RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-11-26 12:43:36 +01:00
Code Issues Projects Releases Wiki Activity
138,390 Commits 4 Branches 5 Tags 704 MiB
763d4bc96b
Commit Graph

162 Commits

Author SHA1 Message Date
Kostya Serebryany
763d4bc96b [libFuzzer] fix merging with trace-pc-guard 
llvm-svn: 282224
 2016-09-23 01:58:51 +00:00
Kostya Serebryany
5cd1f5a82d [libFuzzer] simplify the TracePC logic 
llvm-svn: 282222
 2016-09-23 01:20:07 +00:00
Kostya Serebryany
1f0aefdb84 [libFuzzer] move value profiling logic into TracePC 
llvm-svn: 282219
 2016-09-23 00:46:18 +00:00
Kostya Serebryany
13b73c7438 [libFuzzer] change ValueBitMap to remember the number of bits in it 
llvm-svn: 282216
 2016-09-23 00:22:46 +00:00
Kostya Serebryany
e7337182e5 [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen 
llvm-svn: 282211
 2016-09-22 23:16:36 +00:00
Kostya Serebryany
21d31d163e [libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings 
llvm-svn: 282129
 2016-09-22 01:34:58 +00:00
Kostya Serebryany
415d2b3586 [libFuzzer] add stats to the corpus; more refactoring 
llvm-svn: 282121
 2016-09-21 22:42:17 +00:00
Kostya Serebryany
4ce26769cd [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one. 
llvm-svn: 282115
 2016-09-21 21:41:48 +00:00
Kostya Serebryany
89cc7aa29b [libFuzzer] refactoring: split the large header into many; NFC 
llvm-svn: 282044
 2016-09-21 01:50:50 +00:00
Kostya Serebryany
5e6a145744 [libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features 
llvm-svn: 282042
 2016-09-21 01:04:43 +00:00
Kostya Serebryany
637985cabd [libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer 
llvm-svn: 281866
 2016-09-18 21:47:08 +00:00
Kostya Serebryany
4b0efbfd4a [libFuzzer] change trace-pc to use 8-byte guards 
llvm-svn: 281810
 2016-09-17 05:04:47 +00:00
Kostya Serebryany
a166497232 [libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) 
llvm-svn: 281577
 2016-09-15 04:36:45 +00:00
Kostya Serebryany
bd6bd39ccc [libFuzzer] add 8-bit counters to trace-pc-guard handler 
llvm-svn: 281568
 2016-09-15 01:30:18 +00:00
Kostya Serebryany
41b41f51a8 [libFuzzer] start using trace-pc-guard as an alternative source of coverage 
llvm-svn: 281435
 2016-09-14 02:13:06 +00:00
Kostya Serebryany
25c312c38e [libFuzzer] print a failed-merge warning only in the merge mode 
llvm-svn: 281130
 2016-09-10 02:17:22 +00:00
Kostya Serebryany
6b8560d5a5 [libFuzzer] print a visible message if merge fails due to a crash 
llvm-svn: 281122
 2016-09-10 00:15:41 +00:00
Kostya Serebryany
436a6702d5 [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itself 
llvm-svn: 281016
 2016-09-09 02:38:28 +00:00
Kostya Serebryany
df4542584d [libFuzzer] remove unneeded call 
llvm-svn: 281014
 2016-09-09 01:57:38 +00:00
Mike Aizatsky
b9c35c415b [libfuzzer] simplified unit truncation; do not write trunc items to disc 
Differential Revision: https://reviews.llvm.org/D24049

llvm-svn: 280153
 2016-08-30 20:49:07 +00:00
Kostya Serebryany
25e0e96b53 [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them 
llvm-svn: 279787
 2016-08-25 22:35:08 +00:00
Kostya Serebryany
d93b4b7761 [libFuzzer] simplify the code, NFC 
llvm-svn: 279697
 2016-08-25 01:25:03 +00:00
Kostya Serebryany
4d034e34f6 [libFuzzer] when printing the reproducer input, also print the base input and the mutation sequence 
llvm-svn: 278975
 2016-08-17 20:45:23 +00:00
Kostya Serebryany
8a3b057601 [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. 
llvm-svn: 278839
 2016-08-16 19:33:51 +00:00
Kostya Serebryany
91340fc197 [libFuzzer] refactoring around PCMap, NFC 
llvm-svn: 278825
 2016-08-16 17:37:13 +00:00
Kostya Serebryany
de06df6edd [libFuzzer] make libFuzzer work with a bit older clang versions 
llvm-svn: 277941
 2016-08-06 21:28:56 +00:00
Kostya Serebryany
2a90c06b02 [libFuzzer] don't print bogus error message 
llvm-svn: 277940
 2016-08-06 21:23:29 +00:00
Mike Aizatsky
63896f700f [sanitizers] trace buffer API to use user-allocated buffer. 
Differential Revision: https://reviews.llvm.org/D23185

llvm-svn: 277859
 2016-08-05 20:09:53 +00:00
Mike Aizatsky
a189dc444c [libfuzzer] moving is_ascii handler inside mutation dispatcher. 
Summary: It also fixes a bug, when first random might not be ascii.

Differential Revision: http://reviews.llvm.org/D21573

llvm-svn: 273611
 2016-06-23 20:44:48 +00:00
Kostya Serebryany
865f69ffc1 [libFuzzer] use the new chainable malloc hooks instead of the old un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable 
llvm-svn: 272948
 2016-06-16 20:17:41 +00:00
Kostya Serebryany
1b5f4c4e10 [libFuzzer] add 'weak' back to __sanitizer_malloc_hook and __sanitizer_free_hook 
llvm-svn: 272116
 2016-06-08 04:49:29 +00:00
Kostya Serebryany
1d9584b1f3 [libFuzzer] add a test that is built w/o coverage instrumentation but has the coverage rt (it should now fail with a descriptive message) 
llvm-svn: 272090
 2016-06-08 01:46:13 +00:00
Dan Liew
c8948855b6 [LibFuzzer] Declare and use sanitizer functions in `fuzzer::ExternalFunctions` 
This fixes linking problems on OSX.

Unfortunately it turns out we need to use an instance of the
``fuzzer::ExternalFunctions`` object in several places so this
commit also replaces all instances with a single global instance.

It also turns out initializing a global ``fuzzer::ExternalFunctions``
before main is entered (i.e. letting the object be initialised by the
global initializers) is not safe (on OSX the call to ``Printf()`` in the
CTOR crashes if it is called from a global initializer) so we instead
have a global ``fuzzer::ExternalFunctions*`` and initialize it inside
``FuzzerDriver()``.

Multiple unit tests depend also depend on the
``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been
added that initializes it before running any tests.

Differential Revision: http://reviews.llvm.org/D20943

llvm-svn: 272072
 2016-06-07 23:32:50 +00:00
Mike Aizatsky
971be03956 [libfuzzer] prune_corpus option for disabling pruning during the load. 
Summary:
The option is very useful for testing, plus I intend to measure
its effect on fuzzer effectiveness.

Differential Revision: http://reviews.llvm.org/D21084

llvm-svn: 272035
 2016-06-07 18:16:32 +00:00
Mike Aizatsky
e89c6e8b16 [libfuzzer] hiding custom mutator handling in MutationDispatcher. 
Summary: Refactoring, no functional changes.

Differential Revision: http://reviews.llvm.org/D20975

llvm-svn: 271740
 2016-06-03 21:34:29 +00:00
Dan Liew
8b5c81728c [LibFuzzer] Reimplement how the optional user functions are called. 
The motivation for this change is to fix linking issues on OSX.
However this only partially fixes linking issues (the uninstrumented
tests and a few others  won't succesfully link yet).

This change introduces a struct of function pointers
(``fuzzer::ExternalFuntions``) which when initialised will point to the
optional functions if they are available.  Currently these
``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions.

Two implementations of ``fuzzer::ExternalFunctions`` constructor are
provided one for Linux and one for OSX.

The OSX implementation uses ``dlsym()`` because the prior implementation
using weak symbols does not work unless the additional flags are passed
to the linker.

The Linux implementation continues to use weak symbols because the
``dlsym()`` approach does not work unless additional flags are passed
to the linker.

Differential Revision: http://reviews.llvm.org/D20741

llvm-svn: 271491
 2016-06-02 05:48:02 +00:00
Kostya Serebryany
e2d6b2454c [libFuzzer] use __sanitizer_print_memory_profile to print the memory profile on OOM 
llvm-svn: 271465
 2016-06-02 01:33:11 +00:00
Kostya Serebryany
21c058bf71 [libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL caused a push_back in the main corpus invalidating the vector<> iterators in rare cases. 
llvm-svn: 271186
 2016-05-29 15:58:57 +00:00
Kostya Serebryany
30ef81698e [libFuzzer] fix a failure that occurs when running individual inputs 
llvm-svn: 271095
 2016-05-28 04:19:46 +00:00
Kostya Serebryany
9f5eabe7a7 [libFuzzer] make OOM-handling more portable. Instead of sending a signal to the main fuzzing thread, print the message in the getrusage thread and exit. 
llvm-svn: 270945
 2016-05-27 00:54:15 +00:00
Kostya Serebryany
becd6c1393 [libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid pointer to read from 
llvm-svn: 270942
 2016-05-27 00:21:33 +00:00
Kostya Serebryany
c5d4c0f8da [libFuzzer] more refactoring around CurrentUnit. Also add a threading test on which we currently have a race (when reporting bugs from multiple threads) 
llvm-svn: 270929
 2016-05-26 22:17:32 +00:00
Kostya Serebryany
14432c81d1 [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFC 
llvm-svn: 270922
 2016-05-26 21:32:30 +00:00
Kostya Serebryany
e6c20bc756 [libFuzzer] when there is a leak in the existing corpus report the reproducer properly 
llvm-svn: 270905
 2016-05-26 20:25:49 +00:00
Kostya Serebryany
7477d2d4c2 [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended 
llvm-svn: 270900
 2016-05-26 20:03:02 +00:00
Kostya Serebryany
10bbd18b43 [libFuzzer] print stats if we crash on empty input 
llvm-svn: 270639
 2016-05-25 00:15:36 +00:00
Mike Aizatsky
785d92e27f [libfuzzer] Trying random unit prefixes during corpus load. 
Differential Revision: http://reviews.llvm.org/D20301

llvm-svn: 270632
 2016-05-24 23:14:29 +00:00
Dan Liew
2063e3f97b [LibFuzzer] 
Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX.

Under Mac OSX we intercept calls to malloc before thread local
storage is initialised leading to a crash when accessing
``AllocTracer``. To workaround this ``AllocTracer`` is only accessed
in the hook under Linux. For symmetry ``__sanitizer_free_hook()``
is also modified in the same way.

To support this change a set of new macros
LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be
used to check the target being compiled for.

Differential Revision: http://reviews.llvm.org/D20402

llvm-svn: 270145
 2016-05-19 22:00:33 +00:00
Kostya Serebryany
1748b79bc0 [libFuzzer] do the merge faster and a bit less precise 
llvm-svn: 269497
 2016-05-13 22:11:23 +00:00
Kostya Serebryany
50c6e0a004 [libFuzzer] simplify FuzzerInterface.h 
llvm-svn: 269448
 2016-05-13 18:04:35 +00:00