summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerLoop.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Delete llvm/lib/FuzzerVitaly Buka2017-10-161-722/+0
| | | | | | | | | | | | Summary: Code is already in compiler-rt Reviewers: kcc Subscribers: krytarowski, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D38912 llvm-svn: 315937
* [libFuzzer] try to use less RAM while processing the initial corpusKostya Serebryany2017-08-141-1/+2
| | | | llvm-svn: 310881
* [libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) ↵Kostya Serebryany2017-08-041-6/+5
| | | | | | to implement -exit_on_src_pos llvm-svn: 310151
* [libFuzzer] print PCs using the in-binary PC-table instead of relying on PCs ↵Kostya Serebryany2017-08-041-3/+2
| | | | | | captured at run-time llvm-svn: 310148
* [libFuzzer] reimplement experimental_len_control=1: bump the temporary ↵Kostya Serebryany2017-07-221-19/+26
| | | | | | max_len every time we failed to find new coverage during the last 1000 runs and 1 second. Also fix FileToVector to not load unfinished files llvm-svn: 308811
* Generate error reports when a fuzz target exits.Matt Morehouse2017-07-201-0/+18
| | | | | | | | | | | | | | | | | | | | | | Summary: Implements https://github.com/google/sanitizers/issues/835. Flush stdout before exiting in test cases. Since the atexit hook is used for exit reports, pending prints to stdout can be lost if they aren't flushed before calling exit(). Expect tests to have non-zero exit code if exit() is called. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: eraman, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D35602 llvm-svn: 308669
* [libFuzzer] make sure CheckExitOnSrcPosOrItem is called after the new input ↵Kostya Serebryany2017-07-201-3/+5
| | | | | | is saved to the corpus llvm-svn: 308653
* [libFuzzer] prototype implementation of recursion-depth coverage features ↵Kostya Serebryany2017-07-201-0/+1
| | | | | | (commented out; real implementation needs to use inlined instrumentation) llvm-svn: 308577
* [libFuzzer] when adding a reduced input print REDUCED instead of NEWKostya Serebryany2017-07-181-3/+4
| | | | llvm-svn: 308336
* [libFuzzer] improve -reduce_inputs=1: now only consider the unique features ↵Kostya Serebryany2017-07-181-6/+13
| | | | | | of very input (seems to work much better) llvm-svn: 308253
* [libFuzzer] simplify the handling of memmem/strstrKostya Serebryany2017-07-141-4/+0
| | | | llvm-svn: 307977
* [libFuzzer] experimental feature -reduce_inputs (off by default) that tries ↵Kostya Serebryany2017-07-131-4/+11
| | | | | | to replace elements in the corpus with smaller ones that have the same feature set. Still needs tuning llvm-svn: 307873
* [libFuzzer] remove include <sanitizer/coverage_interface.h>, not needed any ↵Kostya Serebryany2017-07-121-3/+0
| | | | | | more llvm-svn: 307858
* [libFuzzer] refactoring in preparation for -reduce_inputs; NFC intendedKostya Serebryany2017-07-121-27/+29
| | | | llvm-svn: 307857
* [libFuzzer] change the default max_len from 64 to 4096. This will affect ↵Kostya Serebryany2017-06-151-1/+3
| | | | | | cases where libFuzzer is run w/o initial corpus or with a corpus of very small items. llvm-svn: 305521
* Sort the remaining #include lines in include/... and lib/....Chandler Carruth2017-06-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | I did this a long time ago with a janky python script, but now clang-format has built-in support for this. I fed clang-format every line with a #include and let it re-sort things according to the precise LLVM rules for include ordering baked into clang-format these days. I've reverted a number of files where the results of sorting includes isn't healthy. Either places where we have legacy code relying on particular include ordering (where possible, I'll fix these separately) or where we have particular formatting around #include lines that I didn't want to disturb in this patch. This patch is *entirely* mechanical. If you get merge conflicts or anything, just ignore the changes in this patch and run clang-format over your #include lines in the files. Sorry for any noise here, but it is important to keep these things stable. I was seeing an increasing number of patches with irrelevant re-ordering of #include lines because clang-format was used. This patch at least isolates that churn, makes it easy to skip when resolving conflicts, and gets us to a clean baseline (again). llvm-svn: 304787
* [libFuzzer] make sure the input data is not overwritten in the fuzz target ↵Kostya Serebryany2017-05-091-0/+20
| | | | | | (if it is -- report an error) llvm-svn: 302494
* [libFuzzer] exit without running atexit handlers in libfuzzer's crash handlerVitaly Buka2017-05-031-1/+1
| | | | | | | | | | | | | | | Summary: It's not safe to assume that atexit handlers can be run once the app crashed. Patch by Jochen Eisinger. Reviewers: kcc, vitalybuka Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D32640 llvm-svn: 302076
* [libFuzzer] remove -output_csv option. It duplicates the default output and ↵Kostya Serebryany2017-04-191-11/+0
| | | | | | got out of sync llvm-svn: 300768
* [libFuzzer] simplify the code a bitKostya Serebryany2017-03-311-6/+6
| | | | llvm-svn: 299180
* [libFuzzer] call __sanitizer_print_memory_profile with two paramsKostya Serebryany2017-03-151-1/+1
| | | | llvm-svn: 297916
* [libFuzzer] remove even more stale codeKostya Serebryany2017-03-151-16/+0
| | | | llvm-svn: 297797
* [libFuzzer] simplify code a bitKostya Serebryany2017-03-151-19/+2
| | | | llvm-svn: 297796
* [libFuzzer] remove more stale codeKostya Serebryany2017-03-141-70/+0
| | | | llvm-svn: 297785
* [libFuzzer] remove stale codeKostya Serebryany2017-03-141-17/+3
| | | | llvm-svn: 297781
* [libFuzzer] remove usage of the old coverage instrumentationKostya Serebryany2017-02-281-59/+0
| | | | llvm-svn: 296536
* [libFuzzer] replace std::random_shuffle with std::shuffle as ↵Kostya Serebryany2017-02-071-1/+1
| | | | | | std::random_shuffle is being deprecated in C++17. Also simplify fuzzer::Random. NFC llvm-svn: 294366
* [libFuzzer] remove a bit of stale codeKostya Serebryany2017-01-261-4/+0
| | | | llvm-svn: 293129
* [libFuzzer] AlrmHandler is executed in a different thread for Windows.Marcos Pividori2017-01-221-0/+3
| | | | | | | | | | | Don't check for InFuzzingThread() on Windows, since the AlarmHandler() is always executed by a different thread from a thread pool. If we don't add these changes, the alarm handler will never execute. Note that we decided to ignore possible problem in the synchronization. Differential Revision: https://reviews.llvm.org/D28723 llvm-svn: 292746
* [libFuzzer] experimental support for 'equivalance fuzzing'Kostya Serebryany2017-01-201-1/+32
| | | | llvm-svn: 292646
* [libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't ↵Kostya Serebryany2017-01-191-1/+1
| | | | | | special case 2-byte inputs llvm-svn: 292511
* [libFuzzer] add two tests for experimenting with equivalence fuzzingKostya Serebryany2017-01-191-0/+3
| | | | llvm-svn: 292509
* [libFuzzer] improve error handling during the merge (handle various IO failures)Kostya Serebryany2017-01-051-0/+5
| | | | llvm-svn: 291182
* [libFuzzer] cleaner implementation of -print_pcs=1Kostya Serebryany2016-12-301-0/+1
| | | | llvm-svn: 290739
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-271-2/+21
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt) llvm-svn: 290637
* [libfuzzer] dump_coverage command line flagMike Aizatsky2016-12-191-0/+2
| | | | | | | | Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138
* Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 ↵Daniel Jasper2016-12-171-21/+2
| | | | | | | | | | | that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" This reverts commit r289998. See comment: https://reviews.llvm.org/rL289998 llvm-svn: 290043
* [libFuzzer] avoid msan false positives in more casesKostya Serebryany2016-12-161-0/+3
| | | | llvm-svn: 289999
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-161-2/+21
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code llvm-svn: 289998
* [libFuzzer] Fix bug in detecting timeouts when input string is empty.Marcos Pividori2016-12-131-1/+3
| | | | | | | | | | | | | | I added a new flag RunningCB to know if the Fuzzer's main thread is running the CB function, instead of using (!CurrentUnitSize). (!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp, inside ShuffleAndMinimize() function, we execute the callback with an empty string (size=0). Previous implementation failed to detect timeouts in that execution. Also, I add a regression test for that case. Differential Revision: https://reviews.llvm.org/D27433 llvm-svn: 289561
* [libFuzzer] Clean up headers and file formatting of LibFuzzer files.Marcos Pividori2016-12-131-1/+0
| | | | | | | | | | | | Reorganize #includes to follow LLVM Coding Standards. Include some missing headers. Required to use `Printf()`. Aside from that, this patch contains no functional change. It is purely a re-organization. Differential Revision: https://reviews.llvm.org/D27363 llvm-svn: 289560
* [libFuzzer] Properly use unsigned for Process ID.Marcos Pividori2016-12-131-4/+4
| | | | | | | | | | Use unsigned for PID instead of signed int. GetCurrentProcessId() returns an unsigned (DWORD) so we must be sure we can deal with all possible values. I use a long unsigned to be sure it can hold a 32 bit unsigned (DWORD). Differential Revision: https://reviews.llvm.org/D27281 llvm-svn: 289558
* [libFuzzer] respect -max_len during mergeKostya Serebryany2016-12-121-1/+2
| | | | llvm-svn: 289467
* [libFuzzer] refactor the code to allow collecting features in different ↵Kostya Serebryany2016-12-051-1/+5
| | | | | | ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( llvm-svn: 288731
* [libFuzzer] treat -rss_limit_mb=0 as no limitKostya Serebryany2016-12-011-1/+1
| | | | llvm-svn: 288389
* [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that ↵Kostya Serebryany2016-11-301-0/+16
| | | | | | exceeds the limit llvm-svn: 288281
* [LibFuzzer] Split up some functions among different headers.Zachary Turner2016-11-301-3/+4
| | | | | | | | | | | | | | | | | | | | | In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
* [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing ↵Kostya Serebryany2016-10-261-6/+3
| | | | | | with -exit_on_src_pos, symbolize every PC only once llvm-svn: 285223
* [libFuzzer] simplify the code in TracePC::HandleTrace a bit moreKostya Serebryany2016-10-261-9/+8
| | | | llvm-svn: 285147
* [libFuzzer] simplify the code to print new PCsKostya Serebryany2016-10-261-14/+2
| | | | llvm-svn: 285145
OpenPOWER on IntegriCloud