Mehdi Amini
9ff867f98c
[NFC] Header cleanup
...
Removed some unused headers, replaced some headers with forward class declarations.
Found using simple scripts like this one:
clear && ack --cpp -l '#include "llvm/ADT/IndexedMap.h"' | xargs grep -L 'IndexedMap[<]' | xargs grep -n --color=auto 'IndexedMap'
Patch by Eugene Kosov <claprix@yandex.ru>
Differential Revision: http://reviews.llvm.org/D19219
From: Mehdi Amini <mehdi.amini@apple.com>
llvm-svn: 266595
2016-04-18 09:17:29 +00:00
Kostya Serebryany
c84bd01bcd
[libFuzzer] add a better warning for command line flags with -- (two dashes)
...
llvm-svn: 266480
2016-04-15 21:56:29 +00:00
Hans Wennborg
338186f6bb
Remove redundant .c_str(), as suggested by PR25633
...
llvm-svn: 265988
2016-04-11 20:35:17 +00:00
Mike Aizatsky
3b54b31344
[libfuzzer] defensive assert
...
llvm-svn: 265866
2016-04-08 23:32:24 +00:00
Mike Aizatsky
347b1d5964
[libfuzzer] adding license headers to cpp files
...
Differential Revision: http://reviews.llvm.org/D18705
llvm-svn: 265174
2016-04-01 18:38:58 +00:00
Kostya Serebryany
c35be8422b
[libFuzzer] more docs
...
llvm-svn: 264803
2016-03-29 23:07:36 +00:00
Kostya Serebryany
cd9a640c0e
[libFuzzer] use fflush after every Printf
...
llvm-svn: 264459
2016-03-25 20:31:26 +00:00
Kostya Serebryany
6ff8ede73a
[libFuzzer] handle SIGTERM
...
llvm-svn: 264338
2016-03-24 21:03:58 +00:00
Kostya Serebryany
0cd69a5030
[libFuzzer] don't report memory leaks if we are dying due to a timeout (just use _Exit instead of exit in the timeout callback)
...
llvm-svn: 264237
2016-03-24 01:32:08 +00:00
Kostya Serebryany
da046b76fb
[libFuzzer] use fdopen+vfprintf instead of fsnprintf+write
...
llvm-svn: 264230
2016-03-24 00:57:32 +00:00
Kostya Serebryany
01af064f8d
[libFuzzer] add a flag close_fd_mask so that we can silence spammy targets by closing stderr/stdout
...
llvm-svn: 263831
2016-03-18 20:58:29 +00:00
Benjamin Kramer
fe1074fc43
[Fuzzer] Guard no_sanitize_memory attributes behind __has_feature.
...
Otherwise GCC fails to build it because it doesn't know the attribute.
llvm-svn: 263787
2016-03-18 14:19:19 +00:00
Kostya Serebryany
59ba2beb86
[libFuzzer] read corpus dirs recursively
...
llvm-svn: 263773
2016-03-18 01:36:00 +00:00
Kostya Serebryany
c99e69af78
[libFuzzer] improve -merge functionality
...
llvm-svn: 263769
2016-03-18 00:23:29 +00:00
Kostya Serebryany
e634bbeadd
[libFuzzer] deprecate several flags
...
llvm-svn: 263739
2016-03-17 19:59:39 +00:00
Kostya Serebryany
d8cee1fdf1
[libFuzzer] add __attribute__((no_sanitize_memory)) to two functions that may be called from signal handler(s) or from msan. This will hopefully avoid msan false reports which I can't reproduce
...
llvm-svn: 263737
2016-03-17 19:42:35 +00:00
Mike Aizatsky
34cbd6a60e
[libfuzzer] speeding up corpus load
...
llvm-svn: 263591
2016-03-15 21:47:21 +00:00
Kostya Serebryany
b66ed58c06
[libFuzzer] use max_len exactly equal to the max size of input. Fix 32-bit build
...
llvm-svn: 263518
2016-03-15 01:28:00 +00:00
Kostya Serebryany
5b93d4b15a
[libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes.
...
llvm-svn: 263323
2016-03-12 01:57:04 +00:00
Mike Aizatsky
a4ce43c759
[libfuzzer] adding std:string to allowed adaptable argument.
...
llvm-svn: 262757
2016-03-04 23:18:01 +00:00
Kostya Serebryany
c6f46ed530
[libFuzzer] log less when re-loading files; fix a silly bug: when running single files actually run all of them, not just the first one
...
llvm-svn: 262754
2016-03-04 22:35:40 +00:00
Mike Aizatsky
f9401b724f
[libfuzzer] arbitrary function adapter.
...
The adapter automates converting sequence of bytes into arbitrary
arguments.
Differential Revision: http://reviews.llvm.org/D17829
llvm-svn: 262673
2016-03-03 23:45:29 +00:00
Kostya Serebryany
fc674d4015
[libFuzzer] when interrupted, call _Exit() instead of exit()
...
llvm-svn: 262667
2016-03-03 22:36:37 +00:00
Kostya Serebryany
7dc222ec7a
[libFuzzer] add -Werror for libFuzzer build rule
...
llvm-svn: 262517
2016-03-02 21:08:16 +00:00
Dmitry Vyukov
d77444bc90
libfuzzer: fix compiler warnings
...
- unused sigaction/setitimer result (used in assert)
- unchecked fscanf return value
- signed/unsigned comparison
llvm-svn: 262472
2016-03-02 09:54:40 +00:00
Kostya Serebryany
96af1208c1
[libFuzzer] deprecate exit_on_first flag
...
llvm-svn: 262417
2016-03-01 22:33:14 +00:00
Kostya Serebryany
d5755334e5
[libFuzzer] add generic signal handlers so that libFuzzer can report at least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag.
...
llvm-svn: 262415
2016-03-01 22:19:21 +00:00
Kostya Serebryany
306353eaf8
[libFuzzer] remove FuzzerSanitizerOptions.cpp
...
llvm-svn: 262354
2016-03-01 17:46:32 +00:00
Rafael Espindola
c165498992
Refactor duplicated code for linking with pthread.
...
llvm-svn: 262344
2016-03-01 15:54:40 +00:00
Kostya Serebryany
33b6a19483
[libFuzzer] fixing the bot
...
llvm-svn: 262106
2016-02-27 03:14:23 +00:00
Kostya Serebryany
471f3a8bda
[libFuzzer] speedup path coverage handling
...
llvm-svn: 262102
2016-02-27 01:50:16 +00:00
Kostya Serebryany
503e17c728
[libFuzzer] add -print_final_stats=1 flag
...
llvm-svn: 262084
2016-02-26 22:42:23 +00:00
Kostya Serebryany
a9a412139e
[libFuzzer] initial implementation of path coverage based on -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds
...
llvm-svn: 262073
2016-02-26 21:33:56 +00:00
Kostya Serebryany
7ef7f142ff
[libFuzzer] only read MaxLen bytes from every file in the corpus to speedup loading the corpus
...
llvm-svn: 261267
2016-02-18 21:49:10 +00:00
Kostya Serebryany
080284668c
[libFuzzer] fix the libFuzzer bot
...
llvm-svn: 261184
2016-02-18 02:02:40 +00:00
Kostya Serebryany
a45a009f24
[libFuzzer] don't timeout when loading the corpus. Be a bit more verbose when loading large corpus.
...
llvm-svn: 261143
2016-02-17 19:42:34 +00:00
Kostya Serebryany
abc380db58
[libFuzzer] remove std::vector operations from hot paths, NFC
...
llvm-svn: 260829
2016-02-13 17:56:51 +00:00
Kostya Serebryany
bf966c5f23
[libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast
...
llvm-svn: 260810
2016-02-13 06:24:18 +00:00
Kostya Serebryany
ef83d4c558
[libFuzzer] remove the C++-ish variant of FuzzerDriver from the interface
...
llvm-svn: 260801
2016-02-13 03:59:26 +00:00
Kostya Serebryany
abf7df0972
[libFuzzer] simplify CTOR of MutationDispatcher
...
llvm-svn: 260800
2016-02-13 03:46:26 +00:00
Kostya Serebryany
cca951bf4c
[libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC)
...
llvm-svn: 260799
2016-02-13 03:37:24 +00:00
Kostya Serebryany
b9687a1cc3
[libFuzzer] get rid of UserSuppliedFuzzer; NFC
...
llvm-svn: 260798
2016-02-13 03:25:16 +00:00
Kostya Serebryany
9bf814b9ec
[libFuzzer] simplify the code around Random. NFC
...
llvm-svn: 260797
2016-02-13 03:00:53 +00:00
Kostya Serebryany
1bb500faf8
[libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea).
...
llvm-svn: 260796
2016-02-13 02:39:30 +00:00
Kostya Serebryany
b2451a8b09
[libFuzzer] provide a plain C interface for custom mutators (experimental)
...
llvm-svn: 260794
2016-02-13 02:29:38 +00:00
Kostya Serebryany
cf66bc968c
[libFuzzer] make -runs=N flag also affect the simple runner (will execute every input N times)
...
llvm-svn: 260649
2016-02-12 02:32:03 +00:00
Mike Aizatsky
c1c7e55502
[libfuzzer] Removing coverage-related flags from asan options.
...
Summary:
Reasons to remove are twofold:
- we don't really need coverage=1 for libfuzzer operation
- makes controlling coverage for fuzzer processes non-trivial.
Differential Revision: http://reviews.llvm.org/D17168
llvm-svn: 260611
2016-02-11 22:20:34 +00:00
Kostya Serebryany
b6b4bc42cc
[libFuzzer] hot fix a test
...
llvm-svn: 259732
2016-02-04 00:12:28 +00:00
Kostya Serebryany
036c2a2dea
[libFuzzer] don't write the test unit when a leak is detected (since we don't know which unit causes the leak)
...
llvm-svn: 259731
2016-02-04 00:02:17 +00:00
Kostya Serebryany
aa6ade3737
[libFuzzer] don't create too many trace-based mutations as it may be too slow
...
llvm-svn: 259600
2016-02-02 23:17:45 +00:00
Kostya Serebryany
4b2ab57d9f
[libFuzzer] allow passing 1 or more files as individual inputs
...
llvm-svn: 259459
2016-02-02 03:03:47 +00:00
Kostya Serebryany
dd149f22ae
[libFuzzer] fail if the corpus dir does not exist
...
llvm-svn: 259454
2016-02-02 02:07:26 +00:00
Kostya Serebryany
e3ec64cf18
[libFuzzer] add -timeout_exitcode option
...
llvm-svn: 259265
2016-01-29 23:30:07 +00:00
Kostya Serebryany
ccb79d88ac
[libFuzzer] re-enable test for -abort_on_timeout=1, this time protecting from ASAN_OPTIONS set outside
...
llvm-svn: 259263
2016-01-29 23:19:00 +00:00
Ivan Krasin
09873095d3
Temporary disable broken fuzzer/timeout tests.
...
Reviewers: kcc
Differential Revision: http://reviews.llvm.org/D16543
llvm-svn: 258702
2016-01-25 19:05:45 +00:00
Kostya Serebryany
0c11655f17
[libFuzzer] add -abort_on_timeout option
...
llvm-svn: 258631
2016-01-23 19:34:19 +00:00
Kostya Serebryany
548cef831b
[libFuzzer] add more fields to DictionaryEntry to count the number of uses and successes
...
llvm-svn: 258589
2016-01-22 23:55:14 +00:00
Ivan Krasin
ce1bcd8c31
Use std::piecewise_constant_distribution instead of ad-hoc binary search.
...
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.
Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed.
Reviewers: aizatsky, kcc
Subscribers: llvm-commits
Differential Revision: http://reviews.llvm.org/D16487
llvm-svn: 258571
2016-01-22 22:28:27 +00:00
Ivan Krasin
7b4522dc59
Revert r258473 as it's breaking the build with libc++
...
Reviewers: kcc
Differential Revision: http://reviews.llvm.org/D16441
llvm-svn: 258479
2016-01-22 03:21:52 +00:00
Ivan Krasin
db4009626d
Use std::piecewise_constant_distribution instead of ad-hoc binary search.
...
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.
Note: I had to change the seed for one test to make it pass. Alternatively,
the number of runs could be increased. I believe that the average time of
'foo' discovery is not increased, just seed=1 was particularly convenient
for the previous PRNG scheme used.
Reviewers: aizatsky, kcc
Subscribers: llvm-commits, kcc
Differential Revision: http://reviews.llvm.org/D16419
llvm-svn: 258473
2016-01-22 01:32:34 +00:00
Kostya Serebryany
f7155b3e82
[libFuzzer] don't do expensive memmem if the result will not be used
...
llvm-svn: 258462
2016-01-22 01:04:58 +00:00
Kostya Serebryany
0b3db26b9a
[libFuzzer] don't use std::vector in one more hot path
...
llvm-svn: 258380
2016-01-21 01:52:14 +00:00
Mike Aizatsky
d01a744fd9
[libfuzzer] use %p for printing addresses
...
llvm-svn: 258370
2016-01-21 00:02:09 +00:00
Kostya Serebryany
8820217862
[libFuzzer] use std::mt19937 for generating random numbers by default. Fix MyStoll to handle negative values. Use std::any_of instead of std::find_if
...
llvm-svn: 258178
2016-01-19 20:33:57 +00:00
Kostya Serebryany
0ae292d42e
[libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path
...
llvm-svn: 257985
2016-01-16 03:53:32 +00:00
Kostya Serebryany
d65aa3494d
[libFuzzer] introduce LLVMFuzzerInitialize
...
llvm-svn: 257980
2016-01-16 01:23:12 +00:00
Kostya Serebryany
87079ee20d
[libFuzzer] move some code from public interface header to a non-public header. NFC
...
llvm-svn: 257963
2016-01-16 00:04:36 +00:00
Kostya Serebryany
b40c61f46c
[libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1)
...
llvm-svn: 257873
2016-01-15 06:24:05 +00:00
Kostya Serebryany
2afdf677ec
[libFuzzer] use custom stol; also introduce __libfuzzer_is_present so that users can check for its presence.
...
llvm-svn: 257848
2016-01-15 00:17:37 +00:00
Kostya Serebryany
f77ffed10e
[libFuzzer] suggest a dictionary to the user of some of the trace-based dictionary entries were successful
...
llvm-svn: 257736
2016-01-14 02:36:44 +00:00
Kostya Serebryany
f050542d8f
[libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations
...
llvm-svn: 257713
2016-01-13 23:46:01 +00:00
Kostya Serebryany
89262beb8c
[libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector)
...
llvm-svn: 257701
2016-01-13 23:02:30 +00:00
Kostya Serebryany
ec88d2d728
[libFuzzer] make sure to update CurrentUnit when drilling
...
llvm-svn: 257560
2016-01-13 01:58:27 +00:00
Kostya Serebryany
7902538e08
[libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS
...
llvm-svn: 257482
2016-01-12 16:50:18 +00:00
Kostya Serebryany
df2508fcaf
[libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries
...
llvm-svn: 257435
2016-01-12 02:36:59 +00:00
Kostya Serebryany
929ac07474
[libFuzzer] add various debug prints. Also don't mutate based on a cmp trace like (a eq a) or (a neq a)
...
llvm-svn: 257434
2016-01-12 02:08:37 +00:00
Kostya Serebryany
dbfeeafbb3
[libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive the result of the computations. With that, don't do any mutations if memcmp/etc returned 0
...
llvm-svn: 257423
2016-01-12 00:43:42 +00:00
Kostya Serebryany
b57e7c0541
[libFuzzer] debug prints in tracing
...
llvm-svn: 257249
2016-01-09 03:46:08 +00:00
Kostya Serebryany
bdc66ac566
[libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary
...
llvm-svn: 257248
2016-01-09 03:08:58 +00:00
Kostya Serebryany
591d2f9d2d
[libFuzzer] don't limit memcmp tracing with 8 bytes
...
llvm-svn: 257245
2016-01-09 01:39:55 +00:00
Kostya Serebryany
71864fdc77
[libFuzzer] refactor the way we collect cmp traces (don't use std::vector, don't limit with 8 bytes)
...
llvm-svn: 257239
2016-01-09 00:38:40 +00:00
Kostya Serebryany
da719cf533
[libFuzzer] add a position hint to the dictionary-based mutator
...
llvm-svn: 257013
2016-01-07 01:49:35 +00:00
Kostya Serebryany
2c6246a7e6
[libFuzzer] extend the dictionary mutator to optionally overwrite data with the dict entry
...
llvm-svn: 256900
2016-01-06 02:13:04 +00:00
Mike Aizatsky
b1bf6550e4
[libfuzzer] print_new_cov_pcs experimental option.
...
Differential Revision: http://reviews.llvm.org/D15901
llvm-svn: 256882
2016-01-06 00:21:22 +00:00
Kostya Serebryany
7d302bb908
[libFuzzer] make trace-based fuzzing not crash in presence of threads
...
llvm-svn: 256876
2016-01-06 00:03:35 +00:00
Kostya Serebryany
066e99fd12
[libFuzzer] add AFL-style dictionary for C++, remove the old file with tokens
...
llvm-svn: 256229
2015-12-22 01:50:51 +00:00
Kostya Serebryany
4165eed18e
[libFuzzer] deprecate -save_minimized_corpus, -merge can be used instead
...
llvm-svn: 256086
2015-12-19 03:42:16 +00:00
Kostya Serebryany
9332fb3411
[libFuzzer] split the tests to run them in parallel, remove one redundant test
...
llvm-svn: 256085
2015-12-19 03:35:30 +00:00
Kostya Serebryany
ab36ca708c
[libFuzzer] make CrossOver just one of the other mutations
...
llvm-svn: 256081
2015-12-19 02:49:09 +00:00
Kostya Serebryany
e4adf51693
[libFuzzer] print successfull mutations sequences
...
llvm-svn: 256071
2015-12-19 01:09:49 +00:00
Peter Collingbourne
f8ab9e45d0
Fuzzer: Fix library dependencies.
...
Newer versions of libstdc++ (4.9+), as well as libc++, depend directly on
libpthread from the standard library headers, so libfuzzer needs to declare
a standard library dependency.
llvm-svn: 255745
2015-12-16 02:14:57 +00:00
Mike Aizatsky
ea27e92765
[LibFuzzer] Introducing FUZZER_FLAG_UNSIGNED and using it for seeding.
...
Differential Revision: http://reviews.llvm.org/D15339
done
llvm-svn: 255296
2015-12-10 20:41:53 +00:00
Kostya Serebryany
d2117b7607
[libFuzzer] don't reload the corpus more than once every second
...
llvm-svn: 254824
2015-12-05 02:09:22 +00:00
Kostya Serebryany
a69b412cc5
[libFuzzer] compute base64 in-process instead of using an external lib. Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746
...
llvm-svn: 254784
2015-12-04 22:29:39 +00:00
Mike Aizatsky
2444b7e49b
Libfuzzer: do not pass null into user function
...
Differential Revision: http://reviews.llvm.org/D15098
llvm-svn: 254558
2015-12-02 22:43:53 +00:00
Kostya Serebryany
6b2a558b5e
[libFuzzer] add a test that is built with -fsanitize-coverage=trace-bb
...
llvm-svn: 254484
2015-12-02 02:49:37 +00:00
Kostya Serebryany
4b6eeeca4b
[libFuzzer] add a flag -exact_artifact_path
...
llvm-svn: 254100
2015-11-25 21:40:46 +00:00
Kostya Serebryany
41c09f4dbc
[libFuzzer] don't crash when reporting a leak in test_single_input mode
...
llvm-svn: 253761
2015-11-21 03:46:43 +00:00
Kostya Serebryany
3250d874fb
[libFuzzer] remove default initializer as a workaround for https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399 . Don't need it anyway.
...
llvm-svn: 253419
2015-11-18 01:08:30 +00:00
Kostya Serebryany
2f218614e9
[libFuzzer] make libFuzzer build even with a compiler that does not have sanitizer headers
...
llvm-svn: 253003
2015-11-13 01:54:40 +00:00