maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
232,123 Commits 23 Branches 0 Tags 2.2 GiB
Commit Graph

108 Commits

Author SHA1 Message Date
Mike Aizatsky af432a45e3 [libfuzzer] Trying random unit prefixes during corpus load. 
Differential Revision: http://reviews.llvm.org/D20301

llvm-svn: 270632
 2016-05-24 23:14:29 +00:00
Dan Liew 3868e468fe [LibFuzzer] 
Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX.

Under Mac OSX we intercept calls to malloc before thread local
storage is initialised leading to a crash when accessing
``AllocTracer``. To workaround this ``AllocTracer`` is only accessed
in the hook under Linux. For symmetry ``__sanitizer_free_hook()``
is also modified in the same way.

To support this change a set of new macros
LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be
used to check the target being compiled for.

Differential Revision: http://reviews.llvm.org/D20402

llvm-svn: 270145
 2016-05-19 22:00:33 +00:00
Kostya Serebryany 8b0d90a6d4 [libFuzzer] simplify FuzzerInterface.h 
llvm-svn: 269448
 2016-05-13 18:04:35 +00:00
Mike Aizatsky 1aa501e7e8 [libfuzzer] Refactoring coverage state-management code. 
It is now less state-dependent and will allow easier comparing of
coverages of different units.

Differential Revision: http://reviews.llvm.org/D20085

llvm-svn: 269140
 2016-05-10 23:43:15 +00:00
Kostya Serebryany 8b8f7a3cda [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print the OOM reproducer. 
llvm-svn: 268821
 2016-05-06 23:38:07 +00:00
Kostya Serebryany 52b394e981 [libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMs 
llvm-svn: 268807
 2016-05-06 21:58:35 +00:00
Kostya Serebryany baf7fd0b16 [libFuzzer] print stats after running individual inputs 
llvm-svn: 268547
 2016-05-04 20:44:50 +00:00
Kostya Serebryany 2fe9304d62 [libFuzzer] enable detect_leaks=1, add proper docs 
llvm-svn: 268088
 2016-04-29 18:49:55 +00:00
Kostya Serebryany 7018a1aaa4 [libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak 
llvm-svn: 267770
 2016-04-27 19:52:34 +00:00
Kostya Serebryany 9ba19182be [libFuzzer] remove dead code 
llvm-svn: 267455
 2016-04-25 19:41:45 +00:00
Kostya Serebryany 1bfd583d82 [libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, it will help finding leaks while fuzzing 
llvm-svn: 266838
 2016-04-20 00:24:21 +00:00
Kostya Serebryany ebb932d060 [libFuzzer] try to print correct time in seconds when reporting a timeout. Don't report timeouts while still loading the corpus. 
llvm-svn: 266693
 2016-04-18 22:50:39 +00:00
Kostya Serebryany f389ae12c1 [libFuzzer] handle SIGTERM 
llvm-svn: 264338
 2016-03-24 21:03:58 +00:00
Kostya Serebryany 49e409068a [libFuzzer] add a flag close_fd_mask so that we can silence spammy targets by closing stderr/stdout 
llvm-svn: 263831
 2016-03-18 20:58:29 +00:00
Kostya Serebryany 945761b8c2 [libFuzzer] improve -merge functionality 
llvm-svn: 263769
 2016-03-18 00:23:29 +00:00
Kostya Serebryany c5575aabd6 [libFuzzer] deprecate several flags 
llvm-svn: 263739
 2016-03-17 19:59:39 +00:00
Kostya Serebryany 64d24578d8 [libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes. 
llvm-svn: 263323
 2016-03-12 01:57:04 +00:00
Kostya Serebryany 3d95dd9149 [libFuzzer] deprecate exit_on_first flag 
llvm-svn: 262417
 2016-03-01 22:33:14 +00:00
Kostya Serebryany 228d5b1ce4 [libFuzzer] add generic signal handlers so that libFuzzer can report at least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. 
llvm-svn: 262415
 2016-03-01 22:19:21 +00:00
Kostya Serebryany 66ff0756e4 [libFuzzer] add -print_final_stats=1 flag 
llvm-svn: 262084
 2016-02-26 22:42:23 +00:00
Kostya Serebryany da63c1d09a [libFuzzer] initial implementation of path coverage based on -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds 
llvm-svn: 262073
 2016-02-26 21:33:56 +00:00
Kostya Serebryany a35f7d383f [libFuzzer] only read MaxLen bytes from every file in the corpus to speedup loading the corpus 
llvm-svn: 261267
 2016-02-18 21:49:10 +00:00
Kostya Serebryany 8a5bef0fcf [libFuzzer] remove std::vector operations from hot paths, NFC 
llvm-svn: 260829
 2016-02-13 17:56:51 +00:00
Kostya Serebryany 1deb0498f5 [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast 
llvm-svn: 260810
 2016-02-13 06:24:18 +00:00
Kostya Serebryany 23194963f7 [libFuzzer] simplify CTOR of MutationDispatcher 
llvm-svn: 260800
 2016-02-13 03:46:26 +00:00
Kostya Serebryany 292cf0379c [libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC) 
llvm-svn: 260799
 2016-02-13 03:37:24 +00:00
Kostya Serebryany 7ec0c56e07 [libFuzzer] get rid of UserSuppliedFuzzer; NFC 
llvm-svn: 260798
 2016-02-13 03:25:16 +00:00
Kostya Serebryany a399221c32 [libFuzzer] simplify the code around Random. NFC 
llvm-svn: 260797
 2016-02-13 03:00:53 +00:00
Kostya Serebryany ecab57b3ce [libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea). 
llvm-svn: 260796
 2016-02-13 02:39:30 +00:00
Kostya Serebryany bfbe7fc404 [libFuzzer] allow passing 1 or more files as individual inputs 
llvm-svn: 259459
 2016-02-02 03:03:47 +00:00
Kostya Serebryany 54a6363a8f [libFuzzer] add -timeout_exitcode option 
llvm-svn: 259265
 2016-01-29 23:30:07 +00:00
Kostya Serebryany 9768e7f06b [libFuzzer] add -abort_on_timeout option 
llvm-svn: 258631
 2016-01-23 19:34:19 +00:00
Kostya Serebryany 160dcba81f [libFuzzer] add more fields to DictionaryEntry to count the number of uses and successes 
llvm-svn: 258589
 2016-01-22 23:55:14 +00:00
Ivan Krasin df91910bd4 Use std::piecewise_constant_distribution instead of ad-hoc binary search. 
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.

Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed.

Reviewers: aizatsky, kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D16487

llvm-svn: 258571
 2016-01-22 22:28:27 +00:00
Ivan Krasin d84f74cab7 Revert r258473 as it's breaking the build with libc++ 
Reviewers: kcc

Differential Revision: http://reviews.llvm.org/D16441

llvm-svn: 258479
 2016-01-22 03:21:52 +00:00
Ivan Krasin b008fd4d89 Use std::piecewise_constant_distribution instead of ad-hoc binary search. 
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.

Note: I had to change the seed for one test to make it pass. Alternatively,
the number of runs could be increased. I believe that the average time of
'foo' discovery is not increased, just seed=1 was particularly convenient
for the previous PRNG scheme used.

Reviewers: aizatsky, kcc

Subscribers: llvm-commits, kcc

Differential Revision: http://reviews.llvm.org/D16419

llvm-svn: 258473
 2016-01-22 01:32:34 +00:00
Kostya Serebryany 476f0ce31a [libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path 
llvm-svn: 257985
 2016-01-16 03:53:32 +00:00
Kostya Serebryany aca7696f4d [libFuzzer] introduce LLVMFuzzerInitialize 
llvm-svn: 257980
 2016-01-16 01:23:12 +00:00
Kostya Serebryany 628bc3ec00 [libFuzzer] move some code from public interface header to a non-public header. NFC 
llvm-svn: 257963
 2016-01-16 00:04:36 +00:00
Kostya Serebryany ae5b9567bc [libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) 
llvm-svn: 257873
 2016-01-15 06:24:05 +00:00
Kostya Serebryany 98abb2c90a [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations 
llvm-svn: 257713
 2016-01-13 23:46:01 +00:00
Kostya Serebryany d50a3eedb4 [libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) 
llvm-svn: 257701
 2016-01-13 23:02:30 +00:00
Kostya Serebryany 4174005622 [libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries 
llvm-svn: 257435
 2016-01-12 02:36:59 +00:00
Kostya Serebryany b65805a939 [libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary 
llvm-svn: 257248
 2016-01-09 03:08:58 +00:00
Mike Aizatsky 8b11f877e4 [libfuzzer] print_new_cov_pcs experimental option. 
Differential Revision: http://reviews.llvm.org/D15901

llvm-svn: 256882
 2016-01-06 00:21:22 +00:00
Kostya Serebryany 27ab2d759f [libFuzzer] make CrossOver just one of the other mutations 
llvm-svn: 256081
 2015-12-19 02:49:09 +00:00
Kostya Serebryany 9e48cda9bc [libFuzzer] compute base64 in-process instead of using an external lib. Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 
llvm-svn: 254784
 2015-12-04 22:29:39 +00:00
Kostya Serebryany 2d0ef14f5d [libFuzzer] add a flag -exact_artifact_path 
llvm-svn: 254100
 2015-11-25 21:40:46 +00:00
Mike Aizatsky a9c2387192 output_csv libfuzzer option 
Summary:
The option outputs statistics in CSV format preceded by 1 header line.
This is intended for machine processing of the output.
-verbosity=0 should likely be set.

Differential Revision: http://reviews.llvm.org/D14600

llvm-svn: 252856
 2015-11-12 04:38:40 +00:00
Kostya Serebryany dc3135db05 [libFuzzer] experimental flag -drill (another search heuristic; Mike Aizatsky's idea) 
llvm-svn: 252838
 2015-11-12 01:02:01 +00:00