Lines Matching +full:auto +full:- +full:string +full:- +full:detection
1 //===- FuzzerLoop.cpp - Fuzzer's main loop --------------------------------===//
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
7 //===----------------------------------------------------------------------===//
9 //===----------------------------------------------------------------------===//
48 // Leak detection is expensive, so we first check if there were more mallocs
52 this->TraceLevel = TraceLevel; in Start()
100 F->HandleMalloc(size); in MallocHook()
128 Printf("==%d== ERROR: libFuzzer: out-of-memory (malloc(%zd))\n", GetPid(), in HandleMalloc()
130 Printf(" To change the out-of-memory limit use -rss_limit_mb=<N>\n\n"); in HandleMalloc()
132 DumpCurrentUnit("oom-"); in HandleMalloc()
133 Printf("SUMMARY: libFuzzer: out-of-memory\n"); in HandleMalloc()
141 if (EF->__sanitizer_set_death_callback) in Fuzzer()
142 EF->__sanitizer_set_death_callback(StaticDeathCallback); in Fuzzer()
147 if (Options.DetectLeaks && EF->__sanitizer_install_malloc_and_free_hooks) in Fuzzer()
148 EF->__sanitizer_install_malloc_and_free_hooks(MallocHook, FreeHook); in Fuzzer()
171 F->DeathCallback(); in StaticDeathCallback()
191 DumpCurrentUnit("crash-"); in DeathCallback()
197 F->AlarmCallback(); in StaticAlarmCallback()
202 F->CrashCallback(); in StaticCrashSignalCallback()
207 F->ExitCallback(); in StaticExitCallback()
212 F->InterruptCallback(); in StaticInterruptCallback()
217 F->GracefulExitRequested = true; in StaticGracefulExitCallback()
227 if (EF->__sanitizer_acquire_crash_state && in CrashCallback()
228 !EF->__sanitizer_acquire_crash_state()) in CrashCallback()
236 DumpCurrentUnit("crash-"); in CrashCallback()
244 if (EF->__sanitizer_acquire_crash_state && in ExitCallback()
245 !EF->__sanitizer_acquire_crash_state()) in ExitCallback()
250 DumpCurrentUnit("crash-"); in ExitCallback()
256 if (!F->GracefulExitRequested) return; in MaybeExitGracefully()
259 F->PrintFinalStats(); in MaybeExitGracefully()
265 return F->Options.InterruptExitCode; in InterruptExitCode()
273 // Stop right now, don't perform any at-exit actions. in InterruptCallback()
289 duration_cast<seconds>(system_clock::now() - UnitStartTime).count(); in AlarmCallback()
295 if (EF->__sanitizer_acquire_crash_state && in AlarmCallback()
296 !EF->__sanitizer_acquire_crash_state()) in AlarmCallback()
299 Printf(" and the timeout value is %d (use -timeout=N to change)\n", in AlarmCallback()
301 DumpCurrentUnit("timeout-"); in AlarmCallback()
312 if (EF->__sanitizer_acquire_crash_state && in RssLimitCallback()
313 !EF->__sanitizer_acquire_crash_state()) in RssLimitCallback()
315 Printf("==%lu== ERROR: libFuzzer: out-of-memory (used: %zdMb; limit: %dMb)\n", in RssLimitCallback()
317 Printf(" To change the out-of-memory limit use -rss_limit_mb=<N>\n\n"); in RssLimitCallback()
319 DumpCurrentUnit("oom-"); in RssLimitCallback()
320 Printf("SUMMARY: libFuzzer: out-of-memory\n"); in RssLimitCallback()
376 assert(this->MaxInputLen == 0); // Can only reset MaxInputLen from 0 to non-0. in SetMaxInputLen()
378 this->MaxInputLen = MaxInputLen; in SetMaxInputLen()
379 this->MaxMutationLen = MaxInputLen; in SetMaxInputLen()
381 Printf("INFO: -max_len is not provided; " in SetMaxInputLen()
388 this->MaxMutationLen = MaxMutationLen; in SetMaxMutationLen()
393 static auto *PCsSet = new std::set<uintptr_t>; in CheckExitOnSrcPosOrItem()
394 auto HandlePC = [&](const TracePC::PCTableEntry *TE) { in CheckExitOnSrcPosOrItem()
395 if (!PCsSet->insert(TE->PC).second) in CheckExitOnSrcPosOrItem()
397 std::string Descr = DescribePC("%F %L", TE->PC + 1); in CheckExitOnSrcPosOrItem()
398 if (Descr.find(Options.ExitOnSrcPos) != std::string::npos) { in CheckExitOnSrcPosOrItem()
419 std::vector<std::string> AdditionalCorpusPaths; in RereadOutputCorpus()
429 auto &U = AdditionalCorpus[i]; in RereadOutputCorpus()
446 auto TimeOfUnit = in PrintPulseAndReportSlowInput()
447 duration_cast<seconds>(UnitStopTime - UnitStartTime).count(); in PrintPulseAndReportSlowInput()
448 if (!(TotalNumberOfRuns & (TotalNumberOfRuns - 1)) && in PrintPulseAndReportSlowInput()
451 auto Threshhold = in PrintPulseAndReportSlowInput()
456 WriteUnitToFileWithPrefix({Data, Data + Size}, "slow-unit-"); in PrintPulseAndReportSlowInput()
460 static void WriteFeatureSetToFile(const std::string &FeaturesDir, in WriteFeatureSetToFile()
461 const std::string &FileName, in WriteFeatureSetToFile()
469 static void RenameFeatureSetFile(const std::string &FeaturesDir, in RenameFeatureSetFile()
470 const std::string &OldFile, in RenameFeatureSetFile()
471 const std::string &NewFile) { in RenameFeatureSetFile()
477 static void WriteEdgeToMutationGraphFile(const std::string &MutationGraphFile, in WriteEdgeToMutationGraphFile()
480 const std::string &MS) { in WriteEdgeToMutationGraphFile()
484 std::string Sha1 = Sha1ToString(II->Sha1); in WriteEdgeToMutationGraphFile()
486 std::string OutputString; in WriteEdgeToMutationGraphFile()
495 std::string BaseSha1 = Sha1ToString(BaseII->Sha1); in WriteEdgeToMutationGraphFile()
498 OutputString.append("\" -> \""); in WriteEdgeToMutationGraphFile()
517 auto TimeOfUnit = duration_cast<microseconds>(UnitStopTime - UnitStartTime); in RunOne()
527 if (Options.ReduceInputs && II && !II->NeverReduce) in RunOne()
528 if (std::binary_search(II->UniqFeatureSet.begin(), in RunOne()
529 II->UniqFeatureSet.end(), Feature)) in RunOne()
535 size_t NumNewFeatures = Corpus.NumFeatureUpdates() - NumUpdatesBefore; in RunOne()
538 auto NewII = in RunOne()
542 WriteFeatureSetToFile(Options.FeaturesDir, Sha1ToString(NewII->Sha1), in RunOne()
543 NewII->UniqFeatureSet); in RunOne()
549 II->DataFlowTraceForFocusFunction.empty() && in RunOne()
550 FoundUniqFeaturesOfII == II->UniqFeatureSet.size() && in RunOne()
551 II->U.size() > Size) { in RunOne()
552 auto OldFeaturesFile = Sha1ToString(II->Sha1); in RunOne()
555 Sha1ToString(II->Sha1)); in RunOne()
573 Printf("SUMMARY: libFuzzer: overwrites-const-input\n"); in CrashOnOverwrittenData()
574 DumpCurrentUnit("crash-"); in CrashOnOverwrittenData()
586 !memcmp(A + Size - Limit / 2, B + Size - Limit / 2, Limit / 2); in LooseMemeq()
600 if (EF->__msan_unpoison) in ExecuteCallback()
601 EF->__msan_unpoison(DataCopy, Size); in ExecuteCallback()
602 if (EF->__msan_unpoison_param) in ExecuteCallback()
603 EF->__msan_unpoison_param(2); in ExecuteCallback()
617 assert(CBRes == 0 || CBRes == -1); in ExecuteCallback()
627 std::string Fuzzer::WriteToOutputCorpus(const Unit &U) { in WriteToOutputCorpus()
632 std::string Path = DirPlusFile(Options.OutputCorpus, Hash(U)); in WriteToOutputCorpus()
642 std::string Path = Options.ArtifactPrefix + Prefix + Hash(U); in WriteUnitToFileWithPrefix()
664 II->NumSuccessfullMutations++; in ReportNewCoverage()
666 PrintStatusForNewUnit(U, II->Reduced ? "REDUCE" : "NEW "); in ReportNewCoverage()
684 if (!&(EF->__lsan_enable) || !&(EF->__lsan_disable) || in TryDetectingAMemoryLeak()
685 !(EF->__lsan_do_recoverable_leak_check)) in TryDetectingAMemoryLeak()
689 EF->__lsan_disable(); in TryDetectingAMemoryLeak()
691 EF->__lsan_enable(); in TryDetectingAMemoryLeak()
696 Printf("INFO: libFuzzer disabled leak detection after every mutation.\n" in TryDetectingAMemoryLeak()
699 " You may try running this binary with -trace_malloc=[12]" in TryDetectingAMemoryLeak()
707 if (EF->__lsan_do_recoverable_leak_check()) { // Leak is found, report it. in TryDetectingAMemoryLeak()
710 Printf("INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.\n\n"); in TryDetectingAMemoryLeak()
712 DumpCurrentUnit("leak-"); in TryDetectingAMemoryLeak()
721 auto &II = Corpus.ChooseUnitToMutate(MD.GetRand()); in MutateAndTestOne()
723 auto &CrossOverII = Corpus.ChooseUnitToCrossOverWith( in MutateAndTestOne()
727 const auto &U = II.U; in MutateAndTestOne()
776 if (Options.PurgeAllocatorIntervalSec < 0 || !EF->__sanitizer_purge_allocator) in PurgeAllocator()
778 if (duration_cast<seconds>(system_clock::now() - in PurgeAllocator()
785 EF->__sanitizer_purge_allocator(); in PurgeAllocator()
794 size_t MinSize = -1; in ReadAndExecuteSeedCorpora()
796 for (auto &File : CorporaFiles) { in ReadAndExecuteSeedCorpora()
826 for (auto &SF : CorporaFiles) { in ReadAndExecuteSeedCorpora()
827 auto U = FileToVector(SF.File, MaxInputLen, /*ExitOnError=*/false); in ReadAndExecuteSeedCorpora()
854 // so we add one fake input to the in-memory corpus. in ReadAndExecuteSeedCorpora()
863 auto FocusFunctionOrAuto = Options.FocusFunction; in Loop()
877 auto Now = system_clock::now(); in Loop()
881 if (duration_cast<seconds>(Now - LastCorpusReload).count() >= in Loop()
894 TotalNumberOfRuns - LastCorpusUpdateRun > in Loop()
938 return fuzzer::F->GetMD().DefaultMutate(Data, Size, MaxSize); in LLVMFuzzerMutate()