summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/test
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] enable the failure-resistant merge by default (with ↵Kostya Serebryany2016-12-151-12/+20
| | | | | | trace-pc-guard only) llvm-svn: 289772
* [libFuzzer] Fix bug in detecting timeouts when input string is empty.Marcos Pividori2016-12-133-0/+20
| | | | | | | | | | | | | | I added a new flag RunningCB to know if the Fuzzer's main thread is running the CB function, instead of using (!CurrentUnitSize). (!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp, inside ShuffleAndMinimize() function, we execute the callback with an empty string (size=0). Previous implementation failed to detect timeouts in that execution. Also, I add a regression test for that case. Differential Revision: https://reviews.llvm.org/D27433 llvm-svn: 289561
* [libFuzzer] don't require extra flags with -minimize_crash=1 (default to ↵Kostya Serebryany2016-12-131-4/+4
| | | | | | -max_total_time=600). Also respect exact_artifact_path when outputting the end result llvm-svn: 289506
* [libFuzzer] split one slow test into several, for more parallel testingKostya Serebryany2016-12-124-6/+7
| | | | llvm-svn: 289481
* [libFuzzer] make SimpleCmpTest a bit simpler to crack and more verboseKostya Serebryany2016-12-121-15/+26
| | | | llvm-svn: 289477
* [libFuzzer] build libFuzzer itself with asanKostya Serebryany2016-12-122-2/+3
| | | | llvm-svn: 289469
* [libFuzzer] respect -max_len during mergeKostya Serebryany2016-12-121-0/+2
| | | | llvm-svn: 289467
* [libFuzzer] don't depend on time in a testKostya Serebryany2016-12-111-1/+1
| | | | llvm-svn: 289368
* [libFuzzer] test cleanup (3)Kostya Serebryany2016-12-101-1/+0
| | | | llvm-svn: 289314
* [libFuzzer] test cleanup (2)Kostya Serebryany2016-12-101-15/+0
| | | | llvm-svn: 289313
* [libFuzzer] test cleanupKostya Serebryany2016-12-108-60/+33
| | | | llvm-svn: 289312
* [libFuzzer] switch all libFuzzer tests to use ↵Kostya Serebryany2016-12-106-10/+6
| | | | | | -fsanitize-coverage=trace-pc-guard. Support for the previosly used instrumentation will be removed in the following changes llvm-svn: 289311
* [libFuzzer] implement crash-resistant merge ↵Kostya Serebryany2016-12-091-0/+135
| | | | | | (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). llvm-svn: 289166
* [libFuzzer] add a test for r288389 (-rss_limit_mb=0 means no limit).Kostya Serebryany2016-12-011-0/+3
| | | | llvm-svn: 288392
* revert r288283 as it causes debug info (line numbers) to be lost in ↵Kostya Serebryany2016-12-011-1/+1
| | | | | | instrumented code. also revert r288299 which was a workaround for the problem. llvm-svn: 288300
* [libFuzzer] temporary disable a part of the test broken by r288283Kostya Serebryany2016-12-011-1/+1
| | | | llvm-svn: 288299
* [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that ↵Kostya Serebryany2016-11-304-4/+37
| | | | | | exceeds the limit llvm-svn: 288281
* [libFuzzer] extend -print_coverage to print the comma-separated list of ↵Kostya Serebryany2016-11-301-0/+1
| | | | | | covered dirs. Note: the Windows stub for DirName is left unimplemented llvm-svn: 288276
* [libFuzzer] use less stackKostya Serebryany2016-11-121-0/+2
| | | | llvm-svn: 286689
* [libFuzzer] fix -error_exitcode=N, now with a test Kostya Serebryany2016-11-031-0/+1
| | | | llvm-svn: 285958
* [libFuzzer] enable use_cmp by defaultKostya Serebryany2016-10-2710-14/+16
| | | | llvm-svn: 285353
* [libFuzzer] add StandaloneFuzzTargetMain.c and a test for itKostya Serebryany2016-10-254-3/+21
| | | | llvm-svn: 285135
* [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the ↵Kostya Serebryany2016-10-251-0/+2
| | | | | | desired bytes. Add another test for use_cmp llvm-svn: 285109
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-253-2/+6
| | | | | | available, add a test llvm-svn: 285049
* [libFuzzer] mutation: insert the size of the input in bytes as one of the ↵Kostya Serebryany2016-10-221-2/+6
| | | | | | ways to mutate a binary integer llvm-svn: 284909
* [libFuzzer] typo in a testKostya Serebryany2016-10-221-1/+1
| | | | llvm-svn: 284903
* [libFuzzer] add a test for asan's strict_string_checks=1Kostya Serebryany2016-10-223-0/+26
| | | | llvm-svn: 284902
* [libFuzzer] extend -print_coverage to also print uncovered lines, functions, ↵Kostya Serebryany2016-10-194-6/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and files. Example of output: COVERAGE: COVERED: in DSO2(int) /pathto/DSO2.cpp:6 COVERED: in DSO2(int) /pathto/DSO2.cpp:8 COVERED: in DSO1(int) /pathto/DSO1.cpp:6 COVERED: in DSO1(int) /pathto/DSO1.cpp:8 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26 MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9 UNCOVERED_FUNC: in Uncovered1() MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9 UNCOVERED_FUNC: in Uncovered2() MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21 UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27 UNCOVERED_FILE: /pathto/DSOTestExtra.cpp Several things are not perfect here: * we are using objdump+awk instead of sancov because sancov does not support DSOs yet. * this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=... (need to implement another API to get the module name by PC) llvm-svn: 284554
* [libFuzzer] detect leaks after every run when executing fixed inputs ↵Kostya Serebryany2016-10-181-0/+3
| | | | | | (./fuzzer -runs=1000000 my-file) llvm-svn: 284514
* [libFuzzer] swap bytes in integers when handling CMP tracesKostya Serebryany2016-10-152-0/+34
| | | | llvm-svn: 284301
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-1/+1
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] add -trace_malloc= flagKostya Serebryany2016-10-133-0/+38
| | | | llvm-svn: 284149
* [libFuzzer] implement value profile for switch, increase the size of the PCs ↵Kostya Serebryany2016-10-111-0/+2
| | | | | | array, make sure we don't overflow it llvm-svn: 283841
* [libFuzzer] add switch testsKostya Serebryany2016-10-112-0/+38
| | | | llvm-svn: 283840
* [libFuzzer] make a test less flakyKostya Serebryany2016-10-091-1/+0
| | | | llvm-svn: 283686
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-081-1/+1
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-055-9/+17
| | | | llvm-svn: 283409
* [libFuzzer] add ShrinkValueProfileTest, move code around, NFCKostya Serebryany2016-10-055-3/+26
| | | | llvm-svn: 283286
* [libFuzzer] remove dfsan support and some related stale code. This is not ↵Kostya Serebryany2016-10-045-52/+0
| | | | | | being used and as is is pretty weak anyway llvm-svn: 283187
* [libFuzzer] remove unused optionKostya Serebryany2016-09-303-14/+7
| | | | llvm-svn: 282971
* [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still ↵Kostya Serebryany2016-09-301-1/+0
| | | | | | works with the new one (trace-pc-guard) llvm-svn: 282831
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-272-1/+5
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-233-4/+7
| | | | llvm-svn: 282224
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-1/+1
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] one more test Kostya Serebryany2016-09-223-0/+30
| | | | llvm-svn: 282127
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-1/+2
| | | | llvm-svn: 282121
* [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a ↵Kostya Serebryany2016-09-211-8/+5
| | | | | | unit from the corpus, use the stored one. llvm-svn: 282115
* [libFuzzer] more refactoringKostya Serebryany2016-09-211-2/+2
| | | | llvm-svn: 282113
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-0/+3
| | | | llvm-svn: 282044
* [libFuzzer] refactoring: move the Corpus into a separate class; delete two ↵Kostya Serebryany2016-09-213-16/+3
| | | | | | unused experimental features llvm-svn: 282042
OpenPOWER on IntegriCloud