Kostya Serebryany
|
810d04f0e6
|
[libFuzzer] add a standalone build script
llvm-svn: 282321
|
2016-09-24 04:00:00 +00:00 |
|
Kostya Serebryany
|
496fab274a
|
[libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features.
llvm-svn: 282316
|
2016-09-23 23:51:58 +00:00 |
|
Kostya Serebryany
|
75f28537e8
|
[libFuzzer] first steps in adding a proper automated test suite based on real-life code: add a script to build RE2 at a revision that has known bugs
llvm-svn: 282292
|
2016-09-23 20:43:22 +00:00 |
|
Kostya Serebryany
|
3818e175e9
|
[libFuzzer] reset Counters (trace-pc-guard) before every run
llvm-svn: 282284
|
2016-09-23 20:04:13 +00:00 |
|
Kostya Serebryany
|
cc6b86b16e
|
[libFuzzer] be more precise about what we reset in TracePC
llvm-svn: 282225
|
2016-09-23 02:18:59 +00:00 |
|
Kostya Serebryany
|
763d4bc96b
|
[libFuzzer] fix merging with trace-pc-guard
llvm-svn: 282224
|
2016-09-23 01:58:51 +00:00 |
|
Kostya Serebryany
|
5cd1f5a82d
|
[libFuzzer] simplify the TracePC logic
llvm-svn: 282222
|
2016-09-23 01:20:07 +00:00 |
|
Kostya Serebryany
|
1f0aefdb84
|
[libFuzzer] move value profiling logic into TracePC
llvm-svn: 282219
|
2016-09-23 00:46:18 +00:00 |
|
Kostya Serebryany
|
13b73c7438
|
[libFuzzer] change ValueBitMap to remember the number of bits in it
llvm-svn: 282216
|
2016-09-23 00:22:46 +00:00 |
|
Kostya Serebryany
|
e7337182e5
|
[libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen
llvm-svn: 282211
|
2016-09-22 23:16:36 +00:00 |
|
Kostya Serebryany
|
21d31d163e
|
[libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings
llvm-svn: 282129
|
2016-09-22 01:34:58 +00:00 |
|
Kostya Serebryany
|
59579cf205
|
[libFuzzer] one more test
llvm-svn: 282127
|
2016-09-22 00:57:29 +00:00 |
|
Kostya Serebryany
|
415d2b3586
|
[libFuzzer] add stats to the corpus; more refactoring
llvm-svn: 282121
|
2016-09-21 22:42:17 +00:00 |
|
Kostya Serebryany
|
4ce26769cd
|
[libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one.
llvm-svn: 282115
|
2016-09-21 21:41:48 +00:00 |
|
Kostya Serebryany
|
de353bfbcd
|
[libFuzzer] more refactoring
llvm-svn: 282113
|
2016-09-21 21:17:23 +00:00 |
|
Kostya Serebryany
|
84e4abcb2c
|
[libFuzzer] fix libc++ build
llvm-svn: 282050
|
2016-09-21 03:50:37 +00:00 |
|
Kostya Serebryany
|
4a57719450
|
[libFuzzer] more refactoring; NFC
llvm-svn: 282047
|
2016-09-21 02:05:39 +00:00 |
|
Kostya Serebryany
|
89cc7aa29b
|
[libFuzzer] refactoring: split the large header into many; NFC
llvm-svn: 282044
|
2016-09-21 01:50:50 +00:00 |
|
Kostya Serebryany
|
5e6a145744
|
[libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features
llvm-svn: 282042
|
2016-09-21 01:04:43 +00:00 |
|
Kostya Serebryany
|
f108480019
|
[libFuzzer] use sleep() instead of std::this_thread::sleep_for to avoid coverage from instrumented libc++
llvm-svn: 281933
|
2016-09-19 20:32:34 +00:00 |
|
Kostya Serebryany
|
637985cabd
|
[libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer
llvm-svn: 281866
|
2016-09-18 21:47:08 +00:00 |
|
Kostya Serebryany
|
ad93add26c
|
[libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change the guard type to intptr_t; use separate array for 8-bit counters
llvm-svn: 281845
|
2016-09-18 04:52:23 +00:00 |
|
Kostya Serebryany
|
9e8e432014
|
[libFuzzer] properly reset the guards when reseting the coverage. Also try to fix check-fuzzer on the bot
llvm-svn: 281814
|
2016-09-17 06:01:55 +00:00 |
|
Kostya Serebryany
|
4b0efbfd4a
|
[libFuzzer] change trace-pc to use 8-byte guards
llvm-svn: 281810
|
2016-09-17 05:04:47 +00:00 |
|
Kostya Serebryany
|
f16ae52160
|
[libFuzzer] make caller-callee feedback work with trace-pc-guard
llvm-svn: 281667
|
2016-09-15 22:16:15 +00:00 |
|
Kostya Serebryany
|
a4e772ea61
|
[libFuzzer] fix the build for AFLDriverTest
llvm-svn: 281633
|
2016-09-15 18:10:38 +00:00 |
|
Kostya Serebryany
|
377899e661
|
[libFuzzer] disable test that requires debug info -- it fails on the bot
llvm-svn: 281584
|
2016-09-15 05:46:58 +00:00 |
|
Kostya Serebryany
|
cce4ba7b97
|
[libFuzzer] move the AFL driver build rule test into the uninstrumented dir
llvm-svn: 281583
|
2016-09-15 05:17:39 +00:00 |
|
Kostya Serebryany
|
cf1ccdc183
|
[libFuzzer] fix print_pcs test
llvm-svn: 281580
|
2016-09-15 04:43:06 +00:00 |
|
Kostya Serebryany
|
a166497232
|
[libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic)
llvm-svn: 281577
|
2016-09-15 04:36:45 +00:00 |
|
Kostya Serebryany
|
bd6bd39ccc
|
[libFuzzer] add 8-bit counters to trace-pc-guard handler
llvm-svn: 281568
|
2016-09-15 01:30:18 +00:00 |
|
Kostya Serebryany
|
41b41f51a8
|
[libFuzzer] start using trace-pc-guard as an alternative source of coverage
llvm-svn: 281435
|
2016-09-14 02:13:06 +00:00 |
|
Kostya Serebryany
|
25c312c38e
|
[libFuzzer] print a failed-merge warning only in the merge mode
llvm-svn: 281130
|
2016-09-10 02:17:22 +00:00 |
|
Kostya Serebryany
|
6727e0c36f
|
[libFuzzer] don't print help for internal flags
llvm-svn: 281124
|
2016-09-10 00:35:30 +00:00 |
|
Kostya Serebryany
|
6b8560d5a5
|
[libFuzzer] print a visible message if merge fails due to a crash
llvm-svn: 281122
|
2016-09-10 00:15:41 +00:00 |
|
Kostya Serebryany
|
afd27e1acc
|
[libFuzzer] use sizeof() in tests instead of 4 and 8
llvm-svn: 281111
|
2016-09-09 22:21:16 +00:00 |
|
Kostya Serebryany
|
f3e050c251
|
[libFuzzer] one more puzzle for value profile
llvm-svn: 281106
|
2016-09-09 21:58:42 +00:00 |
|
Kostya Serebryany
|
a73451f514
|
[libFuzzer] one more puzzle, value_profile cracks it in a second
llvm-svn: 281066
|
2016-09-09 18:00:04 +00:00 |
|
Kostya Serebryany
|
436a6702d5
|
[libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itself
llvm-svn: 281016
|
2016-09-09 02:38:28 +00:00 |
|
Kostya Serebryany
|
df4542584d
|
[libFuzzer] remove unneeded call
llvm-svn: 281014
|
2016-09-09 01:57:38 +00:00 |
|
Kostya Serebryany
|
8d5f2dcf39
|
[libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better
llvm-svn: 281007
|
2016-09-09 01:17:03 +00:00 |
|
Kostya Serebryany
|
d575db2f6f
|
[libFuzzer] add -minimize_crash flag (to minimize crashers). also add two tests that I failed to commit last time
llvm-svn: 280332
|
2016-09-01 01:22:27 +00:00 |
|
Mike Aizatsky
|
b9c35c415b
|
[libfuzzer] simplified unit truncation; do not write trunc items to disc
Differential Revision: https://reviews.llvm.org/D24049
llvm-svn: 280153
|
2016-08-30 20:49:07 +00:00 |
|
Kostya Serebryany
|
733e18adcb
|
[libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow
llvm-svn: 280098
|
2016-08-30 14:52:05 +00:00 |
|
Kostya Serebryany
|
1d077e5054
|
[libFuzzer] stop using bits for memcmp's value profile -- seems to blow up the corpus too much
llvm-svn: 280096
|
2016-08-30 14:39:33 +00:00 |
|
Kostya Serebryany
|
3620aadd00
|
[libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the fuzzer reaches the goal much faster, at least on the simple puzzles
llvm-svn: 280054
|
2016-08-30 03:05:50 +00:00 |
|
Kostya Serebryany
|
d305c04722
|
[libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests
llvm-svn: 280046
|
2016-08-30 01:30:14 +00:00 |
|
Kostya Serebryany
|
70186ece8e
|
[libFuzzer] simplify a test to make it pass on the bot
llvm-svn: 279796
|
2016-08-26 00:18:16 +00:00 |
|
Kostya Serebryany
|
d4cdf49632
|
[libFuzzer] make sure we have symbols on fuzzer tests
llvm-svn: 279792
|
2016-08-25 23:30:02 +00:00 |
|
Kostya Serebryany
|
25e0e96b53
|
[libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them
llvm-svn: 279787
|
2016-08-25 22:35:08 +00:00 |
|