maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
268,582 Commits 23 Branches 0 Tags 2.2 GiB
Commit Graph

60 Commits

Author SHA1 Message Date
Kostya Serebryany 6cdb5a61b5 [libFuzzer] implement more correct way of computing feature index for Inline8bitCounters 
llvm-svn: 309647
 2017-08-01 01:16:26 +00:00
Kostya Serebryany 4f2970037a [libFuzzer] enable -fsanitize-coverage=pc-table for all tests 
llvm-svn: 309646
 2017-08-01 00:48:44 +00:00
Kostya Serebryany b2a1eba2f5 [libFuzzer] implement __sanitizer_cov_pcs_init and add pc-table to build flags for one test (for now) 
llvm-svn: 309615
 2017-07-31 20:20:59 +00:00
Kostya Serebryany f14996b962 [libFuzzer] improve support for inline-8bit-counters (make it more correct and faster) 
llvm-svn: 309443
 2017-07-28 22:00:56 +00:00
Kostya Serebryany 6eab1a8ee6 [libFuzzer] don't disable msan for TracePC::CollectFeatures: this started to cause false positives in msan. No tests for libFuzzer+msan yet -- tests will need to wait until we move libFuzzer to compiler-rt 
llvm-svn: 309038
 2017-07-25 22:05:31 +00:00
Kostya Serebryany e55828c740 [libFuzzer] prototype implementation of recursion-depth coverage features (commented out; real implementation needs to use inlined instrumentation) 
llvm-svn: 308577
 2017-07-20 01:35:17 +00:00
Kostya Serebryany f64b8487f9 [libFuzzer] simplify the handling of memmem/strstr 
llvm-svn: 307977
 2017-07-14 00:06:27 +00:00
Kostya Serebryany f2d4dcb888 [libFuzzer] initial support of -fsanitize-coverage=inline-8bit-counters in libFuzzer. This is not fully functional yet, but simple tests work 
llvm-svn: 305331
 2017-06-13 22:31:21 +00:00
Kostya Serebryany a617e16ff1 [libFuzzer] simplify the code a bit 
llvm-svn: 299180
 2017-03-31 04:17:45 +00:00
Kostya Serebryany af2dfce683 [libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while calling mem*/str* inside libFuzzer itself 
llvm-svn: 299167
 2017-03-31 02:21:28 +00:00
Kostya Serebryany d7d1d517ee [libFuzzer] best effort support for -fsanitize-coverage=trace-pc instrumentation. It is less efficient and precise than -fsanitize-coverage=trace-pc-guard, but still works 
llvm-svn: 299046
 2017-03-30 01:27:20 +00:00
Kostya Serebryany 6ca44f9161 [libFuzzer] create experimental support for user-provided coverage signal 
llvm-svn: 298654
 2017-03-23 22:43:12 +00:00
Kostya Serebryany 7acabdc497 [libFuzzer] inline the code of __sanitizer_cov_trace_pc_guard into it 
llvm-svn: 298032
 2017-03-17 01:45:15 +00:00
Kostya Serebryany f81cc098ca [libFuzzer] remove more stale code 
llvm-svn: 297785
 2017-03-14 21:47:52 +00:00
Kostya Serebryany 24d0016bbd [libFuzzer] don't clear Counters in TracePC::CollectFeatures since they will be cleared anyway in ResetMaps 
llvm-svn: 297783
 2017-03-14 21:40:53 +00:00
Kostya Serebryany 68382d0900 [libFuzzer] reorganize the tracing code to make it easier to experiment with inlined coverage instrumentation. NFC 
llvm-svn: 293928
 2017-02-02 19:56:01 +00:00
Kostya Serebryany 70182deaae [libFuzzer] simplify the value profiling callback further: don't use (idx MOD prime) on the hot path where it is useless anyway 
llvm-svn: 293239
 2017-01-27 00:39:12 +00:00
Kostya Serebryany 7f058972ee [libFuzzer] simplify the value profile code and disable asan/msan on it 
llvm-svn: 293236
 2017-01-27 00:09:59 +00:00
Kostya Serebryany 7856fb36b0 [libFuzzer] further simplify __sanitizer_cov_trace_pc_guard 
llvm-svn: 293128
 2017-01-26 01:34:58 +00:00
Mike Aizatsky 0e37f8e41d [libfuzzer] fixing collected pc addresses for coverage 
Summary: The causes google/ossfuzz#84

Reviewers: kcc

Subscribers: mgorny

Differential Revision: https://reviews.llvm.org/D28827

llvm-svn: 292289
 2017-01-17 23:11:32 +00:00
Kostya Serebryany 1d8c2ce97e [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the code between cmp and memcmp handling) 
llvm-svn: 292287
 2017-01-17 23:09:05 +00:00
Kostya Serebryany 11a22bc39d [libFuzzer] cleaner implementation of -print_pcs=1 
llvm-svn: 290739
 2016-12-30 01:13:07 +00:00
Mike Aizatsky 9b415be1bf [libfuzzer] dump_coverage command line flag 
Reviewers: kcc, vitalybuka

Differential Revision: https://reviews.llvm.org/D27942

llvm-svn: 290138
 2016-12-19 22:18:08 +00:00
Kostya Serebryany 00e638e642 [libFuzzer] when tracing switch statements, handle only one case at a time (to make things faster). Also ensure that the signals from value profile do not intersect with the regular coverage 
llvm-svn: 290031
 2016-12-17 02:03:34 +00:00
Kostya Serebryany f6f82c2cc8 [libFuzzer] fix an UB (invalid shift) spotted by ubsan. The code worked fine by luck, because the way shifts actually work on clang+x86 
llvm-svn: 289607
 2016-12-13 22:49:14 +00:00
Marcos Pividori 178fe58745 [libFuzzer] Clean up headers and file formatting of LibFuzzer files. 
Reorganize #includes to follow LLVM Coding Standards.
Include some missing headers. Required to use `Printf()`.

Aside from that, this patch contains no functional change.
It is purely a re-organization.

Differential Revision: https://reviews.llvm.org/D27363

llvm-svn: 289560
 2016-12-13 17:46:11 +00:00
Kostya Serebryany fe1094b811 [libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( 
llvm-svn: 288731
 2016-12-05 23:35:22 +00:00
Kostya Serebryany 235679181b [libFuzzer] do not initialize parts of TracePC -- let them be initialized by the linker. Add no-msan attribute to the memcmp hook. 
llvm-svn: 286665
 2016-11-11 23:06:53 +00:00
Kostya Serebryany 94c427c23e [libFuzzer] speculatively trying to fix the Mac build; second attempt 
llvm-svn: 285262
 2016-10-27 00:36:38 +00:00
Kostya Serebryany 3d945f6247 [libFuzzer] revert 285259 -- hit commit too soon 
llvm-svn: 285260
 2016-10-27 00:24:34 +00:00
Kostya Serebryany 15cd6b4b10 [libFuzzer] speculatively trying to fix the Mac build 
llvm-svn: 285259
 2016-10-27 00:22:39 +00:00
Kostya Serebryany 2fabecaee3 [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once 
llvm-svn: 285223
 2016-10-26 18:52:04 +00:00
Kostya Serebryany 06b8757b57 [libFuzzer] simplify the code in TracePC::HandleTrace a bit more 
llvm-svn: 285147
 2016-10-26 00:42:52 +00:00
Kostya Serebryany a5b2e54fcb [libFuzzer] simplify the code to print new PCs 
llvm-svn: 285145
 2016-10-26 00:20:51 +00:00
Kostya Serebryany 275e260258 [libFuzzer] simplify the code in TracePC::HandleTrace 
llvm-svn: 285142
 2016-10-25 23:52:25 +00:00
Kostya Serebryany 3364f90783 [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test 
llvm-svn: 285049
 2016-10-25 02:04:43 +00:00
Kostya Serebryany a5f94fb6c9 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
llvm-svn: 284273
 2016-10-14 20:20:33 +00:00
Kostya Serebryany 17d176e16b [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a fix for gcc build 
llvm-svn: 284132
 2016-10-13 16:19:09 +00:00
Daniel Jasper 90d990e034 Revert "[libFuzzer] refactoring to speed things up, NFC" 
This reverts commit r283946.

This breaks when build with GCC:
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes]
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch
lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here

llvm-svn: 283979
 2016-10-12 07:26:46 +00:00
Kostya Serebryany a09d11e108 [libFuzzer] refactoring to speed things up, NFC 
llvm-svn: 283946
 2016-10-11 21:27:37 +00:00
Kostya Serebryany d19919a80e [libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it 
llvm-svn: 283841
 2016-10-11 01:14:41 +00:00
Kostya Serebryany 1c73f1bf27 [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
llvm-svn: 283409
 2016-10-05 22:56:21 +00:00
Kostya Serebryany 379359c53a [libFuzzer] add ShrinkValueProfileTest, move code around, NFC 
llvm-svn: 283286
 2016-10-05 01:09:40 +00:00
Kostya Serebryany d216922a80 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default 
llvm-svn: 282995
 2016-10-01 01:04:29 +00:00
Kostya Serebryany 2c55613a08 [libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input 
llvm-svn: 282829
 2016-09-30 01:19:56 +00:00
Kostya Serebryany a9b0dd0e51 [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals 
llvm-svn: 282735
 2016-09-29 17:43:24 +00:00
Kostya Serebryany 3ee6c213d6 [libFuzzer] speedup TracePC::FinalizeTrace 
llvm-svn: 282562
 2016-09-28 01:16:24 +00:00
Kostya Serebryany 5ff481fd9e [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag 
llvm-svn: 282458
 2016-09-27 00:10:20 +00:00
Kostya Serebryany 0800b81a21 [libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features. 
llvm-svn: 282316
 2016-09-23 23:51:58 +00:00
Kostya Serebryany 0d26de3922 [libFuzzer] reset Counters (trace-pc-guard) before every run 
llvm-svn: 282284
 2016-09-23 20:04:13 +00:00