| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
The most common usecase for -runs=0 is for generating code coverage
over some corpus. Coverage reports based on sancov are about to be deprecated,
which means some external coverage solution will be used, e.g. Clang source
based code coverage, which does not use any sancov instrumentations and thus
libFuzzer would consider any input to be not interesting in that case.
Reviewers: kcc
Reviewed By: kcc
Subscribers: alex, delcypher, #sanitizers, llvm-commits
Differential Revision: https://reviews.llvm.org/D47271
llvm-svn: 333116
|
| |
|
|
| |
llvm-svn: 332876
|
| |
|
|
|
|
| |
focus on inputs that trigger that function
llvm-svn: 332554
|
| |
|
|
|
|
| |
inline sanitizer coverage anyway
llvm-svn: 332036
|
| |
|
|
|
|
| |
instrumentation. This mode has not been used and our experiments with https://github.com/google/fuzzer-test-suite show that this signal is weaker than the SanitizerCoverage
llvm-svn: 332034
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
When out-of-memory or timeout occurs, threads can be stopped during
symbolization, thereby causing a deadlock when the OOM/TO handlers
attempt symbolization. We avoid this deadlock by skipping symbolization
if another thread is symbolizing.
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D46605
llvm-svn: 331825
|
| |
|
|
|
|
|
|
| |
Short-circuiting causes tests to fail on Mac since libFuzzer crashes
rather than exiting with an error code when an unexpected signal
happens.
llvm-svn: 331324
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Fixes https://github.com/google/sanitizers/issues/788/, a deadlock
caused by multiple crashes happening at the same time. Before printing
a crash report, we now test and set an atomic flag. If the flag was
already set, the crash handler returns immediately.
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits, kubamracek
Differential Revision: https://reviews.llvm.org/D46277
llvm-svn: 331310
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D43597
llvm-svn: 325817
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Experiments using
https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison
show a significant increase in coverage and reduction in corpus size
with this option enabled.
Addresses https://llvm.org/pr36371.
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D42932
llvm-svn: 325050
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is needed in case the users of libFuzzer use libc++ in their
code, which the fuzz target (libFuzzer) will be linked against.
When libc++ source is available, we build a private version of it
and link it against libFuzzer which allows using the same static
library against codebases which use both libc++ and libstdc++.
Differential Revision: https://reviews.llvm.org/D37631
llvm-svn: 322755
|
| |
|
|
|
|
| |
This reverts commit r322604: test is failing for standalone compiler-rt.
llvm-svn: 322689
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is needed in case the users of libFuzzer use libc++ in their
code, which the fuzz target (libFuzzer) will be linked against.
When libc++ source is available, we build a private version of it
and link it against libFuzzer which allows using the same static
library against codebases which use both libc++ and libstdc++.
Differential Revision: https://reviews.llvm.org/D37631
llvm-svn: 322604
|
| |
|
|
|
|
| |
max_len slower
llvm-svn: 320531
|
| |
|
|
|
|
| |
-experimental_len_control, call UpdateFeatureFrequency only if instructed by the flag
llvm-svn: 320205
|
| |
|
|
| |
llvm-svn: 319590
|
| |
|
|
| |
llvm-svn: 319572
|
| |
|
|
| |
llvm-svn: 319571
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39850
llvm-svn: 317831
|
| |
|
|
| |
llvm-svn: 317829
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: Nested mallocs are possible with internal symbolizer.
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39397
llvm-svn: 317186
|
| |
|
|
|
|
|
|
|
|
| |
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39397
llvm-svn: 317071
|
| |
|
|
|
|
|
|
|
|
|
| |
Fails on darwin
Revert "[fuzzer] Script to detect unbalanced allocation in -trace_malloc output"
Needs previous one.
This reverts commit r317034, r317036.
llvm-svn: 317061
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: Nested mallocs are possible with internal symbolizer.
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39397
llvm-svn: 317034
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: The result of clang-format and few manual changes (as prompted on D39155).
Reviewers: vitalybuka
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39211
llvm-svn: 316395
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sessions.
Summary:
Fuzzing targets that allocate/deallocate a lot of memory tend to consume
a lot of RSS when ASan quarantine is enabled. Purging quarantine between
iterations and returning memory to OS keeps RSS down and should not
reduce the quarantine effectiveness provided the fuzz target does not
preserve state between iterations (in this case this feature can be turned off).
Based on D39153.
Reviewers: vitalybuka
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39155
llvm-svn: 316382
|
| |
|
|
|
|
| |
input before the seed corpus
llvm-svn: 315657
|
| |
|
|
|
|
| |
improve the situation dramatically on the png benchmark and make things worse on a number of micro-puzzles. Needs more A/B testing
llvm-svn: 315407
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
It can be enabled via "-use_clang_coverage=1" flag. Reason for disabling:
libFuzzer resets Clang Counters and makes it impossible to generate coverage
report for a regular fuzz target (i.e. not standalone build).
Reviewers: kcc
Reviewed By: kcc
Subscribers: kcc
Differential Revision: https://reviews.llvm.org/D38604
llvm-svn: 315029
|
| |
|
|
| |
llvm-svn: 313081
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
memory leak.
Summary:
Fuzzer::TryDetectingAMemoryLeak may call ExecuteCallback which would
increment TotalNumberOfRuns, but it doesn't respect Options.MaxNumberOfRuns
value specified by a user.
Context: https://github.com/google/oss-fuzz/issues/822#issuecomment-328153970
Reviewers: kcc
Reviewed By: kcc
Differential Revision: https://reviews.llvm.org/D37632
llvm-svn: 312993
|
| |
|
|
| |
llvm-svn: 312269
|
| |
|
|
|
|
| |
files and these executing all files, load and execute them one-by-one. This should reduce the memory usage in many cases
llvm-svn: 312033
|
| |
|
|
|
|
| |
consumed; NFC
llvm-svn: 311972
|
| |
|
|
|
|
|
|
| |
Avoids ODR violations causing spurious ASAN warnings.
Differential Revision: https://reviews.llvm.org/D37086
llvm-svn: 311866
|
| |
|
|
|
|
| |
This reverts commit 3539efc2f2218dba2bcbd645d0fe276f2b5cf588.
llvm-svn: 311831
|
| |
|
|
|
|
|
|
| |
Avoids ODR violations causing spurious ASAN container overflow warnings.
Differential Revision: https://reviews.llvm.org/D37086
llvm-svn: 311830
|
| |
|
|
|
|
| |
functions during fuzzing
llvm-svn: 311797
|
| |
|
|
| |
llvm-svn: 311420
|
|
|
Resulting library binaries will be named libclang_rt.fuzzer*, and will
be placed in Clang toolchain, allowing redistribution.
Differential Revision: https://reviews.llvm.org/D36908
llvm-svn: 311407
|
