summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerInternal.h
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Fix bug in detecting timeouts when input string is empty.Marcos Pividori2016-12-131-0/+1
| | | | | | | | | | | | | | I added a new flag RunningCB to know if the Fuzzer's main thread is running the CB function, instead of using (!CurrentUnitSize). (!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp, inside ShuffleAndMinimize() function, we execute the callback with an empty string (size=0). Previous implementation failed to detect timeouts in that execution. Also, I add a regression test for that case. Differential Revision: https://reviews.llvm.org/D27433 llvm-svn: 289561
* [libFuzzer] Clean up headers and file formatting of LibFuzzer files.Marcos Pividori2016-12-131-7/+6
| | | | | | | | | | | | Reorganize #includes to follow LLVM Coding Standards. Include some missing headers. Required to use `Printf()`. Aside from that, this patch contains no functional change. It is purely a re-organization. Differential Revision: https://reviews.llvm.org/D27363 llvm-svn: 289560
* [libFuzzer] implement crash-resistant merge ↵Kostya Serebryany2016-12-091-0/+3
| | | | | | (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). llvm-svn: 289166
* [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that ↵Kostya Serebryany2016-11-301-0/+2
| | | | | | exceeds the limit llvm-svn: 288281
* [LibFuzzer] Split up some functions among different headers.Zachary Turner2016-11-301-0/+1
| | | | | | | | | | | | | | | | | | | | | In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
* [libFuzzer] simplify the code to print new PCsKostya Serebryany2016-10-261-2/+0
| | | | llvm-svn: 285145
* [libFuzzer] detect leaks after every run when executing fixed inputs ↵Kostya Serebryany2016-10-181-2/+2
| | | | | | (./fuzzer -runs=1000000 my-file) llvm-svn: 284514
* [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_itemKostya Serebryany2016-10-181-2/+1
| | | | llvm-svn: 284508
* [libFuzzer] better algorithm for -minimize_crashKostya Serebryany2016-10-151-0/+8
| | | | llvm-svn: 284299
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-051-6/+2
| | | | llvm-svn: 283409
* [libFuzzer] remove dfsan support and some related stale code. This is not ↵Kostya Serebryany2016-10-041-1/+0
| | | | | | being used and as is is pretty weak anyway llvm-svn: 283187
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-011-0/+1
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] remove some experimental codeKostya Serebryany2016-09-301-1/+1
| | | | llvm-svn: 282983
* [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still ↵Kostya Serebryany2016-09-301-7/+0
| | | | | | works with the new one (trace-pc-guard) llvm-svn: 282831
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-0/+1
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] simplify HandleTrace again, start re-running interesting units ↵Kostya Serebryany2016-09-231-0/+1
| | | | | | and collecting their features. llvm-svn: 282316
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-231-1/+1
| | | | llvm-svn: 282224
* [libFuzzer] move value profiling logic into TracePCKostya Serebryany2016-09-231-4/+0
| | | | llvm-svn: 282219
* [libFuzzer] change ValueBitMap to remember the number of bits in itKostya Serebryany2016-09-231-3/+1
| | | | llvm-svn: 282216
* [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen ↵Kostya Serebryany2016-09-221-2/+6
| | | | | | and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen llvm-svn: 282211
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-1/+1
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-10/+5
| | | | llvm-svn: 282121
* [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a ↵Kostya Serebryany2016-09-211-13/+2
| | | | | | unit from the corpus, use the stored one. llvm-svn: 282115
* [libFuzzer] fix libc++ buildKostya Serebryany2016-09-211-0/+1
| | | | llvm-svn: 282050
* [libFuzzer] more refactoring; NFCKostya Serebryany2016-09-211-38/+1
| | | | llvm-svn: 282047
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-389/+2
| | | | llvm-svn: 282044
* [libFuzzer] refactoring: move the Corpus into a separate class; delete two ↵Kostya Serebryany2016-09-211-15/+41
| | | | | | unused experimental features llvm-svn: 282042
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-0/+7
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change ↵Kostya Serebryany2016-09-181-3/+6
| | | | | | the guard type to intptr_t; use separate array for 8-bit counters llvm-svn: 281845
* [libFuzzer] properly reset the guards when reseting the coverage. Also try ↵Kostya Serebryany2016-09-171-0/+3
| | | | | | to fix check-fuzzer on the bot llvm-svn: 281814
* [libFuzzer] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-171-3/+20
| | | | llvm-svn: 281810
* [libFuzzer] make caller-callee feedback work with trace-pc-guardKostya Serebryany2016-09-151-0/+1
| | | | llvm-svn: 281667
* [libFuzzer] implement print_pcs with trace-pc-guard. Change the ↵Kostya Serebryany2016-09-151-0/+15
| | | | | | trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) llvm-svn: 281577
* [libFuzzer] add 8-bit counters to trace-pc-guard handlerKostya Serebryany2016-09-151-2/+13
| | | | llvm-svn: 281568
* [libFuzzer] start using trace-pc-guard as an alternative source of coverageKostya Serebryany2016-09-141-7/+12
| | | | llvm-svn: 281435
* [libFuzzer] print a visible message if merge fails due to a crash Kostya Serebryany2016-09-101-0/+2
| | | | llvm-svn: 281122
* [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itselfKostya Serebryany2016-09-091-3/+2
| | | | llvm-svn: 281016
* [libFuzzer] remove unneeded callKostya Serebryany2016-09-091-1/+0
| | | | llvm-svn: 281014
* [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly ↵Kostya Serebryany2016-09-091-1/+0
| | | | | | better llvm-svn: 281007
* [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more ↵Kostya Serebryany2016-08-251-1/+3
| | | | | | useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787
* [libFuzzer] simplify the code, NFCKostya Serebryany2016-08-251-4/+9
| | | | llvm-svn: 279697
* [libFuzzer] use __attribute__((target("popcnt"))) only on x86_64Kostya Serebryany2016-08-241-4/+10
| | | | llvm-svn: 279601
* [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage ↵Kostya Serebryany2016-08-171-0/+2
| | | | | | from r278970 llvm-svn: 278982
* [libFuzzer] when printing the reproducer input, also print the base input ↵Kostya Serebryany2016-08-171-0/+2
| | | | | | and the mutation sequence llvm-svn: 278975
* [libFuzzer] more mutationsKostya Serebryany2016-08-171-0/+7
| | | | llvm-svn: 278950
* [libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany2016-08-161-0/+8
| | | | | | affect control flow and treats new values as new coverage. llvm-svn: 278839
* [libFuzzer] refactoring around PCMap, NFCKostya Serebryany2016-08-161-5/+7
| | | | llvm-svn: 278825
* [libFuzzer] add InsertRepeatedBytes and EraseBytes.Kostya Serebryany2016-08-151-2/+4
| | | | | | | | | | | | | New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687
* [sanitizers] trace buffer API to use user-allocated buffer.Mike Aizatsky2016-08-051-3/+7
| | | | | | Differential Revision: https://reviews.llvm.org/D23185 llvm-svn: 277859
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-151-1/+2
| | | | llvm-svn: 275648
OpenPOWER on IntegriCloud