RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-11-26 12:43:36 +01:00
Code Issues Projects Releases Wiki Activity
132,471 Commits 4 Branches 5 Tags 704 MiB
d14bf97a6e
Commit Graph

279 Commits

Author SHA1 Message Date
Kostya Serebryany
a51be6eaa4 [libFuzzer] print a stack trace on timeout 
llvm-svn: 250571
 2015-10-16 23:04:31 +00:00
Kostya Serebryany
c1fcef367b [libFuzzer] reduce the size of artifacts printed on the screen 
llvm-svn: 250565
 2015-10-16 22:47:20 +00:00
Kostya Serebryany
47e5e62e71 [libFuzzer] When -test_single_input crashes the test it is not necessary to write crash-file because input is already known to the user. Patch by Mike Aizatsky 
llvm-svn: 250564
 2015-10-16 22:41:47 +00:00
Kostya Serebryany
98ed53705f [libFuzzer] don't print large artifacts to stderr 
llvm-svn: 249808
 2015-10-09 04:03:14 +00:00
Kostya Serebryany
e3d637a4af [libFuzzer] add -artifact_prefix flag 
llvm-svn: 249807
 2015-10-09 03:57:59 +00:00
Kostya Serebryany
6e1f94e9cd [libFuzzer] fix 32-bit build 
llvm-svn: 249646
 2015-10-08 00:59:25 +00:00
Kostya Serebryany
d0d9f0b833 [libFuzzer] trying to fix at-exit hang 
llvm-svn: 249231
 2015-10-03 07:02:05 +00:00
Kostya Serebryany
4487114c63 [libFuzzer] make LLVMFuzzerTestOneInput (the fuzzer target function) return int instead of void. The actual return value is not *yet* used (and expected to be 0). This change is API breaking, so the fuzzers will need to be updated. 
llvm-svn: 249214
 2015-10-02 23:34:06 +00:00
Kostya Serebryany
20a00e008b [libFuzzer] remove experimental flag and functionality 
llvm-svn: 249194
 2015-10-02 22:00:32 +00:00
Kostya Serebryany
70f0401f05 [libFuzzer] add a flag -max_total_time 
llvm-svn: 249181
 2015-10-02 20:47:55 +00:00
Ivan Krasin
b941371206 [LibFuzzer] test_single_input option to run a single test case. 
-test_single_input flag specifies a file name with test data.

Review URL: http://reviews.llvm.org/D13359

Patch by Mike Aizatsky!

llvm-svn: 249096
 2015-10-01 23:23:06 +00:00
Kostya Serebryany
8474784569 [libFuzzer] Marking exported symbols as visible. Patch by Mike Aizatsky 
llvm-svn: 248954
 2015-09-30 22:22:37 +00:00
Kostya Serebryany
6c4e275248 [libFuzzer] perform fewer crossover operations compared to plain mutations 
llvm-svn: 247364
 2015-09-11 00:20:58 +00:00
Kostya Serebryany
19cfb70c6a [libFuzzer] refactor the code to allow building libFuzzer on platforms that don't have dfsan and don't support weak functions 
llvm-svn: 247321
 2015-09-10 18:48:38 +00:00
Kostya Serebryany
0001c18d8c [libFuzzer] add two more variants of FuzzerDriver for convenience 
llvm-svn: 247300
 2015-09-10 16:57:57 +00:00
Ivan Krasin
cc79d453f1 [libFuzzer]Add a test for defeating a hash sum. 
Summary:
Add a test for a data followed by 4-byte hash value.
I use a slightly modified Jenkins hash function,
as described in https://en.wikipedia.org/wiki/Jenkins_hash_function

The modification is to ensure that hash(zeros) != 0.

Reviewers: kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D12648

llvm-svn: 247076
 2015-09-08 21:22:52 +00:00
Kostya Serebryany
a2e2e93ba1 [libFuzzer] remove a piece of stale code 
llvm-svn: 247067
 2015-09-08 20:40:10 +00:00
Kostya Serebryany
04cc0059e2 [libFuzzer] be more robust when dealing with files on disk (e.g. don't crash if a file was there but disappeared) 
llvm-svn: 247066
 2015-09-08 20:36:33 +00:00
Kostya Serebryany
2d2cfbe976 [libFuzzer] better documentatio for -save_minimized_corpus=1 
llvm-svn: 247033
 2015-09-08 17:43:51 +00:00
Kostya Serebryany
28b0d0ab37 [libFuzzer] remove -iterations as redundant (there is also -num_runs) 
llvm-svn: 247030
 2015-09-08 17:30:35 +00:00
Kostya Serebryany
a575372f59 [libFuzzer] add one more mutator: Mutate_ChangeASCIIInteger 
llvm-svn: 247027
 2015-09-08 17:19:31 +00:00
Kostya Serebryany
22e4458e65 [libFuzzer] more accurate logic for traces, 80-char fix 
llvm-svn: 246888
 2015-09-04 22:32:25 +00:00
Kostya Serebryany
2c51ca12e7 [libFuzzer] when a single mutation fails try a few more times with other mutations before returning un-mutated data 
llvm-svn: 246828
 2015-09-04 00:40:29 +00:00
Kostya Serebryany
28a699d9b8 [libFuzzer] actually make the dictionaries work (+docs) 
llvm-svn: 246825
 2015-09-04 00:12:11 +00:00
Kostya Serebryany
3eaa9123bf [libFuzzer] refactor the mutation functions so that they are now methods of a class. NFC 
llvm-svn: 246808
 2015-09-03 21:24:19 +00:00
Kostya Serebryany
3b60fc1204 [libFuzzer] adding a parser for AFL-style dictionaries + tests. 
llvm-svn: 246800
 2015-09-03 20:23:46 +00:00
Kostya Serebryany
d4b7d4667f [libFuzzer] deprecate the -tokens flag. This was a bad idea because the corpus with this flag contains encrypted inputs, not the real inputs, which complicates interoperation with other fuzzers. Instead we'll need to implement AFL dictionary support 
llvm-svn: 246734
 2015-09-02 23:27:39 +00:00
Kostya Serebryany
9c0479fa99 [libFuzzer] honour -only_ascii=1 when reading the initial corpus. Also, remove ugly #ifdef 
llvm-svn: 246689
 2015-09-02 19:08:08 +00:00
Kostya Serebryany
0e83baec1a [libFuzzer] fix minor inefficiency, PR24584 
llvm-svn: 246087
 2015-08-26 21:55:19 +00:00
Lenny Maiorani
1850ddfeb6 Fix missing space in libfuzzer's help text. 
llvm-svn: 244800
 2015-08-12 20:00:10 +00:00
Kostya Serebryany
a9d3e6b2dc [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the trace-based-mutations are applied 
llvm-svn: 244712
 2015-08-12 01:55:37 +00:00
Kostya Serebryany
2bdb9ad059 [libFuzzer] add colons to the stats output to avoid confusion 
llvm-svn: 244708
 2015-08-12 01:04:27 +00:00
Kostya Serebryany
5a4f36556e [libFuzzer] use raw C IO to reduce the risk of a deadlock in a signal handler. 
llvm-svn: 244707
 2015-08-12 00:55:09 +00:00
Nick Lewycky
1bff8578d4 Fix unused variable 'X' in release builds. 
llvm-svn: 244571
 2015-08-11 05:57:10 +00:00
Kostya Serebryany
1c2b96fda9 [libFuzzer] add -only_ascii flag 
llvm-svn: 244559
 2015-08-11 01:44:42 +00:00
Yaron Keren
b598ba7c7c Add missing include guard to FuzzerInternal.h, NFC. 
llvm-svn: 244457
 2015-08-10 16:37:40 +00:00
Kostya Serebryany
90b784ccc2 [libFuzzer] move the mutators to public interface so that custom mutators may reuse these functions directly 
llvm-svn: 244250
 2015-08-06 19:19:55 +00:00
Kostya Serebryany
acf2228ee8 [libFuzzer] add one more mutation strategy: byte shuffling 
llvm-svn: 244188
 2015-08-06 01:29:13 +00:00
Kostya Serebryany
c721977710 [libFuzzer] avoid build warnings in non-assert build (useful warning in this case) 
llvm-svn: 244177
 2015-08-05 23:44:42 +00:00
Kostya Serebryany
4338e69a99 [libFuzzer] in dfsan mode, set labels every time we start recording traces as opposed to doing it at process startup. This ensures that the labels are fresh. 
llvm-svn: 244165
 2015-08-05 23:02:57 +00:00
Kostya Serebryany
80051e17c0 [libFuzzer] add option -report_slow_units=Nsec to control when slow units are printed 
llvm-svn: 244152
 2015-08-05 21:43:48 +00:00
Kostya Serebryany
5be4cb583e [libFuzzer] add a missing test file 
llvm-svn: 244151
 2015-08-05 21:32:13 +00:00
Kostya Serebryany
897a5553b1 [libFuzzer] use data-flow feedback from strcmp 
llvm-svn: 244084
 2015-08-05 18:23:01 +00:00
Kostya Serebryany
7ee2b779f7 [libFuzzer] more refactoring of the Mutator and adding tests to it 
llvm-svn: 243818
 2015-08-01 02:23:06 +00:00
Kostya Serebryany
82464edd32 [libFuzzer] start refactoring the Mutator and adding tests to it 
llvm-svn: 243817
 2015-08-01 01:42:51 +00:00
Kostya Serebryany
7a9f5ff70b [libFuzzer] limit the size of the inputs printed to stderr 
llvm-svn: 243795
 2015-07-31 22:07:17 +00:00
Kostya Serebryany
a9e61b09d8 [libFuzzer] make sure that 2-byte arguments of switch() are handled properly 
llvm-svn: 243781
 2015-07-31 20:58:55 +00:00
Kostya Serebryany
ccad0c6979 [libFuzzer] record traces from the switch statements only when told to do so 
llvm-svn: 243768
 2015-07-31 18:09:08 +00:00
Kostya Serebryany
fead0c3ca4 [libFuzzer] support switch interception in dfsan mode 
llvm-svn: 243760
 2015-07-31 17:05:05 +00:00
Kostya Serebryany
71a4e8ccbf [libFuzzer] trace switch statements and apply mutations based on the expected case values 
llvm-svn: 243726
 2015-07-31 01:33:06 +00:00
Kostya Serebryany
e76cb85ac7 [libFuzzer] fix the strncmp interceptor -- it should respect short strings. 
llvm-svn: 243691
 2015-07-30 21:22:22 +00:00
Kostya Serebryany
433c6e8b4b [libFuzzer] implement strncmp hook for data-flow-guided fuzzing (w/ and w/o dfsan), add a test 
llvm-svn: 243611
 2015-07-30 02:33:45 +00:00
Kostya Serebryany
d6ac2f5889 [libFuzzer] implement memcmp hook for data-flow-guided fuzzing (w/o dfsan), extend the memcmp fuzzer test 
llvm-svn: 243603
 2015-07-30 01:34:58 +00:00
Kostya Serebryany
fc26c8ec1c [libFuzzer] ensure that the dfsan tracing hooks actually run (using -verbosity=3 in tests) 
llvm-svn: 243365
 2015-07-28 01:25:00 +00:00
Kostya Serebryany
afb5a6f493 [libFuzzer] when using cmp traces, first check that the CMP is evaluated to one value much more frequently than to the other value (heuristic) 
llvm-svn: 243363
 2015-07-28 00:59:53 +00:00
Kostya Serebryany
02e05d0662 [libFuzzer] allow users to supply their own implementation of rand 
llvm-svn: 243078
 2015-07-24 01:06:40 +00:00
Kostya Serebryany
35d1f9b1f6 [libFuzzer] dump long running units to disk 
llvm-svn: 243031
 2015-07-23 18:37:22 +00:00
Alexey Samsonov
84ab5e6b2a [Fuzzer] Rely on $PATH expansion instead of hardcoding paths in tests. NFC. 
llvm-svn: 242851
 2015-07-21 22:51:55 +00:00
Alexey Samsonov
4a6c6512bc [Fuzzer] Clearly separate regular and DFSan tests. NFC. 
llvm-svn: 242850
 2015-07-21 22:51:49 +00:00
Kostya Serebryany
7c2874be12 [libFuzzer] require the files and directories passed to the fuzzer to exist 
llvm-svn: 242596
 2015-07-18 00:03:37 +00:00
Kostya Serebryany
444683ece7 [lib/Fuzzer] make assertions more informative and update comments for the user-supplied mutator 
llvm-svn: 238658
 2015-05-30 17:33:13 +00:00
Kostya Serebryany
74916b0deb [lib/Fuzzer] relax an assertion 
llvm-svn: 238608
 2015-05-29 20:31:17 +00:00
Kostya Serebryany
dd85a5b4fc [lib/Fuzzer] make the fuzzing timeout 1200 seconds by default (was: infinity) 
llvm-svn: 238251
 2015-05-26 20:57:47 +00:00
Kostya Serebryany
6903bb7921 [lib/Fuzzer] fix docs 
llvm-svn: 238236
 2015-05-26 19:32:52 +00:00
Kostya Serebryany
9de53cc3c2 [lib/Fuzzer] fix build with assertions 
llvm-svn: 238235
 2015-05-26 19:29:33 +00:00
Kostya Serebryany
e460252e97 [lib/Fuzzer] doxygen-ify the comments for the user interface 
llvm-svn: 238086
 2015-05-23 02:12:05 +00:00
Kostya Serebryany
6fa7ac36da [lib/Fuzzer] fully get rid of std::cerr in libFuzzer 
llvm-svn: 238081
 2015-05-23 01:22:35 +00:00
Kostya Serebryany
c28d1607f2 [lib/Fuzzer] start getting rid of std::cerr. Sadly, these parts of C++ library used in libFuzzer badly interract with the same code used in the target function and also with dfsan. It's easier to just not use std::cerr than to defeat these issues. 
llvm-svn: 238078
 2015-05-23 01:07:46 +00:00
Kostya Serebryany
3afd2456cd [lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is unlikely to ever scale 
llvm-svn: 238063
 2015-05-22 22:47:03 +00:00
Kostya Serebryany
2ee531c66a [lib/Fuzzer] extend the fuzzer interface to allow user-supplied mutators 
llvm-svn: 238059
 2015-05-22 22:35:31 +00:00
Kostya Serebryany
a05448768c [lib/Fuzzer] ignore flags that start with --; use git pull --rebase instead of just git pull 
llvm-svn: 237950
 2015-05-21 20:39:13 +00:00
Kostya Serebryany
46c887ece3 [lib/Fuzzer] change the meaning of -timeout flag: now timeout is applied to every unit of work separately 
llvm-svn: 237735
 2015-05-19 22:12:57 +00:00
Kostya Serebryany
33a7c23155 [lib/Fuzzer] more efficient reload logic; also don't spam git too much 
llvm-svn: 237649
 2015-05-19 01:06:07 +00:00
Kostya Serebryany
a98902fdfc [lib/Fuzzer] when -sync_command=<CMD> is given, periodically execute 'CMD CORPUS' to synchronize with other processes 
llvm-svn: 237617
 2015-05-18 21:34:20 +00:00
Logan Chien
5bf41f4c70 Code cleanup: Reindent Fuzzer::MutateAndTestOne. 
llvm-svn: 237533
 2015-05-17 02:44:31 +00:00
Kostya Serebryany
72ed46ef80 [lib/Fuzzer] Add SHA1 implementation from public domain. 
Summary:
This adds a SHA1 implementation taken from public domain code.
The change is trivial, but as it involves third-party code I'd like
a second pair of eyes before commit.

LibFuzzer can not use SHA1 from openssl because openssl may not be available
and because we may be fuzzing openssl itself.
Using sha1sum via a pipe is too slow.

Test Plan: n/a

Reviewers: chandlerc

Reviewed By: chandlerc

Subscribers: majnemer, llvm-commits

Differential Revision: http://reviews.llvm.org/D9733

llvm-svn: 237400
 2015-05-14 22:41:49 +00:00
Kostya Serebryany
31389337e7 [lib/Fuzzer] enable -use_counters=1 by default 
llvm-svn: 237272
 2015-05-13 18:31:46 +00:00
Kostya Serebryany
4abd8e053b [lib/Fuzzer] A simple script to synchronise a fuzz test corpus with an external git repository. 
llvm-svn: 237208
 2015-05-12 23:19:12 +00:00
Kostya Serebryany
35ac844218 [lib/Fuzzer] use sha1sum for the file hash 
llvm-svn: 237198
 2015-05-12 22:03:34 +00:00
Kostya Serebryany
354905a212 [lib/Fuzzer] guess the right number of workers if -jobs=N is given but -workers=M is not. Update the docs. 
llvm-svn: 237163
 2015-05-12 18:51:57 +00:00
Kostya Serebryany
933c6b41dd [lib/Fuzzer] remove the -dfsan=1 flag, just use -use_traces=1 (w/ or w/o dfsan) 
llvm-svn: 237083
 2015-05-12 01:58:34 +00:00
Kostya Serebryany
e0f5e9012d [lib/Fuzzer] detach the pulse thread instad of joining it 
llvm-svn: 237082
 2015-05-12 01:43:20 +00:00
Kostya Serebryany
56ab38ba4f [lib/Fuzzer] don't record traces when trace collection is off 
llvm-svn: 237067
 2015-05-11 23:25:28 +00:00
Kostya Serebryany
c901470416 [lib/Fuzzer] when running multiple fuzzing processes, print something every 10 minutes to avoid buildbot timeouts 
llvm-svn: 237054
 2015-05-11 21:31:51 +00:00
Kostya Serebryany
a4fe522adc [lib/Fuzzer] rename FuzzerDFSan.cpp to FuzzerTraceState.cpp; update comments. NFC expected 
llvm-svn: 237050
 2015-05-11 21:16:27 +00:00
Kostya Serebryany
528387038e [lib/Fuzzer] add a trace-based mutatation logic. Same idea as with DFSan-based mutator, but instead of relying on taint tracking, try to find the data directly in the input. More (logic and comments) to go. 
llvm-svn: 237043
 2015-05-11 20:51:19 +00:00
Kostya Serebryany
9843ef6423 [lib/Fuzzer] build tests that work well with dfsan also w/o dfsan 
llvm-svn: 236909
 2015-05-08 21:45:19 +00:00
Kostya Serebryany
9387837867 [lib/Fuzzer] use -fsanitize-coverage=trace-cmp when building LLVM with LLVM_USE_SANITIZE_COVERAGE; in lib/Fuzzer try to reload the corpus to pick up new units from other processes 
llvm-svn: 236906
 2015-05-08 21:30:55 +00:00
Alexey Samsonov
9792622ab9 Update CMake flags, LibFuzzer comments and docs for new -fsanitize-coverage= flags. 
llvm-svn: 236797
 2015-05-07 23:33:24 +00:00
Kostya Serebryany
037e4b3475 [lib/Fuzzer] change the way we use taint information for fuzzing. Now, we run a single unit and collect suggested mutations based on tracing+taint data, then apply the suggested mutations one by one. The previous scheme was slower and more complex. 
llvm-svn: 236772
 2015-05-07 21:02:11 +00:00
Kostya Serebryany
f4f653e078 [lib/Fuzzer] minor refactoring/simplification, NFC 
llvm-svn: 236757
 2015-05-07 18:32:29 +00:00
Kostya Serebryany
0d43299c46 [lib/Fuzzer] add dfsan_weak_hook_memcmp, enable the test that uses it, simplify the test runner 
llvm-svn: 236683
 2015-05-07 00:11:33 +00:00
Kostya Serebryany
6569a73cd5 [lib/Fuzzer] remove dfsan_fuzzer_abi.list -- its contents are now moved to dfsan proper 
llvm-svn: 236659
 2015-05-06 22:47:24 +00:00
Kostya Serebryany
35e9a98a9d [lib/Fuzzer] add a fuzzer test for memcmp (does not work yet) 
llvm-svn: 236656
 2015-05-06 22:36:00 +00:00
Kostya Serebryany
e33452df30 [lib/Fuzzer] rename TestOneInput to LLVMFuzzerTestOneInput to make it more unique 
llvm-svn: 236652
 2015-05-06 22:19:00 +00:00
Kostya Serebryany
177467fad4 [lib/Fuzzer] on crash print the contents of the crashy input as base64 
llvm-svn: 236548
 2015-05-05 21:59:51 +00:00
Kostya Serebryany
15a12f25e5 [lib/Fuzzer] use handle_abort=1 by default so that when assert() fires we save the test case 
llvm-svn: 236476
 2015-05-05 01:42:55 +00:00
Aaron Ballman
9419d88907 Removing a spurious space; NFC. 
llvm-svn: 234168
 2015-04-06 16:09:13 +00:00
Kostya Serebryany
af347bcc4a [fuzzer] document the -tokens flag. Also change the diagnostic output 
llvm-svn: 233842
 2015-04-01 21:33:20 +00:00
Kostya Serebryany
c69c3a7d4e [fuzzer] Add support for token-based fuzzing (e.g. for C++). Allow string flags. 
llvm-svn: 233745
 2015-03-31 20:13:20 +00:00
Kostya Serebryany
2fe2ed32ac Move lib/Fuzzer docs from a README.txt to a proper .rst file. 
Summary:
Move lib/Fuzzer docs from a README.txt to a proper .rst file.
This change does not add any content, just formatting.

Test Plan: n/a

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D8710

llvm-svn: 233638
 2015-03-30 23:05:30 +00:00
Kostya Serebryany
e11d81541d [fuzzer] when a single unit takes over 1 second to run and it is the slowest one so far, print it. 
llvm-svn: 233637
 2015-03-30 23:04:35 +00:00
Kostya Serebryany
84554a2713 [fuzzer] print various stats in a unified way 
llvm-svn: 233624
 2015-03-30 22:44:03 +00:00
Kostya Serebryany
bf919ef6ab DFSan-based fuzzer (proof of concept). 
Summary:
This adds a simple DFSan-based (i.e. taint-guided) fuzzer mutator,
see the comments for details.

Test Plan: a test added

Reviewers: samsonov, pcc

Reviewed By: samsonov, pcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D8669

llvm-svn: 233613
 2015-03-30 22:09:51 +00:00
Kostya Serebryany
285f1f0e41 [sanitizer/coverage] Add AFL-style coverage counters (search heuristic for fuzzing). 
Introduce -mllvm -sanitizer-coverage-8bit-counters=1
which adds imprecise thread-unfriendly 8-bit coverage counters.

The run-time library maps these 8-bit counters to 8-bit bitsets in the same way
AFL (http://lcamtuf.coredump.cx/afl/technical_details.txt) does:
counter values are divided into 8 ranges and based on the counter
value one of the bits in the bitset is set.
The AFL ranges are used here: 1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+.

These counters provide a search heuristic for single-threaded
coverage-guided fuzzers, we do not expect them to be useful for other purposes.

Depending on the value of -fsanitize-coverage=[123] flag,
these counters will be added to the function entry blocks (=1),
every basic block (=2), or every edge (=3).

Use these counters as an optional search heuristic in the Fuzzer library.
Add a test where this heuristic is critical.

llvm-svn: 231166
 2015-03-03 23:27:02 +00:00
Kostya Serebryany
543d4cfda0 [fuzzer] one more experimental search mode: -use_coverage_pairs=1 
llvm-svn: 229957
 2015-02-20 03:02:37 +00:00
Kostya Serebryany
af6cf1face [fuzzer] split main() into FuzzerDriver() that takes a callback as a parameter and a tiny main() in a separate file 
llvm-svn: 229882
 2015-02-19 18:45:37 +00:00
Kostya Serebryany
1b890a52e0 [fuzzer] properly annotate fallthrough, add one more entry to FAQ 
llvm-svn: 229880
 2015-02-19 18:21:12 +00:00
Kostya Serebryany
afe59b6588 [fuzzer] move default sanitizer options to a separate file 
llvm-svn: 228429
 2015-02-06 19:52:07 +00:00
Kostya Serebryany
64c4d4b6ad [fuzzer] add flag prefer_small_during_initial_shuffle, be a bit more verbose 
llvm-svn: 228235
 2015-02-04 23:42:42 +00:00
Kostya Serebryany
bef8a9c563 [fuzzer] add -runs=N to limit the number of runs per session. Also, make sure we do some mutations w/o cross over. 
llvm-svn: 228214
 2015-02-04 22:20:09 +00:00
Kostya Serebryany
31b6858756 [fuzzer] make multi-process execution more verbose; fix mutation to actually respect mutation depth and to never produce empty units 
llvm-svn: 228170
 2015-02-04 19:10:20 +00:00
Kostya Serebryany
c850679d3c [fuzzer]: fix exit code, add more diagnostics 
llvm-svn: 228103
 2015-02-04 01:22:57 +00:00
Kostya Serebryany
65c9f7dd34 [fuzzer] Add proper dependensices to the fuzzer tests 
Summary: Make sure that FileCheck is built when running check-fuzzer

Test Plan:
run on bot:
lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7387

llvm-svn: 228045
 2015-02-03 21:57:32 +00:00
Kostya Serebryany
6dd23ca926 [fuzzer] update the include line to use the new header name 
llvm-svn: 228018
 2015-02-03 19:42:05 +00:00
Kostya Serebryany
e1dd7778a1 [fuzzer] add flags to run fuzzer in multiple parallel processes 
llvm-svn: 227664
 2015-01-31 01:14:40 +00:00
Kostya Serebryany
5ac8bf3c74 [fuzzer] Add a gtest-style test 
Summary: Add one gtest-style test.

Test Plan: run on bot

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7287

llvm-svn: 227639
 2015-01-30 23:26:57 +00:00
Kostya Serebryany
9658f61dfd [fuzzer] add -use_full_coverage_set=1 which solves FullCoverageSetTest. This does not scale very well yet, but might be a good start. 
llvm-svn: 227507
 2015-01-29 23:01:07 +00:00
Kostya Serebryany
39fec2f9bb [fuzzer] fix warning in a test 
llvm-svn: 227478
 2015-01-29 18:13:36 +00:00
Kostya Serebryany
51955d2781 [fuzzer] minor cleanup based on reviews: remove redundant includes, fix a copy-pasto in tests 
llvm-svn: 227468
 2015-01-29 17:16:23 +00:00
Kostya Serebryany
f609f98508 [fuzzer] add FAQ section to the README.txt 
llvm-svn: 227466
 2015-01-29 17:11:30 +00:00
Aaron Ballman
ea7bb26fdf Reverting r227452, which adds back the fuzzer library. Now excluding the fuzzer library based on LLVM_USE_SANITIZE_COVERAGE being set or unset. 
llvm-svn: 227464
 2015-01-29 16:58:29 +00:00
Aaron Ballman
28eea44386 Temporarily reverting the fuzzer library as it causes too many build issues for MSVC users. This reverts: 227445, 227395, 227389, 227357, 227254, 227252 
llvm-svn: 227452
 2015-01-29 15:49:22 +00:00
Aaron Ballman
0ec3c657a3 Adding missing #includes to try to get this to compile on Windows with Visual Studio. 
llvm-svn: 227445
 2015-01-29 15:19:13 +00:00
Kostya Serebryany
940c7a3149 [fuzzer] add option -save_minimized_corpus 
llvm-svn: 227395
 2015-01-28 23:48:39 +00:00
Kostya Serebryany
8d270c41d3 Add lit-style tests for the Fuzzer library 
Summary: Add test targets and the lit-style runner.

Test Plan: Run the tests on bot.

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7217

llvm-svn: 227389
 2015-01-28 22:49:25 +00:00
Kostya Serebryany
f26ec31c3c [fuzzer] instructions for building/running clang-format-fuzzer 
llvm-svn: 227357
 2015-01-28 19:51:58 +00:00
Kostya Serebryany
3152c31e63 [fuzzer] properly enable asan's coverage feedback 
llvm-svn: 227254
 2015-01-27 22:19:55 +00:00
Kostya Serebryany
87931c3355 Add a Fuzzer library 
Summary:
A simple genetic in-process coverage-guided fuzz testing library.

I've used this fuzzer to test clang-format
(it found 12+ bugs, thanks djasper@ for the fixes!)
and it may also help us test other parts of LLVM.
So why not keep it in the LLVM repository?

I plan to add the cmake build rules later (in a separate patch, if that's ok)
and also add a clang-format-fuzzer target.

See README.txt for details.

Test Plan: Tests will follow separately.

Reviewers: djasper, chandlerc, rnk

Reviewed By: rnk

Subscribers: majnemer, ygribov, dblaikie, llvm-commits

Differential Revision: http://reviews.llvm.org/D7184

llvm-svn: 227252
 2015-01-27 22:08:41 +00:00