From 7b0624d17e4cf736985312bc497a79c327e87e8f Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Tue, 12 Jan 2016 02:36:59 +0000 Subject: [PATCH] [libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257435 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Fuzzer/FuzzerInternal.h | 1 + lib/Fuzzer/FuzzerMutate.cpp | 14 ++++++++++++-- lib/Fuzzer/FuzzerTraceState.cpp | 25 +++---------------------- lib/Fuzzer/FuzzerUtil.cpp | 25 +++++++++++++++++++------ 4 files changed, 35 insertions(+), 30 deletions(-) diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h index 1f4f8fb336b..c1e9daac980 100644 --- a/lib/Fuzzer/FuzzerInternal.h +++ b/lib/Fuzzer/FuzzerInternal.h @@ -38,6 +38,7 @@ std::string DirPlusFile(const std::string &DirPath, void Printf(const char *Fmt, ...); void Print(const Unit &U, const char *PrintAfter = ""); +void PrintASCII(const uint8_t *Data, size_t Size, const char *PrintAfter = ""); void PrintASCII(const Unit &U, const char *PrintAfter = ""); std::string Hash(const Unit &U); void SetTimer(int Seconds); diff --git a/lib/Fuzzer/FuzzerMutate.cpp b/lib/Fuzzer/FuzzerMutate.cpp index 219837f4a0f..30e5b43c083 100644 --- a/lib/Fuzzer/FuzzerMutate.cpp +++ b/lib/Fuzzer/FuzzerMutate.cpp @@ -32,6 +32,7 @@ struct MutationDispatcher::Impl { std::vector AutoDictionary; std::vector Mutators; std::vector CurrentMutatorSequence; + std::vector CurrentDictionaryEntrySequence; const std::vector *Corpus = nullptr; FuzzerRandomBase &Rand; @@ -146,13 +147,14 @@ size_t MutationDispatcher::Impl::AddWordFromDictionary( size_t Idx = UsePositionHint ? PositionHint : Rand(Size + 1); memmove(Data + Idx + Word.size(), Data + Idx, Size - Idx); memcpy(Data + Idx, Word.data(), Word.size()); - return Size + Word.size(); + Size += Word.size(); } else { // Overwrite some bytes with Word. if (Word.size() > Size) return 0; size_t Idx = UsePositionHint ? PositionHint : Rand(Size - Word.size()); memcpy(Data + Idx, Word.data(), Word.size()); - return Size; } + CurrentDictionaryEntrySequence.push_back(DE); + return Size; } size_t MutationDispatcher::Mutate_ChangeASCIIInteger(uint8_t *Data, size_t Size, @@ -206,12 +208,20 @@ size_t MutationDispatcher::Mutate_CrossOver(uint8_t *Data, size_t Size, void MutationDispatcher::StartMutationSequence() { MDImpl->CurrentMutatorSequence.clear(); + MDImpl->CurrentDictionaryEntrySequence.clear(); } void MutationDispatcher::PrintMutationSequence() { Printf("MS: %zd ", MDImpl->CurrentMutatorSequence.size()); for (auto M : MDImpl->CurrentMutatorSequence) Printf("%s-", M.Name); + if (!MDImpl->CurrentDictionaryEntrySequence.empty()) { + Printf(" DE: "); + for (auto DE : MDImpl->CurrentDictionaryEntrySequence) { + Printf("\""); + PrintASCII(DE.Word, "\"-"); + } + } } // Mutates Data in place, returns new size. diff --git a/lib/Fuzzer/FuzzerTraceState.cpp b/lib/Fuzzer/FuzzerTraceState.cpp index 975cfbdf1d1..00f1ebd0619 100644 --- a/lib/Fuzzer/FuzzerTraceState.cpp +++ b/lib/Fuzzer/FuzzerTraceState.cpp @@ -170,25 +170,6 @@ struct TraceBasedMutation { uint8_t Data[kMaxSize]; }; -static void PrintDataByte(uint8_t Byte) { - if (Byte == '\\') - Printf("\\\\"); - else if (Byte == '"') - Printf("\\\""); - else if (Byte >= 32 && Byte < 127) - Printf("%c", Byte); - else - Printf("\\x%02x", Byte); -} - -static void PrintData(const uint8_t *Data, size_t Size) { - Printf("\""); - for (size_t i = 0; i < Size; i++) { - PrintDataByte(Data[i]); - } - Printf("\""); -} - const size_t TraceBasedMutation::kMaxSize; class TraceState { @@ -249,7 +230,7 @@ class TraceState { Printf("AutoDict:\n"); for (auto &I : CountedUnits) { Printf(" %zd ", I.first); - PrintData(I.second.data(), I.second.size()); + PrintASCII(I.second); Printf("\n"); } } @@ -440,8 +421,8 @@ void TraceState::TraceMemcmpCallback(size_t CmpSize, const uint8_t *Data1, int Added1 = TryToAddDesiredData(Data2, Data1, CmpSize); if ((Added1 || Added2) && Options.Verbosity >= 3) { Printf("MemCmp Added %d%d: ", Added1, Added2); - if (Added1) PrintData(Data1, CmpSize); - if (Added2) PrintData(Data2, CmpSize); + if (Added1) PrintASCII(Data1, CmpSize); + if (Added2) PrintASCII(Data2, CmpSize); Printf("\n"); } } diff --git a/lib/Fuzzer/FuzzerUtil.cpp b/lib/Fuzzer/FuzzerUtil.cpp index 6c1133fffd3..d7226cfce96 100644 --- a/lib/Fuzzer/FuzzerUtil.cpp +++ b/lib/Fuzzer/FuzzerUtil.cpp @@ -27,13 +27,26 @@ void Print(const Unit &v, const char *PrintAfter) { Printf("%s", PrintAfter); } +void PrintASCIIByte(uint8_t Byte) { + if (Byte == '\\') + Printf("\\\\"); + else if (Byte == '"') + Printf("\\\""); + else if (Byte >= 32 && Byte < 127) + Printf("%c", Byte); + else + Printf("\\x%02x", Byte); +} + +void PrintASCII(const uint8_t *Data, size_t Size, const char *PrintAfter) { + for (size_t i = 0; i < Size; i++) + PrintASCIIByte(Data[i]); + Printf("%s", PrintAfter); +} + void PrintASCII(const Unit &U, const char *PrintAfter) { - for (auto X : U) { - if (isprint(X)) - Printf("%c", X); - else - Printf("\\x%x", (unsigned)X); - } + for (auto X : U) + PrintASCIIByte(X); Printf("%s", PrintAfter); }