summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerTraceState.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly ↵Kostya Serebryany2016-09-091-46/+9
| | | | | | better llvm-svn: 281007
* [libFuzzer] stop using bits for memcmp's value profile -- seems to blow up ↵Kostya Serebryany2016-08-301-6/+6
| | | | | | the corpus too much llvm-svn: 280096
* [libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the ↵Kostya Serebryany2016-08-301-10/+18
| | | | | | fuzzer reaches the goal much faster, at least on the simple puzzles llvm-svn: 280054
* [libFuzzer] use trace-div and trace-gep for guided fuzzing, add testsKostya Serebryany2016-08-301-0/+21
| | | | llvm-svn: 280046
* [libFuzzer] use __attribute__((target("popcnt"))) only on x86_64Kostya Serebryany2016-08-241-1/+1
| | | | llvm-svn: 279601
* [libFuzzer] collect 64 states for value profile, not 65Kostya Serebryany2016-08-231-1/+5
| | | | llvm-svn: 279588
* [sanitizer-coverage/libFuzzer] instrument comparisons with ↵Kostya Serebryany2016-08-181-3/+48
| | | | | | __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer llvm-svn: 279027
* [libFuzzer] force proper popcnt instructionKostya Serebryany2016-08-171-0/+1
| | | | llvm-svn: 279002
* [libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany2016-08-161-5/+65
| | | | | | affect control flow and treats new values as new coverage. llvm-svn: 278839
* [libFuzzer] properly intercept memmemKostya Serebryany2016-07-191-1/+10
| | | | llvm-svn: 276006
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-151-1/+38
| | | | llvm-svn: 275648
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-231-4/+5
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* Fix compilation with GCC, which treats this as a constructor name not a typeRichard Smith2016-05-271-1/+1
| | | | | | name. (GCC is correct here per the latest language DRs.) llvm-svn: 271044
* [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFCKostya Serebryany2016-05-261-28/+24
| | | | llvm-svn: 270922
* [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in ↵Kostya Serebryany2016-05-261-2/+2
| | | | | | function declarations. Add a test for -only_ascii. NFC intended llvm-svn: 270900
* [libFuzzer] try to use max_len based on the items of the corpus instead of ↵Kostya Serebryany2016-03-121-10/+13
| | | | | | blindly defaulting to 64 bytes. llvm-svn: 263323
* libfuzzer: fix compiler warningsDmitry Vyukov2016-03-021-1/+1
| | | | | | | | - unused sigaction/setitimer result (used in assert) - unchecked fscanf return value - signed/unsigned comparison llvm-svn: 262472
* [libFuzzer] get rid of UserSuppliedFuzzer; NFCKostya Serebryany2016-02-131-7/+7
| | | | llvm-svn: 260798
* [libFuzzer] don't create too many trace-based mutations as it may be too slowKostya Serebryany2016-02-021-2/+18
| | | | llvm-svn: 259600
* [libFuzzer] don't do expensive memmem if the result will not be usedKostya Serebryany2016-01-221-0/+2
| | | | llvm-svn: 258462
* [libFuzzer] replace vector with a simpler data structure in the Dictionaries ↵Kostya Serebryany2016-01-161-15/+8
| | | | | | to avoid memory allocations on hot path llvm-svn: 257985
* [libFuzzer] do mutations based on memcmp/strcmp interceptors under a ↵Kostya Serebryany2016-01-151-18/+25
| | | | | | separate flag (-use_memcmp, default=1) llvm-svn: 257873
* [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra ↵Kostya Serebryany2016-01-131-17/+19
| | | | | | allocations llvm-svn: 257713
* [libFuzzer] make sure we find buffer overflow in the input buffer. ↵Kostya Serebryany2016-01-131-12/+15
| | | | | | Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) llvm-svn: 257701
* [libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKSKostya Serebryany2016-01-121-0/+8
| | | | llvm-svn: 257482
* [libFuzzer] when a new unit is discovered using a dictionary, print all used ↵Kostya Serebryany2016-01-121-22/+3
| | | | | | dictionary entries llvm-svn: 257435
* [libFuzzer] add various debug prints. Also don't mutate based on a cmp trace ↵Kostya Serebryany2016-01-121-5/+28
| | | | | | like (a eq a) or (a neq a) llvm-svn: 257434
* [libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive ↵Kostya Serebryany2016-01-121-3/+6
| | | | | | the result of the computations. With that, don't do any mutations if memcmp/etc returned 0 llvm-svn: 257423
* [libFuzzer] debug prints in tracingKostya Serebryany2016-01-091-2/+27
| | | | llvm-svn: 257249
* [libFuzzer] change the way trace-based mutations are applied. Instead of a ↵Kostya Serebryany2016-01-091-30/+15
| | | | | | custom code just rely on the automatically created dictionary llvm-svn: 257248
* [libFuzzer] don't limit memcmp tracing with 8 bytesKostya Serebryany2016-01-091-38/+76
| | | | llvm-svn: 257245
* [libFuzzer] refactor the way we collect cmp traces (don't use std::vector, ↵Kostya Serebryany2016-01-091-22/+35
| | | | | | don't limit with 8 bytes) llvm-svn: 257239
* [libFuzzer] make trace-based fuzzing not crash in presence of threadsKostya Serebryany2016-01-061-6/+15
| | | | llvm-svn: 256876
* [libFuzzer] remove default initializer as a workaround for ↵Kostya Serebryany2015-11-181-1/+1
| | | | | | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399. Don't need it anyway. llvm-svn: 253419
* [libFuzzer] Marking exported symbols as visible. Patch by Mike AizatskyKostya Serebryany2015-09-301-1/+2
| | | | llvm-svn: 248954
* [libFuzzer] refactor the code to allow building libFuzzer on platforms that ↵Kostya Serebryany2015-09-101-17/+14
| | | | | | don't have dfsan and don't support weak functions llvm-svn: 247321
* [libFuzzer] remove a piece of stale codeKostya Serebryany2015-09-081-41/+1
| | | | llvm-svn: 247067
* [libFuzzer] more accurate logic for traces, 80-char fixKostya Serebryany2015-09-041-6/+5
| | | | llvm-svn: 246888
* [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the ↵Kostya Serebryany2015-08-121-2/+1
| | | | | | trace-based-mutations are applied llvm-svn: 244712
* [libFuzzer] avoid build warnings in non-assert build (useful warning in this ↵Kostya Serebryany2015-08-051-1/+4
| | | | | | case) llvm-svn: 244177
* [libFuzzer] in dfsan mode, set labels every time we start recording traces ↵Kostya Serebryany2015-08-051-1/+3
| | | | | | as opposed to doing it at process startup. This ensures that the labels are fresh. llvm-svn: 244165
* [libFuzzer] use data-flow feedback from strcmpKostya Serebryany2015-08-051-2/+36
| | | | llvm-svn: 244084
* [libFuzzer] start refactoring the Mutator and adding tests to itKostya Serebryany2015-08-011-1/+1
| | | | llvm-svn: 243817
* [libFuzzer] make sure that 2-byte arguments of switch() are handled properlyKostya Serebryany2015-07-311-10/+30
| | | | llvm-svn: 243781
* [libFuzzer] record traces from the switch statements only when told to do soKostya Serebryany2015-07-311-0/+1
| | | | llvm-svn: 243768
* [libFuzzer] support switch interception in dfsan modeKostya Serebryany2015-07-311-2/+34
| | | | llvm-svn: 243760
* [libFuzzer] trace switch statements and apply mutations based on the ↵Kostya Serebryany2015-07-311-0/+17
| | | | | | expected case values llvm-svn: 243726
* [libFuzzer] fix the strncmp interceptor -- it should respect short strings. Kostya Serebryany2015-07-301-2/+26
| | | | llvm-svn: 243691
* [libFuzzer] implement strncmp hook for data-flow-guided fuzzing (w/ and w/o ↵Kostya Serebryany2015-07-301-2/+14
| | | | | | dfsan), add a test llvm-svn: 243611
* [libFuzzer] implement memcmp hook for data-flow-guided fuzzing (w/o dfsan), ↵Kostya Serebryany2015-07-301-0/+12
| | | | | | extend the memcmp fuzzer test llvm-svn: 243603
OpenPOWER on IntegriCloud