DFSan-based fuzzer (proof of concept).

Summary: This adds a simple DFSan-based (i.e. taint-guided) fuzzer mutator, see the comments for details. Test Plan: a test added Reviewers: samsonov, pcc Reviewed By: samsonov, pcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D8669 llvm-svn: 233613
author: Kostya Serebryany <kcc@google.com> 2015-03-30 22:09:51 +0000
committer: Kostya Serebryany <kcc@google.com> 2015-03-30 22:09:51 +0000
commit: 16d03bd05130593fd9c295bc02ec8ad211088f5d (patch)
tree: 1ee0a1c7d1fcc3183f3e20e883f55f0c61eae340 /llvm/lib/Fuzzer/FuzzerLoop.cpp
parent: d639cdf427bd79d6b14d1000523bcba397240ce5 (diff)
download: bcm5719-llvm-16d03bd05130593fd9c295bc02ec8ad211088f5d.tar.gz
bcm5719-llvm-16d03bd05130593fd9c295bc02ec8ad211088f5d.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp
index 563fbf4c30d..33a09d60829 100644
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp
@@ -192,6 +192,7 @@ size_t Fuzzer::MutateAndTestOne(Unit *U) {
   for (int i = 0; i < Options.MutateDepth; i++) {
     if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
       return NewUnits;
+    MutateWithDFSan(U);
     Mutate(U, Options.MaxLen);
     size_t NewCoverage = RunOne(*U);
     if (NewCoverage) {
author	Kostya Serebryany <kcc@google.com>	2015-03-30 22:09:51 +0000
committer	Kostya Serebryany <kcc@google.com>	2015-03-30 22:09:51 +0000
commit	16d03bd05130593fd9c295bc02ec8ad211088f5d (patch)
tree	1ee0a1c7d1fcc3183f3e20e883f55f0c61eae340 /llvm/lib/Fuzzer/FuzzerLoop.cpp
parent	d639cdf427bd79d6b14d1000523bcba397240ce5 (diff)
download	bcm5719-llvm-16d03bd05130593fd9c295bc02ec8ad211088f5d.tar.gz bcm5719-llvm-16d03bd05130593fd9c295bc02ec8ad211088f5d.zip