summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Delete llvm/lib/FuzzerVitaly Buka2017-10-1647-7427/+0
| | | | | | | | | | | | Summary: Code is already in compiler-rt Reviewers: kcc Subscribers: krytarowski, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D38912 llvm-svn: 315937
* [FuzzerUtil] Partially revert D38481 on FuzzerUtilTim Shen2017-10-041-1/+9
| | | | | | | | | This is because lib/Fuzzer doesn't really depend on llvm infrastucture. It's not easy to access the llvm hardware_concurrency here. Differential Reivision: https://reviews.llvm.org/D38481 llvm-svn: 314870
* Use sched_getaffinity instead of std::thread::hardware_concurrency.Rafael Espindola2017-10-031-9/+1
| | | | | | | | | | | | | | The issue with std::thread::hardware_concurrency is that it forwards to libc and some implementations (like glibc) don't take thread affinity into consideration. With this change a llvm program that can execute in only 2 cores will use 2 threads, even if the machine has 32 cores. This makes benchmarking a lot easier, but should also help if someone doesn't want to use all cores for compilation for example. llvm-svn: 314809
* Moving libFuzzer from LLVM to compiler-rt.George Karpenkov2017-08-21151-3641/+4
| | | | | | | | | This change only removes libFuzzer tests and CMake machinery, the source copy temporarily remains at the old location. Differential Revision: https://reviews.llvm.org/D36980 llvm-svn: 311405
* Always compile libFuzzer with no coverageGeorge Karpenkov2017-08-211-2/+2
| | | | | | | | Do not compile libFuzzer itself with coverage, regardless of LLVM variables Differential Revision: https://reviews.llvm.org/D36887 llvm-svn: 311374
* Get rid of even more "%T" expansions, see <https://reviews.llvm.org/D35396>.Kuba Mracek2017-08-202-2/+4
| | | | llvm-svn: 311294
* [SanitizerCoverage] Add stack depth tracing instrumentation.Matt Morehouse2017-08-182-16/+14
| | | | | | | | | | | | | | | | | | | | | | Summary: Augment SanitizerCoverage to insert maximum stack depth tracing for use by libFuzzer. The new instrumentation is enabled by the flag -fsanitize-coverage=stack-depth and is compatible with the existing trace-pc-guard coverage. The user must also declare the following global variable in their code: thread_local uintptr_t __sancov_lowest_stack https://bugs.llvm.org/show_bug.cgi?id=33857 Reviewers: vitalybuka, kcc Reviewed By: vitalybuka Subscribers: kubamracek, hiraditya, cfe-commits, llvm-commits Differential Revision: https://reviews.llvm.org/D36839 llvm-svn: 311186
* [CMake] Add install target for LLVMFuzzerPetr Hosek2017-08-141-0/+21
| | | | | | | | This allows including LLVMFuzzer as distribution component. Differential Revision: https://reviews.llvm.org/D36540 llvm-svn: 310897
* [libFuzzer] try to use less RAM while processing the initial corpusKostya Serebryany2017-08-141-1/+2
| | | | llvm-svn: 310881
* [libFuzzer] explicitly use -fsanitize-coverage=trace-pc-guard in ↵Kostya Serebryany2017-08-143-7/+7
| | | | | | test/dump_coverage.test; mark print_coverage/dump_coverage as To-be-deprecated llvm-svn: 310877
* [libFuzzer] experimental support for Clang's coverage ↵Kostya Serebryany2017-08-116-15/+99
| | | | | | (fprofile-instr-generate), Linux-only llvm-svn: 310771
* [libFuzzer] Re-enable coverage.test on Darwin.George Karpenkov2017-08-111-2/+0
| | | | llvm-svn: 310750
* [libFuzzer] Update LibFuzzer w.r.t. the new comparisons instrumentation APIAlexander Potapenko2017-08-101-0/+35
| | | | | | | | | | Added the _sanitizer_cov_trace_const_cmp[1248] callbacks. For now they are implemented the same way as _sanitizer_cov_trace_cmp[1248]. For more details, please see https://reviews.llvm.org/D36465. Patch by Victor Chibotaru. llvm-svn: 310592
* [libFuzzer] simplify code, NFCKostya Serebryany2017-08-082-11/+7
| | | | llvm-svn: 310326
* [libFuzzer] remove stale codeKostya Serebryany2017-08-083-14/+0
| | | | llvm-svn: 310325
* [libFuzzer] simplify the implementation of -print_coverage=1Kostya Serebryany2017-08-082-103/+69
| | | | llvm-svn: 310324
* Do not instrument libFuzzer itself when built with -DLLVM_USE_SANITIZE_COVERAGEGeorge Karpenkov2017-08-071-0/+5
| | | | | | | | Fixes regression from https://reviews.llvm.org/D36295 Differential Revision: https://reviews.llvm.org/D36428 llvm-svn: 310305
* [libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) ↵Kostya Serebryany2017-08-045-13/+25
| | | | | | to implement -exit_on_src_pos llvm-svn: 310151
* [libFuzzer] print PCs using the in-binary PC-table instead of relying on PCs ↵Kostya Serebryany2017-08-043-21/+40
| | | | | | captured at run-time llvm-svn: 310148
* [libFuzzer] re-enable fuzzer-printcovpcs.testKostya Serebryany2017-08-041-1/+1
| | | | llvm-svn: 310126
* [libFuzzer] make a test more robustKostya Serebryany2017-08-041-1/+1
| | | | llvm-svn: 310113
* [libFuzzer] remove the now redundant 'LLVMFuzzer-' prefix from libFuzzer testsKostya Serebryany2017-08-0465-241/+241
| | | | llvm-svn: 310110
* [libFuzzer] split one test into severalKostya Serebryany2017-08-047-24/+24
| | | | llvm-svn: 310106
* [libFuzzer tests] Only enable libFuzzer tests ifGeorge Karpenkov2017-08-042-18/+16
| | | | | | -DLIBFUZZER_ENABLE_TESTS=ON is set. llvm-svn: 310100
* [libFuzzer] make trace-pc.test more reliableKostya Serebryany2017-08-041-1/+1
| | | | llvm-svn: 310091
* Fixing buildbots: do not register check-fuzzer if clang or asan are notGeorge Karpenkov2017-08-041-12/+15
| | | | | | present. llvm-svn: 310077
* Drop Windows support from libFuzzer tests.George Karpenkov2017-08-049-55/+5
| | | | | | Differential Revision: https://reviews.llvm.org/D36205 llvm-svn: 310076
* Port libFuzzer tests to LIT. Do not require two-stage build for check-fuzzer.George Karpenkov2017-08-0472-442/+341
| | | | | | | | | | | | | | | | | | | | | This revision ports all libFuzzer tests apart from the unittest to LIT. The advantages of doing so include: - Tests being self-contained - Much easier debugging of a single test - No need for using a two-stage compilation The unit-test is still compiled using CMake, but it does not need a freshly built compiler. NOTE: The previous two-stage bot configuration will NOT work, as in the second stage build LLVM_USE_SANITIZER is set, which disables ASAN from being built. Thus bots will be reconfigured in the next few commits. Differential Revision: https://reviews.llvm.org/D36295 llvm-svn: 310075
* Disable libFuzzer tests on WindowsGeorge Karpenkov2017-08-041-2/+10
| | | | | | Differential Revision: https://reviews.llvm.org/D36297 llvm-svn: 310009
* [libFuzzer] Un-reverting change in tests after fixing the failure on Linux.George Karpenkov2017-08-031-1/+1
| | | | | | Differential Revision: https://reviews.llvm.org/D36242 llvm-svn: 309982
* Revert "[libFuzzer tests] Use substring comparison in libFuzzer tests"George Karpenkov2017-08-021-1/+1
| | | | | | | | This reverts commit 3592d8049660dcdd07f7c2e797f2de9790f93111. Breaks the bots, reverting for now. llvm-svn: 309899
* [libFuzzer tests] Use substring comparison in libFuzzer testsGeorge Karpenkov2017-08-021-1/+1
| | | | | | | | | LIT launches executables with absolute, and not relative, path. strncmp would try to do exact comparison and fail. Differential Revision: https://reviews.llvm.org/D36242 llvm-svn: 309889
* [libFuzzer] temporarty remove pc-tables and disable ↵Kostya Serebryany2017-08-012-2/+3
| | | | | | test/fuzzer-printcovpcs.test until this can be fixed on Windows llvm-svn: 309716
* [libFuzzer] implement more correct way of computing feature index for ↵Kostya Serebryany2017-08-012-11/+18
| | | | | | Inline8bitCounters llvm-svn: 309647
* [libFuzzer] enable -fsanitize-coverage=pc-table for all testsKostya Serebryany2017-08-014-11/+22
| | | | llvm-svn: 309646
* [libFuzzer] implement __sanitizer_cov_pcs_init and add pc-table to build ↵Kostya Serebryany2017-07-313-6/+32
| | | | | | flags for one test (for now) llvm-svn: 309615
* [libFuzzer] improve support for inline-8bit-counters (make it more correct ↵Kostya Serebryany2017-07-283-3/+21
| | | | | | and faster) llvm-svn: 309443
* [libFuzzer] don't disable msan for TracePC::CollectFeatures: this started to ↵Kostya Serebryany2017-07-251-1/+1
| | | | | | cause false positives in msan. No tests for libFuzzer+msan yet -- tests will need to wait until we move libFuzzer to compiler-rt llvm-svn: 309038
* [libFuzzer] make one test faster, fix compiler warnings in testsKostya Serebryany2017-07-254-4/+4
| | | | llvm-svn: 308945
* Revert "Revert "[libFuzzer] Add a dependency on symbolizer from libFuzzer ↵George Karpenkov2017-07-241-1/+1
| | | | | | | | | | tests"" This reverts commit 15425f2bc6eac6249ee957a2a280511306c07547. Should work now that atos is a default symbolizer on Darwin. llvm-svn: 308910
* [libFuzzer] reimplement experimental_len_control=1: bump the temporary ↵Kostya Serebryany2017-07-224-22/+34
| | | | | | max_len every time we failed to find new coverage during the last 1000 runs and 1 second. Also fix FileToVector to not load unfinished files llvm-svn: 308811
* Generate error reports when a fuzz target exits.Matt Morehouse2017-07-2021-20/+59
| | | | | | | | | | | | | | | | | | | | | | Summary: Implements https://github.com/google/sanitizers/issues/835. Flush stdout before exiting in test cases. Since the atexit hook is used for exit reports, pending prints to stdout can be lost if they aren't flushed before calling exit(). Expect tests to have non-zero exit code if exit() is called. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: eraman, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D35602 llvm-svn: 308669
* [libFuzzer] delete stale codeKostya Serebryany2017-07-201-23/+0
| | | | llvm-svn: 308663
* [libFuzzer] make sure CheckExitOnSrcPosOrItem is called after the new input ↵Kostya Serebryany2017-07-202-4/+6
| | | | | | is saved to the corpus llvm-svn: 308653
* [libFuzzer] prototype implementation of recursion-depth coverage features ↵Kostya Serebryany2017-07-205-4/+30
| | | | | | (commented out; real implementation needs to use inlined instrumentation) llvm-svn: 308577
* [libFuzzer] add DeepRecursionTest, inspired by ↵Kostya Serebryany2017-07-202-0/+26
| | | | | | https://guidovranken.wordpress.com/2017/07/08/libfuzzer-gv-new-techniques-for-dramatically-faster-fuzzing/ (Stack-depth-guided fuzzing). libFuzzer does not solve it yet. llvm-svn: 308571
* Try to deflake fuzzer-oom.test on WindowsReid Kleckner2017-07-201-1/+5
| | | | llvm-svn: 308568
* [libFuzzer] simplify two more testsKostya Serebryany2017-07-192-3/+3
| | | | llvm-svn: 308560
* [libFuzzer] change several tests to not limit the max len: with ↵Kostya Serebryany2017-07-196-7/+5
| | | | | | reduce_inputs=1 they are now fast enough even w/o this llvm-svn: 308553
* Fix fuzzer-flags.test on WindowsReid Kleckner2017-07-192-3/+1
| | | | | | | | | | | The optional external function callbacks have to be exported in order for them to be called. The test was failing because libFuzzer wasn't calling LLVMFuzzerInitialize. We can reconsider if this is the best way to mark these optional callbacks exported later. llvm-svn: 308548
OpenPOWER on IntegriCloud