summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerDriver.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] replace 'auto' with 'auto *' to better follow the LLVM styleKostya Serebryany2016-11-141-3/+3
| | | | llvm-svn: 286870
* [libFuzzer] use a valid ASCII string for a dummy seed corpusKostya Serebryany2016-11-121-1/+1
| | | | llvm-svn: 286702
* [libFuzzer] use less stackKostya Serebryany2016-11-121-16/+16
| | | | llvm-svn: 286689
* [libFuzzer] fix -error_exitcode=N, now with a test Kostya Serebryany2016-11-031-0/+1
| | | | llvm-svn: 285958
* [libFuzzer] detect leaks after every run when executing fixed inputs ↵Kostya Serebryany2016-10-181-0/+1
| | | | | | (./fuzzer -runs=1000000 my-file) llvm-svn: 284514
* [libFuzzer] better algorithm for -minimize_crashKostya Serebryany2016-10-151-1/+1
| | | | llvm-svn: 284299
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-0/+1
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] add -trace_malloc= flagKostya Serebryany2016-10-131-0/+1
| | | | llvm-svn: 284149
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-081-2/+3
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] control the reload interval by a flag, make it 10 seconds by defaultKostya Serebryany2016-10-081-1/+1
| | | | llvm-svn: 283676
* [libFuzzer] be more careful with memory usage, print peak rss in status linesKostya Serebryany2016-10-061-0/+1
| | | | llvm-svn: 283418
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-051-1/+1
| | | | llvm-svn: 283409
* [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller ↵Kostya Serebryany2016-10-051-1/+1
| | | | | | elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines llvm-svn: 283279
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-011-0/+3
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] remove unused optionKostya Serebryany2016-09-301-1/+0
| | | | llvm-svn: 282971
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-0/+2
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-231-1/+1
| | | | llvm-svn: 282224
* [libFuzzer] move value profiling logic into TracePCKostya Serebryany2016-09-231-3/+1
| | | | llvm-svn: 282219
* [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen ↵Kostya Serebryany2016-09-221-9/+5
| | | | | | and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen llvm-svn: 282211
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-1/+1
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-4/+7
| | | | llvm-svn: 282121
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-0/+2
| | | | llvm-svn: 282044
* [libFuzzer] refactoring: move the Corpus into a separate class; delete two ↵Kostya Serebryany2016-09-211-15/+15
| | | | | | unused experimental features llvm-svn: 282042
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-0/+1
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] don't print help for internal flags Kostya Serebryany2016-09-101-0/+1
| | | | llvm-svn: 281124
* [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly ↵Kostya Serebryany2016-09-091-1/+0
| | | | | | better llvm-svn: 281007
* [libFuzzer] add -minimize_crash flag (to minimize crashers). also add two ↵Kostya Serebryany2016-09-011-8/+99
| | | | | | tests that I failed to commit last time llvm-svn: 280332
* [libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, ↵Kostya Serebryany2016-08-301-5/+5
| | | | | | M<N, caused a buffer overflow llvm-svn: 280098
* [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more ↵Kostya Serebryany2016-08-251-1/+1
| | | | | | useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787
* [libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany2016-08-161-0/+3
| | | | | | affect control flow and treats new values as new coverage. llvm-svn: 278839
* [libFuzzer] print a verbose message after executing inputs in non-fuzzing modeKostya Serebryany2016-08-151-0/+4
| | | | llvm-svn: 278724
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-151-0/+1
| | | | llvm-svn: 275648
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-231-2/+2
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [libFuzzer] make the single-run output more reliableKostya Serebryany2016-06-171-2/+2
| | | | llvm-svn: 272998
* [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew2016-06-071-3/+7
| | | | | | | | | | | | | | | | | | | | | | | This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
* [libfuzzer] prune_corpus option for disabling pruning during the load.Mike Aizatsky2016-06-071-0/+1
| | | | | | | | | | Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035
* [LibFuzzer] Reimplement how the optional user functions are called.Dan Liew2016-06-021-8/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491
* [libFuzzer] when an invalid flag is given, warn, but don't crashKostya Serebryany2016-06-011-2/+3
| | | | llvm-svn: 271404
* [libfuzzer] Trying random unit prefixes during corpus load.Mike Aizatsky2016-05-241-0/+1
| | | | | | Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632
* [libFuzzer] print the file name before executing the input so that if there ↵Kostya Serebryany2016-05-131-1/+2
| | | | | | is a crash we know which files has caused it llvm-svn: 269450
* [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print ↵Kostya Serebryany2016-05-061-3/+4
| | | | | | the OOM reproducer. llvm-svn: 268821
* [libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMsKostya Serebryany2016-05-061-0/+17
| | | | llvm-svn: 268807
* [libFuzzer] print stats after running individual inputsKostya Serebryany2016-05-041-1/+2
| | | | llvm-svn: 268547
* [libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, ↵Kostya Serebryany2016-04-201-0/+1
| | | | | | it will help finding leaks while fuzzing llvm-svn: 266838
* [libFuzzer] warn if the corpus is emptyKostya Serebryany2016-04-181-1/+4
| | | | llvm-svn: 266670
* [NFC] Header cleanupMehdi Amini2016-04-181-7/+5
| | | | | | | | | | | | | | Removed some unused headers, replaced some headers with forward class declarations. Found using simple scripts like this one: clear && ack --cpp -l '#include "llvm/ADT/IndexedMap.h"' | xargs grep -L 'IndexedMap[<]' | xargs grep -n --color=auto 'IndexedMap' Patch by Eugene Kosov <claprix@yandex.ru> Differential Revision: http://reviews.llvm.org/D19219 From: Mehdi Amini <mehdi.amini@apple.com> llvm-svn: 266595
* [libFuzzer] add a better warning for command line flags with -- (two dashes)Kostya Serebryany2016-04-151-0/+3
| | | | llvm-svn: 266480
* Remove redundant .c_str(), as suggested by PR25633Hans Wennborg2016-04-111-1/+1
| | | | llvm-svn: 265988
* [libFuzzer] handle SIGTERMKostya Serebryany2016-03-241-0/+1
| | | | llvm-svn: 264338
* [libFuzzer] add a flag close_fd_mask so that we can silence spammy targets ↵Kostya Serebryany2016-03-181-0/+5
| | | | | | by closing stderr/stdout llvm-svn: 263831
OpenPOWER on IntegriCloud