summaryrefslogtreecommitdiffstats
path: root/compiler-rt/test/fuzzer
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] make the corpus elements aware of their data flow tracesKostya Serebryany2018-06-071-0/+31
| | | | llvm-svn: 334158
* [libFuzzer] simplify a test, hopefully to fix the botKostya Serebryany2018-06-071-2/+2
| | | | llvm-svn: 334156
* [libFuzzer] initial implementation of -data_flow_trace. It parses the data ↵Kostya Serebryany2018-06-062-1/+14
| | | | | | flow trace and prints the summary, but doesn't use the information in any other way yet llvm-svn: 334058
* [libFuzzer] add collect_data_flow.py that allows to run the data-flow tracer ↵Kostya Serebryany2018-05-311-0/+5
| | | | | | several times on subsets of inputs bytes, to overcome DFSan out-of-label failures llvm-svn: 333616
* [libFuzzer] Avoid optimization of "abs(x) < 0"Vitaly Buka2018-05-252-2/+4
| | | | llvm-svn: 333295
* Revert "[libFuzzer] [NFC] Generalize DSO tests to work even when files are ↵Vitaly Buka2018-05-252-8/+8
| | | | | | | | | | moved." Breaks libFuzzer tests. This reverts commit r333243. llvm-svn: 333257
* [libFuzzer] [NFC] Generalize fdmask test.George Karpenkov2018-05-241-12/+12
| | | | | | | | | The ordering of stderr/stdout writes might not be guaranteed, and is irrelevant for this test. Differential Revision: https://reviews.llvm.org/D47294 llvm-svn: 333245
* [libFuzzer] [NFC] Do not remove SanitizerLintCheck from libFuzzer testsGeorge Karpenkov2018-05-241-1/+0
| | | | | | | | | With %run commands being present now, we want to make sure that they stay present. Differential Revision: https://reviews.llvm.org/D47293 llvm-svn: 333244
* [libFuzzer] [NFC] Generalize DSO tests to work even when files are moved.George Karpenkov2018-05-242-8/+8
| | | | | | Differential Revision: https://reviews.llvm.org/D47292 llvm-svn: 333243
* [libFuzzer] Fix multi-arch build support for fuzzer tests.George Karpenkov2018-05-241-5/+7
| | | | | | | | | The bug was not previously exposed as only one architecture is currently supported for libFuzzer. Differential Revision: https://reviews.llvm.org/D47287 llvm-svn: 333242
* [libFuzzer] XFAIL a few libFuzzer tests on iOS.George Karpenkov2018-05-248-0/+8
| | | | | | | | NFC for now. Differential Revision: https://reviews.llvm.org/D47284 llvm-svn: 333240
* [libFuzzer] DataFlow tracer now tags a subset of the input. A separate ↵Kostya Serebryany2018-05-241-7/+19
| | | | | | script merges traces from the subsets llvm-svn: 333149
* [libFuzzer] fix two off-by-ones (!!) in the data flow tracerKostya Serebryany2018-05-231-11/+9
| | | | llvm-svn: 333142
* [libFuzzer] change the output format for the DataFlow tracerKostya Serebryany2018-05-231-37/+10
| | | | llvm-svn: 333122
* [libFuzzer] add a stress test for the DataFlow tracerKostya Serebryany2018-05-232-2/+33
| | | | llvm-svn: 333119
* [libFuzzer] reinstate -dump_coverage, which is still in use (reverts r332036)Kostya Serebryany2018-05-211-0/+21
| | | | llvm-svn: 332876
* [libFuzzer] rename a test from .c to .cppKostya Serebryany2018-05-161-1/+1
| | | | llvm-svn: 332558
* [libFuzzer] add an experimental flag -focus_function: libFuzzer will try to ↵Kostya Serebryany2018-05-162-0/+32
| | | | | | focus on inputs that trigger that function llvm-svn: 332554
* [libFuzzer] add a symbolic execution puzzle (difficult for today's libFuzzer).Max Moroz2018-05-161-0/+4129
| | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This can be solved just in seconds with KLEE. Current libFuzzer is able to satistfy 101 constraints out of 410 constraints presented during the first hour of running with -use_value_profile=1 and -max_len=20. During the next 3 hours, libFuzzer is able to generate ~50 NEW inputs, bot none of those solve any new constraint. During the next 20 hours, it didn't find any NEW inputs. This test might be interesting for experimenting with the data flow tracing approach started in https://reviews.llvm.org/D46666. For the solution with KLEE and other information, see https://github.com/Dor1s/codegate2017-quals-angrybird Reviewers: kcc Reviewed By: kcc Subscribers: delcypher, llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D46924 llvm-svn: 332507
* [libFuzzer] deprecate equivalence_serverKostya Serebryany2018-05-152-0/+2
| | | | llvm-svn: 332316
* [libFuzzer] [NFC] Split fuzzer.test into smaller testsGeorge Karpenkov2018-05-1113-71/+65
| | | | | | | | | | | | | | | | | | | | | Keeping fuzzer.test together as a gigantic test has no advantages and multiple disadvantages: - Worse test parallelization (fuzzer.test is always blocking the test run on a machine with many cores) - Debugging test failures is made more difficult (not clear what fails from fuzzer.test failing) - Makes porting tests to new platforms more difficult (whenever fuzzer.test fails have to inspect the output to figure out what is going on, and then restart all of it) - Hides dead code (in our case, "Done1000000" FileCheck variable was never used, DISABLED: not %t-UninstrumentedTest-Uninstrumented was never compiled, and there was small amount of duplication vs. simple-cmp.test) - Makes correspondence between LIT .test files and .cpp files less straightforward Differential Revision: https://reviews.llvm.org/D46557 llvm-svn: 332145
* [libFuzzer] [NFC] Prefix all run lines with %runGeorge Karpenkov2018-05-1175-168/+167
| | | | | | | | | | This patch does not do anything, but paves the way for future changes, where %run command will be expanded into a script performing the testing on device. Differential Revision: https://reviews.llvm.org/D46553 llvm-svn: 332144
* [libFuzzer] refactor the implementation of -print_coverageKostya Serebryany2018-05-111-11/+7
| | | | llvm-svn: 332073
* [libFuzzer] simplify tests, remove one redundant test; NFCKostya Serebryany2018-05-106-9/+5
| | | | llvm-svn: 332037
* [libFuzzer] remove the dump_coverage flag, it hasn't been working with the ↵Kostya Serebryany2018-05-101-21/+0
| | | | | | inline sanitizer coverage anyway llvm-svn: 332036
* [libFuzzer] remove the experimental support for clang coverage ↵Kostya Serebryany2018-05-101-7/+0
| | | | | | instrumentation. This mode has not been used and our experiments with https://github.com/google/fuzzer-test-suite show that this signal is weaker than the SanitizerCoverage llvm-svn: 332034
* [libFuzzer] Experimental data flow tracer for fuzz targets.Kostya Serebryany2018-05-102-0/+110
| | | | | | | | | | | | | | | | | | | | | Summary: Experimental data flow tracer for fuzz targets. Allows to tell which bytes of the input affect which functions of the fuzz target. We previously attempted to use DFSan directly in the libFuzzer process, and that didn't work nicely. Now we will try to collect the data flow information for the seed corpus in a separate process (using this tracer), and then use it in the regular libFuzzer runs. Reviewers: morehouse, pcc, Dor1s Reviewed By: morehouse, Dor1s Subscribers: delcypher, #sanitizers, llvm-commits Differential Revision: https://reviews.llvm.org/D46666 llvm-svn: 332029
* wrong usages of sem_open in the libFuzzerKamil Rytarowski2018-05-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: Fixed two non-standard usages of sem_open in the libFuzzer library and one NetBSD-related modification with test script. - The return value to indicate error should be SEM_FAILED instead of (void *)-1 (please refer to "RETURN VALUE" section in this [[ http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_open.html | page ]]). Actually, SEM_FAILED != (void *)-1 holds in NetBSD. - The SharedMemoryRegion::SemName function should return name starting with slash. Because the behaviour of name which does not start with slash is unspecified as the [[ http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_open.html | "DESCRIPTION" section ]] specified: > If name does not begin with the <slash> character, the effect is implementation-defined. - The length of name is limited to 14 in NetBSD, it is suggested to reduce the length of equivalence server name in the test script. Patch by: Yang Zheng Reviewers: vitalybuka, krytarowski, kcc Reviewed By: kcc Subscribers: kcc, #sanitizers, llvm-commits, joerg Differential Revision: https://reviews.llvm.org/D46622 llvm-svn: 332003
* [libFuzzer] add a simple puzzle that is difficult for today's libFuzzerKostya Serebryany2018-05-101-0/+34
| | | | llvm-svn: 331951
* [libFuzzer] Disable print-func.test on Darwin.Matt Morehouse2018-05-091-0/+1
| | | | | | | | The try-lock guard change seems to be making this test fail on Mac, but I haven't been able to reproduce the failure. Disabling the test on Mac to fix build bot. llvm-svn: 331894
* [libFuzzer] Guard symbolization with try-lock.Matt Morehouse2018-05-083-0/+38
| | | | | | | | | | | | | | | | | | Summary: When out-of-memory or timeout occurs, threads can be stopped during symbolization, thereby causing a deadlock when the OOM/TO handlers attempt symbolization. We avoid this deadlock by skipping symbolization if another thread is symbolizing. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D46605 llvm-svn: 331825
* [libFuzzer] Report at most one crash per input.Matt Morehouse2018-05-012-0/+21
| | | | | | | | | | | | | | | | | | Summary: Fixes https://github.com/google/sanitizers/issues/788/, a deadlock caused by multiple crashes happening at the same time. Before printing a crash report, we now test and set an atomic flag. If the flag was already set, the crash handler returns immediately. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, kubamracek Differential Revision: https://reviews.llvm.org/D46277 llvm-svn: 331310
* [LibFuzzer] Report when custom counters are available.Dan Liew2018-04-201-0/+1
| | | | | | | | This upstreams a feature from the JFS solver's fork of LibFuzzer. Differential Revision: https://reviews.llvm.org/D45675 llvm-svn: 330391
* [libFuzzer] Print a correct error message when a directory can't beMatt Morehouse2018-04-061-1/+1
| | | | | | | | | | | | | | | | | | | | | opened. Summary: Currently if the directory cannot be opened for a reason other than non-existence (e.g. too many open file descriptors) the error message printed is incredibly confusing. Patch By: Alex Gaynor Reviewers: kcc, morehouse Reviewed By: morehouse Subscribers: delcypher, llvm-commits, Sanitizers Differential Revision: https://reviews.llvm.org/D45322 llvm-svn: 329438
* [libFuzzer] Disable optimization for exit_on_src_pos.test.Matt Morehouse2018-03-272-2/+4
| | | | | | Test fails on Darwin with -O2. llvm-svn: 328634
* [libFuzzer] Place volatile after pointer types.Matt Morehouse2018-03-275-9/+6
| | | | | | | | | For a few tests, volatile was placed before the '*' in pointer declarations, resulting in it applying to the underlying data rather than the pointer itself. Placing volatile after the '*' allows us to switch those tests to -O2. llvm-svn: 328633
* [libFuzzer] Do not optimize minimize_two_crashes.test.Matt Morehouse2018-03-261-1/+1
| | | | | | Speculative fix for build bot breakage on Mac. llvm-svn: 328576
* [libFuzzer] Use OptForFuzzing attribute with -fsanitize=fuzzer.Matt Morehouse2018-03-235-10/+15
| | | | | | | | | | | | | | | | | | | Summary: Disables certain CMP optimizations to improve fuzzing signal under -O1 and -O2. Switches all fuzzer tests to -O2 except for a few leak tests where the leak is optimized out under -O2. Reviewers: kcc, vitalybuka Reviewed By: vitalybuka Subscribers: cfe-commits, llvm-commits Differential Revision: https://reviews.llvm.org/D44798 llvm-svn: 328384
* [libFuzzer] Disable equivalence-signals test on Darwin due to persistent ↵George Karpenkov2018-03-211-0/+3
| | | | | | failures llvm-svn: 328125
* [Fuzzer] Avoid the unnecessary rebuild of the custom libc++Petr Hosek2018-03-071-4/+2
| | | | | | | | | | | | This changes the add_custom_libcxx macro to resemble the llvm_ExternalProject_Add. The primary motivation is to avoid unnecessary libFuzzer rebuilds that are being done on every Ninja/Make invocation. The libc++ should be only rebuilt whenever the libc++ source itself changes. Differential Revision: https://reviews.llvm.org/D43213 llvm-svn: 326921
* [NFC] fix trivial typos in commentsHiroshi Inoue2018-01-221-1/+1
| | | | | | "the the" -> "the" llvm-svn: 323080
* Reland "[libFuzzer] Support using libc++"Petr Hosek2018-01-173-21/+59
| | | | | | | | | | | | This is needed in case the users of libFuzzer use libc++ in their code, which the fuzz target (libFuzzer) will be linked against. When libc++ source is available, we build a private version of it and link it against libFuzzer which allows using the same static library against codebases which use both libc++ and libstdc++. Differential Revision: https://reviews.llvm.org/D37631 llvm-svn: 322755
* Revert "[libFuzzer] Support using libc++"Petr Hosek2018-01-173-60/+22
| | | | | | This reverts commit r322604: test is failing for standalone compiler-rt. llvm-svn: 322689
* [libFuzzer] Support using libc++Petr Hosek2018-01-173-22/+60
| | | | | | | | | | | | This is needed in case the users of libFuzzer use libc++ in their code, which the fuzz target (libFuzzer) will be linked against. When libc++ source is available, we build a private version of it and link it against libFuzzer which allows using the same static library against codebases which use both libc++ and libstdc++. Differential Revision: https://reviews.llvm.org/D37631 llvm-svn: 322604
* [libFuzzer] Fix bug introduced in r322380 that always links -lc++.Matt Morehouse2018-01-121-1/+1
| | | | llvm-svn: 322409
* lib Fuzzer FreeBSD supportKamil Rytarowski2018-01-1218-3/+19
| | | | | | | | | | | | | | Summary: Patch by David CARLIER Reviewers: vitalybuka, kcc, dim, emaste, davide, morehouse, george.karpenkov Reviewed By: morehouse Subscribers: george.karpenkov, kubamracek, srhines, mgorny, emaste, krytarowski Differential Revision: https://reviews.llvm.org/D41642 llvm-svn: 322380
* [libFuzzer] make the tests depend on ubsanKostya Serebryany2017-12-151-1/+1
| | | | llvm-svn: 320787
* [libFuzzer] change the strategy for -experimental_len_control to grow ↵Kostya Serebryany2017-12-121-2/+2
| | | | | | max_len slower llvm-svn: 320531
* [libFuzzer] even less aggressive step function for stack depth. Also don't ↵Kostya Serebryany2017-12-091-1/+1
| | | | | | use asan in one test to speed it up llvm-svn: 320259
* [libFuzzer] add a flag -malloc_limit_mbKostya Serebryany2017-12-011-1/+3
| | | | llvm-svn: 319590
OpenPOWER on IntegriCloud