| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
llvm-svn: 282216
|
| |
|
|
|
|
| |
and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen
llvm-svn: 282211
|
| |
|
|
|
|
| |
> MaxSize, fix sha1 in corpus stats; various refactorings
llvm-svn: 282129
|
| |
|
|
| |
llvm-svn: 282121
|
| |
|
|
|
|
| |
unit from the corpus, use the stored one.
llvm-svn: 282115
|
| |
|
|
| |
llvm-svn: 282044
|
| |
|
|
|
|
| |
unused experimental features
llvm-svn: 282042
|
| |
|
|
|
|
| |
libFuzzer
llvm-svn: 281866
|
| |
|
|
| |
llvm-svn: 281810
|
| |
|
|
|
|
| |
trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic)
llvm-svn: 281577
|
| |
|
|
| |
llvm-svn: 281568
|
| |
|
|
| |
llvm-svn: 281435
|
| |
|
|
| |
llvm-svn: 281130
|
| |
|
|
| |
llvm-svn: 281122
|
| |
|
|
| |
llvm-svn: 281016
|
| |
|
|
| |
llvm-svn: 281014
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D24049
llvm-svn: 280153
|
| |
|
|
|
|
| |
useful: print PCs only after the initial corpus has been read and symbolize them
llvm-svn: 279787
|
| |
|
|
| |
llvm-svn: 279697
|
| |
|
|
|
|
| |
and the mutation sequence
llvm-svn: 278975
|
| |
|
|
|
|
| |
affect control flow and treats new values as new coverage.
llvm-svn: 278839
|
| |
|
|
| |
llvm-svn: 278825
|
| |
|
|
| |
llvm-svn: 277941
|
| |
|
|
| |
llvm-svn: 277940
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D23185
llvm-svn: 277859
|
| |
|
|
|
|
|
|
| |
Summary: It also fixes a bug, when first random might not be ascii.
Differential Revision: http://reviews.llvm.org/D21573
llvm-svn: 273611
|
| |
|
|
|
|
| |
un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable
llvm-svn: 272948
|
| |
|
|
| |
llvm-svn: 272116
|
| |
|
|
|
|
| |
the coverage rt (it should now fail with a descriptive message)
llvm-svn: 272090
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes linking problems on OSX.
Unfortunately it turns out we need to use an instance of the
``fuzzer::ExternalFunctions`` object in several places so this
commit also replaces all instances with a single global instance.
It also turns out initializing a global ``fuzzer::ExternalFunctions``
before main is entered (i.e. letting the object be initialised by the
global initializers) is not safe (on OSX the call to ``Printf()`` in the
CTOR crashes if it is called from a global initializer) so we instead
have a global ``fuzzer::ExternalFunctions*`` and initialize it inside
``FuzzerDriver()``.
Multiple unit tests depend also depend on the
``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been
added that initializes it before running any tests.
Differential Revision: http://reviews.llvm.org/D20943
llvm-svn: 272072
|
| |
|
|
|
|
|
|
|
|
| |
Summary:
The option is very useful for testing, plus I intend to measure
its effect on fuzzer effectiveness.
Differential Revision: http://reviews.llvm.org/D21084
llvm-svn: 272035
|
| |
|
|
|
|
|
|
| |
Summary: Refactoring, no functional changes.
Differential Revision: http://reviews.llvm.org/D20975
llvm-svn: 271740
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The motivation for this change is to fix linking issues on OSX.
However this only partially fixes linking issues (the uninstrumented
tests and a few others won't succesfully link yet).
This change introduces a struct of function pointers
(``fuzzer::ExternalFuntions``) which when initialised will point to the
optional functions if they are available. Currently these
``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions.
Two implementations of ``fuzzer::ExternalFunctions`` constructor are
provided one for Linux and one for OSX.
The OSX implementation uses ``dlsym()`` because the prior implementation
using weak symbols does not work unless the additional flags are passed
to the linker.
The Linux implementation continues to use weak symbols because the
``dlsym()`` approach does not work unless additional flags are passed
to the linker.
Differential Revision: http://reviews.llvm.org/D20741
llvm-svn: 271491
|
| |
|
|
|
|
| |
on OOM
llvm-svn: 271465
|
| |
|
|
|
|
| |
caused a push_back in the main corpus invalidating the vector<> iterators in rare cases.
llvm-svn: 271186
|
| |
|
|
| |
llvm-svn: 271095
|
| |
|
|
|
|
| |
the main fuzzing thread, print the message in the getrusage thread and exit.
llvm-svn: 270945
|
| |
|
|
|
|
| |
pointer to read from
llvm-svn: 270942
|
| |
|
|
|
|
| |
on which we currently have a race (when reporting bugs from multiple threads)
llvm-svn: 270929
|
| |
|
|
| |
llvm-svn: 270922
|
| |
|
|
|
|
| |
reproducer properly
llvm-svn: 270905
|
| |
|
|
|
|
| |
function declarations. Add a test for -only_ascii. NFC intended
llvm-svn: 270900
|
| |
|
|
| |
llvm-svn: 270639
|
| |
|
|
|
|
| |
Differential Revision: http://reviews.llvm.org/D20301
llvm-svn: 270632
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX.
Under Mac OSX we intercept calls to malloc before thread local
storage is initialised leading to a crash when accessing
``AllocTracer``. To workaround this ``AllocTracer`` is only accessed
in the hook under Linux. For symmetry ``__sanitizer_free_hook()``
is also modified in the same way.
To support this change a set of new macros
LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be
used to check the target being compiled for.
Differential Revision: http://reviews.llvm.org/D20402
llvm-svn: 270145
|
| |
|
|
| |
llvm-svn: 269497
|
| |
|
|
| |
llvm-svn: 269448
|
| |
|
|
|
|
|
|
|
| |
It is now less state-dependent and will allow easier comparing of
coverages of different units.
Differential Revision: http://reviews.llvm.org/D20085
llvm-svn: 269140
|
| |
|
|
|
|
| |
the OOM reproducer.
llvm-svn: 268821
|
| |
|
|
| |
llvm-svn: 268807
|
