summaryrefslogtreecommitdiffstats
path: root/compiler-rt/lib/fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* Revert "[compiler-rt] Change std::sort to llvm::sort in response to r327219"Mandeep Singh Grang2018-03-202-10/+10
| | | | | | This reverts commit 2ee210e1963e03aacc0f71c50e4994bb5c66586e. llvm-svn: 327936
* [compiler-rt] Change std::sort to llvm::sort in response to r327219Mandeep Singh Grang2018-03-202-10/+10
| | | | | | | | | | | | | | | | | | | Summary: r327219 added wrappers to std::sort which randomly shuffle the container before sorting. This will help in uncovering non-determinism caused due to undefined sorting order of objects having the same key. To make use of that infrastructure we need to invoke llvm::sort instead of std::sort. Reviewers: kcc, rsmith, RKSimon, eugenis Reviewed By: RKSimon Subscribers: efriedma, kubamracek, dberris, #sanitizers, llvm-commits Differential Revision: https://reviews.llvm.org/D44360 llvm-svn: 327929
* [Fuzzer] Build the shared memory hooks for FuchsiaPetr Hosek2018-03-161-0/+1
| | | | | | | | | This is needed otherwise we'll get undefined references when trying to use the libFuzzer built for Fuchsia. Differential Revision: https://reviews.llvm.org/D44590 llvm-svn: 327759
* fix some user facing typos / in the commentsSylvestre Ledru2018-03-135-8/+8
| | | | llvm-svn: 327402
* [Fuzzer] When building for Fuchsia, add an explicit libc++ dependencyPetr Hosek2018-03-101-0/+5
| | | | | | | | | | libFuzzer dependes on C++ library, when building for Fuchsia, we need to ensure that libFuzzer is only being built after libc++ has been built, so we add an explicity dependency on it. Differential Revision: https://reviews.llvm.org/D44340 llvm-svn: 327196
* [Fuzzer] Avoid the unnecessary rebuild of the custom libc++Petr Hosek2018-03-072-4/+4
| | | | | | | | | | | | This changes the add_custom_libcxx macro to resemble the llvm_ExternalProject_Add. The primary motivation is to avoid unnecessary libFuzzer rebuilds that are being done on every Ninja/Make invocation. The libc++ should be only rebuilt whenever the libc++ source itself changes. Differential Revision: https://reviews.llvm.org/D43213 llvm-svn: 326921
* [libFuzzer] Include TEMP_MAX_LEN in Fuzzer::PrintStats.Matt Morehouse2018-02-221-4/+2
| | | | | | | | | | | | Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D43597 llvm-svn: 325817
* [libFuzzer] Set -experimental_len_control=1000 as default.Matt Morehouse2018-02-134-6/+9
| | | | | | | | | | | | | | | | | | | | Summary: Experiments using https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison show a significant increase in coverage and reduction in corpus size with this option enabled. Addresses https://llvm.org/pr36371. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D42932 llvm-svn: 325050
* [Fuzzer] Use Zircon's public API on FuchsiaPetr Hosek2018-02-071-31/+43
| | | | | | | | | | The original libFuzzer Fuchsia port relied on convenience libraries, but these are not exported as part of Fuchsia sysroot. This change eliminates the use of these libraries and relies on public API only. Differential Revision: https://reviews.llvm.org/D42996 llvm-svn: 324454
* [CMake] Remove -stdlib= which is unused when passing -nostdinc++Jonas Hahnfeld2018-02-011-0/+2
| | | | | | | | | This avoids the warnings when building with LLVM_ENABLE_LIBCXX which automatically adds -stdlib=libc++ to CMAKE_CXX_FLAGS. Differential Revision: https://reviews.llvm.org/D42238 llvm-svn: 323969
* [fuzzer] Update and enable libFuzzer on FuchsiaPetr Hosek2018-01-301-3/+3
| | | | | | | | | | | | | This change updates the Fuchsia-specific code to use the C++ friendly duration expressions and flips on the building of libclang_rt.fuzzer-x86_64.a and similar for Fuchsia. Given that compiler-rt doesn't build on Fuchsia, test have been run by explicitly building the library and linking it against lib/fuzzer/tests/FuzzerUnittest.cpp. Differential Revision: https://reviews.llvm.org/D42670 llvm-svn: 323828
* [libFuzzer] Fix sizeof(ptr) bug.Matt Morehouse2018-01-301-1/+1
| | | | | | | sizeof(const char *) returns 4 or 8 when what we really want is the size of the array. llvm-svn: 323802
* Reland "[Fuzzer] Parametrize add_custom_libcxx"Petr Hosek2018-01-212-11/+11
| | | | | | | | | | | | | add_custom_libcxx uses the just built compiler and installs the built libc++, e.g. for testing, neither of which is desirable in case of Fuzzer where the libc++ should be built using the host compiler and it's only linked into the libFuzzer and should never be installed. This change introduces additional arguments to add_custom_libcxx to allow parametrizing its behavior. Differential Revision: https://reviews.llvm.org/D42330 llvm-svn: 323054
* Revert "[Fuzzer] Parametrize add_custom_libcxx"Petr Hosek2018-01-202-8/+7
| | | | | | This reverts commit r323032: failing on the sanitizer-x86_64-linux-autoconf bot. llvm-svn: 323033
* [Fuzzer] Parametrize add_custom_libcxxPetr Hosek2018-01-202-7/+8
| | | | | | | | | | | | | add_custom_libcxx uses the just built compiler and installs the built libc++, e.g. for testing, neither of which is desirable in case of Fuzzer where the libc++ should be built using the host compiler and it's only linked into the libFuzzer and should never be installed. This change introduces additional arguments to add_custom_libcxx to allow parametrizing its behavior. Differential Revision: https://reviews.llvm.org/D42330 llvm-svn: 323032
* Reland "[libFuzzer] Support using libc++"Petr Hosek2018-01-175-15/+67
| | | | | | | | | | | | This is needed in case the users of libFuzzer use libc++ in their code, which the fuzz target (libFuzzer) will be linked against. When libc++ source is available, we build a private version of it and link it against libFuzzer which allows using the same static library against codebases which use both libc++ and libstdc++. Differential Revision: https://reviews.llvm.org/D37631 llvm-svn: 322755
* Revert "[libFuzzer] Support using libc++"Petr Hosek2018-01-175-67/+15
| | | | | | This reverts commit r322604: test is failing for standalone compiler-rt. llvm-svn: 322689
* [libFuzzer] Support using libc++Petr Hosek2018-01-175-15/+67
| | | | | | | | | | | | This is needed in case the users of libFuzzer use libc++ in their code, which the fuzz target (libFuzzer) will be linked against. When libc++ source is available, we build a private version of it and link it against libFuzzer which allows using the same static library against codebases which use both libc++ and libstdc++. Differential Revision: https://reviews.llvm.org/D37631 llvm-svn: 322604
* Switch from Bourne shell to simply base shell to build libfuzzerKamil Rytarowski2018-01-121-1/+1
| | | | | | | | | | | | | | Summary: It is not necessary launching the build script with bash. Reviewers: krytarowski Reviewed By: krytarowski Subscribers: llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D42008 llvm-svn: 322422
* lib Fuzzer FreeBSD supportKamil Rytarowski2018-01-128-11/+31
| | | | | | | | | | | | | | Summary: Patch by David CARLIER Reviewers: vitalybuka, kcc, dim, emaste, davide, morehouse, george.karpenkov Reviewed By: morehouse Subscribers: george.karpenkov, kubamracek, srhines, mgorny, emaste, krytarowski Differential Revision: https://reviews.llvm.org/D41642 llvm-svn: 322380
* [libfuzzer] Fix UB when calculating Log(0) in StackDepthStepFunction().Max Moroz2017-12-201-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: __builtin_clz used for Log calculation returns an undefined result when argument is 0. I noticed that issue when was testing some fuzzers: ``` /src/libfuzzer/FuzzerTracePC.h:282:33: runtime error: shift exponent 450349 is too large for 32-bit type 'uint32_t' (aka 'unsigned int') #0 0x43d83f in operator() /src/libfuzzer/FuzzerTracePC.h:283:33 #1 0x43d83f in void fuzzer::TracePC::CollectFeatures<fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)::$_1>(fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)::$_1) const /src/libfuzzer/FuzzerTracePC.h:290 #2 0x43cbd4 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:445:7 #3 0x43e5f1 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:706:5 #4 0x43e9e1 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:739:3 #5 0x432f8c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6 #6 0x42ee18 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #7 0x7f17ffeb182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #8 0x407838 in _start (/out/rotate_fuzzer+0x407838) Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D41457 llvm-svn: 321211
* [libFuzzer] Add dummy call of LLVMFuzzerTestOneInput to afl_driver.Matt Morehouse2017-12-131-1/+7
| | | | | | | | | | | | | | | | | | | | Summary: Add dummy call of LLVMFuzzerTestOneInput to afl_driver before it starts executing on actual inputs. Do this so that first time initialization performed by LLVMFuzzerTestOneInput is not considered code covered by a particular input. Patch By: metzman Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: llvm-commits, Sanitizers Differential Revision: https://reviews.llvm.org/D41193 llvm-svn: 320643
* [libFuzzer] change the strategy for -experimental_len_control to grow ↵Kostya Serebryany2017-12-124-11/+7
| | | | | | max_len slower llvm-svn: 320531
* [libFuzzer] even less aggressive step function for stack depth. Also don't ↵Kostya Serebryany2017-12-091-1/+12
| | | | | | use asan in one test to speed it up llvm-svn: 320259
* [libFuzzer] make the stack depth signal less agressive, otherwise we are ↵Kostya Serebryany2017-12-091-1/+1
| | | | | | sometimes exploding the corpus size. This still needs more analysis and tuning llvm-svn: 320237
* [libFuzzer] Add support for Fuchsia OS.Matt Morehouse2017-12-086-2/+279
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This patch adds the initial support for Fuchsia. - LIBFUZZER_FUCHSIA is added as an OS type in FuzzerDefs.h - Fuchsia is, by design, not POSIX compliant. However, it does use ELF and supports common POSIX I/O functions. Thus, FuzzerExtFunctions.h and FuzzerIO.h are implemented by extending the header guards in FuzzerExtFunctionsWeak.cpp and FuzzerIOPosix.cpp to include LIBFUZZER_FUCHSIA. - The platform-specific portions of FuzzerUtil.h are implemented by FuzzerUtilFuchsia.cpp, which makes use of exception ports, syscalls, and the launchpad library. - The experimental equivalence server is not currently supported, so FuzzerShmem.h is implemented by stub methods in FuzzerShmemFuchsia.cpp. Any future implementation will likely involve VMOs. Tested with ASAN/SanCov on Fuchsia/x86-64 with the canonical toy fuzzer. Patch By: aarongreen Reviewers: kcc, morehouse, flowerhack, phosek Reviewed By: kcc, phosek, Eugene.Zelenko Subscribers: srhines, mgorny, Eugene.Zelenko Differential Revision: https://reviews.llvm.org/D40974 llvm-svn: 320210
* [libFuzzer] honor -use_counters, sligntly change the meaning of ↵Kostya Serebryany2017-12-083-8/+18
| | | | | | -experimental_len_control, call UpdateFeatureFrequency only if instructed by the flag llvm-svn: 320205
* [libFuzzer] Decrease stack usage in unit testsKostya Serebryany2017-12-061-26/+26
| | | | | | | | | | | | Summary: With 3 Dictionary objects, each containing space of ~16k DictionaryEntry objects, the MutationDispatcher object is fairly memory heavy. On platforms with a lower default stack size, this can cause panics in FuzzerUnittest as those tests stack-allocate the MutationDispatcher. This may be especially problematic for platforms that do not (yet) have a way to programmatically change their stack size, aside from link-time flags. In general, it seems more prudent to use the heap for an object of this size. Reviewers: kcc, morehouse Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D40926 llvm-svn: 319988
* [libFuzzer] fix a minor regression in printingKostya Serebryany2017-12-061-1/+1
| | | | llvm-svn: 319975
* [libFuzzer] Make redirects happen in proper sequence.Matt Morehouse2017-12-052-3/+3
| | | | | | | "> file" must come before "2>&1" to have redirection occur correctly in all cases. Fixes a regression on minimize_two_crashes.test. llvm-svn: 319792
* [libFuzzer] Remove const from ignoreRemainingArgs return value.Matt Morehouse2017-12-041-2/+2
| | | | | | In this case const does nothing but trigger a warning. llvm-svn: 319685
* [libFuzzer] Remove FuzzerCommand.cpp from build sources.Matt Morehouse2017-12-041-1/+0
| | | | | | | FuzzerCommand.cpp was not introduced in r319680. Instead, it was implemented in the header file. llvm-svn: 319682
* [libFuzzer] Encapsulate commands in a class.Matt Morehouse2017-12-049-43/+400
| | | | | | | | | | | | | | | | | | | | | Summary: To be more portable (especially w.r.t. platforms without system()), commands should be managed programmatically rather than via string manipulation on the command line. This change introduces Fuzzer::Command, with methods to manage arguments and flags, set output options, and execute the command. Patch By: aarongreen Reviewers: kcc, morehouse Reviewed By: kcc, morehouse Subscribers: llvm-commits, mgorny Differential Revision: https://reviews.llvm.org/D40103 llvm-svn: 319680
* [libFuzzer] add a flag -malloc_limit_mbKostya Serebryany2017-12-014-1/+8
| | | | llvm-svn: 319590
* [libFuzzer] remove stale flags; NFCKostya Serebryany2017-12-014-13/+0
| | | | llvm-svn: 319572
* [libFuzzer] add an experimental search heuristic flag -reduce_depthKostya Serebryany2017-12-015-5/+18
| | | | llvm-svn: 319571
* [LibFuzzer] Improve comments on `CounterToFeature()` function.Dan Liew2017-11-281-1/+12
| | | | | | | | | | | | This is based on discussion in https://reviews.llvm.org/D40376 . The comments try to explain the reason for the current implementation and note that it might change in the future, so clients should not rely on this particular implementation. Differential Revision: https://reviews.llvm.org/D40565 llvm-svn: 319190
* [fuzzer] Initialize PcDescr buffer before calling __sanitizer_symbolize_pcVitaly Buka2017-11-171-1/+1
| | | | | | | __sanitizer_symbolize_pc is not instrumented so msan assumes that PcDescr was not initialized. llvm-svn: 318488
* libfuzzer: Fix file listing on some filesystemsKostya Serebryany2017-11-151-2/+12
| | | | | | | | | | | | | | | | | Summary: For some filesystems, readdir will not populate dirent::d_type with valuable information. This causes libfuzzer to proceed with an empty corpus, instead of the file it contains. This has been tested on a server using XFS. It should fix https://bugs.llvm.org//show_bug.cgi?id=25991 Reviewers: kcc Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D40028 llvm-svn: 318303
* [libFuzzer] respect max_len during mergeKostya Serebryany2017-11-151-1/+1
| | | | llvm-svn: 318302
* [libFuzzer] make sure to flush IO when done merging one fileKostya Serebryany2017-11-091-0/+1
| | | | llvm-svn: 317835
* [libFuzzer] Don't add leaking inputs to corpus.Matt Morehouse2017-11-091-2/+3
| | | | | | | | | | | | Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39850 llvm-svn: 317831
* [libFuzzer] handle SIGUSR1/SIGUSR2 and try to exit grafully on these signalsKostya Serebryany2017-11-097-0/+34
| | | | llvm-svn: 317829
* [libFuzzer] allow merge to resume after being preempted Kostya Serebryany2017-11-092-25/+61
| | | | llvm-svn: 317767
* [libFuzzer] allow user to specify the merge control fileKostya Serebryany2017-11-094-18/+30
| | | | llvm-svn: 317747
* [fuzzer] Fix nested mallocsVitaly Buka2017-11-021-3/+26
| | | | | | | | | | | | Summary: Nested mallocs are possible with internal symbolizer. Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39397 llvm-svn: 317186
* [fuzzer] Script to detect unbalanced allocation in -trace_malloc outputVitaly Buka2017-11-011-0/+93
| | | | | | | | | | Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39466 llvm-svn: 317119
* [fuzzer] Fix threaded stack printingVitaly Buka2017-11-011-0/+5
| | | | | | | | | | Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39397 llvm-svn: 317071
* Revert "[fuzzer] Fix threaded stack printing and nested mallocs"Vitaly Buka2017-11-012-112/+0
| | | | | | | | | | | Fails on darwin Revert "[fuzzer] Script to detect unbalanced allocation in -trace_malloc output" Needs previous one. This reverts commit r317034, r317036. llvm-svn: 317061
* [fuzzer] Script to detect unbalanced allocation in -trace_malloc outputVitaly Buka2017-10-311-0/+93
| | | | | | | | | | Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39466 llvm-svn: 317036
OpenPOWER on IntegriCloud