summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] mutate empty input using the regular mutators (instead of a ↵Kostya Serebryany2017-01-231-14/+5
| | | | | | custom dummy one). This way when we mutate an empty input there is a chance we will get a dictionary word llvm-svn: 292843
* [libFuzzer] make sure we use the feedback from std::string operator ==Kostya Serebryany2017-01-234-1/+31
| | | | llvm-svn: 292835
* [libFuzzer] deflake a test Kostya Serebryany2017-01-231-0/+1
| | | | llvm-svn: 292813
* [libFuzzer] Add missing dependency for tests.Marcos Pividori2017-01-221-0/+1
| | | | | | Dependency on TestBinaries was erroneously removed on r292735. llvm-svn: 292765
* [libFuzzer] Specify the CRT considered (MT or MD) for tests on Windows.Marcos Pividori2017-01-221-2/+9
| | | | | | Differential Revision: https://reviews.llvm.org/D28439 llvm-svn: 292749
* [libFuzzer] Fix test with shared libraries on Windows.Marcos Pividori2017-01-223-6/+20
| | | | | | | | | | | | | | | | | | We need to set BINARY_DIR to: ${CMAKE_BINARY_DIR}/lib/Fuzzer/test , so the dll is placed in the same directory than the test LLVMFuzzer-DSOTest, and is found when executing that test. As we are using CMAKE_CXX_CREATE_SHARED_LIBRARY to link the dll, we can't modify the output directory for the import library. It will be created in the same directory than the dll (in BINARY_DIR), no matter which value we set to LIBRARY_DIR. So, if we set LIBRARY_DIR to a different directory than BINARY_DIR, when linking LLVMFuzzer-DSOTest, cmake will look for the import library LLVMFuzzer-DSO1.lib in LIBRARY_DIR, and won't find it, since it was created in BINARY_DIR. So, for Windows, we need that LIBRARY_DIR and BINARY_DIR are the same directory. Differential Revision: https://reviews.llvm.org/D27870 llvm-svn: 292748
* [libFuzzer] AlrmHandler is executed in a different thread for Windows.Marcos Pividori2017-01-221-0/+3
| | | | | | | | | | | Don't check for InFuzzingThread() on Windows, since the AlarmHandler() is always executed by a different thread from a thread pool. If we don't add these changes, the alarm handler will never execute. Note that we decided to ignore possible problem in the synchronization. Differential Revision: https://reviews.llvm.org/D28723 llvm-svn: 292746
* [libFuzzer] Leak Sanitizer is not supported for Windows.Marcos Pividori2017-01-221-3/+3
| | | | | | Differential Revision: https://reviews.llvm.org/D28709 llvm-svn: 292745
* [libFuzzer] Fix OutOfMemory tests to work on 32 bits.Marcos Pividori2017-01-222-3/+3
| | | | | | | | | | | | | | | | | I add 2 changes to make the tests work on 32 bits and on 64 bits. I change the size allocated to 0x20000000 and add the flag: -rss_limit_mb=300. Otherwise the output for 32 bits and 64 bits is different. For 64 bits the value 0xff000000 doesn't exceed kMaxAllowedMallocSize. For 32 bits, kMaxAllowedMallocSize is set to 0xc0000000, so the call to Allocate() will fail earlier printing "WARNING: AddressSanitizer failed to allocate ..." , and wont't call malloc hooks. So, we need to consider a size smaller than 2GB (so malloc doesn't fail on 32bits) and greater that the value provided by -rss_limit_mb. Because of that I use: 0x20000000. Differential Revision: https://reviews.llvm.org/D28706 llvm-svn: 292744
* [libFuzzer] Avoid undefined behavior, properly discard output to stdout/stderr.Marcos Pividori2017-01-224-2/+20
| | | | | | | | | | | | | | | | | | | | | | Fix libFuzzer when setting -close_fd_mask to a non-zero value. In previous implementation, libFuzzer closes the file descriptors for stdout/stderr. This has some disavantages: For `fuzzer-fdmask.test`, we write directly to stdout and stderr using the file streams stdout and stderr, after the file descriptors are closed, which is undefined behavior. In Windows, in particular, this was making the test fail. Also, if we close stdout and we open a new file in libFuzzer, we get the file descriptor 1, which could generate problem if some code assumes file descriptors refers to stdout and works directly writing to the file descriptor 1, but it will be writing to the opened file (for example using std::cout). Instead of closing the file descriptors, I redirect the output to /dev/null on linux and nul on Windows. Differential Revision: https://reviews.llvm.org/D28718 llvm-svn: 292743
* [libFuzzer] Remove lib prefix from library names on tests.Marcos Pividori2017-01-221-2/+2
| | | | | | | | | This changes is necessary on Windows, where libraries doesn't include the prefix "lib". Differential Revision: https://reviews.llvm.org/D28710 llvm-svn: 292742
* [libFuzzer] Fix ListFilesInDirRecursive() to do the same for Posix and Windows.Marcos Pividori2017-01-221-2/+4
| | | | | | | | | Update `ListFilesInDirRecursive` implementation on Windows to have the same behavior than for Posix, when the directory doesn't exists and when it is empty. Differential Revision: https://reviews.llvm.org/D28711 llvm-svn: 292741
* [libFuzzer] Consider both possible separators for tests.Marcos Pividori2017-01-221-1/+1
| | | | | | Differential Revision: https://reviews.llvm.org/D28636 llvm-svn: 292740
* [libFuzzer] Portably disassemble and find calls to sanitizer_cov_trace_pc_guard.Marcos Pividori2017-01-224-2/+33
| | | | | | | | | | Instead of directly using objdump, which is not present on Windows, we consider different tools depending on the platform. For Windows, we consider dumpbin and llvm-objdump. Differential Revision: https://reviews.llvm.org/D28635 llvm-svn: 292739
* [libFuzzer] Portable implementation of `IsInterestingCoverageFile()`.Marcos Pividori2017-01-224-12/+24
| | | | | | | | For Posix systems and Windows, we need to consider different cases. Differential Revision: https://reviews.llvm.org/D28633 llvm-svn: 292738
* [libFuzzer] Remove optimization flags for tests.Marcos Pividori2017-01-221-11/+1
| | | | | | | | | | | We need to build all the tests with -O0, otherwise optimizations may merge some basic blocks and the tests will fail. In this diff, I simplify the cmake implementation and I remove the flags for Windows too (/O[123s]). Differential Revision: https://reviews.llvm.org/D28632 llvm-svn: 292737
* [libFuzzer] Expose Sanitizer Coverage functions from libFuzzer.Marcos Pividori2017-01-222-12/+22
| | | | | | | | | We need to expose Sanitizer Coverage's functions that are rewritten with a different implementation, so compiler-rt's libraries have access to it. Differential Revision: https://reviews.llvm.org/D28618 llvm-svn: 292736
* [libFuzzer] Remove dependencies for tests on Windows.Marcos Pividori2017-01-221-1/+6
| | | | | | | | | | | | Remove dependency on FileCheck, sancov and not for tests on Windows. If LLVM_USE_SANITIZER=Address and LLVM_USE_SANITIZE_COVERAGE=YES, this will trigger the building of dependencies with sanitizer instrumentation. This will fail in Windows, since cmake will use link.exe for linking and won't include compiler-rt libraries. Differential Revision: https://reviews.llvm.org/D27993 llvm-svn: 292735
* [libFuzzer] Disable afl tests for Windows.Marcos Pividori2017-01-221-11/+12
| | | | | | | | On Windows, we don't have interoperability between libFuzzer and afl. Differential Revision: https://reviews.llvm.org/D28355 llvm-svn: 292734
* [libFuzzer] Use CXX to set compiler to useVitaly Buka2017-01-211-1/+2
| | | | | | | | | | Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D28976 llvm-svn: 292697
* [libFuzzer] fix gcc buildKostya Serebryany2017-01-211-1/+0
| | | | llvm-svn: 292695
* [libFuzzer] use print+exit(1) instead of assert to report an errorKostya Serebryany2017-01-212-3/+5
| | | | llvm-svn: 292685
* [libFuzzer] re-enable LLVMFuzzer-RepeatedMemcmp test, cleanup the test ↵Kostya Serebryany2017-01-212-20/+15
| | | | | | runner nearby llvm-svn: 292683
* [libFuzzer] call __sanitizer_dump_coverage via EFKostya Serebryany2017-01-202-1/+4
| | | | llvm-svn: 292681
* [libFuzzer] Don't use `#ifdef` for defined macros, instead use `#if`.Marcos Pividori2017-01-201-1/+1
| | | | | | Differential Revision: https://reviews.llvm.org/D28972 llvm-svn: 292670
* [libFuzzer] Use clang as linker on Windows, to properly include sanitizer ↵Marcos Pividori2017-01-201-0/+15
| | | | | | | | | | | | | | | | | | | libraries. In order to use sanitizers on Windows, we need to link against many runtime libraries which will depend on the target being created (executable or dll) and the c runtime library used (MT/MD). By default, cmake uses link.exe for linking, which fails because we don't specify the appropiate dependencies. As we don't want to consider all of that possible situations which depends on the implementation of the compiler-rt, the simplest option is to change the rules for linking executables and shared libraries, using the compiler instead of link.exe. Clang driver will consider the sanitizer flags, and automatically provide the required libraries to the linker. Differential Revision: https://reviews.llvm.org/D27869 llvm-svn: 292669
* [libFuzzer] Properly use compiler options supported on Windows.Marcos Pividori2017-01-201-1/+1
| | | | | | | | Replace "-g" by "-gline-tables-only". "-g" is not supported by clang-cl. Differential Revision: https://reviews.llvm.org/D27868 llvm-svn: 292668
* [libFuzzer] add an assert to protect against LLVMFuzzerInitialize changing ↵Kostya Serebryany2017-01-204-0/+22
| | | | | | argv[0] llvm-svn: 292652
* [libFuzzer] experimental support for 'equivalance fuzzing'Kostya Serebryany2017-01-2010-7/+243
| | | | llvm-svn: 292646
* [libFuzzer] ensure that entries in PersistentAutoDictionary are not emptyKostya Serebryany2017-01-191-0/+3
| | | | llvm-svn: 292520
* [libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't ↵Kostya Serebryany2017-01-195-12/+37
| | | | | | special case 2-byte inputs llvm-svn: 292511
* [libFuzzer] add two tests for experimenting with equivalence fuzzingKostya Serebryany2017-01-194-0/+46
| | | | llvm-svn: 292509
* [libFuzzer] remove stale codeKostya Serebryany2017-01-184-131/+4
| | | | llvm-svn: 292325
* [libFuzzer] exit(1) on failed mergeKostya Serebryany2017-01-182-0/+10
| | | | llvm-svn: 292319
* [libFuzzer] add ATTRIBUTE_NO_SANITIZE_MEMORY to sanitizer hooksKostya Serebryany2017-01-171-0/+14
| | | | llvm-svn: 292295
* [libfuzzer] fixing collected pc addresses for coverageMike Aizatsky2017-01-175-21/+33
| | | | | | | | | | | | Summary: The causes google/ossfuzz#84 Reviewers: kcc Subscribers: mgorny Differential Revision: https://reviews.llvm.org/D28827 llvm-svn: 292289
* [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the ↵Kostya Serebryany2017-01-1710-68/+94
| | | | | | code between cmp and memcmp handling) llvm-svn: 292287
* [libFuzzer] copy the options inside MutationDispatcher to avoid ↵Kostya Serebryany2017-01-171-1/+2
| | | | | | use-after-scope in mutator tests llvm-svn: 292286
* [libFuzzer] remove dead code, NFCKostya Serebryany2017-01-061-47/+0
| | | | llvm-svn: 291195
* [libFuzzer] improve error handling during the merge (handle various IO failures)Kostya Serebryany2017-01-059-0/+32
| | | | llvm-svn: 291182
* [libFuzzer] use /tmp (or $TMPDIR, if present) to store temp files during mergeKostya Serebryany2017-01-054-2/+13
| | | | llvm-svn: 291078
* [libFuzzer] disable -print_pcs by default (was enabled by mistake)Kostya Serebryany2017-01-031-0/+2
| | | | llvm-svn: 290899
* [libFuzzer] cleaner implementation of -print_pcs=1Kostya Serebryany2016-12-303-7/+14
| | | | llvm-svn: 290739
* Include <algorithm> for std::max etcReid Kleckner2016-12-301-0/+1
| | | | llvm-svn: 290730
* [libFuzzer] make __sanitizer_cov_trace_switch more predictableKostya Serebryany2016-12-292-24/+19
| | | | llvm-svn: 290703
* [libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany2016-12-275-2/+32
| | | | | | max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt) llvm-svn: 290637
* [libFuzzer] don't create large random mutations when given an empty seedKostya Serebryany2016-12-271-1/+1
| | | | llvm-svn: 290634
* [libFuzzer] fix UB and simplify the computation of the RNG seed ↵Kostya Serebryany2016-12-271-2/+2
| | | | | | (https://llvm.org/bugs/show_bug.cgi?id=31456) llvm-svn: 290622
* [libfuzzer] dump_coverage command line flagMike Aizatsky2016-12-197-0/+28
| | | | | | | | Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138
* Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 ↵Daniel Jasper2016-12-176-32/+9
| | | | | | | | | | | that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" This reverts commit r289998. See comment: https://reviews.llvm.org/rL289998 llvm-svn: 290043
OpenPOWER on IntegriCloud