summaryrefslogtreecommitdiffstats
path: root/compiler-rt/lib/fuzzer
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] Unpoison parameters before calling user callback.Matt Morehouse2019-05-092-1/+4
| | | | | | | | | | | | | | | | | | | | Summary: Fixes an MSan false positive when compiling with -fsanitize=memory,fuzzer. See https://github.com/google/oss-fuzz/issues/2369 for more details. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, metzman, eugenis Tags: #llvm Differential Revision: https://reviews.llvm.org/D61753 llvm-svn: 360390
* [libFuzzer] perform more agressive value profiling in memcmpKostya Serebryany2019-05-091-2/+7
| | | | llvm-svn: 360385
* [libFuzzer] implement -focus_function=auto, to be used with Data Flow TracesKostya Serebryany2019-05-095-8/+276
| | | | llvm-svn: 360378
* [libFuzzer] DFT: when dumping coverage, also dump the total number of ↵Kostya Serebryany2019-05-083-22/+44
| | | | | | instrumented blocks in a function; update merge_data_flow.py to merge coverage llvm-svn: 360272
* [libFuzzer] extend the data flow tracer to also produce basic block coverage ↵Kostya Serebryany2019-05-082-16/+72
| | | | | | for every input. An extended test coming in a separte change. llvm-svn: 360213
* [libFuzzer] Replace -seed_corpus to better support fork mode on WinJonathan Metzman2019-04-305-10/+32
| | | | | | | | | | | | | | | | | | Summary: Pass seed corpus list in a file to get around argument length limits on Windows. This limit was preventing many uses of fork mode on Windows. Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D60980 llvm-svn: 359610
* change orderJonathan Metzman2019-04-301-1/+1
| | | | llvm-svn: 359587
* [libFuzzer] Enable for i386Jonathan Metzman2019-04-301-2/+2
| | | | | | | | | | | | Summary: Get libFuzzer to build on i386 and fix tests. Subscribers: mgorny, #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D61070 llvm-svn: 359585
* Enable x86 buildsJonathan Metzman2019-04-301-2/+7
| | | | llvm-svn: 359583
* [libFuzzer] Disable MSan interceptors in SIGINT handler.Matt Morehouse2019-04-261-1/+2
| | | | | | | | | | | | | | | | | | | | | | Summary: Avoids an MSan false positive if the SIGINT comes while the user callback is running. The false positive happens when the interrupt handler calls opendir() to remove some temporary files, which is intercepted by MSan. Fixes https://github.com/google/oss-fuzz/issues/2332. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, Dor1s, metzman Tags: #llvm Differential Revision: https://reviews.llvm.org/D61163 llvm-svn: 359254
* [CMake] Add fuzzer as a component for runtime buildsChris Bieneman2019-04-191-0/+2
| | | | | | Calling `add_compiler_rt_component` sets up the component connection between runtime builds and the parent CMake configuration. Adding this call allows specifying `fuzzer` as a `LLVM_RUNTIME_DISTRIBUTION_COMPONENT`. llvm-svn: 358780
* [libFuzzer] revert part of r358726 committed by mistake (oops)Kostya Serebryany2019-04-191-1/+0
| | | | llvm-svn: 358727
* [libFuzzer] in fork mode, make sure the child stats are always collected. ↵Kostya Serebryany2019-04-192-2/+4
| | | | | | This should fix the flakiness in fork-ubsan.test llvm-svn: 358726
* Summary:Jonathan Metzman2019-04-181-15/+75
| | | | | | | | | | | | | | | | | | | | | | Add close_fd_mask functionality to AFL driver. Summary: Add support for env var AFL_DRIVER_CLOSE_FD_MASK which behaves the same as libFuzzer's -close_fd_mask=1. Also add tests. Reviewers: kcc, vitalybuka, morehouse Reviewed By: morehouse Subscribers: #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D60334 llvm-svn: 358703
* [libFuzzer] Remove tautological compare.Matt Morehouse2019-04-161-2/+1
| | | | llvm-svn: 358510
* [libFuzzer] speedup the merge step in the fork mode by merging only the ↵Kostya Serebryany2019-04-132-8/+34
| | | | | | files that have unique features. llvm-svn: 358320
* [libFuzzer] add -features_dir= flag to dump unique input features on diskKostya Serebryany2019-04-139-6/+53
| | | | llvm-svn: 358317
* [libFuzzer] Fix DataFlow.cpp logic when tracing long inputs.Max Moroz2019-04-122-11/+18
| | | | | | | | | | | | | | | | | | | | | | | | | Summary: 1. Do not create DFSan labels for the bytes which we do not trace. This is where we run out of labels at the first place. 2. When dumping the traces on the disk, make sure to offset the label identifiers by the number of the first byte in the trace range. 3. For the last label, make sure to write it at the last position of the trace bit string, as that label represents the input size, not any particular byte. Also fixed the bug with division in python which I've introduced when migrated the scripts to Python3 (`//` is required for integral division). Otherwise, the scripts are wasting too much time unsuccessfully trying to collect and process traces from the long inputs. For more context, see https://github.com/google/oss-fuzz/issues/1632#issuecomment-481761789 Reviewers: kcc Reviewed By: kcc Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60538 llvm-svn: 358311
* [libFuzzer] support -runs=N in the fork mode. Make sure we see one-line ↵Kostya Serebryany2019-04-121-1/+9
| | | | | | reports from ubsan in the fork mode. Test both llvm-svn: 358306
* [libFuzzer] Make MutateWithMask work when the Mask is shorter than the input.Max Moroz2019-04-111-3/+3
| | | | | | | | | | | | | | | | | | | Summary: Before this change, MutateWithMask used to assert that Mask should be of sufficient length (>= Size of the input). However, in real cases we may have inputs that are longer than the Mask they have inherited from the based inputs. Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60571 llvm-svn: 358207
* [libFuzzer] Fallback to default Mutate when MutateWithMask fails.Max Moroz2019-04-112-1/+4
| | | | | | | | | | | | | | | | | | | | | | Summary: In case the current corpus input doesn't have bytes going into the focus function, MutateWithMask is useless and may fail gently, allowing the default mutation routine happen, rather than crashing on an assertion. For more context and the initial fix suggestion, see: https://github.com/google/oss-fuzz/issues/1632#issuecomment-481862879 Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60567 llvm-svn: 358190
* Use binary write mode in WriteToFile function to avoid appended \r ↵Vitaly Buka2019-04-051-1/+1
| | | | | | | | | | | | | | | | | | | | | characters on Windows Summary: When using libfuzzer on Windows, in the contents of a crash sample, bytes that can be mistaken for a \n are replaced by a \r\n sequence. As a consequence, crashes are not reproducible. This patch will open files in binary mode to fix this issue. The patch does not affect POSIX systems. Patch by tuktuk Reviewers: kcc, vitalybuka Reviewed By: vitalybuka Subscribers: dexonsmith, jdoerfert, llvm-commits, #sanitizers Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60008 llvm-svn: 357807
* [libFuzzer] Another follow up fix for Data Flow scripts in Py3.Max Moroz2019-04-041-2/+6
| | | | | | | | | | | | | | Reviewers: Dor1s Reviewed By: Dor1s Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60289 llvm-svn: 357732
* [libFuzzer] Fix output format in data flow merge script after Py3 change.Max Moroz2019-04-041-1/+1
| | | | | | | | | | | | | | Reviewers: Dor1s Reviewed By: Dor1s Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60288 llvm-svn: 357730
* [libFuzzer] Make DataFlow scripts Python3 compatible.Max Moroz2019-04-042-6/+8
| | | | | | | | | | | | | | | | | | | Summary: Python2 will hit end of life soon: https://pythonclock.org/ This change also makes the integration with OSS-Fuzz a bit simpler: https://github.com/google/oss-fuzz/issues/1632 Reviewers: morehouse, kcc Reviewed By: morehouse Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60282 llvm-svn: 357726
* [CMake][LibFuzzer] Match symbol visibility setting between LibFuzzer object ↵Dan Liew2019-02-281-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | files and unit tests. Summary: This fixes inconsistent symbol visibility. This shows up as a linker warning if r336238 (43f633564e338a6dde83d49a48e5bfcbfdce292c) is reverted. ``` ld: warning: direct access in function 'fuzzer::CleanseCrashInput(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&, fuzzer::FuzzingOptions const&)' from file '/Volumes/data/dev/llvm/upstream/master/builds/projects/compiler-rt/lib/fuzzer/tests/libRTFuzzerTest.x86_64.a(FuzzerDriver.cpp.o)' to global weak symbol 'fuzzer::Command::ignoreRemainingArgs()::kIgnoreRemaining' from file 'FuzzerTestObjects.FuzzerUnittest.cpp.x86_64.o' means the weak symbol cannot be overridden at runtime. This was likely caused by different translation units being compiled with different visibility settings. ``` r336238 just hid the issue rather than fixing the real issue. On macOS and other platforms we usually compile with `-fvisibility=hidden` but the unit tests were compiled without this flag. Reviewers: george.karpenkov, kubamracek, kcc, yln Subscribers: mgorny, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D58055 llvm-svn: 355143
* [libFuzzer][Windows] Port fork mode to WindowsJonathan Metzman2019-02-275-12/+77
| | | | | | | | | | | | | | | | | | | | | Summary: Port libFuzzer's fork mode to Windows. Implement Windows versions of MkDir, RmDir, and IterateDirRecursive to do this. Don't print error messages under new normal uses of FileSize (on a non-existent file). Implement portable way of piping output to /dev/null. Fix test for Windows and comment fork-sigusr.test on why it won't be ported to Win. Reviewers: zturner Reviewed By: zturner Subscribers: kcc, zturner, jdoerfert, #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D58513 llvm-svn: 355019
* [libFuzzer] fix missing close on opened fileVitaly Buka2019-02-261-0/+1
| | | | | | | | | | | | | | | | | | | | Summary: When running the standalone main on a large corpus, I eventually get a EMFILE error ("Too many open files"). Patch by Paul Chaignon Reviewers: kcc, vitalybuka Reviewed By: vitalybuka Subscribers: lebedev.ri, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D58622 llvm-svn: 354918
* [libFuzzer] Remove extra semicolonsJonathan Metzman2019-02-263-5/+5
| | | | | | | | | | | | | | | | | | Summary: Remove extra semicolons so that libFuzzer can compile with -Werror -Wextra-semi Reviewers: Dor1s, morehouse, thakis Reviewed By: Dor1s, morehouse Subscribers: jdoerfert, #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D58674 llvm-svn: 354902
* [compiler-rt] Fix broken sanitizer bots (hopefully)Jonas Hahnfeld2019-02-171-3/+0
| | | | | | | | | | | | | | | | | | | According to the logs and local debugging there were two issues: 1) tsan tests listed libc++.a before the source file. That's usually ok for shared libraries, but the linker will not add symbols from a static library unless needed at that time. As a result the tests that rely upon symbols from the library (and not only include the headers) had undefined references. To solve this I'm adding a new substitution %link_libcxx_tsan which expands to libc++.a if available. 2) The target Fuzzer-x86_64-Test linked in SANITIZER_TEST_CXX_LIBRARIES which defaults to -lstdc++. This resulted in error messages like hidden symbol '_ZdlPv' is not defined locally hidden symbol '_Znwm' is not defined locally when using GNU gold (ld.bfd and lld are fine). Removing the linkage is fine because we build a custom libc++ for that purpose. llvm-svn: 354231
* [compiler-rt] Build custom libcxx with libcxxabiJonas Hahnfeld2019-02-172-10/+13
| | | | | | | | | | | | | | | This changes add_custom_libcxx to also build libcxxabi and merges the two into a static and hermetic library. There are multiple advantages: 1) The resulting libFuzzer doesn't expose C++ internals and looks like a plain C library. 2) We don't have to manually link in libstdc++ to provide cxxabi. 3) The sanitizer tests cannot interfere with an installed version of libc++.so in LD_LIBRARY_PATH. Differential Revision: https://reviews.llvm.org/D58013 llvm-svn: 354212
* [compiler-rt] Cleanup usage of C++ ABI libraryJonas Hahnfeld2019-02-161-4/+5
| | | | | | | | | | | | | Add missed value "libcxxabi" and introduce SANITIZER_TEST_CXX for linking unit tests. This needs to be a full C++ library and cannot be libcxxabi. Recommit r354132 which I reverted in r354153 because it broke a sanitizer bot. This was because of the "fixes" for pthread linking, so I've removed these changes. Differential Revision: https://reviews.llvm.org/D58012 llvm-svn: 354198
* [libFuzzer] make len_control less agressive: set the initial max len to the ↵Kostya Serebryany2019-02-161-1/+5
| | | | | | length of the largest seed. This was the original intent, but... Now, with a test, to ensure it stays this way llvm-svn: 354191
* [libFuzzer] fork mode: try harder to cleanup after itselfKostya Serebryany2019-02-162-11/+21
| | | | llvm-svn: 354186
* [libFuzzer] form mode: add -ignore_crashes flag, honor the max_total_time ↵Kostya Serebryany2019-02-158-23/+66
| | | | | | flag, print the number of ooms/timeouts/crashes, fix a typo llvm-svn: 354175
* Revert "[compiler-rt] Cleanup usage of C++ ABI library"Jonas Hahnfeld2019-02-151-5/+4
| | | | | | | This reverts r354132 because it breaks sanitizer-x86_64-linux: http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/19915 llvm-svn: 354153
* [compiler-rt] Cleanup usage of C++ ABI libraryJonas Hahnfeld2019-02-151-4/+5
| | | | | | | | | Add missed value "libcxxabi" and introduce SANITIZER_TEST_CXX for linking unit tests. This needs to be a full C++ library and cannot be libcxxabi. Differential Revision: https://reviews.llvm.org/D58012 llvm-svn: 354132
* [libFuzzer] print new functions as they are discovered in the fork modeKostya Serebryany2019-02-154-11/+33
| | | | llvm-svn: 354092
* [libFuzzer] fix the unit testsKostya Serebryany2019-02-153-12/+14
| | | | llvm-svn: 354088
* [libFuzzer] when doing the merge, keep track of the coveraged edges, not ↵Kostya Serebryany2019-02-154-25/+33
| | | | | | just features llvm-svn: 354087
* [libFuzzer] when doing the merge, keep track of the coveraged edges, not ↵Kostya Serebryany2019-02-146-51/+82
| | | | | | just features llvm-svn: 354076
* [libFuzzer] better stats for the fork modeKostya Serebryany2019-02-141-5/+44
| | | | llvm-svn: 354061
* [libFuzzer] trying to fix the bot (can't reproduce the build failure locally)Kostya Serebryany2019-02-141-1/+2
| | | | llvm-svn: 354000
* [libFuzzer] add threads to the fork mode: now you can pass -fork=N to run N ↵Kostya Serebryany2019-02-143-90/+147
| | | | | | concurrent workers. Fork mode is still work-in-progress. llvm-svn: 353997
* [libFuzzer] a bit of refactoring of the fork modeKostya Serebryany2019-02-136-74/+153
| | | | llvm-svn: 353910
* [libFuzzer] move the implementation of the fork mode into a separate fileKostya Serebryany2019-02-126-93/+165
| | | | llvm-svn: 353891
* [libFuzzer] make the fork mode less verboseKostya Serebryany2019-02-125-28/+52
| | | | llvm-svn: 353794
* [libFuzzer] teach the fork mode to ignore OOMs and timeoutsKostya Serebryany2019-02-124-6/+12
| | | | llvm-svn: 353792
* [libFuzzer] replace slow std::mt19937 with a much faster std::minstd_rand; ↵Kostya Serebryany2019-02-122-4/+5
| | | | | | second attempt after failed r352732, this time with a fix for cmake llvm-svn: 353782
* [libFuzzer] simplify the code for print_coverage=1 so that it doesn't fail ↵Kostya Serebryany2019-02-121-2/+2
| | | | | | on broken debug info llvm-svn: 353781
OpenPOWER on IntegriCloud