class Mutagen

class Mutagen

Defined at line 59 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.h

This class represents the source of mutations when fuzzing. It is heavily inspired by libFuzzer's

MutationDispatcher, here:

https://github.com/llvm/llvm-project/blob/main/compiler-rt/lib/fuzzer/FuzzerMutate.cpp

During fuzzing, the runner will pick an input from the corpus, and pass it to this object. It

will then use this object to generate a sequence of mutated inputs that it can send to the

target adapter.

Public Methods

void Configure (const OptionsPtr & options)

Sets options.

Defined at line 51 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

void Mutate (Input * out)

Makes a copy of the previously configured input, mutates it using a pseudoradomly selected

mutation strategy, and stores the result in |out|.

Defined at line 57 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

void Mutagen ()

Defined at line 61 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.h

void ~Mutagen ()

Defined at line 62 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.h

const Dictionary & dictionary ()

Defined at line 64 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.h

Input * base_input ()

Callers can write data into the returned inputs.

Defined at line 67 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.h

Input * crossover ()

Defined at line 68 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.h

const std::vector<Mutation> & mutations ()

The sequence of mutations since the input was last set.

Defined at line 71 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.h

void set_dictionary (Dictionary dictionary)

Defined at line 73 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.h

void reset_mutations ()

Defined at line 75 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.h

bool SkipSome (const uint8_t * data, size_t size, size_t max_size, Input * out)

Remove some bytes from |data| when writing to |out|. Assumes |size > 1|; |size > max_size| is

allowed.

Defined at line 145 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

bool Shuffle (const uint8_t * data, size_t size, Input * out)

Shuffle some subsequence of |data| when writing it to |out|. Assumes |size > 1|.

Defined at line 154 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

bool Flip (const uint8_t * data, size_t size, Input * out)

Flip a bit at some location in |data| when writing it to |out|. Assumes |size != 0|.

Defined at line 165 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

bool ReplaceOne (const uint8_t * data, size_t size, Input * out)

Replace one byte in |data| when writing it to |out|. Assumes |size != 0|.

Defined at line 173 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

bool ReplaceUnsigned (const uint8_t * data, size_t size, Input * out)

Find and replace an unsigned integer value in |data| when writing it to |out|. Assumes

|size != 0|.

Defined at line 209 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

bool ReplaceNum (const uint8_t * data, size_t size, Input * out)

Find and replace an ASCII representation of a number in |data| when writing it to |out|.

Assumes |size != 0|.

Defined at line 245 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

bool ReplaceSome (const uint8_t * data, size_t size, Input * out)

Replace some subsequence of |data| with another, possibly overlapping subsequence when writing

it to |out|. Assumes |size != 0|.

Defined at line 288 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

bool MergeReplace (const uint8_t * data1, size_t size1, const uint8_t * data2, size_t size2, Input * out)

For each of |size1| bytes, choose from |data1| or |data2|, and write the result to |out|.

Defined at line 302 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

bool InsertSome (const uint8_t * data, size_t size, size_t max_size, Input * out)

Copy some section of |data| and insert it when writing |data| to |out|. Assumes

|size

<

max_size|.

Defined at line 323 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

bool MergeInsert (const uint8_t * data1, size_t size1, const uint8_t * data2, size_t size2, size_t max_size, Input * out)

Interleave segments of |data1| and |data2| and write the result to |out|, up to

|max_size|.

Defined at line 334 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

bool InsertOne (const uint8_t * data, size_t size, Input * out)

Insert a single byte.

Defined at line 363 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc

bool InsertRepeated (const uint8_t * data, size_t size, size_t max_size, Input * out)

Insert a byte repeated several times.

Defined at line 372 of file ../../src/sys/fuzzing/realmfuzzer/engine/mutagen.cc