summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerMutate.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the ↵Kostya Serebryany2016-10-251-11/+3
| | | | | | desired bytes. Add another test for use_cmp llvm-svn: 285109
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-251-18/+92
| | | | | | available, add a test llvm-svn: 285049
* [libFuzzer] mutation: insert the size of the input in bytes as one of the ↵Kostya Serebryany2016-10-221-9/+15
| | | | | | ways to mutate a binary integer llvm-svn: 284909
* [libFuzzer] swap bytes in integers when handling CMP tracesKostya Serebryany2016-10-151-5/+0
| | | | llvm-svn: 284301
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-3/+12
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-5/+12
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-1/+0
| | | | llvm-svn: 282121
* [libFuzzer] more refactoring; NFCKostya Serebryany2016-09-211-1/+5
| | | | llvm-svn: 282047
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-1/+5
| | | | llvm-svn: 282044
* [libFuzzer] fix the non-debug build warningsKostya Serebryany2016-08-191-1/+2
| | | | llvm-svn: 279321
* [libFuzzer] given 0 and 255 more preference when inserting repeated bytesKostya Serebryany2016-08-171-1/+2
| | | | llvm-svn: 278986
* [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage ↵Kostya Serebryany2016-08-171-1/+38
| | | | | | from r278970 llvm-svn: 278982
* Replace a few more "fall through" comments with LLVM_FALLTHROUGHJustin Bogner2016-08-171-1/+1
| | | | | | Follow up to r278902. I had missed "fall through", with a space. llvm-svn: 278970
* [libFuzzer] more mutationsKostya Serebryany2016-08-171-18/+69
| | | | llvm-svn: 278950
* [libFuzzer] add InsertRepeatedBytes and EraseBytes.Kostya Serebryany2016-08-151-7/+29
| | | | | | | | | | | | | New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-151-3/+2
| | | | llvm-svn: 275648
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-231-1/+7
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew2016-06-071-4/+4
| | | | | | | | | | | | | | | | | | | | | | | This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
* [libfuzzer] custom crossover interface function.Mike Aizatsky2016-06-071-0/+23
| | | | | | Differential Revision: http://reviews.llvm.org/D21089 llvm-svn: 272054
* [libfuzzer] hiding custom mutator handling in MutationDispatcher.Mike Aizatsky2016-06-031-19/+42
| | | | | | | | Summary: Refactoring, no functional changes. Differential Revision: http://reviews.llvm.org/D20975 llvm-svn: 271740
* [libFuzzer] remove std::vector operations from hot paths, NFCKostya Serebryany2016-02-131-1/+2
| | | | llvm-svn: 260829
* [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global ↵Kostya Serebryany2016-02-131-6/+0
| | | | | | Fuzzer object for fuzzer::Mutate. This makes custom mutators fast llvm-svn: 260810
* [libFuzzer] simplify CTOR of MutationDispatcherKostya Serebryany2016-02-131-18/+18
| | | | llvm-svn: 260800
* [libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC)Kostya Serebryany2016-02-131-132/+37
| | | | llvm-svn: 260799
* [libFuzzer] get rid of UserSuppliedFuzzer; NFCKostya Serebryany2016-02-131-0/+7
| | | | llvm-svn: 260798
* [libFuzzer] simplify the code around Random. NFCKostya Serebryany2016-02-131-5/+5
| | | | llvm-svn: 260797
* [libFuzzer] add more fields to DictionaryEntry to count the number of uses ↵Kostya Serebryany2016-01-221-27/+50
| | | | | | and successes llvm-svn: 258589
* [libFuzzer] don't use std::vector in one more hot pathKostya Serebryany2016-01-211-6/+29
| | | | llvm-svn: 258380
* [libFuzzer] use std::mt19937 for generating random numbers by default. Fix ↵Kostya Serebryany2016-01-191-3/+2
| | | | | | MyStoll to handle negative values. Use std::any_of instead of std::find_if llvm-svn: 258178
* [libFuzzer] replace vector with a simpler data structure in the Dictionaries ↵Kostya Serebryany2016-01-161-26/+25
| | | | | | to avoid memory allocations on hot path llvm-svn: 257985
* [libFuzzer] suggest a dictionary to the user of some of the trace-based ↵Kostya Serebryany2016-01-141-13/+59
| | | | | | dictionary entries were successful llvm-svn: 257736
* [libFuzzer] when a new unit is discovered using a dictionary, print all used ↵Kostya Serebryany2016-01-121-2/+12
| | | | | | dictionary entries llvm-svn: 257435
* [libFuzzer] change the way trace-based mutations are applied. Instead of a ↵Kostya Serebryany2016-01-091-0/+6
| | | | | | custom code just rely on the automatically created dictionary llvm-svn: 257248
* [libFuzzer] add a position hint to the dictionary-based mutatorKostya Serebryany2016-01-071-20/+50
| | | | llvm-svn: 257013
* [libFuzzer] extend the dictionary mutator to optionally overwrite data with ↵Kostya Serebryany2016-01-061-5/+12
| | | | | | the dict entry llvm-svn: 256900
* [libFuzzer] make CrossOver just one of the other mutationsKostya Serebryany2015-12-191-0/+23
| | | | llvm-svn: 256081
* [libFuzzer] print successfull mutations sequencesKostya Serebryany2015-12-191-13/+30
| | | | llvm-svn: 256071
* [libFuzzer] fix 32-bit buildKostya Serebryany2015-10-081-1/+1
| | | | llvm-svn: 249646
* [libFuzzer] add one more mutator: Mutate_ChangeASCIIIntegerKostya Serebryany2015-09-081-0/+34
| | | | llvm-svn: 247027
* [libFuzzer] when a single mutation fails try a few more times with other ↵Kostya Serebryany2015-09-041-7/+14
| | | | | | mutations before returning un-mutated data llvm-svn: 246828
* [libFuzzer] actually make the dictionaries work (+docs)Kostya Serebryany2015-09-041-7/+47
| | | | llvm-svn: 246825
* [libFuzzer] refactor the mutation functions so that they are now methods of ↵Kostya Serebryany2015-09-031-17/+16
| | | | | | a class. NFC llvm-svn: 246808
* [libFuzzer] add one more mutation strategy: byte shufflingKostya Serebryany2015-08-061-1/+15
| | | | llvm-svn: 244188
* [libFuzzer] more refactoring of the Mutator and adding tests to itKostya Serebryany2015-08-011-13/+28
| | | | llvm-svn: 243818
* [libFuzzer] start refactoring the Mutator and adding tests to itKostya Serebryany2015-08-011-7/+11
| | | | llvm-svn: 243817
* [libFuzzer] allow users to supply their own implementation of randKostya Serebryany2015-07-241-12/+13
| | | | llvm-svn: 243078
* [lib/Fuzzer] extend the fuzzer interface to allow user-supplied mutatorsKostya Serebryany2015-05-221-24/+25
| | | | llvm-svn: 238059
* [fuzzer] properly annotate fallthrough, add one more entry to FAQKostya Serebryany2015-02-191-1/+1
| | | | llvm-svn: 229880
* [fuzzer] make multi-process execution more verbose; fix mutation to actually ↵Kostya Serebryany2015-02-041-8/+16
| | | | | | respect mutation depth and to never produce empty units llvm-svn: 228170
* Reverting r227452, which adds back the fuzzer library. Now excluding the ↵Aaron Ballman2015-01-291-0/+62
| | | | | | fuzzer library based on LLVM_USE_SANITIZE_COVERAGE being set or unset. llvm-svn: 227464
OpenPOWER on IntegriCloud