summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerMutate.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] mutate empty input using the regular mutators (instead of a ↵Kostya Serebryany2017-01-231-14/+5
| | | | | | custom dummy one). This way when we mutate an empty input there is a chance we will get a dictionary word llvm-svn: 292843
* [libFuzzer] ensure that entries in PersistentAutoDictionary are not emptyKostya Serebryany2017-01-191-0/+3
| | | | llvm-svn: 292520
* [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the ↵Kostya Serebryany2017-01-171-13/+38
| | | | | | code between cmp and memcmp handling) llvm-svn: 292287
* [libFuzzer] don't create large random mutations when given an empty seedKostya Serebryany2016-12-271-1/+1
| | | | llvm-svn: 290634
* Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 ↵Daniel Jasper2016-12-171-0/+7
| | | | | | | | | | | that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" This reverts commit r289998. See comment: https://reviews.llvm.org/rL289998 llvm-svn: 290043
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-161-7/+0
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code llvm-svn: 289998
* Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner2016-12-021-1/+1
| | | | | | | | This resubmits r288529, which was resubmitted because it broke a fuzzer bot. According to kcc@ the test that broke was flakey and it is unlikely to be a result of this patch. llvm-svn: 288549
* Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner2016-12-021-1/+1
| | | | | | | This reverts commit r288529, as it seems to introduce some problems on the Linux bots. llvm-svn: 288533
* [LibFuzzer] Split FuzzerUtil for Posix and Windows.Zachary Turner2016-12-021-1/+1
| | | | | | | | | | Pave the way for separating out platform specific utility functions into separate files. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27234 llvm-svn: 288529
* [LibFuzzer] Split up some functions among different headers.Zachary Turner2016-11-301-2/+1
| | | | | | | | | | | | | | | | | | | | | In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
* [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the ↵Kostya Serebryany2016-10-251-11/+3
| | | | | | desired bytes. Add another test for use_cmp llvm-svn: 285109
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-251-18/+92
| | | | | | available, add a test llvm-svn: 285049
* [libFuzzer] mutation: insert the size of the input in bytes as one of the ↵Kostya Serebryany2016-10-221-9/+15
| | | | | | ways to mutate a binary integer llvm-svn: 284909
* [libFuzzer] swap bytes in integers when handling CMP tracesKostya Serebryany2016-10-151-5/+0
| | | | llvm-svn: 284301
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-3/+12
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-5/+12
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-1/+0
| | | | llvm-svn: 282121
* [libFuzzer] more refactoring; NFCKostya Serebryany2016-09-211-1/+5
| | | | llvm-svn: 282047
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-1/+5
| | | | llvm-svn: 282044
* [libFuzzer] fix the non-debug build warningsKostya Serebryany2016-08-191-1/+2
| | | | llvm-svn: 279321
* [libFuzzer] given 0 and 255 more preference when inserting repeated bytesKostya Serebryany2016-08-171-1/+2
| | | | llvm-svn: 278986
* [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage ↵Kostya Serebryany2016-08-171-1/+38
| | | | | | from r278970 llvm-svn: 278982
* Replace a few more "fall through" comments with LLVM_FALLTHROUGHJustin Bogner2016-08-171-1/+1
| | | | | | Follow up to r278902. I had missed "fall through", with a space. llvm-svn: 278970
* [libFuzzer] more mutationsKostya Serebryany2016-08-171-18/+69
| | | | llvm-svn: 278950
* [libFuzzer] add InsertRepeatedBytes and EraseBytes.Kostya Serebryany2016-08-151-7/+29
| | | | | | | | | | | | | New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-151-3/+2
| | | | llvm-svn: 275648
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-231-1/+7
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew2016-06-071-4/+4
| | | | | | | | | | | | | | | | | | | | | | | This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
* [libfuzzer] custom crossover interface function.Mike Aizatsky2016-06-071-0/+23
| | | | | | Differential Revision: http://reviews.llvm.org/D21089 llvm-svn: 272054
* [libfuzzer] hiding custom mutator handling in MutationDispatcher.Mike Aizatsky2016-06-031-19/+42
| | | | | | | | Summary: Refactoring, no functional changes. Differential Revision: http://reviews.llvm.org/D20975 llvm-svn: 271740
* [libFuzzer] remove std::vector operations from hot paths, NFCKostya Serebryany2016-02-131-1/+2
| | | | llvm-svn: 260829
* [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global ↵Kostya Serebryany2016-02-131-6/+0
| | | | | | Fuzzer object for fuzzer::Mutate. This makes custom mutators fast llvm-svn: 260810
* [libFuzzer] simplify CTOR of MutationDispatcherKostya Serebryany2016-02-131-18/+18
| | | | llvm-svn: 260800
* [libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC)Kostya Serebryany2016-02-131-132/+37
| | | | llvm-svn: 260799
* [libFuzzer] get rid of UserSuppliedFuzzer; NFCKostya Serebryany2016-02-131-0/+7
| | | | llvm-svn: 260798
* [libFuzzer] simplify the code around Random. NFCKostya Serebryany2016-02-131-5/+5
| | | | llvm-svn: 260797
* [libFuzzer] add more fields to DictionaryEntry to count the number of uses ↵Kostya Serebryany2016-01-221-27/+50
| | | | | | and successes llvm-svn: 258589
* [libFuzzer] don't use std::vector in one more hot pathKostya Serebryany2016-01-211-6/+29
| | | | llvm-svn: 258380
* [libFuzzer] use std::mt19937 for generating random numbers by default. Fix ↵Kostya Serebryany2016-01-191-3/+2
| | | | | | MyStoll to handle negative values. Use std::any_of instead of std::find_if llvm-svn: 258178
* [libFuzzer] replace vector with a simpler data structure in the Dictionaries ↵Kostya Serebryany2016-01-161-26/+25
| | | | | | to avoid memory allocations on hot path llvm-svn: 257985
* [libFuzzer] suggest a dictionary to the user of some of the trace-based ↵Kostya Serebryany2016-01-141-13/+59
| | | | | | dictionary entries were successful llvm-svn: 257736
* [libFuzzer] when a new unit is discovered using a dictionary, print all used ↵Kostya Serebryany2016-01-121-2/+12
| | | | | | dictionary entries llvm-svn: 257435
* [libFuzzer] change the way trace-based mutations are applied. Instead of a ↵Kostya Serebryany2016-01-091-0/+6
| | | | | | custom code just rely on the automatically created dictionary llvm-svn: 257248
* [libFuzzer] add a position hint to the dictionary-based mutatorKostya Serebryany2016-01-071-20/+50
| | | | llvm-svn: 257013
* [libFuzzer] extend the dictionary mutator to optionally overwrite data with ↵Kostya Serebryany2016-01-061-5/+12
| | | | | | the dict entry llvm-svn: 256900
* [libFuzzer] make CrossOver just one of the other mutationsKostya Serebryany2015-12-191-0/+23
| | | | llvm-svn: 256081
* [libFuzzer] print successfull mutations sequencesKostya Serebryany2015-12-191-13/+30
| | | | llvm-svn: 256071
* [libFuzzer] fix 32-bit buildKostya Serebryany2015-10-081-1/+1
| | | | llvm-svn: 249646
* [libFuzzer] add one more mutator: Mutate_ChangeASCIIIntegerKostya Serebryany2015-09-081-0/+34
| | | | llvm-svn: 247027
* [libFuzzer] when a single mutation fails try a few more times with other ↵Kostya Serebryany2015-09-041-7/+14
| | | | | | mutations before returning un-mutated data llvm-svn: 246828
OpenPOWER on IntegriCloud