summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerFlags.def
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Delete llvm/lib/FuzzerVitaly Buka2017-10-161-139/+0
| | | | | | | | | | | | Summary: Code is already in compiler-rt Reviewers: kcc Subscribers: krytarowski, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D38912 llvm-svn: 315937
* [libFuzzer] explicitly use -fsanitize-coverage=trace-pc-guard in ↵Kostya Serebryany2017-08-141-2/+2
| | | | | | test/dump_coverage.test; mark print_coverage/dump_coverage as To-be-deprecated llvm-svn: 310877
* [libFuzzer] enable reduce_inputs=1 by default (seems to be a big win usually)Kostya Serebryany2017-07-191-2/+2
| | | | llvm-svn: 308541
* [libFuzzer] Allow non-fuzzer args after -ignore_remaining_args=1Justin Bogner2017-07-141-0/+3
| | | | | | | | | | | With this change, libFuzzer will ignore any arguments after a sigil argument, but it will preserve these arguments at the end of the command line when launching subprocesses. Using this, its possible to handle positional and single-dash arguments to the program under test by discarding everything up to -ignore_remaining_args=1 in LLVMFuzzerInitialize. llvm-svn: 308069
* [libFuzzer] refactoring in preparation for -reduce_inputs; NFC intendedKostya Serebryany2017-07-121-1/+3
| | | | llvm-svn: 307857
* [libFuzzer] update docs on -print_coverage/-dump_coverageKostya Serebryany2017-05-091-4/+4
| | | | llvm-svn: 302498
* [libFuzzer] extend help for -minimize_crash to cover ↵Kostya Serebryany2017-04-191-0/+2
| | | | | | ASAN_OPTIONS=dedup_token_length=3 llvm-svn: 300800
* [libFuzzer] remove -output_csv option. It duplicates the default output and ↵Kostya Serebryany2017-04-191-1/+1
| | | | | | got out of sync llvm-svn: 300768
* [libFuzzer] update -help: mention -exact_artifact_path in help for ↵Kostya Serebryany2017-04-191-2/+6
| | | | | | -minimize_crash and -cleanse_crash llvm-svn: 300642
* [libFuzzer] experimental option -cleanse_crash: tries to replace all bytes ↵Kostya Serebryany2017-04-171-0/+2
| | | | | | in a crash reproducer with garbage, while still preserving the crash llvm-svn: 300498
* [libFuzzer] fix type in signal name.Vitaly Buka2017-04-111-1/+1
| | | | | | | | Fixes PR32576. Patch by Jakub Zawadzki. llvm-svn: 299968
* [libFuzzer] add two experimental flags to make corpus merging more scalable: ↵Kostya Serebryany2017-03-221-0/+7
| | | | | | -save_coverage_summary/-load_coverage_summary. This is still WIP, the documentation will come later if these flags survive llvm-svn: 298548
* [libFuzzer] Experimenting with dictionary minimization.Kostya Serebryany2017-03-171-0/+1
| | | | | | | | | | | | | | Summary: Tracking issue: https://github.com/google/oss-fuzz/issues/331 Reviewers: kcc Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D30940 llvm-svn: 298031
* [libFuzzer] experimental support for 'equivalance fuzzing'Kostya Serebryany2017-01-201-0/+3
| | | | llvm-svn: 292646
* [libFuzzer] remove stale codeKostya Serebryany2017-01-181-2/+0
| | | | llvm-svn: 292325
* [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the ↵Kostya Serebryany2017-01-171-1/+1
| | | | | | code between cmp and memcmp handling) llvm-svn: 292287
* [libFuzzer] improve error handling during the merge (handle various IO failures)Kostya Serebryany2017-01-051-0/+1
| | | | llvm-svn: 291182
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-271-0/+1
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt) llvm-svn: 290637
* [libfuzzer] dump_coverage command line flagMike Aizatsky2016-12-191-0/+2
| | | | | | | | Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138
* Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 ↵Daniel Jasper2016-12-171-1/+0
| | | | | | | | | | | that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" This reverts commit r289998. See comment: https://reviews.llvm.org/rL289998 llvm-svn: 290043
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-161-0/+1
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code llvm-svn: 289998
* [libFuzzer] enable the failure-resistant merge by default (with ↵Kostya Serebryany2016-12-151-2/+0
| | | | | | trace-pc-guard only) llvm-svn: 289772
* [libFuzzer] Properly use unsigned for workers, jobs and NumberOfCpuCores.Marcos Pividori2016-12-131-2/+2
| | | | | | | | | | | std::thread::hardware_concurrency() returns an unsigned, so I modify NumberOfCpuCores() to return unsigned too. The number of cpus is used to define the number of workers, so I decided to update the worker and jobs flags to be declared as unsigned too. Differential Revision: https://reviews.llvm.org/D27685 llvm-svn: 289559
* [libFuzzer] implement crash-resistant merge ↵Kostya Serebryany2016-12-091-0/+3
| | | | | | (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). llvm-svn: 289166
* [libFuzzer] fix -error_exitcode=N, now with a test Kostya Serebryany2016-11-031-4/+4
| | | | llvm-svn: 285958
* [libFuzzer] enable use_cmp by defaultKostya Serebryany2016-10-271-1/+1
| | | | llvm-svn: 285353
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-1/+2
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] add -trace_malloc= flagKostya Serebryany2016-10-131-0/+2
| | | | llvm-svn: 284149
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-081-1/+1
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] control the reload interval by a flag, make it 10 seconds by defaultKostya Serebryany2016-10-081-3/+3
| | | | llvm-svn: 283676
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-011-0/+4
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] remove unused optionKostya Serebryany2016-09-301-2/+0
| | | | llvm-svn: 282971
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-0/+3
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-0/+2
| | | | llvm-svn: 282121
* [libFuzzer] refactoring: move the Corpus into a separate class; delete two ↵Kostya Serebryany2016-09-211-3/+2
| | | | | | unused experimental features llvm-svn: 282042
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-1/+2
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly ↵Kostya Serebryany2016-09-091-1/+0
| | | | | | better llvm-svn: 281007
* [libFuzzer] add -minimize_crash flag (to minimize crashers). also add two ↵Kostya Serebryany2016-09-011-0/+4
| | | | | | tests that I failed to commit last time llvm-svn: 280332
* [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more ↵Kostya Serebryany2016-08-251-1/+1
| | | | | | useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787
* [libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany2016-08-161-0/+2
| | | | | | affect control flow and treats new values as new coverage. llvm-svn: 278839
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-151-0/+2
| | | | llvm-svn: 275648
* [libfuzzer] prune_corpus option for disabling pruning during the load.Mike Aizatsky2016-06-071-0/+2
| | | | | | | | | | Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035
* [libfuzzer] Trying random unit prefixes during corpus load.Mike Aizatsky2016-05-241-0/+1
| | | | | | Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632
* [libFuzzer] better document the -merge=1 flagKostya Serebryany2016-05-091-1/+2
| | | | llvm-svn: 268957
* [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print ↵Kostya Serebryany2016-05-061-1/+1
| | | | | | the OOM reproducer. llvm-svn: 268821
* [libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMsKostya Serebryany2016-05-061-0/+2
| | | | llvm-svn: 268807
* [libFuzzer] enable detect_leaks=1, add proper docsKostya Serebryany2016-04-291-1/+1
| | | | llvm-svn: 268088
* [libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, ↵Kostya Serebryany2016-04-201-0/+2
| | | | | | it will help finding leaks while fuzzing llvm-svn: 266838
* [libFuzzer] more docsKostya Serebryany2016-03-291-1/+2
| | | | llvm-svn: 264803
* [libFuzzer] handle SIGTERMKostya Serebryany2016-03-241-0/+1
| | | | llvm-svn: 264338
OpenPOWER on IntegriCloud