summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerLoop.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing ↵Kostya Serebryany2016-10-261-6/+3
| | | | | | with -exit_on_src_pos, symbolize every PC only once llvm-svn: 285223
* [libFuzzer] simplify the code in TracePC::HandleTrace a bit moreKostya Serebryany2016-10-261-9/+8
| | | | llvm-svn: 285147
* [libFuzzer] simplify the code to print new PCsKostya Serebryany2016-10-261-14/+2
| | | | llvm-svn: 285145
* [libFuzzer] simplify the code in TracePC::HandleTraceKostya Serebryany2016-10-251-1/+0
| | | | llvm-svn: 285142
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-251-5/+0
| | | | | | available, add a test llvm-svn: 285049
* Fix -Wunused-variable warning in libFuzzerReid Kleckner2016-10-211-1/+1
| | | | llvm-svn: 284838
* [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_itemKostya Serebryany2016-10-181-13/+11
| | | | llvm-svn: 284508
* [libFuzzer] better algorithm for -minimize_crashKostya Serebryany2016-10-151-4/+16
| | | | llvm-svn: 284299
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-2/+14
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] more detailed message for disabled leak detectionKostya Serebryany2016-10-131-2/+4
| | | | llvm-svn: 284169
* [libFuzzer] add -trace_malloc= flagKostya Serebryany2016-10-131-5/+28
| | | | llvm-svn: 284149
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-081-6/+7
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] control the reload interval by a flag, make it 10 seconds by defaultKostya Serebryany2016-10-081-4/+8
| | | | llvm-svn: 283676
* [libFuzzer] be more careful with memory usage, print peak rss in status linesKostya Serebryany2016-10-061-1/+2
| | | | llvm-svn: 283418
* [libFuzzer] when re-running for lsan, don't look at the coverageKostya Serebryany2016-10-051-1/+1
| | | | llvm-svn: 283411
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-051-34/+21
| | | | llvm-svn: 283409
* [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller ↵Kostya Serebryany2016-10-051-2/+16
| | | | | | elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines llvm-svn: 283279
* [libFuzzer] remove dfsan support and some related stale code. This is not ↵Kostya Serebryany2016-10-041-1/+0
| | | | | | being used and as is is pretty weak anyway llvm-svn: 283187
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-011-9/+27
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] remove some experimental codeKostya Serebryany2016-09-301-20/+11
| | | | llvm-svn: 282983
* [libFuzzer] remove unused optionKostya Serebryany2016-09-301-2/+1
| | | | llvm-svn: 282971
* [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still ↵Kostya Serebryany2016-09-301-37/+2
| | | | | | works with the new one (trace-pc-guard) llvm-svn: 282831
* [libFuzzer] more the feature set to InputCorpus; on feature update, change ↵Kostya Serebryany2016-09-301-3/+1
| | | | | | the feature counter of the old best input llvm-svn: 282829
* [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create ↵Kostya Serebryany2016-09-291-1/+2
| | | | | | one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-0/+17
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] simplify HandleTrace again, start re-running interesting units ↵Kostya Serebryany2016-09-231-3/+16
| | | | | | and collecting their features. llvm-svn: 282316
* [libFuzzer] be more precise about what we reset in TracePCKostya Serebryany2016-09-231-3/+5
| | | | llvm-svn: 282225
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-231-13/+12
| | | | llvm-svn: 282224
* [libFuzzer] simplify the TracePC logicKostya Serebryany2016-09-231-2/+4
| | | | llvm-svn: 282222
* [libFuzzer] move value profiling logic into TracePCKostya Serebryany2016-09-231-1/+2
| | | | llvm-svn: 282219
* [libFuzzer] change ValueBitMap to remember the number of bits in itKostya Serebryany2016-09-231-10/+11
| | | | llvm-svn: 282216
* [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen ↵Kostya Serebryany2016-09-221-18/+25
| | | | | | and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen llvm-svn: 282211
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-15/+22
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-23/+17
| | | | llvm-svn: 282121
* [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a ↵Kostya Serebryany2016-09-211-27/+4
| | | | | | unit from the corpus, use the stored one. llvm-svn: 282115
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-0/+4
| | | | llvm-svn: 282044
* [libFuzzer] refactoring: move the Corpus into a separate class; delete two ↵Kostya Serebryany2016-09-211-113/+21
| | | | | | unused experimental features llvm-svn: 282042
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-9/+4
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-171-0/+3
| | | | llvm-svn: 281810
* [libFuzzer] implement print_pcs with trace-pc-guard. Change the ↵Kostya Serebryany2016-09-151-10/+20
| | | | | | trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) llvm-svn: 281577
* [libFuzzer] add 8-bit counters to trace-pc-guard handlerKostya Serebryany2016-09-151-1/+6
| | | | llvm-svn: 281568
* [libFuzzer] start using trace-pc-guard as an alternative source of coverageKostya Serebryany2016-09-141-12/+4
| | | | llvm-svn: 281435
* [libFuzzer] print a failed-merge warning only in the merge modeKostya Serebryany2016-09-101-0/+1
| | | | llvm-svn: 281130
* [libFuzzer] print a visible message if merge fails due to a crash Kostya Serebryany2016-09-101-0/+16
| | | | llvm-svn: 281122
* [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itselfKostya Serebryany2016-09-091-5/+17
| | | | llvm-svn: 281016
* [libFuzzer] remove unneeded callKostya Serebryany2016-09-091-8/+0
| | | | llvm-svn: 281014
* [libfuzzer] simplified unit truncation; do not write trunc items to discMike Aizatsky2016-08-301-29/+11
| | | | | | Differential Revision: https://reviews.llvm.org/D24049 llvm-svn: 280153
* [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more ↵Kostya Serebryany2016-08-251-7/+17
| | | | | | useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787
* [libFuzzer] simplify the code, NFCKostya Serebryany2016-08-251-87/+72
| | | | llvm-svn: 279697
* [libFuzzer] when printing the reproducer input, also print the base input ↵Kostya Serebryany2016-08-171-0/+3
| | | | | | and the mutation sequence llvm-svn: 278975
OpenPOWER on IntegriCloud