summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerTracePC.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] do not initialize parts of TracePC -- let them be initialized by ↵Kostya Serebryany2016-11-111-0/+3
| | | | | | the linker. Add no-msan attribute to the memcmp hook. llvm-svn: 286665
* [libFuzzer] speculatively trying to fix the Mac build; second attemptKostya Serebryany2016-10-271-1/+4
| | | | llvm-svn: 285262
* [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing ↵Kostya Serebryany2016-10-261-21/+2
| | | | | | with -exit_on_src_pos, symbolize every PC only once llvm-svn: 285223
* [libFuzzer] simplify the code in TracePC::HandleTrace a bit moreKostya Serebryany2016-10-261-9/+5
| | | | llvm-svn: 285147
* [libFuzzer] simplify the code to print new PCsKostya Serebryany2016-10-261-0/+10
| | | | llvm-svn: 285145
* [libFuzzer] simplify the code in TracePC::HandleTraceKostya Serebryany2016-10-251-1/+8
| | | | llvm-svn: 285142
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-251-49/+0
| | | | | | available, add a test llvm-svn: 285049
* [libFuzzer] extend -print_coverage to also print uncovered lines, functions, ↵Kostya Serebryany2016-10-191-2/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and files. Example of output: COVERAGE: COVERED: in DSO2(int) /pathto/DSO2.cpp:6 COVERED: in DSO2(int) /pathto/DSO2.cpp:8 COVERED: in DSO1(int) /pathto/DSO1.cpp:6 COVERED: in DSO1(int) /pathto/DSO1.cpp:8 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26 MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9 UNCOVERED_FUNC: in Uncovered1() MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9 UNCOVERED_FUNC: in Uncovered2() MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21 UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27 UNCOVERED_FILE: /pathto/DSOTestExtra.cpp Several things are not perfect here: * we are using objdump+awk instead of sancov because sancov does not support DSOs yet. * this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=... (need to implement another API to get the module name by PC) llvm-svn: 284554
* [libFuzzer] swap bytes in integers when handling CMP tracesKostya Serebryany2016-10-151-10/+10
| | | | llvm-svn: 284301
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-1/+53
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a ↵Kostya Serebryany2016-10-131-34/+21
| | | | | | fix for gcc build llvm-svn: 284132
* Revert "[libFuzzer] refactoring to speed things up, NFC"Daniel Jasper2016-10-121-18/+33
| | | | | | | | | | | This reverts commit r283946. This breaks when build with GCC: lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes] lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here llvm-svn: 283979
* [libFuzzer] refactoring to speed things up, NFCKostya Serebryany2016-10-111-33/+18
| | | | llvm-svn: 283946
* [libFuzzer] implement value profile for switch, increase the size of the PCs ↵Kostya Serebryany2016-10-111-3/+8
| | | | | | array, make sure we don't overflow it llvm-svn: 283841
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-051-35/+35
| | | | llvm-svn: 283409
* [libFuzzer] add ShrinkValueProfileTest, move code around, NFCKostya Serebryany2016-10-051-0/+107
| | | | llvm-svn: 283286
* [libFuzzer] fix a recent bugs (buffer overflow)Kostya Serebryany2016-10-011-1/+1
| | | | llvm-svn: 283021
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-011-2/+10
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] more the feature set to InputCorpus; on feature update, change ↵Kostya Serebryany2016-09-301-25/+0
| | | | | | the feature counter of the old best input llvm-svn: 282829
* [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create ↵Kostya Serebryany2016-09-291-8/+8
| | | | | | one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735
* [libFuzzer] speedup TracePC::FinalizeTraceKostya Serebryany2016-09-281-14/+21
| | | | llvm-svn: 282562
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-2/+2
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] simplify HandleTrace again, start re-running interesting units ↵Kostya Serebryany2016-09-231-5/+36
| | | | | | and collecting their features. llvm-svn: 282316
* [libFuzzer] simplify the TracePC logicKostya Serebryany2016-09-231-21/+12
| | | | llvm-svn: 282222
* [libFuzzer] change ValueBitMap to remember the number of bits in itKostya Serebryany2016-09-231-8/+0
| | | | llvm-svn: 282216
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-2/+2
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] more refactoringKostya Serebryany2016-09-211-1/+2
| | | | llvm-svn: 282113
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-0/+1
| | | | llvm-svn: 282044
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-0/+11
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change ↵Kostya Serebryany2016-09-181-37/+32
| | | | | | the guard type to intptr_t; use separate array for 8-bit counters llvm-svn: 281845
* [libFuzzer] properly reset the guards when reseting the coverage. Also try ↵Kostya Serebryany2016-09-171-0/+8
| | | | | | to fix check-fuzzer on the bot llvm-svn: 281814
* [libFuzzer] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-171-28/+46
| | | | llvm-svn: 281810
* [libFuzzer] make caller-callee feedback work with trace-pc-guardKostya Serebryany2016-09-151-0/+12
| | | | llvm-svn: 281667
* [libFuzzer] implement print_pcs with trace-pc-guard. Change the ↵Kostya Serebryany2016-09-151-6/+18
| | | | | | trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) llvm-svn: 281577
* [libFuzzer] add 8-bit counters to trace-pc-guard handlerKostya Serebryany2016-09-151-9/+44
| | | | llvm-svn: 281568
* [libFuzzer] start using trace-pc-guard as an alternative source of coverageKostya Serebryany2016-09-141-23/+13
| | | | llvm-svn: 281435
* [libFuzzer] add more __attribute__((visibility("default")))Kostya Serebryany2016-08-181-0/+2
| | | | llvm-svn: 279143
* [libFuzzer] refactoring around PCMap, NFCKostya Serebryany2016-08-161-31/+10
| | | | llvm-svn: 278825
* [LibFuzzer] Provide stub implementation of __sanitizer_cov_trace_pc_indirDan Liew2016-06-061-1/+9
| | | | | | | | | | | | | Calls to this function are currently injected by the ``SanitizerCoverageModule`` pass when the both the ``indirect-calls`` and ``trace-pc`` sanitizer coverage options are enabled and the code being instrumented has indirect calls. Previously because LibFuzzer did not define this function this would lead to link errors when building some of the tests on OSX. Differential Revision: http://reviews.llvm.org/D20946 llvm-svn: 271938
* [libfuzzer] Refactoring coverage state-management code.Mike Aizatsky2016-05-101-20/+24
| | | | | | | | | It is now less state-dependent and will allow easier comparing of coverages of different units. Differential Revision: http://reviews.llvm.org/D20085 llvm-svn: 269140
* [libFuzzer] speedup path coverage handlingKostya Serebryany2016-02-271-18/+18
| | | | llvm-svn: 262102
* [libFuzzer] initial implementation of path coverage based on ↵Kostya Serebryany2016-02-261-0/+59
-fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds llvm-svn: 262073
OpenPOWER on IntegriCloud