void Fuzzer::PrepareCoverageBeforeRun() { if (Options.UseCounters) { size_t NumCounters = __sanitizer_get_number_of_counters(); CounterBitmap.resize(NumCounters); __sanitizer_update_counter_bitset_and_clear_counters(0); } RecordBlockCoverage(); RecordCallerCalleeCoverage(); }
bool Fuzzer::CheckCoverageAfterRun() { size_t OldCoverage = LastRecordedBlockCoverage; size_t NewCoverage = RecordBlockCoverage(); size_t OldCallerCalleeCoverage = LastRecordedCallerCalleeCoverage; size_t NewCallerCalleeCoverage = RecordCallerCalleeCoverage(); size_t NumNewBits = 0; if (Options.UseCounters) NumNewBits = __sanitizer_update_counter_bitset_and_clear_counters( CounterBitmap.data()); return NewCoverage > OldCoverage || NewCallerCalleeCoverage > OldCallerCalleeCoverage || NumNewBits; }
size_t Fuzzer::RunOneMaximizeTotalCoverage(const Unit &U) { size_t NumCounters = __sanitizer_get_number_of_counters(); if (Options.UseCounters) { CounterBitmap.resize(NumCounters); __sanitizer_update_counter_bitset_and_clear_counters(0); } size_t OldCoverage = __sanitizer_get_total_unique_coverage(); ExecuteCallback(U); size_t NewCoverage = __sanitizer_get_total_unique_coverage(); size_t NumNewBits = 0; if (Options.UseCounters) NumNewBits = __sanitizer_update_counter_bitset_and_clear_counters( CounterBitmap.data()); if (!(TotalNumberOfRuns & (TotalNumberOfRuns - 1)) && Options.Verbosity) PrintStats("pulse ", NewCoverage); if (NewCoverage > OldCoverage || NumNewBits) return NewCoverage; return 0; }
// Records data to a maximum coverage tracker. Returns true if additional // coverage was discovered. static bool RecordMax(const Fuzzer::FuzzingOptions &Options, Fuzzer::Coverage *C) { bool Res = false; uint64_t NewBlockCoverage = __sanitizer_get_total_unique_coverage(); if (NewBlockCoverage > C->BlockCoverage) { Res = true; C->BlockCoverage = NewBlockCoverage; } if (Options.UseIndirCalls && __sanitizer_get_total_unique_caller_callee_pairs) { uint64_t NewCallerCalleeCoverage = __sanitizer_get_total_unique_caller_callee_pairs(); if (NewCallerCalleeCoverage > C->CallerCalleeCoverage) { Res = true; C->CallerCalleeCoverage = NewCallerCalleeCoverage; } } if (Options.UseCounters) { uint64_t CounterDelta = __sanitizer_update_counter_bitset_and_clear_counters( C->CounterBitmap.data()); if (CounterDelta > 0) { Res = true; C->CounterBitmapBits += CounterDelta; } } uint64_t NewPcMapBits = PcMapMergeInto(&C->PCMap); if (NewPcMapBits > C->PcMapBits) { Res = true; C->PcMapBits = NewPcMapBits; } uintptr_t *CoverageBuf; uint64_t NewPcBufferLen = __sanitizer_get_coverage_pc_buffer(&CoverageBuf); if (NewPcBufferLen > C->PcBufferLen) { Res = true; C->PcBufferLen = NewPcBufferLen; } return Res; }
bool Fuzzer::CheckCoverageAfterRun() { size_t OldCoverage = LastRecordedBlockCoverage; size_t NewCoverage = RecordBlockCoverage(); size_t OldCallerCalleeCoverage = LastRecordedCallerCalleeCoverage; size_t NewCallerCalleeCoverage = RecordCallerCalleeCoverage(); size_t NumNewBits = 0; size_t OldPcMapSize = LastRecordedPcMapSize; PcMapMergeCurrentToCombined(); size_t NewPcMapSize = PcMapCombinedSize(); LastRecordedPcMapSize = NewPcMapSize; if (NewPcMapSize > OldPcMapSize) return true; if (Options.UseCounters) NumNewBits = __sanitizer_update_counter_bitset_and_clear_counters( CounterBitmap.data()); return NewCoverage > OldCoverage || NewCallerCalleeCoverage > OldCallerCalleeCoverage || NumNewBits; }
static void ResetCounters(const Fuzzer::FuzzingOptions &Options) { if (Options.UseCounters) { __sanitizer_update_counter_bitset_and_clear_counters(0); } }