Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix #1, #2, #7 and #9. Propose solutions for #4 #5 and #6 #10

Merged
merged 2 commits into from
Nov 9, 2024
Merged

fix #1, #2, #7 and #9. Propose solutions for #4 #5 and #6 #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b477cf5
fix issues #6 and #7
jma-qb May 16, 2024
8ee3ffb
Fix #1, #2, #7 and #9. Propose solutions for #4 #5 and #6
jma-qb Nov 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion lain/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,14 @@ num-traits = "0.2"
num-derive = "0.3"
num = "0.4"
lazy_static = "1.2"
serde = { version = "1.0" , optional = true, features = ["derive"] }
serde = { version = "1.0", optional = true, features = ["derive"] }
field-offset = "0.3"

[features]
default_features = []
serde_support = ["serde"]
pick_invalid_enum = []
ignore_min_max = []

[profile.release]
debug = true
188 changes: 136 additions & 52 deletions lain/src/mutatable.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,23 @@ enum VecResizeType {
fn grow_vec<T: NewFuzzed + SerializedSize, R: Rng>(
vec: &mut Vec<T>,
mutator: &mut Mutator<R>,
max_elems: Option<usize>,
mut max_size: Option<usize>,
) {
let resize_count = VecResizeCount::new_fuzzed(mutator, None);
let resize_max = if let Some(max) = max_elems {
max
} else {
9 // old magic value from lain
};
let mut num_elements = if vec.is_empty() {
mutator.gen_range(1, 9)
mutator.gen_range(1, resize_max)
} else {
match resize_count {
VecResizeCount::Quarter => vec.len() / 4,
VecResizeCount::Half => vec.len() / 2,
VecResizeCount::ThreeQuarters => vec.len() - (vec.len() / 4),
VecResizeCount::FixedBytes => mutator.gen_range(1, 9),
VecResizeCount::FixedBytes => mutator.gen_range(1, resize_max),
VecResizeCount::AllBytes => mutator.gen_range(1, vec.len() + 1),
}
};
Expand All @@ -58,6 +64,10 @@ fn grow_vec<T: NewFuzzed + SerializedSize, R: Rng>(
num_elements = min(num_elements, max_size / T::max_default_object_size());
}

if let Some(max_elems) = max_elems {
num_elements = min(max_elems - vec.len(), num_elements);
}

if num_elements == 0 {
return;
}
Expand Down Expand Up @@ -125,28 +135,30 @@ fn grow_vec<T: NewFuzzed + SerializedSize, R: Rng>(
/// Shrinks a `Vec`.
/// This will randomly select to resize by a factor of 1/4, 1/2, 3/4, or a fixed number of bytes
/// in the range of [1, 8]. Elements may be removed randomly from the beginning or end of the the vec
fn shrink_vec<T, R: Rng>(vec: &mut Vec<T>, mutator: &mut Mutator<R>) {
fn shrink_vec<T, R: Rng>(vec: &mut Vec<T>, mutator: &mut Mutator<R>, min_size: Option<usize>) {
if vec.is_empty() {
return;
}

let min_size = if let Some(min) = min_size { min } else { 0 };

let resize_count = VecResizeCount::new_fuzzed(mutator, None);
let mut num_elements = match resize_count {
VecResizeCount::Quarter => vec.len() / 4,
VecResizeCount::Half => vec.len() / 2,
VecResizeCount::ThreeQuarters => vec.len() - (vec.len() / 4),
VecResizeCount::FixedBytes => mutator.gen_range(1, 9),
VecResizeCount::AllBytes => vec.len(),
VecResizeCount::FixedBytes => min(min(mutator.gen_range(1, 9), vec.len()), min_size),
VecResizeCount::AllBytes => min(vec.len(), min_size),
};

if num_elements == 0 {
num_elements = mutator.gen_range(0, vec.len() + 1);
}

num_elements = std::cmp::min(num_elements, vec.len());
num_elements = std::cmp::min(num_elements, vec.len() - min_size);

// Special case probably isn't required here, but better to be explicit
if num_elements == vec.len() {
if num_elements == vec.len() && min_size == 0 {
vec.drain(..);
return;
}
Expand Down Expand Up @@ -177,7 +189,7 @@ where

// 1% chance to resize this vec
if mutator.gen_chance(CHANCE_TO_RESIZE_VEC) {
shrink_vec(self, mutator);
shrink_vec(self, mutator, Some(1));
} else {
// Recreate the constraints so that the min/max types match
let constraints = constraints.and_then(|c| {
Expand Down Expand Up @@ -209,44 +221,82 @@ where
constraints: Option<&Constraints<Self::RangeType>>,
) {
const CHANCE_TO_RESIZE_VEC: f64 = 0.01;
const CHANCE_TO_RESIZE_EMPTY_VEC: f64 = 0.33;

if T::max_default_object_size() == 0 {
return;
}

// we can grow the vector if we have no size constraint or the max size quota hasn't
// been fulfilled
let can_grow = constraints
.map(|c| {
c.max_size
.map(|s| s > 0 && s > T::max_default_object_size())
.unwrap_or(true)
})
.unwrap_or(false);
let mut can_grow = true;
if let Some(max_elems) = constraints.and_then(|c| c.max) {
if self.len() >= max_elems {
can_grow = false;
}
}

if mutator.gen_chance(CHANCE_TO_RESIZE_VEC) {
let resize_type = VecResizeType::new_fuzzed(mutator, None);
if resize_type == VecResizeType::Grow && can_grow {
grow_vec(self, mutator, constraints.and_then(|c| c.max_size));
if let Some(max_size) = constraints.and_then(|c| c.max_size) {
if self.len() >= max_size / T::max_default_object_size() {
can_grow = false;
}
}

if self.is_empty() {
if mutator.gen_chance(CHANCE_TO_RESIZE_EMPTY_VEC) {
grow_vec(
self,
mutator,
constraints.and_then(|c| c.max),
constraints.and_then(|c| c.max_size),
);
} else {
shrink_vec(self, mutator);
// Recreate the constraints so that the min/max types match
let constraints = constraints.and_then(|c| {
if c.max_size.is_none() {
None
} else {
let mut new_constraints = Constraints::new();
new_constraints.base_object_size_accounted_for =
c.base_object_size_accounted_for;
new_constraints.max_size = c.max_size;

Some(new_constraints)
}
});

self.as_mut_slice().mutate(mutator, constraints.as_ref());
}
} else {
// Recreate the constraints so that the min/max types match
let constraints = constraints.and_then(|c| {
if c.max_size.is_none() {
None
if mutator.gen_chance(CHANCE_TO_RESIZE_VEC) {
let resize_type = VecResizeType::new_fuzzed(mutator, None);
if resize_type == VecResizeType::Grow && can_grow {
grow_vec(
self,
mutator,
constraints.and_then(|c| c.max),
constraints.and_then(|c| c.max_size),
);
} else {
let mut new_constraints = Constraints::new();
new_constraints.base_object_size_accounted_for =
c.base_object_size_accounted_for;
new_constraints.max_size = c.max_size;

Some(new_constraints)
shrink_vec(self, mutator, constraints.and_then(|c| c.min));
}
});
} else {
// Recreate the constraints so that the min/max types match
let constraints = constraints.and_then(|c| {
if c.max_size.is_none() {
None
} else {
let mut new_constraints = Constraints::new();
new_constraints.base_object_size_accounted_for =
c.base_object_size_accounted_for;
new_constraints.max_size = c.max_size;

self.as_mut_slice().mutate(mutator, constraints.as_ref());
Some(new_constraints)
}
});

self.as_mut_slice().mutate(mutator, constraints.as_ref());
}
}
}
}
Expand All @@ -264,6 +314,7 @@ where
constraints: Option<&Constraints<Self::RangeType>>,
) {
const CHANCE_TO_RESIZE_VEC: f64 = 0.01;
const CHANCE_TO_RESIZE_EMPTY_VEC: f64 = 0.33;

if T::max_default_object_size() == 0 {
return;
Expand All @@ -275,29 +326,61 @@ where
.map(|c| c.max_size.map(|s| s > 0).unwrap_or(true))
.unwrap_or(false);

if mutator.gen_chance(CHANCE_TO_RESIZE_VEC) {
let resize_type = VecResizeType::new_fuzzed(mutator, None);
if resize_type == VecResizeType::Grow && can_grow {
grow_vec(self, mutator, constraints.and_then(|c| c.max_size));
if self.is_empty() {
if mutator.gen_chance(CHANCE_TO_RESIZE_EMPTY_VEC) {
grow_vec(
self,
mutator,
constraints.and_then(|c| c.max),
constraints.and_then(|c| c.max_size),
);
} else {
shrink_vec(self, mutator);
// Recreate the constraints so that the min/max types match
let constraints = constraints.and_then(|c| {
if c.max_size.is_none() {
None
} else {
let mut new_constraints = Constraints::new();
new_constraints.base_object_size_accounted_for =
c.base_object_size_accounted_for;
new_constraints.max_size = c.max_size;

Some(new_constraints)
}
});

self.as_mut_slice().mutate(mutator, constraints.as_ref());
}
} else {
// Recreate the constraints so that the min/max types match
let constraints = constraints.and_then(|c| {
if c.max_size.is_none() {
None
if mutator.gen_chance(CHANCE_TO_RESIZE_VEC) {
let resize_type = VecResizeType::new_fuzzed(mutator, None);
if resize_type == VecResizeType::Grow && can_grow {
grow_vec(
self,
mutator,
constraints.and_then(|c| c.max),
constraints.and_then(|c| c.max_size),
);
} else {
let mut new_constraints = Constraints::new();
new_constraints.base_object_size_accounted_for =
c.base_object_size_accounted_for;
new_constraints.max_size = c.max_size;

Some(new_constraints)
shrink_vec(self, mutator, constraints.and_then(|c| c.min));
}
});
} else {
// Recreate the constraints so that the min/max types match
let constraints = constraints.and_then(|c| {
if c.max_size.is_none() {
None
} else {
let mut new_constraints = Constraints::new();
new_constraints.base_object_size_accounted_for =
c.base_object_size_accounted_for;
new_constraints.max_size = c.max_size;

self.as_mut_slice().mutate(mutator, constraints.as_ref());
Some(new_constraints)
}
});

self.as_mut_slice().mutate(mutator, constraints.as_ref());
}
}
}
}
Expand Down Expand Up @@ -618,18 +701,19 @@ where
mutator: &mut Mutator<R>,
constraints: Option<&Constraints<Self::RangeType>>,
) {
const CHANCE_TO_FLIP_OPTION_STATE: f64 = 0.01;
const CHANCE_TO_FLIP_SOME_STATE: f64 = 0.05;
const CHANCE_TO_FLIP_NONE_STATE: f64 = 0.10;
match self {
Some(inner) => {
// small chance to make this None
if mutator.gen_chance(CHANCE_TO_FLIP_OPTION_STATE) {
if mutator.gen_chance(CHANCE_TO_FLIP_SOME_STATE) {
*self = None;
} else {
inner.mutate(mutator, constraints);
}
}
None => {
if mutator.gen_chance(CHANCE_TO_FLIP_OPTION_STATE) {
if mutator.gen_chance(CHANCE_TO_FLIP_NONE_STATE) {
let new_item = T::new_fuzzed(mutator, constraints);

*self = Some(new_item);
Expand Down
12 changes: 9 additions & 3 deletions lain/src/mutator.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,14 @@ use serde::{Deserialize, Serialize};

// set these to 0 to disable
pub const CHANCE_TO_REPEAT_ARRAY_VALUE: f64 = 0.05;
pub const CHANCE_TO_PICK_INVALID_ENUM: f64 = 0.10;
pub const CHANCE_TO_IGNORE_MIN_MAX: f64 = 0.05;
#[cfg(feature = "pick_invalid_enum")]
pub const CHANCE_TO_PICK_INVALID_ENUM: f64 = 0.01;
#[cfg(not(feature = "pick_invalid_enum"))]
pub const CHANCE_TO_PICK_INVALID_ENUM: f64 = 0.0;
#[cfg(feature = "ignore_min_max")]
pub const CHANCE_TO_IGNORE_MIN_MAX: f64 = 0.01;
#[cfg(not(feature = "ignore_min_max"))]
pub const CHANCE_TO_IGNORE_MIN_MAX: f64 = 0.0;

#[repr(u8)]
#[derive(Debug, Copy, Clone, NewFuzzed)]
Expand Down Expand Up @@ -107,7 +113,7 @@ impl<R: Rng> Mutator<R> {
self.corpus_state.fields_fuzzed += 1;
}

if self.gen_chance(0.10) {
if self.gen_chance(0.01) {
*num = T::select_dangerous_number(&mut self.rng);
return;
}
Expand Down
9 changes: 6 additions & 3 deletions lain_derive/src/mutations.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -271,13 +271,16 @@ fn mutatable_enum_visitor(variants: &[Variant], cont_ident: &syn::Ident) -> Vec<
fn mutatable_struct_visitor(fields: &[Field]) -> Vec<TokenStream> {
fields
.iter()
.map(|field| {
.filter_map(|field| {
if field.attrs.ignore() {
return None;
}
let (_field_ident, _field_ident_string, initializer) =
field_mutator(field, "self.", false);

quote! {
Some(quote! {
#initializer
}
})
})
.collect()
}
Expand Down
Loading