Kostya Serebryany
4a27b70ed5
[libFuzzer] enable reduce_inputs=1 by default (seems to be a big win usually)
...
llvm-svn: 308541
2017-07-19 22:10:30 +00:00
Justin Bogner
c27a70d048
[libFuzzer] Allow non-fuzzer args after -ignore_remaining_args=1
...
With this change, libFuzzer will ignore any arguments after a sigil
argument, but it will preserve these arguments at the end of the
command line when launching subprocesses. Using this, its possible to
handle positional and single-dash arguments to the program under test
by discarding everything up to -ignore_remaining_args=1 in
LLVMFuzzerInitialize.
llvm-svn: 308069
2017-07-14 23:33:04 +00:00
Kostya Serebryany
1e99d543d2
[libFuzzer] refactoring in preparation for -reduce_inputs; NFC intended
...
llvm-svn: 307857
2017-07-12 22:20:04 +00:00
Kostya Serebryany
b068087bd8
[libFuzzer] update docs on -print_coverage/-dump_coverage
...
llvm-svn: 302498
2017-05-09 01:34:27 +00:00
Kostya Serebryany
f60f61d0b3
[libFuzzer] extend help for -minimize_crash to cover ASAN_OPTIONS=dedup_token_length=3
...
llvm-svn: 300800
2017-04-19 23:58:05 +00:00
Kostya Serebryany
a9e6cb8633
[libFuzzer] remove -output_csv option. It duplicates the default output and got out of sync
...
llvm-svn: 300768
2017-04-19 21:34:58 +00:00
Kostya Serebryany
1f231e7cc7
[libFuzzer] update -help: mention -exact_artifact_path in help for -minimize_crash and -cleanse_crash
...
llvm-svn: 300642
2017-04-19 01:22:04 +00:00
Kostya Serebryany
ac7a9eae0b
[libFuzzer] experimental option -cleanse_crash: tries to replace all bytes in a crash reproducer with garbage, while still preserving the crash
...
llvm-svn: 300498
2017-04-17 20:58:21 +00:00
Vitaly Buka
ea997e10cb
[libFuzzer] fix type in signal name.
...
Fixes PR32576.
Patch by Jakub Zawadzki.
llvm-svn: 299968
2017-04-11 18:20:05 +00:00
Kostya Serebryany
4fc6dd7f8f
[libFuzzer] add two experimental flags to make corpus merging more scalable: -save_coverage_summary/-load_coverage_summary. This is still WIP, the documentation will come later if these flags survive
...
llvm-svn: 298548
2017-03-22 20:32:44 +00:00
Kostya Serebryany
f7e610eda1
[libFuzzer] Experimenting with dictionary minimization.
...
Summary:
Tracking issue: https://github.com/google/oss-fuzz/issues/331
Reviewers: kcc
Reviewed By: kcc
Differential Revision: https://reviews.llvm.org/D30940
llvm-svn: 298031
2017-03-17 01:40:09 +00:00
Kostya Serebryany
98d592cc91
[libFuzzer] experimental support for 'equivalance fuzzing'
...
llvm-svn: 292646
2017-01-20 20:57:07 +00:00
Kostya Serebryany
bb91170cb5
[libFuzzer] remove stale code
...
llvm-svn: 292325
2017-01-18 01:10:18 +00:00
Kostya Serebryany
1d8c2ce97e
[libFuzzer] use table of recent compares for memcmp/strcmp (to unify the code between cmp and memcmp handling)
...
llvm-svn: 292287
2017-01-17 23:09:05 +00:00
Kostya Serebryany
4aa0590e33
[libFuzzer] improve error handling during the merge (handle various IO failures)
...
llvm-svn: 291182
2017-01-05 22:05:47 +00:00
Kostya Serebryany
2a8440df70
[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt)
...
llvm-svn: 290637
2016-12-27 23:24:55 +00:00
Mike Aizatsky
9b415be1bf
[libfuzzer] dump_coverage command line flag
...
Reviewers: kcc, vitalybuka
Differential Revision: https://reviews.llvm.org/D27942
llvm-svn: 290138
2016-12-19 22:18:08 +00:00
Daniel Jasper
fa1030e40b
Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code"
...
This reverts commit r289998.
See comment:
https://reviews.llvm.org/rL289998
llvm-svn: 290043
2016-12-17 12:27:49 +00:00
Kostya Serebryany
be7003f99c
[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code
...
llvm-svn: 289998
2016-12-16 22:42:05 +00:00
Kostya Serebryany
628b43aab6
[libFuzzer] enable the failure-resistant merge by default (with trace-pc-guard only)
...
llvm-svn: 289772
2016-12-15 06:21:21 +00:00
Marcos Pividori
6e3d885c79
[libFuzzer] Properly use unsigned for workers, jobs and NumberOfCpuCores.
...
std:🧵 :hardware_concurrency() returns an unsigned, so I modify
NumberOfCpuCores() to return unsigned too.
The number of cpus is used to define the number of workers, so I decided
to update the worker and jobs flags to be declared as unsigned too.
Differential Revision: https://reviews.llvm.org/D27685
llvm-svn: 289559
2016-12-13 17:45:53 +00:00
Kostya Serebryany
111e1d69e3
[libFuzzer] implement crash-resistant merge ( https://github.com/google/sanitizers/issues/722 ). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests).
...
llvm-svn: 289166
2016-12-09 01:17:24 +00:00
Kostya Serebryany
8a56917492
[libFuzzer] fix -error_exitcode=N, now with a test
...
llvm-svn: 285958
2016-11-03 19:31:18 +00:00
Kostya Serebryany
bcfb0802e2
[libFuzzer] enable use_cmp by default
...
llvm-svn: 285353
2016-10-27 21:44:37 +00:00
Kostya Serebryany
a5f94fb6c9
[libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode
...
llvm-svn: 284273
2016-10-14 20:20:33 +00:00
Kostya Serebryany
a17d23eaa7
[libFuzzer] add -trace_malloc= flag
...
llvm-svn: 284149
2016-10-13 19:06:46 +00:00
Kostya Serebryany
c5325ed29d
[libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process
...
llvm-svn: 283682
2016-10-08 23:24:45 +00:00
Kostya Serebryany
9adc7c8b4a
[libFuzzer] control the reload interval by a flag, make it 10 seconds by default
...
llvm-svn: 283676
2016-10-08 22:12:14 +00:00
Kostya Serebryany
d216922a80
[libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default
...
llvm-svn: 282995
2016-10-01 01:04:29 +00:00
Kostya Serebryany
e7e790bad6
[libFuzzer] remove unused option
...
llvm-svn: 282971
2016-09-30 22:29:57 +00:00
Kostya Serebryany
5ff481fd9e
[libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag
...
llvm-svn: 282458
2016-09-27 00:10:20 +00:00
Kostya Serebryany
29bb664075
[libFuzzer] add stats to the corpus; more refactoring
...
llvm-svn: 282121
2016-09-21 22:42:17 +00:00
Kostya Serebryany
09aa01a6f8
[libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features
...
llvm-svn: 282042
2016-09-21 01:04:43 +00:00
Kostya Serebryany
b706b481ba
[libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer
...
llvm-svn: 281866
2016-09-18 21:47:08 +00:00
Kostya Serebryany
5c04bd250e
[libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better
...
llvm-svn: 281007
2016-09-09 01:17:03 +00:00
Kostya Serebryany
e2d0f63654
[libFuzzer] add -minimize_crash flag (to minimize crashers). also add two tests that I failed to commit last time
...
llvm-svn: 280332
2016-09-01 01:22:27 +00:00
Kostya Serebryany
0f0fa4faf2
[libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them
...
llvm-svn: 279787
2016-08-25 22:35:08 +00:00
Kostya Serebryany
d46a59fac4
[libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage.
...
llvm-svn: 278839
2016-08-16 19:33:51 +00:00
Kostya Serebryany
c135b55ae0
[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp
...
llvm-svn: 275648
2016-07-15 23:27:19 +00:00
Mike Aizatsky
1f88b12272
[libfuzzer] prune_corpus option for disabling pruning during the load.
...
Summary:
The option is very useful for testing, plus I intend to measure
its effect on fuzzer effectiveness.
Differential Revision: http://reviews.llvm.org/D21084
llvm-svn: 272035
2016-06-07 18:16:32 +00:00
Mike Aizatsky
af432a45e3
[libfuzzer] Trying random unit prefixes during corpus load.
...
Differential Revision: http://reviews.llvm.org/D20301
llvm-svn: 270632
2016-05-24 23:14:29 +00:00
Kostya Serebryany
61b07ac75b
[libFuzzer] better document the -merge=1 flag
...
llvm-svn: 268957
2016-05-09 19:11:36 +00:00
Kostya Serebryany
8b8f7a3cda
[libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print the OOM reproducer.
...
llvm-svn: 268821
2016-05-06 23:38:07 +00:00
Kostya Serebryany
52b394e981
[libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMs
...
llvm-svn: 268807
2016-05-06 21:58:35 +00:00
Kostya Serebryany
2fe9304d62
[libFuzzer] enable detect_leaks=1, add proper docs
...
llvm-svn: 268088
2016-04-29 18:49:55 +00:00
Kostya Serebryany
1bfd583d82
[libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, it will help finding leaks while fuzzing
...
llvm-svn: 266838
2016-04-20 00:24:21 +00:00
Kostya Serebryany
9e1a238357
[libFuzzer] more docs
...
llvm-svn: 264803
2016-03-29 23:07:36 +00:00
Kostya Serebryany
f389ae12c1
[libFuzzer] handle SIGTERM
...
llvm-svn: 264338
2016-03-24 21:03:58 +00:00
Kostya Serebryany
49e409068a
[libFuzzer] add a flag close_fd_mask so that we can silence spammy targets by closing stderr/stdout
...
llvm-svn: 263831
2016-03-18 20:58:29 +00:00
Kostya Serebryany
945761b8c2
[libFuzzer] improve -merge functionality
...
llvm-svn: 263769
2016-03-18 00:23:29 +00:00