summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerTracePC.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] disable -print_pcs by default (was enabled by mistake)Kostya Serebryany2017-01-031-0/+2
| | | | llvm-svn: 290899
* [libFuzzer] cleaner implementation of -print_pcs=1Kostya Serebryany2016-12-301-7/+12
| | | | llvm-svn: 290739
* [libFuzzer] make __sanitizer_cov_trace_switch more predictableKostya Serebryany2016-12-291-22/+17
| | | | llvm-svn: 290703
* [libfuzzer] dump_coverage command line flagMike Aizatsky2016-12-191-0/+5
| | | | | | | | Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138
* [libFuzzer] speed up __sanitizer_cov_trace_switch a bit more (remove DIV)Kostya Serebryany2016-12-171-1/+11
| | | | llvm-svn: 290034
* [libFuzzer] when tracing switch statements, handle only one case at a time ↵Kostya Serebryany2016-12-171-3/+13
| | | | | | (to make things faster). Also ensure that the signals from value profile do not intersect with the regular coverage llvm-svn: 290031
* [libFuzzer] avoid msan false positives in more casesKostya Serebryany2016-12-161-6/+2
| | | | llvm-svn: 289999
* [libFuzzer] disable msan for one more hook that reads target's data that ↵Kostya Serebryany2016-12-141-0/+3
| | | | | | might be uninitialized llvm-svn: 289680
* [libFuzzer] use __sanitizer_get_module_and_offset_for_pc to get the module ↵Kostya Serebryany2016-12-101-7/+12
| | | | | | name while printing the coverage llvm-svn: 289310
* [libFuzzer] refactor the code to allow collecting features in different ↵Kostya Serebryany2016-12-051-35/+0
| | | | | | ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( llvm-svn: 288731
* [libFuzzer] extend -print_coverage to print the comma-separated list of ↵Kostya Serebryany2016-11-301-1/+11
| | | | | | covered dirs. Note: the Windows stub for DirName is left unimplemented llvm-svn: 288276
* [LibFuzzer] Split up some functions among different headers.Zachary Turner2016-11-301-4/+4
| | | | | | | | | | | | | | | | | | | | | In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
* [libFuzzer] do not initialize parts of TracePC -- let them be initialized by ↵Kostya Serebryany2016-11-111-0/+3
| | | | | | the linker. Add no-msan attribute to the memcmp hook. llvm-svn: 286665
* [libFuzzer] speculatively trying to fix the Mac build; second attemptKostya Serebryany2016-10-271-1/+4
| | | | llvm-svn: 285262
* [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing ↵Kostya Serebryany2016-10-261-21/+2
| | | | | | with -exit_on_src_pos, symbolize every PC only once llvm-svn: 285223
* [libFuzzer] simplify the code in TracePC::HandleTrace a bit moreKostya Serebryany2016-10-261-9/+5
| | | | llvm-svn: 285147
* [libFuzzer] simplify the code to print new PCsKostya Serebryany2016-10-261-0/+10
| | | | llvm-svn: 285145
* [libFuzzer] simplify the code in TracePC::HandleTraceKostya Serebryany2016-10-251-1/+8
| | | | llvm-svn: 285142
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-251-49/+0
| | | | | | available, add a test llvm-svn: 285049
* [libFuzzer] extend -print_coverage to also print uncovered lines, functions, ↵Kostya Serebryany2016-10-191-2/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and files. Example of output: COVERAGE: COVERED: in DSO2(int) /pathto/DSO2.cpp:6 COVERED: in DSO2(int) /pathto/DSO2.cpp:8 COVERED: in DSO1(int) /pathto/DSO1.cpp:6 COVERED: in DSO1(int) /pathto/DSO1.cpp:8 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26 MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9 UNCOVERED_FUNC: in Uncovered1() MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9 UNCOVERED_FUNC: in Uncovered2() MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21 UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27 UNCOVERED_FILE: /pathto/DSOTestExtra.cpp Several things are not perfect here: * we are using objdump+awk instead of sancov because sancov does not support DSOs yet. * this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=... (need to implement another API to get the module name by PC) llvm-svn: 284554
* [libFuzzer] swap bytes in integers when handling CMP tracesKostya Serebryany2016-10-151-10/+10
| | | | llvm-svn: 284301
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-1/+53
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a ↵Kostya Serebryany2016-10-131-34/+21
| | | | | | fix for gcc build llvm-svn: 284132
* Revert "[libFuzzer] refactoring to speed things up, NFC"Daniel Jasper2016-10-121-18/+33
| | | | | | | | | | | This reverts commit r283946. This breaks when build with GCC: lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes] lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here llvm-svn: 283979
* [libFuzzer] refactoring to speed things up, NFCKostya Serebryany2016-10-111-33/+18
| | | | llvm-svn: 283946
* [libFuzzer] implement value profile for switch, increase the size of the PCs ↵Kostya Serebryany2016-10-111-3/+8
| | | | | | array, make sure we don't overflow it llvm-svn: 283841
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-051-35/+35
| | | | llvm-svn: 283409
* [libFuzzer] add ShrinkValueProfileTest, move code around, NFCKostya Serebryany2016-10-051-0/+107
| | | | llvm-svn: 283286
* [libFuzzer] fix a recent bugs (buffer overflow)Kostya Serebryany2016-10-011-1/+1
| | | | llvm-svn: 283021
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-011-2/+10
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] more the feature set to InputCorpus; on feature update, change ↵Kostya Serebryany2016-09-301-25/+0
| | | | | | the feature counter of the old best input llvm-svn: 282829
* [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create ↵Kostya Serebryany2016-09-291-8/+8
| | | | | | one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735
* [libFuzzer] speedup TracePC::FinalizeTraceKostya Serebryany2016-09-281-14/+21
| | | | llvm-svn: 282562
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-2/+2
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] simplify HandleTrace again, start re-running interesting units ↵Kostya Serebryany2016-09-231-5/+36
| | | | | | and collecting their features. llvm-svn: 282316
* [libFuzzer] simplify the TracePC logicKostya Serebryany2016-09-231-21/+12
| | | | llvm-svn: 282222
* [libFuzzer] change ValueBitMap to remember the number of bits in itKostya Serebryany2016-09-231-8/+0
| | | | llvm-svn: 282216
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-2/+2
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] more refactoringKostya Serebryany2016-09-211-1/+2
| | | | llvm-svn: 282113
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-0/+1
| | | | llvm-svn: 282044
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-0/+11
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change ↵Kostya Serebryany2016-09-181-37/+32
| | | | | | the guard type to intptr_t; use separate array for 8-bit counters llvm-svn: 281845
* [libFuzzer] properly reset the guards when reseting the coverage. Also try ↵Kostya Serebryany2016-09-171-0/+8
| | | | | | to fix check-fuzzer on the bot llvm-svn: 281814
* [libFuzzer] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-171-28/+46
| | | | llvm-svn: 281810
* [libFuzzer] make caller-callee feedback work with trace-pc-guardKostya Serebryany2016-09-151-0/+12
| | | | llvm-svn: 281667
* [libFuzzer] implement print_pcs with trace-pc-guard. Change the ↵Kostya Serebryany2016-09-151-6/+18
| | | | | | trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) llvm-svn: 281577
* [libFuzzer] add 8-bit counters to trace-pc-guard handlerKostya Serebryany2016-09-151-9/+44
| | | | llvm-svn: 281568
* [libFuzzer] start using trace-pc-guard as an alternative source of coverageKostya Serebryany2016-09-141-23/+13
| | | | llvm-svn: 281435
* [libFuzzer] add more __attribute__((visibility("default")))Kostya Serebryany2016-08-181-0/+2
| | | | llvm-svn: 279143
* [libFuzzer] refactoring around PCMap, NFCKostya Serebryany2016-08-161-31/+10
| | | | llvm-svn: 278825
OpenPOWER on IntegriCloud