Kostya Serebryany
59579cf205
[libFuzzer] one more test
...
llvm-svn: 282127
2016-09-22 00:57:29 +00:00
Kostya Serebryany
415d2b3586
[libFuzzer] add stats to the corpus; more refactoring
...
llvm-svn: 282121
2016-09-21 22:42:17 +00:00
Kostya Serebryany
4ce26769cd
[libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one.
...
llvm-svn: 282115
2016-09-21 21:41:48 +00:00
Kostya Serebryany
de353bfbcd
[libFuzzer] more refactoring
...
llvm-svn: 282113
2016-09-21 21:17:23 +00:00
Kostya Serebryany
89cc7aa29b
[libFuzzer] refactoring: split the large header into many; NFC
...
llvm-svn: 282044
2016-09-21 01:50:50 +00:00
Kostya Serebryany
5e6a145744
[libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features
...
llvm-svn: 282042
2016-09-21 01:04:43 +00:00
Kostya Serebryany
637985cabd
[libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer
...
llvm-svn: 281866
2016-09-18 21:47:08 +00:00
Kostya Serebryany
9e8e432014
[libFuzzer] properly reset the guards when reseting the coverage. Also try to fix check-fuzzer on the bot
...
llvm-svn: 281814
2016-09-17 06:01:55 +00:00
Kostya Serebryany
4b0efbfd4a
[libFuzzer] change trace-pc to use 8-byte guards
...
llvm-svn: 281810
2016-09-17 05:04:47 +00:00
Kostya Serebryany
f16ae52160
[libFuzzer] make caller-callee feedback work with trace-pc-guard
...
llvm-svn: 281667
2016-09-15 22:16:15 +00:00
Kostya Serebryany
a4e772ea61
[libFuzzer] fix the build for AFLDriverTest
...
llvm-svn: 281633
2016-09-15 18:10:38 +00:00
Kostya Serebryany
377899e661
[libFuzzer] disable test that requires debug info -- it fails on the bot
...
llvm-svn: 281584
2016-09-15 05:46:58 +00:00
Kostya Serebryany
cce4ba7b97
[libFuzzer] move the AFL driver build rule test into the uninstrumented dir
...
llvm-svn: 281583
2016-09-15 05:17:39 +00:00
Kostya Serebryany
cf1ccdc183
[libFuzzer] fix print_pcs test
...
llvm-svn: 281580
2016-09-15 04:43:06 +00:00
Kostya Serebryany
a166497232
[libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic)
...
llvm-svn: 281577
2016-09-15 04:36:45 +00:00
Kostya Serebryany
bd6bd39ccc
[libFuzzer] add 8-bit counters to trace-pc-guard handler
...
llvm-svn: 281568
2016-09-15 01:30:18 +00:00
Kostya Serebryany
41b41f51a8
[libFuzzer] start using trace-pc-guard as an alternative source of coverage
...
llvm-svn: 281435
2016-09-14 02:13:06 +00:00
Kostya Serebryany
6727e0c36f
[libFuzzer] don't print help for internal flags
...
llvm-svn: 281124
2016-09-10 00:35:30 +00:00
Kostya Serebryany
6b8560d5a5
[libFuzzer] print a visible message if merge fails due to a crash
...
llvm-svn: 281122
2016-09-10 00:15:41 +00:00
Kostya Serebryany
afd27e1acc
[libFuzzer] use sizeof() in tests instead of 4 and 8
...
llvm-svn: 281111
2016-09-09 22:21:16 +00:00
Kostya Serebryany
f3e050c251
[libFuzzer] one more puzzle for value profile
...
llvm-svn: 281106
2016-09-09 21:58:42 +00:00
Kostya Serebryany
a73451f514
[libFuzzer] one more puzzle, value_profile cracks it in a second
...
llvm-svn: 281066
2016-09-09 18:00:04 +00:00
Kostya Serebryany
8d5f2dcf39
[libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better
...
llvm-svn: 281007
2016-09-09 01:17:03 +00:00
Kostya Serebryany
d575db2f6f
[libFuzzer] add -minimize_crash flag (to minimize crashers). also add two tests that I failed to commit last time
...
llvm-svn: 280332
2016-09-01 01:22:27 +00:00
Mike Aizatsky
b9c35c415b
[libfuzzer] simplified unit truncation; do not write trunc items to disc
...
Differential Revision: https://reviews.llvm.org/D24049
llvm-svn: 280153
2016-08-30 20:49:07 +00:00
Kostya Serebryany
733e18adcb
[libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow
...
llvm-svn: 280098
2016-08-30 14:52:05 +00:00
Kostya Serebryany
1d077e5054
[libFuzzer] stop using bits for memcmp's value profile -- seems to blow up the corpus too much
...
llvm-svn: 280096
2016-08-30 14:39:33 +00:00
Kostya Serebryany
3620aadd00
[libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the fuzzer reaches the goal much faster, at least on the simple puzzles
...
llvm-svn: 280054
2016-08-30 03:05:50 +00:00
Kostya Serebryany
d305c04722
[libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests
...
llvm-svn: 280046
2016-08-30 01:30:14 +00:00
Kostya Serebryany
70186ece8e
[libFuzzer] simplify a test to make it pass on the bot
...
llvm-svn: 279796
2016-08-26 00:18:16 +00:00
Kostya Serebryany
d4cdf49632
[libFuzzer] make sure we have symbols on fuzzer tests
...
llvm-svn: 279792
2016-08-25 23:30:02 +00:00
Kostya Serebryany
25e0e96b53
[libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them
...
llvm-svn: 279787
2016-08-25 22:35:08 +00:00
Kostya Serebryany
2374a83857
[libFuzzer] make a test more deterministic
...
llvm-svn: 279686
2016-08-24 23:10:17 +00:00
Kostya Serebryany
03331f9d41
[sanitizer-coverage/libFuzzer] instrument comparisons with __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer
...
llvm-svn: 279027
2016-08-18 01:25:28 +00:00
Kostya Serebryany
90a0d20525
[libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage from r278970
...
llvm-svn: 278982
2016-08-17 21:30:30 +00:00
Kostya Serebryany
6bf06b87d3
[libFuzzer] more mutations
...
llvm-svn: 278950
2016-08-17 18:10:42 +00:00
Kostya Serebryany
8a3b057601
[libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage.
...
llvm-svn: 278839
2016-08-16 19:33:51 +00:00
Kostya Serebryany
709991dc84
[libFuzzer] print a verbose message after executing inputs in non-fuzzing mode
...
llvm-svn: 278724
2016-08-15 19:44:04 +00:00
Kostya Serebryany
ffb369301e
[libFuzzer] fix the bot
...
llvm-svn: 278721
2016-08-15 19:36:13 +00:00
Kostya Serebryany
771f098a4d
[libFuzzer] add InsertRepeatedBytes and EraseBytes.
...
New mutation: InsertRepeatedBytes.
Updated mutation: EraseByte => EraseBytes.
This helps https://github.com/google/sanitizers/issues/710
where libFuzzer was not able to find a known bug.
Now it finds it in minutes.
Hopefully, the change is general enough to help other targets.
llvm-svn: 278687
2016-08-15 17:48:28 +00:00
Dan Liew
22b310e67c
[LibFuzzer] Fix -jobs=<N>
where <N> > 1 and the number of workers is > 1 on macOS.
...
The original `ExecuteCommand()` called `system()` from the C library.
The C library implementation of this on macOS contains a mutex which
serializes calls to `system()`. This prevented the `-jobs=` flag
from running copies of the fuzzing binary in parallel which is
the opposite of what is intended.
To fix this on macOS an alternative implementation of `ExecuteCommand()`
is provided that can be used concurrently. This is provided in
`FuzzerUtilDarwin.cpp` which is guarded to only compile code on Apple
platforms. The existing implementation has been moved to a new file
`FuzzerUtilLinux.cpp` which is guarded to only compile code on Linux.
This commit includes a simple test to check that LibFuzzer is being
executed in parallel when requested.
Differential Revision: https://reviews.llvm.org/D22742
llvm-svn: 278544
2016-08-12 18:29:36 +00:00
Kostya Serebryany
175b53e526
[libFuzzer] properly intercept memmem
...
llvm-svn: 276006
2016-07-19 18:29:06 +00:00
Kostya Serebryany
88667faa02
[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp
...
llvm-svn: 275648
2016-07-15 23:27:19 +00:00
Kostya Serebryany
58e21cf3cd
[libFuzzer] add ThreadedLeakTest
...
llvm-svn: 275582
2016-07-15 17:19:43 +00:00
Dan Liew
ce9d9a9d03
[LibFuzzer] Unbreak the build on macOS which was broken by r272858.
...
``afl_driver.cpp`` currently relies on weak symbols which doesn't
work properly under macOS. For now fix the build by providing a
dummy implementation of ``LLVMFuzzerInitialize(...)``. This is just
a temporary measure until we fix ``afl_driver.cpp`` for macOS.
llvm-svn: 274778
2016-07-07 18:14:11 +00:00
Mike Aizatsky
c236298979
[libFuzzer] Let user specify extra stats file.
...
Summary: If AFL_DRIVER_EXTRA_STATS_FILENAME is set and valid, write to it peak_rss_mb and slowest_unit_time_sec. These are both stats that libFuzzer can print but afl cannot.
Reviewers: kcc, aizatsky, metzman
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D21742
llvm-svn: 274273
2016-06-30 20:43:06 +00:00
Mike Aizatsky
a189dc444c
[libfuzzer] moving is_ascii handler inside mutation dispatcher.
...
Summary: It also fixes a bug, when first random might not be ascii.
Differential Revision: http://reviews.llvm.org/D21573
llvm-svn: 273611
2016-06-23 20:44:48 +00:00
Vitaly Buka
2553ec0992
[libFuzzer] Add standard license info and comment header to AFLDriverTest.cpp
...
Summary: Add license info and brief description of file to AFLDriverTest.cpp.
Reviewers: kcc, aizatsky
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D21487
llvm-svn: 273527
2016-06-23 02:19:36 +00:00
Kostya Serebryany
69e44c7198
[libFuzzer] make the single-run output more reliable
...
llvm-svn: 272998
2016-06-17 13:07:06 +00:00
Kostya Serebryany
865f69ffc1
[libFuzzer] use the new chainable malloc hooks instead of the old un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable
...
llvm-svn: 272948
2016-06-16 20:17:41 +00:00