUnitData(CurrentUnitData),
         CurrentUnitSize(CurrentUnitSize) {
     // Current trace collection is not thread-friendly and it probably
@ -293,7 +293,7 @@ class TraceState {
  size_t LastDfsanLabel = 0;
  MutationDispatcher &MD;
  const Fuzzer::FuzzingOptions &Options;
-  uint8_t **CurrentUnitData;
+  const uint8_t **CurrentUnitData;
  size_t *CurrentUnitSize;
  std::map<Word, size_t> AutoDictUnitCounts;
  size_t AutoDictAdds = 0;
--- a/lib/Fuzzer/FuzzerUtil.cpp
+++ b/lib/Fuzzer/FuzzerUtil.cpp
@ -164,9 +164,11 @@ bool ToASCII(uint8_t *Data, size_t Size) {
  return Changed;
 }

-bool IsASCII(const Unit &U) {
-  for (auto X : U)
-    if (!(isprint(X) || isspace(X))) return false;
+bool IsASCII(const Unit &U) { return IsASCII(U.data(), U.size()); }
+
+bool IsASCII(const uint8_t *Data, size_t Size) {
+  for (size_t i = 0; i < Size; i++)
+    if (!(isprint(Data[i]) || isspace(Data[i]))) return false;
  return true;
 }

--- a/lib/Fuzzer/test/fuzzer.test
+++ b/lib/Fuzzer/test/fuzzer.test
@ -5,6 +5,9 @@ RUN: LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s
 RUN: not LLVMFuzzer-NullDerefTest %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInput
 SingleInput-NOT: Test unit written to ./crash-

+# only_ascii mode. Will perform some minimal self-validation.
+RUN: LLVMFuzzer-SimpleTest -only_ascii=1 2>&1
+
 RUN: LLVMFuzzer-SimpleCmpTest -max_total_time=1 2>&1 | FileCheck %s --check-prefix=MaxTotalTime
 MaxTotalTime: Done {{.*}} runs in {{.}} second(s)