summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerInternal.h
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] make caller-callee feedback work with trace-pc-guardKostya Serebryany2016-09-151-0/+1
| | | | llvm-svn: 281667
* [libFuzzer] implement print_pcs with trace-pc-guard. Change the ↵Kostya Serebryany2016-09-151-0/+15
| | | | | | trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) llvm-svn: 281577
* [libFuzzer] add 8-bit counters to trace-pc-guard handlerKostya Serebryany2016-09-151-2/+13
| | | | llvm-svn: 281568
* [libFuzzer] start using trace-pc-guard as an alternative source of coverageKostya Serebryany2016-09-141-7/+12
| | | | llvm-svn: 281435
* [libFuzzer] print a visible message if merge fails due to a crash Kostya Serebryany2016-09-101-0/+2
| | | | llvm-svn: 281122
* [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itselfKostya Serebryany2016-09-091-3/+2
| | | | llvm-svn: 281016
* [libFuzzer] remove unneeded callKostya Serebryany2016-09-091-1/+0
| | | | llvm-svn: 281014
* [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly ↵Kostya Serebryany2016-09-091-1/+0
| | | | | | better llvm-svn: 281007
* [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more ↵Kostya Serebryany2016-08-251-1/+3
| | | | | | useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787
* [libFuzzer] simplify the code, NFCKostya Serebryany2016-08-251-4/+9
| | | | llvm-svn: 279697
* [libFuzzer] use __attribute__((target("popcnt"))) only on x86_64Kostya Serebryany2016-08-241-4/+10
| | | | llvm-svn: 279601
* [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage ↵Kostya Serebryany2016-08-171-0/+2
| | | | | | from r278970 llvm-svn: 278982
* [libFuzzer] when printing the reproducer input, also print the base input ↵Kostya Serebryany2016-08-171-0/+2
| | | | | | and the mutation sequence llvm-svn: 278975
* [libFuzzer] more mutationsKostya Serebryany2016-08-171-0/+7
| | | | llvm-svn: 278950
* [libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany2016-08-161-0/+8
| | | | | | affect control flow and treats new values as new coverage. llvm-svn: 278839
* [libFuzzer] refactoring around PCMap, NFCKostya Serebryany2016-08-161-5/+7
| | | | llvm-svn: 278825
* [libFuzzer] add InsertRepeatedBytes and EraseBytes.Kostya Serebryany2016-08-151-2/+4
| | | | | | | | | | | | | New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687
* [sanitizers] trace buffer API to use user-allocated buffer.Mike Aizatsky2016-08-051-3/+7
| | | | | | Differential Revision: https://reviews.llvm.org/D23185 llvm-svn: 277859
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-151-1/+2
| | | | llvm-svn: 275648
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-231-34/+37
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew2016-06-071-7/+3
| | | | | | | | | | | | | | | | | | | | | | | This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
* [libfuzzer] custom crossover interface function.Mike Aizatsky2016-06-071-0/+2
| | | | | | Differential Revision: http://reviews.llvm.org/D21089 llvm-svn: 272054
* [libfuzzer] prune_corpus option for disabling pruning during the load.Mike Aizatsky2016-06-071-0/+1
| | | | | | | | | | Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035
* [libfuzzer] hiding custom mutator handling in MutationDispatcher.Mike Aizatsky2016-06-031-4/+16
| | | | | | | | Summary: Refactoring, no functional changes. Differential Revision: http://reviews.llvm.org/D20975 llvm-svn: 271740
* [LibFuzzer] Reimplement how the optional user functions are called.Dan Liew2016-06-021-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491
* [libFuzzer] make OOM-handling more portable. Instead of sending a signal to ↵Kostya Serebryany2016-05-271-5/+2
| | | | | | the main fuzzing thread, print the message in the getrusage thread and exit. llvm-svn: 270945
* [libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid ↵Kostya Serebryany2016-05-271-3/+3
| | | | | | pointer to read from llvm-svn: 270942
* [libFuzzer] more refactoring around CurrentUnit. Also add a threading test ↵Kostya Serebryany2016-05-261-5/+3
| | | | | | on which we currently have a race (when reporting bugs from multiple threads) llvm-svn: 270929
* [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFCKostya Serebryany2016-05-261-0/+10
| | | | llvm-svn: 270922
* [libFuzzer] when there is a leak in the existing corpus report the ↵Kostya Serebryany2016-05-261-2/+2
| | | | | | reproducer properly llvm-svn: 270905
* [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in ↵Kostya Serebryany2016-05-261-3/+4
| | | | | | function declarations. Add a test for -only_ascii. NFC intended llvm-svn: 270900
* [libfuzzer] Trying random unit prefixes during corpus load.Mike Aizatsky2016-05-241-1/+5
| | | | | | Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632
* [LibFuzzer]Dan Liew2016-05-191-0/+11
| | | | | | | | | | | | | | | | | | Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX. Under Mac OSX we intercept calls to malloc before thread local storage is initialised leading to a crash when accessing ``AllocTracer``. To workaround this ``AllocTracer`` is only accessed in the hook under Linux. For symmetry ``__sanitizer_free_hook()`` is also modified in the same way. To support this change a set of new macros LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be used to check the target being compiled for. Differential Revision: http://reviews.llvm.org/D20402 llvm-svn: 270145
* [libFuzzer] simplify FuzzerInterface.hKostya Serebryany2016-05-131-0/+4
| | | | llvm-svn: 269448
* [libfuzzer] Refactoring coverage state-management code.Mike Aizatsky2016-05-101-25/+34
| | | | | | | | | It is now less state-dependent and will allow easier comparing of coverages of different units. Differential Revision: http://reviews.llvm.org/D20085 llvm-svn: 269140
* [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print ↵Kostya Serebryany2016-05-061-1/+5
| | | | | | the OOM reproducer. llvm-svn: 268821
* [libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMsKostya Serebryany2016-05-061-0/+1
| | | | llvm-svn: 268807
* [libFuzzer] print stats after running individual inputsKostya Serebryany2016-05-041-1/+1
| | | | llvm-svn: 268547
* [libFuzzer] enable detect_leaks=1, add proper docsKostya Serebryany2016-04-291-1/+1
| | | | llvm-svn: 268088
* [libFuzzer] disable leak detection if we have tried it for 1000 times w/o ↵Kostya Serebryany2016-04-271-0/+1
| | | | | | finding a leak llvm-svn: 267770
* [libFuzzer] remove dead codeKostya Serebryany2016-04-251-1/+0
| | | | llvm-svn: 267455
* [libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, ↵Kostya Serebryany2016-04-201-0/+5
| | | | | | it will help finding leaks while fuzzing llvm-svn: 266838
* [libFuzzer] try to print correct time in seconds when reporting a timeout. ↵Kostya Serebryany2016-04-181-2/+2
| | | | | | Don't report timeouts while still loading the corpus. llvm-svn: 266693
* [libFuzzer] handle SIGTERMKostya Serebryany2016-03-241-0/+1
| | | | llvm-svn: 264338
* [libFuzzer] add a flag close_fd_mask so that we can silence spammy targets ↵Kostya Serebryany2016-03-181-0/+2
| | | | | | by closing stderr/stdout llvm-svn: 263831
* [libFuzzer] improve -merge functionalityKostya Serebryany2016-03-181-1/+7
| | | | llvm-svn: 263769
* [libFuzzer] deprecate several flagsKostya Serebryany2016-03-171-5/+0
| | | | llvm-svn: 263739
* [libFuzzer] try to use max_len based on the items of the corpus instead of ↵Kostya Serebryany2016-03-121-2/+4
| | | | | | blindly defaulting to 64 bytes. llvm-svn: 263323
* [libFuzzer] deprecate exit_on_first flagKostya Serebryany2016-03-011-1/+0
| | | | llvm-svn: 262417
* [libFuzzer] add generic signal handlers so that libFuzzer can report at ↵Kostya Serebryany2016-03-011-1/+12
| | | | | | least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. llvm-svn: 262415
OpenPOWER on IntegriCloud