LLVM  6.0.0svn
Classes | Typedefs | Functions | Variables
fuzzer Namespace Reference

Classes

class  Dictionary
 
class  DictionaryEntry
 
struct  ExternalFunctions
 
class  FixedWord
 
struct  FlagDescription
 
class  Fuzzer
 
struct  FuzzingOptions
 
class  InputCorpus
 
struct  InputInfo
 
struct  MallocFreeTracer
 
struct  MemMemTable
 
struct  MergeFileInfo
 
struct  Merger
 
class  MutationDispatcher
 
class  Random
 
struct  ScopedDoingMyOwnMemOrStr
 
class  SharedMemoryRegion
 
struct  TableOfRecentCompares
 
class  TracePC
 
struct  ValueBitMap
 

Typedefs

typedef std::vector< uint8_t > Unit
 
typedef std::vector< UnitUnitVector
 
typedef int(* UserCallback) (const uint8_t *Data, size_t Size)
 
typedef FixedWord< 64 > Word
 

Functions

uint64_t * ClangCountersBegin ()
 
uint64_t * ClangCountersEnd ()
 
ATTRIBUTE_NO_SANITIZE_ALL void ClearClangCounters ()
 
template<class T >
T Min (T a, T b)
 
template<class T >
T Max (T a, T b)
 
int FuzzerDriver (int *argc, char ***argv, UserCallback Callback)
 
uint8_t Bswap (uint8_t x)
 
uint16_t Bswap (uint16_t x)
 
uint32_t Bswap (uint32_t x)
 
uint64_t Bswap (uint64_t x)
 
uint8_t * ExtraCountersBegin ()
 
uint8_t * ExtraCountersEnd ()
 
void ClearExtraCounters ()
 
bool ParseOneDictionaryEntry (const std::string &Str, Unit *U)
 
bool ParseDictionaryFile (const std::string &Text, std::vector< Unit > *Units)
 
static void PrintHelp ()
 
static const charFlagValue (const char *Param, const char *Name)
 
static long MyStol (const char *Str)
 
static bool ParseOneFlag (const char *Param)
 
static void ParseFlags (const std::vector< std::string > &Args)
 
static void PulseThread ()
 
static void WorkerThread (const std::string &Cmd, std::atomic< unsigned > *Counter, unsigned NumJobs, std::atomic< bool > *HasErrors)
 
std::string CloneArgsWithoutX (const std::vector< std::string > &Args, const char *X1, const char *X2)
 
static int RunInMultipleProcesses (const std::vector< std::string > &Args, unsigned NumWorkers, unsigned NumJobs)
 
static void RssThread (Fuzzer *F, size_t RssLimitMb)
 
static void StartRssThread (Fuzzer *F, size_t RssLimitMb)
 
int RunOneTest (Fuzzer *F, const char *InputFilePath, size_t MaxLen)
 
static bool AllInputsAreFiles ()
 
static std::string GetDedupTokenFromFile (const std::string &Path)
 
int CleanseCrashInput (const std::vector< std::string > &Args, const FuzzingOptions &Options)
 
int MinimizeCrashInput (const std::vector< std::string > &Args, const FuzzingOptions &Options)
 
int MinimizeCrashInputInternalStep (Fuzzer *F, InputCorpus *Corpus)
 
int AnalyzeDictionary (Fuzzer *F, const std::vector< Unit > &Dict, UnitVector &Corpus)
 
long GetEpoch (const std::string &Path)
 
Unit FileToVector (const std::string &Path, size_t MaxSize, bool ExitOnError)
 
std::string FileToString (const std::string &Path)
 
void CopyFileToErr (const std::string &Path)
 
void WriteToFile (const Unit &U, const std::string &Path)
 
void ReadDirToVectorOfUnits (const char *Path, std::vector< Unit > *V, long *Epoch, size_t MaxSize, bool ExitOnError)
 
std::string DirPlusFile (const std::string &DirPath, const std::string &FileName)
 
void DupAndCloseStderr ()
 
void CloseStdout ()
 
void Printf (const char *Fmt,...)
 
std::string DirName (const std::string &FileName)
 
std::string TmpDir ()
 
bool IsInterestingCoverageFile (const std::string &FileName)
 
void RawPrint (const char *Str)
 
bool IsFile (const std::string &Path)
 
void ListFilesInDirRecursive (const std::string &Dir, long *Epoch, std::vector< std::string > *V, bool TopDir)
 
char GetSeparator ()
 
FILE * OpenFile (int Fd, const char *Mode)
 
int CloseFile (int Fd)
 
int DuplicateFile (int Fd)
 
void RemoveFile (const std::string &Path)
 
void DiscardOutput (int Fd)
 
intptr_t GetHandleFromFd (int fd)
 
ATTRIBUTE_NO_SANITIZE_MEMORY void MallocHook (const volatile void *ptr, size_t size)
 
ATTRIBUTE_NO_SANITIZE_MEMORY void FreeHook (const volatile void *ptr)
 
static bool LooseMemeq (const uint8_t *A, const uint8_t *B, size_t Size)
 
static void PrintASCII (const Word &W, const char *PrintAfter)
 
static char RandCh (Random &Rand)
 
template<class T >
size_t ChangeBinaryInteger (uint8_t *Data, size_t Size, Random &Rand)
 
void ComputeSHA1 (const uint8_t *Data, size_t Len, uint8_t *Out)
 
std::string Sha1ToString (const uint8_t Sha1[kSHA1NumBytes])
 
std::string Hash (const Unit &U)
 
ALWAYS_INLINE uintptr_t GetPreviousInstructionPc (uintptr_t PC)
 
ALWAYS_INLINE uintptr_t GetNextInstructionPc (uintptr_t PC)
 
static std::string GetModuleName (uintptr_t PC)
 
static size_t InternalStrnlen (const char *S, size_t MaxLen)
 
static size_t InternalStrnlen2 (const char *S1, const char *S2)
 
template<class Callback >
ATTRIBUTE_NO_SANITIZE_ALL void ForEachNonZeroByte (const uint8_t *Begin, const uint8_t *End, size_t FirstFeature, Callback Handle8bitCounter)
 
template<class T >
unsigned CounterToFeature (T Counter)
 
void PrintHexArray (const uint8_t *Data, size_t Size, const char *PrintAfter)
 
void Print (const Unit &v, const char *PrintAfter)
 
void PrintASCIIByte (uint8_t Byte)
 
void PrintASCII (const uint8_t *Data, size_t Size, const char *PrintAfter)
 
void PrintASCII (const Unit &U, const char *PrintAfter)
 
bool ToASCII (uint8_t *Data, size_t Size)
 
bool IsASCII (const Unit &U)
 
bool IsASCII (const uint8_t *Data, size_t Size)
 
std::string Base64 (const Unit &U)
 
std::string DescribePC (const char *SymbolizedFMT, uintptr_t PC)
 
void PrintPC (const char *SymbolizedFMT, const char *FallbackFMT, uintptr_t PC)
 
unsigned NumberOfCpuCores ()
 
size_t SimpleFastHash (const uint8_t *Data, size_t Size)
 
void PrintHexArray (const Unit &U, const char *PrintAfter="")
 
void SetSignalHandler (const FuzzingOptions &Options)
 
void SleepSeconds (int Seconds)
 
unsigned long GetPid ()
 
size_t GetPeakRSSMb ()
 
int ExecuteCommand (const std::string &Command)
 
FILE * OpenProcessPipe (const char *Command, const char *Mode)
 
const void * SearchMemory (const void *haystack, size_t haystacklen, const void *needle, size_t needlelen)
 
std::string CloneArgsWithoutX (const std::vector< std::string > &Args, const char *X)
 
std::pair< std::string, std::string > SplitBefore (std::string X, std::string S)
 
std::string DisassembleCmd (const std::string &FileName)
 
std::string SearchRegexCmd (const std::string &Regex)
 

Variables

ExternalFunctionsEF = nullptr
 
struct {
   Maximum length of the test input   fuzzer::If
 
   Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it   fuzzer::If
 
   Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If   fuzzer::positive
 
   Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer   fuzzer::Experimental:" " save coverage summary to a given file." " Used with -merge=1")FUZZER_FLAG_STRING(load_coverage_summary
 
   Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer   fuzzer::If
 
   Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with   fuzzer::runs
 
   Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with tries to cleanse the provided crash input to make it contain fewer original bytes Use with exact_artifact_path to specify the output Experimental Use value profile to guide fuzzing Number of jobs to run If   fuzzer::jobs
 
   Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with tries to cleanse the provided crash input to make it contain fewer original bytes Use with exact_artifact_path to specify the output Experimental Use value profile to guide fuzzing Number of jobs to run If Reload the main corpus every< N > seconds to get new units discovered by other processes   fuzzer::If
 
   Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with tries to cleanse the provided crash input to make it contain fewer original bytes Use with exact_artifact_path to specify the output Experimental Use value profile to guide fuzzing Number of jobs to run If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled   fuzzer::If
 
   Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with tries to cleanse the provided crash input to make it contain fewer original bytes Use with exact_artifact_path to specify the output Experimental Use value profile to guide fuzzing Number of jobs to run If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on   fuzzer::If
 
   Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with tries to cleanse the provided crash input to make it contain fewer original bytes Use with exact_artifact_path to specify the output Experimental Use value profile to guide fuzzing Number of jobs to run If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit   fuzzer::If
 
   Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with tries to cleanse the provided crash input to make it contain fewer original bytes Use with exact_artifact_path to specify the output Experimental Use value profile to guide fuzzing Number of jobs to run If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information as a sancov file at exit To be deprecated   fuzzer::If
 
Flags
 
static const FlagDescription FlagDescriptions []
 
static const size_t kNumFlags
 
static std::vector< std::string > * Inputs
 
static std::string * ProgName
 
static std::mutex Mu
 
static FILE * OutputFile = stderr
 
static const size_t kMaxUnitSizeToPrint = 256
 
SharedMemoryRegion SMR
 
static FuzzerF
 
static MallocFreeTracer AllocTracer
 
static const int kSHA1NumBytes = 20
 
TracePC TPC
 

Typedef Documentation

◆ Unit

typedef std::vector<uint8_t> fuzzer::Unit

Definition at line 105 of file FuzzerDefs.h.

◆ UnitVector

typedef std::vector<Unit> fuzzer::UnitVector

Definition at line 106 of file FuzzerDefs.h.

◆ UserCallback

typedef int(* fuzzer::UserCallback) (const uint8_t *Data, size_t Size)

Definition at line 107 of file FuzzerDefs.h.

◆ Word

typedef FixedWord<64> fuzzer::Word

Definition at line 56 of file FuzzerDictionary.h.

Function Documentation

◆ AllInputsAreFiles()

static bool fuzzer::AllInputsAreFiles ( )
static

Definition at line 418 of file FuzzerDriver.cpp.

◆ AnalyzeDictionary()

int fuzzer::AnalyzeDictionary ( Fuzzer F,
const std::vector< Unit > &  Dict,
UnitVector Corpus 
)

Definition at line 599 of file FuzzerDriver.cpp.

Referenced by FuzzerDriver().

◆ Base64()

std::string fuzzer::Base64 ( const Unit U)

Definition at line 154 of file FuzzerUtil.cpp.

Referenced by fuzzer::Fuzzer::ExecuteCallback().

◆ Bswap() [1/4]

uint8_t fuzzer::Bswap ( uint8_t  x)
inline

◆ Bswap() [2/4]

uint16_t fuzzer::Bswap ( uint16_t  x)
inline

Definition at line 118 of file FuzzerDefs.h.

◆ Bswap() [3/4]

uint32_t fuzzer::Bswap ( uint32_t  x)
inline

Definition at line 119 of file FuzzerDefs.h.

◆ Bswap() [4/4]

uint64_t fuzzer::Bswap ( uint64_t  x)
inline

◆ ChangeBinaryInteger()

template<class T >
size_t fuzzer::ChangeBinaryInteger ( uint8_t *  Data,
size_t  Size,
Random Rand 
)

◆ ClangCountersBegin()

uint64_t * fuzzer::ClangCountersBegin ( )

◆ ClangCountersEnd()

uint64_t * fuzzer::ClangCountersEnd ( )

◆ CleanseCrashInput()

int fuzzer::CleanseCrashInput ( const std::vector< std::string > &  Args,
const FuzzingOptions Options 
)

Definition at line 437 of file FuzzerDriver.cpp.

Referenced by ParseOneFlag().

◆ ClearClangCounters()

void fuzzer::ClearClangCounters ( )

Definition at line 45 of file FuzzerClangCounters.cpp.

References ClangCountersBegin(), ClangCountersEnd(), and P.

Referenced by Bswap(), and fuzzer::TracePC::ResetMaps().

◆ ClearExtraCounters()

void fuzzer::ClearExtraCounters ( )

Definition at line 38 of file FuzzerExtraCounters.cpp.

Referenced by Bswap(), and fuzzer::TracePC::ResetMaps().

◆ CloneArgsWithoutX() [1/2]

std::string fuzzer::CloneArgsWithoutX ( const std::vector< std::string > &  Args,
const char X 
)
inline

Definition at line 63 of file FuzzerUtil.h.

References CloneArgsWithoutX().

◆ CloneArgsWithoutX() [2/2]

std::string fuzzer::CloneArgsWithoutX ( const std::vector< std::string > &  Args,
const char X1,
const char X2 
)

◆ CloseFile()

int fuzzer::CloseFile ( int  Fd)

◆ CloseStdout()

void fuzzer::CloseStdout ( )

Definition at line 108 of file FuzzerIO.cpp.

References DiscardOutput().

Referenced by MinimizeCrashInput().

◆ ComputeSHA1()

void fuzzer::ComputeSHA1 ( const uint8_t *  Data,
size_t  Len,
uint8_t *  Out 
)

Definition at line 202 of file FuzzerSHA1.cpp.

References HASH_LENGTH.

Referenced by fuzzer::InputCorpus::AddToCorpus(), Hash(), and fuzzer::InputCorpus::Replace().

◆ CopyFileToErr()

void fuzzer::CopyFileToErr ( const std::string &  Path)

Definition at line 59 of file FuzzerIO.cpp.

References llvm::c_str(), FileToString(), and Printf().

◆ CounterToFeature()

template<class T >
unsigned fuzzer::CounterToFeature ( T  Counter)

◆ DescribePC()

std::string fuzzer::DescribePC ( const char SymbolizedFMT,
uintptr_t  PC 
)

Definition at line 182 of file FuzzerUtil.cpp.

References EF.

Referenced by fuzzer::TracePC::PrintCoverage(), PrintPC(), and fuzzer::Fuzzer::SetMaxMutationLen().

◆ DirName()

std::string fuzzer::DirName ( const std::string &  FileName)

◆ DirPlusFile()

std::string fuzzer::DirPlusFile ( const std::string &  DirPath,
const std::string &  FileName 
)

◆ DisassembleCmd()

std::string fuzzer::DisassembleCmd ( const std::string &  FileName)

Referenced by SplitBefore().

◆ DiscardOutput()

void fuzzer::DiscardOutput ( int  Fd)

Referenced by CloseStdout(), and DupAndCloseStderr().

◆ DupAndCloseStderr()

void fuzzer::DupAndCloseStderr ( )

Definition at line 94 of file FuzzerIO.cpp.

References DiscardOutput(), DuplicateFile(), EF, GetHandleFromFd(), and OpenFile().

Referenced by MinimizeCrashInput().

◆ DuplicateFile()

int fuzzer::DuplicateFile ( int  Fd)

Referenced by DupAndCloseStderr().

◆ ExecuteCommand()

int fuzzer::ExecuteCommand ( const std::string &  Command)

◆ ExtraCountersBegin()

uint8_t * fuzzer::ExtraCountersBegin ( )

Definition at line 36 of file FuzzerExtraCounters.cpp.

Referenced by Bswap(), and CounterToFeature().

◆ ExtraCountersEnd()

uint8_t * fuzzer::ExtraCountersEnd ( )

Definition at line 37 of file FuzzerExtraCounters.cpp.

Referenced by Bswap(), and CounterToFeature().

◆ FileToString()

std::string fuzzer::FileToString ( const std::string &  Path)

Definition at line 53 of file FuzzerIO.cpp.

References T.

Referenced by CopyFileToErr(), and ParseOneFlag().

◆ FileToVector()

Unit fuzzer::FileToVector ( const std::string &  Path,
size_t  MaxSize,
bool  ExitOnError 
)

◆ FlagValue()

static const char* fuzzer::FlagValue ( const char Param,
const char Name 
)
static

Definition at line 247 of file FuzzerDriver.cpp.

◆ ForEachNonZeroByte()

template<class Callback >
ATTRIBUTE_NO_SANITIZE_ALL void fuzzer::ForEachNonZeroByte ( const uint8_t *  Begin,
const uint8_t *  End,
size_t  FirstFeature,
Callback  Handle8bitCounter 
)

Definition at line 165 of file FuzzerTracePC.h.

References llvm::WebAssembly::End, I, and P.

Referenced by CounterToFeature().

◆ FreeHook()

ATTRIBUTE_NO_SANITIZE_MEMORY void fuzzer::FreeHook ( const volatile void *  ptr)

◆ FuzzerDriver()

int fuzzer::FuzzerDriver ( int *  argc,
char ***  argv,
UserCallback  Callback 
)

◆ GetDedupTokenFromFile()

static std::string fuzzer::GetDedupTokenFromFile ( const std::string &  Path)
static

Definition at line 426 of file FuzzerDriver.cpp.

References Flags, Printf(), and WriteToFile().

Referenced by ParseOneFlag().

◆ GetEpoch()

long fuzzer::GetEpoch ( const std::string &  Path)

Definition at line 26 of file FuzzerIO.cpp.

Referenced by fuzzer::Fuzzer::Fuzzer(), and ReadDirToVectorOfUnits().

◆ GetHandleFromFd()

intptr_t fuzzer::GetHandleFromFd ( int  fd)

Referenced by DupAndCloseStderr().

◆ GetModuleName()

static std::string fuzzer::GetModuleName ( uintptr_t  PC)
static

Definition at line 195 of file FuzzerTracePC.cpp.

References EF.

Referenced by fuzzer::TracePC::PrintCoverage().

◆ GetNextInstructionPc()

ALWAYS_INLINE uintptr_t fuzzer::GetNextInstructionPc ( uintptr_t  PC)
inline

Definition at line 189 of file FuzzerTracePC.cpp.

Referenced by fuzzer::TracePC::PrintCoverage().

◆ GetPeakRSSMb()

size_t fuzzer::GetPeakRSSMb ( )

◆ GetPid()

unsigned long fuzzer::GetPid ( )

◆ GetPreviousInstructionPc()

ALWAYS_INLINE uintptr_t fuzzer::GetPreviousInstructionPc ( uintptr_t  PC)
inline

Definition at line 183 of file FuzzerTracePC.cpp.

Referenced by fuzzer::TracePC::DumpCoverage().

◆ GetSeparator()

char fuzzer::GetSeparator ( )

Referenced by DirPlusFile().

◆ Hash()

std::string fuzzer::Hash ( const Unit U)

◆ InternalStrnlen()

static size_t fuzzer::InternalStrnlen ( const char S,
size_t  MaxLen 
)
static

Definition at line 324 of file FuzzerTracePC.cpp.

Referenced by __sanitizer_weak_hook_strncmp().

◆ InternalStrnlen2()

static size_t fuzzer::InternalStrnlen2 ( const char S1,
const char S2 
)
static

Definition at line 332 of file FuzzerTracePC.cpp.

Referenced by __sanitizer_weak_hook_strcmp().

◆ IsASCII() [1/2]

bool fuzzer::IsASCII ( const Unit U)

Definition at line 73 of file FuzzerUtil.cpp.

Referenced by fuzzer::Fuzzer::ExecuteCallback().

◆ IsASCII() [2/2]

bool fuzzer::IsASCII ( const uint8_t *  Data,
size_t  Size 
)

Definition at line 75 of file FuzzerUtil.cpp.

References llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Size.

◆ IsFile()

bool fuzzer::IsFile ( const std::string &  Path)

Referenced by ParseOneFlag().

◆ IsInterestingCoverageFile()

bool fuzzer::IsInterestingCoverageFile ( const std::string &  FileName)

◆ ListFilesInDirRecursive()

void fuzzer::ListFilesInDirRecursive ( const std::string &  Dir,
long *  Epoch,
std::vector< std::string > *  V,
bool  TopDir 
)

◆ LooseMemeq()

static bool fuzzer::LooseMemeq ( const uint8_t *  A,
const uint8_t *  B,
size_t  Size 
)
static

Definition at line 469 of file FuzzerLoop.cpp.

References memcmp.

Referenced by fuzzer::Fuzzer::ExecuteCallback().

◆ MallocHook()

ATTRIBUTE_NO_SANITIZE_MEMORY void fuzzer::MallocHook ( const volatile void *  ptr,
size_t  size 
)

◆ Max()

template<class T >
T fuzzer::Max ( T  a,
T  b 
)

◆ Min()

template<class T >
T fuzzer::Min ( T  a,
T  b 
)

◆ MinimizeCrashInput()

int fuzzer::MinimizeCrashInput ( const std::vector< std::string > &  Args,
const FuzzingOptions Options 
)

◆ MinimizeCrashInputInternalStep()

int fuzzer::MinimizeCrashInputInternalStep ( Fuzzer F,
InputCorpus Corpus 
)

Definition at line 582 of file FuzzerDriver.cpp.

◆ MyStol()

static long fuzzer::MyStol ( const char Str)
static

Definition at line 256 of file FuzzerDriver.cpp.

◆ NumberOfCpuCores()

unsigned fuzzer::NumberOfCpuCores ( )

Definition at line 198 of file FuzzerUtil.cpp.

References llvm::hardware_concurrency(), N, and Printf().

Referenced by MinimizeCrashInput().

◆ OpenFile()

FILE* fuzzer::OpenFile ( int  Fd,
const char Mode 
)

Referenced by DupAndCloseStderr().

◆ OpenProcessPipe()

FILE* fuzzer::OpenProcessPipe ( const char Command,
const char Mode 
)

◆ ParseDictionaryFile()

bool fuzzer::ParseDictionaryFile ( const std::string &  Text,
std::vector< Unit > *  Units 
)

Definition at line 127 of file FuzzerUtil.cpp.

References ParseOneDictionaryEntry(), and Printf().

Referenced by fuzzer::Dictionary::size().

◆ ParseFlags()

static void fuzzer::ParseFlags ( const std::vector< std::string > &  Args)
static

Definition at line 318 of file FuzzerDriver.cpp.

Referenced by MinimizeCrashInput().

◆ ParseOneDictionaryEntry()

bool fuzzer::ParseOneDictionaryEntry ( const std::string &  Str,
Unit U 
)

Definition at line 81 of file FuzzerUtil.cpp.

References assert().

Referenced by ParseDictionaryFile(), and fuzzer::Dictionary::size().

◆ ParseOneFlag()

static bool fuzzer::ParseOneFlag ( const char Param)
static

◆ Print()

void fuzzer::Print ( const Unit v,
const char PrintAfter 
)

Definition at line 34 of file FuzzerUtil.cpp.

References PrintAfter(), and PrintHexArray().

Referenced by llvm::SparseSolver< LatticeVal >::SparseSolver().

◆ PrintASCII() [1/3]

static void fuzzer::PrintASCII ( const Word W,
const char PrintAfter 
)
static

◆ PrintASCII() [2/3]

void fuzzer::PrintASCII ( const uint8_t *  Data,
size_t  Size,
const char PrintAfter 
)

◆ PrintASCII() [3/3]

void fuzzer::PrintASCII ( const Unit U,
const char PrintAfter 
)

Definition at line 55 of file FuzzerUtil.cpp.

References PrintAfter(), and PrintASCII().

◆ PrintASCIIByte()

void fuzzer::PrintASCIIByte ( uint8_t  Byte)

Definition at line 38 of file FuzzerUtil.cpp.

References Printf().

Referenced by PrintASCII().

◆ Printf()

void fuzzer::Printf ( const char Fmt,
  ... 
)

Definition at line 112 of file FuzzerIO.cpp.

Referenced by fuzzer::InputCorpus::AddFeature(), fuzzer::InputCorpus::AddToCorpus(), fuzzer::Fuzzer::AnnounceOutput(), CopyFileToErr(), fuzzer::Fuzzer::CrashResistantMerge(), fuzzer::Fuzzer::CrashResistantMergeInternalStep(), fuzzer::InputCorpus::DeleteInput(), fuzzer::Fuzzer::ExecuteCallback(), FileToVector(), FreeHook(), FuzzerDriver(), fuzzer::Fuzzer::GetCurrentUnitInFuzzingThead(), GetDedupTokenFromFile(), fuzzer::Fuzzer::HandleMalloc(), fuzzer::Fuzzer::Loop(), MallocHook(), MinimizeCrashInput(), NumberOfCpuCores(), ParseDictionaryFile(), ParseOneFlag(), fuzzer::Merger::ParseOrExit(), fuzzer::DictionaryEntry::Print(), PrintASCII(), PrintASCIIByte(), fuzzer::InputCorpus::PrintCorpus(), fuzzer::TracePC::PrintCoverage(), fuzzer::InputCorpus::PrintFeatureSet(), fuzzer::Fuzzer::PrintFinalStats(), PrintHexArray(), fuzzer::TracePC::PrintModuleInfo(), fuzzer::MutationDispatcher::PrintMutationSequence(), PrintPC(), fuzzer::MutationDispatcher::PrintRecommendedDictionary(), fuzzer::InputCorpus::PrintStats(), fuzzer::InputCorpus::PrintUnit(), PulseThread(), ReadDirToVectorOfUnits(), fuzzer::Fuzzer::RereadOutputCorpus(), fuzzer::InputCorpus::ResetFeatureSet(), fuzzer::Fuzzer::RssLimitCallback(), RunInMultipleProcesses(), fuzzer::Fuzzer::SetMaxInputLen(), fuzzer::Fuzzer::SetMaxMutationLen(), fuzzer::Fuzzer::ShuffleAndMinimize(), fuzzer::MallocFreeTracer::Start(), fuzzer::Fuzzer::StaticFileSizeExceedCallback(), fuzzer::MallocFreeTracer::Stop(), fuzzer::Fuzzer::TryDetectingAMemoryLeak(), and fuzzer::Fuzzer::~Fuzzer().

◆ PrintHelp()

static void fuzzer::PrintHelp ( )
static

Definition at line 220 of file FuzzerDriver.cpp.

Referenced by MinimizeCrashInput().

◆ PrintHexArray() [1/2]

void fuzzer::PrintHexArray ( const Unit U,
const char PrintAfter = "" 
)

◆ PrintHexArray() [2/2]

void fuzzer::PrintHexArray ( const uint8_t *  Data,
size_t  Size,
const char PrintAfter 
)

Definition at line 27 of file FuzzerUtil.cpp.

References Printf(), and llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Size.

Referenced by Print(), and fuzzer::Fuzzer::~Fuzzer().

◆ PrintPC()

void fuzzer::PrintPC ( const char SymbolizedFMT,
const char FallbackFMT,
uintptr_t  PC 
)

Definition at line 191 of file FuzzerUtil.cpp.

References llvm::c_str(), DescribePC(), EF, and Printf().

Referenced by fuzzer::TracePC::UpdateObservedPCs().

◆ PulseThread()

static void fuzzer::PulseThread ( )
static

Definition at line 341 of file FuzzerDriver.cpp.

References Printf(), and WriteToFile().

◆ RandCh()

static char fuzzer::RandCh ( Random Rand)
static

◆ RawPrint()

void fuzzer::RawPrint ( const char Str)

◆ ReadDirToVectorOfUnits()

void fuzzer::ReadDirToVectorOfUnits ( const char Path,
std::vector< Unit > *  V,
long *  Epoch,
size_t  MaxSize,
bool  ExitOnError 
)

◆ RemoveFile()

void fuzzer::RemoveFile ( const std::string &  Path)

◆ RssThread()

static void fuzzer::RssThread ( Fuzzer F,
size_t  RssLimitMb 
)
static

Definition at line 394 of file FuzzerDriver.cpp.

◆ RunInMultipleProcesses()

static int fuzzer::RunInMultipleProcesses ( const std::vector< std::string > &  Args,
unsigned  NumWorkers,
unsigned  NumJobs 
)
static

Definition at line 379 of file FuzzerDriver.cpp.

References ExecuteCommand(), FileToVector(), and Printf().

Referenced by MinimizeCrashInput().

◆ RunOneTest()

int fuzzer::RunOneTest ( Fuzzer F,
const char InputFilePath,
size_t  MaxLen 
)

Definition at line 409 of file FuzzerDriver.cpp.

Referenced by FuzzerDriver().

◆ SearchMemory()

const void* fuzzer::SearchMemory ( const void *  haystack,
size_t  haystacklen,
const void *  needle,
size_t  needlelen 
)

◆ SearchRegexCmd()

std::string fuzzer::SearchRegexCmd ( const std::string &  Regex)

Referenced by SplitBefore().

◆ SetSignalHandler()

void fuzzer::SetSignalHandler ( const FuzzingOptions Options)

◆ Sha1ToString()

std::string fuzzer::Sha1ToString ( const uint8_t  Sha1[kSHA1NumBytes])

◆ SimpleFastHash()

size_t fuzzer::SimpleFastHash ( const uint8_t *  Data,
size_t  Size 
)

◆ SleepSeconds()

void fuzzer::SleepSeconds ( int  Seconds)

◆ SplitBefore()

std::pair<std::string, std::string> fuzzer::SplitBefore ( std::string  X,
std::string  S 
)
inline

◆ StartRssThread()

static void fuzzer::StartRssThread ( Fuzzer F,
size_t  RssLimitMb 
)
static

Definition at line 403 of file FuzzerDriver.cpp.

◆ TmpDir()

std::string fuzzer::TmpDir ( )

◆ ToASCII()

bool fuzzer::ToASCII ( uint8_t *  Data,
size_t  Size 
)

◆ WorkerThread()

static void fuzzer::WorkerThread ( const std::string &  Cmd,
std::atomic< unsigned > *  Counter,
unsigned  NumJobs,
std::atomic< bool > *  HasErrors 
)
static

Definition at line 349 of file FuzzerDriver.cpp.

◆ WriteToFile()

void fuzzer::WriteToFile ( const Unit U,
const std::string &  Path 
)

Variable Documentation

◆ AllocTracer

MallocFreeTracer fuzzer::AllocTracer
static

Definition at line 74 of file FuzzerLoop.cpp.

◆ EF

ExternalFunctions * fuzzer::EF = nullptr

Definition at line 902 of file FuzzerDriver.cpp.

Referenced by llvm::object::ELFObjectFile< ELFT >::create(), DescribePC(), fuzzer::TracePC::DumpCoverage(), DupAndCloseStderr(), FreeHook(), fuzzer::Fuzzer::Fuzzer(), FuzzerDriver(), llvm::object::ELFObjectFile< ELFT >::getBuildAttributes(), llvm::object::ELFObjectFile< ELFT >::getELFFile(), getFileName(), GetModuleName(), llvm::object::ELFObjectFile< ELFT >::getPlatformFlags(), llvm::object::ELFObjectFile< ELFT >::getRel(), llvm::object::ELFObjectFile< ELFT >::getRela(), llvm::object::ELFObjectFile< ELFT >::getRelocatedSection(), llvm::object::ELFObjectFile< ELFT >::getRelocationOffset(), llvm::object::ELFObjectFile< ELFT >::getRelocationSymbol(), llvm::object::ELFObjectFile< ELFT >::getRelocationType(), llvm::object::ELFObjectFile< ELFT >::getRelocationTypeName(), llvm::object::ELFObjectFile< ELFT >::getSectionIndex(), llvm::object::ELFObjectFile< ELFT >::getSectionName(), llvm::object::ELFObjectFile< ELFT >::getSymbol(), llvm::object::ELFObjectFile< ELFT >::getSymbolAddress(), llvm::object::ELFObjectFile< ELFT >::getSymbolAlignment(), llvm::object::ELFObjectFile< ELFT >::getSymbolFlags(), llvm::object::ELFObjectFile< ELFT >::getSymbolName(), llvm::object::ELFObjectFile< ELFT >::getSymbolSection(), llvm::object::ELFObjectFile< ELFT >::getSymbolValueImpl(), fuzzer::Fuzzer::HandleMalloc(), MallocHook(), Max(), llvm::MCELFStreamer::MCELFStreamer(), MinimizeCrashInput(), fuzzer::MutationDispatcher::Mutate_Custom(), fuzzer::MutationDispatcher::Mutate_CustomCrossOver(), fuzzer::MutationDispatcher::MutationDispatcher(), fuzzer::TracePC::PrintCoverage(), PrintPC(), fuzzer::Fuzzer::RssLimitCallback(), llvm::object::ELFObjectFile< ELFT >::section_rel_begin(), llvm::object::ELFObjectFile< ELFT >::section_rel_end(), fuzzer::Fuzzer::StaticFileSizeExceedCallback(), llvm::object::ELFObjectFile< ELFT >::toDRI(), fuzzer::Fuzzer::TryDetectingAMemoryLeak(), and llvm::MCWasmStreamer::~MCWasmStreamer().

◆ Experimental

Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer fuzzer::Experimental

Definition at line 46 of file FuzzerDriver.cpp.

◆ F

Fuzzer* fuzzer::F
static

◆ FlagDescriptions

const FlagDescription fuzzer::FlagDescriptions[]
static

Definition at line 57 of file FuzzerDriver.cpp.

◆ Flags

struct { ... } fuzzer::Flags

Referenced by llvm::MachineInstrBuilder::addDef(), addFastMathFlag(), llvm::addFrameReference(), llvm::ModuleSymbolTable::addModule(), addSaveRestoreRegs(), llvm::pdb::DbiStreamBuilder::addSectionContrib(), llvm::MachineInstrBuilder::addUse(), llvm::BitstreamCursor::advance(), llvm::BitstreamCursor::advanceSkippingSubblocks(), llvm::CCState::AnalyzeArguments(), llvm::SystemZCCState::AnalyzeCallOperands(), llvm::MipsCCState::AnalyzeCallOperands(), llvm::CCState::AnalyzeCallResult(), AnalyzeReturnValues(), areCandidatesToMergeOrPair(), argsAreStructReturn(), llvm::DwarfDebug::beginInstruction(), llvm::BinaryConstantExpr::BinaryConstantExpr(), BuildExactSDIV(), llvm::buildModuleSummaryIndex(), llvm::SelectionDAG::ByvalParmDbgEnd(), callIsStructReturn(), canUseSiblingCall(), CC_Lanai32_VarArg(), CC_MipsO32_FP64(), llvm::AArch64TargetLowering::CCAssignFnForReturn(), llvm::ARMTargetLowering::CCAssignFnForReturn(), CheckForLiveRegDef(), llvm::object::MachOObjectFile::checkSymbolTable(), combineADC(), combineBrCond(), combineCMov(), combineSBB(), combineSetCCEFLAGS(), combineShuffleOfSplat(), computeAliasSummary(), computeBytesPoppedByCalleeForSRet(), computeFunctionSummary(), llvm::rdf::Liveness::computePhiInfo(), computeSectionKind(), llvm::RuntimeDyldImpl::computeTotalAllocSize(), computeVariableSummary(), ConvertCarryFlagToBooleanCarry(), llvm::GetElementPtrConstantExpr::Create(), llvm::ScalarEvolution::createAddRecFromPHIWithCasts(), llvm::MCContext::createELFRelSection(), llvm::IRBuilderBase::CreateGCStatepointCall(), llvm::IRBuilderBase::CreateGCStatepointInvoke(), llvm::FastISel::createMachineMemOperandFor(), llvm::IRBuilderBase::CreateMemMove(), llvm::DIBuilder::createObjectPointerType(), createPPCMCAsmInfo(), llvm::createR600ExpandSpecialInstrsPass(), createRdxShuffleMask(), llvm::createSimpleTargetReduction(), llvm::createSIWholeQuadModePass(), llvm::createTargetReduction(), llvm::MDBuilder::createTBAANode(), createVirtualRegs(), llvm::InstrEmitter::EmitDbgValue(), llvm::MipsTargetELFStreamer::emitDirectiveAbiCalls(), llvm::MipsTargetELFStreamer::emitDirectiveNaN2008(), llvm::MipsTargetELFStreamer::emitDirectiveNaNLegacy(), llvm::MipsTargetELFStreamer::emitDirectiveOptionPic0(), llvm::MipsTargetELFStreamer::emitDirectiveOptionPic2(), llvm::MipsTargetELFStreamer::emitDirectiveSetMips16(), llvm::MipsTargetELFStreamer::emitDirectiveSetNoReorder(), llvm::ARMAsmPrinter::EmitEndOfAsmFile(), llvm::X86AsmPrinter::EmitEndOfAsmFile(), llvm::MCStreamer::EmitIdent(), llvm::SITargetLowering::EmitInstrWithCustomInserter(), llvm::TargetLoweringObjectFileELF::emitModuleMetadata(), llvm::TargetLoweringObjectFileCOFF::emitModuleMetadata(), llvm::TargetLoweringBase::emitPatchPoint(), llvm::TargetLoweringObjectFileELF::emitPersonalityValue(), emitRemovedIntrinsicError(), emitSignedInt64(), llvm::HexagonSelectionDAGInfo::EmitTargetCodeForMemcpy(), llvm::AsmPrinter::emitXRayTable(), llvm::DwarfDebug::endFunctionImpl(), EnsureStackAlignment(), eraseGPOpnd(), llvm::ARMBaseInstrInfo::expandLoadStackGuardBase(), llvm::pdb::PDBSymbol::findAllChildren(), llvm::pdb::DIARawSymbol::findChildren(), llvm::pdb::DIARawSymbol::findChildrenByRVA(), llvm::orc::remote::OrcRemoteTargetClient::RemoteIndirectStubsManager::findPointer(), llvm::orc::remote::OrcRemoteTargetClient::RemoteIndirectStubsManager::findStub(), findUnwindDestinations(), llvm::GlobalValueSummary::flags(), llvm::object::MachOBindEntry::flags(), llvm::TargetInstrInfo::foldMemoryOperand(), foldSelectICmpAndOr(), llvm::JITSymbolFlags::fromGlobalValue(), llvm::JITSymbolFlags::fromObjectSymbol(), llvm::ARMJITSymbolFlags::fromObjectSymbol(), llvm::PPCTargetLowering::functionArgumentNeedsConsecutiveRegisters(), FunctionNumber(), FuzzerDriver(), llvm::ConstantExpr::getAdd(), llvm::ScalarEvolution::getAddExpr(), llvm::ScalarEvolution::getAddRecExpr(), llvm::JITSymbol::getAddress(), GetAEABIUnwindPersonalityName(), llvm::rdf::Liveness::getAllReachingDefs(), llvm::IRTranslator::getAnalysisUsage(), getARClassRegisterMask(), getArrayElements(), llvm::MCObjectStreamer::getAssembler(), llvm::MCAssembler::getAtom(), llvm::SelectionDAG::getAtomic(), llvm::SelectionDAG::getAtomicCmpSwap(), llvm::DIFile::getChecksumKind(), getCOFFSectionFlags(), getComparePred(), getCompareSourceReg(), llvm::pdb::IPDBSession::getConcreteSymbolById(), llvm::ScalarEvolution::getContext(), getDecodedFFlags(), llvm::object::Decompressor::getDecompressedSize(), GetDedupTokenFromFile(), llvm::pdb::DIARawSymbol::getDiaSymbol(), llvm::MCContext::getELFSection(), getELFSectionFlags(), getEstimate(), llvm::ConstantExpr::getExactLShr(), llvm::TargetLoweringObjectFileELF::getExplicitSectionGlobal(), llvm::MCSectionELF::getFlags(), llvm::MCDwarfLoc::getFlags(), llvm::JITEvaluatedSymbol::getFlags(), llvm::MachineInstr::getFlags(), llvm::MCInstrDesc::getFlags(), llvm::SymbolTableEntry::getFlags(), llvm::JITSymbol::getFlags(), llvm::SCEVWrapPredicate::getFlags(), llvm::DIType::getFlags(), llvm::codeview::Compile2Sym::getFlags(), llvm::codeview::Compile3Sym::getFlags(), llvm::SDNode::getFlags(), llvm::DILocalVariable::getFlags(), getFPReg(), llvm::SelectionDAG::getGLOBAL_OFFSET_TABLE(), llvm::InductionDescriptor::getInductionOpcode(), llvm::RuntimeDyldMachOARM::getJITSymbolFlags(), llvm::codeview::Compile2Sym::getLanguage(), llvm::codeview::Compile3Sym::getLanguage(), getLoadStackGuard(), llvm::X86TargetLowering::getMaxSupportedInterleaveFactor(), getMClassFlagsMask(), llvm::SelectionDAG::getMemIntrinsicNode(), llvm::ConstantExpr::getMul(), llvm::ScalarEvolution::getMulExpr(), llvm::Module::getNamedGlobal(), GetNegatedExpression(), getNextRegister(), llvm::rdf::DataFlowGraph::getNextShadow(), getNodeRegMask(), llvm::MipsTargetLowering::getOpndList(), getOptimizationFlags(), llvm::NVPTXTargetLowering::getPrototype(), getRangeForAffineARHelper(), llvm::CCState::getRemainingRegParmsForType(), llvm::GetReturnInfo(), llvm::object::MachOObjectFile::getSectionType(), llvm::SelectionDAG::getSelectCC(), llvm::HexagonInstrInfo::getSerializableBitmaskMachineOperandTargetFlags(), llvm::MipsInstrInfo::getSerializableDirectMachineOperandTargetFlags(), llvm::HexagonInstrInfo::getSerializableDirectMachineOperandTargetFlags(), llvm::ConstantExpr::getShl(), llvm::MipsCCState::getSpecialCallingConvForCallee(), getStaticStructorSection(), llvm::InnerLoopVectorizer::getStepVector(), llvm::ConstantExpr::getSub(), llvm::object::ObjectFile::getSymbolValue(), getTargetFlagName(), llvm::JITSymbolFlags::getTargetFlags(), getTargetMMOFlagName(), getTryAncestor(), llvm::ARMInstrInfo::getUnindexedOpcode(), getVectorCompareInfo(), llvm::ImutAVLTreeGenericIterator< ImutInfo >::getVisitState(), llvm::PerFunctionMIParsingState::getVRegInfo(), getX86SSEConditionCode(), getXCoreSectionFlags(), llvm::GlobalValueSummary::GVFlags::GVFlags(), handleNonPrevailingComdat(), hasConflictingReferenceFlags(), llvm::JITSymbolFlags::hasError(), hasOnlySelectUsers(), llvm::ARMTargetLowering::hasStandaloneRem(), llvm::rdf::DataFlowGraph::id(), llvm::DIType::init(), llvm::HexagonInstrInfo::insertBranch(), llvm::JITSymbolFlags::isCommon(), llvm::JITSymbolFlags::isExported(), isFMulNegTwo(), isFuncOrArgAttr(), isImplicitOperandIn(), llvm::HexagonMCInstrInfo::isInnerLoop(), llvm::ScalarEvolution::isLoopEntryGuardedByCond(), llvm::HexagonMCInstrInfo::isMemReorderDisabled(), llvm::HexagonMCInstrInfo::isMemStoreReorderEnabled(), isMulPowOf2(), isOperator(), llvm::HexagonMCInstrInfo::isOuterLoop(), llvm::rdf::DataFlowGraph::IsPreservingDef(), isPromotableZeroStoreInst(), llvm::object::MachOObjectFile::isSectionBSS(), llvm::object::MachOObjectFile::isSectionData(), llvm::object::MachOObjectFile::isSectionText(), llvm::SIInstrInfo::isSegmentSpecificFLAT(), isSortedByValueNo(), isSupportedType(), isTruncateOf(), isVectorReductionOp(), llvm::JITSymbolFlags::isWeak(), isWeak(), llvm::MachObjectWriter::isX86_64(), llvm::JITSymbol::JITSymbol(), llvm::orc::RemoteObjectLayer< RPCEndpoint >::jitSymbolToRemote(), LinearizeExprTree(), llvm::RuntimeDyldImpl::loadObjectImpl(), llvm::MipsInstrInfo::loadRegFromStackSlot(), llvm::SelectionDAGBuilder::LowerAsSTATEPOINT(), llvm::HexagonTargetLowering::LowerCall(), llvm::SITargetLowering::LowerCall(), llvm::NVPTXTargetLowering::LowerCall(), llvm::SparcTargetLowering::LowerCall_32(), lowerCallResult(), LowerCallResult(), llvm::FastISel::lowerCallTo(), llvm::TargetLowering::LowerCallTo(), llvm::AMDGPUCallLowering::lowerFormalArguments(), llvm::HexagonTargetLowering::LowerFormalArguments(), llvm::SITargetLowering::LowerFormalArguments(), llvm::SparcTargetLowering::LowerFormalArguments_32(), llvm::HexagonTargetLowering::LowerINLINEASM(), llvm::BPFTargetLowering::LowerOperation(), llvm::NVPTXTargetLowering::LowerReturn(), llvm::HexagonTargetLowering::LowerToTLSGeneralDynamicModel(), llvm::LTOModule::makeBuffer(), makeStatepointExplicitImpl(), mapArchToCVCPUType(), llvm::MapMetadata(), llvm::MapValue(), MatchingStackOffset(), llvm::AMDGPUTargetLowering::mayIgnoreSignedZero(), mayTailCallThisCC(), llvm::codeview::MemberAttributes::MemberAttributes(), mergeTypeForSet(), MinimizeCrashInput(), llvm::object::MachOBindEntry::moveNext(), llvm::irsymtab::Reader::SymbolRef::moveNext(), node_eq(), llvm::JITSymbol::operator bool(), llvm::JITSymbolFlags::operator const UnderlyingType &(), llvm::ARMJITSymbolFlags::operator JITSymbolFlags::TargetFlagsType &(), llvm::JITSymbolFlags::operator UnderlyingType &(), llvm::ImutAVLTreeGenericIterator< ImutInfo >::operator*(), llvm::ImutAVLTreeGenericIterator< ImutInfo >::operator++(), llvm::ImutAVLTreeGenericIterator< ImutInfo >::operator--(), llvm::rdf::operator<<(), llvm::JITSymbol::operator=(), llvm::sys::fs::operator|=(), llvm::MetadataLoader::MetadataLoaderImpl::parseMetadata(), ParseOneFlag(), parsePhysicalReg(), PeepholePPC64ZExtGather(), PrepareCall(), llvm::MachineInstr::print(), llvm::ARMAsmPrinter::PrintAsmOperand(), llvm::MipsAsmPrinter::PrintAsmOperand(), llvm::ScopedPrinter::printFlags(), printFPOReg(), llvm::opt::OptTable::PrintHelp(), PrintQuotedString(), llvm::MIPrinter::printTargetFlags(), promoteExtBeforeAdd(), readWideAPInt(), llvm::RemapFunction(), llvm::RemapInstruction(), llvm::MCContext::renameELFSection(), llvm::RuntimeDyldImpl::resolveExternalSymbols(), llvm::SelectionDAGISel::SelectInlineAsmMemoryOperands(), llvm::TargetLoweringObjectFileELF::SelectSectionForGlobal(), llvm::MCAssembler::setELFHeaderEFlags(), llvm::SCEVWrapPredicate::setFlags(), llvm::SCEVCommutativeExpr::setNoWrapFlags(), llvm::SCEVAddRecExpr::setNoWrapFlags(), llvm::MipsTargetELFStreamer::setUsesMicroMips(), llvm::DwarfDebug::shareAcrossDWOCUs(), llvm::AArch64TTIImpl::shouldExpandReduction(), shouldGuaranteeTCO(), simplifyAssocCastAssoc(), llvm::TargetLowering::SimplifyDemandedBits(), llvm::DINode::splitFlags(), StrengthenNoWrapFlags(), llvm::JITSymbol::takeError(), llvm::thinLTOInternalizeModule(), toString(), llvm::InductionDescriptor::transform(), trySequenceOfOnes(), tryToElideArgumentCopy(), UnpackFromArgumentSlot(), llvm::DwarfUnit::updateAcceleratorTables(), useSinCos(), llvm::InstCombiner::visitFDiv(), llvm::object::WasmObjectFile::WasmObjectFile(), wrapConstantAsMetadata(), llvm::MachObjectWriter::writeHeader(), llvm::MachObjectWriter::writeObject(), llvm::X86InstrInfo::X86InstrInfo(), and llvm::JITSymbol::~JITSymbol().

◆ If

Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with tries to cleanse the provided crash input to make it contain fewer original bytes Use with exact_artifact_path to specify the output Experimental Use value profile to guide fuzzing Number of jobs to run If Reload the main corpus every<N> seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information as a sancov file at exit To be deprecated fuzzer::If

Definition at line 18 of file FuzzerDriver.cpp.

◆ Inputs

std::vector<std::string>* fuzzer::Inputs
static

◆ jobs

Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with tries to cleanse the provided crash input to make it contain fewer original bytes Use with exact_artifact_path to specify the output Experimental Use value profile to guide fuzzing Number of jobs to run If fuzzer::jobs
Initial value:
= 1 we spawn"
" this number of jobs in separate worker processes"
" with stdout/stderr redirected to fuzz-JOB.log.")
FUZZER_FLAG_UNSIGNED(workers, 0,
"Number of simultaneous worker processes to run the jobs."
" If zero

Definition at line 72 of file FuzzerDriver.cpp.

◆ kMaxUnitSizeToPrint

const size_t fuzzer::kMaxUnitSizeToPrint = 256
static

Definition at line 39 of file FuzzerLoop.cpp.

Referenced by fuzzer::Fuzzer::ExecuteCallback().

◆ kNumFlags

const size_t fuzzer::kNumFlags
static
Initial value:
=
sizeof(FlagDescriptions) / sizeof(FlagDescriptions[0])
static const FlagDescription FlagDescriptions[]

Definition at line 214 of file FuzzerDriver.cpp.

◆ kSHA1NumBytes

const int fuzzer::kSHA1NumBytes = 20
static

Definition at line 22 of file FuzzerSHA1.h.

Referenced by Hash(), fuzzer::Fuzzer::InFuzzingThread(), and Sha1ToString().

◆ Mu

std::mutex fuzzer::Mu
static

Definition at line 339 of file FuzzerDriver.cpp.

◆ OutputFile

FILE* fuzzer::OutputFile = stderr
static

Definition at line 24 of file FuzzerIO.cpp.

Referenced by printSymbolizedStackTrace().

◆ positive

Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If fuzzer::positive

Definition at line 36 of file FuzzerDriver.cpp.

◆ ProgName

std::string* fuzzer::ProgName
static

◆ runs

Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with fuzzer::runs
Initial value:
=N or -max_total_time=N to limit "
"the number attempts."
" Use with -exact_artifact_path to specify the output."
" Combine with ASAN_OPTIONS=dedup_token_length=3 (or similar) to ensure that"
" the minimized input triggers the same crash."
)
FUZZER_FLAG_INT(cleanse_crash, 0, "If 1

Definition at line 51 of file FuzzerDriver.cpp.

◆ SMR

SharedMemoryRegion fuzzer::SMR

Definition at line 43 of file FuzzerLoop.cpp.

Referenced by FuzzerDriver(), and fuzzer::SharedMemoryRegion::IsClient().

◆ TPC

TracePC fuzzer::TPC