Commit Graph

681 Commits

Author SHA1 Message Date
Kostya Serebryany 589eae515e [libFuzzer] change the default max_len from 64 to 4096. This will affect cases where libFuzzer is run w/o initial corpus or with a corpus of very small items.
llvm-svn: 305521
2017-06-15 22:43:40 +00:00
George Karpenkov 406c113103 Fixing section name for Darwin platforms for sanitizer coverage
On Darwin, section names have a 16char length limit.

llvm-svn: 305429
2017-06-14 23:40:25 +00:00
Kostya Serebryany 546a286cef [libFuzzer] really restrict the new test to Linux (fails on Mac/Windows currently)
llvm-svn: 305346
2017-06-14 00:34:42 +00:00
Kostya Serebryany d0fb427862 [libFuzzer] restrict the new test to Linux (fails on Mac currently)
llvm-svn: 305335
2017-06-13 23:09:11 +00:00
Kostya Serebryany f2d4dcb888 [libFuzzer] initial support of -fsanitize-coverage=inline-8bit-counters in libFuzzer. This is not fully functional yet, but simple tests work
llvm-svn: 305331
2017-06-13 22:31:21 +00:00
Chandler Carruth abd32bad37 Fix the includes in lib/Fuzzer on Windows that have ordering
dependencies and add comments to tell future maintainers about those
requirements.

llvm-svn: 304843
2017-06-06 23:28:01 +00:00
Chandler Carruth 6bda14b313 Sort the remaining #include lines in include/... and lib/....
I did this a long time ago with a janky python script, but now
clang-format has built-in support for this. I fed clang-format every
line with a #include and let it re-sort things according to the precise
LLVM rules for include ordering baked into clang-format these days.

I've reverted a number of files where the results of sorting includes
isn't healthy. Either places where we have legacy code relying on
particular include ordering (where possible, I'll fix these separately)
or where we have particular formatting around #include lines that
I didn't want to disturb in this patch.

This patch is *entirely* mechanical. If you get merge conflicts or
anything, just ignore the changes in this patch and run clang-format
over your #include lines in the files.

Sorry for any noise here, but it is important to keep these things
stable. I was seeing an increasing number of patches with irrelevant
re-ordering of #include lines because clang-format was used. This patch
at least isolates that churn, makes it easy to skip when resolving
conflicts, and gets us to a clean baseline (again).

llvm-svn: 304787
2017-06-06 11:49:48 +00:00
Mandeep Singh Grang 5e1697ef28 [llvm] Remove double semicolons
Reviewers: craig.topper, arsenm, mehdi_amini

Reviewed By: mehdi_amini

Subscribers: mehdi_amini, wdng, nhaehnle, javed.absar, llvm-commits

Differential Revision: https://reviews.llvm.org/D33924

llvm-svn: 304767
2017-06-06 05:08:36 +00:00
Kostya Serebryany 2e98c045cb [libFuzzer] fix a test to match the new sanitizer run-time
llvm-svn: 304333
2017-05-31 19:47:11 +00:00
Vitaly Buka bf40f1b6dd [libFuzzer] Don't replace custom signal handlers.
Summary:
This allows to keep handlers installed by sanitizers.
In other cases third-party code can replace handlers after libFuzzer
initialization anyway.

Reviewers: kcc

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D33522

llvm-svn: 303828
2017-05-25 01:43:13 +00:00
Kostya Serebryany cf50d43be9 [libFuzzer] fix tests on Windows
llvm-svn: 303128
2017-05-15 22:55:00 +00:00
Kostya Serebryany 87813b1bf8 [libFuzzer] improve the afl driver and it's tests. Make it possible to run individual inputs with afl driver
llvm-svn: 303125
2017-05-15 22:38:29 +00:00
Kostya Serebryany e8a49b3850 [libFuzzer] fix a warning from Wunreachable-code-loop-increment reported by Christian Holler. This also fixes a logical bug, which however does not affect the libFuzzer's ability too much (I wasn't able to create a differentiating test)
llvm-svn: 303087
2017-05-15 17:39:42 +00:00
Kostya Serebryany ae0317e4a9 [libFuzzer] fix a compiler warning
llvm-svn: 302747
2017-05-10 23:59:03 +00:00
Kostya Serebryany b068087bd8 [libFuzzer] update docs on -print_coverage/-dump_coverage
llvm-svn: 302498
2017-05-09 01:34:27 +00:00
Kostya Serebryany fe4ed9bd85 [libFuzzer] make sure the input data is not overwritten in the fuzz target (if it is -- report an error)
llvm-svn: 302494
2017-05-09 01:17:29 +00:00
Vitaly Buka bec6371fec [libFuzzer] exit without running atexit handlers in libfuzzer's crash handler
Summary:
It's not safe to assume that atexit handlers can be run once the app crashed.

Patch by Jochen Eisinger.

Reviewers: kcc, vitalybuka

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D32640

llvm-svn: 302076
2017-05-03 20:31:19 +00:00
Duncan P. N. Exon Smith 05531ca19b Fuzzer: Mark test/cxxstring.test UNSUPPORTED: windows
This has been mysteriously failing since r301593, which cleaned up the
types of things like size_t and SIZE_MAX for freestanding targets.  Reid
and Kostya suggested marking it as UNSUPPORTED on windows, given that no
one has been able to reproduce locally.

llvm-svn: 301719
2017-04-28 23:59:53 +00:00
Sanjoy Das 730edccb24 Remove unnecessary semicolon
This shows up as a -Wpendatic error on GCC.

llvm-svn: 301616
2017-04-28 04:49:32 +00:00
Kuba Mracek 5b4293c7d9 Fixup for r301054: Use an explicit constructor.
llvm-svn: 301061
2017-04-21 23:28:01 +00:00
Kuba Mracek a04026232e Fixup for r301054: Only use __attribute__((no_sanitize("memory"))) when it's available.
llvm-svn: 301058
2017-04-21 22:58:55 +00:00
Kuba Mracek 71c4043ae9 [libFuzzer] Always build libFuzzer
There are two reasons why users might want to build libfuzzer:
- To fuzz LLVM itself
- To get the libFuzzer.a archive file, so that they can attach it to their code
This change always builds libfuzzer, and supports the second use case if the specified flag is set.

The point of this patch is to have something that can potentially be shipped with the compiler, and this also ensures that the version of libFuzzer is correct to use with that compiler.

Patch by George Karpenkov.

Differential Revision: https://reviews.llvm.org/D32096

llvm-svn: 301054
2017-04-21 22:38:24 +00:00
Kuba Mracek c3ecc4b314 Fixup for r301007: Restrict the -D hack to Darwin.
llvm-svn: 301017
2017-04-21 18:19:56 +00:00
Kuba Mracek 81acbf3daa Revert r301010: Bot failures on Windows, NetBSD and even some old Darwin.
llvm-svn: 301012
2017-04-21 18:02:22 +00:00
Kuba Mracek a0ab8c2e40 [libFuzzer] Always build libFuzzer
There are two reasons why users might want to build libfuzzer:
- To fuzz LLVM itself
- To get the libFuzzer.a archive file, so that they can attach it to their code
This change always builds libfuzzer, and supports the second use case if the specified flag is set.

The point of this patch is to have something that can potentially be shipped with the compiler, and this also ensures that the version of libFuzzer is correct to use with that compiler.

Patch by George Karpenkov.

Differential Revision: https://reviews.llvm.org/D32096

llvm-svn: 301010
2017-04-21 17:47:44 +00:00
Kuba Mracek 309182a7d3 [libFuzzer] Changing thread_local to __thread in libFuzzer
Old Apple compilers do not support thread_local keyword. This patch adds -Dthread_local=__thread when the compiler doesn't support thread_local.

Differential Revision: https://reviews.llvm.org/D32312

llvm-svn: 301007
2017-04-21 17:39:50 +00:00
Kuba Mracek 9eb170fede [libFuzzer] Check for target(popcnt) capability before usage
Older compilers (e.g. LLVM 3.4) do not support the attribute target("popcnt").
In order to support those, this diff check the attribute support using the preprocessor.

Patch by George Karpenkov.

Differential Revision: https://reviews.llvm.org/D32311

llvm-svn: 300999
2017-04-21 16:57:37 +00:00
Ahmed Bougacha db2c16aebb Revert "[libFuzzer] XFAIL fuzzer-oom.test on Darwin."
This reverts commit r300127.

r300759 implemented StopTheWorld for Darwin, so the test passes again.

llvm-svn: 300801
2017-04-20 00:16:13 +00:00
Kostya Serebryany f60f61d0b3 [libFuzzer] extend help for -minimize_crash to cover ASAN_OPTIONS=dedup_token_length=3
llvm-svn: 300800
2017-04-19 23:58:05 +00:00
Kuba Mracek 7fe92fc521 Revert r300789: There are Windows bot failures.
llvm-svn: 300794
2017-04-19 23:44:33 +00:00
Kuba Mracek a89fd60a91 [libFuzzer] Always build libFuzzer
There are two reasons why users might want to build libfuzzer:
- To fuzz LLVM itself
- To get the libFuzzer.a archive file, so that they can attach it to their code
This change always builds libfuzzer, and supports the second use case if the specified flag is set.

The point of this patch is to have something that can potentially be shipped with the compiler, and this also ensures that the version of libFuzzer is correct to use with that compiler.

Differential Revision: https://reviews.llvm.org/D32096

llvm-svn: 300789
2017-04-19 23:34:08 +00:00
Kostya Serebryany a9e6cb8633 [libFuzzer] remove -output_csv option. It duplicates the default output and got out of sync
llvm-svn: 300768
2017-04-19 21:34:58 +00:00
Kostya Serebryany 1f231e7cc7 [libFuzzer] update -help: mention -exact_artifact_path in help for -minimize_crash and -cleanse_crash
llvm-svn: 300642
2017-04-19 01:22:04 +00:00
Kostya Serebryany ac7a9eae0b [libFuzzer] experimental option -cleanse_crash: tries to replace all bytes in a crash reproducer with garbage, while still preserving the crash
llvm-svn: 300498
2017-04-17 20:58:21 +00:00
Akira Hatanaka 48b1dee7b4 [libFuzzer] XFAIL fuzzer-oom.test on Darwin.
The test fails on Darwin because Fuzzer::DeathCallback (which calls
DumpCurrentUnit("crash-")) is called before DumpCurrentUnit("oom-") is
called in Fuzzer::RssLimitCallback. DeathCallback is transitively called
from __sanitizer_print_memory_profile.

This should fix the fuzzer bot that has been failing for a while:

http://lab.llvm.org:8080/green/job/libFuzzer/

llvm-svn: 300127
2017-04-12 23:15:10 +00:00
Vitaly Buka ea997e10cb [libFuzzer] fix type in signal name.
Fixes PR32576.

Patch by Jakub Zawadzki.

llvm-svn: 299968
2017-04-11 18:20:05 +00:00
Reid Kleckner 67cecd1e1c [Fuzzer] Flush std::cout before aborting in CxxStringEqTest
On Windows, abort() does not appear to flush std::cout. Should fix red
sanitizer-windows bot.

llvm-svn: 299398
2017-04-03 23:00:25 +00:00
Kostya Serebryany a617e16ff1 [libFuzzer] simplify the code a bit
llvm-svn: 299180
2017-03-31 04:17:45 +00:00
Kostya Serebryany 7de1f1a826 [libFuzzer] tests: don't test 64-bit comparison on 32-bit builds
llvm-svn: 299179
2017-03-31 03:51:40 +00:00
Kostya Serebryany b1f802cf80 [libFuzzer] ensure that strncmp is not inlined in a test
llvm-svn: 299177
2017-03-31 03:34:33 +00:00
Kostya Serebryany af2dfce683 [libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while calling mem*/str* inside libFuzzer itself
llvm-svn: 299167
2017-03-31 02:21:28 +00:00
Kostya Serebryany 3033065df9 [libFuzzer] try to fix value-profile-strncmp on the Mac bot
llvm-svn: 299145
2017-03-31 00:52:39 +00:00
Kostya Serebryany 01ddc1cfd5 [libFuzzer] remove a stale flag from tests, run value-profile-strncmp.test longer (hopefully, will fix the OSX bot)
llvm-svn: 299051
2017-03-30 04:22:20 +00:00
Kostya Serebryany d7d1d517ee [libFuzzer] best effort support for -fsanitize-coverage=trace-pc instrumentation. It is less efficient and precise than -fsanitize-coverage=trace-pc-guard, but still works
llvm-svn: 299046
2017-03-30 01:27:20 +00:00
Juergen Ributzka dea6379421 [libfuzzer] Remove XFAIL for OutOfMemory test.
This test is now passing on Darwin.

See rdar://problem/31282257.

llvm-svn: 298886
2017-03-27 22:33:05 +00:00
Vitaly Buka 72b8acfb70 [libFuzzer] Fix test on Windows.
llvm-svn: 298757
2017-03-25 01:19:45 +00:00
Kostya Serebryany 86e630b857 [libFuzzer] read asan's dedup_token while minimizing a crash and stop minimization if another bug was found during minimization (https://github.com/google/oss-fuzz/issues/452)
llvm-svn: 298755
2017-03-25 00:56:08 +00:00
Kostya Serebryany c58982d6fa [libFuzzer] be more careful when calling strlen of strcmp parameters, PR32357
llvm-svn: 298746
2017-03-24 22:19:52 +00:00
Kostya Serebryany dba9ded61f [libFuzzer] honor -exact_artifact_path for all intermediate files during crash minimization (https://github.com/google/oss-fuzz/issues/250)
llvm-svn: 298740
2017-03-24 21:09:16 +00:00
Kostya Serebryany e54785c6e9 [libFuzzer] split two tests to get more parallelism in test runs
llvm-svn: 298673
2017-03-24 00:51:18 +00:00