LLVM  6.0.0svn
Classes | Public Member Functions | List of all members
fuzzer::MutationDispatcher Class Reference

#include "Fuzzer/FuzzerMutate.h"

Public Member Functions

 MutationDispatcher (Random &Rand, const FuzzingOptions &Options)
 
 ~MutationDispatcher ()
 
void StartMutationSequence ()
 Indicate that we are about to start a new sequence of mutations. More...
 
void PrintMutationSequence ()
 Print the current sequence of mutations. More...
 
void RecordSuccessfulMutationSequence ()
 Indicate that the current sequence of mutations was successfull. More...
 
size_t Mutate_Custom (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by invoking user-provided mutator. More...
 
size_t Mutate_CustomCrossOver (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by invoking user-provided crossover. More...
 
size_t Mutate_ShuffleBytes (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by shuffling bytes. More...
 
size_t Mutate_EraseBytes (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by erasing bytes. More...
 
size_t Mutate_InsertByte (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by inserting a byte. More...
 
size_t Mutate_InsertRepeatedBytes (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by inserting several repeated bytes. More...
 
size_t Mutate_ChangeByte (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by chanding one byte. More...
 
size_t Mutate_ChangeBit (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by chanding one bit. More...
 
size_t Mutate_CopyPart (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by copying/inserting a part of data into a different place. More...
 
size_t Mutate_AddWordFromManualDictionary (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by adding a word from the manual dictionary. More...
 
size_t Mutate_AddWordFromTORC (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by adding a word from the TORC. More...
 
size_t Mutate_AddWordFromPersistentAutoDictionary (uint8_t *Data, size_t Size, size_t MaxSize)
 Mutates data by adding a word from the persistent automatic dictionary. More...
 
size_t Mutate_ChangeASCIIInteger (uint8_t *Data, size_t Size, size_t MaxSize)
 Tries to find an ASCII integer in Data, changes it to another ASCII int. More...
 
size_t Mutate_ChangeBinaryInteger (uint8_t *Data, size_t Size, size_t MaxSize)
 Change a 1-, 2-, 4-, or 8-byte integer in interesting ways. More...
 
size_t Mutate_CrossOver (uint8_t *Data, size_t Size, size_t MaxSize)
 CrossOver Data with some other element of the corpus. More...
 
size_t Mutate (uint8_t *Data, size_t Size, size_t MaxSize)
 Applies one of the configured mutations. More...
 
size_t DefaultMutate (uint8_t *Data, size_t Size, size_t MaxSize)
 Applies one of the default mutations. More...
 
size_t CrossOver (const uint8_t *Data1, size_t Size1, const uint8_t *Data2, size_t Size2, uint8_t *Out, size_t MaxOutSize)
 Creates a cross-over of two pieces of Data, returns its size. More...
 
void AddWordToManualDictionary (const Word &W)
 
void PrintRecommendedDictionary ()
 
void SetCorpus (const InputCorpus *Corpus)
 
RandomGetRand ()
 

Detailed Description

Definition at line 22 of file FuzzerMutate.h.

Constructor & Destructor Documentation

◆ MutationDispatcher()

fuzzer::MutationDispatcher::MutationDispatcher ( Random Rand,
const FuzzingOptions Options 
)

◆ ~MutationDispatcher()

fuzzer::MutationDispatcher::~MutationDispatcher ( )
inline

Member Function Documentation

◆ AddWordToManualDictionary()

void fuzzer::MutationDispatcher::AddWordToManualDictionary ( const Word W)

◆ CrossOver()

size_t fuzzer::MutationDispatcher::CrossOver ( const uint8_t *  Data1,
size_t  Size1,
const uint8_t *  Data2,
size_t  Size2,
uint8_t *  Out,
size_t  MaxOutSize 
)

Creates a cross-over of two pieces of Data, returns its size.

Definition at line 20 of file FuzzerCrossOver.cpp.

References assert().

Referenced by Mutate_CrossOver(), and ~MutationDispatcher().

◆ DefaultMutate()

size_t fuzzer::MutationDispatcher::DefaultMutate ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Applies one of the default mutations.

Provided as a service to mutation authors.

Definition at line 501 of file FuzzerMutate.cpp.

References assert(), fuzzer::FuzzingOptions::OnlyASCII, llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Size, and fuzzer::ToASCII().

Referenced by LLVMFuzzerMutate(), and ~MutationDispatcher().

◆ GetRand()

Random& fuzzer::MutationDispatcher::GetRand ( )
inline

◆ Mutate()

size_t fuzzer::MutationDispatcher::Mutate ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Applies one of the configured mutations.

Returns the new size of data which could be up to MaxSize.

Definition at line 497 of file FuzzerMutate.cpp.

Referenced by fuzzer::Fuzzer::MinimizeCrashLoop(), fuzzer::Fuzzer::TryDetectingAMemoryLeak(), and ~MutationDispatcher().

◆ Mutate_AddWordFromManualDictionary()

size_t fuzzer::MutationDispatcher::Mutate_AddWordFromManualDictionary ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

◆ Mutate_AddWordFromPersistentAutoDictionary()

size_t fuzzer::MutationDispatcher::Mutate_AddWordFromPersistentAutoDictionary ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Mutates data by adding a word from the persistent automatic dictionary.

Definition at line 281 of file FuzzerMutate.cpp.

References assert(), D, fuzzer::Dictionary::empty(), fuzzer::DictionaryEntry::IncUseCount(), fuzzer::Dictionary::size(), and llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Size.

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_AddWordFromTORC()

size_t fuzzer::MutationDispatcher::Mutate_AddWordFromTORC ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

◆ Mutate_ChangeASCIIInteger()

size_t fuzzer::MutationDispatcher::Mutate_ChangeASCIIInteger ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Tries to find an ASCII integer in Data, changes it to another ASCII int.

Definition at line 348 of file FuzzerMutate.cpp.

References assert(), B, E, and llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Size.

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_ChangeBinaryInteger()

size_t fuzzer::MutationDispatcher::Mutate_ChangeBinaryInteger ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Change a 1-, 2-, 4-, or 8-byte integer in interesting ways.

Definition at line 407 of file FuzzerMutate.cpp.

References assert(), and llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Size.

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_ChangeBit()

size_t fuzzer::MutationDispatcher::Mutate_ChangeBit ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Mutates data by chanding one bit.

Definition at line 152 of file FuzzerMutate.cpp.

References llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Size.

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_ChangeByte()

size_t fuzzer::MutationDispatcher::Mutate_ChangeByte ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Mutates data by chanding one byte.

Definition at line 144 of file FuzzerMutate.cpp.

References fuzzer::RandCh(), and llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Size.

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_CopyPart()

size_t fuzzer::MutationDispatcher::Mutate_CopyPart ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Mutates data by copying/inserting a part of data into a different place.

Definition at line 339 of file FuzzerMutate.cpp.

References fuzzer::Random::RandBool().

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_CrossOver()

size_t fuzzer::MutationDispatcher::Mutate_CrossOver ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

CrossOver Data with some other element of the corpus.

Definition at line 421 of file FuzzerMutate.cpp.

References assert(), CrossOver(), llvm::RISCVFenceField::O, and fuzzer::InputCorpus::size().

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_Custom()

size_t fuzzer::MutationDispatcher::Mutate_Custom ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Mutates data by invoking user-provided mutator.

Definition at line 69 of file FuzzerMutate.cpp.

References fuzzer::EF, and fuzzer::Random::Rand().

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_CustomCrossOver()

size_t fuzzer::MutationDispatcher::Mutate_CustomCrossOver ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Mutates data by invoking user-provided crossover.

Definition at line 74 of file FuzzerMutate.cpp.

References assert(), fuzzer::EF, Other, fuzzer::Random::Rand(), and fuzzer::InputCorpus::size().

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_EraseBytes()

size_t fuzzer::MutationDispatcher::Mutate_EraseBytes ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Mutates data by erasing bytes.

Definition at line 104 of file FuzzerMutate.cpp.

References assert(), and N.

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_InsertByte()

size_t fuzzer::MutationDispatcher::Mutate_InsertByte ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Mutates data by inserting a byte.

Definition at line 116 of file FuzzerMutate.cpp.

References fuzzer::RandCh().

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_InsertRepeatedBytes()

size_t fuzzer::MutationDispatcher::Mutate_InsertRepeatedBytes ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Mutates data by inserting several repeated bytes.

Definition at line 126 of file FuzzerMutate.cpp.

References assert(), N, and fuzzer::Random::RandBool().

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ Mutate_ShuffleBytes()

size_t fuzzer::MutationDispatcher::Mutate_ShuffleBytes ( uint8_t *  Data,
size_t  Size,
size_t  MaxSize 
)

Mutates data by shuffling bytes.

Definition at line 93 of file FuzzerMutate.cpp.

References assert(), and llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Size.

Referenced by MutationDispatcher(), and ~MutationDispatcher().

◆ PrintMutationSequence()

void fuzzer::MutationDispatcher::PrintMutationSequence ( )

Print the current sequence of mutations.

Definition at line 484 of file FuzzerMutate.cpp.

References fuzzer::DictionaryEntry::GetW(), fuzzer::PrintASCII(), and fuzzer::Printf().

Referenced by fuzzer::Fuzzer::ExecuteCallback(), fuzzer::Fuzzer::~Fuzzer(), and ~MutationDispatcher().

◆ PrintRecommendedDictionary()

void fuzzer::MutationDispatcher::PrintRecommendedDictionary ( )

◆ RecordSuccessfulMutationSequence()

void fuzzer::MutationDispatcher::RecordSuccessfulMutationSequence ( )

◆ SetCorpus()

void fuzzer::MutationDispatcher::SetCorpus ( const InputCorpus Corpus)
inline

Definition at line 85 of file FuzzerMutate.h.

Referenced by fuzzer::Fuzzer::Loop().

◆ StartMutationSequence()

void fuzzer::MutationDispatcher::StartMutationSequence ( )

Indicate that we are about to start a new sequence of mutations.

Definition at line 451 of file FuzzerMutate.cpp.

Referenced by fuzzer::Fuzzer::MinimizeCrashLoop(), fuzzer::Fuzzer::TryDetectingAMemoryLeak(), and ~MutationDispatcher().


The documentation for this class was generated from the following files: