google · copybara-service · Dec 18, 2022
diff --git a/BUILD b/BUILD
@@ -255,7 +255,9 @@ cc_library(
     ],
     deps = [
         ":command",
+        ":control_flow",
         ":defs",
+        ":feature",
         ":logging",
         ":util",
         "@com_google_absl//absl/base:core_headers",
@@ -272,14 +274,20 @@ cc_library(
     name = "control_flow",
     srcs = [
         "control_flow.cc",
+        "symbol_table.cc",
     ],
     hdrs = [
         "control_flow.h",
+        "symbol_table.h",
     ],
     deps = [
-        ":coverage",
+        ":command",
+        ":defs",
         ":logging",
+        ":util",
         "@com_google_absl//absl/container:flat_hash_map",
+        "@com_google_absl//absl/container:flat_hash_set",
+        "@com_google_absl//absl/strings",
     ],
 )
 
@@ -294,7 +302,7 @@ cc_library(
         "call_graph.h",
     ],
     deps = [
-        ":coverage",
+        ":control_flow",
         ":logging",
         "@com_google_absl//absl/container:flat_hash_map",
         "@com_google_absl//absl/log:check",
@@ -353,7 +361,7 @@ cc_library(
     deps = [
         ":byte_array_mutator",
         ":command",
-        ":coverage",
+        ":control_flow",
         ":defs",
         ":environment",
         ":execution_request",
@@ -392,6 +400,7 @@ cc_library(
         ":blob_file",
         ":centipede_callbacks",
         ":command",
+        ":control_flow",
         ":corpus",
         ":coverage",
         ":defs",
@@ -810,11 +819,19 @@ cc_test(
 cc_test(
     name = "control_flow_test",
     srcs = ["control_flow_test.cc"],
+    data = [
+        "@centipede///testing:test_fuzz_target",
+        "@centipede///testing:test_fuzz_target_trace_pc",
+        "@centipede///testing:threaded_fuzz_target",
+    ],
     deps = [
-        "@centipede//:control_flow",
-        "@centipede//:coverage",
+        ":control_flow",
+        "@centipede//:defs",
+        "@centipede//:environment",
+        "@centipede//:execution_result",
         "@centipede//:logging",
         "@centipede//:test_util",
+        "@centipede//:util",
         "@com_google_googletest//:gtest_main",
     ],
 )
@@ -824,7 +841,6 @@ cc_test(
     srcs = ["call_graph_test.cc"],
     deps = [
         "@centipede//:call_graph",
-        "@centipede//:coverage",
         "@centipede//:logging",
         "@com_google_googletest//:gtest_main",
     ],

diff --git a/analyze_corpora.cc b/analyze_corpora.cc
@@ -19,7 +19,7 @@
 #include "./logging.h"
 
 namespace centipede {
-void AnalyzeCorpora(const Coverage::PCTable &pc_table,
+void AnalyzeCorpora(const PCTable &pc_table,
                     const SymbolTable &symbols,
                     const std::vector<CorpusRecord> &a,
                     const std::vector<CorpusRecord> &b) {

diff --git a/analyze_corpora.h b/analyze_corpora.h
@@ -23,7 +23,7 @@ namespace centipede {
 
 // Analyzes two corpora, `a` and `b`, reports the differences.
 // TODO(kcc): unimplemented.
-void AnalyzeCorpora(const Coverage::PCTable &pc_table,
+void AnalyzeCorpora(const PCTable &pc_table,
                     const SymbolTable &symbols,
                     const std::vector<CorpusRecord> &a,
                     const std::vector<CorpusRecord> &b);

diff --git a/call_graph.cc b/call_graph.cc
@@ -20,11 +20,11 @@
 
 namespace centipede {
 
-void CallGraph::ReadFromCfTable(const Coverage::CFTable &cf_table,
-                                const Coverage::PCTable &pc_table) {
+void CallGraph::ReadFromCfTable(const CFTable &cf_table,
+                                const PCTable &pc_table) {
   // Find all function entries.
   for (auto pc_info : pc_table) {
-    if (pc_info.has_flag(Coverage::PCInfo::kFuncEntry))
+    if (pc_info.has_flag(PCInfo::kFuncEntry))
       function_entries_.insert(pc_info.pc);
   }
 

diff --git a/call_graph.h b/call_graph.h
@@ -22,7 +22,7 @@
 
 #include "absl/container/flat_hash_map.h"
 #include "absl/log/check.h"
-#include "./coverage.h"
+#include "./control_flow.h"
 #include "./logging.h"
 
 namespace centipede {
@@ -31,8 +31,7 @@ class CallGraph {
  public:
   // Reads in the CfTable from __sancov_cfs section. On error it crashes, if the
   // section is not available, the hash maps will be empty.
-  void ReadFromCfTable(const Coverage::CFTable& cf_table,
-                       const Coverage::PCTable& pc_table);
+  void ReadFromCfTable(const CFTable& cf_table, const PCTable& pc_table);
 
   const std::vector<uintptr_t>& GetFunctionCallees(uintptr_t pc) const {
     const auto it = call_graph_.find(pc);

diff --git a/call_graph_test.cc b/call_graph_test.cc
@@ -20,7 +20,6 @@
 
 #include "googlemock/include/gmock/gmock.h"
 #include "googletest/include/gtest/gtest.h"
-#include "./coverage.h"
 #include "./logging.h"
 
 namespace centipede {
@@ -38,7 +37,7 @@ using ::testing::Contains;
 //   \     /
 //    \   /
 //      4 (7)
-static const Coverage::CFTable g_cf_table = {
+static const CFTable g_cf_table = {
   1, 2, 3, 0, 0,          // PC 1 has no callee.
   2, 4, 0, 99, 0,         // PC 2 calls 99.
   3, 4, 0, 6, -1, 8, 0,   // PC 3 calls 6, 8, and has one indirect call.
@@ -49,14 +48,14 @@ static const Coverage::CFTable g_cf_table = {
 };
 
 // Mock PCTable for the above cfg.
-static const Coverage::PCTable g_pc_table = {
-    {1, Coverage::PCInfo::kFuncEntry},
+static const PCTable g_pc_table = {
+    {1, PCInfo::kFuncEntry},
     {2, 0},
     {3, 0},
     {4, 0},
-    {6, Coverage::PCInfo::kFuncEntry},
-    {7, Coverage::PCInfo::kFuncEntry},
-    {8, Coverage::PCInfo::kFuncEntry},
+    {6, PCInfo::kFuncEntry},
+    {7, PCInfo::kFuncEntry},
+    {8, PCInfo::kFuncEntry},
 };
 
 TEST(CallGraphDeathTest, CgNoneExistentPc) {
@@ -80,7 +79,7 @@ TEST(CallGraph, BuildCgFromCfTable) {
   // Check callees.
   for (size_t i = 0; i < g_pc_table.size(); ++i) {
     uintptr_t pc = g_pc_table[i].pc;
-    if (g_pc_table[i].has_flag(Coverage::PCInfo::kFuncEntry))
+    if (g_pc_table[i].has_flag(PCInfo::kFuncEntry))
       EXPECT_TRUE(call_graph.IsFunctionEntry(pc));
     else
       EXPECT_FALSE(call_graph.IsFunctionEntry(pc));

diff --git a/centipede.cc b/centipede.cc
@@ -63,6 +63,7 @@
 #include "absl/synchronization/mutex.h"
 #include "absl/types/span.h"
 #include "./blob_file.h"
+#include "./control_flow.h"
 #include "./coverage.h"
 #include "./defs.h"
 #include "./environment.h"
@@ -80,8 +81,7 @@ namespace centipede {
 using perf::RUsageProfiler;
 
 Centipede::Centipede(const Environment &env, CentipedeCallbacks &user_callbacks,
-                     const Coverage::PCTable &pc_table,
-                     const SymbolTable &symbols,
+                     const PCTable &pc_table, const SymbolTable &symbols,
                      CoverageLogger &coverage_logger, Stats &stats)
     : env_(env),
       user_callbacks_(user_callbacks),
@@ -217,7 +217,7 @@ void Centipede::LogFeaturesAsSymbols(const FeatureVec &fv) {
   auto feature_domain = feature_domains::k8bitCounters;
   for (auto feature : fv) {
     if (!feature_domain.Contains(feature)) continue;
-    Coverage::PCIndex pc_index = Convert8bitCounterFeatureToPcIndex(feature);
+    PCIndex pc_index = Convert8bitCounterFeatureToPcIndex(feature);
     auto description = coverage_logger_.ObserveAndDescribeIfNew(pc_index);
     if (description.empty()) continue;
     LOG(INFO) << description;

diff --git a/centipede.h b/centipede.h
@@ -32,15 +32,17 @@
 #include "./rusage_profiler.h"
 #include "./stats.h"
 #include "./symbol_table.h"
+#include "./control_flow.h"
 
 namespace centipede {
 
 // The main fuzzing class.
 class Centipede {
  public:
   Centipede(const Environment &env, CentipedeCallbacks &user_callbacks,
-            const Coverage::PCTable &pc_table, const SymbolTable &symbols,
-            CoverageLogger &coverage_logger, Stats &stats);
+            const PCTable &pc_table,
+            const SymbolTable &symbols, CoverageLogger &coverage_logger,
+            Stats &stats);
   virtual ~Centipede() {}
 
   // Main loop.
@@ -145,7 +147,7 @@ class Centipede {
 
   // Coverage-related data, initialized at startup, once per process,
   // by calling the PopulateSymbolAndPcTables callback.
-  const Coverage::PCTable &pc_table_;
+  const PCTable &pc_table_;
   const SymbolTable &symbols_;
 
   // Derived from env_.function_filter. Currently, duplicated by every thread.

diff --git a/centipede_callbacks.cc b/centipede_callbacks.cc
@@ -24,7 +24,7 @@
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_split.h"
 #include "./command.h"
-#include "./coverage.h"
+#include "./control_flow.h"
 #include "./defs.h"
 #include "./execution_request.h"
 #include "./execution_result.h"
@@ -34,16 +34,15 @@
 
 namespace centipede {
 
-void CentipedeCallbacks::PopulateSymbolAndPcTables(
-    SymbolTable &symbols, Coverage::PCTable &pc_table) {
+void CentipedeCallbacks::PopulateSymbolAndPcTables(SymbolTable &symbols,
+                                                   PCTable &pc_table) {
   // Running in main thread, create our own temp dir.
   if (!std::filesystem::exists(temp_dir_)) {
     CreateLocalDirRemovedAtExit(temp_dir_);
   }
   std::string pc_table_path =
       std::filesystem::path(temp_dir_).append("pc_table");
-  pc_table =
-      Coverage::GetPcTableFromBinary(env_.coverage_binary, pc_table_path);
+  pc_table = GetPcTableFromBinary(env_.coverage_binary, pc_table_path);
   if (pc_table.empty()) {
     if (env_.require_pc_table) {
       LOG(INFO) << "Could not get PCTable, exiting (override with "

diff --git a/centipede_callbacks.h b/centipede_callbacks.h
@@ -23,7 +23,7 @@
 
 #include "./byte_array_mutator.h"
 #include "./command.h"
-#include "./coverage.h"
+#include "./control_flow.h"
 #include "./defs.h"
 #include "./environment.h"
 #include "./execution_result.h"
@@ -72,7 +72,7 @@ class CentipedeCallbacks {
   // the `coverage_binary` or if symbolization fails.
   // Exits if PC table was not populated and `env_.require_pc_table` is set.
   virtual void PopulateSymbolAndPcTables(SymbolTable &symbols,
-                                         Coverage::PCTable &pc_table);
+                                         PCTable &pc_table);
 
   // Returns some simple non-empty valid input.
   virtual ByteArray DummyValidInput() { return {0}; }

diff --git a/centipede_interface.cc b/centipede_interface.cc
@@ -116,7 +116,7 @@ void PrintExperimentStatsThread(const std::atomic<bool> &continue_running,
 
 // Loads corpora from work dirs provided in `env.args`, analyzes differences.
 // Returns EXIT_SUCCESS on success, EXIT_FAILURE otherwise.
-int Analyze(const Environment &env, const Coverage::PCTable &pc_table,
+int Analyze(const Environment &env, const PCTable &pc_table,
             const SymbolTable &symbols) {
   LOG(INFO) << "Analyze " << absl::StrJoin(env.args, ",");
   CHECK_EQ(env.args.size(), 2) << "for now, Analyze supports only 2 work dirs";
@@ -175,7 +175,7 @@ int CentipedeMain(const Environment &env,
   RemoteMkdir(env.MakeCoverageDirPath());
 
   auto one_time_callbacks = callbacks_factory.create(env);
-  Coverage::PCTable pc_table;
+  PCTable pc_table;
   SymbolTable symbols;
   one_time_callbacks->PopulateSymbolAndPcTables(symbols, pc_table);
   callbacks_factory.destroy(one_time_callbacks);