/src/mozilla-central/tools/fuzzing/libfuzzer/FuzzerValueBitMap.h

Source (jump to first uncovered line)
//===- FuzzerValueBitMap.h - INTERNAL - Bit map -----------------*- C++ -* ===//
//
//                     The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
// ValueBitMap.
//===----------------------------------------------------------------------===//

#ifndef LLVM_FUZZER_VALUE_BIT_MAP_H
#define LLVM_FUZZER_VALUE_BIT_MAP_H

#include "FuzzerDefs.h"

namespace fuzzer {

// A bit map containing kMapSizeInWords bits.
struct ValueBitMap {
  static const size_t kMapSizeInBits = 1 << 16;
  static const size_t kMapPrimeMod = 65371;  // Largest Prime < kMapSizeInBits;
  static const size_t kBitsInWord = (sizeof(uintptr_t) * 8);
  static const size_t kMapSizeInWords = kMapSizeInBits / kBitsInWord;
 public:

  // Clears all bits.
  void Reset() { memset(Map, 0, sizeof(Map)); }

  // Computes a hash function of Value and sets the corresponding bit.
  // Returns true if the bit was changed from 0 to 1.
  ATTRIBUTE_NO_SANITIZE_ALL
  inline bool AddValue(uintptr_t Value) {
    uintptr_t Idx = Value % kMapSizeInBits;
    uintptr_t WordIdx = Idx / kBitsInWord;
    uintptr_t BitIdx = Idx % kBitsInWord;
    uintptr_t Old = Map[WordIdx];
    uintptr_t New = Old | (1UL << BitIdx);
    Map[WordIdx] = New;
    return New != Old;
  }

  ATTRIBUTE_NO_SANITIZE_ALL
  inline bool AddValueModPrime(uintptr_t Value) {
    return AddValue(Value % kMapPrimeMod);
  }

  inline bool Get(uintptr_t Idx) {
    assert(Idx < kMapSizeInBits);
    uintptr_t WordIdx = Idx / kBitsInWord;
    uintptr_t BitIdx = Idx % kBitsInWord;
    return Map[WordIdx] & (1UL << BitIdx);
  }

  size_t SizeInBits() const { return kMapSizeInBits; }

  template <class Callback>
  ATTRIBUTE_NO_SANITIZE_ALL
  void ForEach(Callback CB) const {
    for (size_t i = 0; i < kMapSizeInWords; i++)
      if (uintptr_t M = Map[i])
        for (size_t j = 0; j < sizeof(M) * 8; j++)
          if (M & ((uintptr_t)1 << j))
            CB(i * sizeof(M) * 8 + j);
  }

 private:
  uintptr_t Map[kMapSizeInWords] __attribute__((aligned(512)));
};

}  // namespace fuzzer

#endif  // LLVM_FUZZER_VALUE_BIT_MAP_H

Line	Count	Source (jump to first uncovered line)
1		//===- FuzzerValueBitMap.h - INTERNAL - Bit map ------------------ C++ - ===//
2		//
3		// The LLVM Compiler Infrastructure
4		//
5		// This file is distributed under the University of Illinois Open Source
6		// License. See LICENSE.TXT for details.
7		//
8		//===----------------------------------------------------------------------===//
9		// ValueBitMap.
10		//===----------------------------------------------------------------------===//
11
12		#ifndef LLVM_FUZZER_VALUE_BIT_MAP_H
13		#define LLVM_FUZZER_VALUE_BIT_MAP_H
14
15		#include "FuzzerDefs.h"
16
17		namespace fuzzer {
18
19		// A bit map containing kMapSizeInWords bits.
20		struct ValueBitMap {
21		static const size_t kMapSizeInBits = 1 << 16;
22		static const size_t kMapPrimeMod = 65371; // Largest Prime < kMapSizeInBits;
23		static const size_t kBitsInWord = (sizeof(uintptr_t) * 8);
24		static const size_t kMapSizeInWords = kMapSizeInBits / kBitsInWord;
25		public:
26
27		// Clears all bits.
28	16.2k	void Reset() { memset(Map, 0, sizeof(Map)); }
29
30		// Computes a hash function of Value and sets the corresponding bit.
31		// Returns true if the bit was changed from 0 to 1.
32		ATTRIBUTE_NO_SANITIZE_ALL
33	18.7G	inline bool AddValue(uintptr_t Value) {
34	18.7G	uintptr_t Idx = Value % kMapSizeInBits;
35	18.7G	uintptr_t WordIdx = Idx / kBitsInWord;
36	18.7G	uintptr_t BitIdx = Idx % kBitsInWord;
37	18.7G	uintptr_t Old = Map[WordIdx];
38	18.7G	uintptr_t New = Old \| (1UL << BitIdx);
39	18.7G	Map[WordIdx] = New;
40	18.7G	return New != Old;
41	18.7G	}
42
43		ATTRIBUTE_NO_SANITIZE_ALL
44	265M	inline bool AddValueModPrime(uintptr_t Value) {
45	265M	return AddValue(Value % kMapPrimeMod);
46	265M	}
47
48	0	inline bool Get(uintptr_t Idx) {
49	0	assert(Idx < kMapSizeInBits);
50	0	uintptr_t WordIdx = Idx / kBitsInWord;
51	0	uintptr_t BitIdx = Idx % kBitsInWord;
52	0	return Map[WordIdx] & (1UL << BitIdx);
53	0	}
54
55	0	size_t SizeInBits() const { return kMapSizeInBits; }
56
57		template <class Callback>
58		ATTRIBUTE_NO_SANITIZE_ALL
59	0	void ForEach(Callback CB) const {
60	0	for (size_t i = 0; i < kMapSizeInWords; i++)
61	0	if (uintptr_t M = Map[i])
62	0	for (size_t j = 0; j < sizeof(M) * 8; j++)
63	0	if (M & ((uintptr_t)1 << j))
64	0	CB(i * sizeof(M) * 8 + j);
65	0	} Unexecuted instantiation: FuzzerDriver.cpp:void fuzzer::ValueBitMap::ForEach<void fuzzer::TracePC::CollectFeatures<fuzzer::AnalyzeDictionary(fuzzer::Fuzzer, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > > const&, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > >&)::$_0>(fuzzer::AnalyzeDictionary(fuzzer::Fuzzer, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > > const&, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > >&)::$_0) const::{lambda(unsigned long)#1}>(void fuzzer::TracePC::CollectFeatures<fuzzer::AnalyzeDictionary(fuzzer::Fuzzer, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > > const&, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > >&)::$_0>(fuzzer::AnalyzeDictionary(fuzzer::Fuzzer, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > > const&, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > >&)::$_0) const::{lambda(unsigned long)#1}) const Unexecuted instantiation: FuzzerDriver.cpp:void fuzzer::ValueBitMap::ForEach<void fuzzer::TracePC::CollectFeatures<fuzzer::AnalyzeDictionary(fuzzer::Fuzzer, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > > const&, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > >&)::$_1>(fuzzer::AnalyzeDictionary(fuzzer::Fuzzer, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > > const&, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > >&)::$_1) const::{lambda(unsigned long)#1}>(void fuzzer::TracePC::CollectFeatures<fuzzer::AnalyzeDictionary(fuzzer::Fuzzer, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > > const&, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > >&)::$_1>(fuzzer::AnalyzeDictionary(fuzzer::Fuzzer, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > > const&, std::__1::vector<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> >, fuzzer::fuzzer_allocator<std::__1::vector<unsigned char, fuzzer::fuzzer_allocator<unsigned char> > > >&)::$_1) const::{lambda(unsigned long)#1}) const Unexecuted instantiation: FuzzerLoop.cpp:void fuzzer::ValueBitMap::ForEach<void fuzzer::TracePC::CollectFeatures<fuzzer::Fuzzer::RunOne(unsigned char const, unsigned long, bool, fuzzer::InputInfo, bool)::$_2>(fuzzer::Fuzzer::RunOne(unsigned char const, unsigned long, bool, fuzzer::InputInfo, bool)::$_2) const::{lambda(unsigned long)#1}>(void fuzzer::TracePC::CollectFeatures<fuzzer::Fuzzer::RunOne(unsigned char const, unsigned long, bool, fuzzer::InputInfo, bool)::$_2>(fuzzer::Fuzzer::RunOne(unsigned char const, unsigned long, bool, fuzzer::InputInfo, bool)::$_2) const::{lambda(unsigned long)#1}) const Unexecuted instantiation: FuzzerLoop.cpp:void fuzzer::ValueBitMap::ForEach<void fuzzer::TracePC::CollectFeatures<fuzzer::Fuzzer::RunOne(unsigned char const, unsigned long, bool, fuzzer::InputInfo, bool)::$_3>(fuzzer::Fuzzer::RunOne(unsigned char const, unsigned long, bool, fuzzer::InputInfo, bool)::$_3) const::{lambda(unsigned long)#1}>(void fuzzer::TracePC::CollectFeatures<fuzzer::Fuzzer::RunOne(unsigned char const, unsigned long, bool, fuzzer::InputInfo, bool)::$_3>(fuzzer::Fuzzer::RunOne(unsigned char const, unsigned long, bool, fuzzer::InputInfo, bool)::$_3) const::{lambda(unsigned long)#1}) const Unexecuted instantiation: FuzzerMerge.cpp:void fuzzer::ValueBitMap::ForEach<void fuzzer::TracePC::CollectFeatures<fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_1>(fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_1) const::{lambda(unsigned long)#1}>(void fuzzer::TracePC::CollectFeatures<fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_1>(fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)::$_1) const::{lambda(unsigned long)#1}) const
66
67		private:
68		uintptr_t Map[kMapSizeInWords] __attribute__((aligned(512)));
69		};
70
71		} // namespace fuzzer
72
73		#endif // LLVM_FUZZER_VALUE_BIT_MAP_H

Coverage Report

Created: 2018-09-25 14:53