RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2024-11-25 04:02:41 +01:00
Code Issues Projects Releases Wiki Activity
155,041 Commits 4 Branches 5 Tags 704 MiB
f1ba0c8d8e
Commit Graph

65 Commits

Author SHA1 Message Date
Matt Morehouse
38756d86aa [SanitizerCoverage] Add stack depth tracing instrumentation. 
Summary:
Augment SanitizerCoverage to insert maximum stack depth tracing for
use by libFuzzer.  The new instrumentation is enabled by the flag
-fsanitize-coverage=stack-depth and is compatible with the existing
trace-pc-guard coverage.  The user must also declare the following
global variable in their code:
  thread_local uintptr_t __sancov_lowest_stack

https://bugs.llvm.org/show_bug.cgi?id=33857

Reviewers: vitalybuka, kcc

Reviewed By: vitalybuka

Subscribers: kubamracek, hiraditya, cfe-commits, llvm-commits

Differential Revision: https://reviews.llvm.org/D36839

llvm-svn: 311186
 2017-08-18 18:43:30 +00:00
Kostya Serebryany
a2bcec7132 [libFuzzer] experimental support for Clang's coverage (fprofile-instr-generate), Linux-only 
llvm-svn: 310771
 2017-08-11 23:03:22 +00:00
Kostya Serebryany
44a45ec57c [libFuzzer] simplify code, NFC 
llvm-svn: 310326
 2017-08-08 00:17:20 +00:00
Kostya Serebryany
611872e92b [libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) to implement -exit_on_src_pos 
llvm-svn: 310151
 2017-08-04 23:49:53 +00:00
Kostya Serebryany
8a7d3f0c48 [libFuzzer] print PCs using the in-binary PC-table instead of relying on PCs captured at run-time 
llvm-svn: 310148
 2017-08-04 23:13:58 +00:00
Kostya Serebryany
66066b6fb8 [libFuzzer] implement more correct way of computing feature index for Inline8bitCounters 
llvm-svn: 309647
 2017-08-01 01:16:26 +00:00
Kostya Serebryany
cdca55c896 [libFuzzer] enable -fsanitize-coverage=pc-table for all tests 
llvm-svn: 309646
 2017-08-01 00:48:44 +00:00
Kostya Serebryany
56717948c7 [libFuzzer] implement __sanitizer_cov_pcs_init and add pc-table to build flags for one test (for now) 
llvm-svn: 309615
 2017-07-31 20:20:59 +00:00
Kostya Serebryany
0b6cd623bd [libFuzzer] improve support for inline-8bit-counters (make it more correct and faster) 
llvm-svn: 309443
 2017-07-28 22:00:56 +00:00
Kostya Serebryany
68381b63b8 [libFuzzer] don't disable msan for TracePC::CollectFeatures: this started to cause false positives in msan. No tests for libFuzzer+msan yet -- tests will need to wait until we move libFuzzer to compiler-rt 
llvm-svn: 309038
 2017-07-25 22:05:31 +00:00
Kostya Serebryany
de5f18254f [libFuzzer] prototype implementation of recursion-depth coverage features (commented out; real implementation needs to use inlined instrumentation) 
llvm-svn: 308577
 2017-07-20 01:35:17 +00:00
Kostya Serebryany
feac4ad640 [libFuzzer] simplify the handling of memmem/strstr 
llvm-svn: 307977
 2017-07-14 00:06:27 +00:00
Kostya Serebryany
2eca2a2e62 [libFuzzer] initial support of -fsanitize-coverage=inline-8bit-counters in libFuzzer. This is not fully functional yet, but simple tests work 
llvm-svn: 305331
 2017-06-13 22:31:21 +00:00
Kostya Serebryany
a4fa40e3fc [libFuzzer] simplify the code a bit 
llvm-svn: 299180
 2017-03-31 04:17:45 +00:00
Kostya Serebryany
1cd3b94a8f [libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while calling mem*/str* inside libFuzzer itself 
llvm-svn: 299167
 2017-03-31 02:21:28 +00:00
Kostya Serebryany
11d091e5c1 [libFuzzer] best effort support for -fsanitize-coverage=trace-pc instrumentation. It is less efficient and precise than -fsanitize-coverage=trace-pc-guard, but still works 
llvm-svn: 299046
 2017-03-30 01:27:20 +00:00
Kostya Serebryany
79485894bc [libFuzzer] create experimental support for user-provided coverage signal 
llvm-svn: 298654
 2017-03-23 22:43:12 +00:00
Kostya Serebryany
9dba50d07d [libFuzzer] inline the code of __sanitizer_cov_trace_pc_guard into it 
llvm-svn: 298032
 2017-03-17 01:45:15 +00:00
Kostya Serebryany
ffd7bbf928 [libFuzzer] remove more stale code 
llvm-svn: 297785
 2017-03-14 21:47:52 +00:00
Kostya Serebryany
3421df1bbe [libFuzzer] don't clear Counters in TracePC::CollectFeatures since they will be cleared anyway in ResetMaps 
llvm-svn: 297783
 2017-03-14 21:40:53 +00:00
Kostya Serebryany
b89ed45489 [libFuzzer] reorganize the tracing code to make it easier to experiment with inlined coverage instrumentation. NFC 
llvm-svn: 293928
 2017-02-02 19:56:01 +00:00
Kostya Serebryany
15ea268899 [libFuzzer] simplify the value profiling callback further: don't use (idx MOD prime) on the hot path where it is useless anyway 
llvm-svn: 293239
 2017-01-27 00:39:12 +00:00
Kostya Serebryany
17437719df [libFuzzer] simplify the value profile code and disable asan/msan on it 
llvm-svn: 293236
 2017-01-27 00:09:59 +00:00
Kostya Serebryany
481f9fd0e7 [libFuzzer] further simplify __sanitizer_cov_trace_pc_guard 
llvm-svn: 293128
 2017-01-26 01:34:58 +00:00
Mike Aizatsky
0ec97f6eea [libfuzzer] fixing collected pc addresses for coverage 
Summary: The causes google/ossfuzz#84

Reviewers: kcc

Subscribers: mgorny

Differential Revision: https://reviews.llvm.org/D28827

llvm-svn: 292289
 2017-01-17 23:11:32 +00:00
Kostya Serebryany
279707ab7f [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the code between cmp and memcmp handling) 
llvm-svn: 292287
 2017-01-17 23:09:05 +00:00
Kostya Serebryany
8bf798611b [libFuzzer] cleaner implementation of -print_pcs=1 
llvm-svn: 290739
 2016-12-30 01:13:07 +00:00
Mike Aizatsky
3faabcae1c [libfuzzer] dump_coverage command line flag 
Reviewers: kcc, vitalybuka

Differential Revision: https://reviews.llvm.org/D27942

llvm-svn: 290138
 2016-12-19 22:18:08 +00:00
Kostya Serebryany
610a56aecb [libFuzzer] when tracing switch statements, handle only one case at a time (to make things faster). Also ensure that the signals from value profile do not intersect with the regular coverage 
llvm-svn: 290031
 2016-12-17 02:03:34 +00:00
Kostya Serebryany
651d599e40 [libFuzzer] fix an UB (invalid shift) spotted by ubsan. The code worked fine by luck, because the way shifts actually work on clang+x86 
llvm-svn: 289607
 2016-12-13 22:49:14 +00:00
Marcos Pividori
750e7046bb [libFuzzer] Clean up headers and file formatting of LibFuzzer files. 
Reorganize #includes to follow LLVM Coding Standards.
Include some missing headers. Required to use `Printf()`.

Aside from that, this patch contains no functional change.
It is purely a re-organization.

Differential Revision: https://reviews.llvm.org/D27363

llvm-svn: 289560
 2016-12-13 17:46:11 +00:00
Kostya Serebryany
b73586a495 [libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( 
llvm-svn: 288731
 2016-12-05 23:35:22 +00:00
Kostya Serebryany
f659c44cdb [libFuzzer] do not initialize parts of TracePC -- let them be initialized by the linker. Add no-msan attribute to the memcmp hook. 
llvm-svn: 286665
 2016-11-11 23:06:53 +00:00
Kostya Serebryany
531e48b45b [libFuzzer] speculatively trying to fix the Mac build; second attempt 
llvm-svn: 285262
 2016-10-27 00:36:38 +00:00
Kostya Serebryany
616a813fef [libFuzzer] revert 285259 -- hit commit too soon 
llvm-svn: 285260
 2016-10-27 00:24:34 +00:00
Kostya Serebryany
f35719f98d [libFuzzer] speculatively trying to fix the Mac build 
llvm-svn: 285259
 2016-10-27 00:22:39 +00:00
Kostya Serebryany
f4f60661d6 [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once 
llvm-svn: 285223
 2016-10-26 18:52:04 +00:00
Kostya Serebryany
6c3749c78b [libFuzzer] simplify the code in TracePC::HandleTrace a bit more 
llvm-svn: 285147
 2016-10-26 00:42:52 +00:00
Kostya Serebryany
e2a231e776 [libFuzzer] simplify the code to print new PCs 
llvm-svn: 285145
 2016-10-26 00:20:51 +00:00
Kostya Serebryany
d64a9f9f9d [libFuzzer] simplify the code in TracePC::HandleTrace 
llvm-svn: 285142
 2016-10-25 23:52:25 +00:00
Kostya Serebryany
1f6ecd860a [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test 
llvm-svn: 285049
 2016-10-25 02:04:43 +00:00
Kostya Serebryany
c7f377f70d [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
llvm-svn: 284273
 2016-10-14 20:20:33 +00:00
Kostya Serebryany
8a332d88f1 [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a fix for gcc build 
llvm-svn: 284132
 2016-10-13 16:19:09 +00:00
Daniel Jasper
1efc6eadb0 Revert "[libFuzzer] refactoring to speed things up, NFC" 
This reverts commit r283946.

This breaks when build with GCC:
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes]
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch
lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here

llvm-svn: 283979
 2016-10-12 07:26:46 +00:00
Kostya Serebryany
77bcf6126c [libFuzzer] refactoring to speed things up, NFC 
llvm-svn: 283946
 2016-10-11 21:27:37 +00:00
Kostya Serebryany
3386751019 [libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it 
llvm-svn: 283841
 2016-10-11 01:14:41 +00:00
Kostya Serebryany
295957939e [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
llvm-svn: 283409
 2016-10-05 22:56:21 +00:00
Kostya Serebryany
ef40d08bcc [libFuzzer] add ShrinkValueProfileTest, move code around, NFC 
llvm-svn: 283286
 2016-10-05 01:09:40 +00:00
Kostya Serebryany
0d42a944a6 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default 
llvm-svn: 282995
 2016-10-01 01:04:29 +00:00
Kostya Serebryany
8e6582edf5 [libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input 
llvm-svn: 282829
 2016-09-30 01:19:56 +00:00