summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerTraceState.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] don't create too many trace-based mutations as it may be too slowKostya Serebryany2016-02-021-2/+18
| | | | llvm-svn: 259600
* [libFuzzer] don't do expensive memmem if the result will not be usedKostya Serebryany2016-01-221-0/+2
| | | | llvm-svn: 258462
* [libFuzzer] replace vector with a simpler data structure in the Dictionaries ↵Kostya Serebryany2016-01-161-15/+8
| | | | | | to avoid memory allocations on hot path llvm-svn: 257985
* [libFuzzer] do mutations based on memcmp/strcmp interceptors under a ↵Kostya Serebryany2016-01-151-18/+25
| | | | | | separate flag (-use_memcmp, default=1) llvm-svn: 257873
* [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra ↵Kostya Serebryany2016-01-131-17/+19
| | | | | | allocations llvm-svn: 257713
* [libFuzzer] make sure we find buffer overflow in the input buffer. ↵Kostya Serebryany2016-01-131-12/+15
| | | | | | Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) llvm-svn: 257701
* [libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKSKostya Serebryany2016-01-121-0/+8
| | | | llvm-svn: 257482
* [libFuzzer] when a new unit is discovered using a dictionary, print all used ↵Kostya Serebryany2016-01-121-22/+3
| | | | | | dictionary entries llvm-svn: 257435
* [libFuzzer] add various debug prints. Also don't mutate based on a cmp trace ↵Kostya Serebryany2016-01-121-5/+28
| | | | | | like (a eq a) or (a neq a) llvm-svn: 257434
* [libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive ↵Kostya Serebryany2016-01-121-3/+6
| | | | | | the result of the computations. With that, don't do any mutations if memcmp/etc returned 0 llvm-svn: 257423
* [libFuzzer] debug prints in tracingKostya Serebryany2016-01-091-2/+27
| | | | llvm-svn: 257249
* [libFuzzer] change the way trace-based mutations are applied. Instead of a ↵Kostya Serebryany2016-01-091-30/+15
| | | | | | custom code just rely on the automatically created dictionary llvm-svn: 257248
* [libFuzzer] don't limit memcmp tracing with 8 bytesKostya Serebryany2016-01-091-38/+76
| | | | llvm-svn: 257245
* [libFuzzer] refactor the way we collect cmp traces (don't use std::vector, ↵Kostya Serebryany2016-01-091-22/+35
| | | | | | don't limit with 8 bytes) llvm-svn: 257239
* [libFuzzer] make trace-based fuzzing not crash in presence of threadsKostya Serebryany2016-01-061-6/+15
| | | | llvm-svn: 256876
* [libFuzzer] remove default initializer as a workaround for ↵Kostya Serebryany2015-11-181-1/+1
| | | | | | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399. Don't need it anyway. llvm-svn: 253419
* [libFuzzer] Marking exported symbols as visible. Patch by Mike AizatskyKostya Serebryany2015-09-301-1/+2
| | | | llvm-svn: 248954
* [libFuzzer] refactor the code to allow building libFuzzer on platforms that ↵Kostya Serebryany2015-09-101-17/+14
| | | | | | don't have dfsan and don't support weak functions llvm-svn: 247321
* [libFuzzer] remove a piece of stale codeKostya Serebryany2015-09-081-41/+1
| | | | llvm-svn: 247067
* [libFuzzer] more accurate logic for traces, 80-char fixKostya Serebryany2015-09-041-6/+5
| | | | llvm-svn: 246888
* [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the ↵Kostya Serebryany2015-08-121-2/+1
| | | | | | trace-based-mutations are applied llvm-svn: 244712
* [libFuzzer] avoid build warnings in non-assert build (useful warning in this ↵Kostya Serebryany2015-08-051-1/+4
| | | | | | case) llvm-svn: 244177
* [libFuzzer] in dfsan mode, set labels every time we start recording traces ↵Kostya Serebryany2015-08-051-1/+3
| | | | | | as opposed to doing it at process startup. This ensures that the labels are fresh. llvm-svn: 244165
* [libFuzzer] use data-flow feedback from strcmpKostya Serebryany2015-08-051-2/+36
| | | | llvm-svn: 244084
* [libFuzzer] start refactoring the Mutator and adding tests to itKostya Serebryany2015-08-011-1/+1
| | | | llvm-svn: 243817
* [libFuzzer] make sure that 2-byte arguments of switch() are handled properlyKostya Serebryany2015-07-311-10/+30
| | | | llvm-svn: 243781
* [libFuzzer] record traces from the switch statements only when told to do soKostya Serebryany2015-07-311-0/+1
| | | | llvm-svn: 243768
* [libFuzzer] support switch interception in dfsan modeKostya Serebryany2015-07-311-2/+34
| | | | llvm-svn: 243760
* [libFuzzer] trace switch statements and apply mutations based on the ↵Kostya Serebryany2015-07-311-0/+17
| | | | | | expected case values llvm-svn: 243726
* [libFuzzer] fix the strncmp interceptor -- it should respect short strings. Kostya Serebryany2015-07-301-2/+26
| | | | llvm-svn: 243691
* [libFuzzer] implement strncmp hook for data-flow-guided fuzzing (w/ and w/o ↵Kostya Serebryany2015-07-301-2/+14
| | | | | | dfsan), add a test llvm-svn: 243611
* [libFuzzer] implement memcmp hook for data-flow-guided fuzzing (w/o dfsan), ↵Kostya Serebryany2015-07-301-0/+12
| | | | | | extend the memcmp fuzzer test llvm-svn: 243603
* [libFuzzer] ensure that the dfsan tracing hooks actually run (using ↵Kostya Serebryany2015-07-281-1/+2
| | | | | | -verbosity=3 in tests) llvm-svn: 243365
* [libFuzzer] when using cmp traces, first check that the CMP is evaluated to ↵Kostya Serebryany2015-07-281-4/+44
| | | | | | one value much more frequently than to the other value (heuristic) llvm-svn: 243363
* [libFuzzer] allow users to supply their own implementation of randKostya Serebryany2015-07-241-3/+3
| | | | llvm-svn: 243078
* [lib/Fuzzer] relax an assertionKostya Serebryany2015-05-291-2/+2
| | | | llvm-svn: 238608
* [lib/Fuzzer] fully get rid of std::cerr in libFuzzerKostya Serebryany2015-05-231-1/+0
| | | | llvm-svn: 238081
* [lib/Fuzzer] start getting rid of std::cerr. Sadly, these parts of C++ ↵Kostya Serebryany2015-05-231-17/+4
| | | | | | library used in libFuzzer badly interract with the same code used in the target function and also with dfsan. It's easier to just not use std::cerr than to defeat these issues. llvm-svn: 238078
* [lib/Fuzzer] remove the -dfsan=1 flag, just use -use_traces=1 (w/ or w/o dfsan)Kostya Serebryany2015-05-121-2/+2
| | | | llvm-svn: 237083
* [lib/Fuzzer] don't record traces when trace collection is offKostya Serebryany2015-05-111-1/+2
| | | | llvm-svn: 237067
* [lib/Fuzzer] rename FuzzerDFSan.cpp to FuzzerTraceState.cpp; update ↵Kostya Serebryany2015-05-111-0/+378
comments. NFC expected llvm-svn: 237050
OpenPOWER on IntegriCloud