86e630b857
[libFuzzer] read asan's dedup_token while minimizing a crash and stop minimization if another bug was found during minimization ( https://github.com/google/oss-fuzz/issues/452 )
...
llvm-svn: 298755
2017-03-25 00:56:08 +00:00
dba9ded61f
[libFuzzer] honor -exact_artifact_path for all intermediate files during crash minimization ( https://github.com/google/oss-fuzz/issues/250 )
...
llvm-svn: 298740
2017-03-24 21:09:16 +00:00
4fc6dd7f8f
[libFuzzer] add two experimental flags to make corpus merging more scalable: -save_coverage_summary/-load_coverage_summary. This is still WIP, the documentation will come later if these flags survive
...
llvm-svn: 298548
2017-03-22 20:32:44 +00:00
f7e610eda1
[libFuzzer] Experimenting with dictionary minimization.
...
Summary:
Tracking issue: https://github.com/google/oss-fuzz/issues/331
Reviewers: kcc
Reviewed By: kcc
Differential Revision: https://reviews.llvm.org/D30940
llvm-svn: 298031
2017-03-17 01:40:09 +00:00
f81cc098ca
[libFuzzer] remove more stale code
...
llvm-svn: 297785
2017-03-14 21:47:52 +00:00
ae579a79c0
Use "%zd" format specifier for printing number of testcases executed.
...
Summary:
This helps to avoid signed integer overflow after running a fast fuzz target for several hours, e.g.:
<...>
Done -1097903291 runs in 54001 second(s)
Reviewers: kcc
Reviewed By: kcc
Differential Revision: https://reviews.llvm.org/D29941
llvm-svn: 295112
2017-02-14 22:14:36 +00:00
5c76e3d034
[libFuzzer] increase the default size for shmem
...
llvm-svn: 293722
2017-02-01 00:07:47 +00:00
d9667914b2
[libFuzzer] use print+exit(1) instead of assert to report an error
...
llvm-svn: 292685
2017-01-21 00:13:50 +00:00
87a3811d32
[libFuzzer] add an assert to protect against LLVMFuzzerInitialize changing argv[0]
...
llvm-svn: 292652
2017-01-20 21:34:24 +00:00
98d592cc91
[libFuzzer] experimental support for 'equivalance fuzzing'
...
llvm-svn: 292646
2017-01-20 20:57:07 +00:00
38b5d3ca54
[libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't special case 2-byte inputs
...
llvm-svn: 292511
2017-01-19 19:38:12 +00:00
bb91170cb5
[libFuzzer] remove stale code
...
llvm-svn: 292325
2017-01-18 01:10:18 +00:00
4aa0590e33
[libFuzzer] improve error handling during the merge (handle various IO failures)
...
llvm-svn: 291182
2017-01-05 22:05:47 +00:00
2a8440df70
[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt)
...
llvm-svn: 290637
2016-12-27 23:24:55 +00:00
823c18147d
[libFuzzer] fix UB and simplify the computation of the RNG seed ( https://llvm.org/bugs/show_bug.cgi?id=31456 )
...
llvm-svn: 290622
2016-12-27 19:51:34 +00:00
9b415be1bf
[libfuzzer] dump_coverage command line flag
...
Reviewers: kcc, vitalybuka
Differential Revision: https://reviews.llvm.org/D27942
llvm-svn: 290138
2016-12-19 22:18:08 +00:00
fa1030e40b
Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code"
...
This reverts commit r289998.
See comment:
https://reviews.llvm.org/rL289998
llvm-svn: 290043
2016-12-17 12:27:49 +00:00
be7003f99c
[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code
...
llvm-svn: 289998
2016-12-16 22:42:05 +00:00
628b43aab6
[libFuzzer] enable the failure-resistant merge by default (with trace-pc-guard only)
...
llvm-svn: 289772
2016-12-15 06:21:21 +00:00
178fe58745
[libFuzzer] Clean up headers and file formatting of LibFuzzer files.
...
Reorganize #includes to follow LLVM Coding Standards.
Include some missing headers. Required to use `Printf()`.
Aside from that, this patch contains no functional change.
It is purely a re-organization.
Differential Revision: https://reviews.llvm.org/D27363
llvm-svn: 289560
2016-12-13 17:46:11 +00:00
6e3d885c79
[libFuzzer] Properly use unsigned for workers, jobs and NumberOfCpuCores.
...
std:🧵 :hardware_concurrency() returns an unsigned, so I modify
NumberOfCpuCores() to return unsigned too.
The number of cpus is used to define the number of workers, so I decided
to update the worker and jobs flags to be declared as unsigned too.
Differential Revision: https://reviews.llvm.org/D27685
llvm-svn: 289559
2016-12-13 17:45:53 +00:00
c59b692c85
[libFuzzer] Improve Signal Handler interface.
...
Add new flags to FuzzingOptions to represent the different conditions
on the signal handling. These options are passed when calling
SetSignalHandler().
This changes simplify the implementation of Windows's exception
handling. Now we can define a unique handler for all the exceptions.
Differential Revision: https://reviews.llvm.org/D27238
llvm-svn: 289557
2016-12-13 17:45:20 +00:00
a31300e789
[libFuzzer] don't require extra flags with -minimize_crash=1 (default to -max_total_time=600). Also respect exact_artifact_path when outputting the end result
...
llvm-svn: 289506
2016-12-13 00:40:47 +00:00
111e1d69e3
[libFuzzer] implement crash-resistant merge ( https://github.com/google/sanitizers/issues/722 ). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests).
...
llvm-svn: 289166
2016-12-09 01:17:24 +00:00
6fa57ad9bd
Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
...
This resubmits r288529, which was resubmitted because it broke a
fuzzer bot. According to kcc@ the test that broke was flakey
and it is unlikely to be a result of this patch.
llvm-svn: 288549
2016-12-02 23:02:01 +00:00
3cfeab7059
Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
...
This reverts commit r288529, as it seems to introduce some
problems on the Linux bots.
llvm-svn: 288533
2016-12-02 20:54:56 +00:00
34dcfb9294
[LibFuzzer] Split FuzzerUtil for Posix and Windows.
...
Pave the way for separating out platform specific
utility functions into separate files.
Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27234
llvm-svn: 288529
2016-12-02 19:38:19 +00:00
24a148b1d4
[LibFuzzer] Split up some functions among different headers.
...
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't. IO functions, for example, tend to be platform
specific.
This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.
Aside from that, this patch contains no functional change. It
is purely a re-organization.
Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230
llvm-svn: 288264
2016-11-30 19:06:14 +00:00
6c77811a29
[libFuzzer] replace 'auto' with 'auto *' to better follow the LLVM style
...
llvm-svn: 286870
2016-11-14 19:21:38 +00:00
53c894d257
[libFuzzer] use a valid ASCII string for a dummy seed corpus
...
llvm-svn: 286702
2016-11-12 02:27:21 +00:00
fc1c405f98
[libFuzzer] use less stack
...
llvm-svn: 286689
2016-11-12 00:24:35 +00:00
8a56917492
[libFuzzer] fix -error_exitcode=N, now with a test
...
llvm-svn: 285958
2016-11-03 19:31:18 +00:00
bb59ef77ca
[libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file)
...
llvm-svn: 284514
2016-10-18 18:38:08 +00:00
f9b8e8b117
[libFuzzer] better algorithm for -minimize_crash
...
llvm-svn: 284299
2016-10-15 01:00:24 +00:00
a5f94fb6c9
[libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode
...
llvm-svn: 284273
2016-10-14 20:20:33 +00:00
a17d23eaa7
[libFuzzer] add -trace_malloc= flag
...
llvm-svn: 284149
2016-10-13 19:06:46 +00:00
c5325ed29d
[libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process
...
llvm-svn: 283682
2016-10-08 23:24:45 +00:00
9adc7c8b4a
[libFuzzer] control the reload interval by a flag, make it 10 seconds by default
...
llvm-svn: 283676
2016-10-08 22:12:14 +00:00
936b1e774f
[libFuzzer] be more careful with memory usage, print peak rss in status lines
...
llvm-svn: 283418
2016-10-06 05:14:00 +00:00
1c73f1bf27
[libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.
...
llvm-svn: 283409
2016-10-05 22:56:21 +00:00
2455f0d013
[libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines
...
llvm-svn: 283279
2016-10-05 00:25:17 +00:00
d216922a80
[libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default
...
llvm-svn: 282995
2016-10-01 01:04:29 +00:00
e7e790bad6
[libFuzzer] remove unused option
...
llvm-svn: 282971
2016-09-30 22:29:57 +00:00
5ff481fd9e
[libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag
...
llvm-svn: 282458
2016-09-27 00:10:20 +00:00
16a145fd0f
[libFuzzer] fix merging with trace-pc-guard
...
llvm-svn: 282224
2016-09-23 01:58:51 +00:00
ab73c6924f
[libFuzzer] move value profiling logic into TracePC
...
llvm-svn: 282219
2016-09-23 00:46:18 +00:00
be0ed59cdc
[libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen
...
llvm-svn: 282211
2016-09-22 23:16:36 +00:00
624f59f4d8
[libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings
...
llvm-svn: 282129
2016-09-22 01:34:58 +00:00
29bb664075
[libFuzzer] add stats to the corpus; more refactoring
...
llvm-svn: 282121
2016-09-21 22:42:17 +00:00
6f5a804cdb
[libFuzzer] refactoring: split the large header into many; NFC
...
llvm-svn: 282044
2016-09-21 01:50:50 +00:00
Kostya Serebryany