summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerMutate.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Delete llvm/lib/FuzzerVitaly Buka2017-10-161-533/+0
| | | | | | | | | | | | Summary: Code is already in compiler-rt Reviewers: kcc Subscribers: krytarowski, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D38912 llvm-svn: 315937
* [libFuzzer] remove stale code; NFCKostya Serebryany2017-07-141-17/+0
| | | | llvm-svn: 307980
* [libFuzzer] simplify the handling of memmem/strstrKostya Serebryany2017-07-141-1/+5
| | | | llvm-svn: 307977
* Sort the remaining #include lines in include/... and lib/....Chandler Carruth2017-06-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | I did this a long time ago with a janky python script, but now clang-format has built-in support for this. I fed clang-format every line with a #include and let it re-sort things according to the precise LLVM rules for include ordering baked into clang-format these days. I've reverted a number of files where the results of sorting includes isn't healthy. Either places where we have legacy code relying on particular include ordering (where possible, I'll fix these separately) or where we have particular formatting around #include lines that I didn't want to disturb in this patch. This patch is *entirely* mechanical. If you get merge conflicts or anything, just ignore the changes in this patch and run clang-format over your #include lines in the files. Sorry for any noise here, but it is important to keep these things stable. I was seeing an increasing number of patches with irrelevant re-ordering of #include lines because clang-format was used. This patch at least isolates that churn, makes it easy to skip when resolving conflicts, and gets us to a clean baseline (again). llvm-svn: 304787
* [libFuzzer] fix a warning from Wunreachable-code-loop-increment reported by ↵Kostya Serebryany2017-05-151-1/+1
| | | | | | Christian Holler. This also fixes a logical bug, which however does not affect the libFuzzer's ability too much (I wasn't able to create a differentiating test) llvm-svn: 303087
* [libFuzzer] fix a compiler warningKostya Serebryany2017-05-101-1/+2
| | | | llvm-svn: 302747
* [libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while ↵Kostya Serebryany2017-03-311-1/+1
| | | | | | calling mem*/str* inside libFuzzer itself llvm-svn: 299167
* Revert "[libFuzzer] Use ChooseUnitIdxToMutate to pick item for crossover."Vitaly Buka2017-03-151-1/+1
| | | | | | | | Fails LLVMFuzzer.LLVMFuzzer.value-profile-strncmp.test. This reverts commit r297891. llvm-svn: 297912
* [libFuzzer] Use ChooseUnitIdxToMutate to pick item for crossover.Vitaly Buka2017-03-151-1/+1
| | | | | | Differential Revision: https://reviews.llvm.org/D30683 llvm-svn: 297891
* [fuzzer] Don't crash if LLVMFuzzerMutate was called by CustomCrossOverVitaly Buka2017-03-071-2/+2
| | | | | | | | | | Reviewers: kcc Subscribers: llvm-commits, mgorny Differential Revision: https://reviews.llvm.org/D30682 llvm-svn: 297202
* [libFuzzer] replace std::random_shuffle with std::shuffle as ↵Kostya Serebryany2017-02-071-2/+1
| | | | | | std::random_shuffle is being deprecated in C++17. Also simplify fuzzer::Random. NFC llvm-svn: 294366
* [libFuzzer] make code less clever to avoid fallthrough in switch (and in ↵Kostya Serebryany2017-02-061-3/+3
| | | | | | turn avoid compiler warnings). NFC. Suggested by Christian Holler. llvm-svn: 294239
* [libFuzzer] mutate empty input using the regular mutators (instead of a ↵Kostya Serebryany2017-01-231-14/+5
| | | | | | custom dummy one). This way when we mutate an empty input there is a chance we will get a dictionary word llvm-svn: 292843
* [libFuzzer] ensure that entries in PersistentAutoDictionary are not emptyKostya Serebryany2017-01-191-0/+3
| | | | llvm-svn: 292520
* [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the ↵Kostya Serebryany2017-01-171-13/+38
| | | | | | code between cmp and memcmp handling) llvm-svn: 292287
* [libFuzzer] don't create large random mutations when given an empty seedKostya Serebryany2016-12-271-1/+1
| | | | llvm-svn: 290634
* Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 ↵Daniel Jasper2016-12-171-0/+7
| | | | | | | | | | | that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" This reverts commit r289998. See comment: https://reviews.llvm.org/rL289998 llvm-svn: 290043
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-161-7/+0
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code llvm-svn: 289998
* Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner2016-12-021-1/+1
| | | | | | | | This resubmits r288529, which was resubmitted because it broke a fuzzer bot. According to kcc@ the test that broke was flakey and it is unlikely to be a result of this patch. llvm-svn: 288549
* Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner2016-12-021-1/+1
| | | | | | | This reverts commit r288529, as it seems to introduce some problems on the Linux bots. llvm-svn: 288533
* [LibFuzzer] Split FuzzerUtil for Posix and Windows.Zachary Turner2016-12-021-1/+1
| | | | | | | | | | Pave the way for separating out platform specific utility functions into separate files. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27234 llvm-svn: 288529
* [LibFuzzer] Split up some functions among different headers.Zachary Turner2016-11-301-2/+1
| | | | | | | | | | | | | | | | | | | | | In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
* [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the ↵Kostya Serebryany2016-10-251-11/+3
| | | | | | desired bytes. Add another test for use_cmp llvm-svn: 285109
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-251-18/+92
| | | | | | available, add a test llvm-svn: 285049
* [libFuzzer] mutation: insert the size of the input in bytes as one of the ↵Kostya Serebryany2016-10-221-9/+15
| | | | | | ways to mutate a binary integer llvm-svn: 284909
* [libFuzzer] swap bytes in integers when handling CMP tracesKostya Serebryany2016-10-151-5/+0
| | | | llvm-svn: 284301
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-3/+12
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-5/+12
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-1/+0
| | | | llvm-svn: 282121
* [libFuzzer] more refactoring; NFCKostya Serebryany2016-09-211-1/+5
| | | | llvm-svn: 282047
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-1/+5
| | | | llvm-svn: 282044
* [libFuzzer] fix the non-debug build warningsKostya Serebryany2016-08-191-1/+2
| | | | llvm-svn: 279321
* [libFuzzer] given 0 and 255 more preference when inserting repeated bytesKostya Serebryany2016-08-171-1/+2
| | | | llvm-svn: 278986
* [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage ↵Kostya Serebryany2016-08-171-1/+38
| | | | | | from r278970 llvm-svn: 278982
* Replace a few more "fall through" comments with LLVM_FALLTHROUGHJustin Bogner2016-08-171-1/+1
| | | | | | Follow up to r278902. I had missed "fall through", with a space. llvm-svn: 278970
* [libFuzzer] more mutationsKostya Serebryany2016-08-171-18/+69
| | | | llvm-svn: 278950
* [libFuzzer] add InsertRepeatedBytes and EraseBytes.Kostya Serebryany2016-08-151-7/+29
| | | | | | | | | | | | | New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-151-3/+2
| | | | llvm-svn: 275648
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-231-1/+7
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew2016-06-071-4/+4
| | | | | | | | | | | | | | | | | | | | | | | This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
* [libfuzzer] custom crossover interface function.Mike Aizatsky2016-06-071-0/+23
| | | | | | Differential Revision: http://reviews.llvm.org/D21089 llvm-svn: 272054
* [libfuzzer] hiding custom mutator handling in MutationDispatcher.Mike Aizatsky2016-06-031-19/+42
| | | | | | | | Summary: Refactoring, no functional changes. Differential Revision: http://reviews.llvm.org/D20975 llvm-svn: 271740
* [libFuzzer] remove std::vector operations from hot paths, NFCKostya Serebryany2016-02-131-1/+2
| | | | llvm-svn: 260829
* [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global ↵Kostya Serebryany2016-02-131-6/+0
| | | | | | Fuzzer object for fuzzer::Mutate. This makes custom mutators fast llvm-svn: 260810
* [libFuzzer] simplify CTOR of MutationDispatcherKostya Serebryany2016-02-131-18/+18
| | | | llvm-svn: 260800
* [libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC)Kostya Serebryany2016-02-131-132/+37
| | | | llvm-svn: 260799
* [libFuzzer] get rid of UserSuppliedFuzzer; NFCKostya Serebryany2016-02-131-0/+7
| | | | llvm-svn: 260798
* [libFuzzer] simplify the code around Random. NFCKostya Serebryany2016-02-131-5/+5
| | | | llvm-svn: 260797
* [libFuzzer] add more fields to DictionaryEntry to count the number of uses ↵Kostya Serebryany2016-01-221-27/+50
| | | | | | and successes llvm-svn: 258589
* [libFuzzer] don't use std::vector in one more hot pathKostya Serebryany2016-01-211-6/+29
| | | | llvm-svn: 258380
OpenPOWER on IntegriCloud