maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
247,675 Commits 23 Branches 0 Tags 2.2 GiB
Commit Graph

455 Commits

Author SHA1 Message Date
Kostya Serebryany 6c77811a29 [libFuzzer] replace 'auto' with 'auto *' to better follow the LLVM style 
llvm-svn: 286870
 2016-11-14 19:21:38 +00:00
Kostya Serebryany 53c894d257 [libFuzzer] use a valid ASCII string for a dummy seed corpus 
llvm-svn: 286702
 2016-11-12 02:27:21 +00:00
Kostya Serebryany fc1c405f98 [libFuzzer] use less stack 
llvm-svn: 286689
 2016-11-12 00:24:35 +00:00
Kostya Serebryany 235679181b [libFuzzer] do not initialize parts of TracePC -- let them be initialized by the linker. Add no-msan attribute to the memcmp hook. 
llvm-svn: 286665
 2016-11-11 23:06:53 +00:00
Kostya Serebryany 8a56917492 [libFuzzer] fix -error_exitcode=N, now with a test 
llvm-svn: 285958
 2016-11-03 19:31:18 +00:00
Kostya Serebryany bcfb0802e2 [libFuzzer] enable use_cmp by default 
llvm-svn: 285353
 2016-10-27 21:44:37 +00:00
Kostya Serebryany 94c427c23e [libFuzzer] speculatively trying to fix the Mac build; second attempt 
llvm-svn: 285262
 2016-10-27 00:36:38 +00:00
Kostya Serebryany 3d945f6247 [libFuzzer] revert 285259 -- hit commit too soon 
llvm-svn: 285260
 2016-10-27 00:24:34 +00:00
Kostya Serebryany 15cd6b4b10 [libFuzzer] speculatively trying to fix the Mac build 
llvm-svn: 285259
 2016-10-27 00:22:39 +00:00
Kostya Serebryany 2fabecaee3 [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once 
llvm-svn: 285223
 2016-10-26 18:52:04 +00:00
Kostya Serebryany 06b8757b57 [libFuzzer] simplify the code in TracePC::HandleTrace a bit more 
llvm-svn: 285147
 2016-10-26 00:42:52 +00:00
Kostya Serebryany a5b2e54fcb [libFuzzer] simplify the code to print new PCs 
llvm-svn: 285145
 2016-10-26 00:20:51 +00:00
Kostya Serebryany 275e260258 [libFuzzer] simplify the code in TracePC::HandleTrace 
llvm-svn: 285142
 2016-10-25 23:52:25 +00:00
Kostya Serebryany 117976818e [libFuzzer] add StandaloneFuzzTargetMain.c and a test for it 
llvm-svn: 285135
 2016-10-25 22:30:34 +00:00
Kostya Serebryany c48c93184a [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp 
llvm-svn: 285109
 2016-10-25 20:15:15 +00:00
Kostya Serebryany 3364f90783 [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test 
llvm-svn: 285049
 2016-10-25 02:04:43 +00:00
Kostya Serebryany 65f102d4d2 [libFuzzer] mutation: insert the size of the input in bytes as one of the ways to mutate a binary integer 
llvm-svn: 284909
 2016-10-22 03:48:53 +00:00
Kostya Serebryany 10ae9e23a3 [libFuzzer] typo in a test 
llvm-svn: 284903
 2016-10-22 01:07:38 +00:00
Kostya Serebryany 2bfff021ad [libFuzzer] add a test for asan's strict_string_checks=1 
llvm-svn: 284902
 2016-10-22 00:05:44 +00:00
Reid Kleckner ac2a2a86e4 Fix -Wunused-variable warning in libFuzzer 
llvm-svn: 284838
 2016-10-21 16:26:27 +00:00
Kostya Serebryany 95b1a434d2 [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files. 
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp

Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
  (need to implement another API to get the module name by PC)

llvm-svn: 284554
 2016-10-19 00:12:03 +00:00
Kostya Serebryany bb59ef77ca [libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file) 
llvm-svn: 284514
 2016-10-18 18:38:08 +00:00
Kostya Serebryany 8dfed45cd4 [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item 
llvm-svn: 284508
 2016-10-18 18:06:05 +00:00
Kostya Serebryany 9a4b10a56f [libFuzzer] swap bytes in integers when handling CMP traces 
llvm-svn: 284301
 2016-10-15 04:00:07 +00:00
Kostya Serebryany f9b8e8b117 [libFuzzer] better algorithm for -minimize_crash 
llvm-svn: 284299
 2016-10-15 01:00:24 +00:00
Kostya Serebryany e450e40741 [libFuzzer] remove subdir fuzzer-test-suite as it is now superseded with https://github.com/google/fuzzer-test-suite 
llvm-svn: 284275
 2016-10-14 20:26:40 +00:00
Kostya Serebryany a5f94fb6c9 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
llvm-svn: 284273
 2016-10-14 20:20:33 +00:00
Kostya Serebryany 0381374f96 [libFuzzer] more detailed message for disabled leak detection 
llvm-svn: 284169
 2016-10-13 22:24:10 +00:00
Kostya Serebryany a17d23eaa7 [libFuzzer] add -trace_malloc= flag 
llvm-svn: 284149
 2016-10-13 19:06:46 +00:00
Kostya Serebryany 17d176e16b [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a fix for gcc build 
llvm-svn: 284132
 2016-10-13 16:19:09 +00:00
Daniel Jasper 90d990e034 Revert "[libFuzzer] refactoring to speed things up, NFC" 
This reverts commit r283946.

This breaks when build with GCC:
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes]
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch
lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here

llvm-svn: 283979
 2016-10-12 07:26:46 +00:00
Kostya Serebryany a09d11e108 [libFuzzer] refactoring to speed things up, NFC 
llvm-svn: 283946
 2016-10-11 21:27:37 +00:00
Kostya Serebryany d19919a80e [libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it 
llvm-svn: 283841
 2016-10-11 01:14:41 +00:00
Kostya Serebryany 3e0e901a18 [libFuzzer] add switch tests 
llvm-svn: 283840
 2016-10-11 01:13:32 +00:00
Kostya Serebryany 7abb95d3b3 [libFuzzer] make a test less flaky 
llvm-svn: 283686
 2016-10-09 03:45:38 +00:00
Kostya Serebryany c5325ed29d [libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process 
llvm-svn: 283682
 2016-10-08 23:24:45 +00:00
Kostya Serebryany 9adc7c8b4a [libFuzzer] control the reload interval by a flag, make it 10 seconds by default 
llvm-svn: 283676
 2016-10-08 22:12:14 +00:00
Kostya Serebryany cd04ec25dd [libFuzzer] fix use-after-free in libFuzzer found by ... fuzzing. 
llvm-svn: 283675
 2016-10-08 21:57:48 +00:00
Kostya Serebryany 936b1e774f [libFuzzer] be more careful with memory usage, print peak rss in status lines 
llvm-svn: 283418
 2016-10-06 05:14:00 +00:00
Kostya Serebryany 3b564e9765 [libFuzzer] when re-running for lsan, don't look at the coverage 
llvm-svn: 283411
 2016-10-05 23:31:01 +00:00
Kostya Serebryany 1c73f1bf27 [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
llvm-svn: 283409
 2016-10-05 22:56:21 +00:00
Kostya Serebryany 379359c53a [libFuzzer] add ShrinkValueProfileTest, move code around, NFC 
llvm-svn: 283286
 2016-10-05 01:09:40 +00:00
Kostya Serebryany 2455f0d013 [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines 
llvm-svn: 283279
 2016-10-05 00:25:17 +00:00
Kostya Serebryany 4820cc988f [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway 
llvm-svn: 283187
 2016-10-04 06:08:46 +00:00
Kostya Serebryany 5a52a11ce4 [libFuzzer] change the probabilities so that we choose only the inputs that are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now) 
llvm-svn: 283178
 2016-10-04 01:51:44 +00:00
Kostya Serebryany a5f1adab56 [libFuzzer] add fuzzer test for libxml2, finds https://bugzilla.gnome.org/show_bug.cgi?id=751631 
llvm-svn: 283024
 2016-10-01 07:37:40 +00:00
Kostya Serebryany d1f31d0a49 [libFuzzer] fix a recent bugs (buffer overflow) 
llvm-svn: 283021
 2016-10-01 07:13:25 +00:00
Kostya Serebryany d216922a80 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default 
llvm-svn: 282995
 2016-10-01 01:04:29 +00:00
Kostya Serebryany 90f8f36bca [libFuzzer] remove some experimental code 
llvm-svn: 282983
 2016-09-30 23:29:27 +00:00
Kostya Serebryany 7022b94687 [libFuzzer] fix openssl fuzzer tests when running on a machine w/o openssl installed 
llvm-svn: 282972
 2016-09-30 22:35:08 +00:00