summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* Moving libFuzzer from LLVM to compiler-rt.George Karpenkov2017-08-21151-3641/+4
| | | | | | | | | This change only removes libFuzzer tests and CMake machinery, the source copy temporarily remains at the old location. Differential Revision: https://reviews.llvm.org/D36980 llvm-svn: 311405
* Always compile libFuzzer with no coverageGeorge Karpenkov2017-08-211-2/+2
| | | | | | | | Do not compile libFuzzer itself with coverage, regardless of LLVM variables Differential Revision: https://reviews.llvm.org/D36887 llvm-svn: 311374
* Get rid of even more "%T" expansions, see <https://reviews.llvm.org/D35396>.Kuba Mracek2017-08-202-2/+4
| | | | llvm-svn: 311294
* [SanitizerCoverage] Add stack depth tracing instrumentation.Matt Morehouse2017-08-182-16/+14
| | | | | | | | | | | | | | | | | | | | | | Summary: Augment SanitizerCoverage to insert maximum stack depth tracing for use by libFuzzer. The new instrumentation is enabled by the flag -fsanitize-coverage=stack-depth and is compatible with the existing trace-pc-guard coverage. The user must also declare the following global variable in their code: thread_local uintptr_t __sancov_lowest_stack https://bugs.llvm.org/show_bug.cgi?id=33857 Reviewers: vitalybuka, kcc Reviewed By: vitalybuka Subscribers: kubamracek, hiraditya, cfe-commits, llvm-commits Differential Revision: https://reviews.llvm.org/D36839 llvm-svn: 311186
* [CMake] Add install target for LLVMFuzzerPetr Hosek2017-08-141-0/+21
| | | | | | | | This allows including LLVMFuzzer as distribution component. Differential Revision: https://reviews.llvm.org/D36540 llvm-svn: 310897
* [libFuzzer] try to use less RAM while processing the initial corpusKostya Serebryany2017-08-141-1/+2
| | | | llvm-svn: 310881
* [libFuzzer] explicitly use -fsanitize-coverage=trace-pc-guard in ↵Kostya Serebryany2017-08-143-7/+7
| | | | | | test/dump_coverage.test; mark print_coverage/dump_coverage as To-be-deprecated llvm-svn: 310877
* [libFuzzer] experimental support for Clang's coverage ↵Kostya Serebryany2017-08-116-15/+99
| | | | | | (fprofile-instr-generate), Linux-only llvm-svn: 310771
* [libFuzzer] Re-enable coverage.test on Darwin.George Karpenkov2017-08-111-2/+0
| | | | llvm-svn: 310750
* [libFuzzer] Update LibFuzzer w.r.t. the new comparisons instrumentation APIAlexander Potapenko2017-08-101-0/+35
| | | | | | | | | | Added the _sanitizer_cov_trace_const_cmp[1248] callbacks. For now they are implemented the same way as _sanitizer_cov_trace_cmp[1248]. For more details, please see https://reviews.llvm.org/D36465. Patch by Victor Chibotaru. llvm-svn: 310592
* [libFuzzer] simplify code, NFCKostya Serebryany2017-08-082-11/+7
| | | | llvm-svn: 310326
* [libFuzzer] remove stale codeKostya Serebryany2017-08-083-14/+0
| | | | llvm-svn: 310325
* [libFuzzer] simplify the implementation of -print_coverage=1Kostya Serebryany2017-08-082-103/+69
| | | | llvm-svn: 310324
* Do not instrument libFuzzer itself when built with -DLLVM_USE_SANITIZE_COVERAGEGeorge Karpenkov2017-08-071-0/+5
| | | | | | | | Fixes regression from https://reviews.llvm.org/D36295 Differential Revision: https://reviews.llvm.org/D36428 llvm-svn: 310305
* [libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) ↵Kostya Serebryany2017-08-045-13/+25
| | | | | | to implement -exit_on_src_pos llvm-svn: 310151
* [libFuzzer] print PCs using the in-binary PC-table instead of relying on PCs ↵Kostya Serebryany2017-08-043-21/+40
| | | | | | captured at run-time llvm-svn: 310148
* [libFuzzer] re-enable fuzzer-printcovpcs.testKostya Serebryany2017-08-041-1/+1
| | | | llvm-svn: 310126
* [libFuzzer] make a test more robustKostya Serebryany2017-08-041-1/+1
| | | | llvm-svn: 310113
* [libFuzzer] remove the now redundant 'LLVMFuzzer-' prefix from libFuzzer testsKostya Serebryany2017-08-0465-241/+241
| | | | llvm-svn: 310110
* [libFuzzer] split one test into severalKostya Serebryany2017-08-047-24/+24
| | | | llvm-svn: 310106
* [libFuzzer tests] Only enable libFuzzer tests ifGeorge Karpenkov2017-08-042-18/+16
| | | | | | -DLIBFUZZER_ENABLE_TESTS=ON is set. llvm-svn: 310100
* [libFuzzer] make trace-pc.test more reliableKostya Serebryany2017-08-041-1/+1
| | | | llvm-svn: 310091
* Fixing buildbots: do not register check-fuzzer if clang or asan are notGeorge Karpenkov2017-08-041-12/+15
| | | | | | present. llvm-svn: 310077
* Drop Windows support from libFuzzer tests.George Karpenkov2017-08-049-55/+5
| | | | | | Differential Revision: https://reviews.llvm.org/D36205 llvm-svn: 310076
* Port libFuzzer tests to LIT. Do not require two-stage build for check-fuzzer.George Karpenkov2017-08-0472-442/+341
| | | | | | | | | | | | | | | | | | | | | This revision ports all libFuzzer tests apart from the unittest to LIT. The advantages of doing so include: - Tests being self-contained - Much easier debugging of a single test - No need for using a two-stage compilation The unit-test is still compiled using CMake, but it does not need a freshly built compiler. NOTE: The previous two-stage bot configuration will NOT work, as in the second stage build LLVM_USE_SANITIZER is set, which disables ASAN from being built. Thus bots will be reconfigured in the next few commits. Differential Revision: https://reviews.llvm.org/D36295 llvm-svn: 310075
* Disable libFuzzer tests on WindowsGeorge Karpenkov2017-08-041-2/+10
| | | | | | Differential Revision: https://reviews.llvm.org/D36297 llvm-svn: 310009
* [libFuzzer] Un-reverting change in tests after fixing the failure on Linux.George Karpenkov2017-08-031-1/+1
| | | | | | Differential Revision: https://reviews.llvm.org/D36242 llvm-svn: 309982
* Revert "[libFuzzer tests] Use substring comparison in libFuzzer tests"George Karpenkov2017-08-021-1/+1
| | | | | | | | This reverts commit 3592d8049660dcdd07f7c2e797f2de9790f93111. Breaks the bots, reverting for now. llvm-svn: 309899
* [libFuzzer tests] Use substring comparison in libFuzzer testsGeorge Karpenkov2017-08-021-1/+1
| | | | | | | | | LIT launches executables with absolute, and not relative, path. strncmp would try to do exact comparison and fail. Differential Revision: https://reviews.llvm.org/D36242 llvm-svn: 309889
* [libFuzzer] temporarty remove pc-tables and disable ↵Kostya Serebryany2017-08-012-2/+3
| | | | | | test/fuzzer-printcovpcs.test until this can be fixed on Windows llvm-svn: 309716
* [libFuzzer] implement more correct way of computing feature index for ↵Kostya Serebryany2017-08-012-11/+18
| | | | | | Inline8bitCounters llvm-svn: 309647
* [libFuzzer] enable -fsanitize-coverage=pc-table for all testsKostya Serebryany2017-08-014-11/+22
| | | | llvm-svn: 309646
* [libFuzzer] implement __sanitizer_cov_pcs_init and add pc-table to build ↵Kostya Serebryany2017-07-313-6/+32
| | | | | | flags for one test (for now) llvm-svn: 309615
* [libFuzzer] improve support for inline-8bit-counters (make it more correct ↵Kostya Serebryany2017-07-283-3/+21
| | | | | | and faster) llvm-svn: 309443
* [libFuzzer] don't disable msan for TracePC::CollectFeatures: this started to ↵Kostya Serebryany2017-07-251-1/+1
| | | | | | cause false positives in msan. No tests for libFuzzer+msan yet -- tests will need to wait until we move libFuzzer to compiler-rt llvm-svn: 309038
* [libFuzzer] make one test faster, fix compiler warnings in testsKostya Serebryany2017-07-254-4/+4
| | | | llvm-svn: 308945
* Revert "Revert "[libFuzzer] Add a dependency on symbolizer from libFuzzer ↵George Karpenkov2017-07-241-1/+1
| | | | | | | | | | tests"" This reverts commit 15425f2bc6eac6249ee957a2a280511306c07547. Should work now that atos is a default symbolizer on Darwin. llvm-svn: 308910
* [libFuzzer] reimplement experimental_len_control=1: bump the temporary ↵Kostya Serebryany2017-07-224-22/+34
| | | | | | max_len every time we failed to find new coverage during the last 1000 runs and 1 second. Also fix FileToVector to not load unfinished files llvm-svn: 308811
* Generate error reports when a fuzz target exits.Matt Morehouse2017-07-2021-20/+59
| | | | | | | | | | | | | | | | | | | | | | Summary: Implements https://github.com/google/sanitizers/issues/835. Flush stdout before exiting in test cases. Since the atexit hook is used for exit reports, pending prints to stdout can be lost if they aren't flushed before calling exit(). Expect tests to have non-zero exit code if exit() is called. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: eraman, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D35602 llvm-svn: 308669
* [libFuzzer] delete stale codeKostya Serebryany2017-07-201-23/+0
| | | | llvm-svn: 308663
* [libFuzzer] make sure CheckExitOnSrcPosOrItem is called after the new input ↵Kostya Serebryany2017-07-202-4/+6
| | | | | | is saved to the corpus llvm-svn: 308653
* [libFuzzer] prototype implementation of recursion-depth coverage features ↵Kostya Serebryany2017-07-205-4/+30
| | | | | | (commented out; real implementation needs to use inlined instrumentation) llvm-svn: 308577
* [libFuzzer] add DeepRecursionTest, inspired by ↵Kostya Serebryany2017-07-202-0/+26
| | | | | | https://guidovranken.wordpress.com/2017/07/08/libfuzzer-gv-new-techniques-for-dramatically-faster-fuzzing/ (Stack-depth-guided fuzzing). libFuzzer does not solve it yet. llvm-svn: 308571
* Try to deflake fuzzer-oom.test on WindowsReid Kleckner2017-07-201-1/+5
| | | | llvm-svn: 308568
* [libFuzzer] simplify two more testsKostya Serebryany2017-07-192-3/+3
| | | | llvm-svn: 308560
* [libFuzzer] change several tests to not limit the max len: with ↵Kostya Serebryany2017-07-196-7/+5
| | | | | | reduce_inputs=1 they are now fast enough even w/o this llvm-svn: 308553
* Fix fuzzer-flags.test on WindowsReid Kleckner2017-07-192-3/+1
| | | | | | | | | | | The optional external function callbacks have to be exported in order for them to be called. The test was failing because libFuzzer wasn't calling LLVMFuzzerInitialize. We can reconsider if this is the best way to mark these optional callbacks exported later. llvm-svn: 308548
* [libFuzzer] enable reduce_inputs=1 by default (seems to be a big win usually)Kostya Serebryany2017-07-193-6/+6
| | | | llvm-svn: 308541
* [libFuzzer] when adding a reduced input print REDUCED instead of NEWKostya Serebryany2017-07-183-5/+8
| | | | llvm-svn: 308336
* [libFuzzer] improve -reduce_inputs=1: now only consider the unique features ↵Kostya Serebryany2017-07-184-26/+23
| | | | | | of very input (seems to work much better) llvm-svn: 308253
OpenPOWER on IntegriCloud