LLVM  4.0.0
FuzzerCrossOver.cpp
Go to the documentation of this file.
1 //===- FuzzerCrossOver.cpp - Cross over two test inputs -------------------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 // Cross over test inputs.
10 //===----------------------------------------------------------------------===//
11 
12 #include "FuzzerDefs.h"
13 #include "FuzzerMutate.h"
14 #include "FuzzerRandom.h"
15 #include <cstring>
16 
17 namespace fuzzer {
18 
19 // Cross Data1 and Data2, store the result (up to MaxOutSize bytes) in Out.
20 size_t MutationDispatcher::CrossOver(const uint8_t *Data1, size_t Size1,
21  const uint8_t *Data2, size_t Size2,
22  uint8_t *Out, size_t MaxOutSize) {
23  assert(Size1 || Size2);
24  MaxOutSize = Rand(MaxOutSize) + 1;
25  size_t OutPos = 0;
26  size_t Pos1 = 0;
27  size_t Pos2 = 0;
28  size_t *InPos = &Pos1;
29  size_t InSize = Size1;
30  const uint8_t *Data = Data1;
31  bool CurrentlyUsingFirstData = true;
32  while (OutPos < MaxOutSize && (Pos1 < Size1 || Pos2 < Size2)) {
33  // Merge a part of Data into Out.
34  size_t OutSizeLeft = MaxOutSize - OutPos;
35  if (*InPos < InSize) {
36  size_t InSizeLeft = InSize - *InPos;
37  size_t MaxExtraSize = std::min(OutSizeLeft, InSizeLeft);
38  size_t ExtraSize = Rand(MaxExtraSize) + 1;
39  memcpy(Out + OutPos, Data + *InPos, ExtraSize);
40  OutPos += ExtraSize;
41  (*InPos) += ExtraSize;
42  }
43  // Use the other input data on the next iteration.
44  InPos = CurrentlyUsingFirstData ? &Pos2 : &Pos1;
45  InSize = CurrentlyUsingFirstData ? Size2 : Size1;
46  Data = CurrentlyUsingFirstData ? Data2 : Data1;
47  CurrentlyUsingFirstData = !CurrentlyUsingFirstData;
48  }
49  return OutPos;
50 }
51 
52 } // namespace fuzzer
size_t CrossOver(const uint8_t *Data1, size_t Size1, const uint8_t *Data2, size_t Size2, uint8_t *Out, size_t MaxOutSize)
Creates a cross-over of two pieces of Data, returns its size.
Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If min(jobs, NumberOfCpuCores()/2)\" is used.") FUZZER_FLAG_INT(reload
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())