summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerDriver.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Delete llvm/lib/FuzzerVitaly Buka2017-10-161-764/+0
| | | | | | | | | | | | Summary: Code is already in compiler-rt Reviewers: kcc Subscribers: krytarowski, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D38912 llvm-svn: 315937
* [libFuzzer] reimplement experimental_len_control=1: bump the temporary ↵Kostya Serebryany2017-07-221-2/+0
| | | | | | max_len every time we failed to find new coverage during the last 1000 runs and 1 second. Also fix FileToVector to not load unfinished files llvm-svn: 308811
* Generate error reports when a fuzz target exits.Matt Morehouse2017-07-201-0/+3
| | | | | | | | | | | | | | | | | | | | | | Summary: Implements https://github.com/google/sanitizers/issues/835. Flush stdout before exiting in test cases. Since the atexit hook is used for exit reports, pending prints to stdout can be lost if they aren't flushed before calling exit(). Expect tests to have non-zero exit code if exit() is called. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: eraman, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D35602 llvm-svn: 308669
* [libFuzzer] Allow non-fuzzer args after -ignore_remaining_args=1Justin Bogner2017-07-141-7/+13
| | | | | | | | | | | With this change, libFuzzer will ignore any arguments after a sigil argument, but it will preserve these arguments at the end of the command line when launching subprocesses. Using this, its possible to handle positional and single-dash arguments to the program under test by discarding everything up to -ignore_remaining_args=1 in LLVMFuzzerInitialize. llvm-svn: 308069
* [libFuzzer] experimental feature -reduce_inputs (off by default) that tries ↵Kostya Serebryany2017-07-131-1/+0
| | | | | | to replace elements in the corpus with smaller ones that have the same feature set. Still needs tuning llvm-svn: 307873
* [libFuzzer] refactoring in preparation for -reduce_inputs; NFC intendedKostya Serebryany2017-07-121-2/+3
| | | | llvm-svn: 307857
* [libFuzzer] change the default max_len from 64 to 4096. This will affect ↵Kostya Serebryany2017-06-151-2/+2
| | | | | | cases where libFuzzer is run w/o initial corpus or with a corpus of very small items. llvm-svn: 305521
* Sort the remaining #include lines in include/... and lib/....Chandler Carruth2017-06-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | I did this a long time ago with a janky python script, but now clang-format has built-in support for this. I fed clang-format every line with a #include and let it re-sort things according to the precise LLVM rules for include ordering baked into clang-format these days. I've reverted a number of files where the results of sorting includes isn't healthy. Either places where we have legacy code relying on particular include ordering (where possible, I'll fix these separately) or where we have particular formatting around #include lines that I didn't want to disturb in this patch. This patch is *entirely* mechanical. If you get merge conflicts or anything, just ignore the changes in this patch and run clang-format over your #include lines in the files. Sorry for any noise here, but it is important to keep these things stable. I was seeing an increasing number of patches with irrelevant re-ordering of #include lines because clang-format was used. This patch at least isolates that churn, makes it easy to skip when resolving conflicts, and gets us to a clean baseline (again). llvm-svn: 304787
* [llvm] Remove double semicolonsMandeep Singh Grang2017-06-061-1/+1
| | | | | | | | | | | | Reviewers: craig.topper, arsenm, mehdi_amini Reviewed By: mehdi_amini Subscribers: mehdi_amini, wdng, nhaehnle, javed.absar, llvm-commits Differential Revision: https://reviews.llvm.org/D33924 llvm-svn: 304767
* [libFuzzer] make sure the input data is not overwritten in the fuzz target ↵Kostya Serebryany2017-05-091-1/+2
| | | | | | (if it is -- report an error) llvm-svn: 302494
* [libFuzzer] remove -output_csv option. It duplicates the default output and ↵Kostya Serebryany2017-04-191-1/+0
| | | | | | got out of sync llvm-svn: 300768
* [libFuzzer] experimental option -cleanse_crash: tries to replace all bytes ↵Kostya Serebryany2017-04-171-0/+63
| | | | | | in a crash reproducer with garbage, while still preserving the crash llvm-svn: 300498
* [libFuzzer] read asan's dedup_token while minimizing a crash and stop ↵Kostya Serebryany2017-03-251-4/+37
| | | | | | minimization if another bug was found during minimization (https://github.com/google/oss-fuzz/issues/452) llvm-svn: 298755
* [libFuzzer] honor -exact_artifact_path for all intermediate files during ↵Kostya Serebryany2017-03-241-1/+3
| | | | | | crash minimization (https://github.com/google/oss-fuzz/issues/250) llvm-svn: 298740
* [libFuzzer] add two experimental flags to make corpus merging more scalable: ↵Kostya Serebryany2017-03-221-1/+3
| | | | | | -save_coverage_summary/-load_coverage_summary. This is still WIP, the documentation will come later if these flags survive llvm-svn: 298548
* [libFuzzer] Experimenting with dictionary minimization.Kostya Serebryany2017-03-171-0/+81
| | | | | | | | | | | | | | Summary: Tracking issue: https://github.com/google/oss-fuzz/issues/331 Reviewers: kcc Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D30940 llvm-svn: 298031
* [libFuzzer] remove more stale codeKostya Serebryany2017-03-141-8/+4
| | | | llvm-svn: 297785
* Use "%zd" format specifier for printing number of testcases executed.Kostya Serebryany2017-02-141-1/+1
| | | | | | | | | | | | | | | | | | Summary: This helps to avoid signed integer overflow after running a fast fuzz target for several hours, e.g.: <...> Done -1097903291 runs in 54001 second(s) Reviewers: kcc Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D29941 llvm-svn: 295112
* [libFuzzer] increase the default size for shmemKostya Serebryany2017-02-011-2/+2
| | | | llvm-svn: 293722
* [libFuzzer] use print+exit(1) instead of assert to report an errorKostya Serebryany2017-01-211-2/+4
| | | | llvm-svn: 292685
* [libFuzzer] add an assert to protect against LLVMFuzzerInitialize changing ↵Kostya Serebryany2017-01-201-0/+3
| | | | | | argv[0] llvm-svn: 292652
* [libFuzzer] experimental support for 'equivalance fuzzing'Kostya Serebryany2017-01-201-0/+26
| | | | llvm-svn: 292646
* [libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't ↵Kostya Serebryany2017-01-191-10/+11
| | | | | | special case 2-byte inputs llvm-svn: 292511
* [libFuzzer] remove stale codeKostya Serebryany2017-01-181-1/+0
| | | | llvm-svn: 292325
* [libFuzzer] improve error handling during the merge (handle various IO failures)Kostya Serebryany2017-01-051-0/+1
| | | | llvm-svn: 291182
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-271-0/+3
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt) llvm-svn: 290637
* [libFuzzer] fix UB and simplify the computation of the RNG seed ↵Kostya Serebryany2016-12-271-2/+2
| | | | | | (https://llvm.org/bugs/show_bug.cgi?id=31456) llvm-svn: 290622
* [libfuzzer] dump_coverage command line flagMike Aizatsky2016-12-191-0/+1
| | | | | | | | Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138
* Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 ↵Daniel Jasper2016-12-171-3/+0
| | | | | | | | | | | that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" This reverts commit r289998. See comment: https://reviews.llvm.org/rL289998 llvm-svn: 290043
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-161-0/+3
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code llvm-svn: 289998
* [libFuzzer] enable the failure-resistant merge by default (with ↵Kostya Serebryany2016-12-151-11/+9
| | | | | | trace-pc-guard only) llvm-svn: 289772
* [libFuzzer] Clean up headers and file formatting of LibFuzzer files.Marcos Pividori2016-12-131-1/+0
| | | | | | | | | | | | Reorganize #includes to follow LLVM Coding Standards. Include some missing headers. Required to use `Printf()`. Aside from that, this patch contains no functional change. It is purely a re-organization. Differential Revision: https://reviews.llvm.org/D27363 llvm-svn: 289560
* [libFuzzer] Properly use unsigned for workers, jobs and NumberOfCpuCores.Marcos Pividori2016-12-131-8/+8
| | | | | | | | | | | std::thread::hardware_concurrency() returns an unsigned, so I modify NumberOfCpuCores() to return unsigned too. The number of cpus is used to define the number of workers, so I decided to update the worker and jobs flags to be declared as unsigned too. Differential Revision: https://reviews.llvm.org/D27685 llvm-svn: 289559
* [libFuzzer] Improve Signal Handler interface.Marcos Pividori2016-12-131-10/+8
| | | | | | | | | | | | Add new flags to FuzzingOptions to represent the different conditions on the signal handling. These options are passed when calling SetSignalHandler(). This changes simplify the implementation of Windows's exception handling. Now we can define a unique handler for all the exceptions. Differential Revision: https://reviews.llvm.org/D27238 llvm-svn: 289557
* [libFuzzer] don't require extra flags with -minimize_crash=1 (default to ↵Kostya Serebryany2016-12-131-6/+12
| | | | | | -max_total_time=600). Also respect exact_artifact_path when outputting the end result llvm-svn: 289506
* [libFuzzer] implement crash-resistant merge ↵Kostya Serebryany2016-12-091-7/+12
| | | | | | (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). llvm-svn: 289166
* Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner2016-12-021-2/+1
| | | | | | | | This resubmits r288529, which was resubmitted because it broke a fuzzer bot. According to kcc@ the test that broke was flakey and it is unlikely to be a result of this patch. llvm-svn: 288549
* Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner2016-12-021-1/+2
| | | | | | | This reverts commit r288529, as it seems to introduce some problems on the Linux bots. llvm-svn: 288533
* [LibFuzzer] Split FuzzerUtil for Posix and Windows.Zachary Turner2016-12-021-2/+1
| | | | | | | | | | Pave the way for separating out platform specific utility functions into separate files. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27234 llvm-svn: 288529
* [LibFuzzer] Split up some functions among different headers.Zachary Turner2016-11-301-0/+1
| | | | | | | | | | | | | | | | | | | | | In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
* [libFuzzer] replace 'auto' with 'auto *' to better follow the LLVM styleKostya Serebryany2016-11-141-3/+3
| | | | llvm-svn: 286870
* [libFuzzer] use a valid ASCII string for a dummy seed corpusKostya Serebryany2016-11-121-1/+1
| | | | llvm-svn: 286702
* [libFuzzer] use less stackKostya Serebryany2016-11-121-16/+16
| | | | llvm-svn: 286689
* [libFuzzer] fix -error_exitcode=N, now with a test Kostya Serebryany2016-11-031-0/+1
| | | | llvm-svn: 285958
* [libFuzzer] detect leaks after every run when executing fixed inputs ↵Kostya Serebryany2016-10-181-0/+1
| | | | | | (./fuzzer -runs=1000000 my-file) llvm-svn: 284514
* [libFuzzer] better algorithm for -minimize_crashKostya Serebryany2016-10-151-1/+1
| | | | llvm-svn: 284299
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-0/+1
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] add -trace_malloc= flagKostya Serebryany2016-10-131-0/+1
| | | | llvm-svn: 284149
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-081-2/+3
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] control the reload interval by a flag, make it 10 seconds by defaultKostya Serebryany2016-10-081-1/+1
| | | | llvm-svn: 283676
OpenPOWER on IntegriCloud