maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
249,867 Commits 23 Branches 0 Tags 2.2 GiB
Commit Graph

253 Commits

Author SHA1 Message Date
Kostya Serebryany 628b43aab6 [libFuzzer] enable the failure-resistant merge by default (with trace-pc-guard only) 
llvm-svn: 289772
 2016-12-15 06:21:21 +00:00
Marcos Pividori 64d4147396 [libFuzzer] Fix bug in detecting timeouts when input string is empty. 
I added a new flag RunningCB to know if the Fuzzer's main thread is
running the CB function, instead of using (!CurrentUnitSize).
(!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp,
inside ShuffleAndMinimize() function, we execute the callback with an
empty string (size=0). Previous implementation failed to detect timeouts
in that execution.
Also, I add a regression test for that case.

Differential Revision: https://reviews.llvm.org/D27433

llvm-svn: 289561
 2016-12-13 17:46:25 +00:00
Kostya Serebryany a31300e789 [libFuzzer] don't require extra flags with -minimize_crash=1 (default to -max_total_time=600). Also respect exact_artifact_path when outputting the end result 
llvm-svn: 289506
 2016-12-13 00:40:47 +00:00
Kostya Serebryany 092d5764a1 [libFuzzer] split one slow test into several, for more parallel testing 
llvm-svn: 289481
 2016-12-12 22:55:25 +00:00
Kostya Serebryany a4b43bf8e8 [libFuzzer] make SimpleCmpTest a bit simpler to crack and more verbose 
llvm-svn: 289477
 2016-12-12 22:39:33 +00:00
Kostya Serebryany 035af9b346 [libFuzzer] build libFuzzer itself with asan 
llvm-svn: 289469
 2016-12-12 20:58:10 +00:00
Kostya Serebryany d4be88913e [libFuzzer] respect -max_len during merge 
llvm-svn: 289467
 2016-12-12 20:39:35 +00:00
Kostya Serebryany 441e6310ae [libFuzzer] don't depend on time in a test 
llvm-svn: 289368
 2016-12-11 06:28:09 +00:00
Kostya Serebryany c05cb60369 [libFuzzer] test cleanup (3) 
llvm-svn: 289314
 2016-12-10 02:48:42 +00:00
Kostya Serebryany 832d39e9cc [libFuzzer] test cleanup (2) 
llvm-svn: 289313
 2016-12-10 02:47:00 +00:00
Kostya Serebryany 2f962fe5f7 [libFuzzer] test cleanup 
llvm-svn: 289312
 2016-12-10 02:45:56 +00:00
Kostya Serebryany 61be0f947d [libFuzzer] switch all libFuzzer tests to use -fsanitize-coverage=trace-pc-guard. Support for the previosly used instrumentation will be removed in the following changes 
llvm-svn: 289311
 2016-12-10 02:26:23 +00:00
Kostya Serebryany 111e1d69e3 [libFuzzer] implement crash-resistant merge (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). 
llvm-svn: 289166
 2016-12-09 01:17:24 +00:00
Kostya Serebryany 09f4fa5200 [libFuzzer] add a test for r288389 (-rss_limit_mb=0 means no limit). 
llvm-svn: 288392
 2016-12-01 18:02:07 +00:00
Kostya Serebryany b66cb88c2e revert r288283 as it causes debug info (line numbers) to be lost in instrumented code. also revert r288299 which was a workaround for the problem. 
llvm-svn: 288300
 2016-12-01 02:06:56 +00:00
Kostya Serebryany 73f438ef9a [libFuzzer] temporary disable a part of the test broken by r288283 
llvm-svn: 288299
 2016-12-01 01:33:44 +00:00
Kostya Serebryany 05f7791fbf [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit 
llvm-svn: 288281
 2016-11-30 22:39:35 +00:00
Kostya Serebryany 1cba0a96e7 [libFuzzer] extend -print_coverage to print the comma-separated list of covered dirs. Note: the Windows stub for DirName is left unimplemented 
llvm-svn: 288276
 2016-11-30 21:53:32 +00:00
Kostya Serebryany fc1c405f98 [libFuzzer] use less stack 
llvm-svn: 286689
 2016-11-12 00:24:35 +00:00
Kostya Serebryany 8a56917492 [libFuzzer] fix -error_exitcode=N, now with a test 
llvm-svn: 285958
 2016-11-03 19:31:18 +00:00
Kostya Serebryany bcfb0802e2 [libFuzzer] enable use_cmp by default 
llvm-svn: 285353
 2016-10-27 21:44:37 +00:00
Kostya Serebryany 117976818e [libFuzzer] add StandaloneFuzzTargetMain.c and a test for it 
llvm-svn: 285135
 2016-10-25 22:30:34 +00:00
Kostya Serebryany c48c93184a [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp 
llvm-svn: 285109
 2016-10-25 20:15:15 +00:00
Kostya Serebryany 3364f90783 [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test 
llvm-svn: 285049
 2016-10-25 02:04:43 +00:00
Kostya Serebryany 65f102d4d2 [libFuzzer] mutation: insert the size of the input in bytes as one of the ways to mutate a binary integer 
llvm-svn: 284909
 2016-10-22 03:48:53 +00:00
Kostya Serebryany 10ae9e23a3 [libFuzzer] typo in a test 
llvm-svn: 284903
 2016-10-22 01:07:38 +00:00
Kostya Serebryany 2bfff021ad [libFuzzer] add a test for asan's strict_string_checks=1 
llvm-svn: 284902
 2016-10-22 00:05:44 +00:00
Kostya Serebryany 95b1a434d2 [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files. 
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp

Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
  (need to implement another API to get the module name by PC)

llvm-svn: 284554
 2016-10-19 00:12:03 +00:00
Kostya Serebryany bb59ef77ca [libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file) 
llvm-svn: 284514
 2016-10-18 18:38:08 +00:00
Kostya Serebryany 9a4b10a56f [libFuzzer] swap bytes in integers when handling CMP traces 
llvm-svn: 284301
 2016-10-15 04:00:07 +00:00
Kostya Serebryany a5f94fb6c9 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
llvm-svn: 284273
 2016-10-14 20:20:33 +00:00
Kostya Serebryany a17d23eaa7 [libFuzzer] add -trace_malloc= flag 
llvm-svn: 284149
 2016-10-13 19:06:46 +00:00
Kostya Serebryany d19919a80e [libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it 
llvm-svn: 283841
 2016-10-11 01:14:41 +00:00
Kostya Serebryany 3e0e901a18 [libFuzzer] add switch tests 
llvm-svn: 283840
 2016-10-11 01:13:32 +00:00
Kostya Serebryany 7abb95d3b3 [libFuzzer] make a test less flaky 
llvm-svn: 283686
 2016-10-09 03:45:38 +00:00
Kostya Serebryany c5325ed29d [libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process 
llvm-svn: 283682
 2016-10-08 23:24:45 +00:00
Kostya Serebryany 1c73f1bf27 [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
llvm-svn: 283409
 2016-10-05 22:56:21 +00:00
Kostya Serebryany 379359c53a [libFuzzer] add ShrinkValueProfileTest, move code around, NFC 
llvm-svn: 283286
 2016-10-05 01:09:40 +00:00
Kostya Serebryany 4820cc988f [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway 
llvm-svn: 283187
 2016-10-04 06:08:46 +00:00
Kostya Serebryany e7e790bad6 [libFuzzer] remove unused option 
llvm-svn: 282971
 2016-09-30 22:29:57 +00:00
Kostya Serebryany b3949ef885 [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard) 
llvm-svn: 282831
 2016-09-30 01:24:57 +00:00
Kostya Serebryany 5ff481fd9e [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag 
llvm-svn: 282458
 2016-09-27 00:10:20 +00:00
Kostya Serebryany 16a145fd0f [libFuzzer] fix merging with trace-pc-guard 
llvm-svn: 282224
 2016-09-23 01:58:51 +00:00
Kostya Serebryany 624f59f4d8 [libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings 
llvm-svn: 282129
 2016-09-22 01:34:58 +00:00
Kostya Serebryany c9e3de35ed [libFuzzer] one more test 
llvm-svn: 282127
 2016-09-22 00:57:29 +00:00
Kostya Serebryany 29bb664075 [libFuzzer] add stats to the corpus; more refactoring 
llvm-svn: 282121
 2016-09-21 22:42:17 +00:00
Kostya Serebryany 20801e1b8a [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one. 
llvm-svn: 282115
 2016-09-21 21:41:48 +00:00
Kostya Serebryany 8658618ea0 [libFuzzer] more refactoring 
llvm-svn: 282113
 2016-09-21 21:17:23 +00:00
Kostya Serebryany 6f5a804cdb [libFuzzer] refactoring: split the large header into many; NFC 
llvm-svn: 282044
 2016-09-21 01:50:50 +00:00
Kostya Serebryany 09aa01a6f8 [libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features 
llvm-svn: 282042
 2016-09-21 01:04:43 +00:00