RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-11-26 04:32:44 +01:00
Code Issues Projects Releases Wiki Activity
136,134 Commits 4 Branches 5 Tags 704 MiB
4109691507
Commit Graph

320 Commits

Author SHA1 Message Date
Dmitry Vyukov
d77444bc90 libfuzzer: fix compiler warnings 
- unused sigaction/setitimer result (used in assert)
- unchecked fscanf return value
- signed/unsigned comparison

llvm-svn: 262472
 2016-03-02 09:54:40 +00:00
Kostya Serebryany
96af1208c1 [libFuzzer] deprecate exit_on_first flag 
llvm-svn: 262417
 2016-03-01 22:33:14 +00:00
Kostya Serebryany
d5755334e5 [libFuzzer] add generic signal handlers so that libFuzzer can report at least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. 
llvm-svn: 262415
 2016-03-01 22:19:21 +00:00
Kostya Serebryany
306353eaf8 [libFuzzer] remove FuzzerSanitizerOptions.cpp 
llvm-svn: 262354
 2016-03-01 17:46:32 +00:00
Rafael Espindola
c165498992 Refactor duplicated code for linking with pthread. 
llvm-svn: 262344
 2016-03-01 15:54:40 +00:00
Kostya Serebryany
33b6a19483 [libFuzzer] fixing the bot 
llvm-svn: 262106
 2016-02-27 03:14:23 +00:00
Kostya Serebryany
471f3a8bda [libFuzzer] speedup path coverage handling 
llvm-svn: 262102
 2016-02-27 01:50:16 +00:00
Kostya Serebryany
503e17c728 [libFuzzer] add -print_final_stats=1 flag 
llvm-svn: 262084
 2016-02-26 22:42:23 +00:00
Kostya Serebryany
a9a412139e [libFuzzer] initial implementation of path coverage based on -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds 
llvm-svn: 262073
 2016-02-26 21:33:56 +00:00
Kostya Serebryany
7ef7f142ff [libFuzzer] only read MaxLen bytes from every file in the corpus to speedup loading the corpus 
llvm-svn: 261267
 2016-02-18 21:49:10 +00:00
Kostya Serebryany
080284668c [libFuzzer] fix the libFuzzer bot 
llvm-svn: 261184
 2016-02-18 02:02:40 +00:00
Kostya Serebryany
a45a009f24 [libFuzzer] don't timeout when loading the corpus. Be a bit more verbose when loading large corpus. 
llvm-svn: 261143
 2016-02-17 19:42:34 +00:00
Kostya Serebryany
abc380db58 [libFuzzer] remove std::vector operations from hot paths, NFC 
llvm-svn: 260829
 2016-02-13 17:56:51 +00:00
Kostya Serebryany
bf966c5f23 [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast 
llvm-svn: 260810
 2016-02-13 06:24:18 +00:00
Kostya Serebryany
ef83d4c558 [libFuzzer] remove the C++-ish variant of FuzzerDriver from the interface 
llvm-svn: 260801
 2016-02-13 03:59:26 +00:00
Kostya Serebryany
abf7df0972 [libFuzzer] simplify CTOR of MutationDispatcher 
llvm-svn: 260800
 2016-02-13 03:46:26 +00:00
Kostya Serebryany
cca951bf4c [libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC) 
llvm-svn: 260799
 2016-02-13 03:37:24 +00:00
Kostya Serebryany
b9687a1cc3 [libFuzzer] get rid of UserSuppliedFuzzer; NFC 
llvm-svn: 260798
 2016-02-13 03:25:16 +00:00
Kostya Serebryany
9bf814b9ec [libFuzzer] simplify the code around Random. NFC 
llvm-svn: 260797
 2016-02-13 03:00:53 +00:00
Kostya Serebryany
1bb500faf8 [libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea). 
llvm-svn: 260796
 2016-02-13 02:39:30 +00:00
Kostya Serebryany
b2451a8b09 [libFuzzer] provide a plain C interface for custom mutators (experimental) 
llvm-svn: 260794
 2016-02-13 02:29:38 +00:00
Kostya Serebryany
cf66bc968c [libFuzzer] make -runs=N flag also affect the simple runner (will execute every input N times) 
llvm-svn: 260649
 2016-02-12 02:32:03 +00:00
Mike Aizatsky
c1c7e55502 [libfuzzer] Removing coverage-related flags from asan options. 
Summary:
Reasons to remove are twofold:
 - we don't really need coverage=1 for libfuzzer operation
 - makes controlling coverage for fuzzer processes non-trivial.

Differential Revision: http://reviews.llvm.org/D17168

llvm-svn: 260611
 2016-02-11 22:20:34 +00:00
Kostya Serebryany
b6b4bc42cc [libFuzzer] hot fix a test 
llvm-svn: 259732
 2016-02-04 00:12:28 +00:00
Kostya Serebryany
036c2a2dea [libFuzzer] don't write the test unit when a leak is detected (since we don't know which unit causes the leak) 
llvm-svn: 259731
 2016-02-04 00:02:17 +00:00
Kostya Serebryany
aa6ade3737 [libFuzzer] don't create too many trace-based mutations as it may be too slow 
llvm-svn: 259600
 2016-02-02 23:17:45 +00:00
Kostya Serebryany
4b2ab57d9f [libFuzzer] allow passing 1 or more files as individual inputs 
llvm-svn: 259459
 2016-02-02 03:03:47 +00:00
Kostya Serebryany
dd149f22ae [libFuzzer] fail if the corpus dir does not exist 
llvm-svn: 259454
 2016-02-02 02:07:26 +00:00
Kostya Serebryany
e3ec64cf18 [libFuzzer] add -timeout_exitcode option 
llvm-svn: 259265
 2016-01-29 23:30:07 +00:00
Kostya Serebryany
ccb79d88ac [libFuzzer] re-enable test for -abort_on_timeout=1, this time protecting from ASAN_OPTIONS set outside 
llvm-svn: 259263
 2016-01-29 23:19:00 +00:00
Ivan Krasin
09873095d3 Temporary disable broken fuzzer/timeout tests. 
Reviewers: kcc

Differential Revision: http://reviews.llvm.org/D16543

llvm-svn: 258702
 2016-01-25 19:05:45 +00:00
Kostya Serebryany
0c11655f17 [libFuzzer] add -abort_on_timeout option 
llvm-svn: 258631
 2016-01-23 19:34:19 +00:00
Kostya Serebryany
548cef831b [libFuzzer] add more fields to DictionaryEntry to count the number of uses and successes 
llvm-svn: 258589
 2016-01-22 23:55:14 +00:00
Ivan Krasin
ce1bcd8c31 Use std::piecewise_constant_distribution instead of ad-hoc binary search. 
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.

Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed.

Reviewers: aizatsky, kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D16487

llvm-svn: 258571
 2016-01-22 22:28:27 +00:00
Ivan Krasin
7b4522dc59 Revert r258473 as it's breaking the build with libc++ 
Reviewers: kcc

Differential Revision: http://reviews.llvm.org/D16441

llvm-svn: 258479
 2016-01-22 03:21:52 +00:00
Ivan Krasin
db4009626d Use std::piecewise_constant_distribution instead of ad-hoc binary search. 
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.

Note: I had to change the seed for one test to make it pass. Alternatively,
the number of runs could be increased. I believe that the average time of
'foo' discovery is not increased, just seed=1 was particularly convenient
for the previous PRNG scheme used.

Reviewers: aizatsky, kcc

Subscribers: llvm-commits, kcc

Differential Revision: http://reviews.llvm.org/D16419

llvm-svn: 258473
 2016-01-22 01:32:34 +00:00
Kostya Serebryany
f7155b3e82 [libFuzzer] don't do expensive memmem if the result will not be used 
llvm-svn: 258462
 2016-01-22 01:04:58 +00:00
Kostya Serebryany
0b3db26b9a [libFuzzer] don't use std::vector in one more hot path 
llvm-svn: 258380
 2016-01-21 01:52:14 +00:00
Mike Aizatsky
d01a744fd9 [libfuzzer] use %p for printing addresses 
llvm-svn: 258370
 2016-01-21 00:02:09 +00:00
Kostya Serebryany
8820217862 [libFuzzer] use std::mt19937 for generating random numbers by default. Fix MyStoll to handle negative values. Use std::any_of instead of std::find_if 
llvm-svn: 258178
 2016-01-19 20:33:57 +00:00
Kostya Serebryany
0ae292d42e [libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path 
llvm-svn: 257985
 2016-01-16 03:53:32 +00:00
Kostya Serebryany
d65aa3494d [libFuzzer] introduce LLVMFuzzerInitialize 
llvm-svn: 257980
 2016-01-16 01:23:12 +00:00
Kostya Serebryany
87079ee20d [libFuzzer] move some code from public interface header to a non-public header. NFC 
llvm-svn: 257963
 2016-01-16 00:04:36 +00:00
Kostya Serebryany
b40c61f46c [libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) 
llvm-svn: 257873
 2016-01-15 06:24:05 +00:00
Kostya Serebryany
2afdf677ec [libFuzzer] use custom stol; also introduce __libfuzzer_is_present so that users can check for its presence. 
llvm-svn: 257848
 2016-01-15 00:17:37 +00:00
Kostya Serebryany
f77ffed10e [libFuzzer] suggest a dictionary to the user of some of the trace-based dictionary entries were successful 
llvm-svn: 257736
 2016-01-14 02:36:44 +00:00
Kostya Serebryany
f050542d8f [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations 
llvm-svn: 257713
 2016-01-13 23:46:01 +00:00
Kostya Serebryany
89262beb8c [libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) 
llvm-svn: 257701
 2016-01-13 23:02:30 +00:00
Kostya Serebryany
ec88d2d728 [libFuzzer] make sure to update CurrentUnit when drilling 
llvm-svn: 257560
 2016-01-13 01:58:27 +00:00
Kostya Serebryany
7902538e08 [libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS 
llvm-svn: 257482
 2016-01-12 16:50:18 +00:00
Kostya Serebryany
df2508fcaf [libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries 
llvm-svn: 257435
 2016-01-12 02:36:59 +00:00
Kostya Serebryany
929ac07474 [libFuzzer] add various debug prints. Also don't mutate based on a cmp trace like (a eq a) or (a neq a) 
llvm-svn: 257434
 2016-01-12 02:08:37 +00:00
Kostya Serebryany
dbfeeafbb3 [libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive the result of the computations. With that, don't do any mutations if memcmp/etc returned 0 
llvm-svn: 257423
 2016-01-12 00:43:42 +00:00
Kostya Serebryany
b57e7c0541 [libFuzzer] debug prints in tracing 
llvm-svn: 257249
 2016-01-09 03:46:08 +00:00
Kostya Serebryany
bdc66ac566 [libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary 
llvm-svn: 257248
 2016-01-09 03:08:58 +00:00
Kostya Serebryany
591d2f9d2d [libFuzzer] don't limit memcmp tracing with 8 bytes 
llvm-svn: 257245
 2016-01-09 01:39:55 +00:00
Kostya Serebryany
71864fdc77 [libFuzzer] refactor the way we collect cmp traces (don't use std::vector, don't limit with 8 bytes) 
llvm-svn: 257239
 2016-01-09 00:38:40 +00:00
Kostya Serebryany
da719cf533 [libFuzzer] add a position hint to the dictionary-based mutator 
llvm-svn: 257013
 2016-01-07 01:49:35 +00:00
Kostya Serebryany
2c6246a7e6 [libFuzzer] extend the dictionary mutator to optionally overwrite data with the dict entry 
llvm-svn: 256900
 2016-01-06 02:13:04 +00:00
Mike Aizatsky
b1bf6550e4 [libfuzzer] print_new_cov_pcs experimental option. 
Differential Revision: http://reviews.llvm.org/D15901

llvm-svn: 256882
 2016-01-06 00:21:22 +00:00
Kostya Serebryany
7d302bb908 [libFuzzer] make trace-based fuzzing not crash in presence of threads 
llvm-svn: 256876
 2016-01-06 00:03:35 +00:00
Kostya Serebryany
066e99fd12 [libFuzzer] add AFL-style dictionary for C++, remove the old file with tokens 
llvm-svn: 256229
 2015-12-22 01:50:51 +00:00
Kostya Serebryany
4165eed18e [libFuzzer] deprecate -save_minimized_corpus, -merge can be used instead 
llvm-svn: 256086
 2015-12-19 03:42:16 +00:00
Kostya Serebryany
9332fb3411 [libFuzzer] split the tests to run them in parallel, remove one redundant test 
llvm-svn: 256085
 2015-12-19 03:35:30 +00:00
Kostya Serebryany
ab36ca708c [libFuzzer] make CrossOver just one of the other mutations 
llvm-svn: 256081
 2015-12-19 02:49:09 +00:00
Kostya Serebryany
e4adf51693 [libFuzzer] print successfull mutations sequences 
llvm-svn: 256071
 2015-12-19 01:09:49 +00:00
Peter Collingbourne
f8ab9e45d0 Fuzzer: Fix library dependencies. 
Newer versions of libstdc++ (4.9+), as well as libc++, depend directly on
libpthread from the standard library headers, so libfuzzer needs to declare
a standard library dependency.

llvm-svn: 255745
 2015-12-16 02:14:57 +00:00
Mike Aizatsky
ea27e92765 [LibFuzzer] Introducing FUZZER_FLAG_UNSIGNED and using it for seeding. 
Differential Revision: http://reviews.llvm.org/D15339

done

llvm-svn: 255296
 2015-12-10 20:41:53 +00:00
Kostya Serebryany
d2117b7607 [libFuzzer] don't reload the corpus more than once every second 
llvm-svn: 254824
 2015-12-05 02:09:22 +00:00
Kostya Serebryany
a69b412cc5 [libFuzzer] compute base64 in-process instead of using an external lib. Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 
llvm-svn: 254784
 2015-12-04 22:29:39 +00:00
Mike Aizatsky
2444b7e49b Libfuzzer: do not pass null into user function 
Differential Revision: http://reviews.llvm.org/D15098

llvm-svn: 254558
 2015-12-02 22:43:53 +00:00
Kostya Serebryany
6b2a558b5e [libFuzzer] add a test that is built with -fsanitize-coverage=trace-bb 
llvm-svn: 254484
 2015-12-02 02:49:37 +00:00
Kostya Serebryany
4b6eeeca4b [libFuzzer] add a flag -exact_artifact_path 
llvm-svn: 254100
 2015-11-25 21:40:46 +00:00
Kostya Serebryany
41c09f4dbc [libFuzzer] don't crash when reporting a leak in test_single_input mode 
llvm-svn: 253761
 2015-11-21 03:46:43 +00:00
Kostya Serebryany
3250d874fb [libFuzzer] remove default initializer as a workaround for https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399. Don't need it anyway. 
llvm-svn: 253419
 2015-11-18 01:08:30 +00:00
Kostya Serebryany
2f218614e9 [libFuzzer] make libFuzzer build even with a compiler that does not have sanitizer headers 
llvm-svn: 253003
 2015-11-13 01:54:40 +00:00
Mike Aizatsky
4afb4aff05 output_csv libfuzzer option 
Summary:
The option outputs statistics in CSV format preceded by 1 header line.
This is intended for machine processing of the output.
-verbosity=0 should likely be set.

Differential Revision: http://reviews.llvm.org/D14600

llvm-svn: 252856
 2015-11-12 04:38:40 +00:00
Kostya Serebryany
745d4188ac [libFuzzer] experimental flag -drill (another search heuristic; Mike Aizatsky's idea) 
llvm-svn: 252838
 2015-11-12 01:02:01 +00:00
Kostya Serebryany
53bfef8ad6 [libFuzzer] add UninstrumentedTest.cpp (missing from a previous commit) 
llvm-svn: 252658
 2015-11-10 22:02:56 +00:00
Kostya Serebryany
548bb85f31 [libFuzzer] make libFuzzer link if there is no sanitizer coverage instrumentation (it will fail at start-up time) 
llvm-svn: 252533
 2015-11-09 23:17:45 +00:00
Kostya Serebryany
23d6a0a60f [libFuzzer] print a bit fewer lines 
llvm-svn: 252123
 2015-11-05 01:19:42 +00:00
Kostya Serebryany
9d859680b2 [libFuzzer] when choosing the next unit to mutate, give some preference to the most recent units (they are more likely to be interesting) 
llvm-svn: 252097
 2015-11-04 23:22:25 +00:00
Kostya Serebryany
6ba411ce7a [libFuzzer] make -test_single_input more reliable: make sure the input's size is equal to it's capacity 
llvm-svn: 251961
 2015-11-03 18:57:25 +00:00
Kostya Serebryany
c171514e30 [libFuzzer] add -merge flag to merge corpora 
llvm-svn: 251168
 2015-10-24 01:16:40 +00:00
Kostya Serebryany
f03686178a [libFuzzer] remove some old code; also make __sanitizer_get_total_unique_caller_callee_pairs weak so that newer libFuzzer works with older asan 
llvm-svn: 251133
 2015-10-23 18:37:58 +00:00
Kostya Serebryany
829e28a729 [libFuzzer] use the indirect caller-callee counter as an independent search heuristic 
llvm-svn: 251078
 2015-10-22 23:55:39 +00:00
Kostya Serebryany
8c8cba5fa8 [libFuzzer] more refactoring the code that checks the coverage. NFC 
llvm-svn: 251075
 2015-10-22 22:56:45 +00:00
Kostya Serebryany
e6c24f1866 [libFuzzer] refactoring the code that checks the coverage. NFC 
llvm-svn: 251074
 2015-10-22 22:50:47 +00:00
Kostya Serebryany
99fe4b430c [libFuzzer] remove the deprecated 'tokens' feature 
llvm-svn: 251069
 2015-10-22 21:48:09 +00:00
Craig Topper
c8409f4435 Make a bunch of static arrays const. 
llvm-svn: 250642
 2015-10-18 05:15:34 +00:00
Kostya Serebryany
b30ba817ce [libFuzzer] add -shuffle flag 
llvm-svn: 250603
 2015-10-17 04:38:26 +00:00
Kostya Serebryany
a51be6eaa4 [libFuzzer] print a stack trace on timeout 
llvm-svn: 250571
 2015-10-16 23:04:31 +00:00
Kostya Serebryany
c1fcef367b [libFuzzer] reduce the size of artifacts printed on the screen 
llvm-svn: 250565
 2015-10-16 22:47:20 +00:00
Kostya Serebryany
47e5e62e71 [libFuzzer] When -test_single_input crashes the test it is not necessary to write crash-file because input is already known to the user. Patch by Mike Aizatsky 
llvm-svn: 250564
 2015-10-16 22:41:47 +00:00
Kostya Serebryany
98ed53705f [libFuzzer] don't print large artifacts to stderr 
llvm-svn: 249808
 2015-10-09 04:03:14 +00:00
Kostya Serebryany
e3d637a4af [libFuzzer] add -artifact_prefix flag 
llvm-svn: 249807
 2015-10-09 03:57:59 +00:00
Kostya Serebryany
6e1f94e9cd [libFuzzer] fix 32-bit build 
llvm-svn: 249646
 2015-10-08 00:59:25 +00:00
Kostya Serebryany
d0d9f0b833 [libFuzzer] trying to fix at-exit hang 
llvm-svn: 249231
 2015-10-03 07:02:05 +00:00
Kostya Serebryany
4487114c63 [libFuzzer] make LLVMFuzzerTestOneInput (the fuzzer target function) return int instead of void. The actual return value is not *yet* used (and expected to be 0). This change is API breaking, so the fuzzers will need to be updated. 
llvm-svn: 249214
 2015-10-02 23:34:06 +00:00
Kostya Serebryany
20a00e008b [libFuzzer] remove experimental flag and functionality 
llvm-svn: 249194
 2015-10-02 22:00:32 +00:00
Kostya Serebryany
70f0401f05 [libFuzzer] add a flag -max_total_time 
llvm-svn: 249181
 2015-10-02 20:47:55 +00:00
Ivan Krasin
b941371206 [LibFuzzer] test_single_input option to run a single test case. 
-test_single_input flag specifies a file name with test data.

Review URL: http://reviews.llvm.org/D13359

Patch by Mike Aizatsky!

llvm-svn: 249096
 2015-10-01 23:23:06 +00:00
Kostya Serebryany
8474784569 [libFuzzer] Marking exported symbols as visible. Patch by Mike Aizatsky 
llvm-svn: 248954
 2015-09-30 22:22:37 +00:00
Kostya Serebryany
6c4e275248 [libFuzzer] perform fewer crossover operations compared to plain mutations 
llvm-svn: 247364
 2015-09-11 00:20:58 +00:00
Kostya Serebryany
19cfb70c6a [libFuzzer] refactor the code to allow building libFuzzer on platforms that don't have dfsan and don't support weak functions 
llvm-svn: 247321
 2015-09-10 18:48:38 +00:00
Kostya Serebryany
0001c18d8c [libFuzzer] add two more variants of FuzzerDriver for convenience 
llvm-svn: 247300
 2015-09-10 16:57:57 +00:00
Ivan Krasin
cc79d453f1 [libFuzzer]Add a test for defeating a hash sum. 
Summary:
Add a test for a data followed by 4-byte hash value.
I use a slightly modified Jenkins hash function,
as described in https://en.wikipedia.org/wiki/Jenkins_hash_function

The modification is to ensure that hash(zeros) != 0.

Reviewers: kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D12648

llvm-svn: 247076
 2015-09-08 21:22:52 +00:00
Kostya Serebryany
a2e2e93ba1 [libFuzzer] remove a piece of stale code 
llvm-svn: 247067
 2015-09-08 20:40:10 +00:00
Kostya Serebryany
04cc0059e2 [libFuzzer] be more robust when dealing with files on disk (e.g. don't crash if a file was there but disappeared) 
llvm-svn: 247066
 2015-09-08 20:36:33 +00:00
Kostya Serebryany
2d2cfbe976 [libFuzzer] better documentatio for -save_minimized_corpus=1 
llvm-svn: 247033
 2015-09-08 17:43:51 +00:00
Kostya Serebryany
28b0d0ab37 [libFuzzer] remove -iterations as redundant (there is also -num_runs) 
llvm-svn: 247030
 2015-09-08 17:30:35 +00:00
Kostya Serebryany
a575372f59 [libFuzzer] add one more mutator: Mutate_ChangeASCIIInteger 
llvm-svn: 247027
 2015-09-08 17:19:31 +00:00
Kostya Serebryany
22e4458e65 [libFuzzer] more accurate logic for traces, 80-char fix 
llvm-svn: 246888
 2015-09-04 22:32:25 +00:00
Kostya Serebryany
2c51ca12e7 [libFuzzer] when a single mutation fails try a few more times with other mutations before returning un-mutated data 
llvm-svn: 246828
 2015-09-04 00:40:29 +00:00
Kostya Serebryany
28a699d9b8 [libFuzzer] actually make the dictionaries work (+docs) 
llvm-svn: 246825
 2015-09-04 00:12:11 +00:00
Kostya Serebryany
3eaa9123bf [libFuzzer] refactor the mutation functions so that they are now methods of a class. NFC 
llvm-svn: 246808
 2015-09-03 21:24:19 +00:00
Kostya Serebryany
3b60fc1204 [libFuzzer] adding a parser for AFL-style dictionaries + tests. 
llvm-svn: 246800
 2015-09-03 20:23:46 +00:00
Kostya Serebryany
d4b7d4667f [libFuzzer] deprecate the -tokens flag. This was a bad idea because the corpus with this flag contains encrypted inputs, not the real inputs, which complicates interoperation with other fuzzers. Instead we'll need to implement AFL dictionary support 
llvm-svn: 246734
 2015-09-02 23:27:39 +00:00
Kostya Serebryany
9c0479fa99 [libFuzzer] honour -only_ascii=1 when reading the initial corpus. Also, remove ugly #ifdef 
llvm-svn: 246689
 2015-09-02 19:08:08 +00:00
Kostya Serebryany
0e83baec1a [libFuzzer] fix minor inefficiency, PR24584 
llvm-svn: 246087
 2015-08-26 21:55:19 +00:00
Lenny Maiorani
1850ddfeb6 Fix missing space in libfuzzer's help text. 
llvm-svn: 244800
 2015-08-12 20:00:10 +00:00
Kostya Serebryany
a9d3e6b2dc [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the trace-based-mutations are applied 
llvm-svn: 244712
 2015-08-12 01:55:37 +00:00
Kostya Serebryany
2bdb9ad059 [libFuzzer] add colons to the stats output to avoid confusion 
llvm-svn: 244708
 2015-08-12 01:04:27 +00:00
Kostya Serebryany
5a4f36556e [libFuzzer] use raw C IO to reduce the risk of a deadlock in a signal handler. 
llvm-svn: 244707
 2015-08-12 00:55:09 +00:00
Nick Lewycky
1bff8578d4 Fix unused variable 'X' in release builds. 
llvm-svn: 244571
 2015-08-11 05:57:10 +00:00
Kostya Serebryany
1c2b96fda9 [libFuzzer] add -only_ascii flag 
llvm-svn: 244559
 2015-08-11 01:44:42 +00:00
Yaron Keren
b598ba7c7c Add missing include guard to FuzzerInternal.h, NFC. 
llvm-svn: 244457
 2015-08-10 16:37:40 +00:00
Kostya Serebryany
90b784ccc2 [libFuzzer] move the mutators to public interface so that custom mutators may reuse these functions directly 
llvm-svn: 244250
 2015-08-06 19:19:55 +00:00
Kostya Serebryany
acf2228ee8 [libFuzzer] add one more mutation strategy: byte shuffling 
llvm-svn: 244188
 2015-08-06 01:29:13 +00:00
Kostya Serebryany
c721977710 [libFuzzer] avoid build warnings in non-assert build (useful warning in this case) 
llvm-svn: 244177
 2015-08-05 23:44:42 +00:00
Kostya Serebryany
4338e69a99 [libFuzzer] in dfsan mode, set labels every time we start recording traces as opposed to doing it at process startup. This ensures that the labels are fresh. 
llvm-svn: 244165
 2015-08-05 23:02:57 +00:00
Kostya Serebryany
80051e17c0 [libFuzzer] add option -report_slow_units=Nsec to control when slow units are printed 
llvm-svn: 244152
 2015-08-05 21:43:48 +00:00
Kostya Serebryany
5be4cb583e [libFuzzer] add a missing test file 
llvm-svn: 244151
 2015-08-05 21:32:13 +00:00
Kostya Serebryany
897a5553b1 [libFuzzer] use data-flow feedback from strcmp 
llvm-svn: 244084
 2015-08-05 18:23:01 +00:00
Kostya Serebryany
7ee2b779f7 [libFuzzer] more refactoring of the Mutator and adding tests to it 
llvm-svn: 243818
 2015-08-01 02:23:06 +00:00
Kostya Serebryany
82464edd32 [libFuzzer] start refactoring the Mutator and adding tests to it 
llvm-svn: 243817
 2015-08-01 01:42:51 +00:00
Kostya Serebryany
7a9f5ff70b [libFuzzer] limit the size of the inputs printed to stderr 
llvm-svn: 243795
 2015-07-31 22:07:17 +00:00
Kostya Serebryany
a9e61b09d8 [libFuzzer] make sure that 2-byte arguments of switch() are handled properly 
llvm-svn: 243781
 2015-07-31 20:58:55 +00:00
Kostya Serebryany
ccad0c6979 [libFuzzer] record traces from the switch statements only when told to do so 
llvm-svn: 243768
 2015-07-31 18:09:08 +00:00
Kostya Serebryany
fead0c3ca4 [libFuzzer] support switch interception in dfsan mode 
llvm-svn: 243760
 2015-07-31 17:05:05 +00:00
Kostya Serebryany
71a4e8ccbf [libFuzzer] trace switch statements and apply mutations based on the expected case values 
llvm-svn: 243726
 2015-07-31 01:33:06 +00:00
Kostya Serebryany
e76cb85ac7 [libFuzzer] fix the strncmp interceptor -- it should respect short strings. 
llvm-svn: 243691
 2015-07-30 21:22:22 +00:00
Kostya Serebryany
433c6e8b4b [libFuzzer] implement strncmp hook for data-flow-guided fuzzing (w/ and w/o dfsan), add a test 
llvm-svn: 243611
 2015-07-30 02:33:45 +00:00
Kostya Serebryany
d6ac2f5889 [libFuzzer] implement memcmp hook for data-flow-guided fuzzing (w/o dfsan), extend the memcmp fuzzer test 
llvm-svn: 243603
 2015-07-30 01:34:58 +00:00
Kostya Serebryany
fc26c8ec1c [libFuzzer] ensure that the dfsan tracing hooks actually run (using -verbosity=3 in tests) 
llvm-svn: 243365
 2015-07-28 01:25:00 +00:00
Kostya Serebryany
afb5a6f493 [libFuzzer] when using cmp traces, first check that the CMP is evaluated to one value much more frequently than to the other value (heuristic) 
llvm-svn: 243363
 2015-07-28 00:59:53 +00:00
Kostya Serebryany
02e05d0662 [libFuzzer] allow users to supply their own implementation of rand 
llvm-svn: 243078
 2015-07-24 01:06:40 +00:00
Kostya Serebryany
35d1f9b1f6 [libFuzzer] dump long running units to disk 
llvm-svn: 243031
 2015-07-23 18:37:22 +00:00
Alexey Samsonov
84ab5e6b2a [Fuzzer] Rely on $PATH expansion instead of hardcoding paths in tests. NFC. 
llvm-svn: 242851
 2015-07-21 22:51:55 +00:00
Alexey Samsonov
4a6c6512bc [Fuzzer] Clearly separate regular and DFSan tests. NFC. 
llvm-svn: 242850
 2015-07-21 22:51:49 +00:00