3c1782f23b
[libfuzzer] splitting fuzzer.test
...
llvm-svn: 271697
2016-06-03 18:05:22 +00:00
fba4a67a32
[LibFuzzer] Disable compiling and running the LibFuzzer dataflow sanitizer tests on Apple platforms.
...
This fixes a broken part of the build on OSX as the dataflow sanitizer is not supported
on OSX yet.
Differential Revision: http://reviews.llvm.org/D20894
llvm-svn: 271492
2016-06-02 05:48:09 +00:00
d3c33116fd
[LibFuzzer] Reimplement how the optional user functions are called.
...
The motivation for this change is to fix linking issues on OSX.
However this only partially fixes linking issues (the uninstrumented
tests and a few others won't succesfully link yet).
This change introduces a struct of function pointers
(``fuzzer::ExternalFuntions``) which when initialised will point to the
optional functions if they are available. Currently these
``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions.
Two implementations of ``fuzzer::ExternalFunctions`` constructor are
provided one for Linux and one for OSX.
The OSX implementation uses ``dlsym()`` because the prior implementation
using weak symbols does not work unless the additional flags are passed
to the linker.
The Linux implementation continues to use weak symbols because the
``dlsym()`` approach does not work unless additional flags are passed
to the linker.
Differential Revision: http://reviews.llvm.org/D20741
llvm-svn: 271491
2016-06-02 05:48:02 +00:00
f6414426f2
[libFuzzer] use __sanitizer_print_memory_profile to print the memory profile on OOM
...
llvm-svn: 271465
2016-06-02 01:33:11 +00:00
f817731a19
[libFuzzer] when an invalid flag is given, warn, but don't crash
...
llvm-svn: 271404
2016-06-01 16:41:12 +00:00
4795210f9c
[libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL caused a push_back in the main corpus invalidating the vector<> iterators in rare cases.
...
llvm-svn: 271186
2016-05-29 15:58:57 +00:00
311cc8378e
[libFuzzer] fix a failure that occurs when running individual inputs
...
llvm-svn: 271095
2016-05-28 04:19:46 +00:00
470d04400e
[libFuzzer] use __sanitizer_set_report_fd with -close_fd_mask. This allows us to keep asan reports when closing target's stderr
...
llvm-svn: 271053
2016-05-27 21:46:22 +00:00
b62e7e31f7
Fix compilation with GCC, which treats this as a constructor name not a type
...
name. (GCC is correct here per the latest language DRs.)
llvm-svn: 271044
2016-05-27 21:05:35 +00:00
8c11fce707
[LibFuzzer] Refactor declaration of tests in CMake.
...
Add a new CMake function (``add_libfuzzer_test()``) to simplify
declaration of executables for testing LibFuzzer and use it to
reorganise how tests are declared.
Note that configuration of the lit configuration files has been moved
as late as possible because we are going to need to disable some tests
for some platforms and we will need to propagate this information into
the lit configuration.
Note the code for custom mains was removed because no tests are
currently written for this and Kostya seems happy to remove this.
Differential Revision: http://reviews.llvm.org/D20706
llvm-svn: 270958
2016-05-27 03:14:40 +00:00
76dacb4ba9
[libFuzzer] make check-fuzzer a bit faster
...
llvm-svn: 270947
2016-05-27 01:12:21 +00:00
0edb563f27
[libFuzzer] make OOM-handling more portable. Instead of sending a signal to the main fuzzing thread, print the message in the getrusage thread and exit.
...
llvm-svn: 270945
2016-05-27 00:54:15 +00:00
8fc3a27c5c
[libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid pointer to read from
...
llvm-svn: 270942
2016-05-27 00:21:33 +00:00
d8384122a3
[libFuzzer] more refactoring around CurrentUnit. Also add a threading test on which we currently have a race (when reporting bugs from multiple threads)
...
llvm-svn: 270929
2016-05-26 22:17:32 +00:00
9551fdd517
[LibFuzzer] Add missing #include<string>
...
This partially fixes the compilation of the LibFuzzer unit test
on OSX using AppleClang.
llvm-svn: 270926
2016-05-26 21:54:25 +00:00
f26017baf9
[libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFC
...
llvm-svn: 270922
2016-05-26 21:32:30 +00:00
c752a26428
[LibFuzzer] Emit error if LLVM_USE_SANITIZER is not correctly set.
...
Previously CMake would successfully configure and compile (with warnings
about ``-fsanitize-coverage=...`` being unused) but the tests LibFuzzer
tests would fail.
Differential Revision: http://reviews.llvm.org/D20662
llvm-svn: 270913
2016-05-26 20:55:09 +00:00
676892a5d5
[LibFuzzer] Allow LibFuzzer to be built in modes other than RELEASE.
...
Previously the flags were only being set correctly when the
build type was "Release". Now the build should work properly
for all the supported build types. When building libFuzzer
the optimization level respects whatever is used for the
rest of LLVM but for the LibFuzzer tests we force -O0.
Differential Revision: http://reviews.llvm.org/D20558
llvm-svn: 270912
2016-05-26 20:55:05 +00:00
4b92326b17
[libFuzzer] when there is a leak in the existing corpus report the reproducer properly
...
llvm-svn: 270905
2016-05-26 20:25:49 +00:00
f1f3f93c9e
[libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended
...
llvm-svn: 270900
2016-05-26 20:03:02 +00:00
e66846ab32
[libfuzzer] replacing unittest for truncate_units with functional test.
...
Differential Revision: http://reviews.llvm.org/D20641
llvm-svn: 270755
2016-05-25 21:00:17 +00:00
ff2e6badbd
[libFuzzer] print stats if we crash on empty input
...
llvm-svn: 270639
2016-05-25 00:15:36 +00:00
af432a45e3
[libfuzzer] Trying random unit prefixes during corpus load.
...
Differential Revision: http://reviews.llvm.org/D20301
llvm-svn: 270632
2016-05-24 23:14:29 +00:00
c8bc8821cb
[libFuzzer] add a license header to afl/afl_driver.cpp
...
llvm-svn: 270598
2016-05-24 19:05:25 +00:00
11565444ca
[LibFuzzer] Fix implementation of ``GetPeakRSSMb()`` on Mac OSX.
...
On Linux ``rusage.ru_maxrss`` is in KiB but on Mac OSX it is in bytes.
Differential Revision: http://reviews.llvm.org/D20410
llvm-svn: 270173
2016-05-20 01:37:54 +00:00
e6ac1fd089
[LibFuzzer] Fix ``NumberOfCpuCores()`` on Mac OSX.
...
The ``nprocs`` command does not exist under Mac OSX so use
``sysctl`` instead on that platform.
Whilst I'm here
* Use ``pclose()`` instead of ``fclose()`` which the ``popen()``
documentation says should be used.
* Check for errors that were previously unhandled.
Differential Revision: http://reviews.llvm.org/D20409
llvm-svn: 270172
2016-05-20 01:30:36 +00:00
3868e468fe
[LibFuzzer]
...
Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX.
Under Mac OSX we intercept calls to malloc before thread local
storage is initialised leading to a crash when accessing
``AllocTracer``. To workaround this ``AllocTracer`` is only accessed
in the hook under Linux. For symmetry ``__sanitizer_free_hook()``
is also modified in the same way.
To support this change a set of new macros
LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be
used to check the target being compiled for.
Differential Revision: http://reviews.llvm.org/D20402
llvm-svn: 270145
2016-05-19 22:00:33 +00:00
a0788e7dd4
[libFuzzer] do the merge faster and a bit less precise
...
llvm-svn: 269497
2016-05-13 22:11:23 +00:00
6289536922
[libFuzzer] print the file name before executing the input so that if there is a crash we know which files has caused it
...
llvm-svn: 269450
2016-05-13 18:10:33 +00:00
8b0d90a6d4
[libFuzzer] simplify FuzzerInterface.h
...
llvm-svn: 269448
2016-05-13 18:04:35 +00:00
781e8da888
[libFuzzer] add a driver file to use AFL on LLVMFuzzerTestOneInput
...
llvm-svn: 269141
2016-05-10 23:46:50 +00:00
1aa501e7e8
[libfuzzer] Refactoring coverage state-management code.
...
It is now less state-dependent and will allow easier comparing of
coverages of different units.
Differential Revision: http://reviews.llvm.org/D20085
llvm-svn: 269140
2016-05-10 23:43:15 +00:00
ca9694ba2c
[libFuzzer] add a test for libFuzzer+ubsan, extend the docs on using libFuzzer+ubsan
...
llvm-svn: 268968
2016-05-09 21:02:36 +00:00
61b07ac75b
[libFuzzer] better document the -merge=1 flag
...
llvm-svn: 268957
2016-05-09 19:11:36 +00:00
8b8f7a3cda
[libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print the OOM reproducer.
...
llvm-svn: 268821
2016-05-06 23:38:07 +00:00
52b394e981
[libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMs
...
llvm-svn: 268807
2016-05-06 21:58:35 +00:00
baf7fd0b16
[libFuzzer] print stats after running individual inputs
...
llvm-svn: 268547
2016-05-04 20:44:50 +00:00
2fe9304d62
[libFuzzer] enable detect_leaks=1, add proper docs
...
llvm-svn: 268088
2016-04-29 18:49:55 +00:00
0e0bcc4bdb
[libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak [part 2]
...
llvm-svn: 267771
2016-04-27 19:52:56 +00:00
7018a1aaa4
[libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak
...
llvm-svn: 267770
2016-04-27 19:52:34 +00:00
9ba19182be
[libFuzzer] remove dead code
...
llvm-svn: 267455
2016-04-25 19:41:45 +00:00
1bfd583d82
[libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, it will help finding leaks while fuzzing
...
llvm-svn: 266838
2016-04-20 00:24:21 +00:00
ebb932d060
[libFuzzer] try to print correct time in seconds when reporting a timeout. Don't report timeouts while still loading the corpus.
...
llvm-svn: 266693
2016-04-18 22:50:39 +00:00
09087bba4d
[libFuzzer] warn if the corpus is empty
...
llvm-svn: 266670
2016-04-18 21:14:11 +00:00
b550cb1750
[NFC] Header cleanup
...
Removed some unused headers, replaced some headers with forward class declarations.
Found using simple scripts like this one:
clear && ack --cpp -l '#include "llvm/ADT/IndexedMap.h"' | xargs grep -L 'IndexedMap[<]' | xargs grep -n --color=auto 'IndexedMap'
Patch by Eugene Kosov <claprix@yandex.ru>
Differential Revision: http://reviews.llvm.org/D19219
From: Mehdi Amini <mehdi.amini@apple.com>
llvm-svn: 266595
2016-04-18 09:17:29 +00:00
b60397f54c
[libFuzzer] add a better warning for command line flags with -- (two dashes)
...
llvm-svn: 266480
2016-04-15 21:56:29 +00:00
e631996350
Remove redundant .c_str(), as suggested by PR25633
...
llvm-svn: 265988
2016-04-11 20:35:17 +00:00
94e29668b0
[libfuzzer] defensive assert
...
llvm-svn: 265866
2016-04-08 23:32:24 +00:00
f13cbee12e
[libfuzzer] adding license headers to cpp files
...
Differential Revision: http://reviews.llvm.org/D18705
llvm-svn: 265174
2016-04-01 18:38:58 +00:00
9e1a238357
[libFuzzer] more docs
...
llvm-svn: 264803
2016-03-29 23:07:36 +00:00
f3ab6d9e10
[libFuzzer] use fflush after every Printf
...
llvm-svn: 264459
2016-03-25 20:31:26 +00:00
f389ae12c1
[libFuzzer] handle SIGTERM
...
llvm-svn: 264338
2016-03-24 21:03:58 +00:00
315167339e
[libFuzzer] don't report memory leaks if we are dying due to a timeout (just use _Exit instead of exit in the timeout callback)
...
llvm-svn: 264237
2016-03-24 01:32:08 +00:00
6278f933a8
[libFuzzer] use fdopen+vfprintf instead of fsnprintf+write
...
llvm-svn: 264230
2016-03-24 00:57:32 +00:00
49e409068a
[libFuzzer] add a flag close_fd_mask so that we can silence spammy targets by closing stderr/stdout
...
llvm-svn: 263831
2016-03-18 20:58:29 +00:00
d96b0c14fb
[Fuzzer] Guard no_sanitize_memory attributes behind __has_feature.
...
Otherwise GCC fails to build it because it doesn't know the attribute.
llvm-svn: 263787
2016-03-18 14:19:19 +00:00
c43b584c1c
[libFuzzer] read corpus dirs recursively
...
llvm-svn: 263773
2016-03-18 01:36:00 +00:00
945761b8c2
[libFuzzer] improve -merge functionality
...
llvm-svn: 263769
2016-03-18 00:23:29 +00:00
c5575aabd6
[libFuzzer] deprecate several flags
...
llvm-svn: 263739
2016-03-17 19:59:39 +00:00
23dbc390af
[libFuzzer] add __attribute__((no_sanitize_memory)) to two functions that may be called from signal handler(s) or from msan. This will hopefully avoid msan false reports which I can't reproduce
...
llvm-svn: 263737
2016-03-17 19:42:35 +00:00
298516ffa9
[libfuzzer] speeding up corpus load
...
llvm-svn: 263591
2016-03-15 21:47:21 +00:00
0c5e3af862
[libFuzzer] use max_len exactly equal to the max size of input. Fix 32-bit build
...
llvm-svn: 263518
2016-03-15 01:28:00 +00:00
64d24578d8
[libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes.
...
llvm-svn: 263323
2016-03-12 01:57:04 +00:00
243fe2b3a0
[libfuzzer] adding std:string to allowed adaptable argument.
...
llvm-svn: 262757
2016-03-04 23:18:01 +00:00
5c3701c621
[libFuzzer] log less when re-loading files; fix a silly bug: when running single files actually run all of them, not just the first one
...
llvm-svn: 262754
2016-03-04 22:35:40 +00:00
b8627a89a6
[libfuzzer] arbitrary function adapter.
...
The adapter automates converting sequence of bytes into arbitrary
arguments.
Differential Revision: http://reviews.llvm.org/D17829
llvm-svn: 262673
2016-03-03 23:45:29 +00:00
e483ed2825
[libFuzzer] when interrupted, call _Exit() instead of exit()
...
llvm-svn: 262667
2016-03-03 22:36:37 +00:00
4394b31e1d
[libFuzzer] add -Werror for libFuzzer build rule
...
llvm-svn: 262517
2016-03-02 21:08:16 +00:00
2eed1218e5
libfuzzer: fix compiler warnings
...
- unused sigaction/setitimer result (used in assert)
- unchecked fscanf return value
- signed/unsigned comparison
llvm-svn: 262472
2016-03-02 09:54:40 +00:00
3d95dd9149
[libFuzzer] deprecate exit_on_first flag
...
llvm-svn: 262417
2016-03-01 22:33:14 +00:00
228d5b1ce4
[libFuzzer] add generic signal handlers so that libFuzzer can report at least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag.
...
llvm-svn: 262415
2016-03-01 22:19:21 +00:00
f84df30e4f
[libFuzzer] remove FuzzerSanitizerOptions.cpp
...
llvm-svn: 262354
2016-03-01 17:46:32 +00:00
5cd721ae12
Refactor duplicated code for linking with pthread.
...
llvm-svn: 262344
2016-03-01 15:54:40 +00:00
bf821db932
[libFuzzer] fixing the bot
...
llvm-svn: 262106
2016-02-27 03:14:23 +00:00
2d4f8f168b
[libFuzzer] speedup path coverage handling
...
llvm-svn: 262102
2016-02-27 01:50:16 +00:00
66ff0756e4
[libFuzzer] add -print_final_stats=1 flag
...
llvm-svn: 262084
2016-02-26 22:42:23 +00:00
da63c1d09a
[libFuzzer] initial implementation of path coverage based on -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds
...
llvm-svn: 262073
2016-02-26 21:33:56 +00:00
a35f7d383f
[libFuzzer] only read MaxLen bytes from every file in the corpus to speedup loading the corpus
...
llvm-svn: 261267
2016-02-18 21:49:10 +00:00
90bcdb512b
[libFuzzer] fix the libFuzzer bot
...
llvm-svn: 261184
2016-02-18 02:02:40 +00:00
cfbcf9097d
[libFuzzer] don't timeout when loading the corpus. Be a bit more verbose when loading large corpus.
...
llvm-svn: 261143
2016-02-17 19:42:34 +00:00
8a5bef0fcf
[libFuzzer] remove std::vector operations from hot paths, NFC
...
llvm-svn: 260829
2016-02-13 17:56:51 +00:00
1deb0498f5
[libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast
...
llvm-svn: 260810
2016-02-13 06:24:18 +00:00
29bcb9f54e
[libFuzzer] remove the C++-ish variant of FuzzerDriver from the interface
...
llvm-svn: 260801
2016-02-13 03:59:26 +00:00
23194963f7
[libFuzzer] simplify CTOR of MutationDispatcher
...
llvm-svn: 260800
2016-02-13 03:46:26 +00:00
292cf0379c
[libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC)
...
llvm-svn: 260799
2016-02-13 03:37:24 +00:00
7ec0c56e07
[libFuzzer] get rid of UserSuppliedFuzzer; NFC
...
llvm-svn: 260798
2016-02-13 03:25:16 +00:00
a399221c32
[libFuzzer] simplify the code around Random. NFC
...
llvm-svn: 260797
2016-02-13 03:00:53 +00:00
ecab57b3ce
[libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea).
...
llvm-svn: 260796
2016-02-13 02:39:30 +00:00
22cc5e2375
[libFuzzer] provide a plain C interface for custom mutators (experimental)
...
llvm-svn: 260794
2016-02-13 02:29:38 +00:00
9d14e4bb15
[libFuzzer] make -runs=N flag also affect the simple runner (will execute every input N times)
...
llvm-svn: 260649
2016-02-12 02:32:03 +00:00
fcb06b4aa5
[libfuzzer] Removing coverage-related flags from asan options.
...
Summary:
Reasons to remove are twofold:
- we don't really need coverage=1 for libfuzzer operation
- makes controlling coverage for fuzzer processes non-trivial.
Differential Revision: http://reviews.llvm.org/D17168
llvm-svn: 260611
2016-02-11 22:20:34 +00:00
ce925c580e
[libFuzzer] hot fix a test
...
llvm-svn: 259732
2016-02-04 00:12:28 +00:00
b92602ada0
[libFuzzer] don't write the test unit when a leak is detected (since we don't know which unit causes the leak)
...
llvm-svn: 259731
2016-02-04 00:02:17 +00:00
d88d1305c4
[libFuzzer] don't create too many trace-based mutations as it may be too slow
...
llvm-svn: 259600
2016-02-02 23:17:45 +00:00
bfbe7fc404
[libFuzzer] allow passing 1 or more files as individual inputs
...
llvm-svn: 259459
2016-02-02 03:03:47 +00:00
078e984d8d
[libFuzzer] fail if the corpus dir does not exist
...
llvm-svn: 259454
2016-02-02 02:07:26 +00:00
54a6363a8f
[libFuzzer] add -timeout_exitcode option
...
llvm-svn: 259265
2016-01-29 23:30:07 +00:00
085ca4131f
[libFuzzer] re-enable test for -abort_on_timeout=1, this time protecting from ASAN_OPTIONS set outside
...
llvm-svn: 259263
2016-01-29 23:19:00 +00:00
d7785e75f3
Temporary disable broken fuzzer/timeout tests.
...
Reviewers: kcc
Differential Revision: http://reviews.llvm.org/D16543
llvm-svn: 258702
2016-01-25 19:05:45 +00:00
9768e7f06b
[libFuzzer] add -abort_on_timeout option
...
llvm-svn: 258631
2016-01-23 19:34:19 +00:00
Mike Aizatsky