| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
llvm-svn: 281667
|
| |
|
|
| |
llvm-svn: 281633
|
| |
|
|
| |
llvm-svn: 281584
|
| |
|
|
| |
llvm-svn: 281583
|
| |
|
|
| |
llvm-svn: 281580
|
| |
|
|
|
|
| |
trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic)
llvm-svn: 281577
|
| |
|
|
| |
llvm-svn: 281568
|
| |
|
|
| |
llvm-svn: 281435
|
| |
|
|
| |
llvm-svn: 281124
|
| |
|
|
| |
llvm-svn: 281122
|
| |
|
|
| |
llvm-svn: 281111
|
| |
|
|
| |
llvm-svn: 281106
|
| |
|
|
| |
llvm-svn: 281066
|
| |
|
|
|
|
| |
better
llvm-svn: 281007
|
| |
|
|
|
|
| |
tests that I failed to commit last time
llvm-svn: 280332
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D24049
llvm-svn: 280153
|
| |
|
|
|
|
| |
M<N, caused a buffer overflow
llvm-svn: 280098
|
| |
|
|
|
|
| |
the corpus too much
llvm-svn: 280096
|
| |
|
|
|
|
| |
fuzzer reaches the goal much faster, at least on the simple puzzles
llvm-svn: 280054
|
| |
|
|
| |
llvm-svn: 280046
|
| |
|
|
| |
llvm-svn: 279796
|
| |
|
|
| |
llvm-svn: 279792
|
| |
|
|
|
|
| |
useful: print PCs only after the initial corpus has been read and symbolize them
llvm-svn: 279787
|
| |
|
|
| |
llvm-svn: 279686
|
| |
|
|
|
|
| |
__sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer
llvm-svn: 279027
|
| |
|
|
|
|
| |
from r278970
llvm-svn: 278982
|
| |
|
|
| |
llvm-svn: 278950
|
| |
|
|
|
|
| |
affect control flow and treats new values as new coverage.
llvm-svn: 278839
|
| |
|
|
| |
llvm-svn: 278724
|
| |
|
|
| |
llvm-svn: 278721
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
New mutation: InsertRepeatedBytes.
Updated mutation: EraseByte => EraseBytes.
This helps https://github.com/google/sanitizers/issues/710
where libFuzzer was not able to find a known bug.
Now it finds it in minutes.
Hopefully, the change is general enough to help other targets.
llvm-svn: 278687
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
on macOS.
The original `ExecuteCommand()` called `system()` from the C library.
The C library implementation of this on macOS contains a mutex which
serializes calls to `system()`. This prevented the `-jobs=` flag
from running copies of the fuzzing binary in parallel which is
the opposite of what is intended.
To fix this on macOS an alternative implementation of `ExecuteCommand()`
is provided that can be used concurrently. This is provided in
`FuzzerUtilDarwin.cpp` which is guarded to only compile code on Apple
platforms. The existing implementation has been moved to a new file
`FuzzerUtilLinux.cpp` which is guarded to only compile code on Linux.
This commit includes a simple test to check that LibFuzzer is being
executed in parallel when requested.
Differential Revision: https://reviews.llvm.org/D22742
llvm-svn: 278544
|
| |
|
|
| |
llvm-svn: 276006
|
| |
|
|
| |
llvm-svn: 275648
|
| |
|
|
| |
llvm-svn: 275582
|
| |
|
|
|
|
|
|
|
| |
``afl_driver.cpp`` currently relies on weak symbols which doesn't
work properly under macOS. For now fix the build by providing a
dummy implementation of ``LLVMFuzzerInitialize(...)``. This is just
a temporary measure until we fix ``afl_driver.cpp`` for macOS.
llvm-svn: 274778
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: If AFL_DRIVER_EXTRA_STATS_FILENAME is set and valid, write to it peak_rss_mb and slowest_unit_time_sec. These are both stats that libFuzzer can print but afl cannot.
Reviewers: kcc, aizatsky, metzman
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D21742
llvm-svn: 274273
|
| |
|
|
|
|
|
|
| |
Summary: It also fixes a bug, when first random might not be ascii.
Differential Revision: http://reviews.llvm.org/D21573
llvm-svn: 273611
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: Add license info and brief description of file to AFLDriverTest.cpp.
Reviewers: kcc, aizatsky
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D21487
llvm-svn: 273527
|
| |
|
|
| |
llvm-svn: 272998
|
| |
|
|
|
|
| |
un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable
llvm-svn: 272948
|
| |
|
|
|
|
| |
Bot sets ASAN_OPTIONS=handle_abort=1 which prevents expected crash.
llvm-svn: 272866
|
| |
|
|
| |
llvm-svn: 272863
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
[libFuzzer] Enable afl_driver to append stderr to a user specified file.
Append stderr of afl_driver to the file specified by the environmental variable
AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs
on crashes without rerunning crashing test cases (which won't work for crashes
that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz
and users would have no way of seeing it.
Reviewers: llvm-commits, aizatsky, kcc, vitalybuka
Subscribers: vitalybuka
Differential Revision: http://reviews.llvm.org/D21194
llvm-svn: 272858
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ``FuzzerMutate.ShuffleBytes2`` unit test was failing on
OSX due to the implementation of ``std::random_shuffle()``
being different between libcxx and libstdc++.
@kcc has decided (see http://reviews.llvm.org/D21218) it is acceptable
for there to be different mutation behavior on different platforms so
this commit just adjusts the test to perform the minimum number of
iterations (that is a power of 2) to see all the mutations the unit test
is looking for.
Differential Revision: http://reviews.llvm.org/D21359
llvm-svn: 272743
|
| |
|
|
|
|
|
|
|
| |
Crashes with AddressSanitizer: SEGV on unknown address
http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer/builds/9924/steps/annotate/logs/stdio
This reverts commit r272706.
llvm-svn: 272726
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
[libFuzzer] Enable afl_driver to append stderr to a user specified file.
Append stderr of afl_driver to the file specified by the environmental variable
AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs
on crashes without rerunning crashing test cases (which won't work for crashes
that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz
and users would have no way of seeing it.
Reviewers: llvm-commits, aizatsky, kcc, vitalybuka
Subscribers: vitalybuka
Differential Revision: http://reviews.llvm.org/D21194
llvm-svn: 272706
|
| |
|
|
|
|
|
|
|
|
|
|
| |
On OSX this test sometimes fails due to the
``LLVMFuzzer-FullCoverageSetTest-TracePC`` program going over the
default 2GiB memory limit. This shouldn't be happening and needs
investigating. For now just disable the test so we can set up an
OSX buildbot.
Differential Revision: http://reviews.llvm.org/D21319
llvm-svn: 272696
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
own test.
The tests in ``fuzzer-traces-hooks.test`` only work on Linux because calls to hooks
(e.g. ``__sanitizer_weak_hook_memcmp()``) from inside the sanitizer
runtime are only implemented on Linux. Therefore these tests are set to
only run on Linux.
Differential Revision: http://reviews.llvm.org/D21253
llvm-svn: 272600
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following unit tests:
FuzzerDictionary.ParseOneDictionaryEntry
FuzzerDictionary.ParseDictionaryFile
The issue appears to be mixing non-ASan-ified code (LibFuzzer) and
ASan-ified code (the unittest) as the tests would pass fine if
everything was built with ASan enabled.
I believe the issue is that different implementations of std::vector<>
are being used in LibFuzzer and outside LibFuzzer (in the unittests).
For Libcxx (I've not seen the issue manifest for libstdc++) we can disable
the ASanified std::vector<> by definining the ``_LIBCPP_HAS_NO_ASAN`` macro.
Doing this fixes the tests on OSX.
Differential Revision: http://reviews.llvm.org/D21049
llvm-svn: 272374
|
