llvm-mirror

mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-11-26 04:32:44 +01:00

Author	SHA1	Message	Date
Kostya Serebryany	a73451f514	[libFuzzer] one more puzzle, value_profile cracks it in a second llvm-svn: 281066	2016-09-09 18:00:04 +00:00
Kostya Serebryany	436a6702d5	[libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itself llvm-svn: 281016	2016-09-09 02:38:28 +00:00
Kostya Serebryany	df4542584d	[libFuzzer] remove unneeded call llvm-svn: 281014	2016-09-09 01:57:38 +00:00
Kostya Serebryany	8d5f2dcf39	[libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better llvm-svn: 281007	2016-09-09 01:17:03 +00:00
Kostya Serebryany	d575db2f6f	[libFuzzer] add -minimize_crash flag (to minimize crashers). also add two tests that I failed to commit last time llvm-svn: 280332	2016-09-01 01:22:27 +00:00
Mike Aizatsky	b9c35c415b	[libfuzzer] simplified unit truncation; do not write trunc items to disc Differential Revision: https://reviews.llvm.org/D24049 llvm-svn: 280153	2016-08-30 20:49:07 +00:00
Kostya Serebryany	733e18adcb	[libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow llvm-svn: 280098	2016-08-30 14:52:05 +00:00
Kostya Serebryany	1d077e5054	[libFuzzer] stop using bits for memcmp's value profile -- seems to blow up the corpus too much llvm-svn: 280096	2016-08-30 14:39:33 +00:00
Kostya Serebryany	3620aadd00	[libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the fuzzer reaches the goal much faster, at least on the simple puzzles llvm-svn: 280054	2016-08-30 03:05:50 +00:00
Kostya Serebryany	d305c04722	[libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests llvm-svn: 280046	2016-08-30 01:30:14 +00:00
Kostya Serebryany	70186ece8e	[libFuzzer] simplify a test to make it pass on the bot llvm-svn: 279796	2016-08-26 00:18:16 +00:00
Kostya Serebryany	d4cdf49632	[libFuzzer] make sure we have symbols on fuzzer tests llvm-svn: 279792	2016-08-25 23:30:02 +00:00
Kostya Serebryany	25e0e96b53	[libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787	2016-08-25 22:35:08 +00:00
Kostya Serebryany	d93b4b7761	[libFuzzer] simplify the code, NFC llvm-svn: 279697	2016-08-25 01:25:03 +00:00
Kostya Serebryany	2374a83857	[libFuzzer] make a test more deterministic llvm-svn: 279686	2016-08-24 23:10:17 +00:00
Kostya Serebryany	ed73edee45	[libFuzzer] use __attribute__((target("popcnt"))) only on x86_64 llvm-svn: 279601	2016-08-24 01:38:42 +00:00
Kostya Serebryany	b0ba8a2254	[libFuzzer] collect 64 states for value profile, not 65 llvm-svn: 279588	2016-08-23 23:37:37 +00:00
Kostya Serebryany	79a8bc1d4c	[libFuzzer] fix the non-debug build warnings llvm-svn: 279321	2016-08-19 20:57:09 +00:00
Kostya Serebryany	4f2ea93e77	[libFuzzer] add more __attribute__((visibility("default"))) llvm-svn: 279143	2016-08-18 20:52:52 +00:00
Kostya Serebryany	03331f9d41	[sanitizer-coverage/libFuzzer] instrument comparisons with __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer llvm-svn: 279027	2016-08-18 01:25:28 +00:00
Kostya Serebryany	e538e94e53	[libFuzzer] force proper popcnt instruction llvm-svn: 279002	2016-08-17 23:09:57 +00:00
Kostya Serebryany	b90313862a	[libFuzzer] given 0 and 255 more preference when inserting repeated bytes llvm-svn: 278986	2016-08-17 21:50:54 +00:00
Kostya Serebryany	90a0d20525	[libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage from r278970 llvm-svn: 278982	2016-08-17 21:30:30 +00:00
Kostya Serebryany	4d034e34f6	[libFuzzer] when printing the reproducer input, also print the base input and the mutation sequence llvm-svn: 278975	2016-08-17 20:45:23 +00:00
Justin Bogner	507d362929	Replace a few more "fall through" comments with LLVM_FALLTHROUGH Follow up to r278902. I had missed "fall through", with a space. llvm-svn: 278970	2016-08-17 20:30:52 +00:00
Kostya Serebryany	6bf06b87d3	[libFuzzer] more mutations llvm-svn: 278950	2016-08-17 18:10:42 +00:00
Kostya Serebryany	53ab688ab6	[libFuzzer] minor speed improvement llvm-svn: 278856	2016-08-16 21:28:05 +00:00
Kostya Serebryany	8a3b057601	[libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. llvm-svn: 278839	2016-08-16 19:33:51 +00:00
Kostya Serebryany	91340fc197	[libFuzzer] refactoring around PCMap, NFC llvm-svn: 278825	2016-08-16 17:37:13 +00:00
Kostya Serebryany	709991dc84	[libFuzzer] print a verbose message after executing inputs in non-fuzzing mode llvm-svn: 278724	2016-08-15 19:44:04 +00:00
Kostya Serebryany	ffb369301e	[libFuzzer] fix the bot llvm-svn: 278721	2016-08-15 19:36:13 +00:00
Kostya Serebryany	771f098a4d	[libFuzzer] add InsertRepeatedBytes and EraseBytes. New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687	2016-08-15 17:48:28 +00:00
Dan Liew	22b310e67c	[LibFuzzer] Fix `-jobs=<N>` where <N> > 1 and the number of workers is > 1 on macOS. The original `ExecuteCommand()` called `system()` from the C library. The C library implementation of this on macOS contains a mutex which serializes calls to `system()`. This prevented the `-jobs=` flag from running copies of the fuzzing binary in parallel which is the opposite of what is intended. To fix this on macOS an alternative implementation of `ExecuteCommand()` is provided that can be used concurrently. This is provided in `FuzzerUtilDarwin.cpp` which is guarded to only compile code on Apple platforms. The existing implementation has been moved to a new file `FuzzerUtilLinux.cpp` which is guarded to only compile code on Linux. This commit includes a simple test to check that LibFuzzer is being executed in parallel when requested. Differential Revision: https://reviews.llvm.org/D22742 llvm-svn: 278544	2016-08-12 18:29:36 +00:00
Kostya Serebryany	de06df6edd	[libFuzzer] make libFuzzer work with a bit older clang versions llvm-svn: 277941	2016-08-06 21:28:56 +00:00
Kostya Serebryany	2a90c06b02	[libFuzzer] don't print bogus error message llvm-svn: 277940	2016-08-06 21:23:29 +00:00
Mike Aizatsky	4109691507	[libfuzzer] do not warn about missing pcbuffer functions: they are new. llvm-svn: 277927	2016-08-06 17:03:22 +00:00
Mike Aizatsky	63896f700f	[sanitizers] trace buffer API to use user-allocated buffer. Differential Revision: https://reviews.llvm.org/D23185 llvm-svn: 277859	2016-08-05 20:09:53 +00:00
Kostya Serebryany	e03f555428	[libFuzzer] extend the messages printed by afl_driver llvm-svn: 276052	2016-07-19 23:18:28 +00:00
Kostya Serebryany	175b53e526	[libFuzzer] properly intercept memmem llvm-svn: 276006	2016-07-19 18:29:06 +00:00
Kostya Serebryany	88667faa02	[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp llvm-svn: 275648	2016-07-15 23:27:19 +00:00
Kostya Serebryany	58e21cf3cd	[libFuzzer] add ThreadedLeakTest llvm-svn: 275582	2016-07-15 17:19:43 +00:00
Dan Liew	ce9d9a9d03	[LibFuzzer] Unbreak the build on macOS which was broken by r272858. ``afl_driver.cpp`` currently relies on weak symbols which doesn't work properly under macOS. For now fix the build by providing a dummy implementation of ``LLVMFuzzerInitialize(...)``. This is just a temporary measure until we fix ``afl_driver.cpp`` for macOS. llvm-svn: 274778	2016-07-07 18:14:11 +00:00
Mike Aizatsky	c236298979	[libFuzzer] Let user specify extra stats file. Summary: If AFL_DRIVER_EXTRA_STATS_FILENAME is set and valid, write to it peak_rss_mb and slowest_unit_time_sec. These are both stats that libFuzzer can print but afl cannot. Reviewers: kcc, aizatsky, metzman Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21742 llvm-svn: 274273	2016-06-30 20:43:06 +00:00
Mike Aizatsky	a189dc444c	[libfuzzer] moving is_ascii handler inside mutation dispatcher. Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611	2016-06-23 20:44:48 +00:00
Vitaly Buka	2553ec0992	[libFuzzer] Add standard license info and comment header to AFLDriverTest.cpp Summary: Add license info and brief description of file to AFLDriverTest.cpp. Reviewers: kcc, aizatsky Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D21487 llvm-svn: 273527	2016-06-23 02:19:36 +00:00
Kostya Serebryany	69e44c7198	[libFuzzer] make the single-run output more reliable llvm-svn: 272998	2016-06-17 13:07:06 +00:00
Kostya Serebryany	865f69ffc1	[libFuzzer] use the new chainable malloc hooks instead of the old un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable llvm-svn: 272948	2016-06-16 20:17:41 +00:00
Vitaly Buka	3f313afeaa	Fix test from D21194 Bot sets ASAN_OPTIONS=handle_abort=1 which prevents expected crash. llvm-svn: 272866	2016-06-16 01:52:48 +00:00
Vitaly Buka	ac3e3b1c5e	Debugging D21194 issues on bot llvm-svn: 272863	2016-06-16 01:26:46 +00:00
Vitaly Buka	1c6b722687	Enable libFuzzer's afl_driver to append stderr to a file. Summary: [libFuzzer] Enable afl_driver to append stderr to a user specified file. Append stderr of afl_driver to the file specified by the environmental variable AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs on crashes without rerunning crashing test cases (which won't work for crashes that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz and users would have no way of seeing it. Reviewers: llvm-commits, aizatsky, kcc, vitalybuka Subscribers: vitalybuka Differential Revision: http://reviews.llvm.org/D21194 llvm-svn: 272858	2016-06-16 00:14:42 +00:00

1 2 3 4 5 ...

355 Commits