summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/test
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-081-1/+1
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-055-9/+17
| | | | llvm-svn: 283409
* [libFuzzer] add ShrinkValueProfileTest, move code around, NFCKostya Serebryany2016-10-055-3/+26
| | | | llvm-svn: 283286
* [libFuzzer] remove dfsan support and some related stale code. This is not ↵Kostya Serebryany2016-10-045-52/+0
| | | | | | being used and as is is pretty weak anyway llvm-svn: 283187
* [libFuzzer] remove unused optionKostya Serebryany2016-09-303-14/+7
| | | | llvm-svn: 282971
* [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still ↵Kostya Serebryany2016-09-301-1/+0
| | | | | | works with the new one (trace-pc-guard) llvm-svn: 282831
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-272-1/+5
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-233-4/+7
| | | | llvm-svn: 282224
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-221-1/+1
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] one more test Kostya Serebryany2016-09-223-0/+30
| | | | llvm-svn: 282127
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-211-1/+2
| | | | llvm-svn: 282121
* [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a ↵Kostya Serebryany2016-09-211-8/+5
| | | | | | unit from the corpus, use the stored one. llvm-svn: 282115
* [libFuzzer] more refactoringKostya Serebryany2016-09-211-2/+2
| | | | llvm-svn: 282113
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-211-0/+3
| | | | llvm-svn: 282044
* [libFuzzer] refactoring: move the Corpus into a separate class; delete two ↵Kostya Serebryany2016-09-213-16/+3
| | | | | | unused experimental features llvm-svn: 282042
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-182-0/+8
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] properly reset the guards when reseting the coverage. Also try ↵Kostya Serebryany2016-09-171-1/+1
| | | | | | to fix check-fuzzer on the bot llvm-svn: 281814
* [libFuzzer] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-177-1/+87
| | | | llvm-svn: 281810
* [libFuzzer] make caller-callee feedback work with trace-pc-guardKostya Serebryany2016-09-153-1/+4
| | | | llvm-svn: 281667
* [libFuzzer] fix the build for AFLDriverTestKostya Serebryany2016-09-151-1/+1
| | | | llvm-svn: 281633
* [libFuzzer] disable test that requires debug info -- it fails on the botKostya Serebryany2016-09-151-5/+0
| | | | llvm-svn: 281584
* [libFuzzer] move the AFL driver build rule test into the uninstrumented dirKostya Serebryany2016-09-152-12/+13
| | | | llvm-svn: 281583
* [libFuzzer] fix print_pcs testKostya Serebryany2016-09-151-2/+2
| | | | llvm-svn: 281580
* [libFuzzer] implement print_pcs with trace-pc-guard. Change the ↵Kostya Serebryany2016-09-151-1/+8
| | | | | | trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) llvm-svn: 281577
* [libFuzzer] add 8-bit counters to trace-pc-guard handlerKostya Serebryany2016-09-152-1/+8
| | | | llvm-svn: 281568
* [libFuzzer] start using trace-pc-guard as an alternative source of coverageKostya Serebryany2016-09-143-10/+3
| | | | llvm-svn: 281435
* [libFuzzer] don't print help for internal flags Kostya Serebryany2016-09-101-0/+2
| | | | llvm-svn: 281124
* [libFuzzer] print a visible message if merge fails due to a crash Kostya Serebryany2016-09-101-0/+6
| | | | llvm-svn: 281122
* [libFuzzer] use sizeof() in tests instead of 4 and 8Kostya Serebryany2016-09-092-6/+6
| | | | llvm-svn: 281111
* [libFuzzer] one more puzzle for value profileKostya Serebryany2016-09-093-0/+25
| | | | llvm-svn: 281106
* [libFuzzer] one more puzzle, value_profile cracks it in a secondKostya Serebryany2016-09-093-0/+25
| | | | llvm-svn: 281066
* [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly ↵Kostya Serebryany2016-09-092-18/+0
| | | | | | better llvm-svn: 281007
* [libFuzzer] add -minimize_crash flag (to minimize crashers). also add two ↵Kostya Serebryany2016-09-013-0/+12
| | | | | | tests that I failed to commit last time llvm-svn: 280332
* [libfuzzer] simplified unit truncation; do not write trunc items to discMike Aizatsky2016-08-301-5/+3
| | | | | | Differential Revision: https://reviews.llvm.org/D24049 llvm-svn: 280153
* [libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, ↵Kostya Serebryany2016-08-301-1/+2
| | | | | | M<N, caused a buffer overflow llvm-svn: 280098
* [libFuzzer] stop using bits for memcmp's value profile -- seems to blow up ↵Kostya Serebryany2016-08-301-3/+3
| | | | | | the corpus too much llvm-svn: 280096
* [libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the ↵Kostya Serebryany2016-08-301-3/+3
| | | | | | fuzzer reaches the goal much faster, at least on the simple puzzles llvm-svn: 280054
* [libFuzzer] use trace-div and trace-gep for guided fuzzing, add testsKostya Serebryany2016-08-303-1/+45
| | | | llvm-svn: 280046
* [libFuzzer] simplify a test to make it pass on the botKostya Serebryany2016-08-261-1/+1
| | | | llvm-svn: 279796
* [libFuzzer] make sure we have symbols on fuzzer testsKostya Serebryany2016-08-251-1/+1
| | | | llvm-svn: 279792
* [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more ↵Kostya Serebryany2016-08-251-2/+4
| | | | | | useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787
* [libFuzzer] make a test more deterministic Kostya Serebryany2016-08-241-3/+3
| | | | llvm-svn: 279686
* [sanitizer-coverage/libFuzzer] instrument comparisons with ↵Kostya Serebryany2016-08-181-0/+2
| | | | | | __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer llvm-svn: 279027
* [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage ↵Kostya Serebryany2016-08-171-1/+37
| | | | | | from r278970 llvm-svn: 278982
* [libFuzzer] more mutationsKostya Serebryany2016-08-171-0/+48
| | | | llvm-svn: 278950
* [libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany2016-08-168-1/+65
| | | | | | affect control flow and treats new values as new coverage. llvm-svn: 278839
* [libFuzzer] print a verbose message after executing inputs in non-fuzzing modeKostya Serebryany2016-08-151-0/+2
| | | | llvm-svn: 278724
* [libFuzzer] fix the bot Kostya Serebryany2016-08-151-1/+1
| | | | llvm-svn: 278721
* [libFuzzer] add InsertRepeatedBytes and EraseBytes.Kostya Serebryany2016-08-156-11/+106
| | | | | | | | | | | | | New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687
* [LibFuzzer] Fix `-jobs=<N>` where <N> > 1 and the number of workers is > 1 ↵Dan Liew2016-08-121-0/+29
| | | | | | | | | | | | | | | | | | | | | | | on macOS. The original `ExecuteCommand()` called `system()` from the C library. The C library implementation of this on macOS contains a mutex which serializes calls to `system()`. This prevented the `-jobs=` flag from running copies of the fuzzing binary in parallel which is the opposite of what is intended. To fix this on macOS an alternative implementation of `ExecuteCommand()` is provided that can be used concurrently. This is provided in `FuzzerUtilDarwin.cpp` which is guarded to only compile code on Apple platforms. The existing implementation has been moved to a new file `FuzzerUtilLinux.cpp` which is guarded to only compile code on Linux. This commit includes a simple test to check that LibFuzzer is being executed in parallel when requested. Differential Revision: https://reviews.llvm.org/D22742 llvm-svn: 278544
OpenPOWER on IntegriCloud