class ModuleProxy

class ModuleProxy

Defined at line 28 of file ../../src/sys/fuzzing/realmfuzzer/engine/module-proxy.h

This class in the fuzzer engine is analogous to |fuzzing::Module| in an instrumented process.

This association is one-to-many: The engine collects feedback from multiple processes which may

possibly even restart. As a result it maintains a single |ModuleProxy| for all instances of a

particular LLVM module across multiple processes, uniquely identified by the combination of its

given |id| and its number of PCs, e.g. its size.

Public Methods

void ~ModuleProxy ()

Defined at line 31 of file ../../src/sys/fuzzing/realmfuzzer/engine/module-proxy.h

const std::string & id ()

Defined at line 33 of file ../../src/sys/fuzzing/realmfuzzer/engine/module-proxy.h

void ModuleProxy (const std::string & id, size_t size)

Defined at line 52 of file ../../src/sys/fuzzing/realmfuzzer/engine/module-proxy.cc

void Add (void * counters, size_t counters_len)

De/registers the shared memory as a source of counter values. This object does not take

ownership of the memory; it must remain valid between calls to |Add| and |Remove|.

Defined at line 62 of file ../../src/sys/fuzzing/realmfuzzer/engine/module-proxy.cc

void Remove (void * counters)

Defined at line 70 of file ../../src/sys/fuzzing/realmfuzzer/engine/module-proxy.cc

size_t Measure ()

Collects counters for linked instances of the associated module, converts them to opaque

features and returns the number of new features. This method does not record the features, and

so is useful for evaluating a set of inputs as compared to a base set of features, e.g. from a

seed corpus. For info on "features", see: http://lcamtuf.coredump.cx/afl/technical_details.txt.

Defined at line 76 of file ../../src/sys/fuzzing/realmfuzzer/engine/module-proxy.cc

size_t Accumulate ()

Like |Measure|, but additionally records the new features, making the method useful for

incrementally growing a corpus.

Defined at line 78 of file ../../src/sys/fuzzing/realmfuzzer/engine/module-proxy.cc

size_t GetCoverage (size_t * out_num_features)

Returns how many PCs have accumulated at least one feature. If |out_num_features| is not null,

sets it to how many features have been accumulated in total.

Defined at line 115 of file ../../src/sys/fuzzing/realmfuzzer/engine/module-proxy.cc

void Clear ()

Resets the recorded features.

Defined at line 135 of file ../../src/sys/fuzzing/realmfuzzer/engine/module-proxy.cc