llvm-project

Commit Graph

Author	SHA1	Message	Date
Kostya Serebryany	6f5a804cdb	[libFuzzer] refactoring: split the large header into many; NFC llvm-svn: 282044	2016-09-21 01:50:50 +00:00
Kostya Serebryany	09aa01a6f8	[libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features llvm-svn: 282042	2016-09-21 01:04:43 +00:00
Kostya Serebryany	b706b481ba	[libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer llvm-svn: 281866	2016-09-18 21:47:08 +00:00
Kostya Serebryany	4529960a3b	[libFuzzer] don't print help for internal flags llvm-svn: 281124	2016-09-10 00:35:30 +00:00
Kostya Serebryany	5c04bd250e	[libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better llvm-svn: 281007	2016-09-09 01:17:03 +00:00
Kostya Serebryany	e2d0f63654	[libFuzzer] add -minimize_crash flag (to minimize crashers). also add two tests that I failed to commit last time llvm-svn: 280332	2016-09-01 01:22:27 +00:00
Kostya Serebryany	a016a45d60	[libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow llvm-svn: 280098	2016-08-30 14:52:05 +00:00
Kostya Serebryany	0f0fa4faf2	[libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787	2016-08-25 22:35:08 +00:00
Kostya Serebryany	d46a59fac4	[libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. llvm-svn: 278839	2016-08-16 19:33:51 +00:00
Kostya Serebryany	bdb220c7a0	[libFuzzer] print a verbose message after executing inputs in non-fuzzing mode llvm-svn: 278724	2016-08-15 19:44:04 +00:00
Kostya Serebryany	c135b55ae0	[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp llvm-svn: 275648	2016-07-15 23:27:19 +00:00
Mike Aizatsky	f0b3e85f4e	[libfuzzer] moving is_ascii handler inside mutation dispatcher. Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611	2016-06-23 20:44:48 +00:00
Kostya Serebryany	042d1a7b04	[libFuzzer] make the single-run output more reliable llvm-svn: 272998	2016-06-17 13:07:06 +00:00
Dan Liew	1873a496e2	[LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions`` This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072	2016-06-07 23:32:50 +00:00
Mike Aizatsky	1f88b12272	[libfuzzer] prune_corpus option for disabling pruning during the load. Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035	2016-06-07 18:16:32 +00:00
Dan Liew	d3c33116fd	[LibFuzzer] Reimplement how the optional user functions are called. The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491	2016-06-02 05:48:02 +00:00
Kostya Serebryany	f817731a19	[libFuzzer] when an invalid flag is given, warn, but don't crash llvm-svn: 271404	2016-06-01 16:41:12 +00:00
Mike Aizatsky	af432a45e3	[libfuzzer] Trying random unit prefixes during corpus load. Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632	2016-05-24 23:14:29 +00:00
Kostya Serebryany	6289536922	[libFuzzer] print the file name before executing the input so that if there is a crash we know which files has caused it llvm-svn: 269450	2016-05-13 18:10:33 +00:00
Kostya Serebryany	8b8f7a3cda	[libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print the OOM reproducer. llvm-svn: 268821	2016-05-06 23:38:07 +00:00
Kostya Serebryany	52b394e981	[libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMs llvm-svn: 268807	2016-05-06 21:58:35 +00:00
Kostya Serebryany	baf7fd0b16	[libFuzzer] print stats after running individual inputs llvm-svn: 268547	2016-05-04 20:44:50 +00:00
Kostya Serebryany	1bfd583d82	[libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, it will help finding leaks while fuzzing llvm-svn: 266838	2016-04-20 00:24:21 +00:00
Kostya Serebryany	09087bba4d	[libFuzzer] warn if the corpus is empty llvm-svn: 266670	2016-04-18 21:14:11 +00:00
Mehdi Amini	b550cb1750	[NFC] Header cleanup Removed some unused headers, replaced some headers with forward class declarations. Found using simple scripts like this one: clear && ack --cpp -l '#include "llvm/ADT/IndexedMap.h"' \| xargs grep -L 'IndexedMap[<]' \| xargs grep -n --color=auto 'IndexedMap' Patch by Eugene Kosov <claprix@yandex.ru> Differential Revision: http://reviews.llvm.org/D19219 From: Mehdi Amini <mehdi.amini@apple.com> llvm-svn: 266595	2016-04-18 09:17:29 +00:00
Kostya Serebryany	b60397f54c	[libFuzzer] add a better warning for command line flags with -- (two dashes) llvm-svn: 266480	2016-04-15 21:56:29 +00:00
Hans Wennborg	e631996350	Remove redundant .c_str(), as suggested by PR25633 llvm-svn: 265988	2016-04-11 20:35:17 +00:00
Kostya Serebryany	f389ae12c1	[libFuzzer] handle SIGTERM llvm-svn: 264338	2016-03-24 21:03:58 +00:00
Kostya Serebryany	49e409068a	[libFuzzer] add a flag close_fd_mask so that we can silence spammy targets by closing stderr/stdout llvm-svn: 263831	2016-03-18 20:58:29 +00:00
Kostya Serebryany	945761b8c2	[libFuzzer] improve -merge functionality llvm-svn: 263769	2016-03-18 00:23:29 +00:00
Kostya Serebryany	c5575aabd6	[libFuzzer] deprecate several flags llvm-svn: 263739	2016-03-17 19:59:39 +00:00
Kostya Serebryany	0c5e3af862	[libFuzzer] use max_len exactly equal to the max size of input. Fix 32-bit build llvm-svn: 263518	2016-03-15 01:28:00 +00:00
Kostya Serebryany	64d24578d8	[libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes. llvm-svn: 263323	2016-03-12 01:57:04 +00:00
Kostya Serebryany	5c3701c621	[libFuzzer] log less when re-loading files; fix a silly bug: when running single files actually run all of them, not just the first one llvm-svn: 262754	2016-03-04 22:35:40 +00:00
Kostya Serebryany	3d95dd9149	[libFuzzer] deprecate exit_on_first flag llvm-svn: 262417	2016-03-01 22:33:14 +00:00
Kostya Serebryany	228d5b1ce4	[libFuzzer] add generic signal handlers so that libFuzzer can report at least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. llvm-svn: 262415	2016-03-01 22:19:21 +00:00
Kostya Serebryany	66ff0756e4	[libFuzzer] add -print_final_stats=1 flag llvm-svn: 262084	2016-02-26 22:42:23 +00:00
Kostya Serebryany	a35f7d383f	[libFuzzer] only read MaxLen bytes from every file in the corpus to speedup loading the corpus llvm-svn: 261267	2016-02-18 21:49:10 +00:00
Kostya Serebryany	8a5bef0fcf	[libFuzzer] remove std::vector operations from hot paths, NFC llvm-svn: 260829	2016-02-13 17:56:51 +00:00
Kostya Serebryany	29bcb9f54e	[libFuzzer] remove the C++-ish variant of FuzzerDriver from the interface llvm-svn: 260801	2016-02-13 03:59:26 +00:00
Kostya Serebryany	7ec0c56e07	[libFuzzer] get rid of UserSuppliedFuzzer; NFC llvm-svn: 260798	2016-02-13 03:25:16 +00:00
Kostya Serebryany	a399221c32	[libFuzzer] simplify the code around Random. NFC llvm-svn: 260797	2016-02-13 03:00:53 +00:00
Kostya Serebryany	ecab57b3ce	[libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea). llvm-svn: 260796	2016-02-13 02:39:30 +00:00
Kostya Serebryany	9d14e4bb15	[libFuzzer] make -runs=N flag also affect the simple runner (will execute every input N times) llvm-svn: 260649	2016-02-12 02:32:03 +00:00
Kostya Serebryany	bfbe7fc404	[libFuzzer] allow passing 1 or more files as individual inputs llvm-svn: 259459	2016-02-02 03:03:47 +00:00
Kostya Serebryany	54a6363a8f	[libFuzzer] add -timeout_exitcode option llvm-svn: 259265	2016-01-29 23:30:07 +00:00
Kostya Serebryany	9768e7f06b	[libFuzzer] add -abort_on_timeout option llvm-svn: 258631	2016-01-23 19:34:19 +00:00
Kostya Serebryany	311f27c0a8	[libFuzzer] use std::mt19937 for generating random numbers by default. Fix MyStoll to handle negative values. Use std::any_of instead of std::find_if llvm-svn: 258178	2016-01-19 20:33:57 +00:00
Kostya Serebryany	476f0ce31a	[libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path llvm-svn: 257985	2016-01-16 03:53:32 +00:00
Kostya Serebryany	ae5b9567bc	[libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) llvm-svn: 257873	2016-01-15 06:24:05 +00:00

1 2

98 Commits