summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerLoop.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] remove a bit of stale codeKostya Serebryany2017-01-261-4/+0
| | | | llvm-svn: 293129
* [libFuzzer] AlrmHandler is executed in a different thread for Windows.Marcos Pividori2017-01-221-0/+3
| | | | | | | | | | | Don't check for InFuzzingThread() on Windows, since the AlarmHandler() is always executed by a different thread from a thread pool. If we don't add these changes, the alarm handler will never execute. Note that we decided to ignore possible problem in the synchronization. Differential Revision: https://reviews.llvm.org/D28723 llvm-svn: 292746
* [libFuzzer] experimental support for 'equivalance fuzzing'Kostya Serebryany2017-01-201-1/+32
| | | | llvm-svn: 292646
* [libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't ↵Kostya Serebryany2017-01-191-1/+1
| | | | | | special case 2-byte inputs llvm-svn: 292511
* [libFuzzer] add two tests for experimenting with equivalence fuzzingKostya Serebryany2017-01-191-0/+3
| | | | llvm-svn: 292509
* [libFuzzer] improve error handling during the merge (handle various IO failures)Kostya Serebryany2017-01-051-0/+5
| | | | llvm-svn: 291182
* [libFuzzer] cleaner implementation of -print_pcs=1Kostya Serebryany2016-12-301-0/+1
| | | | llvm-svn: 290739
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-271-2/+21
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt) llvm-svn: 290637
* [libfuzzer] dump_coverage command line flagMike Aizatsky2016-12-191-0/+2
| | | | | | | | Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138
* Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 ↵Daniel Jasper2016-12-171-21/+2
| | | | | | | | | | | that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" This reverts commit r289998. See comment: https://reviews.llvm.org/rL289998 llvm-svn: 290043
* [libFuzzer] avoid msan false positives in more casesKostya Serebryany2016-12-161-0/+3
| | | | llvm-svn: 289999
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-161-2/+21
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code llvm-svn: 289998
* [libFuzzer] Fix bug in detecting timeouts when input string is empty.Marcos Pividori2016-12-131-1/+3
| | | | | | | | | | | | | | I added a new flag RunningCB to know if the Fuzzer's main thread is running the CB function, instead of using (!CurrentUnitSize). (!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp, inside ShuffleAndMinimize() function, we execute the callback with an empty string (size=0). Previous implementation failed to detect timeouts in that execution. Also, I add a regression test for that case. Differential Revision: https://reviews.llvm.org/D27433 llvm-svn: 289561
* [libFuzzer] Clean up headers and file formatting of LibFuzzer files.Marcos Pividori2016-12-131-1/+0
| | | | | | | | | | | | Reorganize #includes to follow LLVM Coding Standards. Include some missing headers. Required to use `Printf()`. Aside from that, this patch contains no functional change. It is purely a re-organization. Differential Revision: https://reviews.llvm.org/D27363 llvm-svn: 289560
* [libFuzzer] Properly use unsigned for Process ID.Marcos Pividori2016-12-131-4/+4
| | | | | | | | | | Use unsigned for PID instead of signed int. GetCurrentProcessId() returns an unsigned (DWORD) so we must be sure we can deal with all possible values. I use a long unsigned to be sure it can hold a 32 bit unsigned (DWORD). Differential Revision: https://reviews.llvm.org/D27281 llvm-svn: 289558
* [libFuzzer] respect -max_len during mergeKostya Serebryany2016-12-121-1/+2
| | | | llvm-svn: 289467
* [libFuzzer] refactor the code to allow collecting features in different ↵Kostya Serebryany2016-12-051-1/+5
| | | | | | ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( llvm-svn: 288731
* [libFuzzer] treat -rss_limit_mb=0 as no limitKostya Serebryany2016-12-011-1/+1
| | | | llvm-svn: 288389
* [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that ↵Kostya Serebryany2016-11-301-0/+16
| | | | | | exceeds the limit llvm-svn: 288281
* [LibFuzzer] Split up some functions among different headers.Zachary Turner2016-11-301-3/+4
| | | | | | | | | | | | | | | | | | | | | In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
* [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing ↵Kostya Serebryany2016-10-261-6/+3
| | | | | | with -exit_on_src_pos, symbolize every PC only once llvm-svn: 285223
* [libFuzzer] simplify the code in TracePC::HandleTrace a bit moreKostya Serebryany2016-10-261-9/+8
| | | | llvm-svn: 285147
* [libFuzzer] simplify the code to print new PCsKostya Serebryany2016-10-261-14/+2
| | | | llvm-svn: 285145
* [libFuzzer] simplify the code in TracePC::HandleTraceKostya Serebryany2016-10-251-1/+0
| | | | llvm-svn: 285142
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-251-5/+0
| | | | | | available, add a test llvm-svn: 285049
* Fix -Wunused-variable warning in libFuzzerReid Kleckner2016-10-211-1/+1
| | | | llvm-svn: 284838
* [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_itemKostya Serebryany2016-10-181-13/+11
| | | | llvm-svn: 284508
* [libFuzzer] better algorithm for -minimize_crashKostya Serebryany2016-10-151-4/+16
| | | | llvm-svn: 284299
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-2/+14
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] more detailed message for disabled leak detectionKostya Serebryany2016-10-131-2/+4
| | | | llvm-svn: 284169
* [libFuzzer] add -trace_malloc= flagKostya Serebryany2016-10-131-5/+28
| | | | llvm-svn: 284149
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-081-6/+7
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] control the reload interval by a flag, make it 10 seconds by defaultKostya Serebryany2016-10-081-4/+8
| | | | llvm-svn: 283676
* [libFuzzer] be more careful with memory usage, print peak rss in status linesKostya Serebryany2016-10-061-1/+2
| | | | llvm-svn: 283418
* [libFuzzer] when re-running for lsan, don't look at the coverageKostya Serebryany2016-10-051-1/+1
| | | | llvm-svn: 283411
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-051-34/+21
| | | | llvm-svn: 283409
* [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller ↵Kostya Serebryany2016-10-051-2/+16
| | | | | | elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines llvm-svn: 283279
* [libFuzzer] remove dfsan support and some related stale code. This is not ↵Kostya Serebryany2016-10-041-1/+0
| | | | | | being used and as is is pretty weak anyway llvm-svn: 283187
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-011-9/+27
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] remove some experimental codeKostya Serebryany2016-09-301-20/+11
| | | | llvm-svn: 282983
* [libFuzzer] remove unused optionKostya Serebryany2016-09-301-2/+1
| | | | llvm-svn: 282971
* [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still ↵Kostya Serebryany2016-09-301-37/+2
| | | | | | works with the new one (trace-pc-guard) llvm-svn: 282831
* [libFuzzer] more the feature set to InputCorpus; on feature update, change ↵Kostya Serebryany2016-09-301-3/+1
| | | | | | the feature counter of the old best input llvm-svn: 282829
* [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create ↵Kostya Serebryany2016-09-291-1/+2
| | | | | | one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-0/+17
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] simplify HandleTrace again, start re-running interesting units ↵Kostya Serebryany2016-09-231-3/+16
| | | | | | and collecting their features. llvm-svn: 282316
* [libFuzzer] be more precise about what we reset in TracePCKostya Serebryany2016-09-231-3/+5
| | | | llvm-svn: 282225
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-231-13/+12
| | | | llvm-svn: 282224
* [libFuzzer] simplify the TracePC logicKostya Serebryany2016-09-231-2/+4
| | | | llvm-svn: 282222
* [libFuzzer] move value profiling logic into TracePCKostya Serebryany2016-09-231-1/+2
| | | | llvm-svn: 282219
OpenPOWER on IntegriCloud