summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerUtil.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] extend -print_coverage to also print uncovered lines, functions, ↵Kostya Serebryany2016-10-191-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and files. Example of output: COVERAGE: COVERED: in DSO2(int) /pathto/DSO2.cpp:6 COVERED: in DSO2(int) /pathto/DSO2.cpp:8 COVERED: in DSO1(int) /pathto/DSO1.cpp:6 COVERED: in DSO1(int) /pathto/DSO1.cpp:8 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26 MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9 UNCOVERED_FUNC: in Uncovered1() MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9 UNCOVERED_FUNC: in Uncovered2() MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21 UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27 UNCOVERED_FILE: /pathto/DSOTestExtra.cpp Several things are not perfect here: * we are using objdump+awk instead of sancov because sancov does not support DSOs yet. * this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=... (need to implement another API to get the module name by PC) llvm-svn: 284554
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-8/+12
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-1/+1
| | | | llvm-svn: 282121
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-4/+0
| | | | llvm-svn: 282044
* [libFuzzer] use sleep() instead of std::this_thread::sleep_for to avoid ↵Kostya Serebryany2016-09-191-1/+1
| | | | | | coverage from instrumented libc++ llvm-svn: 281933
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-0/+12
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] when printing the reproducer input, also print the base input ↵Kostya Serebryany2016-08-171-4/+8
| | | | | | and the mutation sequence llvm-svn: 278975
* [LibFuzzer] Fix `-jobs=<N>` where <N> > 1 and the number of workers is > 1 ↵Dan Liew2016-08-121-4/+0
| | | | | | | | | | | | | | | | | | | | | | | on macOS. The original `ExecuteCommand()` called `system()` from the C library. The C library implementation of this on macOS contains a mutex which serializes calls to `system()`. This prevented the `-jobs=` flag from running copies of the fuzzing binary in parallel which is the opposite of what is intended. To fix this on macOS an alternative implementation of `ExecuteCommand()` is provided that can be used concurrently. This is provided in `FuzzerUtilDarwin.cpp` which is guarded to only compile code on Apple platforms. The existing implementation has been moved to a new file `FuzzerUtilLinux.cpp` which is guarded to only compile code on Linux. This commit includes a simple test to check that LibFuzzer is being executed in parallel when requested. Differential Revision: https://reviews.llvm.org/D22742 llvm-svn: 278544
* [libFuzzer] make OOM-handling more portable. Instead of sending a signal to ↵Kostya Serebryany2016-05-271-7/+0
| | | | | | the main fuzzing thread, print the message in the getrusage thread and exit. llvm-svn: 270945
* [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in ↵Kostya Serebryany2016-05-261-3/+5
| | | | | | function declarations. Add a test for -only_ascii. NFC intended llvm-svn: 270900
* [LibFuzzer] Fix implementation of ``GetPeakRSSMb()`` on Mac OSX.Dan Liew2016-05-201-1/+9
| | | | | | | | On Linux ``rusage.ru_maxrss`` is in KiB but on Mac OSX it is in bytes. Differential Revision: http://reviews.llvm.org/D20410 llvm-svn: 270173
* [LibFuzzer] Fix ``NumberOfCpuCores()`` on Mac OSX.Dan Liew2016-05-201-4/+29
| | | | | | | | | | | | | | | The ``nprocs`` command does not exist under Mac OSX so use ``sysctl`` instead on that platform. Whilst I'm here * Use ``pclose()`` instead of ``fclose()`` which the ``popen()`` documentation says should be used. * Check for errors that were previously unhandled. Differential Revision: http://reviews.llvm.org/D20409 llvm-svn: 270172
* [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print ↵Kostya Serebryany2016-05-061-1/+15
| | | | | | the OOM reproducer. llvm-svn: 268821
* [libFuzzer] handle SIGTERMKostya Serebryany2016-03-241-0/+1
| | | | llvm-svn: 264338
* libfuzzer: fix compiler warningsDmitry Vyukov2016-03-021-5/+11
| | | | | | | | - unused sigaction/setitimer result (used in assert) - unchecked fscanf return value - signed/unsigned comparison llvm-svn: 262472
* [libFuzzer] add generic signal handlers so that libFuzzer can report at ↵Kostya Serebryany2016-03-011-5/+25
| | | | | | least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. llvm-svn: 262415
* [libFuzzer] add -print_final_stats=1 flagKostya Serebryany2016-02-261-0/+8
| | | | llvm-svn: 262084
* [libFuzzer] remove std::vector operations from hot paths, NFCKostya Serebryany2016-02-131-2/+3
| | | | llvm-svn: 260829
* [libFuzzer] replace vector with a simpler data structure in the Dictionaries ↵Kostya Serebryany2016-01-161-3/+5
| | | | | | to avoid memory allocations on hot path llvm-svn: 257985
* [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra ↵Kostya Serebryany2016-01-131-3/+8
| | | | | | allocations llvm-svn: 257713
* [libFuzzer] when a new unit is discovered using a dictionary, print all used ↵Kostya Serebryany2016-01-121-6/+19
| | | | | | dictionary entries llvm-svn: 257435
* [libFuzzer] compute base64 in-process instead of using an external lib. ↵Kostya Serebryany2015-12-041-0/+29
| | | | | | Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 llvm-svn: 254784
* [libFuzzer] experimental flag -drill (another search heuristic; Mike ↵Kostya Serebryany2015-11-121-2/+2
| | | | | | Aizatsky's idea) llvm-svn: 252838
* [libFuzzer] print a bit fewer linesKostya Serebryany2015-11-051-1/+0
| | | | llvm-svn: 252123
* [libFuzzer] print a stack trace on timeoutKostya Serebryany2015-10-161-0/+2
| | | | llvm-svn: 250571
* [libFuzzer] adding a parser for AFL-style dictionaries + tests.Kostya Serebryany2015-09-031-0/+74
| | | | llvm-svn: 246800
* [libFuzzer] honour -only_ascii=1 when reading the initial corpus. Also, ↵Kostya Serebryany2015-09-021-0/+6
| | | | | | remove ugly #ifdef llvm-svn: 246689
* [libFuzzer] add -only_ascii flagKostya Serebryany2015-08-111-0/+13
| | | | llvm-svn: 244559
* [lib/Fuzzer] fully get rid of std::cerr in libFuzzerKostya Serebryany2015-05-231-7/+6
| | | | llvm-svn: 238081
* [lib/Fuzzer] when -sync_command=<CMD> is given, periodically execute 'CMD ↵Kostya Serebryany2015-05-181-0/+4
| | | | | | CORPUS' to synchronize with other processes llvm-svn: 237617
* [lib/Fuzzer] Add SHA1 implementation from public domain.Kostya Serebryany2015-05-141-38/+9
| | | | | | | | | | | | | | | | | | | | | | | Summary: This adds a SHA1 implementation taken from public domain code. The change is trivial, but as it involves third-party code I'd like a second pair of eyes before commit. LibFuzzer can not use SHA1 from openssl because openssl may not be available and because we may be fuzzing openssl itself. Using sha1sum via a pipe is too slow. Test Plan: n/a Reviewers: chandlerc Reviewed By: chandlerc Subscribers: majnemer, llvm-commits Differential Revision: http://reviews.llvm.org/D9733 llvm-svn: 237400
* [lib/Fuzzer] use sha1sum for the file hashKostya Serebryany2015-05-121-0/+30
| | | | llvm-svn: 237198
* [lib/Fuzzer] guess the right number of workers if -jobs=N is given but ↵Kostya Serebryany2015-05-121-0/+8
| | | | | | -workers=M is not. Update the docs. llvm-svn: 237163
* [fuzzer] document the -tokens flag. Also change the diagnostic outputKostya Serebryany2015-04-011-4/+7
| | | | llvm-svn: 233842
* [fuzzer] Add support for token-based fuzzing (e.g. for C++). Allow string ↵Kostya Serebryany2015-03-311-1/+1
| | | | | | flags. llvm-svn: 233745
* Reverting r227452, which adds back the fuzzer library. Now excluding the ↵Aaron Ballman2015-01-291-0/+61
| | | | | | fuzzer library based on LLVM_USE_SANITIZE_COVERAGE being set or unset. llvm-svn: 227464
* Temporarily reverting the fuzzer library as it causes too many build issues ↵Aaron Ballman2015-01-291-61/+0
| | | | | | for MSVC users. This reverts: 227445, 227395, 227389, 227357, 227254, 227252 llvm-svn: 227452
* Add a Fuzzer libraryKostya Serebryany2015-01-271-0/+61
Summary: A simple genetic in-process coverage-guided fuzz testing library. I've used this fuzzer to test clang-format (it found 12+ bugs, thanks djasper@ for the fixes!) and it may also help us test other parts of LLVM. So why not keep it in the LLVM repository? I plan to add the cmake build rules later (in a separate patch, if that's ok) and also add a clang-format-fuzzer target. See README.txt for details. Test Plan: Tests will follow separately. Reviewers: djasper, chandlerc, rnk Reviewed By: rnk Subscribers: majnemer, ygribov, dblaikie, llvm-commits Differential Revision: http://reviews.llvm.org/D7184 llvm-svn: 227252
OpenPOWER on IntegriCloud