class Fuzzer {
public:
- // Aggregates all available coverage measurements.
- struct Coverage {
- Coverage() { Reset(); }
-
- void Reset() {
- BlockCoverage = 0;
- CallerCalleeCoverage = 0;
- CounterBitmapBits = 0;
- CounterBitmap.clear();
- }
-
- size_t BlockCoverage;
- size_t CallerCalleeCoverage;
- // Precalculated number of bits in CounterBitmap.
- size_t CounterBitmapBits;
- std::vector<uint8_t> CounterBitmap;
- };
-
Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD,
FuzzingOptions Options);
~Fuzzer();
void SetMaxMutationLen(size_t MaxMutationLen);
void RssLimitCallback();
- // Public for tests.
- void ResetCoverage();
-
bool InFuzzingThread() const { return IsMyThread; }
size_t GetCurrentUnitInFuzzingThead(const uint8_t **Data) const;
void TryDetectingAMemoryLeak(const uint8_t *Data, size_t Size,
long TimeOfLongestUnitInSeconds = 0;
long EpochOfLastReadOfOutputCorpus = 0;
- // Maximum recorded coverage.
- Coverage MaxCoverage;
-
size_t MaxInputLen = 0;
size_t MaxMutationLen = 0;
assert(!F);
F = this;
TPC.ResetMaps();
- ResetCoverage();
IsMyThread = true;
if (Options.DetectLeaks && EF->__sanitizer_install_malloc_and_free_hooks)
EF->__sanitizer_install_malloc_and_free_hooks(MallocHook, FreeHook);
csvHeaderPrinted = true;
Printf("runs,block_cov,bits,cc_cov,corpus,execs_per_sec,tbms,reason\n");
}
- Printf("%zd,%zd,%zd,%zd,%zd,%zd,%s\n", TotalNumberOfRuns,
- MaxCoverage.BlockCoverage, MaxCoverage.CounterBitmapBits,
- MaxCoverage.CallerCalleeCoverage, Corpus.size(), ExecPerSec, Where);
+ Printf("%zd,%zd,%zd,%zd,%s\n", TotalNumberOfRuns,
+ TPC.GetTotalPCCoverage(),
+ Corpus.size(), ExecPerSec, Where);
}
if (!Options.Verbosity)
return;
Printf("#%zd\t%s", TotalNumberOfRuns, Where);
- if (MaxCoverage.BlockCoverage)
- Printf(" cov: %zd", MaxCoverage.BlockCoverage);
if (size_t N = TPC.GetTotalPCCoverage())
Printf(" cov: %zd", N);
- if (auto TB = MaxCoverage.CounterBitmapBits)
- Printf(" bits: %zd", TB);
if (size_t N = Corpus.NumFeatures())
Printf( " ft: %zd", N);
- if (MaxCoverage.CallerCalleeCoverage)
- Printf(" indir: %zd", MaxCoverage.CallerCalleeCoverage);
if (!Corpus.empty()) {
Printf(" corp: %zd", Corpus.NumActiveUnits());
if (size_t N = Corpus.SizeInBytes()) {
if (size_t NumFeatures = RunOne(U)) {
CheckExitOnSrcPosOrItem();
Corpus.AddToCorpus(U, NumFeatures);
- if (Options.Verbosity >= 2)
- Printf("NEW0: %zd L %zd\n", MaxCoverage.BlockCoverage, U.size());
}
TryDetectingAMemoryLeak(U.data(), U.size(),
/*DuringInitialCorpusExecution*/ true);
ShuffleCorpus(&Res);
TPC.ResetMaps();
Corpus.ResetFeatureSet();
- ResetCoverage();
for (auto &U : Initial) {
TPC.ResetMaps();
}
}
-void Fuzzer::ResetCoverage() {
- MaxCoverage.Reset();
-}
-
void Fuzzer::Loop() {
TPC.InitializePrintNewPCs();
system_clock::time_point LastCorpusReload = system_clock::now();
projects / llvm / commitdiff