Skip to content

Commit fcb7726

Browse files
xinhaoyuancopybara-github
xinhaoyuan
authored and
copybara-github
committed
Track mutant origins.
This is to enable input reduction (replacing corpus input with smaller mutants if the coverage matches) and corpus mutation stats for new scheduling methods. PiperOrigin-RevId: 821630139
1 parent 7636e7c commit fcb7726

47 files changed

Lines changed: 661 additions & 451 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

centipede/BUILD

Lines changed: 33 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -369,7 +369,7 @@ cc_library(
369369
deps = [
370370
":centipede_callbacks",
371371
":environment",
372-
":mutation_input",
372+
":mutation_data",
373373
":runner_result",
374374
":stop",
375375
":thread_pool",
@@ -442,6 +442,7 @@ cc_library(
442442
# used in centipede_runner.
443443
":feature",
444444
":execution_metadata",
445+
":mutation_data",
445446
":shared_memory_blob_sequence",
446447
"@com_google_fuzztest//common:defs",
447448
],
@@ -457,14 +458,15 @@ cc_library(
457458
# used in centipede_runner.
458459
":shared_memory_blob_sequence",
459460
":execution_metadata",
460-
":mutation_input",
461+
":mutation_data",
462+
"@abseil-cpp//absl/types:span",
461463
"@com_google_fuzztest//common:defs",
462464
],
463465
)
464466

465467
cc_library(
466-
name = "mutation_input",
467-
hdrs = ["mutation_input.h"],
468+
name = "mutation_data",
469+
hdrs = ["mutation_data.h"],
468470
copts = DISABLE_SANCOV_COPTS,
469471
deps = [
470472
# This target must have a minimal set of dependencies since it is
@@ -483,8 +485,9 @@ cc_library(
483485
deps = [
484486
":execution_metadata",
485487
":knobs",
486-
":mutation_input",
488+
":mutation_data",
487489
"@abseil-cpp//absl/base:nullability",
490+
"@abseil-cpp//absl/types:span",
488491
"@com_google_fuzztest//common:defs",
489492
],
490493
)
@@ -627,7 +630,7 @@ cc_library(
627630
":control_flow",
628631
":environment",
629632
":fuzztest_mutator",
630-
":mutation_input",
633+
":mutation_data",
631634
":runner_request",
632635
":runner_result",
633636
":shared_memory_blob_sequence",
@@ -641,6 +644,7 @@ cc_library(
641644
"@abseil-cpp//absl/strings",
642645
"@abseil-cpp//absl/synchronization",
643646
"@abseil-cpp//absl/time",
647+
"@abseil-cpp//absl/types:span",
644648
"@com_google_fuzztest//common:blob_file",
645649
"@com_google_fuzztest//common:defs",
646650
"@com_google_fuzztest//common:hash",
@@ -719,7 +723,7 @@ cc_library(
719723
":environment",
720724
":feature",
721725
":feature_set",
722-
":mutation_input",
726+
":mutation_data",
723727
":pc_info",
724728
":runner_result",
725729
":rusage_profiler",
@@ -737,6 +741,7 @@ cc_library(
737741
"@abseil-cpp//absl/strings:str_format",
738742
"@abseil-cpp//absl/synchronization",
739743
"@abseil-cpp//absl/time",
744+
"@abseil-cpp//absl/types:span",
740745
"@com_google_fuzztest//common:blob_file",
741746
"@com_google_fuzztest//common:defs",
742747
"@com_google_fuzztest//common:hash",
@@ -855,11 +860,12 @@ cc_library(
855860
deps = [
856861
":centipede_callbacks",
857862
":environment",
858-
":mutation_input",
863+
":mutation_data",
859864
":runner_result",
860865
":stop",
861866
"@abseil-cpp//absl/status",
862867
"@abseil-cpp//absl/status:statusor",
868+
"@abseil-cpp//absl/types:span",
863869
"@com_google_fuzztest//common:defs",
864870
"@com_google_fuzztest//common:logging",
865871
],
@@ -873,7 +879,7 @@ cc_library(
873879
":byte_array_mutator",
874880
":execution_metadata",
875881
":knobs",
876-
":mutation_input",
882+
":mutation_data",
877883
"@abseil-cpp//absl/random",
878884
"@abseil-cpp//absl/types:span",
879885
"@com_google_fuzztest//common:defs",
@@ -941,6 +947,7 @@ cc_library(
941947
name = "runner_cmp_trace",
942948
hdrs = ["runner_cmp_trace.h"],
943949
copts = DISABLE_SANCOV_COPTS,
950+
deps = ["@abseil-cpp//absl/base:core_headers"],
944951
)
945952

946953
# Library for manipulating centipede runner flags. This is not used by the
@@ -958,6 +965,7 @@ cc_library(
958965
hdrs = ["dispatcher.h"],
959966
deps = [
960967
":execution_metadata",
968+
":mutation_data",
961969
":runner_request",
962970
":runner_result",
963971
":shared_memory_blob_sequence",
@@ -1033,7 +1041,7 @@ RUNNER_DEPS = [
10331041
":foreach_nonzero",
10341042
":int_utils",
10351043
":knobs",
1036-
":mutation_input",
1044+
":mutation_data",
10371045
":rolling_hash",
10381046
":runner_cmp_trace",
10391047
":runner_fork_server",
@@ -1098,8 +1106,9 @@ cc_library(
10981106
linkstatic = True, # Must be linked statically even when dynamic_mode=on.
10991107
deps = [
11001108
":centipede_runner_no_main",
1101-
":mutation_input",
1109+
":mutation_data",
11021110
"@abseil-cpp//absl/base:nullability",
1111+
"@abseil-cpp//absl/types:span",
11031112
"@com_google_fuzztest//common:defs",
11041113
],
11051114
)
@@ -1237,9 +1246,10 @@ cc_library(
12371246
":corpus",
12381247
":environment",
12391248
":feature",
1240-
":mutation_input",
1249+
":mutation_data",
12411250
":runner_result",
12421251
":util",
1252+
"@abseil-cpp//absl/types:span",
12431253
"@com_google_fuzztest//common:defs",
12441254
"@com_google_fuzztest//common:logging",
12451255
],
@@ -1279,6 +1289,7 @@ cc_test(
12791289
":centipede_callbacks",
12801290
":environment",
12811291
":runner_result",
1292+
"@abseil-cpp//absl/types:span",
12821293
"@com_google_fuzztest//common:defs",
12831294
"@googletest//:gtest_main",
12841295
],
@@ -1456,6 +1467,7 @@ cc_test(
14561467
":util",
14571468
":workdir",
14581469
"@abseil-cpp//absl/base:nullability",
1470+
"@abseil-cpp//absl/types:span",
14591471
"@com_google_fuzztest//common:defs",
14601472
"@com_google_fuzztest//common:test_util",
14611473
"@googletest//:gtest_main",
@@ -1509,6 +1521,7 @@ cc_test(
15091521
deps = [
15101522
":execution_metadata",
15111523
":feature",
1524+
":mutation_data",
15121525
":runner_result",
15131526
":shared_memory_blob_sequence",
15141527
"@com_google_fuzztest//common:defs",
@@ -1518,10 +1531,10 @@ cc_test(
15181531
)
15191532

15201533
cc_test(
1521-
name = "mutation_input_test",
1522-
srcs = ["mutation_input_test.cc"],
1534+
name = "mutation_data_test",
1535+
srcs = ["mutation_data_test.cc"],
15231536
deps = [
1524-
":mutation_input",
1537+
":mutation_data",
15251538
"@com_google_fuzztest//common:defs",
15261539
"@googletest//:gtest_main",
15271540
],
@@ -1534,7 +1547,7 @@ cc_test(
15341547
":byte_array_mutator",
15351548
":execution_metadata",
15361549
":knobs",
1537-
":mutation_input",
1550+
":mutation_data",
15381551
":runner_cmp_trace",
15391552
"@abseil-cpp//absl/container:flat_hash_set",
15401553
"@com_google_fuzztest//common:defs",
@@ -1567,7 +1580,7 @@ cc_test(
15671580
":execution_metadata",
15681581
":fuzztest_mutator",
15691582
":knobs",
1570-
":mutation_input",
1583+
":mutation_data",
15711584
"@abseil-cpp//absl/container:flat_hash_set",
15721585
"@abseil-cpp//absl/strings",
15731586
"@com_google_fuzztest//common:defs",
@@ -1872,6 +1885,7 @@ cc_test(
18721885
"@abseil-cpp//absl/container:flat_hash_map",
18731886
"@abseil-cpp//absl/strings:str_format",
18741887
"@abseil-cpp//absl/time",
1888+
"@abseil-cpp//absl/types:span",
18751889
"@com_google_fuzztest//common:defs",
18761890
"@com_google_fuzztest//common:hash",
18771891
"@com_google_fuzztest//common:temp_dir",
@@ -1914,14 +1928,15 @@ cc_test(
19141928
":centipede_interface",
19151929
":environment",
19161930
":feature",
1917-
":mutation_input",
1931+
":mutation_data",
19181932
":runner_result",
19191933
":stop",
19201934
":util",
19211935
":workdir",
19221936
"@abseil-cpp//absl/container:flat_hash_set",
19231937
"@abseil-cpp//absl/strings",
19241938
"@abseil-cpp//absl/time",
1939+
"@abseil-cpp//absl/types:span",
19251940
"@com_google_fuzztest//common:defs",
19261941
"@com_google_fuzztest//common:hash",
19271942
"@com_google_fuzztest//common:logging",

centipede/byte_array_mutator.cc

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,10 @@
2222
#include <utility>
2323
#include <vector>
2424

25+
#include "absl/types/span.h"
2526
#include "./centipede/execution_metadata.h"
2627
#include "./centipede/knobs.h"
27-
#include "./centipede/mutation_input.h"
28+
#include "./centipede/mutation_data.h"
2829
#include "./common/defs.h"
2930

3031
namespace fuzztest::internal {
@@ -321,27 +322,29 @@ void ByteArrayMutator::CrossOver(ByteArray &data, const ByteArray &other) {
321322
// TODO(kcc): add tests with different values of knobs.
322323
const KnobId knob_mutate_or_crossover = Knobs::NewId("mutate_or_crossover");
323324

324-
std::vector<ByteArray> ByteArrayMutator::MutateMany(
325-
const std::vector<MutationInputRef> &inputs, size_t num_mutants) {
325+
std::vector<Mutant> ByteArrayMutator::MutateMany(
326+
absl::Span<const MutationInputRef> inputs, size_t num_mutants) {
326327
if (inputs.empty()) abort();
327328
// TODO(xinhaoyuan): Consider metadata in other inputs instead of always the
328329
// first one.
329330
SetMetadata(inputs[0].metadata != nullptr ? *inputs[0].metadata
330331
: ExecutionMetadata());
331332
size_t num_inputs = inputs.size();
332-
std::vector<ByteArray> mutants;
333+
std::vector<Mutant> mutants;
333334
mutants.reserve(num_mutants);
334335
for (size_t i = 0; i < num_mutants; ++i) {
335-
auto mutant = inputs[rng_() % num_inputs].data;
336-
if (mutant.size() <= max_len_ &&
336+
Mutant mutant;
337+
mutant.origin = rng_() % num_inputs;
338+
mutant.data = inputs[mutant.origin].data;
339+
if (mutant.data.size() <= max_len_ &&
337340
knobs_.GenerateBool(knob_mutate_or_crossover, rng_())) {
338341
// Do crossover only if the mutant is not over the max_len_.
339342
// Perform crossover with some other input. It may be the same input.
340343
const auto &other_input = inputs[rng_() % num_inputs].data;
341-
CrossOver(mutant, other_input);
344+
CrossOver(mutant.data, other_input);
342345
} else {
343346
// Perform mutation.
344-
Mutate(mutant);
347+
Mutate(mutant.data);
345348
}
346349
mutants.push_back(std::move(mutant));
347350
}

centipede/byte_array_mutator.h

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,17 +23,18 @@
2323
#include <vector>
2424

2525
#include "absl/base/nullability.h"
26+
#include "absl/types/span.h"
2627
#include "./centipede/execution_metadata.h"
2728
#include "./centipede/knobs.h"
28-
#include "./centipede/mutation_input.h"
29+
#include "./centipede/mutation_data.h"
2930
#include "./common/defs.h"
3031

3132
namespace fuzztest::internal {
3233

3334
// A simple class representing an array of up to kMaxEntrySize bytes.
3435
class DictEntry {
3536
public:
36-
static constexpr uint8_t kMaxEntrySize = 16;
37+
static constexpr uint8_t kMaxEntrySize = 128;
3738

3839
explicit DictEntry(ByteSpan bytes)
3940
: bytes_{}, // initialize bytes_ to all zeros
@@ -108,8 +109,8 @@ class ByteArrayMutator {
108109
}
109110

110111
// Takes non-empty `inputs` and produces `num_mutants` mutants.
111-
std::vector<ByteArray> MutateMany(const std::vector<MutationInputRef> &inputs,
112-
size_t num_mutants);
112+
std::vector<Mutant> MutateMany(absl::Span<const MutationInputRef> inputs,
113+
size_t num_mutants);
113114

114115
using CrossOverFn = void (ByteArrayMutator::*)(ByteArray &,
115116
const ByteArray &);

0 commit comments

Comments
 (0)