summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerTracePC.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-051-35/+35
| | | | llvm-svn: 283409
* [libFuzzer] add ShrinkValueProfileTest, move code around, NFCKostya Serebryany2016-10-051-0/+107
| | | | llvm-svn: 283286
* [libFuzzer] fix a recent bugs (buffer overflow)Kostya Serebryany2016-10-011-1/+1
| | | | llvm-svn: 283021
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-011-2/+10
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] more the feature set to InputCorpus; on feature update, change ↵Kostya Serebryany2016-09-301-25/+0
| | | | | | the feature counter of the old best input llvm-svn: 282829
* [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create ↵Kostya Serebryany2016-09-291-8/+8
| | | | | | one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735
* [libFuzzer] speedup TracePC::FinalizeTraceKostya Serebryany2016-09-281-14/+21
| | | | llvm-svn: 282562
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-2/+2
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] simplify HandleTrace again, start re-running interesting units ↵Kostya Serebryany2016-09-231-5/+36
| | | | | | and collecting their features. llvm-svn: 282316
* [libFuzzer] simplify the TracePC logicKostya Serebryany2016-09-231-21/+12
| | | | llvm-svn: 282222
* [libFuzzer] change ValueBitMap to remember the number of bits in itKostya Serebryany2016-09-231-8/+0
| | | | llvm-svn: 282216
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-2/+2
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] more refactoringKostya Serebryany2016-09-211-1/+2
| | | | llvm-svn: 282113
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-0/+1
| | | | llvm-svn: 282044
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-0/+11
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change ↵Kostya Serebryany2016-09-181-37/+32
| | | | | | the guard type to intptr_t; use separate array for 8-bit counters llvm-svn: 281845
* [libFuzzer] properly reset the guards when reseting the coverage. Also try ↵Kostya Serebryany2016-09-171-0/+8
| | | | | | to fix check-fuzzer on the bot llvm-svn: 281814
* [libFuzzer] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-171-28/+46
| | | | llvm-svn: 281810
* [libFuzzer] make caller-callee feedback work with trace-pc-guardKostya Serebryany2016-09-151-0/+12
| | | | llvm-svn: 281667
* [libFuzzer] implement print_pcs with trace-pc-guard. Change the ↵Kostya Serebryany2016-09-151-6/+18
| | | | | | trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) llvm-svn: 281577
* [libFuzzer] add 8-bit counters to trace-pc-guard handlerKostya Serebryany2016-09-151-9/+44
| | | | llvm-svn: 281568
* [libFuzzer] start using trace-pc-guard as an alternative source of coverageKostya Serebryany2016-09-141-23/+13
| | | | llvm-svn: 281435
* [libFuzzer] add more __attribute__((visibility("default")))Kostya Serebryany2016-08-181-0/+2
| | | | llvm-svn: 279143
* [libFuzzer] refactoring around PCMap, NFCKostya Serebryany2016-08-161-31/+10
| | | | llvm-svn: 278825
* [LibFuzzer] Provide stub implementation of __sanitizer_cov_trace_pc_indirDan Liew2016-06-061-1/+9
| | | | | | | | | | | | | Calls to this function are currently injected by the ``SanitizerCoverageModule`` pass when the both the ``indirect-calls`` and ``trace-pc`` sanitizer coverage options are enabled and the code being instrumented has indirect calls. Previously because LibFuzzer did not define this function this would lead to link errors when building some of the tests on OSX. Differential Revision: http://reviews.llvm.org/D20946 llvm-svn: 271938
* [libfuzzer] Refactoring coverage state-management code.Mike Aizatsky2016-05-101-20/+24
| | | | | | | | | It is now less state-dependent and will allow easier comparing of coverages of different units. Differential Revision: http://reviews.llvm.org/D20085 llvm-svn: 269140
* [libFuzzer] speedup path coverage handlingKostya Serebryany2016-02-271-18/+18
| | | | llvm-svn: 262102
* [libFuzzer] initial implementation of path coverage based on ↵Kostya Serebryany2016-02-261-0/+59
-fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds llvm-svn: 262073
OpenPOWER on IntegriCloud