summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] call __sanitizer_dump_coverage via EFKostya Serebryany2017-01-202-1/+4
| | | | llvm-svn: 292681
* [libFuzzer] Don't use `#ifdef` for defined macros, instead use `#if`.Marcos Pividori2017-01-201-1/+1
| | | | | | Differential Revision: https://reviews.llvm.org/D28972 llvm-svn: 292670
* [libFuzzer] Use clang as linker on Windows, to properly include sanitizer ↵Marcos Pividori2017-01-201-0/+15
| | | | | | | | | | | | | | | | | | | libraries. In order to use sanitizers on Windows, we need to link against many runtime libraries which will depend on the target being created (executable or dll) and the c runtime library used (MT/MD). By default, cmake uses link.exe for linking, which fails because we don't specify the appropiate dependencies. As we don't want to consider all of that possible situations which depends on the implementation of the compiler-rt, the simplest option is to change the rules for linking executables and shared libraries, using the compiler instead of link.exe. Clang driver will consider the sanitizer flags, and automatically provide the required libraries to the linker. Differential Revision: https://reviews.llvm.org/D27869 llvm-svn: 292669
* [libFuzzer] Properly use compiler options supported on Windows.Marcos Pividori2017-01-201-1/+1
| | | | | | | | Replace "-g" by "-gline-tables-only". "-g" is not supported by clang-cl. Differential Revision: https://reviews.llvm.org/D27868 llvm-svn: 292668
* [libFuzzer] add an assert to protect against LLVMFuzzerInitialize changing ↵Kostya Serebryany2017-01-204-0/+22
| | | | | | argv[0] llvm-svn: 292652
* [libFuzzer] experimental support for 'equivalance fuzzing'Kostya Serebryany2017-01-2010-7/+243
| | | | llvm-svn: 292646
* [libFuzzer] ensure that entries in PersistentAutoDictionary are not emptyKostya Serebryany2017-01-191-0/+3
| | | | llvm-svn: 292520
* [libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't ↵Kostya Serebryany2017-01-195-12/+37
| | | | | | special case 2-byte inputs llvm-svn: 292511
* [libFuzzer] add two tests for experimenting with equivalence fuzzingKostya Serebryany2017-01-194-0/+46
| | | | llvm-svn: 292509
* [libFuzzer] remove stale codeKostya Serebryany2017-01-184-131/+4
| | | | llvm-svn: 292325
* [libFuzzer] exit(1) on failed mergeKostya Serebryany2017-01-182-0/+10
| | | | llvm-svn: 292319
* [libFuzzer] add ATTRIBUTE_NO_SANITIZE_MEMORY to sanitizer hooksKostya Serebryany2017-01-171-0/+14
| | | | llvm-svn: 292295
* [libfuzzer] fixing collected pc addresses for coverageMike Aizatsky2017-01-175-21/+33
| | | | | | | | | | | | Summary: The causes google/ossfuzz#84 Reviewers: kcc Subscribers: mgorny Differential Revision: https://reviews.llvm.org/D28827 llvm-svn: 292289
* [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the ↵Kostya Serebryany2017-01-1710-68/+94
| | | | | | code between cmp and memcmp handling) llvm-svn: 292287
* [libFuzzer] copy the options inside MutationDispatcher to avoid ↵Kostya Serebryany2017-01-171-1/+2
| | | | | | use-after-scope in mutator tests llvm-svn: 292286
* [libFuzzer] remove dead code, NFCKostya Serebryany2017-01-061-47/+0
| | | | llvm-svn: 291195
* [libFuzzer] improve error handling during the merge (handle various IO failures)Kostya Serebryany2017-01-059-0/+32
| | | | llvm-svn: 291182
* [libFuzzer] use /tmp (or $TMPDIR, if present) to store temp files during mergeKostya Serebryany2017-01-054-2/+13
| | | | llvm-svn: 291078
* [libFuzzer] disable -print_pcs by default (was enabled by mistake)Kostya Serebryany2017-01-031-0/+2
| | | | llvm-svn: 290899
* [libFuzzer] cleaner implementation of -print_pcs=1Kostya Serebryany2016-12-303-7/+14
| | | | llvm-svn: 290739
* Include <algorithm> for std::max etcReid Kleckner2016-12-301-0/+1
| | | | llvm-svn: 290730
* [libFuzzer] make __sanitizer_cov_trace_switch more predictableKostya Serebryany2016-12-292-24/+19
| | | | llvm-svn: 290703
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-275-2/+32
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt) llvm-svn: 290637
* [libFuzzer] don't create large random mutations when given an empty seedKostya Serebryany2016-12-271-1/+1
| | | | llvm-svn: 290634
* [libFuzzer] fix UB and simplify the computation of the RNG seed ↵Kostya Serebryany2016-12-271-2/+2
| | | | | | (https://llvm.org/bugs/show_bug.cgi?id=31456) llvm-svn: 290622
* [libfuzzer] dump_coverage command line flagMike Aizatsky2016-12-197-0/+28
| | | | | | | | Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138
* Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 ↵Daniel Jasper2016-12-176-32/+9
| | | | | | | | | | | that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" This reverts commit r289998. See comment: https://reviews.llvm.org/rL289998 llvm-svn: 290043
* [libFuzzer] use less memory for mergeKostya Serebryany2016-12-173-9/+13
| | | | llvm-svn: 290039
* [libFuzzer] speed up __sanitizer_cov_trace_switch a bit more (remove DIV)Kostya Serebryany2016-12-171-1/+11
| | | | llvm-svn: 290034
* [libFuzzer] remove stale testKostya Serebryany2016-12-171-3/+0
| | | | llvm-svn: 290033
* [libFuzzer] when tracing switch statements, handle only one case at a time ↵Kostya Serebryany2016-12-173-6/+16
| | | | | | (to make things faster). Also ensure that the signals from value profile do not intersect with the regular coverage llvm-svn: 290031
* [libfuzzer] removing experimental FuzzerFnAdapterMike Aizatsky2016-12-174-322/+0
| | | | | | | | | | | | Summary: This is superceded by protobuf mutation work. Reviewers: kcc Subscribers: mgorny Differential Revision: https://reviews.llvm.org/D27865 llvm-svn: 290018
* [libFuzzer] avoid msan false positives in more casesKostya Serebryany2016-12-163-6/+12
| | | | llvm-svn: 289999
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-166-9/+32
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code llvm-svn: 289998
* [libFuzzer] Fix index error in SearchMemory() implementation for Windows.Marcos Pividori2016-12-161-1/+1
| | | | | | Differential Revision: https://reviews.llvm.org/D27731 llvm-svn: 289966
* [libFuzzer] Remove unnecessary includes of posix headers.Marcos Pividori2016-12-163-3/+0
| | | | | | | | | Remove includes of "unistd.h" header, which is missing in non posix systems. Differential Revision: https://reviews.llvm.org/D277300 llvm-svn: 289965
* [libFuzzer] Update tests to use more general functions instead of posix ↵Marcos Pividori2016-12-162-1/+8
| | | | | | | | | | | specific. Replace sleep() posix function by a more portable sleep_for() function from std. Also, ignore memmem() and strcasestr() on Windows. Differential Revision: https://reviews.llvm.org/D27729 llvm-svn: 289964
* [libFuzzer] enable the failure-resistant merge by default (with ↵Kostya Serebryany2016-12-154-27/+31
| | | | | | trace-pc-guard only) llvm-svn: 289772
* [libFuzzer] disable msan for one more hook that reads target's data that ↵Kostya Serebryany2016-12-141-0/+3
| | | | | | might be uninitialized llvm-svn: 289680
* [libFuzzer] fix an UB (invalid shift) spotted by ubsan. The code worked fine ↵Kostya Serebryany2016-12-131-1/+1
| | | | | | by luck, because the way shifts actually work on clang+x86 llvm-svn: 289607
* [libFuzzer] Add missing header needed for Windows.Marcos Pividori2016-12-131-0/+1
| | | | llvm-svn: 289564
* [libFuzzer] Avoid name collision with Windows API.Marcos Pividori2016-12-135-6/+6
| | | | | | | | | | Windows uses some macros to replace DeleteFile() by DeleteFileA() or DeleteFileW(). This was causing an error at link time. DeleteFile was renamed to RemoveFile(). Differential Revision: https://reviews.llvm.org/D27577 llvm-svn: 289563
* [libFuzzer] Implement DirName() for Windows.Marcos Pividori2016-12-131-1/+135
| | | | | | | | | | | | | | | | | | | | Implement DirName from scratch to avoid dependencies on external libraries. It's based on MSDN documentation for Naming Files, Paths, and Namespaces. The algorithm can't simply start from the end and look backwards for the first separator, because we need to preserve the prefix that represent the root location. We shouldn't remove anything there. In Windows we have many different options, like: \\Server\Share\ , \ , C: , C:\ , \\?\C:\ , \\?\UNC\Server\Share\ We remove the last separator in the rest of the path, if it exists. It was implemented to have a similar behaviour to dirname() in linux, removing trailing separators, returning "." when the path doesn't contain separators, etc. Differential Revision: https://reviews.llvm.org/D27579 llvm-svn: 289562
* [libFuzzer] Fix bug in detecting timeouts when input string is empty.Marcos Pividori2016-12-135-1/+24
| | | | | | | | | | | | | | I added a new flag RunningCB to know if the Fuzzer's main thread is running the CB function, instead of using (!CurrentUnitSize). (!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp, inside ShuffleAndMinimize() function, we execute the callback with an empty string (size=0). Previous implementation failed to detect timeouts in that execution. Also, I add a regression test for that case. Differential Revision: https://reviews.llvm.org/D27433 llvm-svn: 289561
* [libFuzzer] Clean up headers and file formatting of LibFuzzer files.Marcos Pividori2016-12-1323-28/+48
| | | | | | | | | | | | Reorganize #includes to follow LLVM Coding Standards. Include some missing headers. Required to use `Printf()`. Aside from that, this patch contains no functional change. It is purely a re-organization. Differential Revision: https://reviews.llvm.org/D27363 llvm-svn: 289560
* [libFuzzer] Properly use unsigned for workers, jobs and NumberOfCpuCores.Marcos Pividori2016-12-134-12/+12
| | | | | | | | | | | std::thread::hardware_concurrency() returns an unsigned, so I modify NumberOfCpuCores() to return unsigned too. The number of cpus is used to define the number of workers, so I decided to update the worker and jobs flags to be declared as unsigned too. Differential Revision: https://reviews.llvm.org/D27685 llvm-svn: 289559
* [libFuzzer] Properly use unsigned for Process ID.Marcos Pividori2016-12-134-7/+7
| | | | | | | | | | Use unsigned for PID instead of signed int. GetCurrentProcessId() returns an unsigned (DWORD) so we must be sure we can deal with all possible values. I use a long unsigned to be sure it can hold a 32 bit unsigned (DWORD). Differential Revision: https://reviews.llvm.org/D27281 llvm-svn: 289558
* [libFuzzer] Improve Signal Handler interface.Marcos Pividori2016-12-135-132/+97
| | | | | | | | | | | | Add new flags to FuzzingOptions to represent the different conditions on the signal handling. These options are passed when calling SetSignalHandler(). This changes simplify the implementation of Windows's exception handling. Now we can define a unique handler for all the exceptions. Differential Revision: https://reviews.llvm.org/D27238 llvm-svn: 289557
* [libFuzzer] don't require extra flags with -minimize_crash=1 (default to ↵Kostya Serebryany2016-12-132-10/+16
| | | | | | -max_total_time=600). Also respect exact_artifact_path when outputting the end result llvm-svn: 289506
* [libFuzzer] Implement Timers for Windows.Marcos Pividori2016-12-121-1/+32
| | | | | | | | | | Implemented timeouts for Windows using TimerQueueTimers. Timers are used to supervise the time of execution of the callback function that is being fuzzed. Differential Revision: https://reviews.llvm.org/D27237 llvm-svn: 289495
OpenPOWER on IntegriCloud