summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerLoop.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [LibFuzzer] Reimplement how the optional user functions are called.Dan Liew2016-06-021-6/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491
* [libFuzzer] use __sanitizer_print_memory_profile to print the memory profile ↵Kostya Serebryany2016-06-021-1/+4
| | | | | | on OOM llvm-svn: 271465
* [libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL ↵Kostya Serebryany2016-05-291-1/+1
| | | | | | caused a push_back in the main corpus invalidating the vector<> iterators in rare cases. llvm-svn: 271186
* [libFuzzer] fix a failure that occurs when running individual inputsKostya Serebryany2016-05-281-0/+1
| | | | llvm-svn: 271095
* [libFuzzer] make OOM-handling more portable. Instead of sending a signal to ↵Kostya Serebryany2016-05-271-43/+19
| | | | | | the main fuzzing thread, print the message in the getrusage thread and exit. llvm-svn: 270945
* [libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid ↵Kostya Serebryany2016-05-271-12/+20
| | | | | | pointer to read from llvm-svn: 270942
* [libFuzzer] more refactoring around CurrentUnit. Also add a threading test ↵Kostya Serebryany2016-05-261-18/+34
| | | | | | on which we currently have a race (when reporting bugs from multiple threads) llvm-svn: 270929
* [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFCKostya Serebryany2016-05-261-0/+3
| | | | llvm-svn: 270922
* [libFuzzer] when there is a leak in the existing corpus report the ↵Kostya Serebryany2016-05-261-20/+9
| | | | | | reproducer properly llvm-svn: 270905
* [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in ↵Kostya Serebryany2016-05-261-5/+6
| | | | | | function declarations. Add a test for -only_ascii. NFC intended llvm-svn: 270900
* [libFuzzer] print stats if we crash on empty inputKostya Serebryany2016-05-251-3/+4
| | | | llvm-svn: 270639
* [libfuzzer] Trying random unit prefixes during corpus load.Mike Aizatsky2016-05-241-0/+43
| | | | | | Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632
* [LibFuzzer]Dan Liew2016-05-191-2/+12
| | | | | | | | | | | | | | | | | | Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX. Under Mac OSX we intercept calls to malloc before thread local storage is initialised leading to a crash when accessing ``AllocTracer``. To workaround this ``AllocTracer`` is only accessed in the hook under Linux. For symmetry ``__sanitizer_free_hook()`` is also modified in the same way. To support this change a set of new macros LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be used to check the target being compiled for. Differential Revision: http://reviews.llvm.org/D20402 llvm-svn: 270145
* [libFuzzer] do the merge faster and a bit less preciseKostya Serebryany2016-05-131-1/+2
| | | | llvm-svn: 269497
* [libFuzzer] simplify FuzzerInterface.hKostya Serebryany2016-05-131-5/+8
| | | | llvm-svn: 269448
* [libfuzzer] Refactoring coverage state-management code.Mike Aizatsky2016-05-101-71/+111
| | | | | | | | | It is now less state-dependent and will allow easier comparing of coverages of different units. Differential Revision: http://reviews.llvm.org/D20085 llvm-svn: 269140
* [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print ↵Kostya Serebryany2016-05-061-9/+21
| | | | | | the OOM reproducer. llvm-svn: 268821
* [libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMsKostya Serebryany2016-05-061-0/+11
| | | | llvm-svn: 268807
* [libFuzzer] disable leak detection if we have tried it for 1000 times w/o ↵Kostya Serebryany2016-04-271-0/+9
| | | | | | finding a leak llvm-svn: 267770
* [libFuzzer] remove dead codeKostya Serebryany2016-04-251-4/+2
| | | | llvm-svn: 267455
* [libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, ↵Kostya Serebryany2016-04-201-1/+74
| | | | | | it will help finding leaks while fuzzing llvm-svn: 266838
* [libFuzzer] try to print correct time in seconds when reporting a timeout. ↵Kostya Serebryany2016-04-181-3/+3
| | | | | | Don't report timeouts while still loading the corpus. llvm-svn: 266693
* [libfuzzer] defensive assertMike Aizatsky2016-04-081-1/+2
| | | | llvm-svn: 265866
* [libFuzzer] don't report memory leaks if we are dying due to a timeout (just ↵Kostya Serebryany2016-03-241-1/+1
| | | | | | use _Exit instead of exit in the timeout callback) llvm-svn: 264237
* [Fuzzer] Guard no_sanitize_memory attributes behind __has_feature.Benjamin Kramer2016-03-181-2/+10
| | | | | | Otherwise GCC fails to build it because it doesn't know the attribute. llvm-svn: 263787
* [libFuzzer] improve -merge functionalityKostya Serebryany2016-03-181-51/+75
| | | | llvm-svn: 263769
* [libFuzzer] deprecate several flagsKostya Serebryany2016-03-171-12/+0
| | | | llvm-svn: 263739
* [libFuzzer] add __attribute__((no_sanitize_memory)) to two functions that ↵Kostya Serebryany2016-03-171-0/+2
| | | | | | may be called from signal handler(s) or from msan. This will hopefully avoid msan false reports which I can't reproduce llvm-svn: 263737
* [libFuzzer] try to use max_len based on the items of the corpus instead of ↵Kostya Serebryany2016-03-121-7/+23
| | | | | | blindly defaulting to 64 bytes. llvm-svn: 263323
* [libFuzzer] when interrupted, call _Exit() instead of exit()Kostya Serebryany2016-03-031-1/+1
| | | | llvm-svn: 262667
* [libFuzzer] deprecate exit_on_first flagKostya Serebryany2016-03-011-2/+0
| | | | llvm-svn: 262417
* [libFuzzer] add generic signal handlers so that libFuzzer can report at ↵Kostya Serebryany2016-03-011-12/+38
| | | | | | least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. llvm-svn: 262415
* [libFuzzer] add -print_final_stats=1 flagKostya Serebryany2016-02-261-3/+14
| | | | llvm-svn: 262084
* [libFuzzer] initial implementation of path coverage based on ↵Kostya Serebryany2016-02-261-0/+8
| | | | | | -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds llvm-svn: 262073
* [libFuzzer] only read MaxLen bytes from every file in the corpus to speedup ↵Kostya Serebryany2016-02-181-3/+3
| | | | | | loading the corpus llvm-svn: 261267
* [libFuzzer] don't timeout when loading the corpus. Be a bit more verbose ↵Kostya Serebryany2016-02-171-0/+2
| | | | | | when loading large corpus. llvm-svn: 261143
* [libFuzzer] remove std::vector operations from hot paths, NFCKostya Serebryany2016-02-131-23/+24
| | | | llvm-svn: 260829
* [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global ↵Kostya Serebryany2016-02-131-0/+5
| | | | | | Fuzzer object for fuzzer::Mutate. This makes custom mutators fast llvm-svn: 260810
* [libFuzzer] get rid of UserSuppliedFuzzer; NFCKostya Serebryany2016-02-131-13/+14
| | | | llvm-svn: 260798
* [libFuzzer] provide a plain C interface for custom mutators (experimental)Kostya Serebryany2016-02-131-1/+10
| | | | llvm-svn: 260794
* [libFuzzer] don't write the test unit when a leak is detected (since we ↵Kostya Serebryany2016-02-041-0/+1
| | | | | | don't know which unit causes the leak) llvm-svn: 259731
* [libFuzzer] add -timeout_exitcode optionKostya Serebryany2016-01-291-1/+1
| | | | llvm-svn: 259265
* [libFuzzer] add -abort_on_timeout optionKostya Serebryany2016-01-231-0/+2
| | | | llvm-svn: 258631
* Use std::piecewise_constant_distribution instead of ad-hoc binary search.Ivan Krasin2016-01-221-35/+45
| | | | | | | | | | | | | | | Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed. Reviewers: aizatsky, kcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D16487 llvm-svn: 258571
* Revert r258473 as it's breaking the build with libc++Ivan Krasin2016-01-221-18/+15
| | | | | | | | Reviewers: kcc Differential Revision: http://reviews.llvm.org/D16441 llvm-svn: 258479
* Use std::piecewise_constant_distribution instead of ad-hoc binary search.Ivan Krasin2016-01-221-15/+18
| | | | | | | | | | | | | | | | | | Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: I had to change the seed for one test to make it pass. Alternatively, the number of runs could be increased. I believe that the average time of 'foo' discovery is not increased, just seed=1 was particularly convenient for the previous PRNG scheme used. Reviewers: aizatsky, kcc Subscribers: llvm-commits, kcc Differential Revision: http://reviews.llvm.org/D16419 llvm-svn: 258473
* [libfuzzer] use %p for printing addressesMike Aizatsky2016-01-211-1/+1
| | | | llvm-svn: 258370
* [libFuzzer] move some code from public interface header to a non-public ↵Kostya Serebryany2016-01-161-1/+1
| | | | | | header. NFC llvm-svn: 257963
* [libFuzzer] suggest a dictionary to the user of some of the trace-based ↵Kostya Serebryany2016-01-141-2/+4
| | | | | | dictionary entries were successful llvm-svn: 257736
* [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra ↵Kostya Serebryany2016-01-131-22/+18
| | | | | | allocations llvm-svn: 257713
OpenPOWER on IntegriCloud