summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/test
Commit message (Collapse)AuthorAgeFilesLines
* [sanitizer-coverage/libFuzzer] instrument comparisons with ↵Kostya Serebryany2016-08-181-0/+2
| | | | | | __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer llvm-svn: 279027
* [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage ↵Kostya Serebryany2016-08-171-1/+37
| | | | | | from r278970 llvm-svn: 278982
* [libFuzzer] more mutationsKostya Serebryany2016-08-171-0/+48
| | | | llvm-svn: 278950
* [libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany2016-08-168-1/+65
| | | | | | affect control flow and treats new values as new coverage. llvm-svn: 278839
* [libFuzzer] print a verbose message after executing inputs in non-fuzzing modeKostya Serebryany2016-08-151-0/+2
| | | | llvm-svn: 278724
* [libFuzzer] fix the bot Kostya Serebryany2016-08-151-1/+1
| | | | llvm-svn: 278721
* [libFuzzer] add InsertRepeatedBytes and EraseBytes.Kostya Serebryany2016-08-156-11/+106
| | | | | | | | | | | | | New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687
* [LibFuzzer] Fix `-jobs=<N>` where <N> > 1 and the number of workers is > 1 ↵Dan Liew2016-08-121-0/+29
| | | | | | | | | | | | | | | | | | | | | | | on macOS. The original `ExecuteCommand()` called `system()` from the C library. The C library implementation of this on macOS contains a mutex which serializes calls to `system()`. This prevented the `-jobs=` flag from running copies of the fuzzing binary in parallel which is the opposite of what is intended. To fix this on macOS an alternative implementation of `ExecuteCommand()` is provided that can be used concurrently. This is provided in `FuzzerUtilDarwin.cpp` which is guarded to only compile code on Apple platforms. The existing implementation has been moved to a new file `FuzzerUtilLinux.cpp` which is guarded to only compile code on Linux. This commit includes a simple test to check that LibFuzzer is being executed in parallel when requested. Differential Revision: https://reviews.llvm.org/D22742 llvm-svn: 278544
* [libFuzzer] properly intercept memmemKostya Serebryany2016-07-191-1/+5
| | | | llvm-svn: 276006
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-154-1/+22
| | | | llvm-svn: 275648
* [libFuzzer] add ThreadedLeakTestKostya Serebryany2016-07-153-0/+24
| | | | llvm-svn: 275582
* [LibFuzzer] Unbreak the build on macOS which was broken by r272858.Dan Liew2016-07-071-0/+6
| | | | | | | | | ``afl_driver.cpp`` currently relies on weak symbols which doesn't work properly under macOS. For now fix the build by providing a dummy implementation of ``LLVMFuzzerInitialize(...)``. This is just a temporary measure until we fix ``afl_driver.cpp`` for macOS. llvm-svn: 274778
* [libFuzzer] Let user specify extra stats file.Mike Aizatsky2016-06-302-1/+29
| | | | | | | | | | | | Summary: If AFL_DRIVER_EXTRA_STATS_FILENAME is set and valid, write to it peak_rss_mb and slowest_unit_time_sec. These are both stats that libFuzzer can print but afl cannot. Reviewers: kcc, aizatsky, metzman Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21742 llvm-svn: 274273
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-231-12/+11
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [libFuzzer] Add standard license info and comment header to AFLDriverTest.cppVitaly Buka2016-06-231-0/+4
| | | | | | | | | | | | Summary: Add license info and brief description of file to AFLDriverTest.cpp. Reviewers: kcc, aizatsky Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21487 llvm-svn: 273527
* [libFuzzer] make the single-run output more reliableKostya Serebryany2016-06-171-2/+2
| | | | llvm-svn: 272998
* [libFuzzer] use the new chainable malloc hooks instead of the old ↵Kostya Serebryany2016-06-161-7/+4
| | | | | | un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable llvm-svn: 272948
* Fix test from D21194Vitaly Buka2016-06-161-2/+1
| | | | | | Bot sets ASAN_OPTIONS=handle_abort=1 which prevents expected crash. llvm-svn: 272866
* Debugging D21194 issues on botVitaly Buka2016-06-161-0/+1
| | | | llvm-svn: 272863
* Enable libFuzzer's afl_driver to append stderr to a file.Vitaly Buka2016-06-163-0/+35
| | | | | | | | | | | | | | | | | | | Summary: [libFuzzer] Enable afl_driver to append stderr to a user specified file. Append stderr of afl_driver to the file specified by the environmental variable AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs on crashes without rerunning crashing test cases (which won't work for crashes that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz and users would have no way of seeing it. Reviewers: llvm-commits, aizatsky, kcc, vitalybuka Subscribers: vitalybuka Differential Revision: http://reviews.llvm.org/D21194 llvm-svn: 272858
* [LibFuzzer] Fix ``FuzzerMutate.ShuffleBytes2`` unit test on OSX.Dan Liew2016-06-151-1/+1
| | | | | | | | | | | | | | | | The ``FuzzerMutate.ShuffleBytes2`` unit test was failing on OSX due to the implementation of ``std::random_shuffle()`` being different between libcxx and libstdc++. @kcc has decided (see http://reviews.llvm.org/D21218) it is acceptable for there to be different mutation behavior on different platforms so this commit just adjusts the test to perform the minimum number of iterations (that is a power of 2) to see all the mutations the unit test is looking for. Differential Revision: http://reviews.llvm.org/D21359 llvm-svn: 272743
* Revert "Enable libFuzzer's afl_driver to append stderr to a file."Vitaly Buka2016-06-143-35/+0
| | | | | | | | | Crashes with AddressSanitizer: SEGV on unknown address http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer/builds/9924/steps/annotate/logs/stdio This reverts commit r272706. llvm-svn: 272726
* Enable libFuzzer's afl_driver to append stderr to a file.Vitaly Buka2016-06-143-0/+35
| | | | | | | | | | | | | | | | | | | Summary: [libFuzzer] Enable afl_driver to append stderr to a user specified file. Append stderr of afl_driver to the file specified by the environmental variable AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs on crashes without rerunning crashing test cases (which won't work for crashes that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz and users would have no way of seeing it. Reviewers: llvm-commits, aizatsky, kcc, vitalybuka Subscribers: vitalybuka Differential Revision: http://reviews.llvm.org/D21194 llvm-svn: 272706
* [LibFuzzer] Disable the ``fuzzer-trace-pc.test`` test on non-linux platforms.Dan Liew2016-06-141-0/+4
| | | | | | | | | | | | On OSX this test sometimes fails due to the ``LLVMFuzzer-FullCoverageSetTest-TracePC`` program going over the default 2GiB memory limit. This shouldn't be happening and needs investigating. For now just disable the test so we can set up an OSX buildbot. Differential Revision: http://reviews.llvm.org/D21319 llvm-svn: 272696
* [LibFuzzer] Move tests in ``fuzzer-traces.test`` that require hooks to their ↵Dan Liew2016-06-142-17/+23
| | | | | | | | | | | | | own test. The tests in ``fuzzer-traces-hooks.test`` only work on Linux because calls to hooks (e.g. ``__sanitizer_weak_hook_memcmp()``) from inside the sanitizer runtime are only implemented on Linux. Therefore these tests are set to only run on Linux. Differential Revision: http://reviews.llvm.org/D21253 llvm-svn: 272600
* [LibFuzzer] Fix some unit test crashes on OSX.Dan Liew2016-06-101-0/+4
| | | | | | | | | | | | | | | | | | | | | This fixes the following unit tests: FuzzerDictionary.ParseOneDictionaryEntry FuzzerDictionary.ParseDictionaryFile The issue appears to be mixing non-ASan-ified code (LibFuzzer) and ASan-ified code (the unittest) as the tests would pass fine if everything was built with ASan enabled. I believe the issue is that different implementations of std::vector<> are being used in LibFuzzer and outside LibFuzzer (in the unittests). For Libcxx (I've not seen the issue manifest for libstdc++) we can disable the ASanified std::vector<> by definining the ``_LIBCPP_HAS_NO_ASAN`` macro. Doing this fixes the tests on OSX. Differential Revision: http://reviews.llvm.org/D21049 llvm-svn: 272374
* [libFuzzer] add one more OOM test, which we currently don't handle very wellKostya Serebryany2016-06-092-0/+30
| | | | llvm-svn: 272240
* [libFuzzer] add a test that is built w/o coverage instrumentation but has ↵Kostya Serebryany2016-06-084-1/+22
| | | | | | the coverage rt (it should now fail with a descriptive message) llvm-svn: 272090
* [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew2016-06-071-0/+21
| | | | | | | | | | | | | | | | | | | | | | | This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
* [LibFuzzer] Split the fuzzer-oom.test into two tests.Dan Liew2016-06-073-1/+14
| | | | | | | | | | This is necessary because the existing fuzzer-oom.test was Linux specific due to its use of __sanitizer_print_memory_profile() which is only available on Linux right now and so the test would fail on OSX. Differential Revision: http://reviews.llvm.org/D20977 llvm-svn: 272061
* [libfuzzer] custom crossover interface function.Mike Aizatsky2016-06-073-0/+68
| | | | | | Differential Revision: http://reviews.llvm.org/D21089 llvm-svn: 272054
* [libfuzzer] prune_corpus option for disabling pruning during the load.Mike Aizatsky2016-06-071-0/+13
| | | | | | | | | | Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035
* [LibFuzzer] s/dataflow sanitizer/DataflowSanitizer/Dan Liew2016-06-071-2/+2
| | | | llvm-svn: 271980
* [LibFuzzer] Disable building and running LSan tests on Apple platforms ↵Dan Liew2016-06-074-0/+18
| | | | | | | | because LSan is not currently supported. Differential Revision: http://reviews.llvm.org/D20947 llvm-svn: 271979
* [libfuzzer] splitting fuzzer.testMike Aizatsky2016-06-0311-97/+99
| | | | llvm-svn: 271697
* [LibFuzzer] Disable compiling and running the LibFuzzer dataflow sanitizer ↵Dan Liew2016-06-024-1/+19
| | | | | | | | | | | tests on Apple platforms. This fixes a broken part of the build on OSX as the dataflow sanitizer is not supported on OSX yet. Differential Revision: http://reviews.llvm.org/D20894 llvm-svn: 271492
* [libFuzzer] use __sanitizer_print_memory_profile to print the memory profile ↵Kostya Serebryany2016-06-021-0/+1
| | | | | | on OOM llvm-svn: 271465
* [libFuzzer] when an invalid flag is given, warn, but don't crashKostya Serebryany2016-06-011-0/+4
| | | | llvm-svn: 271404
* [libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL ↵Kostya Serebryany2016-05-291-4/+7
| | | | | | caused a push_back in the main corpus invalidating the vector<> iterators in rare cases. llvm-svn: 271186
* [libFuzzer] use __sanitizer_set_report_fd with -close_fd_mask. This allows ↵Kostya Serebryany2016-05-271-1/+3
| | | | | | us to keep asan reports when closing target's stderr llvm-svn: 271053
* [LibFuzzer] Refactor declaration of tests in CMake.Dan Liew2016-05-276-115/+104
| | | | | | | | | | | | | | | | | | Add a new CMake function (``add_libfuzzer_test()``) to simplify declaration of executables for testing LibFuzzer and use it to reorganise how tests are declared. Note that configuration of the lit configuration files has been moved as late as possible because we are going to need to disable some tests for some platforms and we will need to propagate this information into the lit configuration. Note the code for custom mains was removed because no tests are currently written for this and Kostya seems happy to remove this. Differential Revision: http://reviews.llvm.org/D20706 llvm-svn: 270958
* [libFuzzer] make check-fuzzer a bit fasterKostya Serebryany2016-05-271-3/+2
| | | | llvm-svn: 270947
* [libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid ↵Kostya Serebryany2016-05-271-0/+3
| | | | | | pointer to read from llvm-svn: 270942
* [libFuzzer] more refactoring around CurrentUnit. Also add a threading test ↵Kostya Serebryany2016-05-263-2/+26
| | | | | | on which we currently have a race (when reporting bugs from multiple threads) llvm-svn: 270929
* [LibFuzzer] Allow LibFuzzer to be built in modes other than RELEASE.Dan Liew2016-05-266-12/+35
| | | | | | | | | | | | Previously the flags were only being set correctly when the build type was "Release". Now the build should work properly for all the supported build types. When building libFuzzer the optimization level respects whatever is used for the rest of LLVM but for the LibFuzzer tests we force -O0. Differential Revision: http://reviews.llvm.org/D20558 llvm-svn: 270912
* [libFuzzer] when there is a leak in the existing corpus report the ↵Kostya Serebryany2016-05-261-1/+1
| | | | | | reproducer properly llvm-svn: 270905
* [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in ↵Kostya Serebryany2016-05-261-0/+3
| | | | | | function declarations. Add a test for -only_ascii. NFC intended llvm-svn: 270900
* [libfuzzer] replacing unittest for truncate_units with functional test.Mike Aizatsky2016-05-254-22/+22
| | | | | | Differential Revision: http://reviews.llvm.org/D20641 llvm-svn: 270755
* [libFuzzer] print stats if we crash on empty inputKostya Serebryany2016-05-253-0/+23
| | | | llvm-svn: 270639
* [libfuzzer] Trying random unit prefixes during corpus load.Mike Aizatsky2016-05-241-0/+22
| | | | | | Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632
OpenPOWER on IntegriCloud