summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] use a valid ASCII string for a dummy seed corpusKostya Serebryany2016-11-121-1/+1
| | | | llvm-svn: 286702
* [libFuzzer] use less stackKostya Serebryany2016-11-122-16/+18
| | | | llvm-svn: 286689
* [libFuzzer] do not initialize parts of TracePC -- let them be initialized by ↵Kostya Serebryany2016-11-112-2/+5
| | | | | | the linker. Add no-msan attribute to the memcmp hook. llvm-svn: 286665
* [libFuzzer] fix -error_exitcode=N, now with a test Kostya Serebryany2016-11-033-4/+6
| | | | llvm-svn: 285958
* [libFuzzer] enable use_cmp by defaultKostya Serebryany2016-10-2711-15/+17
| | | | llvm-svn: 285353
* [libFuzzer] speculatively trying to fix the Mac build; second attemptKostya Serebryany2016-10-272-14/+4
| | | | llvm-svn: 285262
* [libFuzzer] revert 285259 -- hit commit too soonKostya Serebryany2016-10-271-4/+1
| | | | llvm-svn: 285260
* [libFuzzer] speculatively trying to fix the Mac buildKostya Serebryany2016-10-271-1/+4
| | | | llvm-svn: 285259
* [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing ↵Kostya Serebryany2016-10-263-29/+5
| | | | | | with -exit_on_src_pos, symbolize every PC only once llvm-svn: 285223
* [libFuzzer] simplify the code in TracePC::HandleTrace a bit moreKostya Serebryany2016-10-263-33/+18
| | | | llvm-svn: 285147
* [libFuzzer] simplify the code to print new PCsKostya Serebryany2016-10-264-16/+20
| | | | llvm-svn: 285145
* [libFuzzer] simplify the code in TracePC::HandleTraceKostya Serebryany2016-10-253-5/+9
| | | | llvm-svn: 285142
* [libFuzzer] add StandaloneFuzzTargetMain.c and a test for itKostya Serebryany2016-10-255-3/+62
| | | | llvm-svn: 285135
* [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the ↵Kostya Serebryany2016-10-253-11/+10
| | | | | | desired bytes. Add another test for use_cmp llvm-svn: 285109
* [libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany2016-10-259-102/+130
| | | | | | available, add a test llvm-svn: 285049
* [libFuzzer] mutation: insert the size of the input in bytes as one of the ↵Kostya Serebryany2016-10-222-11/+21
| | | | | | ways to mutate a binary integer llvm-svn: 284909
* [libFuzzer] typo in a testKostya Serebryany2016-10-221-1/+1
| | | | llvm-svn: 284903
* [libFuzzer] add a test for asan's strict_string_checks=1Kostya Serebryany2016-10-223-0/+26
| | | | llvm-svn: 284902
* Fix -Wunused-variable warning in libFuzzerReid Kleckner2016-10-211-1/+1
| | | | llvm-svn: 284838
* [libFuzzer] extend -print_coverage to also print uncovered lines, functions, ↵Kostya Serebryany2016-10-197-8/+133
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and files. Example of output: COVERAGE: COVERED: in DSO2(int) /pathto/DSO2.cpp:6 COVERED: in DSO2(int) /pathto/DSO2.cpp:8 COVERED: in DSO1(int) /pathto/DSO1.cpp:6 COVERED: in DSO1(int) /pathto/DSO1.cpp:8 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25 COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26 MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9 UNCOVERED_FUNC: in Uncovered1() MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9 UNCOVERED_FUNC: in Uncovered2() MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21 UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27 UNCOVERED_FILE: /pathto/DSOTestExtra.cpp Several things are not perfect here: * we are using objdump+awk instead of sancov because sancov does not support DSOs yet. * this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=... (need to implement another API to get the module name by PC) llvm-svn: 284554
* [libFuzzer] detect leaks after every run when executing fixed inputs ↵Kostya Serebryany2016-10-183-2/+6
| | | | | | (./fuzzer -runs=1000000 my-file) llvm-svn: 284514
* [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_itemKostya Serebryany2016-10-182-15/+12
| | | | llvm-svn: 284508
* [libFuzzer] swap bytes in integers when handling CMP tracesKostya Serebryany2016-10-155-15/+49
| | | | llvm-svn: 284301
* [libFuzzer] better algorithm for -minimize_crashKostya Serebryany2016-10-153-5/+25
| | | | llvm-svn: 284299
* [libFuzzer] remove subdir fuzzer-test-suite as it is now superseded with ↵Kostya Serebryany2016-10-1419-410/+0
| | | | | | https://github.com/google/fuzzer-test-suite llvm-svn: 284275
* [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany2016-10-1412-12/+157
| | | | | | instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
* [libFuzzer] more detailed message for disabled leak detectionKostya Serebryany2016-10-131-2/+4
| | | | llvm-svn: 284169
* [libFuzzer] add -trace_malloc= flagKostya Serebryany2016-10-137-5/+70
| | | | llvm-svn: 284149
* [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a ↵Kostya Serebryany2016-10-132-36/+23
| | | | | | fix for gcc build llvm-svn: 284132
* Revert "[libFuzzer] refactoring to speed things up, NFC"Daniel Jasper2016-10-122-20/+35
| | | | | | | | | | | This reverts commit r283946. This breaks when build with GCC: lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes] lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here llvm-svn: 283979
* [libFuzzer] refactoring to speed things up, NFCKostya Serebryany2016-10-112-35/+20
| | | | llvm-svn: 283946
* [libFuzzer] implement value profile for switch, increase the size of the PCs ↵Kostya Serebryany2016-10-113-4/+11
| | | | | | array, make sure we don't overflow it llvm-svn: 283841
* [libFuzzer] add switch testsKostya Serebryany2016-10-112-0/+38
| | | | llvm-svn: 283840
* [libFuzzer] make a test less flakyKostya Serebryany2016-10-091-1/+0
| | | | llvm-svn: 283686
* [libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany2016-10-088-25/+46
| | | | | | created by the current process llvm-svn: 283682
* [libFuzzer] control the reload interval by a flag, make it 10 seconds by defaultKostya Serebryany2016-10-084-9/+13
| | | | llvm-svn: 283676
* [libFuzzer] fix use-after-free in libFuzzer found by ... fuzzing.Kostya Serebryany2016-10-081-24/+23
| | | | llvm-svn: 283675
* [libFuzzer] be more careful with memory usage, print peak rss in status linesKostya Serebryany2016-10-063-2/+4
| | | | llvm-svn: 283418
* [libFuzzer] when re-running for lsan, don't look at the coverageKostya Serebryany2016-10-051-1/+1
| | | | llvm-svn: 283411
* [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany2016-10-0512-150/+145
| | | | llvm-svn: 283409
* [libFuzzer] add ShrinkValueProfileTest, move code around, NFCKostya Serebryany2016-10-058-111/+141
| | | | llvm-svn: 283286
* [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller ↵Kostya Serebryany2016-10-053-6/+38
| | | | | | elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines llvm-svn: 283279
* [libFuzzer] remove dfsan support and some related stale code. This is not ↵Kostya Serebryany2016-10-049-449/+1
| | | | | | being used and as is is pretty weak anyway llvm-svn: 283187
* [libFuzzer] change the probabilities so that we choose only the inputs that ↵Kostya Serebryany2016-10-042-4/+13
| | | | | | are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now) llvm-svn: 283178
* [libFuzzer] add fuzzer test for libxml2, finds ↵Kostya Serebryany2016-10-013-0/+38
| | | | | | https://bugzilla.gnome.org/show_bug.cgi?id=751631 llvm-svn: 283024
* [libFuzzer] fix a recent bugs (buffer overflow)Kostya Serebryany2016-10-011-1/+1
| | | | llvm-svn: 283021
* [libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany2016-10-018-13/+51
| | | | | | the corpus smaller, off by default llvm-svn: 282995
* [libFuzzer] remove some experimental codeKostya Serebryany2016-09-302-21/+12
| | | | llvm-svn: 282983
* [libFuzzer] fix openssl fuzzer tests when running on a machine w/o openssl ↵Kostya Serebryany2016-09-302-2/+2
| | | | | | installed llvm-svn: 282972
* [libFuzzer] remove unused optionKostya Serebryany2016-09-307-20/+8
| | | | llvm-svn: 282971
OpenPOWER on IntegriCloud