size_t Fuzzer::MutateAndTestOne(Unit *U) {
size_t NewUnits = 0;
for (size_t i = 0; i < Options.MutateDepth; i++) {
Mutate(U, Options.MaxLen);
if (U->empty()) continue;
size_t NewCoverage = RunOne(*U);
if (NewCoverage) {
Corpus.push_back(*U);
NewUnits++;
if (Options.Verbosity) {
std::cerr << "#" << TotalNumberOfRuns
<< "\tNEW: " << NewCoverage
<< " L: " << U->size()
<< "\t";
if (U->size() < 30) {
PrintASCII(*U);
std::cerr << "\t";
Print(*U);
}
std::cerr << "\n";
}
WriteToOutputCorpus(*U);
if (Options.ExitOnFirst)
exit(0);
}
}
return NewUnits;
}
void Fuzzer::AlarmCallback() {
assert(Options.UnitTimeoutSec > 0);
if (!CurrentUnitSize)
return; // We have not started running units yet.
size_t Seconds =
duration_cast<seconds>(system_clock::now() - UnitStartTime).count();
if (Seconds == 0)
return;
if (Options.Verbosity >= 2)
Printf("AlarmCallback %zd\n", Seconds);
if (Seconds >= (size_t)Options.UnitTimeoutSec) {
Printf("ALARM: working on the last Unit for %zd seconds\n", Seconds);
Printf(" and the timeout value is %d (use -timeout=N to change)\n",
Options.UnitTimeoutSec);
if (CurrentUnitSize <= kMaxUnitSizeToPrint) {
PrintHexArray(CurrentUnitData, CurrentUnitSize, "\n");
PrintASCII(CurrentUnitData, CurrentUnitSize, "\n");
}
WriteUnitToFileWithPrefix(
{CurrentUnitData, CurrentUnitData + CurrentUnitSize}, "timeout-");
Printf("==%d== ERROR: libFuzzer: timeout after %d seconds\n", GetPid(),
Seconds);
if (__sanitizer_print_stack_trace)
__sanitizer_print_stack_trace();
Printf("SUMMARY: libFuzzer: timeout\n");
if (Options.AbortOnTimeout)
abort();
exit(Options.TimeoutExitCode);
}
}
void Fuzzer::DumpCurrentUnit(const char *Prefix) {
if (CurrentUnitSize <= kMaxUnitSizeToPrint) {
PrintHexArray(CurrentUnitData, CurrentUnitSize, "\n");
PrintASCII(CurrentUnitData, CurrentUnitSize, "\n");
}
WriteUnitToFileWithPrefix(
{CurrentUnitData, CurrentUnitData + CurrentUnitSize}, Prefix);
}
void Fuzzer::PrintUnitInASCIIOrTokens(const Unit &U, const char *PrintAfter) {
if (Options.Tokens.empty()) {
PrintASCII(U, PrintAfter);
} else {
auto T = SubstituteTokens(U);
T.push_back(0);
Printf("%s%s", T.data(), PrintAfter);
}
}
void Fuzzer::DeathCallback() {
if (!CurrentUnitSize) return;
Printf("DEATH:\n");
if (CurrentUnitSize <= kMaxUnitSizeToPrint) {
PrintHexArray(CurrentUnitData, CurrentUnitSize, "\n");
PrintASCII(CurrentUnitData, CurrentUnitSize, "\n");
}
WriteUnitToFileWithPrefix(
{CurrentUnitData, CurrentUnitData + CurrentUnitSize}, "crash-");
}
void Fuzzer::AlarmCallback() {
size_t Seconds =
duration_cast<seconds>(system_clock::now() - UnitStartTime).count();
std::cerr << "ALARM: working on the last Unit for " << Seconds << " seconds"
<< std::endl;
if (Seconds >= 3) {
Print(CurrentUnit, "\n");
PrintASCII(CurrentUnit, "\n");
WriteToCrash(CurrentUnit, "timeout-");
}
exit(1);
}
void MutationDispatcher::PrintMutationSequence() {
Printf("MS: %zd ", CurrentMutatorSequence.size());
for (auto M : CurrentMutatorSequence)
Printf("%s-", M.Name);
if (!CurrentDictionaryEntrySequence.empty()) {
Printf(" DE: ");
for (auto DE : CurrentDictionaryEntrySequence) {
Printf("\"");
PrintASCII(DE->GetW(), "\"-");
}
}
}
void MutationDispatcher::PrintMutationSequence() {
Printf("MS: %zd ", MDImpl->CurrentMutatorSequence.size());
for (auto M : MDImpl->CurrentMutatorSequence)
Printf("%s-", M.Name);
if (!MDImpl->CurrentDictionaryEntrySequence.empty()) {
Printf(" DE: ");
for (auto &DE : MDImpl->CurrentDictionaryEntrySequence) {
Printf("\"");
PrintASCII(DE.W, "\"-");
}
}
}
void MutationDispatcher::PrintRecommendedDictionary() {
std::vector<Word> V;
for (auto &DE : MDImpl->PersistentAutoDictionary)
if (!MDImpl->ManualDictionary.ContainsWord(DE.W))
V.push_back(DE.W);
if (V.empty()) return;
Printf("###### Recommended dictionary. ######\n");
for (auto &U: V) {
Printf("\"");
PrintASCII(U, "\"\n");
}
Printf("###### End of recommended dictionary. ######\n");
}
void MutationDispatcher::PrintRecommendedDictionary() {
std::vector<DictionaryEntry> V;
for (auto &DE : PersistentAutoDictionary)
if (!ManualDictionary.ContainsWord(DE.GetW()))
V.push_back(DE);
if (V.empty()) return;
Printf("###### Recommended dictionary. ######\n");
for (auto &DE: V) {
Printf("\"");
PrintASCII(DE.GetW(), "\"");
Printf(" # Uses: %zd\n", DE.GetUseCount());
}
Printf("###### End of recommended dictionary. ######\n");
}
void Fuzzer::PrintUnitInASCII(const Unit &U, const char *PrintAfter) {
PrintASCII(U, PrintAfter);
}
void PrintASCII(const Unit &U, const char *PrintAfter) {
PrintASCII(U.data(), U.size(), PrintAfter);
}
void PrintASCII(const Word &W, const char *PrintAfter) {
PrintASCII(W.data(), W.size(), PrintAfter);
}
void Fuzzer::DeathCallback() {
std::cerr << "DEATH: " << std::endl;
Print(CurrentUnit, "\n");
PrintASCII(CurrentUnit, "\n");
WriteToCrash(CurrentUnit, "crash-");
}
