summaryrefslogtreecommitdiffstats
path: root/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] simplify the code for print_coverage=1 so that it doesn't fail ↵Kostya Serebryany2019-02-121-2/+2
| | | | | | on broken debug info llvm-svn: 353781
* [fuzzer] Use RawPrint instead of Printf for instrumentation warningJonathan Metzman2019-01-311-6/+10
| | | | | | | | | | | | | | | Summary: Use RawPrint instead of Printf for instrumentation warning because Printf doesn't work on Win when instrumentation is being initialized (since OutputFile is not yet initialized). Reviewers: kcc Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D57531 llvm-svn: 352789
* [libFuzzer] experimental performance optimization -lazy_counters, off by ↵Kostya Serebryany2019-01-311-0/+39
| | | | | | default. Posix-only for now, tested on Linux llvm-svn: 352700
* [libFuzzer] refactor the handling of instrumentation counters so that they ↵Kostya Serebryany2019-01-301-35/+51
| | | | | | are grouped in regions one full page each. Needed for future optimization. NFC llvm-svn: 352603
* [libFuzzer] remove stale code Kostya Serebryany2019-01-291-71/+2
| | | | llvm-svn: 352571
* [libFuzzer] revert an accidental commitKostya Serebryany2019-01-291-3/+35
| | | | llvm-svn: 352567
* [libFuzzer] remove deprecated support for -fsanitize-coverage=trace-pc[-guard]Kostya Serebryany2019-01-291-35/+3
| | | | llvm-svn: 352566
* [libFuzzer] remove deprecated support for -fsanitize-coverage=trace-pc[-guard]Kostya Serebryany2019-01-291-9/+12
| | | | llvm-svn: 352564
* [libFuzzer] print uncovered functions when doing -print_coverage=1Kostya Serebryany2019-01-261-6/+6
| | | | llvm-svn: 352263
* [libFuzzer] more agressive value profiling and CMP tracing for switch statementsKostya Serebryany2019-01-241-11/+31
| | | | llvm-svn: 352107
* Update the file headers across all of the LLVM projects in the monorepoChandler Carruth2019-01-191-4/+3
| | | | | | | | | | | | | | | | | to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. llvm-svn: 351636
* [libFuzzer] Remove unstable edge handlingJonathan Metzman2019-01-151-78/+9
| | | | | | | | | | Summary: Remove code for handling unstable edges from libFuzzer since it has not been found useful. Differential Revision: https://reviews.llvm.org/D56730 llvm-svn: 351262
* [libfuzzer][MSVC] Make calls to builtin functions work with MSVCJonathan Metzman2019-01-091-18/+19
| | | | | | | | | | | | | | | | | | Summary: Replace calls to builtin functions with macros or functions that call the Windows-equivalents when targeting windows and call the original builtin functions everywhere else. This change makes more parts of libFuzzer buildable with MSVC. Reviewers: vitalybuka Reviewed By: vitalybuka Subscribers: mgorny, rnk, thakis Differential Revision: https://reviews.llvm.org/D56439 llvm-svn: 350766
* [libFuzzer] Generalize the code for getting the previous offset for ↵George Karpenkov2018-10-101-13/+33
| | | | | | | | | | | | | different architectures Without this change, tests in coverage.test and dump_coverage.test are failing on non-x86_64 platforms. The diff is copied from sanitizer_common library, an alternative would be to link it together with libFuzzer. Differential Revision: https://reviews.llvm.org/D53040 llvm-svn: 344104
* [libFuzzer] Port to WindowsMatt Morehouse2018-08-301-2/+1
| | | | | | | | | | | | | | | | | | | | Summary: Port libFuzzer to windows-msvc. This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well. It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch. It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them. Patch By: metzman Reviewers: morehouse, rnk Reviewed By: morehouse, rnk Subscribers: #sanitizers, delcypher, morehouse, kcc, eraman Differential Revision: https://reviews.llvm.org/D51022 llvm-svn: 341082
* Revert "[libFuzzer] Port to Windows"Matt Morehouse2018-08-291-1/+2
| | | | | | This reverts r340949 due to bot breakage again. llvm-svn: 340954
* [libFuzzer] Port to WindowsMatt Morehouse2018-08-291-2/+1
| | | | | | | | | | | | | | | | | | Summary: Port libFuzzer to windows-msvc. This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well. It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch. It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them. Reviewers: morehouse, rnk Reviewed By: morehouse, rnk Subscribers: #sanitizers, delcypher, morehouse, kcc, eraman Differential Revision: https://reviews.llvm.org/D51022 llvm-svn: 340949
* Revert "[libFuzzer] Port to Windows"Matt Morehouse2018-08-281-1/+2
| | | | | | This reverts commit r340860 due to failing tests. llvm-svn: 340867
* [libFuzzer] Port to WindowsMatt Morehouse2018-08-281-2/+1
| | | | | | | | | | | | | | | | | | | | Summary: Port libFuzzer to windows-msvc. This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well. It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch. It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them. Patch By: metzman Reviewers: morehouse, rnk Reviewed By: morehouse, rnk Subscribers: morehouse, kcc, eraman Differential Revision: https://reviews.llvm.org/D51022 llvm-svn: 340860
* [libFuzzer] Optimize handle unstable checks by reducing iterationsMax Moroz2018-08-081-4/+14
| | | | | | | | | | | | | | | | | | Summary: We only run the 3rd check if 2nd check finds unstable edges. 3rd UpdateUnstableCounters is now merged with ApplyUnstableCounters to only run 1 iteration. Patch by Kyungtak Woo (@kevinwkt). Reviewers: Dor1s, metzman, morehouse Reviewed By: Dor1s, morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D50411 llvm-svn: 339249
* [libFuzzer] Add unstable function printing to print_unstable_stats flagMax Moroz2018-08-061-2/+14
| | | | | | | | | | | | | | | | | | | Summary: There may be cases in which a user wants to know which part of their code is unstable. We use ObservedFuncs and UnstableCounters to print at exit which of the ObservedFunctions are unstable under the -print_unstable_stats flag. Patch by Kyungtak Woo (@kevinwkt). Reviewers: Dor1s, metzman, morehouse Reviewed By: Dor1s, metzman, morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D50264 llvm-svn: 339081
* [libFuzzer] use absolute distance in addition to the hamming distance in ↵Kostya Serebryany2018-08-021-10/+5
| | | | | | value profiling; our A/B testing have (somewhat weak) indication that this provides an additional signal for corpus expansion llvm-svn: 338661
* [libFuzzer] Handle unstable edges by disregarding unstable edgesMax Moroz2018-07-241-4/+7
| | | | | | | | | | | | | | | | | | | | Summary: Added a new mode within flag -handle_unstable for new unstable handling algorithm that does the following: When an edge is shown as unstable, copy to UnstableCounters the value 0. During ApplyUnstableCounters we copy back the value 0 to ModuleInline8bitCounters if the edge was unstable. This way we would be ignoring completely features that were collected through non-determinism. Unstable hits would be counted as if it never hit. Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, morehouse Subscribers: delcypher, llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D49684 llvm-svn: 337853
* [libFuzzer] Handle unstable edges by using minimum hit countsMax Moroz2018-07-231-6/+15
| | | | | | | | | | | | | | | | | | | | | | | | Summary: Created unstable_handle flag that takes 1 or 2, depending on the handling type. Modified RunOne to accommodate the following heuristic: Use the first CollectFeatures to count how many features there are. If no new features, CollectFeatures like before. If there is new feature, we run CB 2 more times, Check which edges are unstable per input and we store the least amount of hit counts for each edge. Apply these hit counts back to inline8bitcounters so that CollectFeatures can work as intended. Modified UnstableCounters to 8int_t and created a bitset UnstableSet to tell which edges are unstable. Patch by Kyungtak Woo (@kevinwkt). Reviewers: Dor1s, metzman, morehouse Reviewed By: Dor1s, morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D49525 llvm-svn: 337696
* [libFuzzer] when -print_coverage=1 is given, print more stats (the number of ↵Kostya Serebryany2018-07-191-13/+16
| | | | | | seeds that hit every given function) llvm-svn: 337501
* [libFuzzer] Create single template for visiting Inline8bitCountersMax Moroz2018-07-181-27/+22
| | | | | | | | | | | | | | | | | | Summary: Created IterateInline8bitCounters, a single template for visiting Inline8bitCounters (nested for loop) Made InitializeUnstableCounters and UpdateUnstableCounters both send a lambda to IterateInline8bitCounters. Patch by Kyungtak Woo (@kevinwkt). Reviewers: Dor1s, metzman, kcc, morehouse Reviewed By: metzman, morehouse Subscribers: delcypher, llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D49453 llvm-svn: 337403
* libFuzzer: prevent irrelevant strings from leaking into auto-dictionaryMatt Morehouse2018-07-171-10/+8
| | | | | | | | | | | | | | | | This is a fix for bug 37047. https://bugs.llvm.org/show_bug.cgi?id=37047 Implemented by basically reversing the logic. Previously all strings were considered, with some operations excluded. Now strings are excluded by default, and only strings during the CB considered. Patch By: pdknsk Differential Revision: https://reviews.llvm.org/D48800 llvm-svn: 337296
* [libFuzzer] Implement stat::stability_rate based on the percentage of ↵Max Moroz2018-07-161-0/+40
| | | | | | | | | | | | | | | | | | | | | unstable edges. Summary: Created a -print_unstable_stats flag. When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array. On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does. Patch by Kyungtak Woo (@kevinwkt). Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, Dor1s, morehouse Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s Differential Revision: https://reviews.llvm.org/D49212 llvm-svn: 337187
* Revert r337175 (https://reviews.llvm.org/D49212) due to unintentional format ↵Max Moroz2018-07-161-43/+3
| | | | | | changes. llvm-svn: 337180
* [libFuzzer] Implement stat::stability_rate based on the percentage of ↵Max Moroz2018-07-161-3/+43
| | | | | | | | | | | | | | | | | | | | | unstable edges. Summary: Created a -print_unstable_stats flag. When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array. On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does. Patch by Kyungtak Woo (@kevinwkt). Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, Dor1s, morehouse Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s Differential Revision: https://reviews.llvm.org/D49212 llvm-svn: 337175
* libFuzzer: always print line-break for NEW_FUNC/PC outputKostya Serebryany2018-07-061-3/+6
| | | | | | | | | | | | | | Summary: This is a minor cosmetic change. When function/path exceed ~1000 characters, the output is truncated before the line-break. I noticed this for NEW_FUNC. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D48799 llvm-svn: 336461
* [libFuzzer] add one more value profile metric, under a flag (experimental)Kostya Serebryany2018-07-031-1/+8
| | | | llvm-svn: 336234
* [libFuzzer] Use Vector rather than std::vector.Matt Morehouse2018-06-251-1/+1
| | | | llvm-svn: 335487
* [libFuzzer] When printing NEW_FUNC, use 1-base indexing.Kostya Serebryany2018-06-071-1/+1
| | | | | | | | | | | | | | Summary: Otherwise we print things like [0/1] which is visually confusing. Reviewers: kcc Reviewed By: kcc Subscribers: delcypher, llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D47837 llvm-svn: 334234
* [libFuzzer] reinstate -dump_coverage, which is still in use (reverts r332036)Kostya Serebryany2018-05-211-0/+9
| | | | llvm-svn: 332876
* [libFuzzer] add an experimental flag -focus_function: libFuzzer will try to ↵Kostya Serebryany2018-05-161-0/+33
| | | | | | focus on inputs that trigger that function llvm-svn: 332554
* [libFuzzer] refactor the implementation of -print_coverageKostya Serebryany2018-05-111-44/+40
| | | | llvm-svn: 332073
* [libFuzzer] remove the dump_coverage flag, it hasn't been working with the ↵Kostya Serebryany2018-05-101-9/+0
| | | | | | inline sanitizer coverage anyway llvm-svn: 332036
* [libFuzzer] remove the experimental support for clang coverage ↵Kostya Serebryany2018-05-101-10/+0
| | | | | | instrumentation. This mode has not been used and our experiments with https://github.com/google/fuzzer-test-suite show that this signal is weaker than the SanitizerCoverage llvm-svn: 332034
* [LibFuzzer] Report when custom counters are available.Dan Liew2018-04-201-0/+3
| | | | | | | | This upstreams a feature from the JFS solver's fork of LibFuzzer. Differential Revision: https://reviews.llvm.org/D45675 llvm-svn: 330391
* [libFuzzer] print a better warning if we hit the ld bugKostya Serebryany2017-10-141-3/+5
| | | | llvm-svn: 315778
* [libFuzzer] allow -print_funcs=N: N is the max number of new covered ↵Kostya Serebryany2017-08-281-2/+8
| | | | | | function printed llvm-svn: 311945
* [libFuzzer] Use custom allocators for STL containers in libFuzzer.George Karpenkov2017-08-271-3/+3
| | | | | | | | Avoids ODR violations causing spurious ASAN warnings. Differential Revision: https://reviews.llvm.org/D37086 llvm-svn: 311866
* Revert "[libFuzzer] Use custom allocators for STL containers in libFuzzer"George Karpenkov2017-08-261-1/+1
| | | | | | This reverts commit 3539efc2f2218dba2bcbd645d0fe276f2b5cf588. llvm-svn: 311831
* [libFuzzer] Use custom allocators for STL containers in libFuzzerGeorge Karpenkov2017-08-261-1/+1
| | | | | | | | Avoids ODR violations causing spurious ASAN container overflow warnings. Differential Revision: https://reviews.llvm.org/D37086 llvm-svn: 311830
* [libFuzzer] add -print_funcs=1 (on bey default): print newly discovered ↵Kostya Serebryany2017-08-251-6/+13
| | | | | | functions during fuzzing llvm-svn: 311797
* [sanitizer-coverage] extend fsanitize-coverage=pc-table with flags for every PCKostya Serebryany2017-08-251-8/+9
| | | | llvm-svn: 311794
* [SanitizerCoverage] Optimize stack-depth instrumentation.Matt Morehouse2017-08-221-1/+2
| | | | | | | | | | | | | | | | Summary: Use the initialexec TLS type and eliminate calls to the TLS wrapper. Fixes the sanitizer-x86_64-linux-fuzzer bot failure. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D37026 llvm-svn: 311490
* [libFuzzer] fix the stack-depth initialization, add a lit test for ↵Kostya Serebryany2017-08-221-1/+3
| | | | | | DeepRecursionTest.cpp llvm-svn: 311421
* [libFuzzer] apply changes lost during the migration to compiler-rtKostya Serebryany2017-08-221-8/+25
| | | | llvm-svn: 311420
OpenPOWER on IntegriCloud