summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerLoop.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [LibFuzzer]Dan Liew2016-05-191-2/+12
| | | | | | | | | | | | | | | | | | Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX. Under Mac OSX we intercept calls to malloc before thread local storage is initialised leading to a crash when accessing ``AllocTracer``. To workaround this ``AllocTracer`` is only accessed in the hook under Linux. For symmetry ``__sanitizer_free_hook()`` is also modified in the same way. To support this change a set of new macros LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be used to check the target being compiled for. Differential Revision: http://reviews.llvm.org/D20402 llvm-svn: 270145
* [libFuzzer] do the merge faster and a bit less preciseKostya Serebryany2016-05-131-1/+2
| | | | llvm-svn: 269497
* [libFuzzer] simplify FuzzerInterface.hKostya Serebryany2016-05-131-5/+8
| | | | llvm-svn: 269448
* [libfuzzer] Refactoring coverage state-management code.Mike Aizatsky2016-05-101-71/+111
| | | | | | | | | It is now less state-dependent and will allow easier comparing of coverages of different units. Differential Revision: http://reviews.llvm.org/D20085 llvm-svn: 269140
* [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print ↵Kostya Serebryany2016-05-061-9/+21
| | | | | | the OOM reproducer. llvm-svn: 268821
* [libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMsKostya Serebryany2016-05-061-0/+11
| | | | llvm-svn: 268807
* [libFuzzer] disable leak detection if we have tried it for 1000 times w/o ↵Kostya Serebryany2016-04-271-0/+9
| | | | | | finding a leak llvm-svn: 267770
* [libFuzzer] remove dead codeKostya Serebryany2016-04-251-4/+2
| | | | llvm-svn: 267455
* [libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, ↵Kostya Serebryany2016-04-201-1/+74
| | | | | | it will help finding leaks while fuzzing llvm-svn: 266838
* [libFuzzer] try to print correct time in seconds when reporting a timeout. ↵Kostya Serebryany2016-04-181-3/+3
| | | | | | Don't report timeouts while still loading the corpus. llvm-svn: 266693
* [libfuzzer] defensive assertMike Aizatsky2016-04-081-1/+2
| | | | llvm-svn: 265866
* [libFuzzer] don't report memory leaks if we are dying due to a timeout (just ↵Kostya Serebryany2016-03-241-1/+1
| | | | | | use _Exit instead of exit in the timeout callback) llvm-svn: 264237
* [Fuzzer] Guard no_sanitize_memory attributes behind __has_feature.Benjamin Kramer2016-03-181-2/+10
| | | | | | Otherwise GCC fails to build it because it doesn't know the attribute. llvm-svn: 263787
* [libFuzzer] improve -merge functionalityKostya Serebryany2016-03-181-51/+75
| | | | llvm-svn: 263769
* [libFuzzer] deprecate several flagsKostya Serebryany2016-03-171-12/+0
| | | | llvm-svn: 263739
* [libFuzzer] add __attribute__((no_sanitize_memory)) to two functions that ↵Kostya Serebryany2016-03-171-0/+2
| | | | | | may be called from signal handler(s) or from msan. This will hopefully avoid msan false reports which I can't reproduce llvm-svn: 263737
* [libFuzzer] try to use max_len based on the items of the corpus instead of ↵Kostya Serebryany2016-03-121-7/+23
| | | | | | blindly defaulting to 64 bytes. llvm-svn: 263323
* [libFuzzer] when interrupted, call _Exit() instead of exit()Kostya Serebryany2016-03-031-1/+1
| | | | llvm-svn: 262667
* [libFuzzer] deprecate exit_on_first flagKostya Serebryany2016-03-011-2/+0
| | | | llvm-svn: 262417
* [libFuzzer] add generic signal handlers so that libFuzzer can report at ↵Kostya Serebryany2016-03-011-12/+38
| | | | | | least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. llvm-svn: 262415
* [libFuzzer] add -print_final_stats=1 flagKostya Serebryany2016-02-261-3/+14
| | | | llvm-svn: 262084
* [libFuzzer] initial implementation of path coverage based on ↵Kostya Serebryany2016-02-261-0/+8
| | | | | | -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds llvm-svn: 262073
* [libFuzzer] only read MaxLen bytes from every file in the corpus to speedup ↵Kostya Serebryany2016-02-181-3/+3
| | | | | | loading the corpus llvm-svn: 261267
* [libFuzzer] don't timeout when loading the corpus. Be a bit more verbose ↵Kostya Serebryany2016-02-171-0/+2
| | | | | | when loading large corpus. llvm-svn: 261143
* [libFuzzer] remove std::vector operations from hot paths, NFCKostya Serebryany2016-02-131-23/+24
| | | | llvm-svn: 260829
* [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global ↵Kostya Serebryany2016-02-131-0/+5
| | | | | | Fuzzer object for fuzzer::Mutate. This makes custom mutators fast llvm-svn: 260810
* [libFuzzer] get rid of UserSuppliedFuzzer; NFCKostya Serebryany2016-02-131-13/+14
| | | | llvm-svn: 260798
* [libFuzzer] provide a plain C interface for custom mutators (experimental)Kostya Serebryany2016-02-131-1/+10
| | | | llvm-svn: 260794
* [libFuzzer] don't write the test unit when a leak is detected (since we ↵Kostya Serebryany2016-02-041-0/+1
| | | | | | don't know which unit causes the leak) llvm-svn: 259731
* [libFuzzer] add -timeout_exitcode optionKostya Serebryany2016-01-291-1/+1
| | | | llvm-svn: 259265
* [libFuzzer] add -abort_on_timeout optionKostya Serebryany2016-01-231-0/+2
| | | | llvm-svn: 258631
* Use std::piecewise_constant_distribution instead of ad-hoc binary search.Ivan Krasin2016-01-221-35/+45
| | | | | | | | | | | | | | | Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed. Reviewers: aizatsky, kcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D16487 llvm-svn: 258571
* Revert r258473 as it's breaking the build with libc++Ivan Krasin2016-01-221-18/+15
| | | | | | | | Reviewers: kcc Differential Revision: http://reviews.llvm.org/D16441 llvm-svn: 258479
* Use std::piecewise_constant_distribution instead of ad-hoc binary search.Ivan Krasin2016-01-221-15/+18
| | | | | | | | | | | | | | | | | | Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: I had to change the seed for one test to make it pass. Alternatively, the number of runs could be increased. I believe that the average time of 'foo' discovery is not increased, just seed=1 was particularly convenient for the previous PRNG scheme used. Reviewers: aizatsky, kcc Subscribers: llvm-commits, kcc Differential Revision: http://reviews.llvm.org/D16419 llvm-svn: 258473
* [libfuzzer] use %p for printing addressesMike Aizatsky2016-01-211-1/+1
| | | | llvm-svn: 258370
* [libFuzzer] move some code from public interface header to a non-public ↵Kostya Serebryany2016-01-161-1/+1
| | | | | | header. NFC llvm-svn: 257963
* [libFuzzer] suggest a dictionary to the user of some of the trace-based ↵Kostya Serebryany2016-01-141-2/+4
| | | | | | dictionary entries were successful llvm-svn: 257736
* [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra ↵Kostya Serebryany2016-01-131-22/+18
| | | | | | allocations llvm-svn: 257713
* [libFuzzer] make sure we find buffer overflow in the input buffer. ↵Kostya Serebryany2016-01-131-5/+8
| | | | | | Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) llvm-svn: 257701
* [libFuzzer] make sure to update CurrentUnit when drillingKostya Serebryany2016-01-131-1/+4
| | | | llvm-svn: 257560
* [libFuzzer] change the way trace-based mutations are applied. Instead of a ↵Kostya Serebryany2016-01-091-15/+3
| | | | | | custom code just rely on the automatically created dictionary llvm-svn: 257248
* [libfuzzer] print_new_cov_pcs experimental option.Mike Aizatsky2016-01-061-1/+17
| | | | | | Differential Revision: http://reviews.llvm.org/D15901 llvm-svn: 256882
* [libFuzzer] make CrossOver just one of the other mutationsKostya Serebryany2015-12-191-29/+18
| | | | llvm-svn: 256081
* [libFuzzer] print successfull mutations sequencesKostya Serebryany2015-12-191-6/+3
| | | | llvm-svn: 256071
* [libFuzzer] don't reload the corpus more than once every secondKostya Serebryany2015-12-051-1/+6
| | | | llvm-svn: 254824
* [libFuzzer] compute base64 in-process instead of using an external lib. ↵Kostya Serebryany2015-12-041-4/+2
| | | | | | Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 llvm-svn: 254784
* Libfuzzer: do not pass null into user functionMike Aizatsky2015-12-021-1/+5
| | | | | | Differential Revision: http://reviews.llvm.org/D15098 llvm-svn: 254558
* [libFuzzer] add a flag -exact_artifact_pathKostya Serebryany2015-11-251-0/+2
| | | | llvm-svn: 254100
* [libFuzzer] make libFuzzer build even with a compiler that does not have ↵Kostya Serebryany2015-11-131-2/+7
| | | | | | sanitizer headers llvm-svn: 253003
* output_csv libfuzzer optionMike Aizatsky2015-11-121-8/+22
| | | | | | | | | | | Summary: The option outputs statistics in CSV format preceded by 1 header line. This is intended for machine processing of the output. -verbosity=0 should likely be set. Differential Revision: http://reviews.llvm.org/D14600 llvm-svn: 252856
OpenPOWER on IntegriCloud