Kostya Serebryany
6c4e275248
[libFuzzer] perform fewer crossover operations compared to plain mutations
...
llvm-svn: 247364
2015-09-11 00:20:58 +00:00
Kostya Serebryany
19cfb70c6a
[libFuzzer] refactor the code to allow building libFuzzer on platforms that don't have dfsan and don't support weak functions
...
llvm-svn: 247321
2015-09-10 18:48:38 +00:00
Kostya Serebryany
0001c18d8c
[libFuzzer] add two more variants of FuzzerDriver for convenience
...
llvm-svn: 247300
2015-09-10 16:57:57 +00:00
Ivan Krasin
cc79d453f1
[libFuzzer]Add a test for defeating a hash sum.
...
Summary:
Add a test for a data followed by 4-byte hash value.
I use a slightly modified Jenkins hash function,
as described in https://en.wikipedia.org/wiki/Jenkins_hash_function
The modification is to ensure that hash(zeros) != 0.
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D12648
llvm-svn: 247076
2015-09-08 21:22:52 +00:00
Kostya Serebryany
a2e2e93ba1
[libFuzzer] remove a piece of stale code
...
llvm-svn: 247067
2015-09-08 20:40:10 +00:00
Kostya Serebryany
04cc0059e2
[libFuzzer] be more robust when dealing with files on disk (e.g. don't crash if a file was there but disappeared)
...
llvm-svn: 247066
2015-09-08 20:36:33 +00:00
Kostya Serebryany
2d2cfbe976
[libFuzzer] better documentatio for -save_minimized_corpus=1
...
llvm-svn: 247033
2015-09-08 17:43:51 +00:00
Kostya Serebryany
28b0d0ab37
[libFuzzer] remove -iterations as redundant (there is also -num_runs)
...
llvm-svn: 247030
2015-09-08 17:30:35 +00:00
Kostya Serebryany
a575372f59
[libFuzzer] add one more mutator: Mutate_ChangeASCIIInteger
...
llvm-svn: 247027
2015-09-08 17:19:31 +00:00
Kostya Serebryany
22e4458e65
[libFuzzer] more accurate logic for traces, 80-char fix
...
llvm-svn: 246888
2015-09-04 22:32:25 +00:00
Kostya Serebryany
2c51ca12e7
[libFuzzer] when a single mutation fails try a few more times with other mutations before returning un-mutated data
...
llvm-svn: 246828
2015-09-04 00:40:29 +00:00
Kostya Serebryany
28a699d9b8
[libFuzzer] actually make the dictionaries work (+docs)
...
llvm-svn: 246825
2015-09-04 00:12:11 +00:00
Kostya Serebryany
3eaa9123bf
[libFuzzer] refactor the mutation functions so that they are now methods of a class. NFC
...
llvm-svn: 246808
2015-09-03 21:24:19 +00:00
Kostya Serebryany
3b60fc1204
[libFuzzer] adding a parser for AFL-style dictionaries + tests.
...
llvm-svn: 246800
2015-09-03 20:23:46 +00:00
Kostya Serebryany
d4b7d4667f
[libFuzzer] deprecate the -tokens flag. This was a bad idea because the corpus with this flag contains encrypted inputs, not the real inputs, which complicates interoperation with other fuzzers. Instead we'll need to implement AFL dictionary support
...
llvm-svn: 246734
2015-09-02 23:27:39 +00:00
Kostya Serebryany
9c0479fa99
[libFuzzer] honour -only_ascii=1 when reading the initial corpus. Also, remove ugly #ifdef
...
llvm-svn: 246689
2015-09-02 19:08:08 +00:00
Kostya Serebryany
0e83baec1a
[libFuzzer] fix minor inefficiency, PR24584
...
llvm-svn: 246087
2015-08-26 21:55:19 +00:00
Lenny Maiorani
1850ddfeb6
Fix missing space in libfuzzer's help text.
...
llvm-svn: 244800
2015-08-12 20:00:10 +00:00
Kostya Serebryany
a9d3e6b2dc
[libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the trace-based-mutations are applied
...
llvm-svn: 244712
2015-08-12 01:55:37 +00:00
Kostya Serebryany
2bdb9ad059
[libFuzzer] add colons to the stats output to avoid confusion
...
llvm-svn: 244708
2015-08-12 01:04:27 +00:00
Kostya Serebryany
5a4f36556e
[libFuzzer] use raw C IO to reduce the risk of a deadlock in a signal handler.
...
llvm-svn: 244707
2015-08-12 00:55:09 +00:00
Nick Lewycky
1bff8578d4
Fix unused variable 'X' in release builds.
...
llvm-svn: 244571
2015-08-11 05:57:10 +00:00
Kostya Serebryany
1c2b96fda9
[libFuzzer] add -only_ascii flag
...
llvm-svn: 244559
2015-08-11 01:44:42 +00:00
Yaron Keren
b598ba7c7c
Add missing include guard to FuzzerInternal.h, NFC.
...
llvm-svn: 244457
2015-08-10 16:37:40 +00:00
Kostya Serebryany
90b784ccc2
[libFuzzer] move the mutators to public interface so that custom mutators may reuse these functions directly
...
llvm-svn: 244250
2015-08-06 19:19:55 +00:00
Kostya Serebryany
acf2228ee8
[libFuzzer] add one more mutation strategy: byte shuffling
...
llvm-svn: 244188
2015-08-06 01:29:13 +00:00
Kostya Serebryany
c721977710
[libFuzzer] avoid build warnings in non-assert build (useful warning in this case)
...
llvm-svn: 244177
2015-08-05 23:44:42 +00:00
Kostya Serebryany
4338e69a99
[libFuzzer] in dfsan mode, set labels every time we start recording traces as opposed to doing it at process startup. This ensures that the labels are fresh.
...
llvm-svn: 244165
2015-08-05 23:02:57 +00:00
Kostya Serebryany
80051e17c0
[libFuzzer] add option -report_slow_units=Nsec to control when slow units are printed
...
llvm-svn: 244152
2015-08-05 21:43:48 +00:00
Kostya Serebryany
5be4cb583e
[libFuzzer] add a missing test file
...
llvm-svn: 244151
2015-08-05 21:32:13 +00:00
Kostya Serebryany
897a5553b1
[libFuzzer] use data-flow feedback from strcmp
...
llvm-svn: 244084
2015-08-05 18:23:01 +00:00
Kostya Serebryany
7ee2b779f7
[libFuzzer] more refactoring of the Mutator and adding tests to it
...
llvm-svn: 243818
2015-08-01 02:23:06 +00:00
Kostya Serebryany
82464edd32
[libFuzzer] start refactoring the Mutator and adding tests to it
...
llvm-svn: 243817
2015-08-01 01:42:51 +00:00
Kostya Serebryany
7a9f5ff70b
[libFuzzer] limit the size of the inputs printed to stderr
...
llvm-svn: 243795
2015-07-31 22:07:17 +00:00
Kostya Serebryany
a9e61b09d8
[libFuzzer] make sure that 2-byte arguments of switch() are handled properly
...
llvm-svn: 243781
2015-07-31 20:58:55 +00:00
Kostya Serebryany
ccad0c6979
[libFuzzer] record traces from the switch statements only when told to do so
...
llvm-svn: 243768
2015-07-31 18:09:08 +00:00
Kostya Serebryany
fead0c3ca4
[libFuzzer] support switch interception in dfsan mode
...
llvm-svn: 243760
2015-07-31 17:05:05 +00:00
Kostya Serebryany
71a4e8ccbf
[libFuzzer] trace switch statements and apply mutations based on the expected case values
...
llvm-svn: 243726
2015-07-31 01:33:06 +00:00
Kostya Serebryany
e76cb85ac7
[libFuzzer] fix the strncmp interceptor -- it should respect short strings.
...
llvm-svn: 243691
2015-07-30 21:22:22 +00:00
Kostya Serebryany
433c6e8b4b
[libFuzzer] implement strncmp hook for data-flow-guided fuzzing (w/ and w/o dfsan), add a test
...
llvm-svn: 243611
2015-07-30 02:33:45 +00:00
Kostya Serebryany
d6ac2f5889
[libFuzzer] implement memcmp hook for data-flow-guided fuzzing (w/o dfsan), extend the memcmp fuzzer test
...
llvm-svn: 243603
2015-07-30 01:34:58 +00:00
Kostya Serebryany
fc26c8ec1c
[libFuzzer] ensure that the dfsan tracing hooks actually run (using -verbosity=3 in tests)
...
llvm-svn: 243365
2015-07-28 01:25:00 +00:00
Kostya Serebryany
afb5a6f493
[libFuzzer] when using cmp traces, first check that the CMP is evaluated to one value much more frequently than to the other value (heuristic)
...
llvm-svn: 243363
2015-07-28 00:59:53 +00:00
Kostya Serebryany
02e05d0662
[libFuzzer] allow users to supply their own implementation of rand
...
llvm-svn: 243078
2015-07-24 01:06:40 +00:00
Kostya Serebryany
35d1f9b1f6
[libFuzzer] dump long running units to disk
...
llvm-svn: 243031
2015-07-23 18:37:22 +00:00
Alexey Samsonov
84ab5e6b2a
[Fuzzer] Rely on $PATH expansion instead of hardcoding paths in tests. NFC.
...
llvm-svn: 242851
2015-07-21 22:51:55 +00:00
Alexey Samsonov
4a6c6512bc
[Fuzzer] Clearly separate regular and DFSan tests. NFC.
...
llvm-svn: 242850
2015-07-21 22:51:49 +00:00
Kostya Serebryany
7c2874be12
[libFuzzer] require the files and directories passed to the fuzzer to exist
...
llvm-svn: 242596
2015-07-18 00:03:37 +00:00
Kostya Serebryany
444683ece7
[lib/Fuzzer] make assertions more informative and update comments for the user-supplied mutator
...
llvm-svn: 238658
2015-05-30 17:33:13 +00:00
Kostya Serebryany
74916b0deb
[lib/Fuzzer] relax an assertion
...
llvm-svn: 238608
2015-05-29 20:31:17 +00:00