summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerDriver.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] add -shuffle flagKostya Serebryany2015-10-171-0/+1
| | | | llvm-svn: 250603
* [libFuzzer] When -test_single_input crashes the test it is not necessary to ↵Kostya Serebryany2015-10-161-4/+5
| | | | | | write crash-file because input is already known to the user. Patch by Mike Aizatsky llvm-svn: 250564
* [libFuzzer] add -artifact_prefix flagKostya Serebryany2015-10-091-0/+2
| | | | llvm-svn: 249807
* [libFuzzer] trying to fix at-exit hangKostya Serebryany2015-10-031-1/+1
| | | | llvm-svn: 249231
* [libFuzzer] remove experimental flag and functionalityKostya Serebryany2015-10-021-1/+0
| | | | llvm-svn: 249194
* [libFuzzer] add a flag -max_total_timeKostya Serebryany2015-10-021-0/+1
| | | | llvm-svn: 249181
* [LibFuzzer] test_single_input option to run a single test case.Ivan Krasin2015-10-011-0/+9
| | | | | | | | | | -test_single_input flag specifies a file name with test data. Review URL: http://reviews.llvm.org/D13359 Patch by Mike Aizatsky! llvm-svn: 249096
* [libFuzzer] add two more variants of FuzzerDriver for convenienceKostya Serebryany2015-09-101-20/+33
| | | | llvm-svn: 247300
* [libFuzzer] remove -iterations as redundant (there is also -num_runs)Kostya Serebryany2015-09-081-1/+1
| | | | llvm-svn: 247030
* [libFuzzer] actually make the dictionaries work (+docs)Kostya Serebryany2015-09-041-6/+5
| | | | llvm-svn: 246825
* [libFuzzer] adding a parser for AFL-style dictionaries + tests.Kostya Serebryany2015-09-031-0/+7
| | | | llvm-svn: 246800
* [libFuzzer] deprecate the -tokens flag. This was a bad idea because the ↵Kostya Serebryany2015-09-021-1/+1
| | | | | | corpus with this flag contains encrypted inputs, not the real inputs, which complicates interoperation with other fuzzers. Instead we'll need to implement AFL dictionary support llvm-svn: 246734
* [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the ↵Kostya Serebryany2015-08-121-0/+2
| | | | | | trace-based-mutations are applied llvm-svn: 244712
* [libFuzzer] add -only_ascii flagKostya Serebryany2015-08-111-0/+1
| | | | llvm-svn: 244559
* [libFuzzer] add option -report_slow_units=Nsec to control when slow units ↵Kostya Serebryany2015-08-051-0/+1
| | | | | | are printed llvm-svn: 244152
* [libFuzzer] allow users to supply their own implementation of randKostya Serebryany2015-07-241-2/+3
| | | | llvm-svn: 243078
* [lib/Fuzzer] start getting rid of std::cerr. Sadly, these parts of C++ ↵Kostya Serebryany2015-05-231-35/+33
| | | | | | library used in libFuzzer badly interract with the same code used in the target function and also with dfsan. It's easier to just not use std::cerr than to defeat these issues. llvm-svn: 238078
* [lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is ↵Kostya Serebryany2015-05-221-1/+0
| | | | | | unlikely to ever scale llvm-svn: 238063
* [lib/Fuzzer] extend the fuzzer interface to allow user-supplied mutatorsKostya Serebryany2015-05-221-1/+6
| | | | llvm-svn: 238059
* [lib/Fuzzer] ignore flags that start with --; use git pull --rebase instead ↵Kostya Serebryany2015-05-211-0/+10
| | | | | | of just git pull llvm-svn: 237950
* [lib/Fuzzer] change the meaning of -timeout flag: now timeout is applied to ↵Kostya Serebryany2015-05-191-1/+2
| | | | | | every unit of work separately llvm-svn: 237735
* [lib/Fuzzer] when -sync_command=<CMD> is given, periodically execute 'CMD ↵Kostya Serebryany2015-05-181-0/+3
| | | | | | CORPUS' to synchronize with other processes llvm-svn: 237617
* [lib/Fuzzer] guess the right number of workers if -jobs=N is given but ↵Kostya Serebryany2015-05-121-0/+6
| | | | | | -workers=M is not. Update the docs. llvm-svn: 237163
* [lib/Fuzzer] remove the -dfsan=1 flag, just use -use_traces=1 (w/ or w/o dfsan)Kostya Serebryany2015-05-121-1/+0
| | | | llvm-svn: 237083
* [lib/Fuzzer] detach the pulse thread instad of joining itKostya Serebryany2015-05-121-1/+1
| | | | llvm-svn: 237082
* [lib/Fuzzer] when running multiple fuzzing processes, print something every ↵Kostya Serebryany2015-05-111-2/+14
| | | | | | 10 minutes to avoid buildbot timeouts llvm-svn: 237054
* [lib/Fuzzer] add a trace-based mutatation logic. Same idea as with ↵Kostya Serebryany2015-05-111-0/+1
| | | | | | DFSan-based mutator, but instead of relying on taint tracking, try to find the data directly in the input. More (logic and comments) to go. llvm-svn: 237043
* [lib/Fuzzer] use -fsanitize-coverage=trace-cmp when building LLVM with ↵Kostya Serebryany2015-05-081-1/+4
| | | | | | LLVM_USE_SANITIZE_COVERAGE; in lib/Fuzzer try to reload the corpus to pick up new units from other processes llvm-svn: 236906
* [fuzzer] Add support for token-based fuzzing (e.g. for C++). Allow string ↵Kostya Serebryany2015-03-311-12/+65
| | | | | | flags. llvm-svn: 233745
* DFSan-based fuzzer (proof of concept).Kostya Serebryany2015-03-301-0/+1
| | | | | | | | | | | | | | | | | | Summary: This adds a simple DFSan-based (i.e. taint-guided) fuzzer mutator, see the comments for details. Test Plan: a test added Reviewers: samsonov, pcc Reviewed By: samsonov, pcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D8669 llvm-svn: 233613
* [sanitizer/coverage] Add AFL-style coverage counters (search heuristic for ↵Kostya Serebryany2015-03-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | fuzzing). Introduce -mllvm -sanitizer-coverage-8bit-counters=1 which adds imprecise thread-unfriendly 8-bit coverage counters. The run-time library maps these 8-bit counters to 8-bit bitsets in the same way AFL (http://lcamtuf.coredump.cx/afl/technical_details.txt) does: counter values are divided into 8 ranges and based on the counter value one of the bits in the bitset is set. The AFL ranges are used here: 1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+. These counters provide a search heuristic for single-threaded coverage-guided fuzzers, we do not expect them to be useful for other purposes. Depending on the value of -fsanitize-coverage=[123] flag, these counters will be added to the function entry blocks (=1), every basic block (=2), or every edge (=3). Use these counters as an optional search heuristic in the Fuzzer library. Add a test where this heuristic is critical. llvm-svn: 231166
* [fuzzer] one more experimental search mode: -use_coverage_pairs=1 Kostya Serebryany2015-02-201-0/+1
| | | | llvm-svn: 229957
* [fuzzer] split main() into FuzzerDriver() that takes a callback as a ↵Kostya Serebryany2015-02-191-0/+198
parameter and a tiny main() in a separate file llvm-svn: 229882
OpenPOWER on IntegriCloud