summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] add more fields to DictionaryEntry to count the number of uses ↵Kostya Serebryany2016-01-222-29/+52
| | | | | | and successes llvm-svn: 258589
* Use std::piecewise_constant_distribution instead of ad-hoc binary search.Ivan Krasin2016-01-223-63/+106
| | | | | | | | | | | | | | | Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed. Reviewers: aizatsky, kcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D16487 llvm-svn: 258571
* Revert r258473 as it's breaking the build with libc++Ivan Krasin2016-01-224-57/+17
| | | | | | | | Reviewers: kcc Differential Revision: http://reviews.llvm.org/D16441 llvm-svn: 258479
* Use std::piecewise_constant_distribution instead of ad-hoc binary search.Ivan Krasin2016-01-224-17/+57
| | | | | | | | | | | | | | | | | | Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: I had to change the seed for one test to make it pass. Alternatively, the number of runs could be increased. I believe that the average time of 'foo' discovery is not increased, just seed=1 was particularly convenient for the previous PRNG scheme used. Reviewers: aizatsky, kcc Subscribers: llvm-commits, kcc Differential Revision: http://reviews.llvm.org/D16419 llvm-svn: 258473
* [libFuzzer] don't do expensive memmem if the result will not be usedKostya Serebryany2016-01-221-0/+2
| | | | llvm-svn: 258462
* [libFuzzer] don't use std::vector in one more hot pathKostya Serebryany2016-01-211-6/+29
| | | | llvm-svn: 258380
* [libfuzzer] use %p for printing addressesMike Aizatsky2016-01-211-1/+1
| | | | llvm-svn: 258370
* [libFuzzer] use std::mt19937 for generating random numbers by default. Fix ↵Kostya Serebryany2016-01-195-8/+43
| | | | | | MyStoll to handle negative values. Use std::any_of instead of std::find_if llvm-svn: 258178
* [libFuzzer] replace vector with a simpler data structure in the Dictionaries ↵Kostya Serebryany2016-01-166-53/+84
| | | | | | to avoid memory allocations on hot path llvm-svn: 257985
* [libFuzzer] introduce LLVMFuzzerInitializeKostya Serebryany2016-01-166-2/+43
| | | | llvm-svn: 257980
* [libFuzzer] move some code from public interface header to a non-public ↵Kostya Serebryany2016-01-164-79/+90
| | | | | | header. NFC llvm-svn: 257963
* [libFuzzer] do mutations based on memcmp/strcmp interceptors under a ↵Kostya Serebryany2016-01-155-25/+36
| | | | | | separate flag (-use_memcmp, default=1) llvm-svn: 257873
* [libFuzzer] use custom stol; also introduce __libfuzzer_is_present so that ↵Kostya Serebryany2016-01-151-1/+17
| | | | | | users can check for its presence. llvm-svn: 257848
* [libFuzzer] suggest a dictionary to the user of some of the trace-based ↵Kostya Serebryany2016-01-149-23/+103
| | | | | | dictionary entries were successful llvm-svn: 257736
* [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra ↵Kostya Serebryany2016-01-134-45/+51
| | | | | | allocations llvm-svn: 257713
* [libFuzzer] make sure we find buffer overflow in the input buffer. ↵Kostya Serebryany2016-01-136-17/+48
| | | | | | Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) llvm-svn: 257701
* [libFuzzer] make sure to update CurrentUnit when drillingKostya Serebryany2016-01-131-1/+4
| | | | llvm-svn: 257560
* [libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKSKostya Serebryany2016-01-121-0/+8
| | | | llvm-svn: 257482
* [libFuzzer] when a new unit is discovered using a dictionary, print all used ↵Kostya Serebryany2016-01-124-30/+35
| | | | | | dictionary entries llvm-svn: 257435
* [libFuzzer] add various debug prints. Also don't mutate based on a cmp trace ↵Kostya Serebryany2016-01-121-5/+28
| | | | | | like (a eq a) or (a neq a) llvm-svn: 257434
* [libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive ↵Kostya Serebryany2016-01-121-3/+6
| | | | | | the result of the computations. With that, don't do any mutations if memcmp/etc returned 0 llvm-svn: 257423
* [libFuzzer] debug prints in tracingKostya Serebryany2016-01-091-2/+27
| | | | llvm-svn: 257249
* [libFuzzer] change the way trace-based mutations are applied. Instead of a ↵Kostya Serebryany2016-01-098-60/+33
| | | | | | custom code just rely on the automatically created dictionary llvm-svn: 257248
* [libFuzzer] don't limit memcmp tracing with 8 bytesKostya Serebryany2016-01-093-43/+90
| | | | llvm-svn: 257245
* [libFuzzer] refactor the way we collect cmp traces (don't use std::vector, ↵Kostya Serebryany2016-01-091-22/+35
| | | | | | don't limit with 8 bytes) llvm-svn: 257239
* [libFuzzer] add a position hint to the dictionary-based mutatorKostya Serebryany2016-01-076-33/+100
| | | | llvm-svn: 257013
* [libFuzzer] extend the dictionary mutator to optionally overwrite data with ↵Kostya Serebryany2016-01-061-5/+12
| | | | | | the dict entry llvm-svn: 256900
* [libfuzzer] print_new_cov_pcs experimental option.Mike Aizatsky2016-01-065-1/+28
| | | | | | Differential Revision: http://reviews.llvm.org/D15901 llvm-svn: 256882
* [libFuzzer] make trace-based fuzzing not crash in presence of threadsKostya Serebryany2016-01-064-6/+46
| | | | llvm-svn: 256876
* [libFuzzer] add AFL-style dictionary for C++, remove the old file with tokensKostya Serebryany2015-12-222-218/+122
| | | | llvm-svn: 256229
* [libFuzzer] deprecate -save_minimized_corpus, -merge can be used insteadKostya Serebryany2015-12-192-7/+7
| | | | llvm-svn: 256086
* [libFuzzer] split the tests to run them in parallel, remove one redundant testKostya Serebryany2015-12-196-66/+41
| | | | llvm-svn: 256085
* [libFuzzer] make CrossOver just one of the other mutationsKostya Serebryany2015-12-196-38/+58
| | | | llvm-svn: 256081
* [libFuzzer] print successfull mutations sequencesKostya Serebryany2015-12-193-19/+39
| | | | llvm-svn: 256071
* Fuzzer: Fix library dependencies.Peter Collingbourne2015-12-161-0/+6
| | | | | | | | Newer versions of libstdc++ (4.9+), as well as libc++, depend directly on libpthread from the standard library headers, so libfuzzer needs to declare a standard library dependency. llvm-svn: 255745
* [LibFuzzer] Introducing FUZZER_FLAG_UNSIGNED and using it for seeding.Mike Aizatsky2015-12-105-9/+25
| | | | | | | | Differential Revision: http://reviews.llvm.org/D15339 done llvm-svn: 255296
* [libFuzzer] don't reload the corpus more than once every secondKostya Serebryany2015-12-051-1/+6
| | | | llvm-svn: 254824
* [libFuzzer] compute base64 in-process instead of using an external lib. ↵Kostya Serebryany2015-12-045-10/+45
| | | | | | Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 llvm-svn: 254784
* Libfuzzer: do not pass null into user functionMike Aizatsky2015-12-022-1/+7
| | | | | | Differential Revision: http://reviews.llvm.org/D15098 llvm-svn: 254558
* [libFuzzer] add a test that is built with -fsanitize-coverage=trace-bbKostya Serebryany2015-12-022-0/+22
| | | | llvm-svn: 254484
* [libFuzzer] add a flag -exact_artifact_pathKostya Serebryany2015-11-255-0/+12
| | | | llvm-svn: 254100
* [libFuzzer] don't crash when reporting a leak in test_single_input modeKostya Serebryany2015-11-211-2/+4
| | | | llvm-svn: 253761
* [libFuzzer] remove default initializer as a workaround for ↵Kostya Serebryany2015-11-181-1/+1
| | | | | | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399. Don't need it anyway. llvm-svn: 253419
* [libFuzzer] make libFuzzer build even with a compiler that does not have ↵Kostya Serebryany2015-11-133-10/+26
| | | | | | sanitizer headers llvm-svn: 253003
* output_csv libfuzzer optionMike Aizatsky2015-11-124-8/+25
| | | | | | | | | | | Summary: The option outputs statistics in CSV format preceded by 1 header line. This is intended for machine processing of the output. -verbosity=0 should likely be set. Differential Revision: http://reviews.llvm.org/D14600 llvm-svn: 252856
* [libFuzzer] experimental flag -drill (another search heuristic; Mike ↵Kostya Serebryany2015-11-126-20/+89
| | | | | | Aizatsky's idea) llvm-svn: 252838
* [libFuzzer] add UninstrumentedTest.cpp (missing from a previous commit)Kostya Serebryany2015-11-101-0/+8
| | | | llvm-svn: 252658
* [libFuzzer] make libFuzzer link if there is no sanitizer coverage ↵Kostya Serebryany2015-11-094-0/+50
| | | | | | instrumentation (it will fail at start-up time) llvm-svn: 252533
* [libFuzzer] print a bit fewer linesKostya Serebryany2015-11-052-2/+3
| | | | llvm-svn: 252123
* [libFuzzer] when choosing the next unit to mutate, give some preference to ↵Kostya Serebryany2015-11-042-26/+46
| | | | | | the most recent units (they are more likely to be interesting) llvm-svn: 252097
OpenPOWER on IntegriCloud