summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] fix a warning from Wunreachable-code-loop-increment reported by ↵Kostya Serebryany2017-05-151-1/+1
| | | | | | Christian Holler. This also fixes a logical bug, which however does not affect the libFuzzer's ability too much (I wasn't able to create a differentiating test) llvm-svn: 303087
* [libFuzzer] fix a compiler warningKostya Serebryany2017-05-101-1/+2
| | | | llvm-svn: 302747
* [libFuzzer] update docs on -print_coverage/-dump_coverageKostya Serebryany2017-05-091-4/+4
| | | | llvm-svn: 302498
* [libFuzzer] make sure the input data is not overwritten in the fuzz target ↵Kostya Serebryany2017-05-096-1/+39
| | | | | | (if it is -- report an error) llvm-svn: 302494
* [libFuzzer] exit without running atexit handlers in libfuzzer's crash handlerVitaly Buka2017-05-031-1/+1
| | | | | | | | | | | | | | | Summary: It's not safe to assume that atexit handlers can be run once the app crashed. Patch by Jochen Eisinger. Reviewers: kcc, vitalybuka Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D32640 llvm-svn: 302076
* Fuzzer: Mark test/cxxstring.test UNSUPPORTED: windowsDuncan P. N. Exon Smith2017-04-281-0/+2
| | | | | | | | | This has been mysteriously failing since r301593, which cleaned up the types of things like size_t and SIZE_MAX for freestanding targets. Reid and Kostya suggested marking it as UNSUPPORTED on windows, given that no one has been able to reproduce locally. llvm-svn: 301719
* Remove unnecessary semicolonSanjoy Das2017-04-281-1/+1
| | | | | | This shows up as a -Wpendatic error on GCC. llvm-svn: 301616
* Fixup for r301054: Use an explicit constructor.Kuba Mracek2017-04-211-1/+1
| | | | llvm-svn: 301061
* Fixup for r301054: Only use __attribute__((no_sanitize("memory"))) when it's ↵Kuba Mracek2017-04-211-1/+5
| | | | | | available. llvm-svn: 301058
* [libFuzzer] Always build libFuzzer Kuba Mracek2017-04-211-34/+40
| | | | | | | | | | | | | | | There are two reasons why users might want to build libfuzzer: - To fuzz LLVM itself - To get the libFuzzer.a archive file, so that they can attach it to their code This change always builds libfuzzer, and supports the second use case if the specified flag is set. The point of this patch is to have something that can potentially be shipped with the compiler, and this also ensures that the version of libFuzzer is correct to use with that compiler. Patch by George Karpenkov. Differential Revision: https://reviews.llvm.org/D32096 llvm-svn: 301054
* Fixup for r301007: Restrict the -D hack to Darwin.Kuba Mracek2017-04-211-7/+9
| | | | llvm-svn: 301017
* Revert r301010: Bot failures on Windows, NetBSD and even some old Darwin.Kuba Mracek2017-04-211-20/+14
| | | | llvm-svn: 301012
* [libFuzzer] Always build libFuzzerKuba Mracek2017-04-211-14/+20
| | | | | | | | | | | | | | | There are two reasons why users might want to build libfuzzer: - To fuzz LLVM itself - To get the libFuzzer.a archive file, so that they can attach it to their code This change always builds libfuzzer, and supports the second use case if the specified flag is set. The point of this patch is to have something that can potentially be shipped with the compiler, and this also ensures that the version of libFuzzer is correct to use with that compiler. Patch by George Karpenkov. Differential Revision: https://reviews.llvm.org/D32096 llvm-svn: 301010
* [libFuzzer] Changing thread_local to __thread in libFuzzerKuba Mracek2017-04-211-0/+13
| | | | | | | | Old Apple compilers do not support thread_local keyword. This patch adds -Dthread_local=__thread when the compiler doesn't support thread_local. Differential Revision: https://reviews.llvm.org/D32312 llvm-svn: 301007
* [libFuzzer] Check for target(popcnt) capability before usageKuba Mracek2017-04-211-2/+10
| | | | | | | | | | | Older compilers (e.g. LLVM 3.4) do not support the attribute target("popcnt"). In order to support those, this diff check the attribute support using the preprocessor. Patch by George Karpenkov. Differential Revision: https://reviews.llvm.org/D32311 llvm-svn: 300999
* Revert "[libFuzzer] XFAIL fuzzer-oom.test on Darwin."Ahmed Bougacha2017-04-201-1/+0
| | | | | | | | This reverts commit r300127. r300759 implemented StopTheWorld for Darwin, so the test passes again. llvm-svn: 300801
* [libFuzzer] extend help for -minimize_crash to cover ↵Kostya Serebryany2017-04-191-0/+2
| | | | | | ASAN_OPTIONS=dedup_token_length=3 llvm-svn: 300800
* Revert r300789: There are Windows bot failures.Kuba Mracek2017-04-191-20/+14
| | | | llvm-svn: 300794
* [libFuzzer] Always build libFuzzerKuba Mracek2017-04-191-14/+20
| | | | | | | | | | | | | There are two reasons why users might want to build libfuzzer: - To fuzz LLVM itself - To get the libFuzzer.a archive file, so that they can attach it to their code This change always builds libfuzzer, and supports the second use case if the specified flag is set. The point of this patch is to have something that can potentially be shipped with the compiler, and this also ensures that the version of libFuzzer is correct to use with that compiler. Differential Revision: https://reviews.llvm.org/D32096 llvm-svn: 300789
* [libFuzzer] remove -output_csv option. It duplicates the default output and ↵Kostya Serebryany2017-04-194-14/+1
| | | | | | got out of sync llvm-svn: 300768
* [libFuzzer] update -help: mention -exact_artifact_path in help for ↵Kostya Serebryany2017-04-191-2/+6
| | | | | | -minimize_crash and -cleanse_crash llvm-svn: 300642
* [libFuzzer] experimental option -cleanse_crash: tries to replace all bytes ↵Kostya Serebryany2017-04-175-0/+85
| | | | | | in a crash reproducer with garbage, while still preserving the crash llvm-svn: 300498
* [libFuzzer] XFAIL fuzzer-oom.test on Darwin.Akira Hatanaka2017-04-121-0/+1
| | | | | | | | | | | | | The test fails on Darwin because Fuzzer::DeathCallback (which calls DumpCurrentUnit("crash-")) is called before DumpCurrentUnit("oom-") is called in Fuzzer::RssLimitCallback. DeathCallback is transitively called from __sanitizer_print_memory_profile. This should fix the fuzzer bot that has been failing for a while: http://lab.llvm.org:8080/green/job/libFuzzer/ llvm-svn: 300127
* [libFuzzer] fix type in signal name.Vitaly Buka2017-04-111-1/+1
| | | | | | | | Fixes PR32576. Patch by Jakub Zawadzki. llvm-svn: 299968
* [Fuzzer] Flush std::cout before aborting in CxxStringEqTestReid Kleckner2017-04-031-0/+1
| | | | | | | On Windows, abort() does not appear to flush std::cout. Should fix red sanitizer-windows bot. llvm-svn: 299398
* [libFuzzer] simplify the code a bitKostya Serebryany2017-03-313-17/+14
| | | | llvm-svn: 299180
* [libFuzzer] tests: don't test 64-bit comparison on 32-bit buildsKostya Serebryany2017-03-312-5/+7
| | | | llvm-svn: 299179
* [libFuzzer] ensure that strncmp is not inlined in a testKostya Serebryany2017-03-311-1/+2
| | | | llvm-svn: 299177
* [libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while ↵Kostya Serebryany2017-03-315-9/+17
| | | | | | calling mem*/str* inside libFuzzer itself llvm-svn: 299167
* [libFuzzer] try to fix value-profile-strncmp on the Mac botKostya Serebryany2017-03-311-1/+1
| | | | llvm-svn: 299145
* [libFuzzer] remove a stale flag from tests, run value-profile-strncmp.test ↵Kostya Serebryany2017-03-304-4/+4
| | | | | | longer (hopefully, will fix the OSX bot) llvm-svn: 299051
* [libFuzzer] best effort support for -fsanitize-coverage=trace-pc ↵Kostya Serebryany2017-03-305-1/+32
| | | | | | instrumentation. It is less efficient and precise than -fsanitize-coverage=trace-pc-guard, but still works llvm-svn: 299046
* [libfuzzer] Remove XFAIL for OutOfMemory test.Juergen Ributzka2017-03-271-1/+0
| | | | | | | | This test is now passing on Darwin. See rdar://problem/31282257. llvm-svn: 298886
* [libFuzzer] Fix test on Windows.Vitaly Buka2017-03-251-1/+1
| | | | llvm-svn: 298757
* [libFuzzer] read asan's dedup_token while minimizing a crash and stop ↵Kostya Serebryany2017-03-252-4/+53
| | | | | | minimization if another bug was found during minimization (https://github.com/google/oss-fuzz/issues/452) llvm-svn: 298755
* [libFuzzer] be more careful when calling strlen of strcmp parameters, PR32357Kostya Serebryany2017-03-244-3/+30
| | | | llvm-svn: 298746
* [libFuzzer] honor -exact_artifact_path for all intermediate files during ↵Kostya Serebryany2017-03-242-3/+6
| | | | | | crash minimization (https://github.com/google/oss-fuzz/issues/250) llvm-svn: 298740
* [libFuzzer] split two tests to get more parallelism in test runsKostya Serebryany2017-03-244-12/+13
| | | | llvm-svn: 298673
* [libFuzzer] increase kFeatureSetSize to 2^21 and make InputCorpus scale to ↵Kostya Serebryany2017-03-242-12/+11
| | | | | | that size. This will potentially make libFuzzer more sensitive on targets with lots of signals llvm-svn: 298671
* [libFuzzer] fix non-linux buildKostya Serebryany2017-03-231-0/+2
| | | | llvm-svn: 298666
* [libFuzzer] create experimental support for user-provided coverage signalKostya Serebryany2017-03-239-28/+169
| | | | llvm-svn: 298654
* [libFuzzer] add two experimental flags to make corpus merging more scalable: ↵Kostya Serebryany2017-03-227-7/+109
| | | | | | -save_coverage_summary/-load_coverage_summary. This is still WIP, the documentation will come later if these flags survive llvm-svn: 298548
* [libFuzzer] inline the code of __sanitizer_cov_trace_pc_guard into itKostya Serebryany2017-03-172-9/+3
| | | | llvm-svn: 298032
* [libFuzzer] Experimenting with dictionary minimization.Kostya Serebryany2017-03-172-0/+82
| | | | | | | | | | | | | | Summary: Tracking issue: https://github.com/google/oss-fuzz/issues/331 Reviewers: kcc Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D30940 llvm-svn: 298031
* [libFuzzer] add a test with two different bugsKostya Serebryany2017-03-172-0/+23
| | | | llvm-svn: 298030
* [libFuzzer] add a dummy LLVMFuzzerMutate to afl/afl_driver.cpp ↵Kostya Serebryany2017-03-151-0/+7
| | | | | | (https://github.com/google/oss-fuzz/issues/460) llvm-svn: 297919
* [libFuzzer] call __sanitizer_print_memory_profile with two paramsKostya Serebryany2017-03-152-2/+2
| | | | llvm-svn: 297916
* Revert "[libFuzzer] Use ChooseUnitIdxToMutate to pick item for crossover."Vitaly Buka2017-03-152-3/+3
| | | | | | | | Fails LLVMFuzzer.LLVMFuzzer.value-profile-strncmp.test. This reverts commit r297891. llvm-svn: 297912
* [libFuzzer] Use ChooseUnitIdxToMutate to pick item for crossover.Vitaly Buka2017-03-152-3/+3
| | | | | | Differential Revision: https://reviews.llvm.org/D30683 llvm-svn: 297891
* [libFuzzer] remove even more stale codeKostya Serebryany2017-03-152-18/+0
| | | | llvm-svn: 297797
OpenPOWER on IntegriCloud