summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerLoop.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still ↵Kostya Serebryany2016-09-301-37/+2
| | | | | | works with the new one (trace-pc-guard) llvm-svn: 282831
* [libFuzzer] more the feature set to InputCorpus; on feature update, change ↵Kostya Serebryany2016-09-301-3/+1
| | | | | | the feature counter of the old best input llvm-svn: 282829
* [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create ↵Kostya Serebryany2016-09-291-1/+2
| | | | | | one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-0/+17
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] simplify HandleTrace again, start re-running interesting units ↵Kostya Serebryany2016-09-231-3/+16
| | | | | | and collecting their features. llvm-svn: 282316
* [libFuzzer] be more precise about what we reset in TracePCKostya Serebryany2016-09-231-3/+5
| | | | llvm-svn: 282225
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-231-13/+12
| | | | llvm-svn: 282224
* [libFuzzer] simplify the TracePC logicKostya Serebryany2016-09-231-2/+4
| | | | llvm-svn: 282222
* [libFuzzer] move value profiling logic into TracePCKostya Serebryany2016-09-231-1/+2
| | | | llvm-svn: 282219
* [libFuzzer] change ValueBitMap to remember the number of bits in itKostya Serebryany2016-09-231-10/+11
| | | | llvm-svn: 282216
* [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen ↵Kostya Serebryany2016-09-221-18/+25
| | | | | | and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen llvm-svn: 282211
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-15/+22
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-23/+17
| | | | llvm-svn: 282121
* [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a ↵Kostya Serebryany2016-09-211-27/+4
| | | | | | unit from the corpus, use the stored one. llvm-svn: 282115
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-0/+4
| | | | llvm-svn: 282044
* [libFuzzer] refactoring: move the Corpus into a separate class; delete two ↵Kostya Serebryany2016-09-211-113/+21
| | | | | | unused experimental features llvm-svn: 282042
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-9/+4
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-171-0/+3
| | | | llvm-svn: 281810
* [libFuzzer] implement print_pcs with trace-pc-guard. Change the ↵Kostya Serebryany2016-09-151-10/+20
| | | | | | trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) llvm-svn: 281577
* [libFuzzer] add 8-bit counters to trace-pc-guard handlerKostya Serebryany2016-09-151-1/+6
| | | | llvm-svn: 281568
* [libFuzzer] start using trace-pc-guard as an alternative source of coverageKostya Serebryany2016-09-141-12/+4
| | | | llvm-svn: 281435
* [libFuzzer] print a failed-merge warning only in the merge modeKostya Serebryany2016-09-101-0/+1
| | | | llvm-svn: 281130
* [libFuzzer] print a visible message if merge fails due to a crash Kostya Serebryany2016-09-101-0/+16
| | | | llvm-svn: 281122
* [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itselfKostya Serebryany2016-09-091-5/+17
| | | | llvm-svn: 281016
* [libFuzzer] remove unneeded callKostya Serebryany2016-09-091-8/+0
| | | | llvm-svn: 281014
* [libfuzzer] simplified unit truncation; do not write trunc items to discMike Aizatsky2016-08-301-29/+11
| | | | | | Differential Revision: https://reviews.llvm.org/D24049 llvm-svn: 280153
* [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more ↵Kostya Serebryany2016-08-251-7/+17
| | | | | | useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787
* [libFuzzer] simplify the code, NFCKostya Serebryany2016-08-251-87/+72
| | | | llvm-svn: 279697
* [libFuzzer] when printing the reproducer input, also print the base input ↵Kostya Serebryany2016-08-171-0/+3
| | | | | | and the mutation sequence llvm-svn: 278975
* [libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany2016-08-161-2/+11
| | | | | | affect control flow and treats new values as new coverage. llvm-svn: 278839
* [libFuzzer] refactoring around PCMap, NFCKostya Serebryany2016-08-161-8/+7
| | | | llvm-svn: 278825
* [libFuzzer] make libFuzzer work with a bit older clang versionsKostya Serebryany2016-08-061-8/+10
| | | | llvm-svn: 277941
* [libFuzzer] don't print bogus error messageKostya Serebryany2016-08-061-2/+3
| | | | llvm-svn: 277940
* [sanitizers] trace buffer API to use user-allocated buffer.Mike Aizatsky2016-08-051-23/+44
| | | | | | Differential Revision: https://reviews.llvm.org/D23185 llvm-svn: 277859
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-231-7/+3
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [libFuzzer] use the new chainable malloc hooks instead of the old ↵Kostya Serebryany2016-06-161-32/+24
| | | | | | un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable llvm-svn: 272948
* [libFuzzer] add 'weak' back to __sanitizer_malloc_hook and __sanitizer_free_hookKostya Serebryany2016-06-081-0/+2
| | | | llvm-svn: 272116
* [libFuzzer] add a test that is built w/o coverage instrumentation but has ↵Kostya Serebryany2016-06-081-0/+5
| | | | | | the coverage rt (it should now fail with a descriptive message) llvm-svn: 272090
* [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew2016-06-071-50/+28
| | | | | | | | | | | | | | | | | | | | | | | This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
* [libfuzzer] prune_corpus option for disabling pruning during the load.Mike Aizatsky2016-06-071-1/+2
| | | | | | | | | | Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035
* [libfuzzer] hiding custom mutator handling in MutationDispatcher.Mike Aizatsky2016-06-031-6/+2
| | | | | | | | Summary: Refactoring, no functional changes. Differential Revision: http://reviews.llvm.org/D20975 llvm-svn: 271740
* [LibFuzzer] Reimplement how the optional user functions are called.Dan Liew2016-06-021-6/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491
* [libFuzzer] use __sanitizer_print_memory_profile to print the memory profile ↵Kostya Serebryany2016-06-021-1/+4
| | | | | | on OOM llvm-svn: 271465
* [libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL ↵Kostya Serebryany2016-05-291-1/+1
| | | | | | caused a push_back in the main corpus invalidating the vector<> iterators in rare cases. llvm-svn: 271186
* [libFuzzer] fix a failure that occurs when running individual inputsKostya Serebryany2016-05-281-0/+1
| | | | llvm-svn: 271095
* [libFuzzer] make OOM-handling more portable. Instead of sending a signal to ↵Kostya Serebryany2016-05-271-43/+19
| | | | | | the main fuzzing thread, print the message in the getrusage thread and exit. llvm-svn: 270945
* [libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid ↵Kostya Serebryany2016-05-271-12/+20
| | | | | | pointer to read from llvm-svn: 270942
* [libFuzzer] more refactoring around CurrentUnit. Also add a threading test ↵Kostya Serebryany2016-05-261-18/+34
| | | | | | on which we currently have a race (when reporting bugs from multiple threads) llvm-svn: 270929
* [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFCKostya Serebryany2016-05-261-0/+3
| | | | llvm-svn: 270922
* [libFuzzer] when there is a leak in the existing corpus report the ↵Kostya Serebryany2016-05-261-20/+9
| | | | | | reproducer properly llvm-svn: 270905
OpenPOWER on IntegriCloud