maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
221,330 Commits 23 Branches 0 Tags 2.2 GiB
Commit Graph

90 Commits

Author SHA1 Message Date
Kostya Serebryany 54a6363a8f [libFuzzer] add -timeout_exitcode option 
llvm-svn: 259265
 2016-01-29 23:30:07 +00:00
Kostya Serebryany 085ca4131f [libFuzzer] re-enable test for -abort_on_timeout=1, this time protecting from ASAN_OPTIONS set outside 
llvm-svn: 259263
 2016-01-29 23:19:00 +00:00
Ivan Krasin d7785e75f3 Temporary disable broken fuzzer/timeout tests. 
Reviewers: kcc

Differential Revision: http://reviews.llvm.org/D16543

llvm-svn: 258702
 2016-01-25 19:05:45 +00:00
Kostya Serebryany 9768e7f06b [libFuzzer] add -abort_on_timeout option 
llvm-svn: 258631
 2016-01-23 19:34:19 +00:00
Ivan Krasin df91910bd4 Use std::piecewise_constant_distribution instead of ad-hoc binary search. 
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.

Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed.

Reviewers: aizatsky, kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D16487

llvm-svn: 258571
 2016-01-22 22:28:27 +00:00
Ivan Krasin d84f74cab7 Revert r258473 as it's breaking the build with libc++ 
Reviewers: kcc

Differential Revision: http://reviews.llvm.org/D16441

llvm-svn: 258479
 2016-01-22 03:21:52 +00:00
Ivan Krasin b008fd4d89 Use std::piecewise_constant_distribution instead of ad-hoc binary search. 
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.

Note: I had to change the seed for one test to make it pass. Alternatively,
the number of runs could be increased. I believe that the average time of
'foo' discovery is not increased, just seed=1 was particularly convenient
for the previous PRNG scheme used.

Reviewers: aizatsky, kcc

Subscribers: llvm-commits, kcc

Differential Revision: http://reviews.llvm.org/D16419

llvm-svn: 258473
 2016-01-22 01:32:34 +00:00
Kostya Serebryany 311f27c0a8 [libFuzzer] use std::mt19937 for generating random numbers by default. Fix MyStoll to handle negative values. Use std::any_of instead of std::find_if 
llvm-svn: 258178
 2016-01-19 20:33:57 +00:00
Kostya Serebryany 476f0ce31a [libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path 
llvm-svn: 257985
 2016-01-16 03:53:32 +00:00
Kostya Serebryany aca7696f4d [libFuzzer] introduce LLVMFuzzerInitialize 
llvm-svn: 257980
 2016-01-16 01:23:12 +00:00
Kostya Serebryany ae5b9567bc [libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) 
llvm-svn: 257873
 2016-01-15 06:24:05 +00:00
Kostya Serebryany 4b35874b2a [libFuzzer] suggest a dictionary to the user of some of the trace-based dictionary entries were successful 
llvm-svn: 257736
 2016-01-14 02:36:44 +00:00
Kostya Serebryany d50a3eedb4 [libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) 
llvm-svn: 257701
 2016-01-13 23:02:30 +00:00
Kostya Serebryany b65805a939 [libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary 
llvm-svn: 257248
 2016-01-09 03:08:58 +00:00
Kostya Serebryany c573316eee [libFuzzer] don't limit memcmp tracing with 8 bytes 
llvm-svn: 257245
 2016-01-09 01:39:55 +00:00
Kostya Serebryany 152ac7ad70 [libFuzzer] add a position hint to the dictionary-based mutator 
llvm-svn: 257013
 2016-01-07 01:49:35 +00:00
Mike Aizatsky 8b11f877e4 [libfuzzer] print_new_cov_pcs experimental option. 
Differential Revision: http://reviews.llvm.org/D15901

llvm-svn: 256882
 2016-01-06 00:21:22 +00:00
Kostya Serebryany 226b734d73 [libFuzzer] make trace-based fuzzing not crash in presence of threads 
llvm-svn: 256876
 2016-01-06 00:03:35 +00:00
Kostya Serebryany bf65644c97 [libFuzzer] split the tests to run them in parallel, remove one redundant test 
llvm-svn: 256085
 2015-12-19 03:35:30 +00:00
Kostya Serebryany 27ab2d759f [libFuzzer] make CrossOver just one of the other mutations 
llvm-svn: 256081
 2015-12-19 02:49:09 +00:00
Mike Aizatsky a1a5c69b57 [LibFuzzer] Introducing FUZZER_FLAG_UNSIGNED and using it for seeding. 
Differential Revision: http://reviews.llvm.org/D15339

done

llvm-svn: 255296
 2015-12-10 20:41:53 +00:00
Kostya Serebryany 9e48cda9bc [libFuzzer] compute base64 in-process instead of using an external lib. Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 
llvm-svn: 254784
 2015-12-04 22:29:39 +00:00
Mike Aizatsky 71552ce64b Libfuzzer: do not pass null into user function 
Differential Revision: http://reviews.llvm.org/D15098

llvm-svn: 254558
 2015-12-02 22:43:53 +00:00
Kostya Serebryany fba04273b7 [libFuzzer] add a test that is built with -fsanitize-coverage=trace-bb 
llvm-svn: 254484
 2015-12-02 02:49:37 +00:00
Kostya Serebryany 2d0ef14f5d [libFuzzer] add a flag -exact_artifact_path 
llvm-svn: 254100
 2015-11-25 21:40:46 +00:00
Kostya Serebryany dc3135db05 [libFuzzer] experimental flag -drill (another search heuristic; Mike Aizatsky's idea) 
llvm-svn: 252838
 2015-11-12 01:02:01 +00:00
Kostya Serebryany b7e286bed7 [libFuzzer] add UninstrumentedTest.cpp (missing from a previous commit) 
llvm-svn: 252658
 2015-11-10 22:02:56 +00:00
Kostya Serebryany 5eab74e9bc [libFuzzer] make libFuzzer link if there is no sanitizer coverage instrumentation (it will fail at start-up time) 
llvm-svn: 252533
 2015-11-09 23:17:45 +00:00
Kostya Serebryany 9cc3b0ddb6 [libFuzzer] add -merge flag to merge corpora 
llvm-svn: 251168
 2015-10-24 01:16:40 +00:00
Kostya Serebryany 2e9fca9f88 [libFuzzer] use the indirect caller-callee counter as an independent search heuristic 
llvm-svn: 251078
 2015-10-22 23:55:39 +00:00
Kostya Serebryany b36025619c [libFuzzer] remove the deprecated 'tokens' feature 
llvm-svn: 251069
 2015-10-22 21:48:09 +00:00
Kostya Serebryany d6edce97fb [libFuzzer] print a stack trace on timeout 
llvm-svn: 250571
 2015-10-16 23:04:31 +00:00
Kostya Serebryany b91c62b1f3 [libFuzzer] When -test_single_input crashes the test it is not necessary to write crash-file because input is already known to the user. Patch by Mike Aizatsky 
llvm-svn: 250564
 2015-10-16 22:41:47 +00:00
Kostya Serebryany bd5d1cdbb9 [libFuzzer] add -artifact_prefix flag 
llvm-svn: 249807
 2015-10-09 03:57:59 +00:00
Kostya Serebryany 20bb5e71b2 [libFuzzer] make LLVMFuzzerTestOneInput (the fuzzer target function) return int instead of void. The actual return value is not *yet* used (and expected to be 0). This change is API breaking, so the fuzzers will need to be updated. 
llvm-svn: 249214
 2015-10-02 23:34:06 +00:00
Kostya Serebryany 65d0a1458f [libFuzzer] remove experimental flag and functionality 
llvm-svn: 249194
 2015-10-02 22:00:32 +00:00
Kostya Serebryany b85db178a0 [libFuzzer] add a flag -max_total_time 
llvm-svn: 249181
 2015-10-02 20:47:55 +00:00
Ivan Krasin 95e82d5b48 [LibFuzzer] test_single_input option to run a single test case. 
-test_single_input flag specifies a file name with test data.

Review URL: http://reviews.llvm.org/D13359

Patch by Mike Aizatsky!

llvm-svn: 249096
 2015-10-01 23:23:06 +00:00
Ivan Krasin a610cb5ba0 [libFuzzer]Add a test for defeating a hash sum. 
Summary:
Add a test for a data followed by 4-byte hash value.
I use a slightly modified Jenkins hash function,
as described in https://en.wikipedia.org/wiki/Jenkins_hash_function

The modification is to ensure that hash(zeros) != 0.

Reviewers: kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D12648

llvm-svn: 247076
 2015-09-08 21:22:52 +00:00
Kostya Serebryany 25425ad920 [libFuzzer] add one more mutator: Mutate_ChangeASCIIInteger 
llvm-svn: 247027
 2015-09-08 17:19:31 +00:00
Kostya Serebryany 7d21166218 [libFuzzer] actually make the dictionaries work (+docs) 
llvm-svn: 246825
 2015-09-04 00:12:11 +00:00
Kostya Serebryany ec2dcb1d91 [libFuzzer] refactor the mutation functions so that they are now methods of a class. NFC 
llvm-svn: 246808
 2015-09-03 21:24:19 +00:00
Kostya Serebryany 9838b2be87 [libFuzzer] adding a parser for AFL-style dictionaries + tests. 
llvm-svn: 246800
 2015-09-03 20:23:46 +00:00
Kostya Serebryany 6ea1b69fcf [libFuzzer] deprecate the -tokens flag. This was a bad idea because the corpus with this flag contains encrypted inputs, not the real inputs, which complicates interoperation with other fuzzers. Instead we'll need to implement AFL dictionary support 
llvm-svn: 246734
 2015-09-02 23:27:39 +00:00
Kostya Serebryany 12c7837381 [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the trace-based-mutations are applied 
llvm-svn: 244712
 2015-08-12 01:55:37 +00:00
Kostya Serebryany 242ca930e8 [libFuzzer] move the mutators to public interface so that custom mutators may reuse these functions directly 
llvm-svn: 244250
 2015-08-06 19:19:55 +00:00
Kostya Serebryany bf29ff2fa5 [libFuzzer] add one more mutation strategy: byte shuffling 
llvm-svn: 244188
 2015-08-06 01:29:13 +00:00
Kostya Serebryany 1ce0035bf0 [libFuzzer] add a missing test file 
llvm-svn: 244151
 2015-08-05 21:32:13 +00:00
Kostya Serebryany 7f4227d59a [libFuzzer] use data-flow feedback from strcmp 
llvm-svn: 244084
 2015-08-05 18:23:01 +00:00
Kostya Serebryany 86a5fba71d [libFuzzer] more refactoring of the Mutator and adding tests to it 
llvm-svn: 243818
 2015-08-01 02:23:06 +00:00