void Fuzzer::MutateAndTestOne() { MD.StartMutationSequence(); auto &U = ChooseUnitToMutate(); MutateInPlaceHere.resize(Options.MaxLen); size_t Size = U.size(); assert(Size <= Options.MaxLen && "Oversized Unit"); memcpy(MutateInPlaceHere.data(), U.data(), Size); for (int i = 0; i < Options.MutateDepth; i++) { size_t NewSize = 0; if (LLVMFuzzerCustomMutator) NewSize = LLVMFuzzerCustomMutator(MutateInPlaceHere.data(), Size, Options.MaxLen, MD.GetRand().Rand()); else NewSize = MD.Mutate(MutateInPlaceHere.data(), Size, Options.MaxLen); assert(NewSize > 0 && "Mutator returned empty unit"); assert(NewSize <= Options.MaxLen && "Mutator return overisized unit"); Size = NewSize; if (i == 0) StartTraceRecording(); RunOneAndUpdateCorpus(MutateInPlaceHere.data(), Size); StopTraceRecording(); TryDetectingAMemoryLeak(MutateInPlaceHere.data(), Size); } }
void Fuzzer::MutateAndTestOne(Unit *U) { for (int i = 0; i < Options.MutateDepth; i++) { StartTraceRecording(); size_t Size = U->size(); U->resize(Options.MaxLen); size_t NewSize = USF.Mutate(U->data(), Size, U->size()); assert(NewSize > 0 && "Mutator returned empty unit"); assert(NewSize <= (size_t)Options.MaxLen && "Mutator return overisized unit"); U->resize(NewSize); RunOneAndUpdateCorpus(*U); size_t NumTraceBasedMutations = StopTraceRecording(); size_t TBMWidth = std::min((size_t)Options.TBMWidth, NumTraceBasedMutations); size_t TBMDepth = std::min((size_t)Options.TBMDepth, NumTraceBasedMutations); Unit BackUp = *U; for (size_t w = 0; w < TBMWidth; w++) { *U = BackUp; for (size_t d = 0; d < TBMDepth; d++) { TotalNumberOfExecutedTraceBasedMutations++; ApplyTraceBasedMutation(USF.GetRand()(NumTraceBasedMutations), U); RunOneAndUpdateCorpus(*U); } } } }
void Fuzzer::MutateAndTestOne(Unit *U) { for (int i = 0; i < Options.MutateDepth; i++) { StartTraceRecording(); Mutate(U, Options.MaxLen); RunOneAndUpdateCorpus(*U); size_t NumTraceBasedMutations = StopTraceRecording(); for (size_t j = 0; j < NumTraceBasedMutations; j++) { ApplyTraceBasedMutation(j, U); RunOneAndUpdateCorpus(*U); } } }
void Fuzzer::MutateAndTestOne(Unit *U) { for (int i = 0; i < Options.MutateDepth; i++) { StartTraceRecording(); size_t Size = U->size(); U->resize(Options.MaxLen); size_t NewSize = USF.Mutate(U->data(), Size, U->size()); assert(NewSize > 0 && "Mutator returned empty unit"); assert(NewSize <= (size_t)Options.MaxLen && "Mutator return overisized unit"); U->resize(NewSize); RunOneAndUpdateCorpus(*U); size_t NumTraceBasedMutations = StopTraceRecording(); for (size_t j = 0; j < NumTraceBasedMutations; j++) { ApplyTraceBasedMutation(j, U); RunOneAndUpdateCorpus(*U); } } }
void Fuzzer::MutateAndTestOne() { auto &U = CurrentUnit; USF.StartMutationSequence(); U = ChooseUnitToMutate(); for (int i = 0; i < Options.MutateDepth; i++) { size_t Size = U.size(); U.resize(Options.MaxLen); size_t NewSize = USF.Mutate(U.data(), Size, U.size()); assert(NewSize > 0 && "Mutator returned empty unit"); assert(NewSize <= (size_t)Options.MaxLen && "Mutator return overisized unit"); U.resize(NewSize); if (i == 0) StartTraceRecording(); RunOneAndUpdateCorpus(U); StopTraceRecording(); } }