Commit Graph

47 Commits

Author SHA1 Message Date
Kostya Serebryany f64b8487f9 [libFuzzer] simplify the handling of memmem/strstr
llvm-svn: 307977
2017-07-14 00:06:27 +00:00
George Karpenkov cf26a86601 [libFuzzer] NFC Declare LIBFUZZER_FLAGS_BASE outside of an if-block
The current code relies on the assumption that tests are included only
if LLVM_USE_SANITIZE_COVERAGE is enabled.
This commit makes it easier to relax the assumption in the future, as
the variable LIBFUZZER_FLAGS_BASE is used further in libFuzzer tests.

Differential Revision: https://reviews.llvm.org/D35314

llvm-svn: 307825
2017-07-12 18:16:09 +00:00
Kuba Mracek 71c4043ae9 [libFuzzer] Always build libFuzzer
There are two reasons why users might want to build libfuzzer:
- To fuzz LLVM itself
- To get the libFuzzer.a archive file, so that they can attach it to their code
This change always builds libfuzzer, and supports the second use case if the specified flag is set.

The point of this patch is to have something that can potentially be shipped with the compiler, and this also ensures that the version of libFuzzer is correct to use with that compiler.

Patch by George Karpenkov.

Differential Revision: https://reviews.llvm.org/D32096

llvm-svn: 301054
2017-04-21 22:38:24 +00:00
Kuba Mracek c3ecc4b314 Fixup for r301007: Restrict the -D hack to Darwin.
llvm-svn: 301017
2017-04-21 18:19:56 +00:00
Kuba Mracek 81acbf3daa Revert r301010: Bot failures on Windows, NetBSD and even some old Darwin.
llvm-svn: 301012
2017-04-21 18:02:22 +00:00
Kuba Mracek a0ab8c2e40 [libFuzzer] Always build libFuzzer
There are two reasons why users might want to build libfuzzer:
- To fuzz LLVM itself
- To get the libFuzzer.a archive file, so that they can attach it to their code
This change always builds libfuzzer, and supports the second use case if the specified flag is set.

The point of this patch is to have something that can potentially be shipped with the compiler, and this also ensures that the version of libFuzzer is correct to use with that compiler.

Patch by George Karpenkov.

Differential Revision: https://reviews.llvm.org/D32096

llvm-svn: 301010
2017-04-21 17:47:44 +00:00
Kuba Mracek 309182a7d3 [libFuzzer] Changing thread_local to __thread in libFuzzer
Old Apple compilers do not support thread_local keyword. This patch adds -Dthread_local=__thread when the compiler doesn't support thread_local.

Differential Revision: https://reviews.llvm.org/D32312

llvm-svn: 301007
2017-04-21 17:39:50 +00:00
Kuba Mracek 7fe92fc521 Revert r300789: There are Windows bot failures.
llvm-svn: 300794
2017-04-19 23:44:33 +00:00
Kuba Mracek a89fd60a91 [libFuzzer] Always build libFuzzer
There are two reasons why users might want to build libfuzzer:
- To fuzz LLVM itself
- To get the libFuzzer.a archive file, so that they can attach it to their code
This change always builds libfuzzer, and supports the second use case if the specified flag is set.

The point of this patch is to have something that can potentially be shipped with the compiler, and this also ensures that the version of libFuzzer is correct to use with that compiler.

Differential Revision: https://reviews.llvm.org/D32096

llvm-svn: 300789
2017-04-19 23:34:08 +00:00
Kostya Serebryany 6ca44f9161 [libFuzzer] create experimental support for user-provided coverage signal
llvm-svn: 298654
2017-03-23 22:43:12 +00:00
Eric Fiselier 87c87f4c30 [CMake] Fix pthread handling for out-of-tree builds
LLVM defines `PTHREAD_LIB` which is used by AddLLVM.cmake and various projects
to correctly link the threading library when needed. Unfortunately
`PTHREAD_LIB` is defined by LLVM's `config-ix.cmake` file which isn't installed
and therefore can't be used when configuring out-of-tree builds. This causes
such builds to fail since `pthread` isn't being correctly linked.

This patch attempts to fix that problem by renaming and exporting
`LLVM_PTHREAD_LIB` as part of`LLVMConfig.cmake`. I renamed `PTHREAD_LIB`
because It seemed likely to cause collisions with downstream users of
`LLVMConfig.cmake`.

llvm-svn: 294690
2017-02-10 01:59:20 +00:00
Marcos Pividori 0ae27e80b0 [libFuzzer] Use dynamic loading for External Functions on Windows.
Replace weak aliases with dynamic loading.
Weak aliases were generating some problems when linking for MT on Windows. For
MT, compiler-rt's libraries are statically linked to the main executable the
same than libFuzzer, so if we use weak aliases, we are providing two different
default implementations for the same weak function and the linker fails.

In this diff I re implement ExternalFunctions() using dynamic loading, so it
works in both cases (MD and MT). Also, dynamic loading is simpler, since we are
not defining any auxiliary external function, and we don't need to deal with
weak aliases.
This is equivalent to the implementation using dlsym(RTLD_DEFAULT, FnName) for
Posix.

Differential revision: https://reviews.llvm.org/D29751

llvm-svn: 294687
2017-02-10 01:35:46 +00:00
Marcos Pividori c8cee28a5b [libFuzzer] Temporarily fix Shmem for Windows.
In this diff, I add stubs for shared memory on Windows. Now we can compile and
use libFuzzer without support for shared memory.

Differential Revision: https://reviews.llvm.org/D29544

llvm-svn: 294376
2017-02-08 00:02:12 +00:00
Kostya Serebryany 98d592cc91 [libFuzzer] experimental support for 'equivalance fuzzing'
llvm-svn: 292646
2017-01-20 20:57:07 +00:00
Kostya Serebryany 035af9b346 [libFuzzer] build libFuzzer itself with asan
llvm-svn: 289469
2016-12-12 20:58:10 +00:00
Kostya Serebryany 111e1d69e3 [libFuzzer] implement crash-resistant merge (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests).
llvm-svn: 289166
2016-12-09 01:17:24 +00:00
Zachary Turner 6fa57ad9bd Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
This resubmits r288529, which was resubmitted because it broke a
fuzzer bot.  According to kcc@ the test that broke was flakey
and it is unlikely to be a result of this patch.

llvm-svn: 288549
2016-12-02 23:02:01 +00:00
Zachary Turner 3cfeab7059 Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
This reverts commit r288529, as it seems to introduce some
problems on the Linux bots.

llvm-svn: 288533
2016-12-02 20:54:56 +00:00
Zachary Turner d755e4f587 [LibFuzzer] Introduce a portable WeakAlias implementation.
Windows doesn't really support weak aliases, but with some
linker magic we can get something that's pretty close on
Windows.  This introduces an interface to accessing weakly
aliased symbols that will work on any platform.  Linker
magic changes to come in a separate patch.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27235

llvm-svn: 288530
2016-12-02 19:41:17 +00:00
Zachary Turner 34dcfb9294 [LibFuzzer] Split FuzzerUtil for Posix and Windows.
Pave the way for separating out platform specific
utility functions into separate files.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27234

llvm-svn: 288529
2016-12-02 19:38:19 +00:00
Zachary Turner 5abac1769f [LibFuzzer] Add Windows implementations of some IO functions.
This patch moves some posix specific file i/o code into a new
file, FuzzerIOPosix.cpp, and provides implementations for these
functions on Windows in FuzzerIOWindows.cpp.  This is another
incremental step towards getting libfuzzer working on Windows,
although it still should not be expected to be fully working.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27233

llvm-svn: 288275
2016-11-30 21:44:26 +00:00
Kostya Serebryany bceadcf1cd [libFuzzer] use __attribute__((target("popcnt"))) only on x86_64
llvm-svn: 279601
2016-08-24 01:38:42 +00:00
Kostya Serebryany d46a59fac4 [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage.
llvm-svn: 278839
2016-08-16 19:33:51 +00:00
Dan Liew ed3c9cae49 [LibFuzzer] Fix `-jobs=<N>` where <N> > 1 and the number of workers is > 1 on macOS.
The original `ExecuteCommand()` called `system()` from the C library.
The C library implementation of this on macOS contains a mutex which
serializes calls to `system()`. This prevented the `-jobs=` flag
from running copies of the fuzzing binary in parallel which is
the opposite of what is intended.

To fix this on macOS an alternative implementation of `ExecuteCommand()`
is provided that can be used concurrently. This is provided in
`FuzzerUtilDarwin.cpp` which is guarded to only compile code on Apple
platforms. The existing implementation has been moved to a new file
`FuzzerUtilLinux.cpp` which is guarded to only compile code on Linux.

This commit includes a simple test to check that LibFuzzer is being
executed in parallel when requested.

Differential Revision: https://reviews.llvm.org/D22742

llvm-svn: 278544
2016-08-12 18:29:36 +00:00
Dan Liew d3c33116fd [LibFuzzer] Reimplement how the optional user functions are called.
The motivation for this change is to fix linking issues on OSX.
However this only partially fixes linking issues (the uninstrumented
tests and a few others  won't succesfully link yet).

This change introduces a struct of function pointers
(``fuzzer::ExternalFuntions``) which when initialised will point to the
optional functions if they are available.  Currently these
``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions.

Two implementations of ``fuzzer::ExternalFunctions`` constructor are
provided one for Linux and one for OSX.

The OSX implementation uses ``dlsym()`` because the prior implementation
using weak symbols does not work unless the additional flags are passed
to the linker.

The Linux implementation continues to use weak symbols because the
``dlsym()`` approach does not work unless additional flags are passed
to the linker.

Differential Revision: http://reviews.llvm.org/D20741

llvm-svn: 271491
2016-06-02 05:48:02 +00:00
Dan Liew c752a26428 [LibFuzzer] Emit error if LLVM_USE_SANITIZER is not correctly set.
Previously CMake would successfully configure and compile (with warnings
about ``-fsanitize-coverage=...`` being unused) but the tests LibFuzzer
tests would fail.

Differential Revision: http://reviews.llvm.org/D20662

llvm-svn: 270913
2016-05-26 20:55:09 +00:00
Dan Liew 676892a5d5 [LibFuzzer] Allow LibFuzzer to be built in modes other than RELEASE.
Previously the flags were only being set correctly when the
build type was "Release". Now the build should work properly
for all the supported build types. When building libFuzzer
the optimization level respects whatever is used for the
rest of LLVM but for the LibFuzzer tests we force -O0.

Differential Revision: http://reviews.llvm.org/D20558

llvm-svn: 270912
2016-05-26 20:55:05 +00:00
Kostya Serebryany 8b0d90a6d4 [libFuzzer] simplify FuzzerInterface.h
llvm-svn: 269448
2016-05-13 18:04:35 +00:00
Kostya Serebryany 4394b31e1d [libFuzzer] add -Werror for libFuzzer build rule
llvm-svn: 262517
2016-03-02 21:08:16 +00:00
Kostya Serebryany f84df30e4f [libFuzzer] remove FuzzerSanitizerOptions.cpp
llvm-svn: 262354
2016-03-01 17:46:32 +00:00
Rafael Espindola 5cd721ae12 Refactor duplicated code for linking with pthread.
llvm-svn: 262344
2016-03-01 15:54:40 +00:00
Kostya Serebryany da63c1d09a [libFuzzer] initial implementation of path coverage based on -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds
llvm-svn: 262073
2016-02-26 21:33:56 +00:00
Kostya Serebryany 90bcdb512b [libFuzzer] fix the libFuzzer bot
llvm-svn: 261184
2016-02-18 02:02:40 +00:00
Peter Collingbourne 16c1978760 Fuzzer: Fix library dependencies.
Newer versions of libstdc++ (4.9+), as well as libc++, depend directly on
libpthread from the standard library headers, so libfuzzer needs to declare
a standard library dependency.

llvm-svn: 255745
2015-12-16 02:14:57 +00:00
Kostya Serebryany f342459aa4 [lib/Fuzzer] extend the fuzzer interface to allow user-supplied mutators
llvm-svn: 238059
2015-05-22 22:35:31 +00:00
Kostya Serebryany 96eab65d81 [lib/Fuzzer] Add SHA1 implementation from public domain.
Summary:
This adds a SHA1 implementation taken from public domain code.
The change is trivial, but as it involves third-party code I'd like
a second pair of eyes before commit.

LibFuzzer can not use SHA1 from openssl because openssl may not be available
and because we may be fuzzing openssl itself.
Using sha1sum via a pipe is too slow.

Test Plan: n/a

Reviewers: chandlerc

Reviewed By: chandlerc

Subscribers: majnemer, llvm-commits

Differential Revision: http://reviews.llvm.org/D9733

llvm-svn: 237400
2015-05-14 22:41:49 +00:00
Kostya Serebryany 225262562f [lib/Fuzzer] rename FuzzerDFSan.cpp to FuzzerTraceState.cpp; update comments. NFC expected
llvm-svn: 237050
2015-05-11 21:16:27 +00:00
Aaron Ballman f77031f99d Removing a spurious space; NFC.
llvm-svn: 234168
2015-04-06 16:09:13 +00:00
Kostya Serebryany 16d03bd051 DFSan-based fuzzer (proof of concept).
Summary:
This adds a simple DFSan-based (i.e. taint-guided) fuzzer mutator,
see the comments for details.

Test Plan: a test added

Reviewers: samsonov, pcc

Reviewed By: samsonov, pcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D8669

llvm-svn: 233613
2015-03-30 22:09:51 +00:00
Kostya Serebryany 016852c396 [fuzzer] split main() into FuzzerDriver() that takes a callback as a parameter and a tiny main() in a separate file
llvm-svn: 229882
2015-02-19 18:45:37 +00:00
Kostya Serebryany db4d645714 [fuzzer] move default sanitizer options to a separate file
llvm-svn: 228429
2015-02-06 19:52:07 +00:00
Kostya Serebryany 71672552db [fuzzer] Add a gtest-style test
Summary: Add one gtest-style test.

Test Plan: run on bot

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7287

llvm-svn: 227639
2015-01-30 23:26:57 +00:00
Kostya Serebryany 2c1b33b897 [fuzzer] add -use_full_coverage_set=1 which solves FullCoverageSetTest. This does not scale very well yet, but might be a good start.
llvm-svn: 227507
2015-01-29 23:01:07 +00:00
Aaron Ballman ef11698cac Reverting r227452, which adds back the fuzzer library. Now excluding the fuzzer library based on LLVM_USE_SANITIZE_COVERAGE being set or unset.
llvm-svn: 227464
2015-01-29 16:58:29 +00:00
Aaron Ballman 7b54ed221a Temporarily reverting the fuzzer library as it causes too many build issues for MSVC users. This reverts: 227445, 227395, 227389, 227357, 227254, 227252
llvm-svn: 227452
2015-01-29 15:49:22 +00:00
Kostya Serebryany a8fbcf0c1f Add lit-style tests for the Fuzzer library
Summary: Add test targets and the lit-style runner.

Test Plan: Run the tests on bot.

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7217

llvm-svn: 227389
2015-01-28 22:49:25 +00:00
Kostya Serebryany d53b43fe11 Add a Fuzzer library
Summary:
A simple genetic in-process coverage-guided fuzz testing library.

I've used this fuzzer to test clang-format
(it found 12+ bugs, thanks djasper@ for the fixes!)
and it may also help us test other parts of LLVM.
So why not keep it in the LLVM repository?

I plan to add the cmake build rules later (in a separate patch, if that's ok)
and also add a clang-format-fuzzer target.

See README.txt for details.

Test Plan: Tests will follow separately.

Reviewers: djasper, chandlerc, rnk

Reviewed By: rnk

Subscribers: majnemer, ygribov, dblaikie, llvm-commits

Differential Revision: http://reviews.llvm.org/D7184

llvm-svn: 227252
2015-01-27 22:08:41 +00:00