LLVM: include/llvm/FuzzMutate/IRMutator.h Source File (original) (raw)

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18#ifndef LLVM_FUZZMUTATE_IRMUTATOR_H

19#define LLVM_FUZZMUTATE_IRMUTATOR_H

20

24#include

25

26namespace llvm {

31

33

34

35

37public:

39

40

41

42

43

44

45

48

49

50

51

58

59};

60

62

63

65 std::vector AllowedTypes;

66 std::vector<std::unique_ptr> Strategies;

67

68public:

69 IRMutator(std::vector &&AllowedTypes,

70 std::vector<std::unique_ptr> &&Strategies)

71 : AllowedTypes(std::move(AllowedTypes)),

72 Strategies(std::move(Strategies)) {}

73

74

75

76

77

78

80

81

82

83

84

85

87};

88

89

91 std::vectorfuzzerop::OpDescriptor Operations;

92

93 std::optionalfuzzerop::OpDescriptor chooseOperation(Value *Src,

95

96public:

99 : Operations(std::move(Operations)) {}

100 static std::vectorfuzzerop::OpDescriptor getDefaultOps();

101

103 uint64_t CurrentWeight) override {

104 return Operations.size();

105 }

106

110};

111

112

114public:

116 uint64_t CurrentWeight) override;

117

121};

122

123

125public:

127 uint64_t CurrentWeight) override {

128 return 4;

129 }

130

133};

134

135

136

137

139public:

141 uint64_t CurrentWeight) override {

142 return 10;

143 }

144

147};

148

149

151private:

153 enum CFGToSink { Return, DirectSink, SinkOrSelfLoop, EndOfCFGToLink };

154

155public:

158 uint64_t CurrentWeight) override {

159 return 5;

160 }

161

163

164private:

167};

168

169

171public:

173 uint64_t CurrentWeight) override {

174 return 2;

175 }

176

178};

179

180

181

183public:

185 uint64_t CurrentWeight) override {

186 return 2;

187 }

188

191};

192

193

194

196public:

198 uint64_t CurrentWeight) override {

199 return 2;

200 }

201

203};

204

205

206

207

208

209

211 LLVMContext &Context);

212

213

214

215

216

217

218

219

221

222

223

224

225LLVM_ABI std::unique_ptr

227

228}

229

230#endif

Machine Check Debug Module

static ManagedStatic< cl::opt< uint64_t >, CreateSeed > Seed

ArrayRef - Represent a constant reference to an array (0 or more elements consecutively in memory),...

LLVM Basic Block Representation.

Base class for describing how to mutate a module.

Definition IRMutator.h:36

virtual void mutate(Instruction &I, RandomIRBuilder &IB)

Definition IRMutator.h:55

virtual uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight)=0

Provide a weight to bias towards choosing this strategy for a mutation.

virtual ~IRMutationStrategy()=default

virtual void mutate(Module &M, RandomIRBuilder &IB)

IRMutator(std::vector< TypeGetter > &&AllowedTypes, std::vector< std::unique_ptr< IRMutationStrategy > > &&Strategies)

Definition IRMutator.h:69

LLVM_ABI void mutateModule(Module &M, int Seed, size_t MaxSize)

Mutate given module.

static LLVM_ABI size_t getModuleSize(const Module &M)

Calculate the size of module as the number of objects in it, i.e.

static std::vector< fuzzerop::OpDescriptor > getDefaultOps()

uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override

Provide a weight to bias towards choosing this strategy for a mutation.

Definition IRMutator.h:102

InjectorIRStrategy(std::vector< fuzzerop::OpDescriptor > &&Operations)

Definition IRMutator.h:98

InjectorIRStrategy()

Definition IRMutator.h:97

uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override

Provide a weight to bias towards choosing this strategy for a mutation.

Definition IRMutator.h:157

InsertCFGStrategy(uint64_t MNC=8)

Definition IRMutator.h:156

Strategy that generates new function calls and inserts function signatures to the modules.

Definition IRMutator.h:138

uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override

Provide a weight to bias towards choosing this strategy for a mutation.

Definition IRMutator.h:140

Strategy to insert PHI Nodes at the head of each basic block.

Definition IRMutator.h:170

uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override

Provide a weight to bias towards choosing this strategy for a mutation.

Definition IRMutator.h:172

Strategy that deletes instructions when the Module is too large.

Definition IRMutator.h:113

uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override

Provide a weight to bias towards choosing this strategy for a mutation.

void mutate(Function &F, RandomIRBuilder &IB) override

Strategy that modifies instruction attributes and operands.

Definition IRMutator.h:124

uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override

Provide a weight to bias towards choosing this strategy for a mutation.

Definition IRMutator.h:126

This is an important class for using LLVM in a threaded context.

A Module instance is used to store all the information related to an LLVM module.

Strategy to randomly select a block and shuffle the operations without affecting data dependency.

Definition IRMutator.h:195

uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override

Provide a weight to bias towards choosing this strategy for a mutation.

Definition IRMutator.h:197

Strategy to select a random instruction and add a new sink (user) to it to increate data dependency.

Definition IRMutator.h:182

uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override

Provide a weight to bias towards choosing this strategy for a mutation.

Definition IRMutator.h:184

The instances of the Type class are immutable: once they are created, they are never changed.

LLVM Value Representation.

#define llvm_unreachable(msg)

Marks that the current location is not supposed to be reachable.

This is an optimization pass for GlobalISel generic memory operations.

LLVM_ABI std::unique_ptr< Module > parseAndVerify(const uint8_t *Data, size_t Size, LLVMContext &Context)

Try to parse module and verify it.

LLVM_ABI std::unique_ptr< Module > parseModule(const uint8_t *Data, size_t Size, LLVMContext &Context)

Fuzzer friendly interface for the llvm bitcode parser.

LLVM_ABI size_t writeModule(const Module &M, uint8_t *Dest, size_t MaxSize)

Fuzzer friendly interface for the llvm bitcode printer.

std::function< Type *(LLVMContext &)> TypeGetter

Definition IRMutator.h:61

FunctionAddr VTableAddr uintptr_t uintptr_t Data

OutputIt move(R &&Range, OutputIt Out)

Provide wrappers to std::move which take ranges instead of having to pass begin/end explicitly.

Implement std::hash so that hash_code can be used in STL containers.