| #! /usr/bin/env python |
| |
| # To use: |
| # 1) Update the 'decls' list below with your fuzzing configuration. |
| # 2) Run with the clang binary as the command-line argument. |
| |
| from __future__ import absolute_import, division, print_function |
| import random |
| import subprocess |
| import sys |
| import os |
| |
| clang = sys.argv[1] |
| none_opts = 0.3 |
| |
| class Decl(object): |
| def __init__(self, text, depends=[], provides=[], conflicts=[]): |
| self.text = text |
| self.depends = depends |
| self.provides = provides |
| self.conflicts = conflicts |
| |
| def valid(self, model): |
| for i in self.depends: |
| if i not in model.decls: |
| return False |
| for i in self.conflicts: |
| if i in model.decls: |
| return False |
| return True |
| |
| def apply(self, model, name): |
| for i in self.provides: |
| model.decls[i] = True |
| model.source += self.text % {'name': name} |
| |
| decls = [ |
| Decl('struct X { int n; };\n', provides=['X'], conflicts=['X']), |
| Decl('static_assert(X{.n=1}.n == 1, "");\n', depends=['X']), |
| Decl('X %(name)s;\n', depends=['X']), |
| ] |
| |
| class FS(object): |
| def __init__(self): |
| self.fs = {} |
| self.prevfs = {} |
| |
| def write(self, path, contents): |
| self.fs[path] = contents |
| |
| def done(self): |
| for f, s in self.fs.items(): |
| if self.prevfs.get(f) != s: |
| f = file(f, 'w') |
| f.write(s) |
| f.close() |
| |
| for f in self.prevfs: |
| if f not in self.fs: |
| os.remove(f) |
| |
| self.prevfs, self.fs = self.fs, {} |
| |
| fs = FS() |
| |
| class CodeModel(object): |
| def __init__(self): |
| self.source = '' |
| self.modules = {} |
| self.decls = {} |
| self.i = 0 |
| |
| def make_name(self): |
| self.i += 1 |
| return 'n' + str(self.i) |
| |
| def fails(self): |
| fs.write('module.modulemap', |
| ''.join('module %s { header "%s.h" export * }\n' % (m, m) |
| for m in self.modules.keys())) |
| |
| for m, (s, _) in self.modules.items(): |
| fs.write('%s.h' % m, s) |
| |
| fs.write('main.cc', self.source) |
| fs.done() |
| |
| return subprocess.call([clang, '-std=c++11', '-c', '-fmodules', 'main.cc', '-o', '/dev/null']) != 0 |
| |
| def generate(): |
| model = CodeModel() |
| m = [] |
| |
| try: |
| for d in mutations(model): |
| d(model) |
| m.append(d) |
| if not model.fails(): |
| return |
| except KeyboardInterrupt: |
| print() |
| return True |
| |
| sys.stdout.write('\nReducing:\n') |
| sys.stdout.flush() |
| |
| try: |
| while True: |
| assert m, 'got a failure with no steps; broken clang binary?' |
| i = random.choice(list(range(len(m)))) |
| x = m[0:i] + m[i+1:] |
| m2 = CodeModel() |
| for d in x: |
| d(m2) |
| if m2.fails(): |
| m = x |
| model = m2 |
| else: |
| sys.stdout.write('.') |
| sys.stdout.flush() |
| except KeyboardInterrupt: |
| # FIXME: Clean out output directory first. |
| model.fails() |
| return model |
| |
| def choose(options): |
| while True: |
| i = int(random.uniform(0, len(options) + none_opts)) |
| if i >= len(options): |
| break |
| yield options[i] |
| |
| def mutations(model): |
| options = [create_module, add_top_level_decl] |
| for opt in choose(options): |
| yield opt(model, options) |
| |
| def create_module(model, options): |
| n = model.make_name() |
| def go(model): |
| model.modules[n] = (model.source, model.decls) |
| (model.source, model.decls) = ('', {}) |
| options += [lambda model, options: add_import(model, options, n)] |
| return go |
| |
| def add_top_level_decl(model, options): |
| n = model.make_name() |
| d = random.choice([decl for decl in decls if decl.valid(model)]) |
| def go(model): |
| if not d.valid(model): |
| return |
| d.apply(model, n) |
| return go |
| |
| def add_import(model, options, module_name): |
| def go(model): |
| if module_name in model.modules: |
| model.source += '#include "%s.h"\n' % module_name |
| model.decls.update(model.modules[module_name][1]) |
| return go |
| |
| sys.stdout.write('Finding bug: ') |
| while True: |
| if generate(): |
| break |
| sys.stdout.write('.') |
| sys.stdout.flush() |