summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] be more careful with memory usage, print peak rss in status linesKostya Serebryany2016-10-063-2/+4
| | | | llvm-svn: 283418
* [libFuzzer] when re-running for lsan, don't look at the coverageKostya Serebryany2016-10-051-1/+1
| | | | llvm-svn: 283411
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-0512-150/+145
| | | | llvm-svn: 283409
* [libFuzzer] add ShrinkValueProfileTest, move code around, NFCKostya Serebryany2016-10-058-111/+141
| | | | llvm-svn: 283286
* [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller ↵Kostya Serebryany2016-10-053-6/+38
| | | | | | elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines llvm-svn: 283279
* [libFuzzer] remove dfsan support and some related stale code. This is not ↵Kostya Serebryany2016-10-049-449/+1
| | | | | | being used and as is is pretty weak anyway llvm-svn: 283187
* [libFuzzer] change the probabilities so that we choose only the inputs that ↵Kostya Serebryany2016-10-042-4/+13
| | | | | | are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now) llvm-svn: 283178
* [libFuzzer] add fuzzer test for libxml2, finds ↵Kostya Serebryany2016-10-013-0/+38
| | | | | | https://bugzilla.gnome.org/show_bug.cgi?id=751631 llvm-svn: 283024
* [libFuzzer] fix a recent bugs (buffer overflow)Kostya Serebryany2016-10-011-1/+1
| | | | llvm-svn: 283021
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-018-13/+51
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] remove some experimental codeKostya Serebryany2016-09-302-21/+12
| | | | llvm-svn: 282983
* [libFuzzer] fix openssl fuzzer tests when running on a machine w/o openssl ↵Kostya Serebryany2016-09-302-2/+2
| | | | | | installed llvm-svn: 282972
* [libFuzzer] remove unused optionKostya Serebryany2016-09-307-20/+8
| | | | llvm-svn: 282971
* [libFuzzer] move common parts of shell scripts into a separate fileKostya Serebryany2016-09-309-68/+58
| | | | llvm-svn: 282954
* [libFuzzer] add a fuzzer test that finds CVE-2015-3193Kostya Serebryany2016-09-303-0/+184
| | | | llvm-svn: 282892
* [libfuzzer] test for c-ares CVE-2016-5180Kostya Serebryany2016-09-303-0/+50
| | | | llvm-svn: 282839
* [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still ↵Kostya Serebryany2016-09-304-47/+2
| | | | | | works with the new one (trace-pc-guard) llvm-svn: 282831
* [libFuzzer] more the feature set to InputCorpus; on feature update, change ↵Kostya Serebryany2016-09-304-39/+80
| | | | | | the feature counter of the old best input llvm-svn: 282829
* [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create ↵Kostya Serebryany2016-09-293-12/+13
| | | | | | one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735
* [libFuzzer] initialize ValueBitMap::NumBitsKostya Serebryany2016-09-291-1/+1
| | | | llvm-svn: 282721
* [libFuzzer] speedup TracePC::FinalizeTraceKostya Serebryany2016-09-282-15/+22
| | | | llvm-svn: 282562
* [libFuzzer] run re2 test in 8 threads by defaultKostya Serebryany2016-09-271-1/+1
| | | | llvm-svn: 282469
* [sanitizer-coverage] fix a bug in trace-gepKostya Serebryany2016-09-271-1/+1
| | | | llvm-svn: 282467
* [libFuzzer] add a test based on openssl-1.0.1f (finds heartbleed)Kostya Serebryany2016-09-275-0/+89
| | | | llvm-svn: 282460
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-2712-13/+55
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] add a standalone build script Kostya Serebryany2016-09-241-0/+10
| | | | llvm-svn: 282321
* [libFuzzer] simplify HandleTrace again, start re-running interesting units ↵Kostya Serebryany2016-09-236-9/+75
| | | | | | and collecting their features. llvm-svn: 282316
* [libFuzzer] first steps in adding a proper automated test suite based on ↵Kostya Serebryany2016-09-232-0/+48
| | | | | | real-life code: add a script to build RE2 at a revision that has known bugs llvm-svn: 282292
* [libFuzzer] reset Counters (trace-pc-guard) before every runKostya Serebryany2016-09-231-1/+1
| | | | llvm-svn: 282284
* [libFuzzer] be more precise about what we reset in TracePCKostya Serebryany2016-09-232-6/+8
| | | | llvm-svn: 282225
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-238-27/+25
| | | | llvm-svn: 282224
* [libFuzzer] simplify the TracePC logicKostya Serebryany2016-09-233-29/+20
| | | | llvm-svn: 282222
* [libFuzzer] move value profiling logic into TracePCKostya Serebryany2016-09-236-32/+21
| | | | llvm-svn: 282219
* [libFuzzer] change ValueBitMap to remember the number of bits in itKostya Serebryany2016-09-237-30/+29
| | | | llvm-svn: 282216
* [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen ↵Kostya Serebryany2016-09-223-29/+36
| | | | | | and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen llvm-svn: 282211
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-228-44/+66
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
* [libFuzzer] one more test Kostya Serebryany2016-09-223-0/+30
| | | | llvm-svn: 282127
* [libFuzzer] add stats to the corpus; more refactoringKostya Serebryany2016-09-2110-49/+53
| | | | llvm-svn: 282121
* [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a ↵Kostya Serebryany2016-09-214-57/+53
| | | | | | unit from the corpus, use the stored one. llvm-svn: 282115
* [libFuzzer] more refactoringKostya Serebryany2016-09-2110-8/+13
| | | | llvm-svn: 282113
* [libFuzzer] fix libc++ buildKostya Serebryany2016-09-211-0/+1
| | | | llvm-svn: 282050
* [libFuzzer] more refactoring; NFCKostya Serebryany2016-09-218-42/+74
| | | | llvm-svn: 282047
* [libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany2016-09-2116-397/+539
| | | | llvm-svn: 282044
* [libFuzzer] refactoring: move the Corpus into a separate class; delete two ↵Kostya Serebryany2016-09-218-163/+83
| | | | | | unused experimental features llvm-svn: 282042
* [libFuzzer] use sleep() instead of std::this_thread::sleep_for to avoid ↵Kostya Serebryany2016-09-191-1/+1
| | | | | | coverage from instrumented libc++ llvm-svn: 281933
* [libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany2016-09-188-10/+45
| | | | | | libFuzzer llvm-svn: 281866
* [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change ↵Kostya Serebryany2016-09-182-40/+38
| | | | | | the guard type to intptr_t; use separate array for 8-bit counters llvm-svn: 281845
* [libFuzzer] properly reset the guards when reseting the coverage. Also try ↵Kostya Serebryany2016-09-173-1/+12
| | | | | | to fix check-fuzzer on the bot llvm-svn: 281814
* [libFuzzer] change trace-pc to use 8-byte guardsKostya Serebryany2016-09-1710-32/+156
| | | | llvm-svn: 281810
* [libFuzzer] make caller-callee feedback work with trace-pc-guardKostya Serebryany2016-09-155-1/+17
| | | | llvm-svn: 281667
OpenPOWER on IntegriCloud