summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerUtil.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Delete llvm/lib/FuzzerVitaly Buka2017-10-161-215/+0
| | | | | | | | | | | | Summary: Code is already in compiler-rt Reviewers: kcc Subscribers: krytarowski, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D38912 llvm-svn: 315937
* [FuzzerUtil] Partially revert D38481 on FuzzerUtilTim Shen2017-10-041-1/+9
| | | | | | | | | This is because lib/Fuzzer doesn't really depend on llvm infrastucture. It's not easy to access the llvm hardware_concurrency here. Differential Reivision: https://reviews.llvm.org/D38481 llvm-svn: 314870
* Use sched_getaffinity instead of std::thread::hardware_concurrency.Rafael Espindola2017-10-031-9/+1
| | | | | | | | | | | | | | The issue with std::thread::hardware_concurrency is that it forwards to libc and some implementations (like glibc) don't take thread affinity into consideration. With this change a llvm program that can execute in only 2 cores will use 2 threads, even if the machine has 32 cores. This makes benchmarking a lot easier, but should also help if someone doesn't want to use all cores for compilation for example. llvm-svn: 314809
* [libFuzzer] remove stale codeKostya Serebryany2017-08-081-10/+0
| | | | llvm-svn: 310325
* [libFuzzer] simplify the handling of memmem/strstrKostya Serebryany2017-07-141-0/+7
| | | | llvm-svn: 307977
* [libFuzzer] Properly use unsigned for workers, jobs and NumberOfCpuCores.Marcos Pividori2016-12-131-1/+1
| | | | | | | | | | | std::thread::hardware_concurrency() returns an unsigned, so I modify NumberOfCpuCores() to return unsigned too. The number of cpus is used to define the number of workers, so I decided to update the worker and jobs flags to be declared as unsigned too. Differential Revision: https://reviews.llvm.org/D27685 llvm-svn: 289559
* Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner2016-12-021-106/+15
| | | | | | | | This resubmits r288529, which was resubmitted because it broke a fuzzer bot. According to kcc@ the test that broke was flakey and it is unlikely to be a result of this patch. llvm-svn: 288549
* Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner2016-12-021-15/+106
| | | | | | | This reverts commit r288529, as it seems to introduce some problems on the Linux bots. llvm-svn: 288533
* [LibFuzzer] Split FuzzerUtil for Posix and Windows.Zachary Turner2016-12-021-106/+15
| | | | | | | | | | Pave the way for separating out platform specific utility functions into separate files. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27234 llvm-svn: 288529
* [LibFuzzer] Split up some functions among different headers.Zachary Turner2016-11-301-13/+2
| | | | | | | | | | | | | | | | | | | | | In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
* [libFuzzer] extend -print_coverage to also print uncovered lines, functions, ↵Kostya Serebryany2016-10-191-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and files. Example of output: COVERAGE: COVERED: in DSO2(int) /pathto/DSO2.cpp:6 COVERED: in DSO2(int) /pathto/DSO2.cpp:8 COVERED: in DSO1(int) /pathto/DSO1.cpp:6 COVERED: in DSO1(int) /pathto/DSO1.cpp:8 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26 MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9 UNCOVERED_FUNC: in Uncovered1() MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9 UNCOVERED_FUNC: in Uncovered2() MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21 UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27 UNCOVERED_FILE: /pathto/DSOTestExtra.cpp Several things are not perfect here: * we are using objdump+awk instead of sancov because sancov does not support DSOs yet. * this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=... (need to implement another API to get the module name by PC) llvm-svn: 284554
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-271-8/+12
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-1/+1
| | | | llvm-svn: 282121
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-4/+0
| | | | llvm-svn: 282044
* [libFuzzer] use sleep() instead of std::this_thread::sleep_for to avoid ↵Kostya Serebryany2016-09-191-1/+1
| | | | | | coverage from instrumented libc++ llvm-svn: 281933
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-181-0/+12
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] when printing the reproducer input, also print the base input ↵Kostya Serebryany2016-08-171-4/+8
| | | | | | and the mutation sequence llvm-svn: 278975
* [LibFuzzer] Fix `-jobs=<N>` where <N> > 1 and the number of workers is > 1 ↵Dan Liew2016-08-121-4/+0
| | | | | | | | | | | | | | | | | | | | | | | on macOS. The original `ExecuteCommand()` called `system()` from the C library. The C library implementation of this on macOS contains a mutex which serializes calls to `system()`. This prevented the `-jobs=` flag from running copies of the fuzzing binary in parallel which is the opposite of what is intended. To fix this on macOS an alternative implementation of `ExecuteCommand()` is provided that can be used concurrently. This is provided in `FuzzerUtilDarwin.cpp` which is guarded to only compile code on Apple platforms. The existing implementation has been moved to a new file `FuzzerUtilLinux.cpp` which is guarded to only compile code on Linux. This commit includes a simple test to check that LibFuzzer is being executed in parallel when requested. Differential Revision: https://reviews.llvm.org/D22742 llvm-svn: 278544
* [libFuzzer] make OOM-handling more portable. Instead of sending a signal to ↵Kostya Serebryany2016-05-271-7/+0
| | | | | | the main fuzzing thread, print the message in the getrusage thread and exit. llvm-svn: 270945
* [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in ↵Kostya Serebryany2016-05-261-3/+5
| | | | | | function declarations. Add a test for -only_ascii. NFC intended llvm-svn: 270900
* [LibFuzzer] Fix implementation of ``GetPeakRSSMb()`` on Mac OSX.Dan Liew2016-05-201-1/+9
| | | | | | | | On Linux ``rusage.ru_maxrss`` is in KiB but on Mac OSX it is in bytes. Differential Revision: http://reviews.llvm.org/D20410 llvm-svn: 270173
* [LibFuzzer] Fix ``NumberOfCpuCores()`` on Mac OSX.Dan Liew2016-05-201-4/+29
| | | | | | | | | | | | | | | The ``nprocs`` command does not exist under Mac OSX so use ``sysctl`` instead on that platform. Whilst I'm here * Use ``pclose()`` instead of ``fclose()`` which the ``popen()`` documentation says should be used. * Check for errors that were previously unhandled. Differential Revision: http://reviews.llvm.org/D20409 llvm-svn: 270172
* [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print ↵Kostya Serebryany2016-05-061-1/+15
| | | | | | the OOM reproducer. llvm-svn: 268821
* [libFuzzer] handle SIGTERMKostya Serebryany2016-03-241-0/+1
| | | | llvm-svn: 264338
* libfuzzer: fix compiler warningsDmitry Vyukov2016-03-021-5/+11
| | | | | | | | - unused sigaction/setitimer result (used in assert) - unchecked fscanf return value - signed/unsigned comparison llvm-svn: 262472
* [libFuzzer] add generic signal handlers so that libFuzzer can report at ↵Kostya Serebryany2016-03-011-5/+25
| | | | | | least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. llvm-svn: 262415
* [libFuzzer] add -print_final_stats=1 flagKostya Serebryany2016-02-261-0/+8
| | | | llvm-svn: 262084
* [libFuzzer] remove std::vector operations from hot paths, NFCKostya Serebryany2016-02-131-2/+3
| | | | llvm-svn: 260829
* [libFuzzer] replace vector with a simpler data structure in the Dictionaries ↵Kostya Serebryany2016-01-161-3/+5
| | | | | | to avoid memory allocations on hot path llvm-svn: 257985
* [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra ↵Kostya Serebryany2016-01-131-3/+8
| | | | | | allocations llvm-svn: 257713
* [libFuzzer] when a new unit is discovered using a dictionary, print all used ↵Kostya Serebryany2016-01-121-6/+19
| | | | | | dictionary entries llvm-svn: 257435
* [libFuzzer] compute base64 in-process instead of using an external lib. ↵Kostya Serebryany2015-12-041-0/+29
| | | | | | Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 llvm-svn: 254784
* [libFuzzer] experimental flag -drill (another search heuristic; Mike ↵Kostya Serebryany2015-11-121-2/+2
| | | | | | Aizatsky's idea) llvm-svn: 252838
* [libFuzzer] print a bit fewer linesKostya Serebryany2015-11-051-1/+0
| | | | llvm-svn: 252123
* [libFuzzer] print a stack trace on timeoutKostya Serebryany2015-10-161-0/+2
| | | | llvm-svn: 250571
* [libFuzzer] adding a parser for AFL-style dictionaries + tests.Kostya Serebryany2015-09-031-0/+74
| | | | llvm-svn: 246800
* [libFuzzer] honour -only_ascii=1 when reading the initial corpus. Also, ↵Kostya Serebryany2015-09-021-0/+6
| | | | | | remove ugly #ifdef llvm-svn: 246689
* [libFuzzer] add -only_ascii flagKostya Serebryany2015-08-111-0/+13
| | | | llvm-svn: 244559
* [lib/Fuzzer] fully get rid of std::cerr in libFuzzerKostya Serebryany2015-05-231-7/+6
| | | | llvm-svn: 238081
* [lib/Fuzzer] when -sync_command=<CMD> is given, periodically execute 'CMD ↵Kostya Serebryany2015-05-181-0/+4
| | | | | | CORPUS' to synchronize with other processes llvm-svn: 237617
* [lib/Fuzzer] Add SHA1 implementation from public domain.Kostya Serebryany2015-05-141-38/+9
| | | | | | | | | | | | | | | | | | | | | | | Summary: This adds a SHA1 implementation taken from public domain code. The change is trivial, but as it involves third-party code I'd like a second pair of eyes before commit. LibFuzzer can not use SHA1 from openssl because openssl may not be available and because we may be fuzzing openssl itself. Using sha1sum via a pipe is too slow. Test Plan: n/a Reviewers: chandlerc Reviewed By: chandlerc Subscribers: majnemer, llvm-commits Differential Revision: http://reviews.llvm.org/D9733 llvm-svn: 237400
* [lib/Fuzzer] use sha1sum for the file hashKostya Serebryany2015-05-121-0/+30
| | | | llvm-svn: 237198
* [lib/Fuzzer] guess the right number of workers if -jobs=N is given but ↵Kostya Serebryany2015-05-121-0/+8
| | | | | | -workers=M is not. Update the docs. llvm-svn: 237163
* [fuzzer] document the -tokens flag. Also change the diagnostic outputKostya Serebryany2015-04-011-4/+7
| | | | llvm-svn: 233842
* [fuzzer] Add support for token-based fuzzing (e.g. for C++). Allow string ↵Kostya Serebryany2015-03-311-1/+1
| | | | | | flags. llvm-svn: 233745
* Reverting r227452, which adds back the fuzzer library. Now excluding the ↵Aaron Ballman2015-01-291-0/+61
| | | | | | fuzzer library based on LLVM_USE_SANITIZE_COVERAGE being set or unset. llvm-svn: 227464
* Temporarily reverting the fuzzer library as it causes too many build issues ↵Aaron Ballman2015-01-291-61/+0
| | | | | | for MSVC users. This reverts: 227445, 227395, 227389, 227357, 227254, 227252 llvm-svn: 227452
* Add a Fuzzer libraryKostya Serebryany2015-01-271-0/+61
Summary: A simple genetic in-process coverage-guided fuzz testing library. I've used this fuzzer to test clang-format (it found 12+ bugs, thanks djasper@ for the fixes!) and it may also help us test other parts of LLVM. So why not keep it in the LLVM repository? I plan to add the cmake build rules later (in a separate patch, if that's ok) and also add a clang-format-fuzzer target. See README.txt for details. Test Plan: Tests will follow separately. Reviewers: djasper, chandlerc, rnk Reviewed By: rnk Subscribers: majnemer, ygribov, dblaikie, llvm-commits Differential Revision: http://reviews.llvm.org/D7184 llvm-svn: 227252
OpenPOWER on IntegriCloud