summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/test
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] actually make the dictionaries work (+docs)Kostya Serebryany2015-09-045-10/+103
| | | | llvm-svn: 246825
* [libFuzzer] refactor the mutation functions so that they are now methods of ↵Kostya Serebryany2015-09-031-19/+25
| | | | | | a class. NFC llvm-svn: 246808
* [libFuzzer] adding a parser for AFL-style dictionaries + tests.Kostya Serebryany2015-09-031-0/+48
| | | | llvm-svn: 246800
* [libFuzzer] deprecate the -tokens flag. This was a bad idea because the ↵Kostya Serebryany2015-09-021-1/+1
| | | | | | corpus with this flag contains encrypted inputs, not the real inputs, which complicates interoperation with other fuzzers. Instead we'll need to implement AFL dictionary support llvm-svn: 246734
* [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the ↵Kostya Serebryany2015-08-122-4/+4
| | | | | | trace-based-mutations are applied llvm-svn: 244712
* [libFuzzer] move the mutators to public interface so that custom mutators ↵Kostya Serebryany2015-08-061-2/+2
| | | | | | may reuse these functions directly llvm-svn: 244250
* [libFuzzer] add one more mutation strategy: byte shufflingKostya Serebryany2015-08-061-0/+23
| | | | llvm-svn: 244188
* [libFuzzer] add a missing test fileKostya Serebryany2015-08-051-0/+28
| | | | llvm-svn: 244151
* [libFuzzer] use data-flow feedback from strcmpKostya Serebryany2015-08-053-0/+8
| | | | llvm-svn: 244084
* [libFuzzer] more refactoring of the Mutator and adding tests to itKostya Serebryany2015-08-011-12/+98
| | | | llvm-svn: 243818
* [libFuzzer] start refactoring the Mutator and adding tests to itKostya Serebryany2015-08-012-6/+44
| | | | llvm-svn: 243817
* [libFuzzer] make sure that 2-byte arguments of switch() are handled properlyKostya Serebryany2015-07-312-3/+22
| | | | llvm-svn: 243781
* [libFuzzer] support switch interception in dfsan modeKostya Serebryany2015-07-313-2/+7
| | | | llvm-svn: 243760
* [libFuzzer] trace switch statements and apply mutations based on the ↵Kostya Serebryany2015-07-313-0/+39
| | | | | | expected case values llvm-svn: 243726
* [libFuzzer] fix the strncmp interceptor -- it should respect short strings. Kostya Serebryany2015-07-302-1/+5
| | | | llvm-svn: 243691
* [libFuzzer] implement strncmp hook for data-flow-guided fuzzing (w/ and w/o ↵Kostya Serebryany2015-07-305-2/+31
| | | | | | dfsan), add a test llvm-svn: 243611
* [libFuzzer] implement memcmp hook for data-flow-guided fuzzing (w/o dfsan), ↵Kostya Serebryany2015-07-304-3/+12
| | | | | | extend the memcmp fuzzer test llvm-svn: 243603
* [libFuzzer] ensure that the dfsan tracing hooks actually run (using ↵Kostya Serebryany2015-07-281-0/+3
| | | | | | -verbosity=3 in tests) llvm-svn: 243365
* [libFuzzer] allow users to supply their own implementation of randKostya Serebryany2015-07-242-2/+6
| | | | llvm-svn: 243078
* [libFuzzer] dump long running units to disk Kostya Serebryany2015-07-231-3/+3
| | | | llvm-svn: 243031
* [Fuzzer] Rely on $PATH expansion instead of hardcoding paths in tests. NFC.Alexey Samsonov2015-07-213-14/+15
| | | | llvm-svn: 242851
* [Fuzzer] Clearly separate regular and DFSan tests. NFC.Alexey Samsonov2015-07-215-7/+10
| | | | llvm-svn: 242850
* [lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is ↵Kostya Serebryany2015-05-221-1/+1
| | | | | | unlikely to ever scale llvm-svn: 238063
* [lib/Fuzzer] extend the fuzzer interface to allow user-supplied mutatorsKostya Serebryany2015-05-224-2/+69
| | | | llvm-svn: 238059
* [lib/Fuzzer] change the meaning of -timeout flag: now timeout is applied to ↵Kostya Serebryany2015-05-192-1/+5
| | | | | | every unit of work separately llvm-svn: 237735
* [lib/Fuzzer] Add SHA1 implementation from public domain.Kostya Serebryany2015-05-141-0/+8
| | | | | | | | | | | | | | | | | | | | | | | Summary: This adds a SHA1 implementation taken from public domain code. The change is trivial, but as it involves third-party code I'd like a second pair of eyes before commit. LibFuzzer can not use SHA1 from openssl because openssl may not be available and because we may be fuzzing openssl itself. Using sha1sum via a pipe is too slow. Test Plan: n/a Reviewers: chandlerc Reviewed By: chandlerc Subscribers: majnemer, llvm-commits Differential Revision: http://reviews.llvm.org/D9733 llvm-svn: 237400
* [lib/Fuzzer] remove the -dfsan=1 flag, just use -use_traces=1 (w/ or w/o dfsan)Kostya Serebryany2015-05-121-2/+2
| | | | llvm-svn: 237083
* [lib/Fuzzer] add a trace-based mutatation logic. Same idea as with ↵Kostya Serebryany2015-05-111-0/+1
| | | | | | DFSan-based mutator, but instead of relying on taint tracking, try to find the data directly in the input. More (logic and comments) to go. llvm-svn: 237043
* [lib/Fuzzer] build tests that work well with dfsan also w/o dfsanKostya Serebryany2015-05-085-10/+12
| | | | llvm-svn: 236909
* [lib/Fuzzer] use -fsanitize-coverage=trace-cmp when building LLVM with ↵Kostya Serebryany2015-05-081-1/+1
| | | | | | LLVM_USE_SANITIZE_COVERAGE; in lib/Fuzzer try to reload the corpus to pick up new units from other processes llvm-svn: 236906
* Update CMake flags, LibFuzzer comments and docs for new -fsanitize-coverage= ↵Alexey Samsonov2015-05-071-1/+1
| | | | | | flags. llvm-svn: 236797
* [lib/Fuzzer] change the way we use taint information for fuzzing. Now, we ↵Kostya Serebryany2015-05-071-2/+2
| | | | | | run a single unit and collect suggested mutations based on tracing+taint data, then apply the suggested mutations one by one. The previous scheme was slower and more complex. llvm-svn: 236772
* [lib/Fuzzer] add dfsan_weak_hook_memcmp, enable the test that uses it, ↵Kostya Serebryany2015-05-075-17/+20
| | | | | | simplify the test runner llvm-svn: 236683
* [lib/Fuzzer] remove dfsan_fuzzer_abi.list -- its contents are now moved to ↵Kostya Serebryany2015-05-061-4/+1
| | | | | | dfsan proper llvm-svn: 236659
* [lib/Fuzzer] add a fuzzer test for memcmp (does not work yet) Kostya Serebryany2015-05-062-0/+9
| | | | llvm-svn: 236656
* [lib/Fuzzer] rename TestOneInput to LLVMFuzzerTestOneInput to make it more ↵Kostya Serebryany2015-05-0610-12/+12
| | | | | | unique llvm-svn: 236652
* [fuzzer] Add support for token-based fuzzing (e.g. for C++). Allow string ↵Kostya Serebryany2015-03-313-0/+28
| | | | | | flags. llvm-svn: 233745
* DFSan-based fuzzer (proof of concept).Kostya Serebryany2015-03-304-2/+62
| | | | | | | | | | | | | | | | | | Summary: This adds a simple DFSan-based (i.e. taint-guided) fuzzer mutator, see the comments for details. Test Plan: a test added Reviewers: samsonov, pcc Reviewed By: samsonov, pcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D8669 llvm-svn: 233613
* [sanitizer/coverage] Add AFL-style coverage counters (search heuristic for ↵Kostya Serebryany2015-03-033-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | fuzzing). Introduce -mllvm -sanitizer-coverage-8bit-counters=1 which adds imprecise thread-unfriendly 8-bit coverage counters. The run-time library maps these 8-bit counters to 8-bit bitsets in the same way AFL (http://lcamtuf.coredump.cx/afl/technical_details.txt) does: counter values are divided into 8 ranges and based on the counter value one of the bits in the bitset is set. The AFL ranges are used here: 1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+. These counters provide a search heuristic for single-threaded coverage-guided fuzzers, we do not expect them to be useful for other purposes. Depending on the value of -fsanitize-coverage=[123] flag, these counters will be added to the function entry blocks (=1), every basic block (=2), or every edge (=3). Use these counters as an optional search heuristic in the Fuzzer library. Add a test where this heuristic is critical. llvm-svn: 231166
* [fuzzer] one more experimental search mode: -use_coverage_pairs=1 Kostya Serebryany2015-02-203-1/+23
| | | | llvm-svn: 229957
* [fuzzer] Add proper dependensices to the fuzzer testsKostya Serebryany2015-02-033-1/+10
| | | | | | | | | | | | | | | | | | Summary: Make sure that FileCheck is built when running check-fuzzer Test Plan: run on bot: lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer Reviewers: samsonov Reviewed By: samsonov Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D7387 llvm-svn: 228045
* [fuzzer] Add a gtest-style testKostya Serebryany2015-01-305-21/+96
| | | | | | | | | | | | | | | | Summary: Add one gtest-style test. Test Plan: run on bot Reviewers: samsonov Reviewed By: samsonov Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D7287 llvm-svn: 227639
* [fuzzer] add -use_full_coverage_set=1 which solves FullCoverageSetTest. This ↵Kostya Serebryany2015-01-293-2/+11
| | | | | | does not scale very well yet, but might be a good start. llvm-svn: 227507
* [fuzzer] fix warning in a test Kostya Serebryany2015-01-291-2/+0
| | | | llvm-svn: 227478
* [fuzzer] minor cleanup based on reviews: remove redundant includes, fix a ↵Kostya Serebryany2015-01-292-2/+2
| | | | | | copy-pasto in tests llvm-svn: 227468
* Reverting r227452, which adds back the fuzzer library. Now excluding the ↵Aaron Ballman2015-01-2910-0/+178
| | | | | | fuzzer library based on LLVM_USE_SANITIZE_COVERAGE being set or unset. llvm-svn: 227464
* Temporarily reverting the fuzzer library as it causes too many build issues ↵Aaron Ballman2015-01-2910-178/+0
| | | | | | for MSVC users. This reverts: 227445, 227395, 227389, 227357, 227254, 227252 llvm-svn: 227452
* Adding missing #includes to try to get this to compile on Windows with ↵Aaron Ballman2015-01-295-0/+5
| | | | | | Visual Studio. llvm-svn: 227445
* Add lit-style tests for the Fuzzer libraryKostya Serebryany2015-01-284-0/+58
| | | | | | | | | | | | | | | | Summary: Add test targets and the lit-style runner. Test Plan: Run the tests on bot. Reviewers: samsonov Reviewed By: samsonov Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D7217 llvm-svn: 227389
* Add a Fuzzer libraryKostya Serebryany2015-01-276-0/+115
Summary: A simple genetic in-process coverage-guided fuzz testing library. I've used this fuzzer to test clang-format (it found 12+ bugs, thanks djasper@ for the fixes!) and it may also help us test other parts of LLVM. So why not keep it in the LLVM repository? I plan to add the cmake build rules later (in a separate patch, if that's ok) and also add a clang-format-fuzzer target. See README.txt for details. Test Plan: Tests will follow separately. Reviewers: djasper, chandlerc, rnk Reviewed By: rnk Subscribers: majnemer, ygribov, dblaikie, llvm-commits Differential Revision: http://reviews.llvm.org/D7184 llvm-svn: 227252
OpenPOWER on IntegriCloud