summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] better algorithm for -minimize_crashKostya Serebryany2016-10-153-5/+25
| | | | llvm-svn: 284299
* [libFuzzer] remove subdir fuzzer-test-suite as it is now superseded with ↵Kostya Serebryany2016-10-1419-410/+0
| | | | | | https://github.com/google/fuzzer-test-suite llvm-svn: 284275
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-1412-12/+157
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] more detailed message for disabled leak detectionKostya Serebryany2016-10-131-2/+4
| | | | llvm-svn: 284169
* [libFuzzer] add -trace_malloc= flagKostya Serebryany2016-10-137-5/+70
| | | | llvm-svn: 284149
* [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a ↵Kostya Serebryany2016-10-132-36/+23
| | | | | | fix for gcc build llvm-svn: 284132
* Revert "[libFuzzer] refactoring to speed things up, NFC"Daniel Jasper2016-10-122-20/+35
| | | | | | | | | | | This reverts commit r283946. This breaks when build with GCC: lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes] lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here llvm-svn: 283979
* [libFuzzer] refactoring to speed things up, NFCKostya Serebryany2016-10-112-35/+20
| | | | llvm-svn: 283946
* [libFuzzer] implement value profile for switch, increase the size of the PCs ↵Kostya Serebryany2016-10-113-4/+11
| | | | | | array, make sure we don't overflow it llvm-svn: 283841
* [libFuzzer] add switch testsKostya Serebryany2016-10-112-0/+38
| | | | llvm-svn: 283840
* [libFuzzer] make a test less flakyKostya Serebryany2016-10-091-1/+0
| | | | llvm-svn: 283686
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-088-25/+46
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] control the reload interval by a flag, make it 10 seconds by defaultKostya Serebryany2016-10-084-9/+13
| | | | llvm-svn: 283676
* [libFuzzer] fix use-after-free in libFuzzer found by ... fuzzing.Kostya Serebryany2016-10-081-24/+23
| | | | llvm-svn: 283675
* [libFuzzer] be more careful with memory usage, print peak rss in status linesKostya Serebryany2016-10-063-2/+4
| | | | llvm-svn: 283418
* [libFuzzer] when re-running for lsan, don't look at the coverageKostya Serebryany2016-10-051-1/+1
| | | | llvm-svn: 283411
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-0512-150/+145
| | | | llvm-svn: 283409
* [libFuzzer] add ShrinkValueProfileTest, move code around, NFCKostya Serebryany2016-10-058-111/+141
| | | | llvm-svn: 283286
* [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller ↵Kostya Serebryany2016-10-053-6/+38
| | | | | | elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines llvm-svn: 283279
* [libFuzzer] remove dfsan support and some related stale code. This is not ↵Kostya Serebryany2016-10-049-449/+1
| | | | | | being used and as is is pretty weak anyway llvm-svn: 283187
* [libFuzzer] change the probabilities so that we choose only the inputs that ↵Kostya Serebryany2016-10-042-4/+13
| | | | | | are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now) llvm-svn: 283178
* [libFuzzer] add fuzzer test for libxml2, finds ↵Kostya Serebryany2016-10-013-0/+38
| | | | | | https://bugzilla.gnome.org/show_bug.cgi?id=751631 llvm-svn: 283024
* [libFuzzer] fix a recent bugs (buffer overflow)Kostya Serebryany2016-10-011-1/+1
| | | | llvm-svn: 283021
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-018-13/+51
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] remove some experimental codeKostya Serebryany2016-09-302-21/+12
| | | | llvm-svn: 282983
* [libFuzzer] fix openssl fuzzer tests when running on a machine w/o openssl ↵Kostya Serebryany2016-09-302-2/+2
| | | | | | installed llvm-svn: 282972
* [libFuzzer] remove unused optionKostya Serebryany2016-09-307-20/+8
| | | | llvm-svn: 282971
* [libFuzzer] move common parts of shell scripts into a separate fileKostya Serebryany2016-09-309-68/+58
| | | | llvm-svn: 282954
* [libFuzzer] add a fuzzer test that finds CVE-2015-3193Kostya Serebryany2016-09-303-0/+184
| | | | llvm-svn: 282892
* [libfuzzer] test for c-ares CVE-2016-5180Kostya Serebryany2016-09-303-0/+50
| | | | llvm-svn: 282839
* [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still ↵Kostya Serebryany2016-09-304-47/+2
| | | | | | works with the new one (trace-pc-guard) llvm-svn: 282831
* [libFuzzer] more the feature set to InputCorpus; on feature update, change ↵Kostya Serebryany2016-09-304-39/+80
| | | | | | the feature counter of the old best input llvm-svn: 282829
* [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create ↵Kostya Serebryany2016-09-293-12/+13
| | | | | | one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735
* [libFuzzer] initialize ValueBitMap::NumBitsKostya Serebryany2016-09-291-1/+1
| | | | llvm-svn: 282721
* [libFuzzer] speedup TracePC::FinalizeTraceKostya Serebryany2016-09-282-15/+22
| | | | llvm-svn: 282562
* [libFuzzer] run re2 test in 8 threads by defaultKostya Serebryany2016-09-271-1/+1
| | | | llvm-svn: 282469
* [sanitizer-coverage] fix a bug in trace-gepKostya Serebryany2016-09-271-1/+1
| | | | llvm-svn: 282467
* [libFuzzer] add a test based on openssl-1.0.1f (finds heartbleed)Kostya Serebryany2016-09-275-0/+89
| | | | llvm-svn: 282460
* [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany2016-09-2712-13/+55
| | | | | | for RE2 that uses this flag llvm-svn: 282458
* [libFuzzer] add a standalone build script Kostya Serebryany2016-09-241-0/+10
| | | | llvm-svn: 282321
* [libFuzzer] simplify HandleTrace again, start re-running interesting units ↵Kostya Serebryany2016-09-236-9/+75
| | | | | | and collecting their features. llvm-svn: 282316
* [libFuzzer] first steps in adding a proper automated test suite based on ↵Kostya Serebryany2016-09-232-0/+48
| | | | | | real-life code: add a script to build RE2 at a revision that has known bugs llvm-svn: 282292
* [libFuzzer] reset Counters (trace-pc-guard) before every runKostya Serebryany2016-09-231-1/+1
| | | | llvm-svn: 282284
* [libFuzzer] be more precise about what we reset in TracePCKostya Serebryany2016-09-232-6/+8
| | | | llvm-svn: 282225
* [libFuzzer] fix merging with trace-pc-guardKostya Serebryany2016-09-238-27/+25
| | | | llvm-svn: 282224
* [libFuzzer] simplify the TracePC logicKostya Serebryany2016-09-233-29/+20
| | | | llvm-svn: 282222
* [libFuzzer] move value profiling logic into TracePCKostya Serebryany2016-09-236-32/+21
| | | | llvm-svn: 282219
* [libFuzzer] change ValueBitMap to remember the number of bits in itKostya Serebryany2016-09-237-30/+29
| | | | llvm-svn: 282216
* [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen ↵Kostya Serebryany2016-09-223-29/+36
| | | | | | and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen llvm-svn: 282211
* [libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany2016-09-228-44/+66
| | | | | | > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
OpenPOWER on IntegriCloud