summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerInternal.h
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] add InsertRepeatedBytes and EraseBytes.Kostya Serebryany2016-08-151-2/+4
| | | | | | | | | | | | | New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687
* [sanitizers] trace buffer API to use user-allocated buffer.Mike Aizatsky2016-08-051-3/+7
| | | | | | Differential Revision: https://reviews.llvm.org/D23185 llvm-svn: 277859
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-151-1/+2
| | | | llvm-svn: 275648
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-231-34/+37
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew2016-06-071-7/+3
| | | | | | | | | | | | | | | | | | | | | | | This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
* [libfuzzer] custom crossover interface function.Mike Aizatsky2016-06-071-0/+2
| | | | | | Differential Revision: http://reviews.llvm.org/D21089 llvm-svn: 272054
* [libfuzzer] prune_corpus option for disabling pruning during the load.Mike Aizatsky2016-06-071-0/+1
| | | | | | | | | | Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035
* [libfuzzer] hiding custom mutator handling in MutationDispatcher.Mike Aizatsky2016-06-031-4/+16
| | | | | | | | Summary: Refactoring, no functional changes. Differential Revision: http://reviews.llvm.org/D20975 llvm-svn: 271740
* [LibFuzzer] Reimplement how the optional user functions are called.Dan Liew2016-06-021-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491
* [libFuzzer] make OOM-handling more portable. Instead of sending a signal to ↵Kostya Serebryany2016-05-271-5/+2
| | | | | | the main fuzzing thread, print the message in the getrusage thread and exit. llvm-svn: 270945
* [libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid ↵Kostya Serebryany2016-05-271-3/+3
| | | | | | pointer to read from llvm-svn: 270942
* [libFuzzer] more refactoring around CurrentUnit. Also add a threading test ↵Kostya Serebryany2016-05-261-5/+3
| | | | | | on which we currently have a race (when reporting bugs from multiple threads) llvm-svn: 270929
* [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFCKostya Serebryany2016-05-261-0/+10
| | | | llvm-svn: 270922
* [libFuzzer] when there is a leak in the existing corpus report the ↵Kostya Serebryany2016-05-261-2/+2
| | | | | | reproducer properly llvm-svn: 270905
* [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in ↵Kostya Serebryany2016-05-261-3/+4
| | | | | | function declarations. Add a test for -only_ascii. NFC intended llvm-svn: 270900
* [libfuzzer] Trying random unit prefixes during corpus load.Mike Aizatsky2016-05-241-1/+5
| | | | | | Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632
* [LibFuzzer]Dan Liew2016-05-191-0/+11
| | | | | | | | | | | | | | | | | | Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX. Under Mac OSX we intercept calls to malloc before thread local storage is initialised leading to a crash when accessing ``AllocTracer``. To workaround this ``AllocTracer`` is only accessed in the hook under Linux. For symmetry ``__sanitizer_free_hook()`` is also modified in the same way. To support this change a set of new macros LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be used to check the target being compiled for. Differential Revision: http://reviews.llvm.org/D20402 llvm-svn: 270145
* [libFuzzer] simplify FuzzerInterface.hKostya Serebryany2016-05-131-0/+4
| | | | llvm-svn: 269448
* [libfuzzer] Refactoring coverage state-management code.Mike Aizatsky2016-05-101-25/+34
| | | | | | | | | It is now less state-dependent and will allow easier comparing of coverages of different units. Differential Revision: http://reviews.llvm.org/D20085 llvm-svn: 269140
* [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print ↵Kostya Serebryany2016-05-061-1/+5
| | | | | | the OOM reproducer. llvm-svn: 268821
* [libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMsKostya Serebryany2016-05-061-0/+1
| | | | llvm-svn: 268807
* [libFuzzer] print stats after running individual inputsKostya Serebryany2016-05-041-1/+1
| | | | llvm-svn: 268547
* [libFuzzer] enable detect_leaks=1, add proper docsKostya Serebryany2016-04-291-1/+1
| | | | llvm-svn: 268088
* [libFuzzer] disable leak detection if we have tried it for 1000 times w/o ↵Kostya Serebryany2016-04-271-0/+1
| | | | | | finding a leak llvm-svn: 267770
* [libFuzzer] remove dead codeKostya Serebryany2016-04-251-1/+0
| | | | llvm-svn: 267455
* [libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, ↵Kostya Serebryany2016-04-201-0/+5
| | | | | | it will help finding leaks while fuzzing llvm-svn: 266838
* [libFuzzer] try to print correct time in seconds when reporting a timeout. ↵Kostya Serebryany2016-04-181-2/+2
| | | | | | Don't report timeouts while still loading the corpus. llvm-svn: 266693
* [libFuzzer] handle SIGTERMKostya Serebryany2016-03-241-0/+1
| | | | llvm-svn: 264338
* [libFuzzer] add a flag close_fd_mask so that we can silence spammy targets ↵Kostya Serebryany2016-03-181-0/+2
| | | | | | by closing stderr/stdout llvm-svn: 263831
* [libFuzzer] improve -merge functionalityKostya Serebryany2016-03-181-1/+7
| | | | llvm-svn: 263769
* [libFuzzer] deprecate several flagsKostya Serebryany2016-03-171-5/+0
| | | | llvm-svn: 263739
* [libFuzzer] try to use max_len based on the items of the corpus instead of ↵Kostya Serebryany2016-03-121-2/+4
| | | | | | blindly defaulting to 64 bytes. llvm-svn: 263323
* [libFuzzer] deprecate exit_on_first flagKostya Serebryany2016-03-011-1/+0
| | | | llvm-svn: 262417
* [libFuzzer] add generic signal handlers so that libFuzzer can report at ↵Kostya Serebryany2016-03-011-1/+12
| | | | | | least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. llvm-svn: 262415
* [libFuzzer] add -print_final_stats=1 flagKostya Serebryany2016-02-261-0/+8
| | | | llvm-svn: 262084
* [libFuzzer] initial implementation of path coverage based on ↵Kostya Serebryany2016-02-261-0/+8
| | | | | | -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds llvm-svn: 262073
* [libFuzzer] only read MaxLen bytes from every file in the corpus to speedup ↵Kostya Serebryany2016-02-181-4/+4
| | | | | | loading the corpus llvm-svn: 261267
* [libFuzzer] remove std::vector operations from hot paths, NFCKostya Serebryany2016-02-131-4/+8
| | | | llvm-svn: 260829
* [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global ↵Kostya Serebryany2016-02-131-0/+1
| | | | | | Fuzzer object for fuzzer::Mutate. This makes custom mutators fast llvm-svn: 260810
* [libFuzzer] simplify CTOR of MutationDispatcherKostya Serebryany2016-02-131-3/+3
| | | | llvm-svn: 260800
* [libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC)Kostya Serebryany2016-02-131-4/+77
| | | | llvm-svn: 260799
* [libFuzzer] get rid of UserSuppliedFuzzer; NFCKostya Serebryany2016-02-131-46/+6
| | | | llvm-svn: 260798
* [libFuzzer] simplify the code around Random. NFCKostya Serebryany2016-02-131-36/+11
| | | | llvm-svn: 260797
* [libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea).Kostya Serebryany2016-02-131-0/+60
| | | | llvm-svn: 260796
* [libFuzzer] allow passing 1 or more files as individual inputsKostya Serebryany2016-02-021-0/+1
| | | | llvm-svn: 259459
* [libFuzzer] add -timeout_exitcode optionKostya Serebryany2016-01-291-0/+1
| | | | llvm-svn: 259265
* [libFuzzer] add -abort_on_timeout optionKostya Serebryany2016-01-231-0/+1
| | | | llvm-svn: 258631
* [libFuzzer] add more fields to DictionaryEntry to count the number of uses ↵Kostya Serebryany2016-01-221-2/+2
| | | | | | and successes llvm-svn: 258589
* Use std::piecewise_constant_distribution instead of ad-hoc binary search.Ivan Krasin2016-01-221-27/+40
| | | | | | | | | | | | | | | Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed. Reviewers: aizatsky, kcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D16487 llvm-svn: 258571
* Revert r258473 as it's breaking the build with libc++Ivan Krasin2016-01-221-6/+1
| | | | | | | | Reviewers: kcc Differential Revision: http://reviews.llvm.org/D16441 llvm-svn: 258479
OpenPOWER on IntegriCloud