RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-11-23 03:02:36 +01:00
Code Issues Projects Releases Wiki Activity
139,773 Commits 4 Branches 5 Tags 704 MiB
8f2c88ca19
Commit Graph

439 Commits

Author SHA1 Message Date
Kostya Serebryany
d7100e5ad6 [libFuzzer] mutation: insert the size of the input in bytes as one of the ways to mutate a binary integer 
llvm-svn: 284909
 2016-10-22 03:48:53 +00:00
Kostya Serebryany
0a0429306e [libFuzzer] typo in a test 
llvm-svn: 284903
 2016-10-22 01:07:38 +00:00
Kostya Serebryany
d78a4c604a [libFuzzer] add a test for asan's strict_string_checks=1 
llvm-svn: 284902
 2016-10-22 00:05:44 +00:00
Reid Kleckner
17deeccb8f Fix -Wunused-variable warning in libFuzzer 
llvm-svn: 284838
 2016-10-21 16:26:27 +00:00
Kostya Serebryany
988580974c [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files. 
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp

Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
  (need to implement another API to get the module name by PC)

llvm-svn: 284554
 2016-10-19 00:12:03 +00:00
Kostya Serebryany
5212c69d5c [libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file) 
llvm-svn: 284514
 2016-10-18 18:38:08 +00:00
Kostya Serebryany
aa738cf89b [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item 
llvm-svn: 284508
 2016-10-18 18:06:05 +00:00
Kostya Serebryany
7a7a232eb8 [libFuzzer] swap bytes in integers when handling CMP traces 
llvm-svn: 284301
 2016-10-15 04:00:07 +00:00
Kostya Serebryany
48444a7a27 [libFuzzer] better algorithm for -minimize_crash 
llvm-svn: 284299
 2016-10-15 01:00:24 +00:00
Kostya Serebryany
f9c10b3ff9 [libFuzzer] remove subdir fuzzer-test-suite as it is now superseded with https://github.com/google/fuzzer-test-suite 
llvm-svn: 284275
 2016-10-14 20:26:40 +00:00
Kostya Serebryany
c7f377f70d [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
llvm-svn: 284273
 2016-10-14 20:20:33 +00:00
Kostya Serebryany
af8dd6b82e [libFuzzer] more detailed message for disabled leak detection 
llvm-svn: 284169
 2016-10-13 22:24:10 +00:00
Kostya Serebryany
58cef4f0ca [libFuzzer] add -trace_malloc= flag 
llvm-svn: 284149
 2016-10-13 19:06:46 +00:00
Kostya Serebryany
8a332d88f1 [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a fix for gcc build 
llvm-svn: 284132
 2016-10-13 16:19:09 +00:00
Daniel Jasper
1efc6eadb0 Revert "[libFuzzer] refactoring to speed things up, NFC" 
This reverts commit r283946.

This breaks when build with GCC:
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes]
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch
lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here

llvm-svn: 283979
 2016-10-12 07:26:46 +00:00
Kostya Serebryany
77bcf6126c [libFuzzer] refactoring to speed things up, NFC 
llvm-svn: 283946
 2016-10-11 21:27:37 +00:00
Kostya Serebryany
3386751019 [libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it 
llvm-svn: 283841
 2016-10-11 01:14:41 +00:00
Kostya Serebryany
f4f85fd06a [libFuzzer] add switch tests 
llvm-svn: 283840
 2016-10-11 01:13:32 +00:00
Kostya Serebryany
ef58087d34 [libFuzzer] make a test less flaky 
llvm-svn: 283686
 2016-10-09 03:45:38 +00:00
Kostya Serebryany
441ec03873 [libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process 
llvm-svn: 283682
 2016-10-08 23:24:45 +00:00
Kostya Serebryany
19be729c07 [libFuzzer] control the reload interval by a flag, make it 10 seconds by default 
llvm-svn: 283676
 2016-10-08 22:12:14 +00:00
Kostya Serebryany
140dff0936 [libFuzzer] fix use-after-free in libFuzzer found by ... fuzzing. 
llvm-svn: 283675
 2016-10-08 21:57:48 +00:00
Kostya Serebryany
0eea9370fa [libFuzzer] be more careful with memory usage, print peak rss in status lines 
llvm-svn: 283418
 2016-10-06 05:14:00 +00:00
Kostya Serebryany
2f87d8ab24 [libFuzzer] when re-running for lsan, don't look at the coverage 
llvm-svn: 283411
 2016-10-05 23:31:01 +00:00
Kostya Serebryany
295957939e [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
llvm-svn: 283409
 2016-10-05 22:56:21 +00:00
Kostya Serebryany
ef40d08bcc [libFuzzer] add ShrinkValueProfileTest, move code around, NFC 
llvm-svn: 283286
 2016-10-05 01:09:40 +00:00
Kostya Serebryany
1870a413c0 [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines 
llvm-svn: 283279
 2016-10-05 00:25:17 +00:00
Kostya Serebryany
783f41e2c2 [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway 
llvm-svn: 283187
 2016-10-04 06:08:46 +00:00
Kostya Serebryany
7a8af61400 [libFuzzer] change the probabilities so that we choose only the inputs that are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now) 
llvm-svn: 283178
 2016-10-04 01:51:44 +00:00
Kostya Serebryany
495381df04 [libFuzzer] add fuzzer test for libxml2, finds https://bugzilla.gnome.org/show_bug.cgi?id=751631 
llvm-svn: 283024
 2016-10-01 07:37:40 +00:00
Kostya Serebryany
827a5cb086 [libFuzzer] fix a recent bugs (buffer overflow) 
llvm-svn: 283021
 2016-10-01 07:13:25 +00:00
Kostya Serebryany
0d42a944a6 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default 
llvm-svn: 282995
 2016-10-01 01:04:29 +00:00
Kostya Serebryany
7a1929a3d8 [libFuzzer] remove some experimental code 
llvm-svn: 282983
 2016-09-30 23:29:27 +00:00
Kostya Serebryany
30316a2bd2 [libFuzzer] fix openssl fuzzer tests when running on a machine w/o openssl installed 
llvm-svn: 282972
 2016-09-30 22:35:08 +00:00
Kostya Serebryany
841b6806c7 [libFuzzer] remove unused option 
llvm-svn: 282971
 2016-09-30 22:29:57 +00:00
Kostya Serebryany
a9a320d2db [libFuzzer] move common parts of shell scripts into a separate file 
llvm-svn: 282954
 2016-09-30 21:12:30 +00:00
Kostya Serebryany
179ff532fb [libFuzzer] add a fuzzer test that finds CVE-2015-3193 
llvm-svn: 282892
 2016-09-30 18:16:16 +00:00
Kostya Serebryany
43c4fa2adf [libfuzzer] test for c-ares CVE-2016-5180 
llvm-svn: 282839
 2016-09-30 05:15:45 +00:00
Kostya Serebryany
d31e44ab52 [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard) 
llvm-svn: 282831
 2016-09-30 01:24:57 +00:00
Kostya Serebryany
8e6582edf5 [libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input 
llvm-svn: 282829
 2016-09-30 01:19:56 +00:00
Kostya Serebryany
83752c3be3 [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals 
llvm-svn: 282735
 2016-09-29 17:43:24 +00:00
Kostya Serebryany
acf46844e0 [libFuzzer] initialize ValueBitMap::NumBits 
llvm-svn: 282721
 2016-09-29 15:51:28 +00:00
Kostya Serebryany
2bd649efa3 [libFuzzer] speedup TracePC::FinalizeTrace 
llvm-svn: 282562
 2016-09-28 01:16:24 +00:00
Kostya Serebryany
972b5aeaff [libFuzzer] run re2 test in 8 threads by default 
llvm-svn: 282469
 2016-09-27 03:33:57 +00:00
Kostya Serebryany
3271dd3f6e [sanitizer-coverage] fix a bug in trace-gep 
llvm-svn: 282467
 2016-09-27 01:55:08 +00:00
Kostya Serebryany
e755516322 [libFuzzer] add a test based on openssl-1.0.1f (finds heartbleed) 
llvm-svn: 282460
 2016-09-27 00:27:40 +00:00
Kostya Serebryany
ba61cede89 [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag 
llvm-svn: 282458
 2016-09-27 00:10:20 +00:00
Kostya Serebryany
810d04f0e6 [libFuzzer] add a standalone build script 
llvm-svn: 282321
 2016-09-24 04:00:00 +00:00
Kostya Serebryany
496fab274a [libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features. 
llvm-svn: 282316
 2016-09-23 23:51:58 +00:00
Kostya Serebryany
75f28537e8 [libFuzzer] first steps in adding a proper automated test suite based on real-life code: add a script to build RE2 at a revision that has known bugs 
llvm-svn: 282292
 2016-09-23 20:43:22 +00:00