summaryrefslogtreecommitdiffstats
path: root/compiler-rt/lib/fuzzer/FuzzerMutate.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Make MutateWithMask work when the Mask is shorter than the input.Max Moroz2019-04-111-3/+3
| | | | | | | | | | | | | | | | | | | Summary: Before this change, MutateWithMask used to assert that Mask should be of sufficient length (>= Size of the input). However, in real cases we may have inputs that are longer than the Mask they have inherited from the based inputs. Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60571 llvm-svn: 358207
* [libFuzzer] Fallback to default Mutate when MutateWithMask fails.Max Moroz2019-04-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | Summary: In case the current corpus input doesn't have bytes going into the focus function, MutateWithMask is useless and may fail gently, allowing the default mutation routine happen, rather than crashing on an assertion. For more context and the initial fix suggestion, see: https://github.com/google/oss-fuzz/issues/1632#issuecomment-481862879 Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60567 llvm-svn: 358190
* [libFuzzer] refactor the way we choose the element to cross-over with, NFC ↵Kostya Serebryany2019-02-081-8/+8
| | | | | | (expected1); add a flag -seed_inputs= to pass extra seed inputs as file paths, not dirs llvm-svn: 353494
* Update the file headers across all of the LLVM projects in the monorepoChandler Carruth2019-01-191-4/+3
| | | | | | | | | | | | | | | | | to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. llvm-svn: 351636
* [libFuzzer] Remove mutation stats and weighted mutation selection.Max Moroz2018-08-291-63/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This was an experimental feature. After evaluating it with: 1) https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison 2) enabling on real world fuzz targets running at ClusterFuzz and OSS-Fuzz The following conclusions were made: 1) With fuzz targets that have reached a code coverage plateau, the feature does not improve libFuzzer's ability to discover new coverage and may actually negatively impact it. 2) With fuzz targets that have not yet reached a code coverage plateau, the feature might speed up new units discovery in some cases, but it is quite rare and hard to confirm with a high level on confidence. Revert of https://reviews.llvm.org/D48054 and https://reviews.llvm.org/D49621. Reviewers: metzman, morehouse Reviewed By: metzman, morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D51455 llvm-svn: 340976
* [libFuzzer] Initial implementation of weighted mutation leveraging during ↵Max Moroz2018-08-021-26/+50
| | | | | | | | | | | | | | | | | | | | | runtime. Summary: Added functions that calculate stats while fuzz targets are running and give mutations weight based on how much new coverage they provide, and choose better performing mutations more often. Patch by Kodé Williams (@kodewilliams). Reviewers: Dor1s, metzman, morehouse Reviewed By: Dor1s, morehouse Subscribers: delcypher, kcc, llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D49621 llvm-svn: 338776
* [libFuzzer] fix the bot (the no-assert build)Kostya Serebryany2018-07-191-0/+1
| | | | llvm-svn: 337437
* [libFuzzer] first experimental attempt at DFT-based mutations ↵Kostya Serebryany2018-07-191-0/+27
| | | | | | (DFT=data-flow-trace) llvm-svn: 337434
* [libFuzzer] Mutation tracking and logging implemented.Max Moroz2018-07-171-19/+39
| | | | | | | | | | | | | | | | | | | Summary: Code now exists to track number of mutations that are used in fuzzing in total and ones that produce new coverage. The stats are currently being dumped to the command line. Patch by Kodé Williams (@kodewilliams). Reviewers: metzman, Dor1s, morehouse, kcc Reviewed By: Dor1s, morehouse, kcc Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny Differential Revision: https://reviews.llvm.org/D48054 llvm-svn: 337324
* libFuzzer: prevent irrelevant strings from leaking into auto-dictionaryMatt Morehouse2018-07-171-1/+0
| | | | | | | | | | | | | | | | This is a fix for bug 37047. https://bugs.llvm.org/show_bug.cgi?id=37047 Implemented by basically reversing the logic. Previously all strings were considered, with some operations excluded. Now strings are excluded by default, and only strings during the CB considered. Patch By: pdknsk Differential Revision: https://reviews.llvm.org/D48800 llvm-svn: 337296
* Revert r337194 (https://reviews.llvm.org/D48891) due to compilation errors.Max Moroz2018-07-161-24/+3
| | | | llvm-svn: 337206
* [libFuzzer] Mutation tracking and logging implemented.Max Moroz2018-07-161-3/+24
| | | | | | | | | | | | | | | | | | | Summary: Code now exists to track number of mutations that are used in fuzzing in total and ones that produce new coverage. The stats are currently being dumped to the command line. Patch by Kodé Williams (@kodewilliams). Reviewers: metzman, Dor1s, morehouse, kcc Reviewed By: Dor1s, morehouse, kcc Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny Differential Revision: https://reviews.llvm.org/D48054 llvm-svn: 337194
* Revert "[libFuzzer] Mutation tracking and logging implemented"Matt Morehouse2018-07-091-46/+20
| | | | | | This reverts r336597 due to bot breakage. llvm-svn: 336616
* [libFuzzer] Mutation tracking and logging implementedMatt Morehouse2018-07-091-20/+46
| | | | | | | | | | | | Code now exists to track number of mutations that are used in fuzzing in total and ones that produce new coverage. The stats are currently being dumped to the command line. Patch By: Kode Williams Differntial Revision: https://reviews.llvm.org/D48054 llvm-svn: 336597
* [LibFuzzer] Tweak `MutationDispatcher::Mutate_CopyPart` mutation.Dan Liew2018-04-241-1/+3
| | | | | | | | | | | | It doesn't make sense to non-deterministically choose between `CopyPart(..)` and `InsertPart(..)` when it is known that `InsertPart(..)` will fail. This upstream's a change from JFS solver's fork of LibFuzzer. Differential Revision: https://reviews.llvm.org/D45693 llvm-svn: 330687
* [libFuzzer] Fix sizeof(ptr) bug.Matt Morehouse2018-01-301-1/+1
| | | | | | | sizeof(const char *) returns 4 or 8 when what we really want is the size of the array. llvm-svn: 323802
* [libFuzzer] Use custom allocators for STL containers in libFuzzer.George Karpenkov2017-08-271-2/+2
| | | | | | | | Avoids ODR violations causing spurious ASAN warnings. Differential Revision: https://reviews.llvm.org/D37086 llvm-svn: 311866
* Revert "[libFuzzer] Use custom allocators for STL containers in libFuzzer"George Karpenkov2017-08-261-2/+2
| | | | | | This reverts commit 3539efc2f2218dba2bcbd645d0fe276f2b5cf588. llvm-svn: 311831
* [libFuzzer] Use custom allocators for STL containers in libFuzzerGeorge Karpenkov2017-08-261-2/+2
| | | | | | | | Avoids ODR violations causing spurious ASAN container overflow warnings. Differential Revision: https://reviews.llvm.org/D37086 llvm-svn: 311830
* Move libFuzzer to compiler_rt.George Karpenkov2017-08-211-0/+533
Resulting library binaries will be named libclang_rt.fuzzer*, and will be placed in Clang toolchain, allowing redistribution. Differential Revision: https://reviews.llvm.org/D36908 llvm-svn: 311407
OpenPOWER on IntegriCloud