summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerTracePC.h
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Delete llvm/lib/FuzzerVitaly Buka2017-10-161-257/+0
| | | | | | | | | | | | Summary: Code is already in compiler-rt Reviewers: kcc Subscribers: krytarowski, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D38912 llvm-svn: 315937
* [SanitizerCoverage] Add stack depth tracing instrumentation.Matt Morehouse2017-08-181-14/+3
| | | | | | | | | | | | | | | | | | | | | | Summary: Augment SanitizerCoverage to insert maximum stack depth tracing for use by libFuzzer. The new instrumentation is enabled by the flag -fsanitize-coverage=stack-depth and is compatible with the existing trace-pc-guard coverage. The user must also declare the following global variable in their code: thread_local uintptr_t __sancov_lowest_stack https://bugs.llvm.org/show_bug.cgi?id=33857 Reviewers: vitalybuka, kcc Reviewed By: vitalybuka Subscribers: kubamracek, hiraditya, cfe-commits, llvm-commits Differential Revision: https://reviews.llvm.org/D36839 llvm-svn: 311186
* [libFuzzer] experimental support for Clang's coverage ↵Kostya Serebryany2017-08-111-9/+24
| | | | | | (fprofile-instr-generate), Linux-only llvm-svn: 310771
* [libFuzzer] simplify code, NFCKostya Serebryany2017-08-081-4/+3
| | | | llvm-svn: 310326
* [libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) ↵Kostya Serebryany2017-08-041-0/+7
| | | | | | to implement -exit_on_src_pos llvm-svn: 310151
* [libFuzzer] print PCs using the in-binary PC-table instead of relying on PCs ↵Kostya Serebryany2017-08-041-3/+2
| | | | | | captured at run-time llvm-svn: 310148
* [libFuzzer] implement more correct way of computing feature index for ↵Kostya Serebryany2017-08-011-10/+15
| | | | | | Inline8bitCounters llvm-svn: 309647
* [libFuzzer] enable -fsanitize-coverage=pc-table for all testsKostya Serebryany2017-08-011-1/+2
| | | | llvm-svn: 309646
* [libFuzzer] implement __sanitizer_cov_pcs_init and add pc-table to build ↵Kostya Serebryany2017-07-311-0/+5
| | | | | | flags for one test (for now) llvm-svn: 309615
* [libFuzzer] improve support for inline-8bit-counters (make it more correct ↵Kostya Serebryany2017-07-281-2/+8
| | | | | | and faster) llvm-svn: 309443
* [libFuzzer] don't disable msan for TracePC::CollectFeatures: this started to ↵Kostya Serebryany2017-07-251-1/+1
| | | | | | cause false positives in msan. No tests for libFuzzer+msan yet -- tests will need to wait until we move libFuzzer to compiler-rt llvm-svn: 309038
* [libFuzzer] prototype implementation of recursion-depth coverage features ↵Kostya Serebryany2017-07-201-2/+23
| | | | | | (commented out; real implementation needs to use inlined instrumentation) llvm-svn: 308577
* [libFuzzer] simplify the handling of memmem/strstrKostya Serebryany2017-07-141-0/+23
| | | | llvm-svn: 307977
* [libFuzzer] initial support of -fsanitize-coverage=inline-8bit-counters in ↵Kostya Serebryany2017-06-131-5/+30
| | | | | | libFuzzer. This is not fully functional yet, but simple tests work llvm-svn: 305331
* [libFuzzer] simplify the code a bitKostya Serebryany2017-03-311-8/+4
| | | | llvm-svn: 299180
* [libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while ↵Kostya Serebryany2017-03-311-1/+1
| | | | | | calling mem*/str* inside libFuzzer itself llvm-svn: 299167
* [libFuzzer] best effort support for -fsanitize-coverage=trace-pc ↵Kostya Serebryany2017-03-301-1/+5
| | | | | | instrumentation. It is less efficient and precise than -fsanitize-coverage=trace-pc-guard, but still works llvm-svn: 299046
* [libFuzzer] create experimental support for user-provided coverage signalKostya Serebryany2017-03-231-25/+38
| | | | llvm-svn: 298654
* [libFuzzer] inline the code of __sanitizer_cov_trace_pc_guard into itKostya Serebryany2017-03-171-1/+0
| | | | llvm-svn: 298032
* [libFuzzer] remove more stale codeKostya Serebryany2017-03-141-3/+0
| | | | llvm-svn: 297785
* [libFuzzer] don't clear Counters in TracePC::CollectFeatures since they will ↵Kostya Serebryany2017-03-141-3/+2
| | | | | | be cleared anyway in ResetMaps llvm-svn: 297783
* [libFuzzer] reorganize the tracing code to make it easier to experiment with ↵Kostya Serebryany2017-02-021-5/+6
| | | | | | inlined coverage instrumentation. NFC llvm-svn: 293928
* [libFuzzer] simplify the value profiling callback further: don't use (idx ↵Kostya Serebryany2017-01-271-4/+0
| | | | | | MOD prime) on the hot path where it is useless anyway llvm-svn: 293239
* [libFuzzer] simplify the value profile code and disable asan/msan on itKostya Serebryany2017-01-271-1/+1
| | | | llvm-svn: 293236
* [libFuzzer] further simplify __sanitizer_cov_trace_pc_guardKostya Serebryany2017-01-261-7/+5
| | | | llvm-svn: 293128
* [libfuzzer] fixing collected pc addresses for coverageMike Aizatsky2017-01-171-1/+1
| | | | | | | | | | | | Summary: The causes google/ossfuzz#84 Reviewers: kcc Subscribers: mgorny Differential Revision: https://reviews.llvm.org/D28827 llvm-svn: 292289
* [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the ↵Kostya Serebryany2017-01-171-6/+6
| | | | | | code between cmp and memcmp handling) llvm-svn: 292287
* [libFuzzer] cleaner implementation of -print_pcs=1Kostya Serebryany2016-12-301-0/+1
| | | | llvm-svn: 290739
* [libfuzzer] dump_coverage command line flagMike Aizatsky2016-12-191-0/+1
| | | | | | | | Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138
* [libFuzzer] when tracing switch statements, handle only one case at a time ↵Kostya Serebryany2016-12-171-1/+1
| | | | | | (to make things faster). Also ensure that the signals from value profile do not intersect with the regular coverage llvm-svn: 290031
* [libFuzzer] fix an UB (invalid shift) spotted by ubsan. The code worked fine ↵Kostya Serebryany2016-12-131-1/+1
| | | | | | by luck, because the way shifts actually work on clang+x86 llvm-svn: 289607
* [libFuzzer] Clean up headers and file formatting of LibFuzzer files.Marcos Pividori2016-12-131-2/+1
| | | | | | | | | | | | Reorganize #includes to follow LLVM Coding Standards. Include some missing headers. Required to use `Printf()`. Aside from that, this patch contains no functional change. It is purely a re-organization. Differential Revision: https://reviews.llvm.org/D27363 llvm-svn: 289560
* [libFuzzer] refactor the code to allow collecting features in different ↵Kostya Serebryany2016-12-051-1/+37
| | | | | | ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( llvm-svn: 288731
* [libFuzzer] do not initialize parts of TracePC -- let them be initialized by ↵Kostya Serebryany2016-11-111-2/+2
| | | | | | the linker. Add no-msan attribute to the memcmp hook. llvm-svn: 286665
* [libFuzzer] speculatively trying to fix the Mac build; second attemptKostya Serebryany2016-10-271-13/+0
| | | | llvm-svn: 285262
* [libFuzzer] revert 285259 -- hit commit too soonKostya Serebryany2016-10-271-4/+1
| | | | llvm-svn: 285260
* [libFuzzer] speculatively trying to fix the Mac buildKostya Serebryany2016-10-271-1/+4
| | | | llvm-svn: 285259
* [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing ↵Kostya Serebryany2016-10-261-2/+0
| | | | | | with -exit_on_src_pos, symbolize every PC only once llvm-svn: 285223
* [libFuzzer] simplify the code in TracePC::HandleTrace a bit moreKostya Serebryany2016-10-261-15/+5
| | | | llvm-svn: 285147
* [libFuzzer] simplify the code to print new PCsKostya Serebryany2016-10-261-0/+8
| | | | llvm-svn: 285145
* [libFuzzer] simplify the code in TracePC::HandleTraceKostya Serebryany2016-10-251-3/+1
| | | | llvm-svn: 285142
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-251-20/+12
| | | | | | available, add a test llvm-svn: 285049
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-0/+49
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a ↵Kostya Serebryany2016-10-131-2/+2
| | | | | | fix for gcc build llvm-svn: 284132
* Revert "[libFuzzer] refactoring to speed things up, NFC"Daniel Jasper2016-10-121-2/+2
| | | | | | | | | | | This reverts commit r283946. This breaks when build with GCC: lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes] lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here llvm-svn: 283979
* [libFuzzer] refactoring to speed things up, NFCKostya Serebryany2016-10-111-2/+2
| | | | llvm-svn: 283946
* [libFuzzer] implement value profile for switch, increase the size of the PCs ↵Kostya Serebryany2016-10-111-1/+1
| | | | | | array, make sure we don't overflow it llvm-svn: 283841
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-051-10/+5
| | | | llvm-svn: 283409
* [libFuzzer] add ShrinkValueProfileTest, move code around, NFCKostya Serebryany2016-10-051-0/+5
| | | | llvm-svn: 283286
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-011-1/+2
| | | | | | the corpus smaller, off by default llvm-svn: 282995
OpenPOWER on IntegriCloud