summaryrefslogtreecommitdiffstats
path: root/compiler-rt/lib/fuzzer/FuzzerInternal.h
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Merge: print feature coverage number as well.Max Moroz2019-08-121-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: feature coverage is a useful signal that is available during the merge process, but was not printed previously. Output example: ``` $ ./fuzzer -use_value_profile=1 -merge=1 new_corpus/ seed_corpus/ INFO: Seed: 1676551929 INFO: Loaded 1 modules (2380 inline 8-bit counters): 2380 [0x90d180, 0x90dacc), INFO: Loaded 1 PC tables (2380 PCs): 2380 [0x684018,0x68d4d8), MERGE-OUTER: 180 files, 78 in the initial corpus MERGE-OUTER: attempt 1 INFO: Seed: 1676574577 INFO: Loaded 1 modules (2380 inline 8-bit counters): 2380 [0x90d180, 0x90dacc), INFO: Loaded 1 PC tables (2380 PCs): 2380 [0x684018,0x68d4d8), INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes MERGE-INNER: using the control file '/tmp/libFuzzerTemp.111754.txt' MERGE-INNER: 180 total files; 0 processed earlier; will process 180 files now #1 pulse cov: 134 ft: 330 exec/s: 0 rss: 37Mb #2 pulse cov: 142 ft: 462 exec/s: 0 rss: 38Mb #4 pulse cov: 152 ft: 651 exec/s: 0 rss: 38Mb #8 pulse cov: 152 ft: 943 exec/s: 0 rss: 38Mb #16 pulse cov: 520 ft: 2783 exec/s: 0 rss: 39Mb #32 pulse cov: 552 ft: 3280 exec/s: 0 rss: 41Mb #64 pulse cov: 576 ft: 3641 exec/s: 0 rss: 50Mb #78 LOADED cov: 602 ft: 3936 exec/s: 0 rss: 88Mb #128 pulse cov: 611 ft: 3996 exec/s: 0 rss: 93Mb #180 DONE cov: 611 ft: 4016 exec/s: 0 rss: 155Mb MERGE-OUTER: succesfull in 1 attempt(s) MERGE-OUTER: the control file has 39741 bytes MERGE-OUTER: consumed 0Mb (37Mb rss) to parse the control file MERGE-OUTER: 9 new files with 80 new features added; 9 new coverage edges ``` Reviewers: hctim, morehouse Reviewed By: morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D66030 llvm-svn: 368617
* [libFuzzer] code refactoring; NFCKostya Serebryany2019-05-101-4/+2
| | | | llvm-svn: 360400
* [libFuzzer] extend the -fork=1 functionality. Still not fully usable, but ↵Kostya Serebryany2019-02-121-1/+1
| | | | | | good enough for the first unit test llvm-svn: 353775
* [libFuzzer] introduce an experimental mode -fork=1, where fuzzing happens in ↵Kostya Serebryany2019-02-081-7/+2
| | | | | | a subprocess (still running multiple inputs per process), thus making the fuzzing more resilient to timeouts and OOMs. This is just a skeleton of the code, and some associated refactoring, not a fully working feature yet. llvm-svn: 353570
* [libFuzzer] refactor the way we choose the element to cross-over with, NFC ↵Kostya Serebryany2019-02-081-2/+4
| | | | | | (expected1); add a flag -seed_inputs= to pass extra seed inputs as file paths, not dirs llvm-svn: 353494
* [libFuzzer] set libFuzzer's own SEGV handler even one is already present, ↵Kostya Serebryany2019-01-311-1/+0
| | | | | | but call that handler from ours (unless we are unprotecting lazy counters). Call ProtectLazyCounters later, so that it runs after the initialization code in the target. llvm-svn: 352713
* [libFuzzer] experimental performance optimization -lazy_counters, off by ↵Kostya Serebryany2019-01-311-0/+1
| | | | | | default. Posix-only for now, tested on Linux llvm-svn: 352700
* [libFuzzer] remove stale code, NFCKostya Serebryany2019-01-301-1/+0
| | | | llvm-svn: 352604
* Update the file headers across all of the LLVM projects in the monorepoChandler Carruth2019-01-191-4/+3
| | | | | | | | | | | | | | | | | to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. llvm-svn: 351636
* [libFuzzer] Remove unstable edge handlingJonathan Metzman2019-01-151-1/+0
| | | | | | | | | | Summary: Remove code for handling unstable edges from libFuzzer since it has not been found useful. Differential Revision: https://reviews.llvm.org/D56730 llvm-svn: 351262
* libFuzzer: prevent irrelevant strings from leaking into auto-dictionaryMatt Morehouse2018-07-171-1/+0
| | | | | | | | | | | | | | | | This is a fix for bug 37047. https://bugs.llvm.org/show_bug.cgi?id=37047 Implemented by basically reversing the logic. Previously all strings were considered, with some operations excluded. Now strings are excluded by default, and only strings during the CB considered. Patch By: pdknsk Differential Revision: https://reviews.llvm.org/D48800 llvm-svn: 337296
* [libFuzzer] Implement stat::stability_rate based on the percentage of ↵Max Moroz2018-07-161-0/+1
| | | | | | | | | | | | | | | | | | | | | unstable edges. Summary: Created a -print_unstable_stats flag. When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array. On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does. Patch by Kyungtak Woo (@kevinwkt). Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, Dor1s, morehouse Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s Differential Revision: https://reviews.llvm.org/D49212 llvm-svn: 337187
* Revert r337175 (https://reviews.llvm.org/D49212) due to unintentional format ↵Max Moroz2018-07-161-1/+0
| | | | | | changes. llvm-svn: 337180
* [libFuzzer] Implement stat::stability_rate based on the percentage of ↵Max Moroz2018-07-161-0/+1
| | | | | | | | | | | | | | | | | | | | | unstable edges. Summary: Created a -print_unstable_stats flag. When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array. On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does. Patch by Kyungtak Woo (@kevinwkt). Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, Dor1s, morehouse Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s Differential Revision: https://reviews.llvm.org/D49212 llvm-svn: 337175
* [libFuzzer] Make -fsanitize=memory,fuzzer work.Matt Morehouse2018-07-091-0/+22
| | | | | | | | | | | This patch allows libFuzzer to fuzz applications instrumented with MSan without recompiling libFuzzer with MSan instrumentation. Fixes https://github.com/google/sanitizers/issues/958. Differential Revision: https://reviews.llvm.org/D48891 llvm-svn: 336619
* [libFuzzer] initial implementation of -data_flow_trace. It parses the data ↵Kostya Serebryany2018-06-061-0/+2
| | | | | | flow trace and prints the summary, but doesn't use the information in any other way yet llvm-svn: 334058
* [libFuzzer] change the strategy for -experimental_len_control to grow ↵Kostya Serebryany2017-12-121-2/+0
| | | | | | max_len slower llvm-svn: 320531
* [libFuzzer] add an experimental search heuristic flag -reduce_depthKostya Serebryany2017-12-011-1/+1
| | | | llvm-svn: 319571
* [libFuzzer] handle SIGUSR1/SIGUSR2 and try to exit grafully on these signalsKostya Serebryany2017-11-091-0/+4
| | | | llvm-svn: 317829
* [libFuzzer] allow user to specify the merge control fileKostya Serebryany2017-11-091-1/+2
| | | | llvm-svn: 317747
* [libFuzzer] Periodically purge allocator's quarantine to prolong fuzzing ↵Alex Shlyapnikov2017-10-231-0/+3
| | | | | | | | | | | | | | | | | | | | | sessions. Summary: Fuzzing targets that allocate/deallocate a lot of memory tend to consume a lot of RSS when ASan quarantine is enabled. Purging quarantine between iterations and returning memory to OS keeps RSS down and should not reduce the quarantine effectiveness provided the fuzz target does not preserve state between iterations (in this case this feature can be turned off). Based on D39153. Reviewers: vitalybuka Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39155 llvm-svn: 316382
* [libFUzzer] change the way we load the seed corpora: instead of loading all ↵Kostya Serebryany2017-08-291-2/+0
| | | | | | files and these executing all files, load and execute them one-by-one. This should reduce the memory usage in many cases llvm-svn: 312033
* [libFuzzer] refactoring: move reading the seed corpus closer to where it's ↵Kostya Serebryany2017-08-291-1/+2
| | | | | | consumed; NFC llvm-svn: 311972
* [libFuzzer] Use custom allocators for STL containers in libFuzzer.George Karpenkov2017-08-271-4/+4
| | | | | | | | Avoids ODR violations causing spurious ASAN warnings. Differential Revision: https://reviews.llvm.org/D37086 llvm-svn: 311866
* Revert "[libFuzzer] Use custom allocators for STL containers in libFuzzer"George Karpenkov2017-08-261-4/+4
| | | | | | This reverts commit 3539efc2f2218dba2bcbd645d0fe276f2b5cf588. llvm-svn: 311831
* [libFuzzer] Use custom allocators for STL containers in libFuzzerGeorge Karpenkov2017-08-261-4/+4
| | | | | | | | Avoids ODR violations causing spurious ASAN container overflow warnings. Differential Revision: https://reviews.llvm.org/D37086 llvm-svn: 311830
* Move libFuzzer to compiler_rt.George Karpenkov2017-08-211-0/+150
Resulting library binaries will be named libclang_rt.fuzzer*, and will be placed in Clang toolchain, allowing redistribution. Differential Revision: https://reviews.llvm.org/D36908 llvm-svn: 311407
OpenPOWER on IntegriCloud