Commit Graph

598 Commits

Author SHA1 Message Date
Kostya Serebryany 3d945f6247 [libFuzzer] revert 285259 -- hit commit too soon
llvm-svn: 285260
2016-10-27 00:24:34 +00:00
Kostya Serebryany 15cd6b4b10 [libFuzzer] speculatively trying to fix the Mac build
llvm-svn: 285259
2016-10-27 00:22:39 +00:00
Kostya Serebryany 2fabecaee3 [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once
llvm-svn: 285223
2016-10-26 18:52:04 +00:00
Kostya Serebryany 06b8757b57 [libFuzzer] simplify the code in TracePC::HandleTrace a bit more
llvm-svn: 285147
2016-10-26 00:42:52 +00:00
Kostya Serebryany a5b2e54fcb [libFuzzer] simplify the code to print new PCs
llvm-svn: 285145
2016-10-26 00:20:51 +00:00
Kostya Serebryany 275e260258 [libFuzzer] simplify the code in TracePC::HandleTrace
llvm-svn: 285142
2016-10-25 23:52:25 +00:00
Kostya Serebryany 117976818e [libFuzzer] add StandaloneFuzzTargetMain.c and a test for it
llvm-svn: 285135
2016-10-25 22:30:34 +00:00
Kostya Serebryany c48c93184a [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp
llvm-svn: 285109
2016-10-25 20:15:15 +00:00
Kostya Serebryany 3364f90783 [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test
llvm-svn: 285049
2016-10-25 02:04:43 +00:00
Kostya Serebryany 65f102d4d2 [libFuzzer] mutation: insert the size of the input in bytes as one of the ways to mutate a binary integer
llvm-svn: 284909
2016-10-22 03:48:53 +00:00
Kostya Serebryany 10ae9e23a3 [libFuzzer] typo in a test
llvm-svn: 284903
2016-10-22 01:07:38 +00:00
Kostya Serebryany 2bfff021ad [libFuzzer] add a test for asan's strict_string_checks=1
llvm-svn: 284902
2016-10-22 00:05:44 +00:00
Reid Kleckner ac2a2a86e4 Fix -Wunused-variable warning in libFuzzer
llvm-svn: 284838
2016-10-21 16:26:27 +00:00
Kostya Serebryany 95b1a434d2 [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files.
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp

Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
  (need to implement another API to get the module name by PC)

llvm-svn: 284554
2016-10-19 00:12:03 +00:00
Kostya Serebryany bb59ef77ca [libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file)
llvm-svn: 284514
2016-10-18 18:38:08 +00:00
Kostya Serebryany 8dfed45cd4 [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item
llvm-svn: 284508
2016-10-18 18:06:05 +00:00
Kostya Serebryany 9a4b10a56f [libFuzzer] swap bytes in integers when handling CMP traces
llvm-svn: 284301
2016-10-15 04:00:07 +00:00
Kostya Serebryany f9b8e8b117 [libFuzzer] better algorithm for -minimize_crash
llvm-svn: 284299
2016-10-15 01:00:24 +00:00
Kostya Serebryany e450e40741 [libFuzzer] remove subdir fuzzer-test-suite as it is now superseded with https://github.com/google/fuzzer-test-suite
llvm-svn: 284275
2016-10-14 20:26:40 +00:00
Kostya Serebryany a5f94fb6c9 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode
llvm-svn: 284273
2016-10-14 20:20:33 +00:00
Kostya Serebryany 0381374f96 [libFuzzer] more detailed message for disabled leak detection
llvm-svn: 284169
2016-10-13 22:24:10 +00:00
Kostya Serebryany a17d23eaa7 [libFuzzer] add -trace_malloc= flag
llvm-svn: 284149
2016-10-13 19:06:46 +00:00
Kostya Serebryany 17d176e16b [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a fix for gcc build
llvm-svn: 284132
2016-10-13 16:19:09 +00:00
Daniel Jasper 90d990e034 Revert "[libFuzzer] refactoring to speed things up, NFC"
This reverts commit r283946.

This breaks when build with GCC:
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes]
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch
lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here

llvm-svn: 283979
2016-10-12 07:26:46 +00:00
Kostya Serebryany a09d11e108 [libFuzzer] refactoring to speed things up, NFC
llvm-svn: 283946
2016-10-11 21:27:37 +00:00
Kostya Serebryany d19919a80e [libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it
llvm-svn: 283841
2016-10-11 01:14:41 +00:00
Kostya Serebryany 3e0e901a18 [libFuzzer] add switch tests
llvm-svn: 283840
2016-10-11 01:13:32 +00:00
Kostya Serebryany 7abb95d3b3 [libFuzzer] make a test less flaky
llvm-svn: 283686
2016-10-09 03:45:38 +00:00
Kostya Serebryany c5325ed29d [libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process
llvm-svn: 283682
2016-10-08 23:24:45 +00:00
Kostya Serebryany 9adc7c8b4a [libFuzzer] control the reload interval by a flag, make it 10 seconds by default
llvm-svn: 283676
2016-10-08 22:12:14 +00:00
Kostya Serebryany cd04ec25dd [libFuzzer] fix use-after-free in libFuzzer found by ... fuzzing.
llvm-svn: 283675
2016-10-08 21:57:48 +00:00
Kostya Serebryany 936b1e774f [libFuzzer] be more careful with memory usage, print peak rss in status lines
llvm-svn: 283418
2016-10-06 05:14:00 +00:00
Kostya Serebryany 3b564e9765 [libFuzzer] when re-running for lsan, don't look at the coverage
llvm-svn: 283411
2016-10-05 23:31:01 +00:00
Kostya Serebryany 1c73f1bf27 [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.
llvm-svn: 283409
2016-10-05 22:56:21 +00:00
Kostya Serebryany 379359c53a [libFuzzer] add ShrinkValueProfileTest, move code around, NFC
llvm-svn: 283286
2016-10-05 01:09:40 +00:00
Kostya Serebryany 2455f0d013 [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines
llvm-svn: 283279
2016-10-05 00:25:17 +00:00
Kostya Serebryany 4820cc988f [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway
llvm-svn: 283187
2016-10-04 06:08:46 +00:00
Kostya Serebryany 5a52a11ce4 [libFuzzer] change the probabilities so that we choose only the inputs that are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now)
llvm-svn: 283178
2016-10-04 01:51:44 +00:00
Kostya Serebryany a5f1adab56 [libFuzzer] add fuzzer test for libxml2, finds https://bugzilla.gnome.org/show_bug.cgi?id=751631
llvm-svn: 283024
2016-10-01 07:37:40 +00:00
Kostya Serebryany d1f31d0a49 [libFuzzer] fix a recent bugs (buffer overflow)
llvm-svn: 283021
2016-10-01 07:13:25 +00:00
Kostya Serebryany d216922a80 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default
llvm-svn: 282995
2016-10-01 01:04:29 +00:00
Kostya Serebryany 90f8f36bca [libFuzzer] remove some experimental code
llvm-svn: 282983
2016-09-30 23:29:27 +00:00
Kostya Serebryany 7022b94687 [libFuzzer] fix openssl fuzzer tests when running on a machine w/o openssl installed
llvm-svn: 282972
2016-09-30 22:35:08 +00:00
Kostya Serebryany e7e790bad6 [libFuzzer] remove unused option
llvm-svn: 282971
2016-09-30 22:29:57 +00:00
Kostya Serebryany b7e7a5473d [libFuzzer] move common parts of shell scripts into a separate file
llvm-svn: 282954
2016-09-30 21:12:30 +00:00
Kostya Serebryany cfa31b6307 [libFuzzer] add a fuzzer test that finds CVE-2015-3193
llvm-svn: 282892
2016-09-30 18:16:16 +00:00
Kostya Serebryany cad612a472 [libfuzzer] test for c-ares CVE-2016-5180
llvm-svn: 282839
2016-09-30 05:15:45 +00:00
Kostya Serebryany b3949ef885 [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard)
llvm-svn: 282831
2016-09-30 01:24:57 +00:00
Kostya Serebryany 2c55613a08 [libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input
llvm-svn: 282829
2016-09-30 01:19:56 +00:00
Kostya Serebryany a9b0dd0e51 [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals
llvm-svn: 282735
2016-09-29 17:43:24 +00:00
Kostya Serebryany a9a135b4f5 [libFuzzer] initialize ValueBitMap::NumBits
llvm-svn: 282721
2016-09-29 15:51:28 +00:00
Kostya Serebryany 3ee6c213d6 [libFuzzer] speedup TracePC::FinalizeTrace
llvm-svn: 282562
2016-09-28 01:16:24 +00:00
Kostya Serebryany 7d6935c184 [libFuzzer] run re2 test in 8 threads by default
llvm-svn: 282469
2016-09-27 03:33:57 +00:00
Kostya Serebryany 45c144754b [sanitizer-coverage] fix a bug in trace-gep
llvm-svn: 282467
2016-09-27 01:55:08 +00:00
Kostya Serebryany 53543af036 [libFuzzer] add a test based on openssl-1.0.1f (finds heartbleed)
llvm-svn: 282460
2016-09-27 00:27:40 +00:00
Kostya Serebryany 5ff481fd9e [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag
llvm-svn: 282458
2016-09-27 00:10:20 +00:00
Kostya Serebryany 273d767215 [libFuzzer] add a standalone build script
llvm-svn: 282321
2016-09-24 04:00:00 +00:00
Kostya Serebryany 0800b81a21 [libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features.
llvm-svn: 282316
2016-09-23 23:51:58 +00:00
Kostya Serebryany 2d1d944f7e [libFuzzer] first steps in adding a proper automated test suite based on real-life code: add a script to build RE2 at a revision that has known bugs
llvm-svn: 282292
2016-09-23 20:43:22 +00:00
Kostya Serebryany 0d26de3922 [libFuzzer] reset Counters (trace-pc-guard) before every run
llvm-svn: 282284
2016-09-23 20:04:13 +00:00
Kostya Serebryany ce1cab169f [libFuzzer] be more precise about what we reset in TracePC
llvm-svn: 282225
2016-09-23 02:18:59 +00:00
Kostya Serebryany 16a145fd0f [libFuzzer] fix merging with trace-pc-guard
llvm-svn: 282224
2016-09-23 01:58:51 +00:00
Kostya Serebryany 87a598e19f [libFuzzer] simplify the TracePC logic
llvm-svn: 282222
2016-09-23 01:20:07 +00:00
Kostya Serebryany ab73c6924f [libFuzzer] move value profiling logic into TracePC
llvm-svn: 282219
2016-09-23 00:46:18 +00:00
Kostya Serebryany d28099de5d [libFuzzer] change ValueBitMap to remember the number of bits in it
llvm-svn: 282216
2016-09-23 00:22:46 +00:00
Kostya Serebryany be0ed59cdc [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen
llvm-svn: 282211
2016-09-22 23:16:36 +00:00
Kostya Serebryany 624f59f4d8 [libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings
llvm-svn: 282129
2016-09-22 01:34:58 +00:00
Kostya Serebryany c9e3de35ed [libFuzzer] one more test
llvm-svn: 282127
2016-09-22 00:57:29 +00:00
Kostya Serebryany 29bb664075 [libFuzzer] add stats to the corpus; more refactoring
llvm-svn: 282121
2016-09-21 22:42:17 +00:00
Kostya Serebryany 20801e1b8a [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one.
llvm-svn: 282115
2016-09-21 21:41:48 +00:00
Kostya Serebryany 8658618ea0 [libFuzzer] more refactoring
llvm-svn: 282113
2016-09-21 21:17:23 +00:00
Kostya Serebryany 225d8e45d4 [libFuzzer] fix libc++ build
llvm-svn: 282050
2016-09-21 03:50:37 +00:00
Kostya Serebryany 556894fb10 [libFuzzer] more refactoring; NFC
llvm-svn: 282047
2016-09-21 02:05:39 +00:00
Kostya Serebryany 6f5a804cdb [libFuzzer] refactoring: split the large header into many; NFC
llvm-svn: 282044
2016-09-21 01:50:50 +00:00
Kostya Serebryany 09aa01a6f8 [libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features
llvm-svn: 282042
2016-09-21 01:04:43 +00:00
Kostya Serebryany 3750c04f7e [libFuzzer] use sleep() instead of std::this_thread::sleep_for to avoid coverage from instrumented libc++
llvm-svn: 281933
2016-09-19 20:32:34 +00:00
Kostya Serebryany b706b481ba [libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer
llvm-svn: 281866
2016-09-18 21:47:08 +00:00
Kostya Serebryany 8e781a888a [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change the guard type to intptr_t; use separate array for 8-bit counters
llvm-svn: 281845
2016-09-18 04:52:23 +00:00
Kostya Serebryany bc3789a919 [libFuzzer] properly reset the guards when reseting the coverage. Also try to fix check-fuzzer on the bot
llvm-svn: 281814
2016-09-17 06:01:55 +00:00
Kostya Serebryany 3e36ec1d18 [libFuzzer] change trace-pc to use 8-byte guards
llvm-svn: 281810
2016-09-17 05:04:47 +00:00
Kostya Serebryany 0984517021 [libFuzzer] make caller-callee feedback work with trace-pc-guard
llvm-svn: 281667
2016-09-15 22:16:15 +00:00
Kostya Serebryany 21c3573733 [libFuzzer] fix the build for AFLDriverTest
llvm-svn: 281633
2016-09-15 18:10:38 +00:00
Kostya Serebryany 09e416615e [libFuzzer] disable test that requires debug info -- it fails on the bot
llvm-svn: 281584
2016-09-15 05:46:58 +00:00
Kostya Serebryany 0b47fbcb30 [libFuzzer] move the AFL driver build rule test into the uninstrumented dir
llvm-svn: 281583
2016-09-15 05:17:39 +00:00
Kostya Serebryany 33a497abf4 [libFuzzer] fix print_pcs test
llvm-svn: 281580
2016-09-15 04:43:06 +00:00
Kostya Serebryany 5350178487 [libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic)
llvm-svn: 281577
2016-09-15 04:36:45 +00:00
Kostya Serebryany a5277d59d0 [libFuzzer] add 8-bit counters to trace-pc-guard handler
llvm-svn: 281568
2016-09-15 01:30:18 +00:00
Kostya Serebryany a00b243c75 [libFuzzer] start using trace-pc-guard as an alternative source of coverage
llvm-svn: 281435
2016-09-14 02:13:06 +00:00
Kostya Serebryany 8c537c556a [libFuzzer] print a failed-merge warning only in the merge mode
llvm-svn: 281130
2016-09-10 02:17:22 +00:00
Kostya Serebryany 4529960a3b [libFuzzer] don't print help for internal flags
llvm-svn: 281124
2016-09-10 00:35:30 +00:00
Kostya Serebryany b991cc1f0e [libFuzzer] print a visible message if merge fails due to a crash
llvm-svn: 281122
2016-09-10 00:15:41 +00:00
Kostya Serebryany 1837152a34 [libFuzzer] use sizeof() in tests instead of 4 and 8
llvm-svn: 281111
2016-09-09 22:21:16 +00:00
Kostya Serebryany 4b17a331ae [libFuzzer] one more puzzle for value profile
llvm-svn: 281106
2016-09-09 21:58:42 +00:00
Kostya Serebryany 00ef27112e [libFuzzer] one more puzzle, value_profile cracks it in a second
llvm-svn: 281066
2016-09-09 18:00:04 +00:00
Kostya Serebryany b76a2a5503 [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itself
llvm-svn: 281016
2016-09-09 02:38:28 +00:00
Kostya Serebryany 8ea4f9873b [libFuzzer] remove unneeded call
llvm-svn: 281014
2016-09-09 01:57:38 +00:00
Kostya Serebryany 5c04bd250e [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better
llvm-svn: 281007
2016-09-09 01:17:03 +00:00
Kostya Serebryany e2d0f63654 [libFuzzer] add -minimize_crash flag (to minimize crashers). also add two tests that I failed to commit last time
llvm-svn: 280332
2016-09-01 01:22:27 +00:00
Mike Aizatsky b077d3fef2 [libfuzzer] simplified unit truncation; do not write trunc items to disc
Differential Revision: https://reviews.llvm.org/D24049

llvm-svn: 280153
2016-08-30 20:49:07 +00:00
Kostya Serebryany a016a45d60 [libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow
llvm-svn: 280098
2016-08-30 14:52:05 +00:00
Kostya Serebryany 248d11519a [libFuzzer] stop using bits for memcmp's value profile -- seems to blow up the corpus too much
llvm-svn: 280096
2016-08-30 14:39:33 +00:00
Kostya Serebryany d4492f8101 [libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the fuzzer reaches the goal much faster, at least on the simple puzzles
llvm-svn: 280054
2016-08-30 03:05:50 +00:00
Kostya Serebryany 4d22e4fcb9 [libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests
llvm-svn: 280046
2016-08-30 01:30:14 +00:00
Kostya Serebryany 3e5991e540 [libFuzzer] simplify a test to make it pass on the bot
llvm-svn: 279796
2016-08-26 00:18:16 +00:00
Kostya Serebryany 1426f59a76 [libFuzzer] make sure we have symbols on fuzzer tests
llvm-svn: 279792
2016-08-25 23:30:02 +00:00
Kostya Serebryany 0f0fa4faf2 [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them
llvm-svn: 279787
2016-08-25 22:35:08 +00:00
Kostya Serebryany f67357c671 [libFuzzer] simplify the code, NFC
llvm-svn: 279697
2016-08-25 01:25:03 +00:00
Kostya Serebryany 41bcb830af [libFuzzer] make a test more deterministic
llvm-svn: 279686
2016-08-24 23:10:17 +00:00
Kostya Serebryany bceadcf1cd [libFuzzer] use __attribute__((target("popcnt"))) only on x86_64
llvm-svn: 279601
2016-08-24 01:38:42 +00:00
Kostya Serebryany ac524cfcce [libFuzzer] collect 64 states for value profile, not 65
llvm-svn: 279588
2016-08-23 23:37:37 +00:00
Kostya Serebryany a533e514b8 [libFuzzer] fix the non-debug build warnings
llvm-svn: 279321
2016-08-19 20:57:09 +00:00
Kostya Serebryany 32661f9d66 [libFuzzer] add more __attribute__((visibility("default")))
llvm-svn: 279143
2016-08-18 20:52:52 +00:00
Kostya Serebryany 524c3f32e7 [sanitizer-coverage/libFuzzer] instrument comparisons with __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer
llvm-svn: 279027
2016-08-18 01:25:28 +00:00
Kostya Serebryany 5a5d5548f0 [libFuzzer] force proper popcnt instruction
llvm-svn: 279002
2016-08-17 23:09:57 +00:00
Kostya Serebryany e72774dd69 [libFuzzer] given 0 and 255 more preference when inserting repeated bytes
llvm-svn: 278986
2016-08-17 21:50:54 +00:00
Kostya Serebryany 0c537b124c [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage from r278970
llvm-svn: 278982
2016-08-17 21:30:30 +00:00
Kostya Serebryany a9a548049a [libFuzzer] when printing the reproducer input, also print the base input and the mutation sequence
llvm-svn: 278975
2016-08-17 20:45:23 +00:00
Justin Bogner cd1d5aaf2e Replace a few more "fall through" comments with LLVM_FALLTHROUGH
Follow up to r278902. I had missed "fall through", with a space.

llvm-svn: 278970
2016-08-17 20:30:52 +00:00
Kostya Serebryany a7398ba024 [libFuzzer] more mutations
llvm-svn: 278950
2016-08-17 18:10:42 +00:00
Kostya Serebryany 3044390af1 [libFuzzer] minor speed improvement
llvm-svn: 278856
2016-08-16 21:28:05 +00:00
Kostya Serebryany d46a59fac4 [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage.
llvm-svn: 278839
2016-08-16 19:33:51 +00:00
Kostya Serebryany c98ef718ea [libFuzzer] refactoring around PCMap, NFC
llvm-svn: 278825
2016-08-16 17:37:13 +00:00
Kostya Serebryany bdb220c7a0 [libFuzzer] print a verbose message after executing inputs in non-fuzzing mode
llvm-svn: 278724
2016-08-15 19:44:04 +00:00
Kostya Serebryany a0d40a21e7 [libFuzzer] fix the bot
llvm-svn: 278721
2016-08-15 19:36:13 +00:00
Kostya Serebryany dfbe59b03d [libFuzzer] add InsertRepeatedBytes and EraseBytes.
New mutation: InsertRepeatedBytes.
Updated mutation: EraseByte => EraseBytes.

This helps https://github.com/google/sanitizers/issues/710
where libFuzzer was not able to find a known bug.
Now it finds it in minutes.

Hopefully, the change is general enough to help other targets.

llvm-svn: 278687
2016-08-15 17:48:28 +00:00
Dan Liew ed3c9cae49 [LibFuzzer] Fix `-jobs=<N>` where <N> > 1 and the number of workers is > 1 on macOS.
The original `ExecuteCommand()` called `system()` from the C library.
The C library implementation of this on macOS contains a mutex which
serializes calls to `system()`. This prevented the `-jobs=` flag
from running copies of the fuzzing binary in parallel which is
the opposite of what is intended.

To fix this on macOS an alternative implementation of `ExecuteCommand()`
is provided that can be used concurrently. This is provided in
`FuzzerUtilDarwin.cpp` which is guarded to only compile code on Apple
platforms. The existing implementation has been moved to a new file
`FuzzerUtilLinux.cpp` which is guarded to only compile code on Linux.

This commit includes a simple test to check that LibFuzzer is being
executed in parallel when requested.

Differential Revision: https://reviews.llvm.org/D22742

llvm-svn: 278544
2016-08-12 18:29:36 +00:00
Kostya Serebryany 728447bd3b [libFuzzer] make libFuzzer work with a bit older clang versions
llvm-svn: 277941
2016-08-06 21:28:56 +00:00
Kostya Serebryany ff1f2107ec [libFuzzer] don't print bogus error message
llvm-svn: 277940
2016-08-06 21:23:29 +00:00
Mike Aizatsky a8e84b9b37 [libfuzzer] do not warn about missing pcbuffer functions: they are new.
llvm-svn: 277927
2016-08-06 17:03:22 +00:00
Mike Aizatsky b4bbc3bb7a [sanitizers] trace buffer API to use user-allocated buffer.
Differential Revision: https://reviews.llvm.org/D23185

llvm-svn: 277859
2016-08-05 20:09:53 +00:00
Kostya Serebryany 0ccf06f467 [libFuzzer] extend the messages printed by afl_driver
llvm-svn: 276052
2016-07-19 23:18:28 +00:00
Kostya Serebryany 6b08be9279 [libFuzzer] properly intercept memmem
llvm-svn: 276006
2016-07-19 18:29:06 +00:00
Kostya Serebryany c135b55ae0 [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp
llvm-svn: 275648
2016-07-15 23:27:19 +00:00
Kostya Serebryany 5d9a17742e [libFuzzer] add ThreadedLeakTest
llvm-svn: 275582
2016-07-15 17:19:43 +00:00
Dan Liew 30ca81f1f7 [LibFuzzer] Unbreak the build on macOS which was broken by r272858.
``afl_driver.cpp`` currently relies on weak symbols which doesn't
work properly under macOS. For now fix the build by providing a
dummy implementation of ``LLVMFuzzerInitialize(...)``. This is just
a temporary measure until we fix ``afl_driver.cpp`` for macOS.

llvm-svn: 274778
2016-07-07 18:14:11 +00:00
Mike Aizatsky 8ba86a5a48 [libFuzzer] Let user specify extra stats file.
Summary: If AFL_DRIVER_EXTRA_STATS_FILENAME is set and valid, write to it peak_rss_mb and slowest_unit_time_sec. These are both stats that libFuzzer can print but afl cannot.

Reviewers: kcc, aizatsky, metzman

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D21742

llvm-svn: 274273
2016-06-30 20:43:06 +00:00
Mike Aizatsky f0b3e85f4e [libfuzzer] moving is_ascii handler inside mutation dispatcher.
Summary: It also fixes a bug, when first random might not be ascii.

Differential Revision: http://reviews.llvm.org/D21573

llvm-svn: 273611
2016-06-23 20:44:48 +00:00
Vitaly Buka 0618cbacb6 [libFuzzer] Add standard license info and comment header to AFLDriverTest.cpp
Summary: Add license info and brief description of file to AFLDriverTest.cpp.

Reviewers: kcc, aizatsky

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D21487

llvm-svn: 273527
2016-06-23 02:19:36 +00:00
Kostya Serebryany 042d1a7b04 [libFuzzer] make the single-run output more reliable
llvm-svn: 272998
2016-06-17 13:07:06 +00:00
Kostya Serebryany fd6ad5bba9 [libFuzzer] use the new chainable malloc hooks instead of the old un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable
llvm-svn: 272948
2016-06-16 20:17:41 +00:00
Vitaly Buka 7bd4720e6b Fix test from D21194
Bot sets ASAN_OPTIONS=handle_abort=1 which prevents expected crash.

llvm-svn: 272866
2016-06-16 01:52:48 +00:00
Vitaly Buka d6da8f6612 Debugging D21194 issues on bot
llvm-svn: 272863
2016-06-16 01:26:46 +00:00
Vitaly Buka d01720d46d Enable libFuzzer's afl_driver to append stderr to a file.
Summary:
[libFuzzer] Enable afl_driver to append stderr to a user specified file.

Append stderr of afl_driver to the file specified by the environmental variable
AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs
on crashes without rerunning crashing test cases (which won't work for crashes
that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz
and users would have no way of seeing it.

Reviewers: llvm-commits, aizatsky, kcc, vitalybuka

Subscribers: vitalybuka

Differential Revision: http://reviews.llvm.org/D21194

llvm-svn: 272858
2016-06-16 00:14:42 +00:00
Dan Liew c4989d27b5 [LibFuzzer] Fix ``FuzzerMutate.ShuffleBytes2`` unit test on OSX.
The ``FuzzerMutate.ShuffleBytes2`` unit test was failing on
OSX due to the implementation of ``std::random_shuffle()``
being different between libcxx and libstdc++.

@kcc has decided (see http://reviews.llvm.org/D21218) it is acceptable
for there to be different mutation behavior on different platforms so
this commit just adjusts the test to perform the minimum number of
iterations (that is a power of 2) to see all the mutations the unit test
is looking for.

Differential Revision: http://reviews.llvm.org/D21359

llvm-svn: 272743
2016-06-15 01:40:02 +00:00
Vitaly Buka dca553d021 Revert "Enable libFuzzer's afl_driver to append stderr to a file."
Crashes with AddressSanitizer: SEGV on unknown address
http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer/builds/9924/steps/annotate/logs/stdio

This reverts commit r272706.

llvm-svn: 272726
2016-06-14 22:09:00 +00:00
Vitaly Buka 4b73cc88bf Enable libFuzzer's afl_driver to append stderr to a file.
Summary:
[libFuzzer] Enable afl_driver to append stderr to a user specified file.

Append stderr of afl_driver to the file specified by the environmental variable
AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs
on crashes without rerunning crashing test cases (which won't work for crashes
that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz
and users would have no way of seeing it.

Reviewers: llvm-commits, aizatsky, kcc, vitalybuka

Subscribers: vitalybuka

Differential Revision: http://reviews.llvm.org/D21194

llvm-svn: 272706
2016-06-14 20:42:05 +00:00
Dan Liew 916bc2b024 [LibFuzzer] Disable the ``fuzzer-trace-pc.test`` test on non-linux platforms.
On OSX this test sometimes fails due to the
``LLVMFuzzer-FullCoverageSetTest-TracePC`` program going over the
default 2GiB memory limit. This shouldn't be happening and needs
investigating. For now just disable the test so we can set up an
OSX buildbot.

Differential Revision: http://reviews.llvm.org/D21319

llvm-svn: 272696
2016-06-14 19:15:13 +00:00
Dan Liew 02432480c7 [LibFuzzer] Move tests in ``fuzzer-traces.test`` that require hooks to their own test.
The tests in ``fuzzer-traces-hooks.test`` only work on Linux because calls to hooks
(e.g. ``__sanitizer_weak_hook_memcmp()``) from inside the sanitizer
runtime are only implemented on Linux. Therefore these tests are set to
only run on Linux.

Differential Revision: http://reviews.llvm.org/D21253

llvm-svn: 272600
2016-06-14 00:11:34 +00:00
Dan Liew 0617f15897 [LibFuzzer] Fix some unit test crashes on OSX.
This fixes the following unit tests:

FuzzerDictionary.ParseOneDictionaryEntry
FuzzerDictionary.ParseDictionaryFile

The issue appears to be mixing non-ASan-ified code (LibFuzzer) and
ASan-ified code (the unittest) as the tests would pass fine if
everything was built with ASan enabled.

I believe the issue is that different implementations of std::vector<>
are being used in LibFuzzer and outside LibFuzzer (in the unittests).
For Libcxx (I've not seen the issue manifest for libstdc++) we can disable
the ASanified std::vector<> by definining the ``_LIBCPP_HAS_NO_ASAN`` macro.
Doing this fixes the tests on OSX.

Differential Revision: http://reviews.llvm.org/D21049

llvm-svn: 272374
2016-06-10 05:33:07 +00:00
Kostya Serebryany f7798526b9 [libFuzzer] add one more OOM test, which we currently don't handle very well
llvm-svn: 272240
2016-06-09 01:20:35 +00:00
Kostya Serebryany 53b7b3ca5f [libFuzzer] add 'weak' back to __sanitizer_malloc_hook and __sanitizer_free_hook
llvm-svn: 272116
2016-06-08 04:49:29 +00:00
Kostya Serebryany 76f425211e [libFuzzer] add a test that is built w/o coverage instrumentation but has the coverage rt (it should now fail with a descriptive message)
llvm-svn: 272090
2016-06-08 01:46:13 +00:00
Dan Liew 1873a496e2 [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``
This fixes linking problems on OSX.

Unfortunately it turns out we need to use an instance of the
``fuzzer::ExternalFunctions`` object in several places so this
commit also replaces all instances with a single global instance.

It also turns out initializing a global ``fuzzer::ExternalFunctions``
before main is entered (i.e. letting the object be initialised by the
global initializers) is not safe (on OSX the call to ``Printf()`` in the
CTOR crashes if it is called from a global initializer) so we instead
have a global ``fuzzer::ExternalFunctions*`` and initialize it inside
``FuzzerDriver()``.

Multiple unit tests depend also depend on the
``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been
added that initializes it before running any tests.

Differential Revision: http://reviews.llvm.org/D20943

llvm-svn: 272072
2016-06-07 23:32:50 +00:00
Dan Liew 1d0a9fd089 [LibFuzzer] Split the fuzzer-oom.test into two tests.
This is necessary because the existing fuzzer-oom.test was Linux
specific due to its use of __sanitizer_print_memory_profile() which
is only available on Linux right now and so the test would fail on OSX.

Differential Revision: http://reviews.llvm.org/D20977

llvm-svn: 272061
2016-06-07 21:23:30 +00:00
Mike Aizatsky 41d6683c39 [libfuzzer] custom crossover interface function.
Differential Revision: http://reviews.llvm.org/D21089

llvm-svn: 272054
2016-06-07 20:22:15 +00:00
Mike Aizatsky 1f88b12272 [libfuzzer] prune_corpus option for disabling pruning during the load.
Summary:
The option is very useful for testing, plus I intend to measure
its effect on fuzzer effectiveness.

Differential Revision: http://reviews.llvm.org/D21084

llvm-svn: 272035
2016-06-07 18:16:32 +00:00
Dan Liew d15c106c9b [LibFuzzer] s/dataflow sanitizer/DataflowSanitizer/
llvm-svn: 271980
2016-06-07 04:44:49 +00:00
Dan Liew 0d09f14554 [LibFuzzer] Disable building and running LSan tests on Apple platforms because LSan is not currently supported.
Differential Revision: http://reviews.llvm.org/D20947

llvm-svn: 271979
2016-06-07 04:44:39 +00:00
Dan Liew 5914407185 [LibFuzzer] Provide stub implementation of __sanitizer_cov_trace_pc_indir
Calls to this function are currently injected by the
``SanitizerCoverageModule`` pass when the both the ``indirect-calls``
and ``trace-pc`` sanitizer coverage options are enabled and the code
being instrumented has indirect calls. Previously because LibFuzzer did
not define this function this would lead to link errors when building
some of the tests on OSX.

Differential Revision: http://reviews.llvm.org/D20946

llvm-svn: 271938
2016-06-06 20:27:09 +00:00
Mike Aizatsky 70fd3e412a [libfuzzer] hiding custom mutator handling in MutationDispatcher.
Summary: Refactoring, no functional changes.

Differential Revision: http://reviews.llvm.org/D20975

llvm-svn: 271740
2016-06-03 21:34:29 +00:00
Mike Aizatsky 3c1782f23b [libfuzzer] splitting fuzzer.test
llvm-svn: 271697
2016-06-03 18:05:22 +00:00
Dan Liew fba4a67a32 [LibFuzzer] Disable compiling and running the LibFuzzer dataflow sanitizer tests on Apple platforms.
This fixes a broken part of the build on OSX as the dataflow sanitizer is not supported
on OSX yet.

Differential Revision: http://reviews.llvm.org/D20894

llvm-svn: 271492
2016-06-02 05:48:09 +00:00
Dan Liew d3c33116fd [LibFuzzer] Reimplement how the optional user functions are called.
The motivation for this change is to fix linking issues on OSX.
However this only partially fixes linking issues (the uninstrumented
tests and a few others  won't succesfully link yet).

This change introduces a struct of function pointers
(``fuzzer::ExternalFuntions``) which when initialised will point to the
optional functions if they are available.  Currently these
``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions.

Two implementations of ``fuzzer::ExternalFunctions`` constructor are
provided one for Linux and one for OSX.

The OSX implementation uses ``dlsym()`` because the prior implementation
using weak symbols does not work unless the additional flags are passed
to the linker.

The Linux implementation continues to use weak symbols because the
``dlsym()`` approach does not work unless additional flags are passed
to the linker.

Differential Revision: http://reviews.llvm.org/D20741

llvm-svn: 271491
2016-06-02 05:48:02 +00:00
Kostya Serebryany f6414426f2 [libFuzzer] use __sanitizer_print_memory_profile to print the memory profile on OOM
llvm-svn: 271465
2016-06-02 01:33:11 +00:00
Kostya Serebryany f817731a19 [libFuzzer] when an invalid flag is given, warn, but don't crash
llvm-svn: 271404
2016-06-01 16:41:12 +00:00
Kostya Serebryany 4795210f9c [libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL caused a push_back in the main corpus invalidating the vector<> iterators in rare cases.
llvm-svn: 271186
2016-05-29 15:58:57 +00:00
Kostya Serebryany 311cc8378e [libFuzzer] fix a failure that occurs when running individual inputs
llvm-svn: 271095
2016-05-28 04:19:46 +00:00
Kostya Serebryany 470d04400e [libFuzzer] use __sanitizer_set_report_fd with -close_fd_mask. This allows us to keep asan reports when closing target's stderr
llvm-svn: 271053
2016-05-27 21:46:22 +00:00
Richard Smith b62e7e31f7 Fix compilation with GCC, which treats this as a constructor name not a type
name. (GCC is correct here per the latest language DRs.)

llvm-svn: 271044
2016-05-27 21:05:35 +00:00
Dan Liew 8c11fce707 [LibFuzzer] Refactor declaration of tests in CMake.
Add a new CMake function (``add_libfuzzer_test()``) to simplify
declaration of executables for testing LibFuzzer and use it to
reorganise how tests are declared.

Note that configuration of the lit configuration files has been moved
as late as possible because we are going to need to disable some tests
for some platforms and we will need to propagate this information into
the lit configuration.

Note the code for custom mains was removed because no tests are
currently written for this and Kostya seems happy to remove this.

Differential Revision: http://reviews.llvm.org/D20706

llvm-svn: 270958
2016-05-27 03:14:40 +00:00
Kostya Serebryany 76dacb4ba9 [libFuzzer] make check-fuzzer a bit faster
llvm-svn: 270947
2016-05-27 01:12:21 +00:00
Kostya Serebryany 0edb563f27 [libFuzzer] make OOM-handling more portable. Instead of sending a signal to the main fuzzing thread, print the message in the getrusage thread and exit.
llvm-svn: 270945
2016-05-27 00:54:15 +00:00
Kostya Serebryany 8fc3a27c5c [libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid pointer to read from
llvm-svn: 270942
2016-05-27 00:21:33 +00:00
Kostya Serebryany d8384122a3 [libFuzzer] more refactoring around CurrentUnit. Also add a threading test on which we currently have a race (when reporting bugs from multiple threads)
llvm-svn: 270929
2016-05-26 22:17:32 +00:00
Dan Liew 9551fdd517 [LibFuzzer] Add missing #include<string>
This partially fixes the compilation of the LibFuzzer unit test
on OSX using AppleClang.

llvm-svn: 270926
2016-05-26 21:54:25 +00:00
Kostya Serebryany f26017baf9 [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFC
llvm-svn: 270922
2016-05-26 21:32:30 +00:00
Dan Liew c752a26428 [LibFuzzer] Emit error if LLVM_USE_SANITIZER is not correctly set.
Previously CMake would successfully configure and compile (with warnings
about ``-fsanitize-coverage=...`` being unused) but the tests LibFuzzer
tests would fail.

Differential Revision: http://reviews.llvm.org/D20662

llvm-svn: 270913
2016-05-26 20:55:09 +00:00
Dan Liew 676892a5d5 [LibFuzzer] Allow LibFuzzer to be built in modes other than RELEASE.
Previously the flags were only being set correctly when the
build type was "Release". Now the build should work properly
for all the supported build types. When building libFuzzer
the optimization level respects whatever is used for the
rest of LLVM but for the LibFuzzer tests we force -O0.

Differential Revision: http://reviews.llvm.org/D20558

llvm-svn: 270912
2016-05-26 20:55:05 +00:00
Kostya Serebryany 4b92326b17 [libFuzzer] when there is a leak in the existing corpus report the reproducer properly
llvm-svn: 270905
2016-05-26 20:25:49 +00:00
Kostya Serebryany f1f3f93c9e [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended
llvm-svn: 270900
2016-05-26 20:03:02 +00:00
Mike Aizatsky e66846ab32 [libfuzzer] replacing unittest for truncate_units with functional test.
Differential Revision: http://reviews.llvm.org/D20641

llvm-svn: 270755
2016-05-25 21:00:17 +00:00
Kostya Serebryany ff2e6badbd [libFuzzer] print stats if we crash on empty input
llvm-svn: 270639
2016-05-25 00:15:36 +00:00
Mike Aizatsky af432a45e3 [libfuzzer] Trying random unit prefixes during corpus load.
Differential Revision: http://reviews.llvm.org/D20301

llvm-svn: 270632
2016-05-24 23:14:29 +00:00
Kostya Serebryany c8bc8821cb [libFuzzer] add a license header to afl/afl_driver.cpp
llvm-svn: 270598
2016-05-24 19:05:25 +00:00
Dan Liew 11565444ca [LibFuzzer] Fix implementation of ``GetPeakRSSMb()`` on Mac OSX.
On Linux ``rusage.ru_maxrss`` is in KiB but on Mac OSX it is in bytes.

Differential Revision: http://reviews.llvm.org/D20410

llvm-svn: 270173
2016-05-20 01:37:54 +00:00
Dan Liew e6ac1fd089 [LibFuzzer] Fix ``NumberOfCpuCores()`` on Mac OSX.
The ``nprocs`` command does not exist under Mac OSX so use
``sysctl`` instead on that platform.

Whilst I'm here

* Use ``pclose()`` instead of ``fclose()`` which the ``popen()``
  documentation says should be used.
* Check for errors that were previously unhandled.

Differential Revision: http://reviews.llvm.org/D20409

llvm-svn: 270172
2016-05-20 01:30:36 +00:00
Dan Liew 3868e468fe [LibFuzzer]
Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX.

Under Mac OSX we intercept calls to malloc before thread local
storage is initialised leading to a crash when accessing
``AllocTracer``. To workaround this ``AllocTracer`` is only accessed
in the hook under Linux. For symmetry ``__sanitizer_free_hook()``
is also modified in the same way.

To support this change a set of new macros
LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be
used to check the target being compiled for.

Differential Revision: http://reviews.llvm.org/D20402

llvm-svn: 270145
2016-05-19 22:00:33 +00:00
Kostya Serebryany a0788e7dd4 [libFuzzer] do the merge faster and a bit less precise
llvm-svn: 269497
2016-05-13 22:11:23 +00:00
Kostya Serebryany 6289536922 [libFuzzer] print the file name before executing the input so that if there is a crash we know which files has caused it
llvm-svn: 269450
2016-05-13 18:10:33 +00:00
Kostya Serebryany 8b0d90a6d4 [libFuzzer] simplify FuzzerInterface.h
llvm-svn: 269448
2016-05-13 18:04:35 +00:00
Kostya Serebryany 781e8da888 [libFuzzer] add a driver file to use AFL on LLVMFuzzerTestOneInput
llvm-svn: 269141
2016-05-10 23:46:50 +00:00
Mike Aizatsky 1aa501e7e8 [libfuzzer] Refactoring coverage state-management code.
It is now less state-dependent and will allow easier comparing of
coverages of different units.

Differential Revision: http://reviews.llvm.org/D20085

llvm-svn: 269140
2016-05-10 23:43:15 +00:00
Kostya Serebryany ca9694ba2c [libFuzzer] add a test for libFuzzer+ubsan, extend the docs on using libFuzzer+ubsan
llvm-svn: 268968
2016-05-09 21:02:36 +00:00
Kostya Serebryany 61b07ac75b [libFuzzer] better document the -merge=1 flag
llvm-svn: 268957
2016-05-09 19:11:36 +00:00
Kostya Serebryany 8b8f7a3cda [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print the OOM reproducer.
llvm-svn: 268821
2016-05-06 23:38:07 +00:00
Kostya Serebryany 52b394e981 [libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMs
llvm-svn: 268807
2016-05-06 21:58:35 +00:00
Kostya Serebryany baf7fd0b16 [libFuzzer] print stats after running individual inputs
llvm-svn: 268547
2016-05-04 20:44:50 +00:00
Kostya Serebryany 2fe9304d62 [libFuzzer] enable detect_leaks=1, add proper docs
llvm-svn: 268088
2016-04-29 18:49:55 +00:00
Kostya Serebryany 0e0bcc4bdb [libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak [part 2]
llvm-svn: 267771
2016-04-27 19:52:56 +00:00
Kostya Serebryany 7018a1aaa4 [libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak
llvm-svn: 267770
2016-04-27 19:52:34 +00:00