Lines Matching refs:Fuzzer
1 //===- FuzzerTraceState.cpp - Trace-based fuzzer mutator ------------------===//
24 // The fuzzer can work only with the traces, or with both traces and DFSan.
38 // * lib/Fuzzer/Fuzzer*.cpp is compiled w/o any instrumentation.
43 // * At the Fuzzer startup we assign a unique DFSan label
44 // to every byte of the input string (Fuzzer::CurrentUnit) so that for any
49 // * Fuzzer::ApplyTraceBasedMutation() tries to use the data recorded
53 // Instead of using ifdefs and thus requiring a separate build of lib/Fuzzer
66 cd $LLVM/lib/Fuzzer/
67 clang -fPIC -c -g -O2 -std=c++11 Fuzzer*.cpp
70 test/SimpleCmpTest.cpp Fuzzer*.o
96 namespace fuzzer {
175 TraceState(const Fuzzer::FuzzingOptions &Options, const Unit &CurrentUnit)
203 void ApplyTraceBasedMutation(size_t Idx, fuzzer::Unit *U);
214 const Fuzzer::FuzzingOptions &Options;
228 void TraceState::ApplyTraceBasedMutation(size_t Idx, fuzzer::Unit *U) {
350 void Fuzzer::StartTraceRecording() {
358 size_t Fuzzer::StopTraceRecording() {
363 void Fuzzer::ApplyTraceBasedMutation(size_t Idx, Unit *U) {
368 void Fuzzer::InitializeTraceState() {
390 } // namespace fuzzer
392 using fuzzer::TS;
424 TS->DFSanCmpCallback(PC, n, fuzzer::ICMP_EQ, S1, S2, L1, L2);
433 n = std::min(n, fuzzer::InternalStrnlen(s1, n));
434 n = std::min(n, fuzzer::InternalStrnlen(s2, n));
440 TS->DFSanCmpCallback(PC, n, fuzzer::ICMP_EQ, S1, S2, L1, L2);
457 TS->DFSanCmpCallback(PC, N, fuzzer::ICMP_EQ, S1, S2, L1, L2);
468 TS->TraceCmpCallback(PC, n, fuzzer::ICMP_EQ, S1, S2);
476 size_t Len1 = fuzzer::InternalStrnlen(s1, n);
477 size_t Len2 = fuzzer::InternalStrnlen(s2, n);
484 TS->TraceCmpCallback(PC, n, fuzzer::ICMP_EQ, S1, S2);
499 TS->TraceCmpCallback(PC, N, fuzzer::ICMP_EQ, S1, S2);
