| OLD | NEW |
|---|
| (Empty) | |
| 1 //===- NaClFuzz.h - Fuzz PNaCl bitcode records ------------------*- C++ -*-===// |
| 2 // |
| 3 // The LLVM Compiler Infrastructure |
| 4 // |
| 5 // This file is distributed under the University of Illinois Open Source |
| 6 // License. See LICENSE.TXT for details. |
| 7 // |
| 8 //===----------------------------------------------------------------------===// |
| 9 // |
| 10 // This file defines a basic fuzzer for a list of PNaCl bitcode records. |
| 11 // |
| 12 // *** WARNING *** The implementation of the fuzzer uses a random |
| 13 // number generator. As a result, this code is not thread safe. |
| 14 // |
| 15 //===----------------------------------------------------------------------===// |
| 16 |
| 17 #ifndef LLVM_BITCODE_NACL_NACLFUZZ_H |
| 18 #define LLVM_BITCODE_NACL_NACLFUZZ_H |
| 19 |
| 20 #include "llvm/Bitcode/NaCl/NaClBitcodeMungeUtils.h" |
| 21 #include "llvm/Bitcode/NaCl/NaClRandNumGen.h" |
| 22 |
| 23 namespace naclfuzz { |
| 24 |
| 25 using namespace llvm; |
| 26 |
| 27 /// \brief Fuzzes a list of editable bitcode records. |
| 28 class RecordFuzzer { |
| 29 RecordFuzzer(const RecordFuzzer&) = delete; |
| 30 void operator=(const RecordFuzzer&) = delete; |
| 31 public: |
| 32 typedef NaClMungedBitcode::iterator iterator; |
| 33 |
| 34 /// \brief The set of possible fuzzing actions. |
| 35 enum EditAction { |
| 36 /// \brief Inserts a new record into the list of bitcode records. |
| 37 InsertRecord, |
| 38 /// \brief Mutate contents of an existing bitcode record. |
| 39 MutateRecord, |
| 40 /// \brief Removes an existing record from the list of bitcode |
| 41 /// records. |
| 42 RemoveRecord, |
| 43 /// \brief Replaces an existing record with a new bitcode record. |
| 44 ReplaceRecord, |
| 45 /// \brief Swaps two records in the bitcode record list. |
| 46 SwapRecord |
| 47 }; |
| 48 |
| 49 virtual ~RecordFuzzer(); |
| 50 |
| 51 /// \brief Generates a random mutation of the bitcode, using the |
| 52 /// provided random number generator. Percentage (a value between 0 |
| 53 /// and 1 defined by Count/Base) is used to define the number of |
| 54 /// fuzzing actions applied to the bitcode. Returns true if fuzzing |
| 55 /// succeeded. |
| 56 /// |
| 57 /// May be called an arbitrary number of times. Results are left in |
| 58 /// the munged bitcode records passed into static method |
| 59 /// createSimpleRecordFuzzer. |
| 60 virtual bool fuzz(unsigned Count, unsigned Base=100) = 0; |
| 61 |
| 62 /// \brief Shows how many times each record was edited in the |
| 63 /// corresponding (input) bitcode, over all calls to fuzz. |
| 64 virtual void showRecordDistribution(raw_ostream &Out) const = 0; |
| 65 |
| 66 /// \brief Shows how many times each type of edit action was applied |
| 67 /// to the corresponding bitcode, over all calls to fuzz. |
| 68 virtual void showEditDistribution(raw_ostream &Out) const = 0; |
| 69 |
| 70 // Creates an instance of a fuzzer for the given bitcode. |
| 71 static RecordFuzzer |
| 72 *createSimpleRecordFuzzer(NaClMungedBitcode &Bitcode, |
| 73 RandomNumberGenerator &RandGenerator); |
| 74 |
| 75 /// Returns printable name for the edit action. |
| 76 static const char *actionName(EditAction Action); |
| 77 |
| 78 protected: |
| 79 RecordFuzzer(NaClMungedBitcode &Bitcode, RandomNumberGenerator &Generator); |
| 80 |
| 81 // Holds the bitcode being munged. |
| 82 NaClMungedBitcode &Bitcode; |
| 83 |
| 84 // Hold the random number generator. |
| 85 RandomNumberGenerator &Generator; |
| 86 |
| 87 // Erases the last fuzzing result from the munged bitcode records |
| 88 // in Bitcode. |
| 89 virtual void clear(); |
| 90 }; |
| 91 |
| 92 } // end of namespace naclfuzz |
| 93 |
| 94 #endif // LLVM_BITCODE_NACL_NACLFUZZ_H |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1156103003:
Initial implementation of a record-level bitcode fuzzer. (Closed)
Base URL: https://chromium.googlesource.com/native_client/pnacl-llvm.git@fuzz