RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-10-22 20:43:44 +02:00
Code Issues Projects Releases Wiki Activity
138,339 Commits 4 Branches 5 Tags 704 MiB
59579cf205
Commit Graph

209 Commits

Author SHA1 Message Date
Kostya Serebryany
59579cf205 [libFuzzer] one more test 
llvm-svn: 282127
 2016-09-22 00:57:29 +00:00
Kostya Serebryany
415d2b3586 [libFuzzer] add stats to the corpus; more refactoring 
llvm-svn: 282121
 2016-09-21 22:42:17 +00:00
Kostya Serebryany
4ce26769cd [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one. 
llvm-svn: 282115
 2016-09-21 21:41:48 +00:00
Kostya Serebryany
de353bfbcd [libFuzzer] more refactoring 
llvm-svn: 282113
 2016-09-21 21:17:23 +00:00
Kostya Serebryany
89cc7aa29b [libFuzzer] refactoring: split the large header into many; NFC 
llvm-svn: 282044
 2016-09-21 01:50:50 +00:00
Kostya Serebryany
5e6a145744 [libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features 
llvm-svn: 282042
 2016-09-21 01:04:43 +00:00
Kostya Serebryany
637985cabd [libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer 
llvm-svn: 281866
 2016-09-18 21:47:08 +00:00
Kostya Serebryany
9e8e432014 [libFuzzer] properly reset the guards when reseting the coverage. Also try to fix check-fuzzer on the bot 
llvm-svn: 281814
 2016-09-17 06:01:55 +00:00
Kostya Serebryany
4b0efbfd4a [libFuzzer] change trace-pc to use 8-byte guards 
llvm-svn: 281810
 2016-09-17 05:04:47 +00:00
Kostya Serebryany
f16ae52160 [libFuzzer] make caller-callee feedback work with trace-pc-guard 
llvm-svn: 281667
 2016-09-15 22:16:15 +00:00
Kostya Serebryany
a4e772ea61 [libFuzzer] fix the build for AFLDriverTest 
llvm-svn: 281633
 2016-09-15 18:10:38 +00:00
Kostya Serebryany
377899e661 [libFuzzer] disable test that requires debug info -- it fails on the bot 
llvm-svn: 281584
 2016-09-15 05:46:58 +00:00
Kostya Serebryany
cce4ba7b97 [libFuzzer] move the AFL driver build rule test into the uninstrumented dir 
llvm-svn: 281583
 2016-09-15 05:17:39 +00:00
Kostya Serebryany
cf1ccdc183 [libFuzzer] fix print_pcs test 
llvm-svn: 281580
 2016-09-15 04:43:06 +00:00
Kostya Serebryany
a166497232 [libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) 
llvm-svn: 281577
 2016-09-15 04:36:45 +00:00
Kostya Serebryany
bd6bd39ccc [libFuzzer] add 8-bit counters to trace-pc-guard handler 
llvm-svn: 281568
 2016-09-15 01:30:18 +00:00
Kostya Serebryany
41b41f51a8 [libFuzzer] start using trace-pc-guard as an alternative source of coverage 
llvm-svn: 281435
 2016-09-14 02:13:06 +00:00
Kostya Serebryany
6727e0c36f [libFuzzer] don't print help for internal flags 
llvm-svn: 281124
 2016-09-10 00:35:30 +00:00
Kostya Serebryany
6b8560d5a5 [libFuzzer] print a visible message if merge fails due to a crash 
llvm-svn: 281122
 2016-09-10 00:15:41 +00:00
Kostya Serebryany
afd27e1acc [libFuzzer] use sizeof() in tests instead of 4 and 8 
llvm-svn: 281111
 2016-09-09 22:21:16 +00:00
Kostya Serebryany
f3e050c251 [libFuzzer] one more puzzle for value profile 
llvm-svn: 281106
 2016-09-09 21:58:42 +00:00
Kostya Serebryany
a73451f514 [libFuzzer] one more puzzle, value_profile cracks it in a second 
llvm-svn: 281066
 2016-09-09 18:00:04 +00:00
Kostya Serebryany
8d5f2dcf39 [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better 
llvm-svn: 281007
 2016-09-09 01:17:03 +00:00
Kostya Serebryany
d575db2f6f [libFuzzer] add -minimize_crash flag (to minimize crashers). also add two tests that I failed to commit last time 
llvm-svn: 280332
 2016-09-01 01:22:27 +00:00
Mike Aizatsky
b9c35c415b [libfuzzer] simplified unit truncation; do not write trunc items to disc 
Differential Revision: https://reviews.llvm.org/D24049

llvm-svn: 280153
 2016-08-30 20:49:07 +00:00
Kostya Serebryany
733e18adcb [libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow 
llvm-svn: 280098
 2016-08-30 14:52:05 +00:00
Kostya Serebryany
1d077e5054 [libFuzzer] stop using bits for memcmp's value profile -- seems to blow up the corpus too much 
llvm-svn: 280096
 2016-08-30 14:39:33 +00:00
Kostya Serebryany
3620aadd00 [libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the fuzzer reaches the goal much faster, at least on the simple puzzles 
llvm-svn: 280054
 2016-08-30 03:05:50 +00:00
Kostya Serebryany
d305c04722 [libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests 
llvm-svn: 280046
 2016-08-30 01:30:14 +00:00
Kostya Serebryany
70186ece8e [libFuzzer] simplify a test to make it pass on the bot 
llvm-svn: 279796
 2016-08-26 00:18:16 +00:00
Kostya Serebryany
d4cdf49632 [libFuzzer] make sure we have symbols on fuzzer tests 
llvm-svn: 279792
 2016-08-25 23:30:02 +00:00
Kostya Serebryany
25e0e96b53 [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them 
llvm-svn: 279787
 2016-08-25 22:35:08 +00:00
Kostya Serebryany
2374a83857 [libFuzzer] make a test more deterministic 
llvm-svn: 279686
 2016-08-24 23:10:17 +00:00
Kostya Serebryany
03331f9d41 [sanitizer-coverage/libFuzzer] instrument comparisons with __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer 
llvm-svn: 279027
 2016-08-18 01:25:28 +00:00
Kostya Serebryany
90a0d20525 [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage from r278970 
llvm-svn: 278982
 2016-08-17 21:30:30 +00:00
Kostya Serebryany
6bf06b87d3 [libFuzzer] more mutations 
llvm-svn: 278950
 2016-08-17 18:10:42 +00:00
Kostya Serebryany
8a3b057601 [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. 
llvm-svn: 278839
 2016-08-16 19:33:51 +00:00
Kostya Serebryany
709991dc84 [libFuzzer] print a verbose message after executing inputs in non-fuzzing mode 
llvm-svn: 278724
 2016-08-15 19:44:04 +00:00
Kostya Serebryany
ffb369301e [libFuzzer] fix the bot 
llvm-svn: 278721
 2016-08-15 19:36:13 +00:00
Kostya Serebryany
771f098a4d [libFuzzer] add InsertRepeatedBytes and EraseBytes. 
New mutation: InsertRepeatedBytes.
Updated mutation: EraseByte => EraseBytes.

This helps https://github.com/google/sanitizers/issues/710
where libFuzzer was not able to find a known bug.
Now it finds it in minutes.

Hopefully, the change is general enough to help other targets.

llvm-svn: 278687
 2016-08-15 17:48:28 +00:00
Dan Liew
22b310e67c [LibFuzzer] Fix -jobs=<N> where <N> > 1 and the number of workers is > 1 on macOS. 
The original `ExecuteCommand()` called `system()` from the C library.
The C library implementation of this on macOS contains a mutex which
serializes calls to `system()`. This prevented the `-jobs=` flag
from running copies of the fuzzing binary in parallel which is
the opposite of what is intended.

To fix this on macOS an alternative implementation of `ExecuteCommand()`
is provided that can be used concurrently. This is provided in
`FuzzerUtilDarwin.cpp` which is guarded to only compile code on Apple
platforms. The existing implementation has been moved to a new file
`FuzzerUtilLinux.cpp` which is guarded to only compile code on Linux.

This commit includes a simple test to check that LibFuzzer is being
executed in parallel when requested.

Differential Revision: https://reviews.llvm.org/D22742

llvm-svn: 278544
 2016-08-12 18:29:36 +00:00
Kostya Serebryany
175b53e526 [libFuzzer] properly intercept memmem 
llvm-svn: 276006
 2016-07-19 18:29:06 +00:00
Kostya Serebryany
88667faa02 [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp 
llvm-svn: 275648
 2016-07-15 23:27:19 +00:00
Kostya Serebryany
58e21cf3cd [libFuzzer] add ThreadedLeakTest 
llvm-svn: 275582
 2016-07-15 17:19:43 +00:00
Dan Liew
ce9d9a9d03 [LibFuzzer] Unbreak the build on macOS which was broken by r272858. 
``afl_driver.cpp`` currently relies on weak symbols which doesn't
work properly under macOS. For now fix the build by providing a
dummy implementation of ``LLVMFuzzerInitialize(...)``. This is just
a temporary measure until we fix ``afl_driver.cpp`` for macOS.

llvm-svn: 274778
 2016-07-07 18:14:11 +00:00
Mike Aizatsky
c236298979 [libFuzzer] Let user specify extra stats file. 
Summary: If AFL_DRIVER_EXTRA_STATS_FILENAME is set and valid, write to it peak_rss_mb and slowest_unit_time_sec. These are both stats that libFuzzer can print but afl cannot.

Reviewers: kcc, aizatsky, metzman

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D21742

llvm-svn: 274273
 2016-06-30 20:43:06 +00:00
Mike Aizatsky
a189dc444c [libfuzzer] moving is_ascii handler inside mutation dispatcher. 
Summary: It also fixes a bug, when first random might not be ascii.

Differential Revision: http://reviews.llvm.org/D21573

llvm-svn: 273611
 2016-06-23 20:44:48 +00:00
Vitaly Buka
2553ec0992 [libFuzzer] Add standard license info and comment header to AFLDriverTest.cpp 
Summary: Add license info and brief description of file to AFLDriverTest.cpp.

Reviewers: kcc, aizatsky

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D21487

llvm-svn: 273527
 2016-06-23 02:19:36 +00:00
Kostya Serebryany
69e44c7198 [libFuzzer] make the single-run output more reliable 
llvm-svn: 272998
 2016-06-17 13:07:06 +00:00
Kostya Serebryany
865f69ffc1 [libFuzzer] use the new chainable malloc hooks instead of the old un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable 
llvm-svn: 272948
 2016-06-16 20:17:41 +00:00