[libcxx] r316394 - More fuzzing interfaces

Marshall Clow via cfe-commits Mon, 23 Oct 2017 16:20:09 -0700

Author: marshall
Date: Mon Oct 23 16:19:30 2017
New Revision: 316394

URL: http://llvm.org/viewvc/llvm-project?rev=316394&view=rev
Log:
More fuzzing interfaces


Added:
    libcxx/trunk/fuzzing/RoutineNames.txt
Modified:
    libcxx/trunk/fuzzing/fuzzing.cpp
    libcxx/trunk/fuzzing/fuzzing.h

Added: libcxx/trunk/fuzzing/RoutineNames.txt
URL: 
http://llvm.org/viewvc/llvm-project/libcxx/trunk/fuzzing/RoutineNames.txt?rev=316394&view=auto
==============================================================================
--- libcxx/trunk/fuzzing/RoutineNames.txt (added)
+++ libcxx/trunk/fuzzing/RoutineNames.txt Mon Oct 23 16:19:30 2017
@@ -0,0 +1,16 @@
+sort
+stable_sort
+partition
+stable_partition
+nth_element
+partial_sort
+make_heap
+push_heap
+pop_heap
+regex_ECMAScript
+regex_POSIX
+regex_extended
+regex_awk
+regex_grep
+regex_egrep
+search

Modified: libcxx/trunk/fuzzing/fuzzing.cpp
URL: 
http://llvm.org/viewvc/llvm-project/libcxx/trunk/fuzzing/fuzzing.cpp?rev=316394&r1=316393&r2=316394&view=diff
==============================================================================
--- libcxx/trunk/fuzzing/fuzzing.cpp (original)
+++ libcxx/trunk/fuzzing/fuzzing.cpp Mon Oct 23 16:19:30 2017
@@ -26,9 +26,12 @@
 #include "fuzzing.h"
 #include <vector>
 #include <algorithm>
+#include <functional>
 #include <regex>
 
-//     If we had C++14, we could use the four iterator version of 
is_permutation
+#include <iostream>
+
+//     If we had C++14, we could use the four iterator version of 
is_permutation and equal
 
 namespace fuzzing {
 
@@ -273,4 +276,101 @@ int regex_egrep (const uint8_t *data, si
        return 0;
 }
 
+// --  heap fuzzers
+int make_heap (const uint8_t *data, size_t size)
+{
+       std::vector<uint8_t> working(data, data + size);
+       std::make_heap(working.begin(), working.end());
+
+       if (!std::is_heap(working.begin(), working.end())) return 1;
+       if (!std::is_permutation(data, data + size, working.begin())) return 99;
+       return 0;
+}
+
+int push_heap (const uint8_t *data, size_t size)
+{
+       if (size < 2) return 0;
+
+//     Make a heap from the first half of the data
+       std::vector<uint8_t> working(data, data + size);
+       auto iter = working.begin() + (size / 2);
+       std::make_heap(working.begin(), iter);
+       if (!std::is_heap(working.begin(), iter)) return 1;
+
+//     Now push the rest onto the heap, one at a time
+       ++iter;
+       for (; iter != working.end(); ++iter) {
+               std::push_heap(working.begin(), iter);
+               if (!std::is_heap(working.begin(), iter)) return 2;     
+               }
+
+       if (!std::is_permutation(data, data + size, working.begin())) return 99;
+       return 0;
+}
+
+int pop_heap (const uint8_t *data, size_t size)
+{
+       if (size < 2) return 0;
+       std::vector<uint8_t> working(data, data + size);
+       std::make_heap(working.begin(), working.end());
+
+//     Pop things off, one at a time
+       auto iter = --working.end();
+       while (iter != working.begin()) {
+               std::pop_heap(working.begin(), iter);
+               if (!std::is_heap(working.begin(), --iter)) return 2;   
+               }
+
+       return 0;
+}
+
+
+// --  search fuzzers
+int search (const uint8_t *data, size_t size)
+{
+       if (size < 2) return 0;
+       
+       const size_t pat_size = data[0] * (size - 1) / 
std::numeric_limits<uint8_t>::max();
+       assert(pat_size <= size - 1);
+       const uint8_t *pat_begin = data + 1;
+       const uint8_t *pat_end   = pat_begin + pat_size;
+       const uint8_t *data_end  = data + size;
+       assert(pat_end <= data_end);
+//     std::cerr << "data[0] = " << size_t(data[0]) << " ";
+//     std::cerr << "Pattern size = " << pat_size << "; corpus is " << size - 
1 << std::endl;
+       auto it = std::search(pat_end, data_end, pat_begin, pat_end);
+       if (it != data_end) // not found
+               if (!std::equal(pat_begin, pat_end, it))
+                       return 1;
+       return 0;
+}
+
+template <typename S>
+static int search_helper (const uint8_t *data, size_t size)
+{
+       if (size < 2) return 0;
+       
+       const size_t pat_size = data[0] * (size - 1) / 
std::numeric_limits<uint8_t>::max();
+       const uint8_t *pat_begin = data + 1;
+       const uint8_t *pat_end   = pat_begin + pat_size;
+       const uint8_t *data_end  = data + size;
+
+       auto it = std::search(pat_end, data_end, S(pat_begin, pat_end));
+       if (it != data_end) // not found
+               if (!std::equal(pat_begin, pat_end, it))
+                       return 1;
+       return 0;
+}
+
+//     These are still in std::experimental
+// int search_boyer_moore (const uint8_t *data, size_t size)
+// {
+//     return search_helper<std::boyer_moore_searcher<const uint8_t *>>(data, 
size);
+// }
+// 
+// int search_boyer_moore_horspool (const uint8_t *data, size_t size)
+// {
+//     return search_helper<std::boyer_moore_horspool_searcher<const uint8_t 
*>>(data, size);
+// }
+
 } // namespace fuzzing

Modified: libcxx/trunk/fuzzing/fuzzing.h
URL: 
http://llvm.org/viewvc/llvm-project/libcxx/trunk/fuzzing/fuzzing.h?rev=316394&r1=316393&r2=316394&view=diff
==============================================================================
--- libcxx/trunk/fuzzing/fuzzing.h (original)
+++ libcxx/trunk/fuzzing/fuzzing.h Mon Oct 23 16:19:30 2017
@@ -16,25 +16,34 @@
 
 namespace fuzzing {
 
-//     These all return 0 on success; != 0 on failure
-       int sort             (const uint8_t *data, size_t size);
-       int stable_sort      (const uint8_t *data, size_t size);
-       int partition        (const uint8_t *data, size_t size);
-       int stable_partition (const uint8_t *data, size_t size);
-
-//     partition and stable_partition take Bi-Di iterators.
-//     Should test those, too
-
-       int nth_element      (const uint8_t *data, size_t size);
-       int partial_sort     (const uint8_t *data, size_t size);
-
-//     Various flavors of regex
-       int regex_ECMAScript (const uint8_t *data, size_t size);
-       int regex_POSIX      (const uint8_t *data, size_t size);
-       int regex_extended   (const uint8_t *data, size_t size);
-       int regex_awk        (const uint8_t *data, size_t size);
-       int regex_grep       (const uint8_t *data, size_t size);
-       int regex_egrep      (const uint8_t *data, size_t size);
+//  These all return 0 on success; != 0 on failure
+    int sort             (const uint8_t *data, size_t size);
+    int stable_sort      (const uint8_t *data, size_t size);
+    int partition        (const uint8_t *data, size_t size);
+    int stable_partition (const uint8_t *data, size_t size);
+
+//  partition and stable_partition take Bi-Di iterators.
+//  Should test those, too
+    int nth_element      (const uint8_t *data, size_t size);
+    int partial_sort     (const uint8_t *data, size_t size);
+
+//  Heap operations
+    int make_heap        (const uint8_t *data, size_t size);
+    int push_heap        (const uint8_t *data, size_t size);
+    int pop_heap         (const uint8_t *data, size_t size);
+
+//  Various flavors of regex
+    int regex_ECMAScript (const uint8_t *data, size_t size);
+    int regex_POSIX      (const uint8_t *data, size_t size);
+    int regex_extended   (const uint8_t *data, size_t size);
+    int regex_awk        (const uint8_t *data, size_t size);
+    int regex_grep       (const uint8_t *data, size_t size);
+    int regex_egrep      (const uint8_t *data, size_t size);
+
+//     Searching
+       int search                      (const uint8_t *data, size_t size);
+//     int search_boyer_moore          (const uint8_t *data, size_t size);
+//     int search_boyer_moore_horspool (const uint8_t *data, size_t size);
 
 } // namespace fuzzing
 


_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[libcxx] r316394 - More fuzzing interfaces

Reply via email to