maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
247,675 Commits 23 Branches 0 Tags 2.2 GiB
Commit Graph

52 Commits

Author SHA1 Message Date
Kostya Serebryany c48c93184a [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp 
llvm-svn: 285109
 2016-10-25 20:15:15 +00:00
Kostya Serebryany 3364f90783 [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test 
llvm-svn: 285049
 2016-10-25 02:04:43 +00:00
Kostya Serebryany 65f102d4d2 [libFuzzer] mutation: insert the size of the input in bytes as one of the ways to mutate a binary integer 
llvm-svn: 284909
 2016-10-22 03:48:53 +00:00
Kostya Serebryany 9a4b10a56f [libFuzzer] swap bytes in integers when handling CMP traces 
llvm-svn: 284301
 2016-10-15 04:00:07 +00:00
Kostya Serebryany a5f94fb6c9 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
llvm-svn: 284273
 2016-10-14 20:20:33 +00:00
Kostya Serebryany 624f59f4d8 [libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings 
llvm-svn: 282129
 2016-09-22 01:34:58 +00:00
Kostya Serebryany 29bb664075 [libFuzzer] add stats to the corpus; more refactoring 
llvm-svn: 282121
 2016-09-21 22:42:17 +00:00
Kostya Serebryany 556894fb10 [libFuzzer] more refactoring; NFC 
llvm-svn: 282047
 2016-09-21 02:05:39 +00:00
Kostya Serebryany 6f5a804cdb [libFuzzer] refactoring: split the large header into many; NFC 
llvm-svn: 282044
 2016-09-21 01:50:50 +00:00
Kostya Serebryany a533e514b8 [libFuzzer] fix the non-debug build warnings 
llvm-svn: 279321
 2016-08-19 20:57:09 +00:00
Kostya Serebryany e72774dd69 [libFuzzer] given 0 and 255 more preference when inserting repeated bytes 
llvm-svn: 278986
 2016-08-17 21:50:54 +00:00
Kostya Serebryany 0c537b124c [libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage from r278970 
llvm-svn: 278982
 2016-08-17 21:30:30 +00:00
Justin Bogner cd1d5aaf2e Replace a few more "fall through" comments with LLVM_FALLTHROUGH 
Follow up to r278902. I had missed "fall through", with a space.

llvm-svn: 278970
 2016-08-17 20:30:52 +00:00
Kostya Serebryany a7398ba024 [libFuzzer] more mutations 
llvm-svn: 278950
 2016-08-17 18:10:42 +00:00
Kostya Serebryany dfbe59b03d [libFuzzer] add InsertRepeatedBytes and EraseBytes. 
New mutation: InsertRepeatedBytes.
Updated mutation: EraseByte => EraseBytes.

This helps https://github.com/google/sanitizers/issues/710
where libFuzzer was not able to find a known bug.
Now it finds it in minutes.

Hopefully, the change is general enough to help other targets.

llvm-svn: 278687
 2016-08-15 17:48:28 +00:00
Kostya Serebryany c135b55ae0 [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp 
llvm-svn: 275648
 2016-07-15 23:27:19 +00:00
Mike Aizatsky f0b3e85f4e [libfuzzer] moving is_ascii handler inside mutation dispatcher. 
Summary: It also fixes a bug, when first random might not be ascii.

Differential Revision: http://reviews.llvm.org/D21573

llvm-svn: 273611
 2016-06-23 20:44:48 +00:00
Dan Liew 1873a496e2 [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions`` 
This fixes linking problems on OSX.

Unfortunately it turns out we need to use an instance of the
``fuzzer::ExternalFunctions`` object in several places so this
commit also replaces all instances with a single global instance.

It also turns out initializing a global ``fuzzer::ExternalFunctions``
before main is entered (i.e. letting the object be initialised by the
global initializers) is not safe (on OSX the call to ``Printf()`` in the
CTOR crashes if it is called from a global initializer) so we instead
have a global ``fuzzer::ExternalFunctions*`` and initialize it inside
``FuzzerDriver()``.

Multiple unit tests depend also depend on the
``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been
added that initializes it before running any tests.

Differential Revision: http://reviews.llvm.org/D20943

llvm-svn: 272072
 2016-06-07 23:32:50 +00:00
Mike Aizatsky 41d6683c39 [libfuzzer] custom crossover interface function. 
Differential Revision: http://reviews.llvm.org/D21089

llvm-svn: 272054
 2016-06-07 20:22:15 +00:00
Mike Aizatsky 70fd3e412a [libfuzzer] hiding custom mutator handling in MutationDispatcher. 
Summary: Refactoring, no functional changes.

Differential Revision: http://reviews.llvm.org/D20975

llvm-svn: 271740
 2016-06-03 21:34:29 +00:00
Kostya Serebryany 8a5bef0fcf [libFuzzer] remove std::vector operations from hot paths, NFC 
llvm-svn: 260829
 2016-02-13 17:56:51 +00:00
Kostya Serebryany 1deb0498f5 [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast 
llvm-svn: 260810
 2016-02-13 06:24:18 +00:00
Kostya Serebryany 23194963f7 [libFuzzer] simplify CTOR of MutationDispatcher 
llvm-svn: 260800
 2016-02-13 03:46:26 +00:00
Kostya Serebryany 292cf0379c [libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC) 
llvm-svn: 260799
 2016-02-13 03:37:24 +00:00
Kostya Serebryany 7ec0c56e07 [libFuzzer] get rid of UserSuppliedFuzzer; NFC 
llvm-svn: 260798
 2016-02-13 03:25:16 +00:00
Kostya Serebryany a399221c32 [libFuzzer] simplify the code around Random. NFC 
llvm-svn: 260797
 2016-02-13 03:00:53 +00:00
Kostya Serebryany 160dcba81f [libFuzzer] add more fields to DictionaryEntry to count the number of uses and successes 
llvm-svn: 258589
 2016-01-22 23:55:14 +00:00
Kostya Serebryany 2f13f223c7 [libFuzzer] don't use std::vector in one more hot path 
llvm-svn: 258380
 2016-01-21 01:52:14 +00:00
Kostya Serebryany 311f27c0a8 [libFuzzer] use std::mt19937 for generating random numbers by default. Fix MyStoll to handle negative values. Use std::any_of instead of std::find_if 
llvm-svn: 258178
 2016-01-19 20:33:57 +00:00
Kostya Serebryany 476f0ce31a [libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path 
llvm-svn: 257985
 2016-01-16 03:53:32 +00:00
Kostya Serebryany 4b35874b2a [libFuzzer] suggest a dictionary to the user of some of the trace-based dictionary entries were successful 
llvm-svn: 257736
 2016-01-14 02:36:44 +00:00
Kostya Serebryany 4174005622 [libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries 
llvm-svn: 257435
 2016-01-12 02:36:59 +00:00
Kostya Serebryany b65805a939 [libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary 
llvm-svn: 257248
 2016-01-09 03:08:58 +00:00
Kostya Serebryany 152ac7ad70 [libFuzzer] add a position hint to the dictionary-based mutator 
llvm-svn: 257013
 2016-01-07 01:49:35 +00:00
Kostya Serebryany 80eb76abf4 [libFuzzer] extend the dictionary mutator to optionally overwrite data with the dict entry 
llvm-svn: 256900
 2016-01-06 02:13:04 +00:00
Kostya Serebryany 27ab2d759f [libFuzzer] make CrossOver just one of the other mutations 
llvm-svn: 256081
 2015-12-19 02:49:09 +00:00
Kostya Serebryany 14c50288cc [libFuzzer] print successfull mutations sequences 
llvm-svn: 256071
 2015-12-19 01:09:49 +00:00
Kostya Serebryany 3b804877fd [libFuzzer] fix 32-bit build 
llvm-svn: 249646
 2015-10-08 00:59:25 +00:00
Kostya Serebryany 25425ad920 [libFuzzer] add one more mutator: Mutate_ChangeASCIIInteger 
llvm-svn: 247027
 2015-09-08 17:19:31 +00:00
Kostya Serebryany b2e9897644 [libFuzzer] when a single mutation fails try a few more times with other mutations before returning un-mutated data 
llvm-svn: 246828
 2015-09-04 00:40:29 +00:00
Kostya Serebryany 7d21166218 [libFuzzer] actually make the dictionaries work (+docs) 
llvm-svn: 246825
 2015-09-04 00:12:11 +00:00
Kostya Serebryany ec2dcb1d91 [libFuzzer] refactor the mutation functions so that they are now methods of a class. NFC 
llvm-svn: 246808
 2015-09-03 21:24:19 +00:00
Kostya Serebryany bf29ff2fa5 [libFuzzer] add one more mutation strategy: byte shuffling 
llvm-svn: 244188
 2015-08-06 01:29:13 +00:00
Kostya Serebryany 86a5fba71d [libFuzzer] more refactoring of the Mutator and adding tests to it 
llvm-svn: 243818
 2015-08-01 02:23:06 +00:00
Kostya Serebryany 8ce7424e9c [libFuzzer] start refactoring the Mutator and adding tests to it 
llvm-svn: 243817
 2015-08-01 01:42:51 +00:00
Kostya Serebryany 404c69f2c8 [libFuzzer] allow users to supply their own implementation of rand 
llvm-svn: 243078
 2015-07-24 01:06:40 +00:00
Kostya Serebryany f342459aa4 [lib/Fuzzer] extend the fuzzer interface to allow user-supplied mutators 
llvm-svn: 238059
 2015-05-22 22:35:31 +00:00
Kostya Serebryany 2117269dd1 [fuzzer] properly annotate fallthrough, add one more entry to FAQ 
llvm-svn: 229880
 2015-02-19 18:21:12 +00:00
Kostya Serebryany 5b266a8a23 [fuzzer] make multi-process execution more verbose; fix mutation to actually respect mutation depth and to never produce empty units 
llvm-svn: 228170
 2015-02-04 19:10:20 +00:00
Aaron Ballman ef11698cac Reverting r227452, which adds back the fuzzer library. Now excluding the fuzzer library based on LLVM_USE_SANITIZE_COVERAGE being set or unset. 
llvm-svn: 227464
 2015-01-29 16:58:29 +00:00