Kostya Serebryany
eee8b4a617
[libFuzzer] call __sanitizer_dump_coverage via EF
...
llvm-svn: 292681
2017-01-20 23:35:29 +00:00
Marcos Pividori
764b65c783
[libFuzzer] Don't use `#ifdef` for defined macros, instead use `#if`.
...
Differential Revision: https://reviews.llvm.org/D28972
llvm-svn: 292670
2017-01-20 22:49:13 +00:00
Marcos Pividori
3984eb4ad0
[libFuzzer] Use clang as linker on Windows, to properly include sanitizer libraries.
...
In order to use sanitizers on Windows, we need to link against many runtime
libraries which will depend on the target being created (executable or dll) and
the c runtime library used (MT/MD).
By default, cmake uses link.exe for linking, which fails because we don't
specify the appropiate dependencies. As we don't want to consider all of that
possible situations which depends on the implementation of the compiler-rt, the
simplest option is to change the rules for linking executables and shared
libraries, using the compiler instead of link.exe.
Clang driver will consider the sanitizer flags, and automatically provide the
required libraries to the linker.
Differential Revision: https://reviews.llvm.org/D27869
llvm-svn: 292669
2017-01-20 22:49:08 +00:00
Marcos Pividori
d41720267e
[libFuzzer] Properly use compiler options supported on Windows.
...
Replace "-g" by "-gline-tables-only". "-g" is not supported by clang-cl.
Differential Revision: https://reviews.llvm.org/D27868
llvm-svn: 292668
2017-01-20 22:48:47 +00:00
Kostya Serebryany
87a3811d32
[libFuzzer] add an assert to protect against LLVMFuzzerInitialize changing argv[0]
...
llvm-svn: 292652
2017-01-20 21:34:24 +00:00
Kostya Serebryany
98d592cc91
[libFuzzer] experimental support for 'equivalance fuzzing'
...
llvm-svn: 292646
2017-01-20 20:57:07 +00:00
Kostya Serebryany
a44ebf4d06
[libFuzzer] ensure that entries in PersistentAutoDictionary are not empty
...
llvm-svn: 292520
2017-01-19 21:14:47 +00:00
Kostya Serebryany
38b5d3ca54
[libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't special case 2-byte inputs
...
llvm-svn: 292511
2017-01-19 19:38:12 +00:00
Kostya Serebryany
6e47a10ec7
[libFuzzer] add two tests for experimenting with equivalence fuzzing
...
llvm-svn: 292509
2017-01-19 19:07:26 +00:00
Kostya Serebryany
bb91170cb5
[libFuzzer] remove stale code
...
llvm-svn: 292325
2017-01-18 01:10:18 +00:00
Kostya Serebryany
9d0f02af3d
[libFuzzer] exit(1) on failed merge
...
llvm-svn: 292319
2017-01-18 00:55:29 +00:00
Kostya Serebryany
3344f3517f
[libFuzzer] add ATTRIBUTE_NO_SANITIZE_MEMORY to sanitizer hooks
...
llvm-svn: 292295
2017-01-17 23:50:21 +00:00
Mike Aizatsky
0e37f8e41d
[libfuzzer] fixing collected pc addresses for coverage
...
Summary: The causes google/ossfuzz#84
Reviewers: kcc
Subscribers: mgorny
Differential Revision: https://reviews.llvm.org/D28827
llvm-svn: 292289
2017-01-17 23:11:32 +00:00
Kostya Serebryany
1d8c2ce97e
[libFuzzer] use table of recent compares for memcmp/strcmp (to unify the code between cmp and memcmp handling)
...
llvm-svn: 292287
2017-01-17 23:09:05 +00:00
Kostya Serebryany
138ed2b068
[libFuzzer] copy the options inside MutationDispatcher to avoid use-after-scope in mutator tests
...
llvm-svn: 292286
2017-01-17 23:05:07 +00:00
Kostya Serebryany
61f5473bad
[libFuzzer] remove dead code, NFC
...
llvm-svn: 291195
2017-01-06 00:09:40 +00:00
Kostya Serebryany
4aa0590e33
[libFuzzer] improve error handling during the merge (handle various IO failures)
...
llvm-svn: 291182
2017-01-05 22:05:47 +00:00
Kostya Serebryany
2648243ebd
[libFuzzer] use /tmp (or $TMPDIR, if present) to store temp files during merge
...
llvm-svn: 291078
2017-01-05 04:32:19 +00:00
Kostya Serebryany
4986e819dc
[libFuzzer] disable -print_pcs by default (was enabled by mistake)
...
llvm-svn: 290899
2017-01-03 18:51:28 +00:00
Kostya Serebryany
11a22bc39d
[libFuzzer] cleaner implementation of -print_pcs=1
...
llvm-svn: 290739
2016-12-30 01:13:07 +00:00
Reid Kleckner
e8ee89f8b0
Include <algorithm> for std::max etc
...
llvm-svn: 290730
2016-12-30 00:15:40 +00:00
Kostya Serebryany
d723804fa2
[libFuzzer] make __sanitizer_cov_trace_switch more predictable
...
llvm-svn: 290703
2016-12-29 02:50:35 +00:00
Kostya Serebryany
2a8440df70
[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt)
...
llvm-svn: 290637
2016-12-27 23:24:55 +00:00
Kostya Serebryany
8d75c78d4c
[libFuzzer] don't create large random mutations when given an empty seed
...
llvm-svn: 290634
2016-12-27 22:15:04 +00:00
Kostya Serebryany
823c18147d
[libFuzzer] fix UB and simplify the computation of the RNG seed ( https://llvm.org/bugs/show_bug.cgi?id=31456 )
...
llvm-svn: 290622
2016-12-27 19:51:34 +00:00
Mike Aizatsky
9b415be1bf
[libfuzzer] dump_coverage command line flag
...
Reviewers: kcc, vitalybuka
Differential Revision: https://reviews.llvm.org/D27942
llvm-svn: 290138
2016-12-19 22:18:08 +00:00
Daniel Jasper
fa1030e40b
Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code"
...
This reverts commit r289998.
See comment:
https://reviews.llvm.org/rL289998
llvm-svn: 290043
2016-12-17 12:27:49 +00:00
Kostya Serebryany
1e438a1dba
[libFuzzer] use less memory for merge
...
llvm-svn: 290039
2016-12-17 08:20:24 +00:00
Kostya Serebryany
01c82f50f7
[libFuzzer] speed up __sanitizer_cov_trace_switch a bit more (remove DIV)
...
llvm-svn: 290034
2016-12-17 02:23:35 +00:00
Kostya Serebryany
2c36a30770
[libFuzzer] remove stale test
...
llvm-svn: 290033
2016-12-17 02:18:59 +00:00
Kostya Serebryany
00e638e642
[libFuzzer] when tracing switch statements, handle only one case at a time (to make things faster). Also ensure that the signals from value profile do not intersect with the regular coverage
...
llvm-svn: 290031
2016-12-17 02:03:34 +00:00
Mike Aizatsky
a5c7efc6d4
[libfuzzer] removing experimental FuzzerFnAdapter
...
Summary: This is superceded by protobuf mutation work.
Reviewers: kcc
Subscribers: mgorny
Differential Revision: https://reviews.llvm.org/D27865
llvm-svn: 290018
2016-12-17 00:12:13 +00:00
Kostya Serebryany
3a4e2dd92f
[libFuzzer] avoid msan false positives in more cases
...
llvm-svn: 289999
2016-12-16 22:45:25 +00:00
Kostya Serebryany
be7003f99c
[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code
...
llvm-svn: 289998
2016-12-16 22:42:05 +00:00
Marcos Pividori
566cf67e7c
[libFuzzer] Fix index error in SearchMemory() implementation for Windows.
...
Differential Revision: https://reviews.llvm.org/D27731
llvm-svn: 289966
2016-12-16 17:35:25 +00:00
Marcos Pividori
3b04af2420
[libFuzzer] Remove unnecessary includes of posix headers.
...
Remove includes of "unistd.h" header, which is missing in non posix
systems.
Differential Revision: https://reviews.llvm.org/D277300
llvm-svn: 289965
2016-12-16 17:35:21 +00:00
Marcos Pividori
6a7e4c2e20
[libFuzzer] Update tests to use more general functions instead of posix specific.
...
Replace sleep() posix function by a more portable sleep_for() function
from std. Also, ignore memmem() and strcasestr() on Windows.
Differential Revision: https://reviews.llvm.org/D27729
llvm-svn: 289964
2016-12-16 17:35:13 +00:00
Kostya Serebryany
628b43aab6
[libFuzzer] enable the failure-resistant merge by default (with trace-pc-guard only)
...
llvm-svn: 289772
2016-12-15 06:21:21 +00:00
Kostya Serebryany
d9d9a54511
[libFuzzer] disable msan for one more hook that reads target's data that might be uninitialized
...
llvm-svn: 289680
2016-12-14 18:13:02 +00:00
Kostya Serebryany
f6f82c2cc8
[libFuzzer] fix an UB (invalid shift) spotted by ubsan. The code worked fine by luck, because the way shifts actually work on clang+x86
...
llvm-svn: 289607
2016-12-13 22:49:14 +00:00
Marcos Pividori
c21b3c949d
[libFuzzer] Add missing header needed for Windows.
...
llvm-svn: 289564
2016-12-13 17:46:48 +00:00
Marcos Pividori
7c1defd738
[libFuzzer] Avoid name collision with Windows API.
...
Windows uses some macros to replace DeleteFile() by DeleteFileA() or
DeleteFileW(). This was causing an error at link time.
DeleteFile was renamed to RemoveFile().
Differential Revision: https://reviews.llvm.org/D27577
llvm-svn: 289563
2016-12-13 17:46:40 +00:00
Marcos Pividori
67dfacdd80
[libFuzzer] Implement DirName() for Windows.
...
Implement DirName from scratch to avoid dependencies on external libraries.
It's based on MSDN documentation for Naming Files, Paths, and Namespaces.
The algorithm can't simply start from the end and look backwards for the
first separator, because we need to preserve the prefix that represent
the root location. We shouldn't remove anything there. In Windows we
have many different options, like:
\\Server\Share\ , \ , C: , C:\ , \\?\C:\ , \\?\UNC\Server\Share\
We remove the last separator in the rest of the path, if it exists.
It was implemented to have a similar behaviour to dirname() in linux,
removing trailing separators, returning "." when the path doesn't
contain separators, etc.
Differential Revision: https://reviews.llvm.org/D27579
llvm-svn: 289562
2016-12-13 17:46:32 +00:00
Marcos Pividori
64d4147396
[libFuzzer] Fix bug in detecting timeouts when input string is empty.
...
I added a new flag RunningCB to know if the Fuzzer's main thread is
running the CB function, instead of using (!CurrentUnitSize).
(!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp,
inside ShuffleAndMinimize() function, we execute the callback with an
empty string (size=0). Previous implementation failed to detect timeouts
in that execution.
Also, I add a regression test for that case.
Differential Revision: https://reviews.llvm.org/D27433
llvm-svn: 289561
2016-12-13 17:46:25 +00:00
Marcos Pividori
178fe58745
[libFuzzer] Clean up headers and file formatting of LibFuzzer files.
...
Reorganize #includes to follow LLVM Coding Standards.
Include some missing headers. Required to use `Printf()`.
Aside from that, this patch contains no functional change.
It is purely a re-organization.
Differential Revision: https://reviews.llvm.org/D27363
llvm-svn: 289560
2016-12-13 17:46:11 +00:00
Marcos Pividori
6e3d885c79
[libFuzzer] Properly use unsigned for workers, jobs and NumberOfCpuCores.
...
std:🧵 :hardware_concurrency() returns an unsigned, so I modify
NumberOfCpuCores() to return unsigned too.
The number of cpus is used to define the number of workers, so I decided
to update the worker and jobs flags to be declared as unsigned too.
Differential Revision: https://reviews.llvm.org/D27685
llvm-svn: 289559
2016-12-13 17:45:53 +00:00
Marcos Pividori
463f8bdd0b
[libFuzzer] Properly use unsigned for Process ID.
...
Use unsigned for PID instead of signed int. GetCurrentProcessId() returns
an unsigned (DWORD) so we must be sure we can deal with all possible values.
I use a long unsigned to be sure it can hold a 32 bit unsigned (DWORD).
Differential Revision: https://reviews.llvm.org/D27281
llvm-svn: 289558
2016-12-13 17:45:44 +00:00
Marcos Pividori
c59b692c85
[libFuzzer] Improve Signal Handler interface.
...
Add new flags to FuzzingOptions to represent the different conditions
on the signal handling. These options are passed when calling
SetSignalHandler().
This changes simplify the implementation of Windows's exception
handling. Now we can define a unique handler for all the exceptions.
Differential Revision: https://reviews.llvm.org/D27238
llvm-svn: 289557
2016-12-13 17:45:20 +00:00
Kostya Serebryany
a31300e789
[libFuzzer] don't require extra flags with -minimize_crash=1 (default to -max_total_time=600). Also respect exact_artifact_path when outputting the end result
...
llvm-svn: 289506
2016-12-13 00:40:47 +00:00
Marcos Pividori
681e904419
[libFuzzer] Implement Timers for Windows.
...
Implemented timeouts for Windows using TimerQueueTimers.
Timers are used to supervise the time of execution of the
callback function that is being fuzzed.
Differential Revision: https://reviews.llvm.org/D27237
llvm-svn: 289495
2016-12-12 23:25:11 +00:00
Kostya Serebryany
092d5764a1
[libFuzzer] split one slow test into several, for more parallel testing
...
llvm-svn: 289481
2016-12-12 22:55:25 +00:00
Kostya Serebryany
a4b43bf8e8
[libFuzzer] make SimpleCmpTest a bit simpler to crack and more verbose
...
llvm-svn: 289477
2016-12-12 22:39:33 +00:00
Kostya Serebryany
035af9b346
[libFuzzer] build libFuzzer itself with asan
...
llvm-svn: 289469
2016-12-12 20:58:10 +00:00
Kostya Serebryany
d4be88913e
[libFuzzer] respect -max_len during merge
...
llvm-svn: 289467
2016-12-12 20:39:35 +00:00
Kostya Serebryany
441e6310ae
[libFuzzer] don't depend on time in a test
...
llvm-svn: 289368
2016-12-11 06:28:09 +00:00
Kostya Serebryany
c05cb60369
[libFuzzer] test cleanup (3)
...
llvm-svn: 289314
2016-12-10 02:48:42 +00:00
Kostya Serebryany
832d39e9cc
[libFuzzer] test cleanup (2)
...
llvm-svn: 289313
2016-12-10 02:47:00 +00:00
Kostya Serebryany
2f962fe5f7
[libFuzzer] test cleanup
...
llvm-svn: 289312
2016-12-10 02:45:56 +00:00
Kostya Serebryany
61be0f947d
[libFuzzer] switch all libFuzzer tests to use -fsanitize-coverage=trace-pc-guard. Support for the previosly used instrumentation will be removed in the following changes
...
llvm-svn: 289311
2016-12-10 02:26:23 +00:00
Kostya Serebryany
1394ce2aa2
[libFuzzer] use __sanitizer_get_module_and_offset_for_pc to get the module name while printing the coverage
...
llvm-svn: 289310
2016-12-10 01:19:35 +00:00
Kostya Serebryany
111e1d69e3
[libFuzzer] implement crash-resistant merge ( https://github.com/google/sanitizers/issues/722 ). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests).
...
llvm-svn: 289166
2016-12-09 01:17:24 +00:00
Kostya Serebryany
64a055549a
[libFuzzer] include FuzzerIO.h and hopefully fix the Mac build. reported by Dejan Mircevski
...
llvm-svn: 288979
2016-12-07 21:02:48 +00:00
Kostya Serebryany
fe1094b811
[libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :(
...
llvm-svn: 288731
2016-12-05 23:35:22 +00:00
Zachary Turner
6fa57ad9bd
Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
...
This resubmits r288529, which was resubmitted because it broke a
fuzzer bot. According to kcc@ the test that broke was flakey
and it is unlikely to be a result of this patch.
llvm-svn: 288549
2016-12-02 23:02:01 +00:00
Zachary Turner
3cfeab7059
Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
...
This reverts commit r288529, as it seems to introduce some
problems on the Linux bots.
llvm-svn: 288533
2016-12-02 20:54:56 +00:00
Zachary Turner
d755e4f587
[LibFuzzer] Introduce a portable WeakAlias implementation.
...
Windows doesn't really support weak aliases, but with some
linker magic we can get something that's pretty close on
Windows. This introduces an interface to accessing weakly
aliased symbols that will work on any platform. Linker
magic changes to come in a separate patch.
Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27235
llvm-svn: 288530
2016-12-02 19:41:17 +00:00
Zachary Turner
34dcfb9294
[LibFuzzer] Split FuzzerUtil for Posix and Windows.
...
Pave the way for separating out platform specific
utility functions into separate files.
Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27234
llvm-svn: 288529
2016-12-02 19:38:19 +00:00
Kostya Serebryany
09f4fa5200
[libFuzzer] add a test for r288389 (-rss_limit_mb=0 means no limit).
...
llvm-svn: 288392
2016-12-01 18:02:07 +00:00
Kostya Serebryany
dc6b8ca879
[libFuzzer] treat -rss_limit_mb=0 as no limit
...
llvm-svn: 288389
2016-12-01 17:56:15 +00:00
Kostya Serebryany
b66cb88c2e
revert r288283 as it causes debug info (line numbers) to be lost in instrumented code. also revert r288299 which was a workaround for the problem.
...
llvm-svn: 288300
2016-12-01 02:06:56 +00:00
Kostya Serebryany
73f438ef9a
[libFuzzer] temporary disable a part of the test broken by r288283
...
llvm-svn: 288299
2016-12-01 01:33:44 +00:00
Kostya Serebryany
05f7791fbf
[libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit
...
llvm-svn: 288281
2016-11-30 22:39:35 +00:00
Kostya Serebryany
1cba0a96e7
[libFuzzer] extend -print_coverage to print the comma-separated list of covered dirs. Note: the Windows stub for DirName is left unimplemented
...
llvm-svn: 288276
2016-11-30 21:53:32 +00:00
Zachary Turner
5abac1769f
[LibFuzzer] Add Windows implementations of some IO functions.
...
This patch moves some posix specific file i/o code into a new
file, FuzzerIOPosix.cpp, and provides implementations for these
functions on Windows in FuzzerIOWindows.cpp. This is another
incremental step towards getting libfuzzer working on Windows,
although it still should not be expected to be fully working.
Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27233
llvm-svn: 288275
2016-11-30 21:44:26 +00:00
Zachary Turner
24a148b1d4
[LibFuzzer] Split up some functions among different headers.
...
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't. IO functions, for example, tend to be platform
specific.
This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.
Aside from that, this patch contains no functional change. It
is purely a re-organization.
Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230
llvm-svn: 288264
2016-11-30 19:06:14 +00:00
Zachary Turner
c6d8b4c044
[LibFuzzer] Add macro flags for Posix and Windows.
...
This is the beginning of an effort to get libfuzzer working on
Windows. This is a NFC to just add some macros for platform
detection on Windows.
Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27229
llvm-svn: 288249
2016-11-30 16:32:54 +00:00
Kostya Serebryany
6c77811a29
[libFuzzer] replace 'auto' with 'auto *' to better follow the LLVM style
...
llvm-svn: 286870
2016-11-14 19:21:38 +00:00
Kostya Serebryany
53c894d257
[libFuzzer] use a valid ASCII string for a dummy seed corpus
...
llvm-svn: 286702
2016-11-12 02:27:21 +00:00
Kostya Serebryany
fc1c405f98
[libFuzzer] use less stack
...
llvm-svn: 286689
2016-11-12 00:24:35 +00:00
Kostya Serebryany
235679181b
[libFuzzer] do not initialize parts of TracePC -- let them be initialized by the linker. Add no-msan attribute to the memcmp hook.
...
llvm-svn: 286665
2016-11-11 23:06:53 +00:00
Kostya Serebryany
8a56917492
[libFuzzer] fix -error_exitcode=N, now with a test
...
llvm-svn: 285958
2016-11-03 19:31:18 +00:00
Kostya Serebryany
bcfb0802e2
[libFuzzer] enable use_cmp by default
...
llvm-svn: 285353
2016-10-27 21:44:37 +00:00
Kostya Serebryany
94c427c23e
[libFuzzer] speculatively trying to fix the Mac build; second attempt
...
llvm-svn: 285262
2016-10-27 00:36:38 +00:00
Kostya Serebryany
3d945f6247
[libFuzzer] revert 285259 -- hit commit too soon
...
llvm-svn: 285260
2016-10-27 00:24:34 +00:00
Kostya Serebryany
15cd6b4b10
[libFuzzer] speculatively trying to fix the Mac build
...
llvm-svn: 285259
2016-10-27 00:22:39 +00:00
Kostya Serebryany
2fabecaee3
[libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once
...
llvm-svn: 285223
2016-10-26 18:52:04 +00:00
Kostya Serebryany
06b8757b57
[libFuzzer] simplify the code in TracePC::HandleTrace a bit more
...
llvm-svn: 285147
2016-10-26 00:42:52 +00:00
Kostya Serebryany
a5b2e54fcb
[libFuzzer] simplify the code to print new PCs
...
llvm-svn: 285145
2016-10-26 00:20:51 +00:00
Kostya Serebryany
275e260258
[libFuzzer] simplify the code in TracePC::HandleTrace
...
llvm-svn: 285142
2016-10-25 23:52:25 +00:00
Kostya Serebryany
117976818e
[libFuzzer] add StandaloneFuzzTargetMain.c and a test for it
...
llvm-svn: 285135
2016-10-25 22:30:34 +00:00
Kostya Serebryany
c48c93184a
[libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp
...
llvm-svn: 285109
2016-10-25 20:15:15 +00:00
Kostya Serebryany
3364f90783
[libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test
...
llvm-svn: 285049
2016-10-25 02:04:43 +00:00
Kostya Serebryany
65f102d4d2
[libFuzzer] mutation: insert the size of the input in bytes as one of the ways to mutate a binary integer
...
llvm-svn: 284909
2016-10-22 03:48:53 +00:00
Kostya Serebryany
10ae9e23a3
[libFuzzer] typo in a test
...
llvm-svn: 284903
2016-10-22 01:07:38 +00:00
Kostya Serebryany
2bfff021ad
[libFuzzer] add a test for asan's strict_string_checks=1
...
llvm-svn: 284902
2016-10-22 00:05:44 +00:00
Reid Kleckner
ac2a2a86e4
Fix -Wunused-variable warning in libFuzzer
...
llvm-svn: 284838
2016-10-21 16:26:27 +00:00
Kostya Serebryany
95b1a434d2
[libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files.
...
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp
Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
(need to implement another API to get the module name by PC)
llvm-svn: 284554
2016-10-19 00:12:03 +00:00
Kostya Serebryany
bb59ef77ca
[libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file)
...
llvm-svn: 284514
2016-10-18 18:38:08 +00:00
Kostya Serebryany
8dfed45cd4
[libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item
...
llvm-svn: 284508
2016-10-18 18:06:05 +00:00
Kostya Serebryany
9a4b10a56f
[libFuzzer] swap bytes in integers when handling CMP traces
...
llvm-svn: 284301
2016-10-15 04:00:07 +00:00
Kostya Serebryany
f9b8e8b117
[libFuzzer] better algorithm for -minimize_crash
...
llvm-svn: 284299
2016-10-15 01:00:24 +00:00
Kostya Serebryany
e450e40741
[libFuzzer] remove subdir fuzzer-test-suite as it is now superseded with https://github.com/google/fuzzer-test-suite
...
llvm-svn: 284275
2016-10-14 20:26:40 +00:00
Kostya Serebryany
a5f94fb6c9
[libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode
...
llvm-svn: 284273
2016-10-14 20:20:33 +00:00
Kostya Serebryany
0381374f96
[libFuzzer] more detailed message for disabled leak detection
...
llvm-svn: 284169
2016-10-13 22:24:10 +00:00
Kostya Serebryany
a17d23eaa7
[libFuzzer] add -trace_malloc= flag
...
llvm-svn: 284149
2016-10-13 19:06:46 +00:00
Kostya Serebryany
17d176e16b
[libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a fix for gcc build
...
llvm-svn: 284132
2016-10-13 16:19:09 +00:00
Daniel Jasper
90d990e034
Revert "[libFuzzer] refactoring to speed things up, NFC"
...
This reverts commit r283946.
This breaks when build with GCC:
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes]
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch
lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here
llvm-svn: 283979
2016-10-12 07:26:46 +00:00
Kostya Serebryany
a09d11e108
[libFuzzer] refactoring to speed things up, NFC
...
llvm-svn: 283946
2016-10-11 21:27:37 +00:00
Kostya Serebryany
d19919a80e
[libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it
...
llvm-svn: 283841
2016-10-11 01:14:41 +00:00
Kostya Serebryany
3e0e901a18
[libFuzzer] add switch tests
...
llvm-svn: 283840
2016-10-11 01:13:32 +00:00
Kostya Serebryany
7abb95d3b3
[libFuzzer] make a test less flaky
...
llvm-svn: 283686
2016-10-09 03:45:38 +00:00
Kostya Serebryany
c5325ed29d
[libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process
...
llvm-svn: 283682
2016-10-08 23:24:45 +00:00
Kostya Serebryany
9adc7c8b4a
[libFuzzer] control the reload interval by a flag, make it 10 seconds by default
...
llvm-svn: 283676
2016-10-08 22:12:14 +00:00
Kostya Serebryany
cd04ec25dd
[libFuzzer] fix use-after-free in libFuzzer found by ... fuzzing.
...
llvm-svn: 283675
2016-10-08 21:57:48 +00:00
Kostya Serebryany
936b1e774f
[libFuzzer] be more careful with memory usage, print peak rss in status lines
...
llvm-svn: 283418
2016-10-06 05:14:00 +00:00
Kostya Serebryany
3b564e9765
[libFuzzer] when re-running for lsan, don't look at the coverage
...
llvm-svn: 283411
2016-10-05 23:31:01 +00:00
Kostya Serebryany
1c73f1bf27
[libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.
...
llvm-svn: 283409
2016-10-05 22:56:21 +00:00
Kostya Serebryany
379359c53a
[libFuzzer] add ShrinkValueProfileTest, move code around, NFC
...
llvm-svn: 283286
2016-10-05 01:09:40 +00:00
Kostya Serebryany
2455f0d013
[libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines
...
llvm-svn: 283279
2016-10-05 00:25:17 +00:00
Kostya Serebryany
4820cc988f
[libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway
...
llvm-svn: 283187
2016-10-04 06:08:46 +00:00
Kostya Serebryany
5a52a11ce4
[libFuzzer] change the probabilities so that we choose only the inputs that are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now)
...
llvm-svn: 283178
2016-10-04 01:51:44 +00:00
Kostya Serebryany
a5f1adab56
[libFuzzer] add fuzzer test for libxml2, finds https://bugzilla.gnome.org/show_bug.cgi?id=751631
...
llvm-svn: 283024
2016-10-01 07:37:40 +00:00
Kostya Serebryany
d1f31d0a49
[libFuzzer] fix a recent bugs (buffer overflow)
...
llvm-svn: 283021
2016-10-01 07:13:25 +00:00
Kostya Serebryany
d216922a80
[libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default
...
llvm-svn: 282995
2016-10-01 01:04:29 +00:00
Kostya Serebryany
90f8f36bca
[libFuzzer] remove some experimental code
...
llvm-svn: 282983
2016-09-30 23:29:27 +00:00
Kostya Serebryany
7022b94687
[libFuzzer] fix openssl fuzzer tests when running on a machine w/o openssl installed
...
llvm-svn: 282972
2016-09-30 22:35:08 +00:00
Kostya Serebryany
e7e790bad6
[libFuzzer] remove unused option
...
llvm-svn: 282971
2016-09-30 22:29:57 +00:00
Kostya Serebryany
b7e7a5473d
[libFuzzer] move common parts of shell scripts into a separate file
...
llvm-svn: 282954
2016-09-30 21:12:30 +00:00
Kostya Serebryany
cfa31b6307
[libFuzzer] add a fuzzer test that finds CVE-2015-3193
...
llvm-svn: 282892
2016-09-30 18:16:16 +00:00
Kostya Serebryany
cad612a472
[libfuzzer] test for c-ares CVE-2016-5180
...
llvm-svn: 282839
2016-09-30 05:15:45 +00:00
Kostya Serebryany
b3949ef885
[libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard)
...
llvm-svn: 282831
2016-09-30 01:24:57 +00:00
Kostya Serebryany
2c55613a08
[libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input
...
llvm-svn: 282829
2016-09-30 01:19:56 +00:00
Kostya Serebryany
a9b0dd0e51
[sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals
...
llvm-svn: 282735
2016-09-29 17:43:24 +00:00
Kostya Serebryany
a9a135b4f5
[libFuzzer] initialize ValueBitMap::NumBits
...
llvm-svn: 282721
2016-09-29 15:51:28 +00:00
Kostya Serebryany
3ee6c213d6
[libFuzzer] speedup TracePC::FinalizeTrace
...
llvm-svn: 282562
2016-09-28 01:16:24 +00:00
Kostya Serebryany
7d6935c184
[libFuzzer] run re2 test in 8 threads by default
...
llvm-svn: 282469
2016-09-27 03:33:57 +00:00
Kostya Serebryany
45c144754b
[sanitizer-coverage] fix a bug in trace-gep
...
llvm-svn: 282467
2016-09-27 01:55:08 +00:00
Kostya Serebryany
53543af036
[libFuzzer] add a test based on openssl-1.0.1f (finds heartbleed)
...
llvm-svn: 282460
2016-09-27 00:27:40 +00:00
Kostya Serebryany
5ff481fd9e
[libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag
...
llvm-svn: 282458
2016-09-27 00:10:20 +00:00
Kostya Serebryany
273d767215
[libFuzzer] add a standalone build script
...
llvm-svn: 282321
2016-09-24 04:00:00 +00:00
Kostya Serebryany
0800b81a21
[libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features.
...
llvm-svn: 282316
2016-09-23 23:51:58 +00:00
Kostya Serebryany
2d1d944f7e
[libFuzzer] first steps in adding a proper automated test suite based on real-life code: add a script to build RE2 at a revision that has known bugs
...
llvm-svn: 282292
2016-09-23 20:43:22 +00:00
Kostya Serebryany
0d26de3922
[libFuzzer] reset Counters (trace-pc-guard) before every run
...
llvm-svn: 282284
2016-09-23 20:04:13 +00:00
Kostya Serebryany
ce1cab169f
[libFuzzer] be more precise about what we reset in TracePC
...
llvm-svn: 282225
2016-09-23 02:18:59 +00:00
Kostya Serebryany
16a145fd0f
[libFuzzer] fix merging with trace-pc-guard
...
llvm-svn: 282224
2016-09-23 01:58:51 +00:00
Kostya Serebryany
87a598e19f
[libFuzzer] simplify the TracePC logic
...
llvm-svn: 282222
2016-09-23 01:20:07 +00:00
Kostya Serebryany
ab73c6924f
[libFuzzer] move value profiling logic into TracePC
...
llvm-svn: 282219
2016-09-23 00:46:18 +00:00
Kostya Serebryany
d28099de5d
[libFuzzer] change ValueBitMap to remember the number of bits in it
...
llvm-svn: 282216
2016-09-23 00:22:46 +00:00
Kostya Serebryany
be0ed59cdc
[libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen
...
llvm-svn: 282211
2016-09-22 23:16:36 +00:00
Kostya Serebryany
624f59f4d8
[libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings
...
llvm-svn: 282129
2016-09-22 01:34:58 +00:00
Kostya Serebryany
c9e3de35ed
[libFuzzer] one more test
...
llvm-svn: 282127
2016-09-22 00:57:29 +00:00
Kostya Serebryany
29bb664075
[libFuzzer] add stats to the corpus; more refactoring
...
llvm-svn: 282121
2016-09-21 22:42:17 +00:00
Kostya Serebryany
20801e1b8a
[libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one.
...
llvm-svn: 282115
2016-09-21 21:41:48 +00:00
Kostya Serebryany
8658618ea0
[libFuzzer] more refactoring
...
llvm-svn: 282113
2016-09-21 21:17:23 +00:00
Kostya Serebryany
225d8e45d4
[libFuzzer] fix libc++ build
...
llvm-svn: 282050
2016-09-21 03:50:37 +00:00
Kostya Serebryany
556894fb10
[libFuzzer] more refactoring; NFC
...
llvm-svn: 282047
2016-09-21 02:05:39 +00:00
Kostya Serebryany
6f5a804cdb
[libFuzzer] refactoring: split the large header into many; NFC
...
llvm-svn: 282044
2016-09-21 01:50:50 +00:00
Kostya Serebryany
09aa01a6f8
[libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features
...
llvm-svn: 282042
2016-09-21 01:04:43 +00:00
Kostya Serebryany
3750c04f7e
[libFuzzer] use sleep() instead of std::this_thread::sleep_for to avoid coverage from instrumented libc++
...
llvm-svn: 281933
2016-09-19 20:32:34 +00:00
Kostya Serebryany
b706b481ba
[libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer
...
llvm-svn: 281866
2016-09-18 21:47:08 +00:00
Kostya Serebryany
8e781a888a
[libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change the guard type to intptr_t; use separate array for 8-bit counters
...
llvm-svn: 281845
2016-09-18 04:52:23 +00:00
Kostya Serebryany
bc3789a919
[libFuzzer] properly reset the guards when reseting the coverage. Also try to fix check-fuzzer on the bot
...
llvm-svn: 281814
2016-09-17 06:01:55 +00:00
Kostya Serebryany
3e36ec1d18
[libFuzzer] change trace-pc to use 8-byte guards
...
llvm-svn: 281810
2016-09-17 05:04:47 +00:00
Kostya Serebryany
0984517021
[libFuzzer] make caller-callee feedback work with trace-pc-guard
...
llvm-svn: 281667
2016-09-15 22:16:15 +00:00
Kostya Serebryany
21c3573733
[libFuzzer] fix the build for AFLDriverTest
...
llvm-svn: 281633
2016-09-15 18:10:38 +00:00
Kostya Serebryany
09e416615e
[libFuzzer] disable test that requires debug info -- it fails on the bot
...
llvm-svn: 281584
2016-09-15 05:46:58 +00:00
Kostya Serebryany
0b47fbcb30
[libFuzzer] move the AFL driver build rule test into the uninstrumented dir
...
llvm-svn: 281583
2016-09-15 05:17:39 +00:00
Kostya Serebryany
33a497abf4
[libFuzzer] fix print_pcs test
...
llvm-svn: 281580
2016-09-15 04:43:06 +00:00
Kostya Serebryany
5350178487
[libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic)
...
llvm-svn: 281577
2016-09-15 04:36:45 +00:00
Kostya Serebryany
a5277d59d0
[libFuzzer] add 8-bit counters to trace-pc-guard handler
...
llvm-svn: 281568
2016-09-15 01:30:18 +00:00
Kostya Serebryany
a00b243c75
[libFuzzer] start using trace-pc-guard as an alternative source of coverage
...
llvm-svn: 281435
2016-09-14 02:13:06 +00:00
Kostya Serebryany
8c537c556a
[libFuzzer] print a failed-merge warning only in the merge mode
...
llvm-svn: 281130
2016-09-10 02:17:22 +00:00
Kostya Serebryany
4529960a3b
[libFuzzer] don't print help for internal flags
...
llvm-svn: 281124
2016-09-10 00:35:30 +00:00
Kostya Serebryany
b991cc1f0e
[libFuzzer] print a visible message if merge fails due to a crash
...
llvm-svn: 281122
2016-09-10 00:15:41 +00:00
Kostya Serebryany
1837152a34
[libFuzzer] use sizeof() in tests instead of 4 and 8
...
llvm-svn: 281111
2016-09-09 22:21:16 +00:00
Kostya Serebryany
4b17a331ae
[libFuzzer] one more puzzle for value profile
...
llvm-svn: 281106
2016-09-09 21:58:42 +00:00
Kostya Serebryany
00ef27112e
[libFuzzer] one more puzzle, value_profile cracks it in a second
...
llvm-svn: 281066
2016-09-09 18:00:04 +00:00
Kostya Serebryany
b76a2a5503
[libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itself
...
llvm-svn: 281016
2016-09-09 02:38:28 +00:00
Kostya Serebryany
8ea4f9873b
[libFuzzer] remove unneeded call
...
llvm-svn: 281014
2016-09-09 01:57:38 +00:00
Kostya Serebryany
5c04bd250e
[libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better
...
llvm-svn: 281007
2016-09-09 01:17:03 +00:00
Kostya Serebryany
e2d0f63654
[libFuzzer] add -minimize_crash flag (to minimize crashers). also add two tests that I failed to commit last time
...
llvm-svn: 280332
2016-09-01 01:22:27 +00:00
Mike Aizatsky
b077d3fef2
[libfuzzer] simplified unit truncation; do not write trunc items to disc
...
Differential Revision: https://reviews.llvm.org/D24049
llvm-svn: 280153
2016-08-30 20:49:07 +00:00
Kostya Serebryany
a016a45d60
[libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow
...
llvm-svn: 280098
2016-08-30 14:52:05 +00:00
Kostya Serebryany
248d11519a
[libFuzzer] stop using bits for memcmp's value profile -- seems to blow up the corpus too much
...
llvm-svn: 280096
2016-08-30 14:39:33 +00:00
Kostya Serebryany
d4492f8101
[libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the fuzzer reaches the goal much faster, at least on the simple puzzles
...
llvm-svn: 280054
2016-08-30 03:05:50 +00:00
Kostya Serebryany
4d22e4fcb9
[libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests
...
llvm-svn: 280046
2016-08-30 01:30:14 +00:00
Kostya Serebryany
3e5991e540
[libFuzzer] simplify a test to make it pass on the bot
...
llvm-svn: 279796
2016-08-26 00:18:16 +00:00
Kostya Serebryany
1426f59a76
[libFuzzer] make sure we have symbols on fuzzer tests
...
llvm-svn: 279792
2016-08-25 23:30:02 +00:00
Kostya Serebryany
0f0fa4faf2
[libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them
...
llvm-svn: 279787
2016-08-25 22:35:08 +00:00
Kostya Serebryany
f67357c671
[libFuzzer] simplify the code, NFC
...
llvm-svn: 279697
2016-08-25 01:25:03 +00:00
Kostya Serebryany
41bcb830af
[libFuzzer] make a test more deterministic
...
llvm-svn: 279686
2016-08-24 23:10:17 +00:00
Kostya Serebryany
bceadcf1cd
[libFuzzer] use __attribute__((target("popcnt"))) only on x86_64
...
llvm-svn: 279601
2016-08-24 01:38:42 +00:00
Kostya Serebryany
ac524cfcce
[libFuzzer] collect 64 states for value profile, not 65
...
llvm-svn: 279588
2016-08-23 23:37:37 +00:00
Kostya Serebryany
a533e514b8
[libFuzzer] fix the non-debug build warnings
...
llvm-svn: 279321
2016-08-19 20:57:09 +00:00
Kostya Serebryany
32661f9d66
[libFuzzer] add more __attribute__((visibility("default")))
...
llvm-svn: 279143
2016-08-18 20:52:52 +00:00
Kostya Serebryany
524c3f32e7
[sanitizer-coverage/libFuzzer] instrument comparisons with __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer
...
llvm-svn: 279027
2016-08-18 01:25:28 +00:00
Kostya Serebryany
5a5d5548f0
[libFuzzer] force proper popcnt instruction
...
llvm-svn: 279002
2016-08-17 23:09:57 +00:00
Kostya Serebryany
e72774dd69
[libFuzzer] given 0 and 255 more preference when inserting repeated bytes
...
llvm-svn: 278986
2016-08-17 21:50:54 +00:00
Kostya Serebryany
0c537b124c
[libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage from r278970
...
llvm-svn: 278982
2016-08-17 21:30:30 +00:00
Kostya Serebryany
a9a548049a
[libFuzzer] when printing the reproducer input, also print the base input and the mutation sequence
...
llvm-svn: 278975
2016-08-17 20:45:23 +00:00