summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/test
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] improve error handling during the merge (handle various IO failures)Kostya Serebryany2017-01-051-0/+8
| | | | llvm-svn: 291182
* [libFuzzer] make __sanitizer_cov_trace_switch more predictableKostya Serebryany2016-12-291-2/+2
| | | | llvm-svn: 290703
* [libfuzzer] dump_coverage command line flagMike Aizatsky2016-12-191-0/+16
| | | | | | | | Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138
* [libFuzzer] use less memory for mergeKostya Serebryany2016-12-171-2/+5
| | | | llvm-svn: 290039
* [libFuzzer] remove stale testKostya Serebryany2016-12-171-3/+0
| | | | llvm-svn: 290033
* [libFuzzer] when tracing switch statements, handle only one case at a time ↵Kostya Serebryany2016-12-171-2/+2
| | | | | | (to make things faster). Also ensure that the signals from value profile do not intersect with the regular coverage llvm-svn: 290031
* [libfuzzer] removing experimental FuzzerFnAdapterMike Aizatsky2016-12-173-136/+0
| | | | | | | | | | | | Summary: This is superceded by protobuf mutation work. Reviewers: kcc Subscribers: mgorny Differential Revision: https://reviews.llvm.org/D27865 llvm-svn: 290018
* [libFuzzer] Remove unnecessary includes of posix headers.Marcos Pividori2016-12-163-3/+0
| | | | | | | | | Remove includes of "unistd.h" header, which is missing in non posix systems. Differential Revision: https://reviews.llvm.org/D277300 llvm-svn: 289965
* [libFuzzer] Update tests to use more general functions instead of posix ↵Marcos Pividori2016-12-162-1/+8
| | | | | | | | | | | specific. Replace sleep() posix function by a more portable sleep_for() function from std. Also, ignore memmem() and strcasestr() on Windows. Differential Revision: https://reviews.llvm.org/D27729 llvm-svn: 289964
* [libFuzzer] enable the failure-resistant merge by default (with ↵Kostya Serebryany2016-12-151-12/+20
| | | | | | trace-pc-guard only) llvm-svn: 289772
* [libFuzzer] Fix bug in detecting timeouts when input string is empty.Marcos Pividori2016-12-133-0/+20
| | | | | | | | | | | | | | I added a new flag RunningCB to know if the Fuzzer's main thread is running the CB function, instead of using (!CurrentUnitSize). (!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp, inside ShuffleAndMinimize() function, we execute the callback with an empty string (size=0). Previous implementation failed to detect timeouts in that execution. Also, I add a regression test for that case. Differential Revision: https://reviews.llvm.org/D27433 llvm-svn: 289561
* [libFuzzer] don't require extra flags with -minimize_crash=1 (default to ↵Kostya Serebryany2016-12-131-4/+4
| | | | | | -max_total_time=600). Also respect exact_artifact_path when outputting the end result llvm-svn: 289506
* [libFuzzer] split one slow test into several, for more parallel testingKostya Serebryany2016-12-124-6/+7
| | | | llvm-svn: 289481
* [libFuzzer] make SimpleCmpTest a bit simpler to crack and more verboseKostya Serebryany2016-12-121-15/+26
| | | | llvm-svn: 289477
* [libFuzzer] build libFuzzer itself with asanKostya Serebryany2016-12-122-2/+3
| | | | llvm-svn: 289469
* [libFuzzer] respect -max_len during mergeKostya Serebryany2016-12-121-0/+2
| | | | llvm-svn: 289467
* [libFuzzer] don't depend on time in a testKostya Serebryany2016-12-111-1/+1
| | | | llvm-svn: 289368
* [libFuzzer] test cleanup (3)Kostya Serebryany2016-12-101-1/+0
| | | | llvm-svn: 289314
* [libFuzzer] test cleanup (2)Kostya Serebryany2016-12-101-15/+0
| | | | llvm-svn: 289313
* [libFuzzer] test cleanupKostya Serebryany2016-12-108-60/+33
| | | | llvm-svn: 289312
* [libFuzzer] switch all libFuzzer tests to use ↵Kostya Serebryany2016-12-106-10/+6
| | | | | | -fsanitize-coverage=trace-pc-guard. Support for the previosly used instrumentation will be removed in the following changes llvm-svn: 289311
* [libFuzzer] implement crash-resistant merge ↵Kostya Serebryany2016-12-091-0/+135
| | | | | | (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). llvm-svn: 289166
* [libFuzzer] add a test for r288389 (-rss_limit_mb=0 means no limit).Kostya Serebryany2016-12-011-0/+3
| | | | llvm-svn: 288392
* revert r288283 as it causes debug info (line numbers) to be lost in ↵Kostya Serebryany2016-12-011-1/+1
| | | | | | instrumented code. also revert r288299 which was a workaround for the problem. llvm-svn: 288300
* [libFuzzer] temporary disable a part of the test broken by r288283Kostya Serebryany2016-12-011-1/+1
| | | | llvm-svn: 288299
* [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that ↵Kostya Serebryany2016-11-304-4/+37
| | | | | | exceeds the limit llvm-svn: 288281
* [libFuzzer] extend -print_coverage to print the comma-separated list of ↵Kostya Serebryany2016-11-301-0/+1
| | | | | | covered dirs. Note: the Windows stub for DirName is left unimplemented llvm-svn: 288276
* [libFuzzer] use less stackKostya Serebryany2016-11-121-0/+2
| | | | llvm-svn: 286689
* [libFuzzer] fix -error_exitcode=N, now with a test Kostya Serebryany2016-11-031-0/+1
| | | | llvm-svn: 285958
* [libFuzzer] enable use_cmp by defaultKostya Serebryany2016-10-2710-14/+16
| | | | llvm-svn: 285353
* [libFuzzer] add StandaloneFuzzTargetMain.c and a test for itKostya Serebryany2016-10-254-3/+21
| | | | llvm-svn: 285135
* [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the ↵Kostya Serebryany2016-10-251-0/+2
| | | | | | desired bytes. Add another test for use_cmp llvm-svn: 285109
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-253-2/+6
| | | | | | available, add a test llvm-svn: 285049
* [libFuzzer] mutation: insert the size of the input in bytes as one of the ↵Kostya Serebryany2016-10-221-2/+6
| | | | | | ways to mutate a binary integer llvm-svn: 284909
* [libFuzzer] typo in a testKostya Serebryany2016-10-221-1/+1
| | | | llvm-svn: 284903
* [libFuzzer] add a test for asan's strict_string_checks=1Kostya Serebryany2016-10-223-0/+26
| | | | llvm-svn: 284902
* [libFuzzer] extend -print_coverage to also print uncovered lines, functions, ↵Kostya Serebryany2016-10-194-6/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and files. Example of output: COVERAGE: COVERED: in DSO2(int) /pathto/DSO2.cpp:6 COVERED: in DSO2(int) /pathto/DSO2.cpp:8 COVERED: in DSO1(int) /pathto/DSO1.cpp:6 COVERED: in DSO1(int) /pathto/DSO1.cpp:8 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26 MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9 UNCOVERED_FUNC: in Uncovered1() MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9 UNCOVERED_FUNC: in Uncovered2() MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21 UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27 UNCOVERED_FILE: /pathto/DSOTestExtra.cpp Several things are not perfect here: * we are using objdump+awk instead of sancov because sancov does not support DSOs yet. * this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=... (need to implement another API to get the module name by PC) llvm-svn: 284554
* [libFuzzer] detect leaks after every run when executing fixed inputs ↵Kostya Serebryany2016-10-181-0/+3
| | | | | | (./fuzzer -runs=1000000 my-file) llvm-svn: 284514
* [libFuzzer] swap bytes in integers when handling CMP tracesKostya Serebryany2016-10-152-0/+34
| | | | llvm-svn: 284301
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-141-1/+1
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] add -trace_malloc= flagKostya Serebryany2016-10-133-0/+38
| | | | llvm-svn: 284149
* [libFuzzer] implement value profile for switch, increase the size of the PCs ↵Kostya Serebryany2016-10-111-0/+2
| | | | | | array, make sure we don't overflow it llvm-svn: 283841
* [libFuzzer] add switch testsKostya Serebryany2016-10-112-0/+38
| | | | llvm-svn: 283840
* [libFuzzer] make a test less flakyKostya Serebryany2016-10-091-1/+0
| | | | llvm-svn: 283686
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-081-1/+1
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-055-9/+17
| | | | llvm-svn: 283409
* [libFuzzer] add ShrinkValueProfileTest, move code around, NFCKostya Serebryany2016-10-055-3/+26
| | | | llvm-svn: 283286
* [libFuzzer] remove dfsan support and some related stale code. This is not ↵Kostya Serebryany2016-10-045-52/+0
| | | | | | being used and as is is pretty weak anyway llvm-svn: 283187
* [libFuzzer] remove unused optionKostya Serebryany2016-09-303-14/+7
| | | | llvm-svn: 282971
* [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still ↵Kostya Serebryany2016-09-301-1/+0
| | | | | | works with the new one (trace-pc-guard) llvm-svn: 282831
OpenPOWER on IntegriCloud