summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itselfKostya Serebryany2016-09-092-8/+19
| | | | llvm-svn: 281016
* [libFuzzer] remove unneeded callKostya Serebryany2016-09-092-9/+0
| | | | llvm-svn: 281014
* [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly ↵Kostya Serebryany2016-09-096-67/+9
| | | | | | better llvm-svn: 281007
* [libFuzzer] add -minimize_crash flag (to minimize crashers). also add two ↵Kostya Serebryany2016-09-015-8/+115
| | | | | | tests that I failed to commit last time llvm-svn: 280332
* [libfuzzer] simplified unit truncation; do not write trunc items to discMike Aizatsky2016-08-302-34/+14
| | | | | | Differential Revision: https://reviews.llvm.org/D24049 llvm-svn: 280153
* [libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, ↵Kostya Serebryany2016-08-302-6/+7
| | | | | | M<N, caused a buffer overflow llvm-svn: 280098
* [libFuzzer] stop using bits for memcmp's value profile -- seems to blow up ↵Kostya Serebryany2016-08-302-9/+9
| | | | | | the corpus too much llvm-svn: 280096
* [libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the ↵Kostya Serebryany2016-08-302-13/+21
| | | | | | fuzzer reaches the goal much faster, at least on the simple puzzles llvm-svn: 280054
* [libFuzzer] use trace-div and trace-gep for guided fuzzing, add testsKostya Serebryany2016-08-304-1/+66
| | | | llvm-svn: 280046
* [libFuzzer] simplify a test to make it pass on the botKostya Serebryany2016-08-261-1/+1
| | | | llvm-svn: 279796
* [libFuzzer] make sure we have symbols on fuzzer testsKostya Serebryany2016-08-251-1/+1
| | | | llvm-svn: 279792
* [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more ↵Kostya Serebryany2016-08-256-12/+28
| | | | | | useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787
* [libFuzzer] simplify the code, NFCKostya Serebryany2016-08-252-91/+81
| | | | llvm-svn: 279697
* [libFuzzer] make a test more deterministic Kostya Serebryany2016-08-241-3/+3
| | | | llvm-svn: 279686
* [libFuzzer] use __attribute__((target("popcnt"))) only on x86_64Kostya Serebryany2016-08-244-7/+13
| | | | llvm-svn: 279601
* [libFuzzer] collect 64 states for value profile, not 65Kostya Serebryany2016-08-231-1/+5
| | | | llvm-svn: 279588
* [libFuzzer] fix the non-debug build warningsKostya Serebryany2016-08-191-1/+2
| | | | llvm-svn: 279321
* [libFuzzer] add more __attribute__((visibility("default")))Kostya Serebryany2016-08-181-0/+2
| | | | llvm-svn: 279143
* [sanitizer-coverage/libFuzzer] instrument comparisons with ↵Kostya Serebryany2016-08-182-3/+50
| | | | | | __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer llvm-svn: 279027
* [libFuzzer] force proper popcnt instructionKostya Serebryany2016-08-172-1/+3
| | | | llvm-svn: 279002
* [libFuzzer] given 0 and 255 more preference when inserting repeated bytesKostya Serebryany2016-08-171-1/+2
| | | | llvm-svn: 278986
* [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage ↵Kostya Serebryany2016-08-173-2/+77
| | | | | | from r278970 llvm-svn: 278982
* [libFuzzer] when printing the reproducer input, also print the base input ↵Kostya Serebryany2016-08-173-4/+13
| | | | | | and the mutation sequence llvm-svn: 278975
* Replace a few more "fall through" comments with LLVM_FALLTHROUGHJustin Bogner2016-08-171-1/+1
| | | | | | Follow up to r278902. I had missed "fall through", with a space. llvm-svn: 278970
* [libFuzzer] more mutationsKostya Serebryany2016-08-173-18/+124
| | | | llvm-svn: 278950
* [libFuzzer] minor speed improvementKostya Serebryany2016-08-161-1/+1
| | | | llvm-svn: 278856
* [libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany2016-08-1615-11/+158
| | | | | | affect control flow and treats new values as new coverage. llvm-svn: 278839
* [libFuzzer] refactoring around PCMap, NFCKostya Serebryany2016-08-165-81/+81
| | | | llvm-svn: 278825
* [libFuzzer] print a verbose message after executing inputs in non-fuzzing modeKostya Serebryany2016-08-152-0/+6
| | | | llvm-svn: 278724
* [libFuzzer] fix the bot Kostya Serebryany2016-08-151-1/+1
| | | | llvm-svn: 278721
* [libFuzzer] add InsertRepeatedBytes and EraseBytes.Kostya Serebryany2016-08-158-20/+139
| | | | | | | | | | | | | New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687
* [LibFuzzer] Fix `-jobs=<N>` where <N> > 1 and the number of workers is > 1 ↵Dan Liew2016-08-125-4/+198
| | | | | | | | | | | | | | | | | | | | | | | on macOS. The original `ExecuteCommand()` called `system()` from the C library. The C library implementation of this on macOS contains a mutex which serializes calls to `system()`. This prevented the `-jobs=` flag from running copies of the fuzzing binary in parallel which is the opposite of what is intended. To fix this on macOS an alternative implementation of `ExecuteCommand()` is provided that can be used concurrently. This is provided in `FuzzerUtilDarwin.cpp` which is guarded to only compile code on Apple platforms. The existing implementation has been moved to a new file `FuzzerUtilLinux.cpp` which is guarded to only compile code on Linux. This commit includes a simple test to check that LibFuzzer is being executed in parallel when requested. Differential Revision: https://reviews.llvm.org/D22742 llvm-svn: 278544
* [libFuzzer] make libFuzzer work with a bit older clang versionsKostya Serebryany2016-08-061-8/+10
| | | | llvm-svn: 277941
* [libFuzzer] don't print bogus error messageKostya Serebryany2016-08-061-2/+3
| | | | llvm-svn: 277940
* [libfuzzer] do not warn about missing pcbuffer functions: they are new.Mike Aizatsky2016-08-061-2/+2
| | | | llvm-svn: 277927
* [sanitizers] trace buffer API to use user-allocated buffer.Mike Aizatsky2016-08-053-27/+53
| | | | | | Differential Revision: https://reviews.llvm.org/D23185 llvm-svn: 277859
* [libFuzzer] extend the messages printed by afl_driverKostya Serebryany2016-07-191-4/+12
| | | | llvm-svn: 276052
* [libFuzzer] properly intercept memmemKostya Serebryany2016-07-192-2/+15
| | | | llvm-svn: 276006
* [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany2016-07-159-6/+67
| | | | llvm-svn: 275648
* [libFuzzer] add ThreadedLeakTestKostya Serebryany2016-07-153-0/+24
| | | | llvm-svn: 275582
* [LibFuzzer] Unbreak the build on macOS which was broken by r272858.Dan Liew2016-07-071-0/+6
| | | | | | | | | ``afl_driver.cpp`` currently relies on weak symbols which doesn't work properly under macOS. For now fix the build by providing a dummy implementation of ``LLVMFuzzerInitialize(...)``. This is just a temporary measure until we fix ``afl_driver.cpp`` for macOS. llvm-svn: 274778
* [libFuzzer] Let user specify extra stats file.Mike Aizatsky2016-06-303-4/+208
| | | | | | | | | | | | Summary: If AFL_DRIVER_EXTRA_STATS_FILENAME is set and valid, write to it peak_rss_mb and slowest_unit_time_sec. These are both stats that libFuzzer can print but afl cannot. Reviewers: kcc, aizatsky, metzman Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21742 llvm-svn: 274273
* [libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky2016-06-236-60/+65
| | | | | | | | Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
* [libFuzzer] Add standard license info and comment header to AFLDriverTest.cppVitaly Buka2016-06-231-0/+4
| | | | | | | | | | | | Summary: Add license info and brief description of file to AFLDriverTest.cpp. Reviewers: kcc, aizatsky Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21487 llvm-svn: 273527
* [libFuzzer] make the single-run output more reliableKostya Serebryany2016-06-172-4/+4
| | | | llvm-svn: 272998
* [libFuzzer] use the new chainable malloc hooks instead of the old ↵Kostya Serebryany2016-06-163-39/+32
| | | | | | un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable llvm-svn: 272948
* Fix test from D21194Vitaly Buka2016-06-161-2/+1
| | | | | | Bot sets ASAN_OPTIONS=handle_abort=1 which prevents expected crash. llvm-svn: 272866
* Debugging D21194 issues on botVitaly Buka2016-06-161-0/+1
| | | | llvm-svn: 272863
* Enable libFuzzer's afl_driver to append stderr to a file.Vitaly Buka2016-06-164-0/+56
| | | | | | | | | | | | | | | | | | | Summary: [libFuzzer] Enable afl_driver to append stderr to a user specified file. Append stderr of afl_driver to the file specified by the environmental variable AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs on crashes without rerunning crashing test cases (which won't work for crashes that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz and users would have no way of seeing it. Reviewers: llvm-commits, aizatsky, kcc, vitalybuka Subscribers: vitalybuka Differential Revision: http://reviews.llvm.org/D21194 llvm-svn: 272858
* [LibFuzzer] Fix ``FuzzerMutate.ShuffleBytes2`` unit test on OSX.Dan Liew2016-06-151-1/+1
| | | | | | | | | | | | | | | | The ``FuzzerMutate.ShuffleBytes2`` unit test was failing on OSX due to the implementation of ``std::random_shuffle()`` being different between libcxx and libstdc++. @kcc has decided (see http://reviews.llvm.org/D21218) it is acceptable for there to be different mutation behavior on different platforms so this commit just adjusts the test to perform the minimum number of iterations (that is a power of 2) to see all the mutations the unit test is looking for. Differential Revision: http://reviews.llvm.org/D21359 llvm-svn: 272743
OpenPOWER on IntegriCloud