1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
//
// immer: immutable data structures for C++
// Copyright (C) 2016, 2017, 2018 Juan Pedro Bolivar Puente
//
// This software is distributed under the Boost Software License, Version 1.0.
// See accompanying file LICENSE or copy at http://boost.org/LICENSE_1_0.txt
//
#include "fuzzer_gc_guard.hpp"
#include "fuzzer_input.hpp"
#include <immer/array.hpp>
#include <immer/array_transient.hpp>
#include <immer/heap/gc_heap.hpp>
#include <immer/refcount/no_refcount_policy.hpp>
#include <array>
using gc_memory = immer::memory_policy<immer::heap_policy<immer::gc_heap>,
immer::no_refcount_policy,
immer::default_lock_policy,
immer::gc_transience_policy,
false>;
extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data,
std::size_t size)
{
constexpr auto var_count = 4;
auto guard = fuzzer_gc_guard{};
using array_t = immer::array<int, gc_memory>;
using transient_t = typename array_t::transient_type;
using size_t = std::uint8_t;
auto vs = std::array<array_t, var_count>{};
auto ts = std::array<transient_t, var_count>{};
auto is_valid_var = [&](auto idx) { return idx >= 0 && idx < var_count; };
auto is_valid_index = [](auto& v) {
return [&](auto idx) { return idx >= 0 && idx < v.size(); };
};
auto is_valid_size = [](auto& v) {
return [&](auto idx) { return idx >= 0 && idx <= v.size(); };
};
// limit doing immutable pushes on vectors that are too big already to
// prevent timeouts
auto too_big = [](auto&& v) { return v.size() > (std::size_t{1} << 10); };
return fuzzer_input{data, size}.run([&](auto& in) {
enum ops
{
op_transient,
op_persistent,
op_push_back,
op_update,
op_take,
op_push_back_mut,
op_update_mut,
op_take_mut,
};
auto dst = read<char>(in, is_valid_var);
switch (read<char>(in)) {
case op_transient: {
auto src = read<char>(in, is_valid_var);
ts[dst] = vs[src].transient();
break;
}
case op_persistent: {
auto src = read<char>(in, is_valid_var);
vs[dst] = ts[src].persistent();
break;
}
case op_push_back: {
auto src = read<char>(in, is_valid_var);
if (!too_big(vs[src]))
vs[dst] = vs[src].push_back(42);
break;
}
case op_update: {
auto src = read<char>(in, is_valid_var);
auto idx = read<size_t>(in, is_valid_index(vs[src]));
vs[dst] = vs[src].update(idx, [](auto x) { return x + 1; });
break;
}
case op_take: {
auto src = read<char>(in, is_valid_var);
auto idx = read<size_t>(in, is_valid_size(vs[src]));
vs[dst] = vs[src].take(idx);
break;
}
case op_push_back_mut: {
if (!too_big(vs[dst]))
ts[dst].push_back(13);
break;
}
case op_update_mut: {
auto idx = read<size_t>(in, is_valid_index(ts[dst]));
ts[dst].update(idx, [](auto x) { return x + 1; });
break;
}
case op_take_mut: {
auto idx = read<size_t>(in, is_valid_size(ts[dst]));
ts[dst].take(idx);
break;
}
default:
break;
};
return true;
});
}
|
