summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerInternal.h
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Delete llvm/lib/FuzzerVitaly Buka2017-10-161-150/+0
| | | | | | | | | | | | Summary: Code is already in compiler-rt Reviewers: kcc Subscribers: krytarowski, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D38912 llvm-svn: 315937
* [libFuzzer] reimplement experimental_len_control=1: bump the temporary ↵Kostya Serebryany2017-07-221-0/+5
| | | | | | max_len every time we failed to find new coverage during the last 1000 runs and 1 second. Also fix FileToVector to not load unfinished files llvm-svn: 308811
* Generate error reports when a fuzz target exits.Matt Morehouse2017-07-201-0/+2
| | | | | | | | | | | | | | | | | | | | | | Summary: Implements https://github.com/google/sanitizers/issues/835. Flush stdout before exiting in test cases. Since the atexit hook is used for exit reports, pending prints to stdout can be lost if they aren't flushed before calling exit(). Expect tests to have non-zero exit code if exit() is called. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: eraman, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D35602 llvm-svn: 308669
* [libFuzzer] when adding a reduced input print REDUCED instead of NEWKostya Serebryany2017-07-181-1/+1
| | | | llvm-svn: 308336
* [libFuzzer] improve -reduce_inputs=1: now only consider the unique features ↵Kostya Serebryany2017-07-181-1/+1
| | | | | | of very input (seems to work much better) llvm-svn: 308253
* [libFuzzer] simplify the handling of memmem/strstrKostya Serebryany2017-07-141-10/+0
| | | | llvm-svn: 307977
* [libFuzzer] experimental feature -reduce_inputs (off by default) that tries ↵Kostya Serebryany2017-07-131-3/+3
| | | | | | to replace elements in the corpus with smaller ones that have the same feature set. Still needs tuning llvm-svn: 307873
* [libFuzzer] refactoring in preparation for -reduce_inputs; NFC intendedKostya Serebryany2017-07-121-2/+4
| | | | llvm-svn: 307857
* [libFuzzer] make sure the input data is not overwritten in the fuzz target ↵Kostya Serebryany2017-05-091-0/+1
| | | | | | (if it is -- report an error) llvm-svn: 302494
* Remove unnecessary semicolonSanjoy Das2017-04-281-1/+1
| | | | | | This shows up as a -Wpendatic error on GCC. llvm-svn: 301616
* [libFuzzer] add two experimental flags to make corpus merging more scalable: ↵Kostya Serebryany2017-03-221-1/+3
| | | | | | -save_coverage_summary/-load_coverage_summary. This is still WIP, the documentation will come later if these flags survive llvm-svn: 298548
* [libFuzzer] remove even more stale codeKostya Serebryany2017-03-151-2/+0
| | | | llvm-svn: 297797
* [libFuzzer] simplify code a bitKostya Serebryany2017-03-151-1/+0
| | | | llvm-svn: 297796
* [libFuzzer] remove more stale codeKostya Serebryany2017-03-141-2/+0
| | | | llvm-svn: 297785
* [libFuzzer] remove stale codeKostya Serebryany2017-03-141-24/+0
| | | | llvm-svn: 297781
* [libFuzzer] remove usage of the old coverage instrumentationKostya Serebryany2017-02-281-5/+0
| | | | llvm-svn: 296536
* [libFuzzer] remove a bit of stale codeKostya Serebryany2017-01-261-2/+0
| | | | llvm-svn: 293129
* [libFuzzer] experimental support for 'equivalance fuzzing'Kostya Serebryany2017-01-201-0/+1
| | | | llvm-svn: 292646
* [libFuzzer] improve error handling during the merge (handle various IO failures)Kostya Serebryany2017-01-051-0/+1
| | | | llvm-svn: 291182
* [libFuzzer] Fix bug in detecting timeouts when input string is empty.Marcos Pividori2016-12-131-0/+1
| | | | | | | | | | | | | | I added a new flag RunningCB to know if the Fuzzer's main thread is running the CB function, instead of using (!CurrentUnitSize). (!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp, inside ShuffleAndMinimize() function, we execute the callback with an empty string (size=0). Previous implementation failed to detect timeouts in that execution. Also, I add a regression test for that case. Differential Revision: https://reviews.llvm.org/D27433 llvm-svn: 289561
* [libFuzzer] Clean up headers and file formatting of LibFuzzer files.Marcos Pividori2016-12-131-7/+6
| | | | | | | | | | | | Reorganize #includes to follow LLVM Coding Standards. Include some missing headers. Required to use `Printf()`. Aside from that, this patch contains no functional change. It is purely a re-organization. Differential Revision: https://reviews.llvm.org/D27363 llvm-svn: 289560
* [libFuzzer] implement crash-resistant merge ↵Kostya Serebryany2016-12-091-0/+3
| | | | | | (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). llvm-svn: 289166
* [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that ↵Kostya Serebryany2016-11-301-0/+2
| | | | | | exceeds the limit llvm-svn: 288281
* [LibFuzzer] Split up some functions among different headers.Zachary Turner2016-11-301-0/+1
| | | | | | | | | | | | | | | | | | | | | In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
* [libFuzzer] simplify the code to print new PCsKostya Serebryany2016-10-261-2/+0
| | | | llvm-svn: 285145
* [libFuzzer] detect leaks after every run when executing fixed inputs ↵Kostya Serebryany2016-10-181-2/+2
| | | | | | (./fuzzer -runs=1000000 my-file) llvm-svn: 284514
* [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_itemKostya Serebryany2016-10-181-2/+1
| | | | llvm-svn: 284508
* [libFuzzer] better algorithm for -minimize_crashKostya Serebryany2016-10-151-0/+8
| | | | llvm-svn: 284299
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-051-6/+2
| | | | llvm-svn: 283409
* [libFuzzer] remove dfsan support and some related stale code. This is not ↵Kostya Serebryany2016-10-041-1/+0
| | | | | | being used and as is is pretty weak anyway llvm-svn: 283187
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-011-0/+1
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] remove some experimental codeKostya Serebryany2016-09-301-1/+1
| | | | llvm-svn: 282983
* [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still ↵Kostya Serebryany2016-09-301-7/+0
| | | | | | works with the new one (trace-pc-guard) llvm-svn: 282831
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-0/+1
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] simplify HandleTrace again, start re-running interesting units ↵Kostya Serebryany2016-09-231-0/+1
| | | | | | and collecting their features. llvm-svn: 282316
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-231-1/+1
| | | | llvm-svn: 282224
* [libFuzzer] move value profiling logic into TracePCKostya Serebryany2016-09-231-4/+0
| | | | llvm-svn: 282219
* [libFuzzer] change ValueBitMap to remember the number of bits in itKostya Serebryany2016-09-231-3/+1
| | | | llvm-svn: 282216
* [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen ↵Kostya Serebryany2016-09-221-2/+6
| | | | | | and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen llvm-svn: 282211
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-1/+1
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-10/+5
| | | | llvm-svn: 282121
* [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a ↵Kostya Serebryany2016-09-211-13/+2
| | | | | | unit from the corpus, use the stored one. llvm-svn: 282115
* [libFuzzer] fix libc++ buildKostya Serebryany2016-09-211-0/+1
| | | | llvm-svn: 282050
* [libFuzzer] more refactoring; NFCKostya Serebryany2016-09-211-38/+1
| | | | llvm-svn: 282047
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-389/+2
| | | | llvm-svn: 282044
* [libFuzzer] refactoring: move the Corpus into a separate class; delete two ↵Kostya Serebryany2016-09-211-15/+41
| | | | | | unused experimental features llvm-svn: 282042
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-0/+7
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change ↵Kostya Serebryany2016-09-181-3/+6
| | | | | | the guard type to intptr_t; use separate array for 8-bit counters llvm-svn: 281845
* [libFuzzer] properly reset the guards when reseting the coverage. Also try ↵Kostya Serebryany2016-09-171-0/+3
| | | | | | to fix check-fuzzer on the bot llvm-svn: 281814
* [libFuzzer] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-171-3/+20
| | | | llvm-svn: 281810
OpenPOWER on IntegriCloud