X-Git-Url: http://demsky.eecs.uci.edu/git/?a=blobdiff_plain;f=lib%2FFuzzer%2FFuzzerMutate.cpp;h=f537fa90fd8506f13bdcab44f70fffd3ec78058b;hb=00552e3875ee5f382db6c98286a241a7d0efe1b8;hp=2db8fac9bc69ff05adc734b68d4e5ee0fa02608b;hpb=c9baf3befbdbfd43da91d99929cebe4f2266b32d;p=oota-llvm.git diff --git a/lib/Fuzzer/FuzzerMutate.cpp b/lib/Fuzzer/FuzzerMutate.cpp index 2db8fac9bc6..f537fa90fd8 100644 --- a/lib/Fuzzer/FuzzerMutate.cpp +++ b/lib/Fuzzer/FuzzerMutate.cpp @@ -9,6 +9,8 @@ // Mutate a test input. //===----------------------------------------------------------------------===// +#include + #include "FuzzerInternal.h" namespace fuzzer { @@ -31,32 +33,39 @@ static char RandCh() { return Special[rand() % (sizeof(Special) - 1)]; } -void Mutate(Unit *U, size_t MaxLen) { - assert(MaxLen > 0); - assert(U->size() <= MaxLen); +// Mutates Data in place, returns new size. +size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) { + assert(MaxSize > 0); + assert(Size <= MaxSize); + if (Size == 0) { + for (size_t i = 0; i < MaxSize; i++) + Data[i] = RandCh(); + return MaxSize; + } + assert(Size > 0); + size_t Idx = rand() % Size; switch (rand() % 3) { case 0: - if (U->size()) - U->erase(U->begin() + rand() % U->size()); - break; + if (Size > 1) { + // Erase Data[Idx]. + memmove(Data + Idx, Data + Idx + 1, Size - Idx - 1); + Size = Size - 1; + } + [[clang::fallthrough]]; case 1: - if (U->empty()) { - U->push_back(RandCh()); - } else if (U->size() < MaxLen) { - U->insert(U->begin() + rand() % U->size(), RandCh()); - } else { // At MaxLen. - uint8_t Ch = RandCh(); - size_t Idx = rand() % U->size(); - (*U)[Idx] = Ch; + if (Size < MaxSize) { + // Insert new value at Data[Idx]. + memmove(Data + Idx + 1, Data + Idx, Size - Idx); + Data[Idx] = RandCh(); } + Data[Idx] = RandCh(); break; - default: - if (!U->empty()) { - size_t idx = rand() % U->size(); - (*U)[idx] = FlipRandomBit((*U)[idx]); - } + case 2: + Data[Idx] = FlipRandomBit(Data[Idx]); break; } + assert(Size > 0); + return Size; } } // namespace fuzzer