1*4ba319b5SDimitry Andric //===- FuzzerCrossOver.cpp - Cross over two test inputs -------------------===//
2*4ba319b5SDimitry Andric //
3*4ba319b5SDimitry Andric // The LLVM Compiler Infrastructure
4*4ba319b5SDimitry Andric //
5*4ba319b5SDimitry Andric // This file is distributed under the University of Illinois Open Source
6*4ba319b5SDimitry Andric // License. See LICENSE.TXT for details.
7*4ba319b5SDimitry Andric //
8*4ba319b5SDimitry Andric //===----------------------------------------------------------------------===//
9*4ba319b5SDimitry Andric // Cross over test inputs.
10*4ba319b5SDimitry Andric //===----------------------------------------------------------------------===//
11*4ba319b5SDimitry Andric
12*4ba319b5SDimitry Andric #include "FuzzerDefs.h"
13*4ba319b5SDimitry Andric #include "FuzzerMutate.h"
14*4ba319b5SDimitry Andric #include "FuzzerRandom.h"
15*4ba319b5SDimitry Andric #include <cstring>
16*4ba319b5SDimitry Andric
17*4ba319b5SDimitry Andric namespace fuzzer {
18*4ba319b5SDimitry Andric
19*4ba319b5SDimitry Andric // Cross Data1 and Data2, store the result (up to MaxOutSize bytes) in Out.
CrossOver(const uint8_t * Data1,size_t Size1,const uint8_t * Data2,size_t Size2,uint8_t * Out,size_t MaxOutSize)20*4ba319b5SDimitry Andric size_t MutationDispatcher::CrossOver(const uint8_t *Data1, size_t Size1,
21*4ba319b5SDimitry Andric const uint8_t *Data2, size_t Size2,
22*4ba319b5SDimitry Andric uint8_t *Out, size_t MaxOutSize) {
23*4ba319b5SDimitry Andric assert(Size1 || Size2);
24*4ba319b5SDimitry Andric MaxOutSize = Rand(MaxOutSize) + 1;
25*4ba319b5SDimitry Andric size_t OutPos = 0;
26*4ba319b5SDimitry Andric size_t Pos1 = 0;
27*4ba319b5SDimitry Andric size_t Pos2 = 0;
28*4ba319b5SDimitry Andric size_t *InPos = &Pos1;
29*4ba319b5SDimitry Andric size_t InSize = Size1;
30*4ba319b5SDimitry Andric const uint8_t *Data = Data1;
31*4ba319b5SDimitry Andric bool CurrentlyUsingFirstData = true;
32*4ba319b5SDimitry Andric while (OutPos < MaxOutSize && (Pos1 < Size1 || Pos2 < Size2)) {
33*4ba319b5SDimitry Andric // Merge a part of Data into Out.
34*4ba319b5SDimitry Andric size_t OutSizeLeft = MaxOutSize - OutPos;
35*4ba319b5SDimitry Andric if (*InPos < InSize) {
36*4ba319b5SDimitry Andric size_t InSizeLeft = InSize - *InPos;
37*4ba319b5SDimitry Andric size_t MaxExtraSize = std::min(OutSizeLeft, InSizeLeft);
38*4ba319b5SDimitry Andric size_t ExtraSize = Rand(MaxExtraSize) + 1;
39*4ba319b5SDimitry Andric memcpy(Out + OutPos, Data + *InPos, ExtraSize);
40*4ba319b5SDimitry Andric OutPos += ExtraSize;
41*4ba319b5SDimitry Andric (*InPos) += ExtraSize;
42*4ba319b5SDimitry Andric }
43*4ba319b5SDimitry Andric // Use the other input data on the next iteration.
44*4ba319b5SDimitry Andric InPos = CurrentlyUsingFirstData ? &Pos2 : &Pos1;
45*4ba319b5SDimitry Andric InSize = CurrentlyUsingFirstData ? Size2 : Size1;
46*4ba319b5SDimitry Andric Data = CurrentlyUsingFirstData ? Data2 : Data1;
47*4ba319b5SDimitry Andric CurrentlyUsingFirstData = !CurrentlyUsingFirstData;
48*4ba319b5SDimitry Andric }
49*4ba319b5SDimitry Andric return OutPos;
50*4ba319b5SDimitry Andric }
51*4ba319b5SDimitry Andric
52*4ba319b5SDimitry Andric } // namespace fuzzer
53