summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/test/FuzzerUnittest.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Moving libFuzzer from LLVM to compiler-rt.George Karpenkov2017-08-211-763/+0
| | | | | | | | | This change only removes libFuzzer tests and CMake machinery, the source copy temporarily remains at the old location. Differential Revision: https://reviews.llvm.org/D36980 llvm-svn: 311405
* [libFuzzer] implement more correct way of computing feature index for ↵Kostya Serebryany2017-08-011-1/+3
| | | | | | Inline8bitCounters llvm-svn: 309647
* [libFuzzer] remove stale codeKostya Serebryany2017-07-151-1/+1
| | | | llvm-svn: 308075
* [libFuzzer] remove stale code; NFCKostya Serebryany2017-07-141-29/+0
| | | | llvm-svn: 307980
* [libFuzzer] experimental feature -reduce_inputs (off by default) that tries ↵Kostya Serebryany2017-07-131-1/+1
| | | | | | to replace elements in the corpus with smaller ones that have the same feature set. Still needs tuning llvm-svn: 307873
* [libFuzzer] Do not use LLVM ostream in testsGeorge Karpenkov2017-07-121-0/+3
| | | | | | Differential Revision: https://reviews.llvm.org/D35312 llvm-svn: 307824
* [libFuzzer] initial support of -fsanitize-coverage=inline-8bit-counters in ↵Kostya Serebryany2017-06-131-0/+12
| | | | | | libFuzzer. This is not fully functional yet, but simple tests work llvm-svn: 305331
* Sort the remaining #include lines in include/... and lib/....Chandler Carruth2017-06-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | I did this a long time ago with a janky python script, but now clang-format has built-in support for this. I fed clang-format every line with a #include and let it re-sort things according to the precise LLVM rules for include ordering baked into clang-format these days. I've reverted a number of files where the results of sorting includes isn't healthy. Either places where we have legacy code relying on particular include ordering (where possible, I'll fix these separately) or where we have particular formatting around #include lines that I didn't want to disturb in this patch. This patch is *entirely* mechanical. If you get merge conflicts or anything, just ignore the changes in this patch and run clang-format over your #include lines in the files. Sorry for any noise here, but it is important to keep these things stable. I was seeing an increasing number of patches with irrelevant re-ordering of #include lines because clang-format was used. This patch at least isolates that churn, makes it easy to skip when resolving conflicts, and gets us to a clean baseline (again). llvm-svn: 304787
* [libFuzzer] increase kFeatureSetSize to 2^21 and make InputCorpus scale to ↵Kostya Serebryany2017-03-241-3/+3
| | | | | | that size. This will potentially make libFuzzer more sensitive on targets with lots of signals llvm-svn: 298671
* [libFuzzer] create experimental support for user-provided coverage signalKostya Serebryany2017-03-231-0/+23
| | | | llvm-svn: 298654
* [libFuzzer] add two experimental flags to make corpus merging more scalable: ↵Kostya Serebryany2017-03-221-0/+14
| | | | | | -save_coverage_summary/-load_coverage_summary. This is still WIP, the documentation will come later if these flags survive llvm-svn: 298548
* [libFuzzer] use less memory for mergeKostya Serebryany2016-12-171-2/+5
| | | | llvm-svn: 290039
* [libFuzzer] implement crash-resistant merge ↵Kostya Serebryany2016-12-091-0/+135
| | | | | | (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). llvm-svn: 289166
* [libFuzzer] mutation: insert the size of the input in bytes as one of the ↵Kostya Serebryany2016-10-221-2/+6
| | | | | | ways to mutate a binary integer llvm-svn: 284909
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-081-1/+1
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-051-1/+1
| | | | llvm-svn: 283409
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-231-1/+1
| | | | llvm-svn: 282224
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-1/+1
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-1/+2
| | | | llvm-svn: 282121
* [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a ↵Kostya Serebryany2016-09-211-8/+5
| | | | | | unit from the corpus, use the stored one. llvm-svn: 282115
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-0/+3
| | | | llvm-svn: 282044
* [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage ↵Kostya Serebryany2016-08-171-1/+37
| | | | | | from r278970 llvm-svn: 278982
* [libFuzzer] more mutationsKostya Serebryany2016-08-171-0/+48
| | | | llvm-svn: 278950
* [libFuzzer] add InsertRepeatedBytes and EraseBytes.Kostya Serebryany2016-08-151-6/+68
| | | | | | | | | | | | | New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-151-1/+1
| | | | llvm-svn: 275648
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-231-12/+11
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [LibFuzzer] Fix ``FuzzerMutate.ShuffleBytes2`` unit test on OSX.Dan Liew2016-06-151-1/+1
| | | | | | | | | | | | | | | | The ``FuzzerMutate.ShuffleBytes2`` unit test was failing on OSX due to the implementation of ``std::random_shuffle()`` being different between libcxx and libstdc++. @kcc has decided (see http://reviews.llvm.org/D21218) it is acceptable for there to be different mutation behavior on different platforms so this commit just adjusts the test to perform the minimum number of iterations (that is a power of 2) to see all the mutations the unit test is looking for. Differential Revision: http://reviews.llvm.org/D21359 llvm-svn: 272743
* [LibFuzzer] Fix some unit test crashes on OSX.Dan Liew2016-06-101-0/+4
| | | | | | | | | | | | | | | | | | | | | This fixes the following unit tests: FuzzerDictionary.ParseOneDictionaryEntry FuzzerDictionary.ParseDictionaryFile The issue appears to be mixing non-ASan-ified code (LibFuzzer) and ASan-ified code (the unittest) as the tests would pass fine if everything was built with ASan enabled. I believe the issue is that different implementations of std::vector<> are being used in LibFuzzer and outside LibFuzzer (in the unittests). For Libcxx (I've not seen the issue manifest for libstdc++) we can disable the ASanified std::vector<> by definining the ``_LIBCPP_HAS_NO_ASAN`` macro. Doing this fixes the tests on OSX. Differential Revision: http://reviews.llvm.org/D21049 llvm-svn: 272374
* [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew2016-06-071-0/+21
| | | | | | | | | | | | | | | | | | | | | | | This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
* [libfuzzer] replacing unittest for truncate_units with functional test.Mike Aizatsky2016-05-251-22/+0
| | | | | | Differential Revision: http://reviews.llvm.org/D20641 llvm-svn: 270755
* [libfuzzer] Trying random unit prefixes during corpus load.Mike Aizatsky2016-05-241-0/+22
| | | | | | Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632
* [libfuzzer] adding license headers to cpp filesMike Aizatsky2016-04-011-0/+3
| | | | | | Differential Revision: http://reviews.llvm.org/D18705 llvm-svn: 265174
* [libFuzzer] get rid of UserSuppliedFuzzer; NFCKostya Serebryany2016-02-131-2/+2
| | | | llvm-svn: 260798
* [libFuzzer] simplify the code around Random. NFCKostya Serebryany2016-02-131-11/+11
| | | | llvm-svn: 260797
* Use std::piecewise_constant_distribution instead of ad-hoc binary search.Ivan Krasin2016-01-221-1/+21
| | | | | | | | | | | | | | | Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed. Reviewers: aizatsky, kcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D16487 llvm-svn: 258571
* Revert r258473 as it's breaking the build with libc++Ivan Krasin2016-01-221-21/+1
| | | | | | | | Reviewers: kcc Differential Revision: http://reviews.llvm.org/D16441 llvm-svn: 258479
* Use std::piecewise_constant_distribution instead of ad-hoc binary search.Ivan Krasin2016-01-221-1/+21
| | | | | | | | | | | | | | | | | | Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: I had to change the seed for one test to make it pass. Alternatively, the number of runs could be increased. I believe that the average time of 'foo' discovery is not increased, just seed=1 was particularly convenient for the previous PRNG scheme used. Reviewers: aizatsky, kcc Subscribers: llvm-commits, kcc Differential Revision: http://reviews.llvm.org/D16419 llvm-svn: 258473
* [libFuzzer] replace vector with a simpler data structure in the Dictionaries ↵Kostya Serebryany2016-01-161-6/+6
| | | | | | to avoid memory allocations on hot path llvm-svn: 257985
* [libFuzzer] suggest a dictionary to the user of some of the trace-based ↵Kostya Serebryany2016-01-141-1/+1
| | | | | | dictionary entries were successful llvm-svn: 257736
* [libFuzzer] add a position hint to the dictionary-based mutatorKostya Serebryany2016-01-071-4/+31
| | | | llvm-svn: 257013
* [libFuzzer] make CrossOver just one of the other mutationsKostya Serebryany2015-12-191-1/+1
| | | | llvm-svn: 256081
* [libFuzzer] compute base64 in-process instead of using an external lib. ↵Kostya Serebryany2015-12-041-0/+13
| | | | | | Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 llvm-svn: 254784
* [libFuzzer] add one more mutator: Mutate_ChangeASCIIIntegerKostya Serebryany2015-09-081-0/+31
| | | | llvm-svn: 247027
* [libFuzzer] actually make the dictionaries work (+docs)Kostya Serebryany2015-09-041-10/+70
| | | | llvm-svn: 246825
* [libFuzzer] refactor the mutation functions so that they are now methods of ↵Kostya Serebryany2015-09-031-19/+25
| | | | | | a class. NFC llvm-svn: 246808
* [libFuzzer] adding a parser for AFL-style dictionaries + tests.Kostya Serebryany2015-09-031-0/+48
| | | | llvm-svn: 246800
* [libFuzzer] add one more mutation strategy: byte shufflingKostya Serebryany2015-08-061-0/+23
| | | | llvm-svn: 244188
* [libFuzzer] more refactoring of the Mutator and adding tests to itKostya Serebryany2015-08-011-12/+98
| | | | llvm-svn: 243818
* [libFuzzer] start refactoring the Mutator and adding tests to itKostya Serebryany2015-08-011-1/+35
| | | | llvm-svn: 243817
* [libFuzzer] allow users to supply their own implementation of randKostya Serebryany2015-07-241-1/+2
| | | | llvm-svn: 243078
OpenPOWER on IntegriCloud