summaryrefslogtreecommitdiffstats
path: root/compiler-rt/test/fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* [compiler-rt] [fuzzer] Enable LSan in libFuzzer tests on NetBSDKamil Rytarowski2019-12-191-1/+0
|
* [compiler-rt] [test] Disable ASLR for fuzzer tests on NetBSDMichał Górny2019-12-181-0/+3
|
* [compiler-rt] Disable fuzzer large.test when LLVM_ENABLE_EXPENSIVE_CHECKS=ONAlex Lorenz2019-12-031-0/+2
| | | | | | | | | | | | | This test is timing out on Green Dragon http://green.lab.llvm.org/green/job/clang-stage1-cmake-RA-expensive/ and looks like it's not executed on other bots with expensive checks enabled http://lab.llvm.org:8011/builders/llvm-clang-x86_64-expensive-checks-ubuntu http://lab.llvm.org:8011/builders/llvm-clang-x86_64-expensive-checks-win The test times out at the C++ source file takes too long to build (2+ hours on my machine), as clang spends a lot of time in IR/MIR verifiers. Differential Revision: https://reviews.llvm.org/D70024
* Add missing lld checks in sanitizer tests.Evgenii Stepanov2019-10-281-1/+1
| | | | | | Do not add an lld dependency when this target does not exist. In this case the system installation of lld is used (or whatever is detected with -fuse-ld=lld by default).
* [CMake] Fix the value of `config.target_cflags` for non-macOS Apple ↵Dan Liew2019-10-011-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | platforms. Attempt #3. The main problem here is that `-*-version_min=` was not being passed to the compiler when building test cases. This can cause problems when testing on devices running older OSs because Clang would previously assume the minimum deployment target is the the latest OS in the SDK which could be much newer than what the device is running. Previously the generated value looked like this: `-arch arm64 -isysroot <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` With this change it now looks like: `-arch arm64 -stdlib=libc++ -miphoneos-version-min=8.0 -isysroot <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` This mirrors the setting of config.target_cflags on macOS. This change is made for ASan, LibFuzzer, TSan, and UBSan. To implement this a new `get_test_cflags_for_apple_platform()` function has been added that when given an Apple platform name and architecture returns a string containing the C compiler flags to use when building tests. This also calls a new helper function `is_valid_apple_platform()` that validates Apple platform names. This is the third attempt at landing the patch. The first attempt (r359305) had to be reverted (r359327) due to a buildbot failure. The problem was that calling `get_test_cflags_for_apple_platform()` can trigger a CMake error if the provided architecture is not supported by the current CMake configuration. Previously, this could be triggered by passing `-DCOMPILER_RT_ENABLE_IOS=OFF` to CMake. The root cause is that we were generating test configurations for a list of architectures without checking if the relevant Sanitizer actually supported that architecture. We now intersect the list of architectures for an Apple platform with `<SANITIZER>_SUPPORTED_ARCH` (where `<SANITIZER>` is a Sanitizer name) to iterate through the correct list of architectures. The second attempt (r363633) had to be reverted (r363779) due to a build failure. The failed build was using a modified Apple toolchain where the iOS simulator SDK was missing. This exposed a bug in the existing UBSan test generation code where it was assumed that `COMPILER_RT_ENABLE_IOS` implied that the toolchain supported both iOS and the iOS simulator. This is not true. This has been fixed by using the list `SANITIZER_COMMON_SUPPORTED_OS` for the list of supported Apple platforms for UBSan. For consistency with the other Sanitizers we also now intersect the list of architectures with UBSAN_SUPPORTED_ARCH. rdar://problem/50124489 Differential Revision: https://reviews.llvm.org/D61242 llvm-svn: 373405
* [libFuzzer] Remove lazy counters.Matt Morehouse2019-10-011-3/+0
| | | | | | | | | | | | | | | | Summary: Lazy counters haven't improved performance for large fuzz targets. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Tags: #llvm Differential Revision: https://reviews.llvm.org/D67476 llvm-svn: 373403
* [libFuzzer] [NFC] Fix grammar error with "it's"Mitch Phillips2019-09-261-1/+1
| | | | llvm-svn: 372937
* [libFuzzer] Remove hardcoded number of new features in merge_two_step.test.Max Moroz2019-09-111-2/+2
| | | | | | | | | | | | | | | | | | | | Summary: The number of features can be different on different platforms. This should fixed broken builders, e.g. http://lab.llvm.org:8011/builders/clang-cmake-aarch64-full/builds/7946 Reviewers: Dor1s Reviewed By: Dor1s Subscribers: kristof.beyls, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D67458 llvm-svn: 371647
* [libFuzzer] Make -merge=1 to reuse coverage information from the control file.Max Moroz2019-09-112-2/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This change allows to perform corpus merging in two steps. This is useful when the user wants to address the following two points simultaneously: 1) Get trustworthy incremental stats for the coverage and corpus size changes when adding new corpus units. 2) Make sure the shorter units will be preferred when two or more units give the same unique signal (equivalent to the `REDUCE` logic). This solution was brainstormed together with @kcc, hopefully it looks good to the other people too. The proposed use case scenario: 1) We have a `fuzz_target` binary and `existing_corpus` directory. 2) We do fuzzing and write new units into the `new_corpus` directory. 3) We want to merge the new corpus into the existing corpus and satisfy the points mentioned above. 4) We create an empty directory `merged_corpus` and run the first merge step: ` ./fuzz_target -merge=1 -merge_control_file=MCF ./merged_corpus ./existing_corpus ` this provides the initial stats for `existing_corpus`, e.g. from the output: ` MERGE-OUTER: 3 new files with 11 new features added; 11 new coverage edges ` 5) We recreate `merged_corpus` directory and run the second merge step: ` ./fuzz_target -merge=1 -merge_control_file=MCF ./merged_corpus ./existing_corpus ./new_corpus ` this provides the final stats for the merged corpus, e.g. from the output: ` MERGE-OUTER: 6 new files with 14 new features added; 14 new coverage edges ` Alternative solutions to this approach are: A) Store precise coverage information for every unit (not only unique signal). B) Execute the same two steps without reusing the control file. Either of these would be suboptimal as it would impose an extra disk or CPU load respectively, which is bad given the quadratic complexity in the worst case. Tested on Linux, Mac, Windows. Reviewers: morehouse, metzman, hctim, kcc Reviewed By: morehouse Subscribers: JDevlieghere, delcypher, mgrang, #sanitizers, llvm-commits, kcc Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D66107 llvm-svn: 371620
* [libFuzzer] Disable fork.test on AArch64Diana Picus2019-07-151-1/+1
| | | | | | This crashes sporadically on our AArch64 buildbots. Disable for now. llvm-svn: 366055
* Use clang driver for libfuzzer tests on WindowsReid Kleckner2019-07-112-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: There's no real reason to use clang-cl on Windows, the clang driver works just as well. This fixes a test which uses the -O0 flag, which was recently removed from clang-cl to match MSVC, which lacks this flag. While I'm here, remove the explicit -std=c++11 flag. Previously, this flag was necessary when the default C++ standard was C++98. Now that the default is C++14, this is no longer necessary. It's problematic on Windows, because the Visual C++ standard library relies on C++14 features, and attempting to compile it with C++11 results in errors. Rather than adding logic to conditionally set the standard to C++11 only on non-Win, this flag can be removed. See http://lab.llvm.org:8011/builders/clang-x64-windows-msvc and https://reviews.llvm.org/D64506. Reviewers: morehouse, thakis Subscribers: #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D64587 llvm-svn: 365841
* Revert "[TSan] Attempt to fix iOS on-device test"Julian Lettner2019-07-081-4/+7
| | | | | | This reverts commit a2ca358291a3a621bfae66eeb01f51eeb69d2dd4. llvm-svn: 365375
* [TSan] Attempt to fix iOS on-device testJulian Lettner2019-07-061-4/+4
| | | | llvm-svn: 365257
* Remove `XFAIL: ios` from test that passes in CIJulian Lettner2019-07-051-1/+0
| | | | llvm-svn: 365253
* [compiler-rt] Rename lit.*.cfg.* -> lit.*.cfg.py.*Reid Kleckner2019-06-274-7/+7
| | | | | | | | | | | | | These lit configuration files are really Python source code. Using the .py file extension helps editors and tools use the correct language mode. LLVM and Clang already use this convention for lit configuration, this change simply applies it to all of compiler-rt. Reviewers: vitalybuka, dberris Differential Revision: https://reviews.llvm.org/D63658 llvm-svn: 364591
* [libFuzzer] split DataFlow.cpp into two .cpp files, one of which can be ↵Kostya Serebryany2019-06-213-4/+7
| | | | | | compiled w/o dfsan to speed things up (~25% speedup) llvm-svn: 364002
* [libFuzzer] ensure that DFT and autofocus works for C++ (mangled) functionsKostya Serebryany2019-06-202-5/+10
| | | | llvm-svn: 363905
* Revert r363633 "[CMake] Fix the value of `config.target_cflags` for ↵Hans Wennborg2019-06-191-9/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | non-macOS Apple platforms. Attempt #2." This caused Chromium's clang package to stop building, see comment on https://reviews.llvm.org/D61242 for details. > Summary: > The main problem here is that `-*-version_min=` was not being passed to > the compiler when building test cases. This can cause problems when > testing on devices running older OSs because Clang would previously > assume the minimum deployment target is the the latest OS in the SDK > which could be much newer than what the device is running. > > Previously the generated value looked like this: > > `-arch arm64 -isysroot > <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` > > With this change it now looks like: > > `-arch arm64 -stdlib=libc++ -miphoneos-version-min=8.0 -isysroot > <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` > > This mirrors the setting of `config.target_cflags` on macOS. > > This change is made for ASan, LibFuzzer, TSan, and UBSan. > > To implement this a new `get_test_cflags_for_apple_platform()` function > has been added that when given an Apple platform name and architecture > returns a string containing the C compiler flags to use when building > tests. This also calls a new helper function `is_valid_apple_platform()` > that validates Apple platform names. > > This is the second attempt at landing the patch. The first attempt (r359305) > had to be reverted (r359327) due to a buildbot failure. The problem was > that calling `get_test_cflags_for_apple_platform()` can trigger a CMake > error if the provided architecture is not supported by the current > CMake configuration. Previously, this could be triggered by passing > `-DCOMPILER_RT_ENABLE_IOS=OFF` to CMake. The root cause is that we were > generating test configurations for a list of architectures without > checking if the relevant Sanitizer actually supported that architecture. > We now intersect the list of architectures for an Apple platform > with `<SANITIZER>_SUPPORTED_ARCH` (where `<SANITIZER>` is a Sanitizer > name) to iterate through the correct list of architectures. > > rdar://problem/50124489 > > Reviewers: kubamracek, yln, vsk, juliehockett, phosek > > Subscribers: mgorny, javed.absar, kristof.beyls, #sanitizers, llvm-commits > > Tags: #llvm, #sanitizers > > Differential Revision: https://reviews.llvm.org/D61242 llvm-svn: 363779
* [CMake] Fix the value of `config.target_cflags` for non-macOS Apple ↵Dan Liew2019-06-171-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | platforms. Attempt #2. Summary: The main problem here is that `-*-version_min=` was not being passed to the compiler when building test cases. This can cause problems when testing on devices running older OSs because Clang would previously assume the minimum deployment target is the the latest OS in the SDK which could be much newer than what the device is running. Previously the generated value looked like this: `-arch arm64 -isysroot <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` With this change it now looks like: `-arch arm64 -stdlib=libc++ -miphoneos-version-min=8.0 -isysroot <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` This mirrors the setting of `config.target_cflags` on macOS. This change is made for ASan, LibFuzzer, TSan, and UBSan. To implement this a new `get_test_cflags_for_apple_platform()` function has been added that when given an Apple platform name and architecture returns a string containing the C compiler flags to use when building tests. This also calls a new helper function `is_valid_apple_platform()` that validates Apple platform names. This is the second attempt at landing the patch. The first attempt (r359305) had to be reverted (r359327) due to a buildbot failure. The problem was that calling `get_test_cflags_for_apple_platform()` can trigger a CMake error if the provided architecture is not supported by the current CMake configuration. Previously, this could be triggered by passing `-DCOMPILER_RT_ENABLE_IOS=OFF` to CMake. The root cause is that we were generating test configurations for a list of architectures without checking if the relevant Sanitizer actually supported that architecture. We now intersect the list of architectures for an Apple platform with `<SANITIZER>_SUPPORTED_ARCH` (where `<SANITIZER>` is a Sanitizer name) to iterate through the correct list of architectures. rdar://problem/50124489 Reviewers: kubamracek, yln, vsk, juliehockett, phosek Subscribers: mgorny, javed.absar, kristof.beyls, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D61242 llvm-svn: 363633
* [libFuzzer] implement a better queue for the fork mode. Add an internal flag ↵Kostya Serebryany2019-06-141-1/+1
| | | | | | -stop_file to allow graceful shutdown of fuzzing. Enhance the logging in the fork mode llvm-svn: 363470
* [libFuzzer] simplify the DFT trace collection using the new faster DFSan ↵Kostya Serebryany2019-06-143-48/+96
| | | | | | mode that traces up to 16 labels at a time and never runs out of labels. Second attempt. This time with a fix for windows (putenv instead of setenv)) llvm-svn: 363445
* [libFuzzer] Disable len_control by default if LLVMFuzzerCustomMutator is used.Max Moroz2019-06-141-0/+6
| | | | | | | | | | | | | | | | | | | | | | Summary: Some custom mutators may not peform well when size restriction is enforced by len_control. Because of that, it's safer to disable len_control by default in such cases, but still allow users to enable it manually. Bug example: https://bugs.chromium.org/p/chromium/issues/detail?id=919530. Tested manually with LPM-based and regular fuzz targets. Reviewers: kcc, vitalybuka, metzman Reviewed By: kcc, metzman Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D63334 llvm-svn: 363443
* Revert r363326 "[libFuzzer] simplify the DFT trace collection using the new ↵Hans Wennborg2019-06-143-96/+48
| | | | | | | | | | | | faster DFSan mode that traces up to 16 labels at a time and never runs out of labels." It broke the Windows build: C:\b\s\w\ir\cache\builder\src\third_party\llvm\compiler-rt\lib\fuzzer\FuzzerDataFlowTrace.cpp(243): error C3861: 'setenv': identifier not found This also reverts the follow-up r363327. llvm-svn: 363358
* fix whitespacesKostya Serebryany2019-06-131-3/+1
| | | | llvm-svn: 363327
* [libFuzzer] simplify the DFT trace collection using the new faster DFSan ↵Kostya Serebryany2019-06-133-48/+98
| | | | | | mode that traces up to 16 labels at a time and never runs out of labels. llvm-svn: 363326
* Add FuzzedDataProvider helper class / single header library.Max Moroz2019-06-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This class is useful for writing fuzz target that have multiple inputs. Current CL imports the existing `FuzzedDataProvider` from Chromium without any modifications. Feel free to review it thoroughly, if you're interested, but I'd prefer changing the class in a follow up CL. The CL also introduces an exhaustive test for the library, as the behavior of `FuzzedDataProvider` must not change over time. In follow up CLs I'm planning on changing some implementation details (I can share a doc with some comments to be addressed). After that, we will document how `FuzzedDataProvider` should be used. I have tested this on Linux, Windows and Mac platforms. Reviewers: morehouse, metzman, kcc Reviewed By: morehouse Subscribers: metzman, thakis, rnk, mgorny, ormris, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D62733 llvm-svn: 363071
* [libFuzzer] when using data-flow-trace (DFT) only load the DFT for the files ↵Kostya Serebryany2019-05-241-1/+1
| | | | | | present in the corpus llvm-svn: 361579
* [libFuzzer] remove the data-flow-trace (DFT) python scripts; their ↵Kostya Serebryany2019-05-231-13/+0
| | | | | | functionality is now part of libFuzzer proper; also write functions.txt to the disk only if this file doesn't exist yet llvm-svn: 361452
* [libFuzzer] automatically collect the data flow trace (DFT) in the fork mode ↵Kostya Serebryany2019-05-231-0/+12
| | | | | | if -collect_data_flow= is given llvm-svn: 361448
* [libFuzzer] Sleep after process exits in merge-sigusr.test.Matt Morehouse2019-05-221-0/+1
| | | | | | Ensure that log file has been fully updated before trying to read it. llvm-svn: 361339
* [libFuzzer] Kill by session ID in merge-sigusr.test.Matt Morehouse2019-05-211-3/+3
| | | | | | Ensures that parent and all child processes are killed at once. llvm-svn: 361336
* [libFuzzer] Ignore exit status of wait in merge-sigusr.test.Matt Morehouse2019-05-211-1/+1
| | | | | | | If process $PID has already exited, wait will give a non-zero exit status. llvm-svn: 361326
* [libFuzzer] Reduce flakiness of merge-sigusr.test.Matt Morehouse2019-05-211-3/+10
| | | | | | Double the number of files to merge, and use wait instead of sleep. llvm-svn: 361313
* [libFuzzer] Disable fork-sigusr.test on AArch64.Matt Morehouse2019-05-201-1/+1
| | | | | | Test fails on the clang-cmake-aarch64-lld build and I'm not sure why. llvm-svn: 361185
* [libFuzzer] Dump input on failure for sigusr tests.Matt Morehouse2019-05-172-2/+2
| | | | | | Should help with debugging failures on the bots. llvm-svn: 361070
* [libFuzzer] Use SleepOneSecondTest.cpp for fork-sigusr.test.Matt Morehouse2019-05-171-2/+2
| | | | | | | | ShallowOOMDeepCrash.cpp may hit libFuzzer's RSS limit before the SIGUSR2 is delivered, causing the test to be flaky when bots are under load. SleepOneSecondTest.cpp will keep running until the signal is delivered. llvm-svn: 361048
* [libFuzzer] Disable merge-sigusr.test on linux.Matt Morehouse2019-05-161-1/+2
| | | | | | Make buildbot green while I rethink the test. llvm-svn: 360914
* [libFuzzer] Increase merge-sigusr sleep after sending signal.Matt Morehouse2019-05-161-1/+1
| | | | | | | Test is flaky on buildbot at least partially due to the fuzz target not exiting before we read its output. llvm-svn: 360848
* [libFuzzer] Also kill parent process in merge-siguser.test.Matt Morehouse2019-05-161-0/+1
| | | | llvm-svn: 360840
* [libFuzzer] Fix typo in merge-sigusr.test.Matt Morehouse2019-05-161-1/+1
| | | | llvm-svn: 360836
* [libFuzzer] Use PID to send signals rather than process name.Matt Morehouse2019-05-162-4/+4
| | | | | | | | pkill reads the process name as a pattern, not a raw name. This means that if the process name contains + or other regex characters, pkill fails. llvm-svn: 360835
* [libFuzzer] Echo fuzzer output on sigusr tests.Matt Morehouse2019-05-152-2/+2
| | | | | | Improves debuggability when the fuzz target crashes. llvm-svn: 360824
* [libFuzzer] reimplement DFT's collect_data_flow inside libFuzzer so that we ↵Kostya Serebryany2019-05-142-8/+24
| | | | | | don't need external python scripts llvm-svn: 360712
* [libFuzzer] Unpoison parameters before calling user callback.Matt Morehouse2019-05-092-0/+33
| | | | | | | | | | | | | | | | | | | | Summary: Fixes an MSan false positive when compiling with -fsanitize=memory,fuzzer. See https://github.com/google/oss-fuzz/issues/2369 for more details. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, metzman, eugenis Tags: #llvm Differential Revision: https://reviews.llvm.org/D61753 llvm-svn: 360390
* [libFuzzer] perform more agressive value profiling in memcmpKostya Serebryany2019-05-091-1/+2
| | | | llvm-svn: 360385
* [libFuzzer] implement -focus_function=auto, to be used with Data Flow TracesKostya Serebryany2019-05-093-4/+21
| | | | llvm-svn: 360378
* [libFuzzer] simplify value-profile-mem.test a little bitKostya Serebryany2019-05-091-1/+2
| | | | llvm-svn: 360372
* [libFuzzer] DFT: when dumping coverage, also dump the total number of ↵Kostya Serebryany2019-05-081-2/+2
| | | | | | instrumented blocks in a function; update merge_data_flow.py to merge coverage llvm-svn: 360272
* [libFuzzer] extend the test for data flow tracer and coverage; also ↵Kostya Serebryany2019-05-081-1/+11
| | | | | | hopefully fix it on the bot llvm-svn: 360215
* [libFuzzer] extend the data flow tracer to also produce basic block coverage ↵Kostya Serebryany2019-05-083-25/+44
| | | | | | for every input. An extended test coming in a separte change. llvm-svn: 360213
OpenPOWER on IntegriCloud