RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-10-19 19:12:56 +02:00
Code Issues Projects Releases Wiki Activity
124,222 Commits 4 Branches 5 Tags 704 MiB
4b6eeeca4b
Commit Graph

61 Commits

Author SHA1 Message Date
Kostya Serebryany
4b6eeeca4b [libFuzzer] add a flag -exact_artifact_path 
llvm-svn: 254100
 2015-11-25 21:40:46 +00:00
Mike Aizatsky
4afb4aff05 output_csv libfuzzer option 
Summary:
The option outputs statistics in CSV format preceded by 1 header line.
This is intended for machine processing of the output.
-verbosity=0 should likely be set.

Differential Revision: http://reviews.llvm.org/D14600

llvm-svn: 252856
 2015-11-12 04:38:40 +00:00
Kostya Serebryany
745d4188ac [libFuzzer] experimental flag -drill (another search heuristic; Mike Aizatsky's idea) 
llvm-svn: 252838
 2015-11-12 01:02:01 +00:00
Kostya Serebryany
9d859680b2 [libFuzzer] when choosing the next unit to mutate, give some preference to the most recent units (they are more likely to be interesting) 
llvm-svn: 252097
 2015-11-04 23:22:25 +00:00
Kostya Serebryany
c171514e30 [libFuzzer] add -merge flag to merge corpora 
llvm-svn: 251168
 2015-10-24 01:16:40 +00:00
Kostya Serebryany
f03686178a [libFuzzer] remove some old code; also make __sanitizer_get_total_unique_caller_callee_pairs weak so that newer libFuzzer works with older asan 
llvm-svn: 251133
 2015-10-23 18:37:58 +00:00
Kostya Serebryany
829e28a729 [libFuzzer] use the indirect caller-callee counter as an independent search heuristic 
llvm-svn: 251078
 2015-10-22 23:55:39 +00:00
Kostya Serebryany
8c8cba5fa8 [libFuzzer] more refactoring the code that checks the coverage. NFC 
llvm-svn: 251075
 2015-10-22 22:56:45 +00:00
Kostya Serebryany
e6c24f1866 [libFuzzer] refactoring the code that checks the coverage. NFC 
llvm-svn: 251074
 2015-10-22 22:50:47 +00:00
Kostya Serebryany
99fe4b430c [libFuzzer] remove the deprecated 'tokens' feature 
llvm-svn: 251069
 2015-10-22 21:48:09 +00:00
Kostya Serebryany
b30ba817ce [libFuzzer] add -shuffle flag 
llvm-svn: 250603
 2015-10-17 04:38:26 +00:00
Kostya Serebryany
a51be6eaa4 [libFuzzer] print a stack trace on timeout 
llvm-svn: 250571
 2015-10-16 23:04:31 +00:00
Kostya Serebryany
47e5e62e71 [libFuzzer] When -test_single_input crashes the test it is not necessary to write crash-file because input is already known to the user. Patch by Mike Aizatsky 
llvm-svn: 250564
 2015-10-16 22:41:47 +00:00
Kostya Serebryany
e3d637a4af [libFuzzer] add -artifact_prefix flag 
llvm-svn: 249807
 2015-10-09 03:57:59 +00:00
Kostya Serebryany
4487114c63 [libFuzzer] make LLVMFuzzerTestOneInput (the fuzzer target function) return int instead of void. The actual return value is not *yet* used (and expected to be 0). This change is API breaking, so the fuzzers will need to be updated. 
llvm-svn: 249214
 2015-10-02 23:34:06 +00:00
Kostya Serebryany
20a00e008b [libFuzzer] remove experimental flag and functionality 
llvm-svn: 249194
 2015-10-02 22:00:32 +00:00
Kostya Serebryany
70f0401f05 [libFuzzer] add a flag -max_total_time 
llvm-svn: 249181
 2015-10-02 20:47:55 +00:00
Ivan Krasin
b941371206 [LibFuzzer] test_single_input option to run a single test case. 
-test_single_input flag specifies a file name with test data.

Review URL: http://reviews.llvm.org/D13359

Patch by Mike Aizatsky!

llvm-svn: 249096
 2015-10-01 23:23:06 +00:00
Kostya Serebryany
28b0d0ab37 [libFuzzer] remove -iterations as redundant (there is also -num_runs) 
llvm-svn: 247030
 2015-09-08 17:30:35 +00:00
Kostya Serebryany
3b60fc1204 [libFuzzer] adding a parser for AFL-style dictionaries + tests. 
llvm-svn: 246800
 2015-09-03 20:23:46 +00:00
Kostya Serebryany
9c0479fa99 [libFuzzer] honour -only_ascii=1 when reading the initial corpus. Also, remove ugly #ifdef 
llvm-svn: 246689
 2015-09-02 19:08:08 +00:00
Kostya Serebryany
a9d3e6b2dc [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the trace-based-mutations are applied 
llvm-svn: 244712
 2015-08-12 01:55:37 +00:00
Kostya Serebryany
1c2b96fda9 [libFuzzer] add -only_ascii flag 
llvm-svn: 244559
 2015-08-11 01:44:42 +00:00
Yaron Keren
b598ba7c7c Add missing include guard to FuzzerInternal.h, NFC. 
llvm-svn: 244457
 2015-08-10 16:37:40 +00:00
Kostya Serebryany
90b784ccc2 [libFuzzer] move the mutators to public interface so that custom mutators may reuse these functions directly 
llvm-svn: 244250
 2015-08-06 19:19:55 +00:00
Kostya Serebryany
acf2228ee8 [libFuzzer] add one more mutation strategy: byte shuffling 
llvm-svn: 244188
 2015-08-06 01:29:13 +00:00
Kostya Serebryany
80051e17c0 [libFuzzer] add option -report_slow_units=Nsec to control when slow units are printed 
llvm-svn: 244152
 2015-08-05 21:43:48 +00:00
Kostya Serebryany
7ee2b779f7 [libFuzzer] more refactoring of the Mutator and adding tests to it 
llvm-svn: 243818
 2015-08-01 02:23:06 +00:00
Kostya Serebryany
82464edd32 [libFuzzer] start refactoring the Mutator and adding tests to it 
llvm-svn: 243817
 2015-08-01 01:42:51 +00:00
Kostya Serebryany
02e05d0662 [libFuzzer] allow users to supply their own implementation of rand 
llvm-svn: 243078
 2015-07-24 01:06:40 +00:00
Kostya Serebryany
35d1f9b1f6 [libFuzzer] dump long running units to disk 
llvm-svn: 243031
 2015-07-23 18:37:22 +00:00
Kostya Serebryany
c28d1607f2 [lib/Fuzzer] start getting rid of std::cerr. Sadly, these parts of C++ library used in libFuzzer badly interract with the same code used in the target function and also with dfsan. It's easier to just not use std::cerr than to defeat these issues. 
llvm-svn: 238078
 2015-05-23 01:07:46 +00:00
Kostya Serebryany
3afd2456cd [lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is unlikely to ever scale 
llvm-svn: 238063
 2015-05-22 22:47:03 +00:00
Kostya Serebryany
2ee531c66a [lib/Fuzzer] extend the fuzzer interface to allow user-supplied mutators 
llvm-svn: 238059
 2015-05-22 22:35:31 +00:00
Kostya Serebryany
46c887ece3 [lib/Fuzzer] change the meaning of -timeout flag: now timeout is applied to every unit of work separately 
llvm-svn: 237735
 2015-05-19 22:12:57 +00:00
Kostya Serebryany
33a7c23155 [lib/Fuzzer] more efficient reload logic; also don't spam git too much 
llvm-svn: 237649
 2015-05-19 01:06:07 +00:00
Kostya Serebryany
a98902fdfc [lib/Fuzzer] when -sync_command=<CMD> is given, periodically execute 'CMD CORPUS' to synchronize with other processes 
llvm-svn: 237617
 2015-05-18 21:34:20 +00:00
Kostya Serebryany
72ed46ef80 [lib/Fuzzer] Add SHA1 implementation from public domain. 
Summary:
This adds a SHA1 implementation taken from public domain code.
The change is trivial, but as it involves third-party code I'd like
a second pair of eyes before commit.

LibFuzzer can not use SHA1 from openssl because openssl may not be available
and because we may be fuzzing openssl itself.
Using sha1sum via a pipe is too slow.

Test Plan: n/a

Reviewers: chandlerc

Reviewed By: chandlerc

Subscribers: majnemer, llvm-commits

Differential Revision: http://reviews.llvm.org/D9733

llvm-svn: 237400
 2015-05-14 22:41:49 +00:00
Kostya Serebryany
354905a212 [lib/Fuzzer] guess the right number of workers if -jobs=N is given but -workers=M is not. Update the docs. 
llvm-svn: 237163
 2015-05-12 18:51:57 +00:00
Kostya Serebryany
933c6b41dd [lib/Fuzzer] remove the -dfsan=1 flag, just use -use_traces=1 (w/ or w/o dfsan) 
llvm-svn: 237083
 2015-05-12 01:58:34 +00:00
Kostya Serebryany
a4fe522adc [lib/Fuzzer] rename FuzzerDFSan.cpp to FuzzerTraceState.cpp; update comments. NFC expected 
llvm-svn: 237050
 2015-05-11 21:16:27 +00:00
Kostya Serebryany
528387038e [lib/Fuzzer] add a trace-based mutatation logic. Same idea as with DFSan-based mutator, but instead of relying on taint tracking, try to find the data directly in the input. More (logic and comments) to go. 
llvm-svn: 237043
 2015-05-11 20:51:19 +00:00
Kostya Serebryany
9387837867 [lib/Fuzzer] use -fsanitize-coverage=trace-cmp when building LLVM with LLVM_USE_SANITIZE_COVERAGE; in lib/Fuzzer try to reload the corpus to pick up new units from other processes 
llvm-svn: 236906
 2015-05-08 21:30:55 +00:00
Kostya Serebryany
037e4b3475 [lib/Fuzzer] change the way we use taint information for fuzzing. Now, we run a single unit and collect suggested mutations based on tracing+taint data, then apply the suggested mutations one by one. The previous scheme was slower and more complex. 
llvm-svn: 236772
 2015-05-07 21:02:11 +00:00
Kostya Serebryany
f4f653e078 [lib/Fuzzer] minor refactoring/simplification, NFC 
llvm-svn: 236757
 2015-05-07 18:32:29 +00:00
Kostya Serebryany
177467fad4 [lib/Fuzzer] on crash print the contents of the crashy input as base64 
llvm-svn: 236548
 2015-05-05 21:59:51 +00:00
Kostya Serebryany
c69c3a7d4e [fuzzer] Add support for token-based fuzzing (e.g. for C++). Allow string flags. 
llvm-svn: 233745
 2015-03-31 20:13:20 +00:00
Kostya Serebryany
e11d81541d [fuzzer] when a single unit takes over 1 second to run and it is the slowest one so far, print it. 
llvm-svn: 233637
 2015-03-30 23:04:35 +00:00
Kostya Serebryany
84554a2713 [fuzzer] print various stats in a unified way 
llvm-svn: 233624
 2015-03-30 22:44:03 +00:00
Kostya Serebryany
bf919ef6ab DFSan-based fuzzer (proof of concept). 
Summary:
This adds a simple DFSan-based (i.e. taint-guided) fuzzer mutator,
see the comments for details.

Test Plan: a test added

Reviewers: samsonov, pcc

Reviewed By: samsonov, pcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D8669

llvm-svn: 233613
 2015-03-30 22:09:51 +00:00