summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerTracePC.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] improve support for inline-8bit-counters (make it more correct ↵Kostya Serebryany2017-07-281-0/+12
| | | | | | and faster) llvm-svn: 309443
* [libFuzzer] prototype implementation of recursion-depth coverage features ↵Kostya Serebryany2017-07-201-0/+2
| | | | | | (commented out; real implementation needs to use inlined instrumentation) llvm-svn: 308577
* [libFuzzer] simplify the handling of memmem/strstrKostya Serebryany2017-07-141-0/+23
| | | | llvm-svn: 307977
* [libFuzzer] move code around; NFCKostya Serebryany2017-07-131-0/+60
| | | | llvm-svn: 307973
* [libFuzzer] initial support of -fsanitize-coverage=inline-8bit-counters in ↵Kostya Serebryany2017-06-131-0/+23
| | | | | | libFuzzer. This is not fully functional yet, but simple tests work llvm-svn: 305331
* Sort the remaining #include lines in include/... and lib/....Chandler Carruth2017-06-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | I did this a long time ago with a janky python script, but now clang-format has built-in support for this. I fed clang-format every line with a #include and let it re-sort things according to the precise LLVM rules for include ordering baked into clang-format these days. I've reverted a number of files where the results of sorting includes isn't healthy. Either places where we have legacy code relying on particular include ordering (where possible, I'll fix these separately) or where we have particular formatting around #include lines that I didn't want to disturb in this patch. This patch is *entirely* mechanical. If you get merge conflicts or anything, just ignore the changes in this patch and run clang-format over your #include lines in the files. Sorry for any noise here, but it is important to keep these things stable. I was seeing an increasing number of patches with irrelevant re-ordering of #include lines because clang-format was used. This patch at least isolates that churn, makes it easy to skip when resolving conflicts, and gets us to a clean baseline (again). llvm-svn: 304787
* [libFuzzer] best effort support for -fsanitize-coverage=trace-pc ↵Kostya Serebryany2017-03-301-0/+11
| | | | | | instrumentation. It is less efficient and precise than -fsanitize-coverage=trace-pc-guard, but still works llvm-svn: 299046
* [libFuzzer] create experimental support for user-provided coverage signalKostya Serebryany2017-03-231-1/+1
| | | | llvm-svn: 298654
* [libFuzzer] inline the code of __sanitizer_cov_trace_pc_guard into itKostya Serebryany2017-03-171-8/+3
| | | | llvm-svn: 298032
* [libFuzzer] Use stoull instead of stol to ensure 64 bits.Marcos Pividori2017-02-101-2/+2
| | | | | | Differential revision: https://reviews.llvm.org/D29831 llvm-svn: 294769
* [libFuzzer] Use long long to ensure 64 bits.Marcos Pividori2017-02-081-1/+1
| | | | | | | | | | We should always use unsigned long long to ensure 64 bits. On Windows, unsigned long is 4 bytes. This was the reason why value-profile-cmp4.test was failing on Windows. Differential Revision: https://reviews.llvm.org/D29617 llvm-svn: 294390
* [libFuzzer] properly hide the memcmp interceptor from msanKostya Serebryany2017-02-031-1/+1
| | | | llvm-svn: 294061
* [libfuzzer] chromium-related compilation fixesMike Aizatsky2017-02-031-2/+4
| | | | | | | | Reviewers: kcc Differential Revision: https://reviews.llvm.org/D29502 llvm-svn: 294035
* [libFuzzer] reorganize the tracing code to make it easier to experiment with ↵Kostya Serebryany2017-02-021-14/+30
| | | | | | inlined coverage instrumentation. NFC llvm-svn: 293928
* [libFuzzer] simplify the value profiling callback further: don't use (idx ↵Kostya Serebryany2017-01-271-1/+1
| | | | | | MOD prime) on the hot path where it is useless anyway llvm-svn: 293239
* [libFuzzer] make sure (again) that __builtin_popcountl is compiled into popcntKostya Serebryany2017-01-271-0/+8
| | | | llvm-svn: 293237
* [libFuzzer] simplify the value profile code and disable asan/msan on itKostya Serebryany2017-01-271-4/+15
| | | | llvm-svn: 293236
* [libFuzzer] further simplify __sanitizer_cov_trace_pc_guardKostya Serebryany2017-01-261-2/+2
| | | | llvm-svn: 293128
* [libFuzzer] simplify the code for __sanitizer_cov_trace_pc_guard and make ↵Kostya Serebryany2017-01-261-4/+13
| | | | | | sure it is not asan/msan-instrumented llvm-svn: 293125
* [libFuzzer] don't call GetPreviousInstructionPc on the hot path -- only when ↵Kostya Serebryany2017-01-261-18/+22
| | | | | | dumping the PCs llvm-svn: 293117
* [libFuzzer] make sure we use the feedback from std::string operator ==Kostya Serebryany2017-01-231-1/+4
| | | | llvm-svn: 292835
* [libFuzzer] Portably disassemble and find calls to sanitizer_cov_trace_pc_guard.Marcos Pividori2017-01-221-2/+7
| | | | | | | | | | Instead of directly using objdump, which is not present on Windows, we consider different tools depending on the platform. For Windows, we consider dumpbin and llvm-objdump. Differential Revision: https://reviews.llvm.org/D28635 llvm-svn: 292739
* [libFuzzer] Portable implementation of `IsInterestingCoverageFile()`.Marcos Pividori2017-01-221-12/+0
| | | | | | | | For Posix systems and Windows, we need to consider different cases. Differential Revision: https://reviews.llvm.org/D28633 llvm-svn: 292738
* [libFuzzer] Expose Sanitizer Coverage functions from libFuzzer.Marcos Pividori2017-01-221-12/+16
| | | | | | | | | We need to expose Sanitizer Coverage's functions that are rewritten with a different implementation, so compiler-rt's libraries have access to it. Differential Revision: https://reviews.llvm.org/D28618 llvm-svn: 292736
* [libFuzzer] fix gcc buildKostya Serebryany2017-01-211-1/+0
| | | | llvm-svn: 292695
* [libFuzzer] call __sanitizer_dump_coverage via EFKostya Serebryany2017-01-201-1/+2
| | | | llvm-svn: 292681
* [libfuzzer] fixing collected pc addresses for coverageMike Aizatsky2017-01-171-17/+26
| | | | | | | | | | | | Summary: The causes google/ossfuzz#84 Reviewers: kcc Subscribers: mgorny Differential Revision: https://reviews.llvm.org/D28827 llvm-svn: 292289
* [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the ↵Kostya Serebryany2017-01-171-25/+14
| | | | | | code between cmp and memcmp handling) llvm-svn: 292287
* [libFuzzer] disable -print_pcs by default (was enabled by mistake)Kostya Serebryany2017-01-031-0/+2
| | | | llvm-svn: 290899
* [libFuzzer] cleaner implementation of -print_pcs=1Kostya Serebryany2016-12-301-7/+12
| | | | llvm-svn: 290739
* [libFuzzer] make __sanitizer_cov_trace_switch more predictableKostya Serebryany2016-12-291-22/+17
| | | | llvm-svn: 290703
* [libfuzzer] dump_coverage command line flagMike Aizatsky2016-12-191-0/+5
| | | | | | | | Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138
* [libFuzzer] speed up __sanitizer_cov_trace_switch a bit more (remove DIV)Kostya Serebryany2016-12-171-1/+11
| | | | llvm-svn: 290034
* [libFuzzer] when tracing switch statements, handle only one case at a time ↵Kostya Serebryany2016-12-171-3/+13
| | | | | | (to make things faster). Also ensure that the signals from value profile do not intersect with the regular coverage llvm-svn: 290031
* [libFuzzer] avoid msan false positives in more casesKostya Serebryany2016-12-161-6/+2
| | | | llvm-svn: 289999
* [libFuzzer] disable msan for one more hook that reads target's data that ↵Kostya Serebryany2016-12-141-0/+3
| | | | | | might be uninitialized llvm-svn: 289680
* [libFuzzer] use __sanitizer_get_module_and_offset_for_pc to get the module ↵Kostya Serebryany2016-12-101-7/+12
| | | | | | name while printing the coverage llvm-svn: 289310
* [libFuzzer] refactor the code to allow collecting features in different ↵Kostya Serebryany2016-12-051-35/+0
| | | | | | ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( llvm-svn: 288731
* [libFuzzer] extend -print_coverage to print the comma-separated list of ↵Kostya Serebryany2016-11-301-1/+11
| | | | | | covered dirs. Note: the Windows stub for DirName is left unimplemented llvm-svn: 288276
* [LibFuzzer] Split up some functions among different headers.Zachary Turner2016-11-301-4/+4
| | | | | | | | | | | | | | | | | | | | | In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
* [libFuzzer] do not initialize parts of TracePC -- let them be initialized by ↵Kostya Serebryany2016-11-111-0/+3
| | | | | | the linker. Add no-msan attribute to the memcmp hook. llvm-svn: 286665
* [libFuzzer] speculatively trying to fix the Mac build; second attemptKostya Serebryany2016-10-271-1/+4
| | | | llvm-svn: 285262
* [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing ↵Kostya Serebryany2016-10-261-21/+2
| | | | | | with -exit_on_src_pos, symbolize every PC only once llvm-svn: 285223
* [libFuzzer] simplify the code in TracePC::HandleTrace a bit moreKostya Serebryany2016-10-261-9/+5
| | | | llvm-svn: 285147
* [libFuzzer] simplify the code to print new PCsKostya Serebryany2016-10-261-0/+10
| | | | llvm-svn: 285145
* [libFuzzer] simplify the code in TracePC::HandleTraceKostya Serebryany2016-10-251-1/+8
| | | | llvm-svn: 285142
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-251-49/+0
| | | | | | available, add a test llvm-svn: 285049
* [libFuzzer] extend -print_coverage to also print uncovered lines, functions, ↵Kostya Serebryany2016-10-191-2/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and files. Example of output: COVERAGE: COVERED: in DSO2(int) /pathto/DSO2.cpp:6 COVERED: in DSO2(int) /pathto/DSO2.cpp:8 COVERED: in DSO1(int) /pathto/DSO1.cpp:6 COVERED: in DSO1(int) /pathto/DSO1.cpp:8 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26 MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9 UNCOVERED_FUNC: in Uncovered1() MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9 UNCOVERED_FUNC: in Uncovered2() MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21 UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27 UNCOVERED_FILE: /pathto/DSOTestExtra.cpp Several things are not perfect here: * we are using objdump+awk instead of sancov because sancov does not support DSOs yet. * this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=... (need to implement another API to get the module name by PC) llvm-svn: 284554
* [libFuzzer] swap bytes in integers when handling CMP tracesKostya Serebryany2016-10-151-10/+10
| | | | llvm-svn: 284301
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-1/+53
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
OpenPOWER on IntegriCloud