Mike Aizatsky
8ccdf0a085
[libfuzzer] chromium-related compilation fixes
...
Reviewers: kcc
Differential Revision: https://reviews.llvm.org/D29502
llvm-svn: 294035
2017-02-03 20:26:44 +00:00
Kostya Serebryany
3aebdeff01
[libFuzzer] remove stale code
...
llvm-svn: 292325
2017-01-18 01:10:18 +00:00
Kostya Serebryany
8e3275c8d4
[libFuzzer] add ATTRIBUTE_NO_SANITIZE_MEMORY to sanitizer hooks
...
llvm-svn: 292295
2017-01-17 23:50:21 +00:00
Kostya Serebryany
279707ab7f
[libFuzzer] use table of recent compares for memcmp/strcmp (to unify the code between cmp and memcmp handling)
...
llvm-svn: 292287
2017-01-17 23:09:05 +00:00
Kostya Serebryany
6c2dbf2b38
[libFuzzer] remove dead code, NFC
...
llvm-svn: 291195
2017-01-06 00:09:40 +00:00
Zachary Turner
1bfb0bd243
Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
...
This resubmits r288529, which was resubmitted because it broke a
fuzzer bot. According to kcc@ the test that broke was flakey
and it is unlikely to be a result of this patch.
llvm-svn: 288549
2016-12-02 23:02:01 +00:00
Zachary Turner
1c51c497d8
Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
...
This reverts commit r288529, as it seems to introduce some
problems on the Linux bots.
llvm-svn: 288533
2016-12-02 20:54:56 +00:00
Zachary Turner
f47dc5c285
[LibFuzzer] Split FuzzerUtil for Posix and Windows.
...
Pave the way for separating out platform specific
utility functions into separate files.
Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27234
llvm-svn: 288529
2016-12-02 19:38:19 +00:00
Zachary Turner
03329c2c8b
[LibFuzzer] Split up some functions among different headers.
...
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't. IO functions, for example, tend to be platform
specific.
This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.
Aside from that, this patch contains no functional change. It
is purely a re-organization.
Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230
llvm-svn: 288264
2016-11-30 19:06:14 +00:00
Kostya Serebryany
c7f377f70d
[libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode
...
llvm-svn: 284273
2016-10-14 20:20:33 +00:00
Kostya Serebryany
ef40d08bcc
[libFuzzer] add ShrinkValueProfileTest, move code around, NFC
...
llvm-svn: 283286
2016-10-05 01:09:40 +00:00
Kostya Serebryany
783f41e2c2
[libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway
...
llvm-svn: 283187
2016-10-04 06:08:46 +00:00
Kostya Serebryany
1f0aefdb84
[libFuzzer] move value profiling logic into TracePC
...
llvm-svn: 282219
2016-09-23 00:46:18 +00:00
Kostya Serebryany
13b73c7438
[libFuzzer] change ValueBitMap to remember the number of bits in it
...
llvm-svn: 282216
2016-09-23 00:22:46 +00:00
Kostya Serebryany
89cc7aa29b
[libFuzzer] refactoring: split the large header into many; NFC
...
llvm-svn: 282044
2016-09-21 01:50:50 +00:00
Kostya Serebryany
8d5f2dcf39
[libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better
...
llvm-svn: 281007
2016-09-09 01:17:03 +00:00
Kostya Serebryany
1d077e5054
[libFuzzer] stop using bits for memcmp's value profile -- seems to blow up the corpus too much
...
llvm-svn: 280096
2016-08-30 14:39:33 +00:00
Kostya Serebryany
3620aadd00
[libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the fuzzer reaches the goal much faster, at least on the simple puzzles
...
llvm-svn: 280054
2016-08-30 03:05:50 +00:00
Kostya Serebryany
d305c04722
[libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests
...
llvm-svn: 280046
2016-08-30 01:30:14 +00:00
Kostya Serebryany
ed73edee45
[libFuzzer] use __attribute__((target("popcnt"))) only on x86_64
...
llvm-svn: 279601
2016-08-24 01:38:42 +00:00
Kostya Serebryany
b0ba8a2254
[libFuzzer] collect 64 states for value profile, not 65
...
llvm-svn: 279588
2016-08-23 23:37:37 +00:00
Kostya Serebryany
03331f9d41
[sanitizer-coverage/libFuzzer] instrument comparisons with __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer
...
llvm-svn: 279027
2016-08-18 01:25:28 +00:00
Kostya Serebryany
e538e94e53
[libFuzzer] force proper popcnt instruction
...
llvm-svn: 279002
2016-08-17 23:09:57 +00:00
Kostya Serebryany
8a3b057601
[libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage.
...
llvm-svn: 278839
2016-08-16 19:33:51 +00:00
Kostya Serebryany
175b53e526
[libFuzzer] properly intercept memmem
...
llvm-svn: 276006
2016-07-19 18:29:06 +00:00
Kostya Serebryany
88667faa02
[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp
...
llvm-svn: 275648
2016-07-15 23:27:19 +00:00
Mike Aizatsky
a189dc444c
[libfuzzer] moving is_ascii handler inside mutation dispatcher.
...
Summary: It also fixes a bug, when first random might not be ascii.
Differential Revision: http://reviews.llvm.org/D21573
llvm-svn: 273611
2016-06-23 20:44:48 +00:00
Richard Smith
52bc8c6b91
Fix compilation with GCC, which treats this as a constructor name not a type
...
name. (GCC is correct here per the latest language DRs.)
llvm-svn: 271044
2016-05-27 21:05:35 +00:00
Kostya Serebryany
14432c81d1
[libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFC
...
llvm-svn: 270922
2016-05-26 21:32:30 +00:00
Kostya Serebryany
7477d2d4c2
[libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended
...
llvm-svn: 270900
2016-05-26 20:03:02 +00:00
Kostya Serebryany
5b93d4b15a
[libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes.
...
llvm-svn: 263323
2016-03-12 01:57:04 +00:00
Dmitry Vyukov
d77444bc90
libfuzzer: fix compiler warnings
...
- unused sigaction/setitimer result (used in assert)
- unchecked fscanf return value
- signed/unsigned comparison
llvm-svn: 262472
2016-03-02 09:54:40 +00:00
Kostya Serebryany
b9687a1cc3
[libFuzzer] get rid of UserSuppliedFuzzer; NFC
...
llvm-svn: 260798
2016-02-13 03:25:16 +00:00
Kostya Serebryany
aa6ade3737
[libFuzzer] don't create too many trace-based mutations as it may be too slow
...
llvm-svn: 259600
2016-02-02 23:17:45 +00:00
Kostya Serebryany
f7155b3e82
[libFuzzer] don't do expensive memmem if the result will not be used
...
llvm-svn: 258462
2016-01-22 01:04:58 +00:00
Kostya Serebryany
0ae292d42e
[libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path
...
llvm-svn: 257985
2016-01-16 03:53:32 +00:00
Kostya Serebryany
b40c61f46c
[libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1)
...
llvm-svn: 257873
2016-01-15 06:24:05 +00:00
Kostya Serebryany
f050542d8f
[libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations
...
llvm-svn: 257713
2016-01-13 23:46:01 +00:00
Kostya Serebryany
89262beb8c
[libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector)
...
llvm-svn: 257701
2016-01-13 23:02:30 +00:00
Kostya Serebryany
7902538e08
[libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS
...
llvm-svn: 257482
2016-01-12 16:50:18 +00:00
Kostya Serebryany
df2508fcaf
[libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries
...
llvm-svn: 257435
2016-01-12 02:36:59 +00:00
Kostya Serebryany
929ac07474
[libFuzzer] add various debug prints. Also don't mutate based on a cmp trace like (a eq a) or (a neq a)
...
llvm-svn: 257434
2016-01-12 02:08:37 +00:00
Kostya Serebryany
dbfeeafbb3
[libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive the result of the computations. With that, don't do any mutations if memcmp/etc returned 0
...
llvm-svn: 257423
2016-01-12 00:43:42 +00:00
Kostya Serebryany
b57e7c0541
[libFuzzer] debug prints in tracing
...
llvm-svn: 257249
2016-01-09 03:46:08 +00:00
Kostya Serebryany
bdc66ac566
[libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary
...
llvm-svn: 257248
2016-01-09 03:08:58 +00:00
Kostya Serebryany
591d2f9d2d
[libFuzzer] don't limit memcmp tracing with 8 bytes
...
llvm-svn: 257245
2016-01-09 01:39:55 +00:00
Kostya Serebryany
71864fdc77
[libFuzzer] refactor the way we collect cmp traces (don't use std::vector, don't limit with 8 bytes)
...
llvm-svn: 257239
2016-01-09 00:38:40 +00:00
Kostya Serebryany
7d302bb908
[libFuzzer] make trace-based fuzzing not crash in presence of threads
...
llvm-svn: 256876
2016-01-06 00:03:35 +00:00
Kostya Serebryany
3250d874fb
[libFuzzer] remove default initializer as a workaround for https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399 . Don't need it anyway.
...
llvm-svn: 253419
2015-11-18 01:08:30 +00:00
Kostya Serebryany
8474784569
[libFuzzer] Marking exported symbols as visible. Patch by Mike Aizatsky
...
llvm-svn: 248954
2015-09-30 22:22:37 +00:00