Kostya Serebryany
8a56917492
[libFuzzer] fix -error_exitcode=N, now with a test
...
llvm-svn: 285958
2016-11-03 19:31:18 +00:00
Kostya Serebryany
bcfb0802e2
[libFuzzer] enable use_cmp by default
...
llvm-svn: 285353
2016-10-27 21:44:37 +00:00
Kostya Serebryany
94c427c23e
[libFuzzer] speculatively trying to fix the Mac build; second attempt
...
llvm-svn: 285262
2016-10-27 00:36:38 +00:00
Kostya Serebryany
3d945f6247
[libFuzzer] revert 285259 -- hit commit too soon
...
llvm-svn: 285260
2016-10-27 00:24:34 +00:00
Kostya Serebryany
15cd6b4b10
[libFuzzer] speculatively trying to fix the Mac build
...
llvm-svn: 285259
2016-10-27 00:22:39 +00:00
Kostya Serebryany
2fabecaee3
[libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once
...
llvm-svn: 285223
2016-10-26 18:52:04 +00:00
Kostya Serebryany
06b8757b57
[libFuzzer] simplify the code in TracePC::HandleTrace a bit more
...
llvm-svn: 285147
2016-10-26 00:42:52 +00:00
Kostya Serebryany
a5b2e54fcb
[libFuzzer] simplify the code to print new PCs
...
llvm-svn: 285145
2016-10-26 00:20:51 +00:00
Kostya Serebryany
275e260258
[libFuzzer] simplify the code in TracePC::HandleTrace
...
llvm-svn: 285142
2016-10-25 23:52:25 +00:00
Kostya Serebryany
117976818e
[libFuzzer] add StandaloneFuzzTargetMain.c and a test for it
...
llvm-svn: 285135
2016-10-25 22:30:34 +00:00
Kostya Serebryany
c48c93184a
[libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp
...
llvm-svn: 285109
2016-10-25 20:15:15 +00:00
Kostya Serebryany
3364f90783
[libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test
...
llvm-svn: 285049
2016-10-25 02:04:43 +00:00
Kostya Serebryany
65f102d4d2
[libFuzzer] mutation: insert the size of the input in bytes as one of the ways to mutate a binary integer
...
llvm-svn: 284909
2016-10-22 03:48:53 +00:00
Kostya Serebryany
10ae9e23a3
[libFuzzer] typo in a test
...
llvm-svn: 284903
2016-10-22 01:07:38 +00:00
Kostya Serebryany
2bfff021ad
[libFuzzer] add a test for asan's strict_string_checks=1
...
llvm-svn: 284902
2016-10-22 00:05:44 +00:00
Reid Kleckner
ac2a2a86e4
Fix -Wunused-variable warning in libFuzzer
...
llvm-svn: 284838
2016-10-21 16:26:27 +00:00
Kostya Serebryany
95b1a434d2
[libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files.
...
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp
Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
(need to implement another API to get the module name by PC)
llvm-svn: 284554
2016-10-19 00:12:03 +00:00
Kostya Serebryany
bb59ef77ca
[libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file)
...
llvm-svn: 284514
2016-10-18 18:38:08 +00:00
Kostya Serebryany
8dfed45cd4
[libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item
...
llvm-svn: 284508
2016-10-18 18:06:05 +00:00
Kostya Serebryany
9a4b10a56f
[libFuzzer] swap bytes in integers when handling CMP traces
...
llvm-svn: 284301
2016-10-15 04:00:07 +00:00
Kostya Serebryany
f9b8e8b117
[libFuzzer] better algorithm for -minimize_crash
...
llvm-svn: 284299
2016-10-15 01:00:24 +00:00
Kostya Serebryany
e450e40741
[libFuzzer] remove subdir fuzzer-test-suite as it is now superseded with https://github.com/google/fuzzer-test-suite
...
llvm-svn: 284275
2016-10-14 20:26:40 +00:00
Kostya Serebryany
a5f94fb6c9
[libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode
...
llvm-svn: 284273
2016-10-14 20:20:33 +00:00
Kostya Serebryany
0381374f96
[libFuzzer] more detailed message for disabled leak detection
...
llvm-svn: 284169
2016-10-13 22:24:10 +00:00
Kostya Serebryany
a17d23eaa7
[libFuzzer] add -trace_malloc= flag
...
llvm-svn: 284149
2016-10-13 19:06:46 +00:00
Kostya Serebryany
17d176e16b
[libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a fix for gcc build
...
llvm-svn: 284132
2016-10-13 16:19:09 +00:00
Daniel Jasper
90d990e034
Revert "[libFuzzer] refactoring to speed things up, NFC"
...
This reverts commit r283946.
This breaks when build with GCC:
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes]
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch
lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here
llvm-svn: 283979
2016-10-12 07:26:46 +00:00
Kostya Serebryany
a09d11e108
[libFuzzer] refactoring to speed things up, NFC
...
llvm-svn: 283946
2016-10-11 21:27:37 +00:00
Kostya Serebryany
d19919a80e
[libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it
...
llvm-svn: 283841
2016-10-11 01:14:41 +00:00
Kostya Serebryany
3e0e901a18
[libFuzzer] add switch tests
...
llvm-svn: 283840
2016-10-11 01:13:32 +00:00
Kostya Serebryany
7abb95d3b3
[libFuzzer] make a test less flaky
...
llvm-svn: 283686
2016-10-09 03:45:38 +00:00
Kostya Serebryany
c5325ed29d
[libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process
...
llvm-svn: 283682
2016-10-08 23:24:45 +00:00
Kostya Serebryany
9adc7c8b4a
[libFuzzer] control the reload interval by a flag, make it 10 seconds by default
...
llvm-svn: 283676
2016-10-08 22:12:14 +00:00
Kostya Serebryany
cd04ec25dd
[libFuzzer] fix use-after-free in libFuzzer found by ... fuzzing.
...
llvm-svn: 283675
2016-10-08 21:57:48 +00:00
Kostya Serebryany
936b1e774f
[libFuzzer] be more careful with memory usage, print peak rss in status lines
...
llvm-svn: 283418
2016-10-06 05:14:00 +00:00
Kostya Serebryany
3b564e9765
[libFuzzer] when re-running for lsan, don't look at the coverage
...
llvm-svn: 283411
2016-10-05 23:31:01 +00:00
Kostya Serebryany
1c73f1bf27
[libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.
...
llvm-svn: 283409
2016-10-05 22:56:21 +00:00
Kostya Serebryany
379359c53a
[libFuzzer] add ShrinkValueProfileTest, move code around, NFC
...
llvm-svn: 283286
2016-10-05 01:09:40 +00:00
Kostya Serebryany
2455f0d013
[libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines
...
llvm-svn: 283279
2016-10-05 00:25:17 +00:00
Kostya Serebryany
4820cc988f
[libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway
...
llvm-svn: 283187
2016-10-04 06:08:46 +00:00
Kostya Serebryany
5a52a11ce4
[libFuzzer] change the probabilities so that we choose only the inputs that are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now)
...
llvm-svn: 283178
2016-10-04 01:51:44 +00:00
Kostya Serebryany
a5f1adab56
[libFuzzer] add fuzzer test for libxml2, finds https://bugzilla.gnome.org/show_bug.cgi?id=751631
...
llvm-svn: 283024
2016-10-01 07:37:40 +00:00
Kostya Serebryany
d1f31d0a49
[libFuzzer] fix a recent bugs (buffer overflow)
...
llvm-svn: 283021
2016-10-01 07:13:25 +00:00
Kostya Serebryany
d216922a80
[libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default
...
llvm-svn: 282995
2016-10-01 01:04:29 +00:00
Kostya Serebryany
90f8f36bca
[libFuzzer] remove some experimental code
...
llvm-svn: 282983
2016-09-30 23:29:27 +00:00
Kostya Serebryany
7022b94687
[libFuzzer] fix openssl fuzzer tests when running on a machine w/o openssl installed
...
llvm-svn: 282972
2016-09-30 22:35:08 +00:00
Kostya Serebryany
e7e790bad6
[libFuzzer] remove unused option
...
llvm-svn: 282971
2016-09-30 22:29:57 +00:00
Kostya Serebryany
b7e7a5473d
[libFuzzer] move common parts of shell scripts into a separate file
...
llvm-svn: 282954
2016-09-30 21:12:30 +00:00
Kostya Serebryany
cfa31b6307
[libFuzzer] add a fuzzer test that finds CVE-2015-3193
...
llvm-svn: 282892
2016-09-30 18:16:16 +00:00
Kostya Serebryany
cad612a472
[libfuzzer] test for c-ares CVE-2016-5180
...
llvm-svn: 282839
2016-09-30 05:15:45 +00:00