summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] make libFuzzer work with a bit older clang versionsKostya Serebryany2016-08-061-8/+10
| | | | llvm-svn: 277941
* [libFuzzer] don't print bogus error messageKostya Serebryany2016-08-061-2/+3
| | | | llvm-svn: 277940
* [libfuzzer] do not warn about missing pcbuffer functions: they are new.Mike Aizatsky2016-08-061-2/+2
| | | | llvm-svn: 277927
* [sanitizers] trace buffer API to use user-allocated buffer.Mike Aizatsky2016-08-053-27/+53
| | | | | | Differential Revision: https://reviews.llvm.org/D23185 llvm-svn: 277859
* [libFuzzer] extend the messages printed by afl_driverKostya Serebryany2016-07-191-4/+12
| | | | llvm-svn: 276052
* [libFuzzer] properly intercept memmemKostya Serebryany2016-07-192-2/+15
| | | | llvm-svn: 276006
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-159-6/+67
| | | | llvm-svn: 275648
* [libFuzzer] add ThreadedLeakTestKostya Serebryany2016-07-153-0/+24
| | | | llvm-svn: 275582
* [LibFuzzer] Unbreak the build on macOS which was broken by r272858.Dan Liew2016-07-071-0/+6
| | | | | | | | | ``afl_driver.cpp`` currently relies on weak symbols which doesn't work properly under macOS. For now fix the build by providing a dummy implementation of ``LLVMFuzzerInitialize(...)``. This is just a temporary measure until we fix ``afl_driver.cpp`` for macOS. llvm-svn: 274778
* [libFuzzer] Let user specify extra stats file.Mike Aizatsky2016-06-303-4/+208
| | | | | | | | | | | | Summary: If AFL_DRIVER_EXTRA_STATS_FILENAME is set and valid, write to it peak_rss_mb and slowest_unit_time_sec. These are both stats that libFuzzer can print but afl cannot. Reviewers: kcc, aizatsky, metzman Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21742 llvm-svn: 274273
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-236-60/+65
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [libFuzzer] Add standard license info and comment header to AFLDriverTest.cppVitaly Buka2016-06-231-0/+4
| | | | | | | | | | | | Summary: Add license info and brief description of file to AFLDriverTest.cpp. Reviewers: kcc, aizatsky Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21487 llvm-svn: 273527
* [libFuzzer] make the single-run output more reliableKostya Serebryany2016-06-172-4/+4
| | | | llvm-svn: 272998
* [libFuzzer] use the new chainable malloc hooks instead of the old ↵Kostya Serebryany2016-06-163-39/+32
| | | | | | un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable llvm-svn: 272948
* Fix test from D21194Vitaly Buka2016-06-161-2/+1
| | | | | | Bot sets ASAN_OPTIONS=handle_abort=1 which prevents expected crash. llvm-svn: 272866
* Debugging D21194 issues on botVitaly Buka2016-06-161-0/+1
| | | | llvm-svn: 272863
* Enable libFuzzer's afl_driver to append stderr to a file.Vitaly Buka2016-06-164-0/+56
| | | | | | | | | | | | | | | | | | | Summary: [libFuzzer] Enable afl_driver to append stderr to a user specified file. Append stderr of afl_driver to the file specified by the environmental variable AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs on crashes without rerunning crashing test cases (which won't work for crashes that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz and users would have no way of seeing it. Reviewers: llvm-commits, aizatsky, kcc, vitalybuka Subscribers: vitalybuka Differential Revision: http://reviews.llvm.org/D21194 llvm-svn: 272858
* [LibFuzzer] Fix ``FuzzerMutate.ShuffleBytes2`` unit test on OSX.Dan Liew2016-06-151-1/+1
| | | | | | | | | | | | | | | | The ``FuzzerMutate.ShuffleBytes2`` unit test was failing on OSX due to the implementation of ``std::random_shuffle()`` being different between libcxx and libstdc++. @kcc has decided (see http://reviews.llvm.org/D21218) it is acceptable for there to be different mutation behavior on different platforms so this commit just adjusts the test to perform the minimum number of iterations (that is a power of 2) to see all the mutations the unit test is looking for. Differential Revision: http://reviews.llvm.org/D21359 llvm-svn: 272743
* Revert "Enable libFuzzer's afl_driver to append stderr to a file."Vitaly Buka2016-06-144-56/+0
| | | | | | | | | Crashes with AddressSanitizer: SEGV on unknown address http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer/builds/9924/steps/annotate/logs/stdio This reverts commit r272706. llvm-svn: 272726
* Enable libFuzzer's afl_driver to append stderr to a file.Vitaly Buka2016-06-144-0/+56
| | | | | | | | | | | | | | | | | | | Summary: [libFuzzer] Enable afl_driver to append stderr to a user specified file. Append stderr of afl_driver to the file specified by the environmental variable AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs on crashes without rerunning crashing test cases (which won't work for crashes that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz and users would have no way of seeing it. Reviewers: llvm-commits, aizatsky, kcc, vitalybuka Subscribers: vitalybuka Differential Revision: http://reviews.llvm.org/D21194 llvm-svn: 272706
* [LibFuzzer] Disable the ``fuzzer-trace-pc.test`` test on non-linux platforms.Dan Liew2016-06-141-0/+4
| | | | | | | | | | | | On OSX this test sometimes fails due to the ``LLVMFuzzer-FullCoverageSetTest-TracePC`` program going over the default 2GiB memory limit. This shouldn't be happening and needs investigating. For now just disable the test so we can set up an OSX buildbot. Differential Revision: http://reviews.llvm.org/D21319 llvm-svn: 272696
* [LibFuzzer] Move tests in ``fuzzer-traces.test`` that require hooks to their ↵Dan Liew2016-06-142-17/+23
| | | | | | | | | | | | | own test. The tests in ``fuzzer-traces-hooks.test`` only work on Linux because calls to hooks (e.g. ``__sanitizer_weak_hook_memcmp()``) from inside the sanitizer runtime are only implemented on Linux. Therefore these tests are set to only run on Linux. Differential Revision: http://reviews.llvm.org/D21253 llvm-svn: 272600
* [LibFuzzer] Fix some unit test crashes on OSX.Dan Liew2016-06-101-0/+4
| | | | | | | | | | | | | | | | | | | | | This fixes the following unit tests: FuzzerDictionary.ParseOneDictionaryEntry FuzzerDictionary.ParseDictionaryFile The issue appears to be mixing non-ASan-ified code (LibFuzzer) and ASan-ified code (the unittest) as the tests would pass fine if everything was built with ASan enabled. I believe the issue is that different implementations of std::vector<> are being used in LibFuzzer and outside LibFuzzer (in the unittests). For Libcxx (I've not seen the issue manifest for libstdc++) we can disable the ASanified std::vector<> by definining the ``_LIBCPP_HAS_NO_ASAN`` macro. Doing this fixes the tests on OSX. Differential Revision: http://reviews.llvm.org/D21049 llvm-svn: 272374
* [libFuzzer] add one more OOM test, which we currently don't handle very wellKostya Serebryany2016-06-092-0/+30
| | | | llvm-svn: 272240
* [libFuzzer] add 'weak' back to __sanitizer_malloc_hook and __sanitizer_free_hookKostya Serebryany2016-06-081-0/+2
| | | | llvm-svn: 272116
* [libFuzzer] add a test that is built w/o coverage instrumentation but has ↵Kostya Serebryany2016-06-085-1/+27
| | | | | | the coverage rt (it should now fail with a descriptive message) llvm-svn: 272090
* [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew2016-06-078-73/+84
| | | | | | | | | | | | | | | | | | | | | | | This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
* [LibFuzzer] Split the fuzzer-oom.test into two tests.Dan Liew2016-06-073-1/+14
| | | | | | | | | | This is necessary because the existing fuzzer-oom.test was Linux specific due to its use of __sanitizer_print_memory_profile() which is only available on Linux right now and so the test would fail on OSX. Differential Revision: http://reviews.llvm.org/D20977 llvm-svn: 272061
* [libfuzzer] custom crossover interface function.Mike Aizatsky2016-06-077-0/+107
| | | | | | Differential Revision: http://reviews.llvm.org/D21089 llvm-svn: 272054
* [libfuzzer] prune_corpus option for disabling pruning during the load.Mike Aizatsky2016-06-075-1/+19
| | | | | | | | | | Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035
* [LibFuzzer] s/dataflow sanitizer/DataflowSanitizer/Dan Liew2016-06-071-2/+2
| | | | llvm-svn: 271980
* [LibFuzzer] Disable building and running LSan tests on Apple platforms ↵Dan Liew2016-06-074-0/+18
| | | | | | | | because LSan is not currently supported. Differential Revision: http://reviews.llvm.org/D20947 llvm-svn: 271979
* [LibFuzzer] Provide stub implementation of __sanitizer_cov_trace_pc_indirDan Liew2016-06-061-1/+9
| | | | | | | | | | | | | Calls to this function are currently injected by the ``SanitizerCoverageModule`` pass when the both the ``indirect-calls`` and ``trace-pc`` sanitizer coverage options are enabled and the code being instrumented has indirect calls. Previously because LibFuzzer did not define this function this would lead to link errors when building some of the tests on OSX. Differential Revision: http://reviews.llvm.org/D20946 llvm-svn: 271938
* [libfuzzer] hiding custom mutator handling in MutationDispatcher.Mike Aizatsky2016-06-033-29/+60
| | | | | | | | Summary: Refactoring, no functional changes. Differential Revision: http://reviews.llvm.org/D20975 llvm-svn: 271740
* [libfuzzer] splitting fuzzer.testMike Aizatsky2016-06-0311-97/+99
| | | | llvm-svn: 271697
* [LibFuzzer] Disable compiling and running the LibFuzzer dataflow sanitizer ↵Dan Liew2016-06-024-1/+19
| | | | | | | | | | | tests on Apple platforms. This fixes a broken part of the build on OSX as the dataflow sanitizer is not supported on OSX yet. Differential Revision: http://reviews.llvm.org/D20894 llvm-svn: 271492
* [LibFuzzer] Reimplement how the optional user functions are called.Dan Liew2016-06-029-20/+171
| | | | | | | | | | | | | | | | | | | | | | | | | | The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491
* [libFuzzer] use __sanitizer_print_memory_profile to print the memory profile ↵Kostya Serebryany2016-06-022-1/+5
| | | | | | on OOM llvm-svn: 271465
* [libFuzzer] when an invalid flag is given, warn, but don't crashKostya Serebryany2016-06-012-2/+7
| | | | llvm-svn: 271404
* [libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL ↵Kostya Serebryany2016-05-292-5/+8
| | | | | | caused a push_back in the main corpus invalidating the vector<> iterators in rare cases. llvm-svn: 271186
* [libFuzzer] fix a failure that occurs when running individual inputsKostya Serebryany2016-05-281-0/+1
| | | | llvm-svn: 271095
* [libFuzzer] use __sanitizer_set_report_fd with -close_fd_mask. This allows ↵Kostya Serebryany2016-05-272-1/+9
| | | | | | us to keep asan reports when closing target's stderr llvm-svn: 271053
* Fix compilation with GCC, which treats this as a constructor name not a typeRichard Smith2016-05-271-1/+1
| | | | | | name. (GCC is correct here per the latest language DRs.) llvm-svn: 271044
* [LibFuzzer] Refactor declaration of tests in CMake.Dan Liew2016-05-276-115/+104
| | | | | | | | | | | | | | | | | | Add a new CMake function (``add_libfuzzer_test()``) to simplify declaration of executables for testing LibFuzzer and use it to reorganise how tests are declared. Note that configuration of the lit configuration files has been moved as late as possible because we are going to need to disable some tests for some platforms and we will need to propagate this information into the lit configuration. Note the code for custom mains was removed because no tests are currently written for this and Kostya seems happy to remove this. Differential Revision: http://reviews.llvm.org/D20706 llvm-svn: 270958
* [libFuzzer] make check-fuzzer a bit fasterKostya Serebryany2016-05-271-3/+2
| | | | llvm-svn: 270947
* [libFuzzer] make OOM-handling more portable. Instead of sending a signal to ↵Kostya Serebryany2016-05-273-55/+21
| | | | | | the main fuzzing thread, print the message in the getrusage thread and exit. llvm-svn: 270945
* [libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid ↵Kostya Serebryany2016-05-273-15/+26
| | | | | | pointer to read from llvm-svn: 270942
* [libFuzzer] more refactoring around CurrentUnit. Also add a threading test ↵Kostya Serebryany2016-05-265-25/+63
| | | | | | on which we currently have a race (when reporting bugs from multiple threads) llvm-svn: 270929
* [LibFuzzer] Add missing #include<string>Dan Liew2016-05-261-0/+1
| | | | | | | This partially fixes the compilation of the LibFuzzer unit test on OSX using AppleClang. llvm-svn: 270926
* [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFCKostya Serebryany2016-05-263-28/+37
| | | | llvm-svn: 270922
OpenPOWER on IntegriCloud