summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerDriver.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] enable the failure-resistant merge by default (with ↵Kostya Serebryany2016-12-151-11/+9
| | | | | | trace-pc-guard only) llvm-svn: 289772
* [libFuzzer] Clean up headers and file formatting of LibFuzzer files.Marcos Pividori2016-12-131-1/+0
| | | | | | | | | | | | Reorganize #includes to follow LLVM Coding Standards. Include some missing headers. Required to use `Printf()`. Aside from that, this patch contains no functional change. It is purely a re-organization. Differential Revision: https://reviews.llvm.org/D27363 llvm-svn: 289560
* [libFuzzer] Properly use unsigned for workers, jobs and NumberOfCpuCores.Marcos Pividori2016-12-131-8/+8
| | | | | | | | | | | std::thread::hardware_concurrency() returns an unsigned, so I modify NumberOfCpuCores() to return unsigned too. The number of cpus is used to define the number of workers, so I decided to update the worker and jobs flags to be declared as unsigned too. Differential Revision: https://reviews.llvm.org/D27685 llvm-svn: 289559
* [libFuzzer] Improve Signal Handler interface.Marcos Pividori2016-12-131-10/+8
| | | | | | | | | | | | Add new flags to FuzzingOptions to represent the different conditions on the signal handling. These options are passed when calling SetSignalHandler(). This changes simplify the implementation of Windows's exception handling. Now we can define a unique handler for all the exceptions. Differential Revision: https://reviews.llvm.org/D27238 llvm-svn: 289557
* [libFuzzer] don't require extra flags with -minimize_crash=1 (default to ↵Kostya Serebryany2016-12-131-6/+12
| | | | | | -max_total_time=600). Also respect exact_artifact_path when outputting the end result llvm-svn: 289506
* [libFuzzer] implement crash-resistant merge ↵Kostya Serebryany2016-12-091-7/+12
| | | | | | (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). llvm-svn: 289166
* Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner2016-12-021-2/+1
| | | | | | | | This resubmits r288529, which was resubmitted because it broke a fuzzer bot. According to kcc@ the test that broke was flakey and it is unlikely to be a result of this patch. llvm-svn: 288549
* Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner2016-12-021-1/+2
| | | | | | | This reverts commit r288529, as it seems to introduce some problems on the Linux bots. llvm-svn: 288533
* [LibFuzzer] Split FuzzerUtil for Posix and Windows.Zachary Turner2016-12-021-2/+1
| | | | | | | | | | Pave the way for separating out platform specific utility functions into separate files. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27234 llvm-svn: 288529
* [LibFuzzer] Split up some functions among different headers.Zachary Turner2016-11-301-0/+1
| | | | | | | | | | | | | | | | | | | | | In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
* [libFuzzer] replace 'auto' with 'auto *' to better follow the LLVM styleKostya Serebryany2016-11-141-3/+3
| | | | llvm-svn: 286870
* [libFuzzer] use a valid ASCII string for a dummy seed corpusKostya Serebryany2016-11-121-1/+1
| | | | llvm-svn: 286702
* [libFuzzer] use less stackKostya Serebryany2016-11-121-16/+16
| | | | llvm-svn: 286689
* [libFuzzer] fix -error_exitcode=N, now with a test Kostya Serebryany2016-11-031-0/+1
| | | | llvm-svn: 285958
* [libFuzzer] detect leaks after every run when executing fixed inputs ↵Kostya Serebryany2016-10-181-0/+1
| | | | | | (./fuzzer -runs=1000000 my-file) llvm-svn: 284514
* [libFuzzer] better algorithm for -minimize_crashKostya Serebryany2016-10-151-1/+1
| | | | llvm-svn: 284299
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-0/+1
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] add -trace_malloc= flagKostya Serebryany2016-10-131-0/+1
| | | | llvm-svn: 284149
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-081-2/+3
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] control the reload interval by a flag, make it 10 seconds by defaultKostya Serebryany2016-10-081-1/+1
| | | | llvm-svn: 283676
* [libFuzzer] be more careful with memory usage, print peak rss in status linesKostya Serebryany2016-10-061-0/+1
| | | | llvm-svn: 283418
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-051-1/+1
| | | | llvm-svn: 283409
* [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller ↵Kostya Serebryany2016-10-051-1/+1
| | | | | | elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines llvm-svn: 283279
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-011-0/+3
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] remove unused optionKostya Serebryany2016-09-301-1/+0
| | | | llvm-svn: 282971
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-0/+2
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-231-1/+1
| | | | llvm-svn: 282224
* [libFuzzer] move value profiling logic into TracePCKostya Serebryany2016-09-231-3/+1
| | | | llvm-svn: 282219
* [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen ↵Kostya Serebryany2016-09-221-9/+5
| | | | | | and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen llvm-svn: 282211
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-1/+1
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-4/+7
| | | | llvm-svn: 282121
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-0/+2
| | | | llvm-svn: 282044
* [libFuzzer] refactoring: move the Corpus into a separate class; delete two ↵Kostya Serebryany2016-09-211-15/+15
| | | | | | unused experimental features llvm-svn: 282042
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-0/+1
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] don't print help for internal flags Kostya Serebryany2016-09-101-0/+1
| | | | llvm-svn: 281124
* [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly ↵Kostya Serebryany2016-09-091-1/+0
| | | | | | better llvm-svn: 281007
* [libFuzzer] add -minimize_crash flag (to minimize crashers). also add two ↵Kostya Serebryany2016-09-011-8/+99
| | | | | | tests that I failed to commit last time llvm-svn: 280332
* [libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, ↵Kostya Serebryany2016-08-301-5/+5
| | | | | | M<N, caused a buffer overflow llvm-svn: 280098
* [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more ↵Kostya Serebryany2016-08-251-1/+1
| | | | | | useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787
* [libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany2016-08-161-0/+3
| | | | | | affect control flow and treats new values as new coverage. llvm-svn: 278839
* [libFuzzer] print a verbose message after executing inputs in non-fuzzing modeKostya Serebryany2016-08-151-0/+4
| | | | llvm-svn: 278724
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-151-0/+1
| | | | llvm-svn: 275648
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-231-2/+2
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [libFuzzer] make the single-run output more reliableKostya Serebryany2016-06-171-2/+2
| | | | llvm-svn: 272998
* [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew2016-06-071-3/+7
| | | | | | | | | | | | | | | | | | | | | | | This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
* [libfuzzer] prune_corpus option for disabling pruning during the load.Mike Aizatsky2016-06-071-0/+1
| | | | | | | | | | Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035
* [LibFuzzer] Reimplement how the optional user functions are called.Dan Liew2016-06-021-8/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491
* [libFuzzer] when an invalid flag is given, warn, but don't crashKostya Serebryany2016-06-011-2/+3
| | | | llvm-svn: 271404
* [libfuzzer] Trying random unit prefixes during corpus load.Mike Aizatsky2016-05-241-0/+1
| | | | | | Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632
* [libFuzzer] print the file name before executing the input so that if there ↵Kostya Serebryany2016-05-131-1/+2
| | | | | | is a crash we know which files has caused it llvm-svn: 269450
OpenPOWER on IntegriCloud