Kostya Serebryany
|
7abb95d3b3
|
[libFuzzer] make a test less flaky
llvm-svn: 283686
|
2016-10-09 03:45:38 +00:00 |
Kostya Serebryany
|
c5325ed29d
|
[libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process
llvm-svn: 283682
|
2016-10-08 23:24:45 +00:00 |
Kostya Serebryany
|
9adc7c8b4a
|
[libFuzzer] control the reload interval by a flag, make it 10 seconds by default
llvm-svn: 283676
|
2016-10-08 22:12:14 +00:00 |
Kostya Serebryany
|
cd04ec25dd
|
[libFuzzer] fix use-after-free in libFuzzer found by ... fuzzing.
llvm-svn: 283675
|
2016-10-08 21:57:48 +00:00 |
Kostya Serebryany
|
936b1e774f
|
[libFuzzer] be more careful with memory usage, print peak rss in status lines
llvm-svn: 283418
|
2016-10-06 05:14:00 +00:00 |
Kostya Serebryany
|
3b564e9765
|
[libFuzzer] when re-running for lsan, don't look at the coverage
llvm-svn: 283411
|
2016-10-05 23:31:01 +00:00 |
Kostya Serebryany
|
1c73f1bf27
|
[libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.
llvm-svn: 283409
|
2016-10-05 22:56:21 +00:00 |
Kostya Serebryany
|
379359c53a
|
[libFuzzer] add ShrinkValueProfileTest, move code around, NFC
llvm-svn: 283286
|
2016-10-05 01:09:40 +00:00 |
Kostya Serebryany
|
2455f0d013
|
[libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines
llvm-svn: 283279
|
2016-10-05 00:25:17 +00:00 |
Kostya Serebryany
|
4820cc988f
|
[libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway
llvm-svn: 283187
|
2016-10-04 06:08:46 +00:00 |
Kostya Serebryany
|
5a52a11ce4
|
[libFuzzer] change the probabilities so that we choose only the inputs that are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now)
llvm-svn: 283178
|
2016-10-04 01:51:44 +00:00 |
Kostya Serebryany
|
a5f1adab56
|
[libFuzzer] add fuzzer test for libxml2, finds https://bugzilla.gnome.org/show_bug.cgi?id=751631
llvm-svn: 283024
|
2016-10-01 07:37:40 +00:00 |
Kostya Serebryany
|
d1f31d0a49
|
[libFuzzer] fix a recent bugs (buffer overflow)
llvm-svn: 283021
|
2016-10-01 07:13:25 +00:00 |
Kostya Serebryany
|
d216922a80
|
[libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default
llvm-svn: 282995
|
2016-10-01 01:04:29 +00:00 |
Kostya Serebryany
|
90f8f36bca
|
[libFuzzer] remove some experimental code
llvm-svn: 282983
|
2016-09-30 23:29:27 +00:00 |
Kostya Serebryany
|
7022b94687
|
[libFuzzer] fix openssl fuzzer tests when running on a machine w/o openssl installed
llvm-svn: 282972
|
2016-09-30 22:35:08 +00:00 |
Kostya Serebryany
|
e7e790bad6
|
[libFuzzer] remove unused option
llvm-svn: 282971
|
2016-09-30 22:29:57 +00:00 |
Kostya Serebryany
|
b7e7a5473d
|
[libFuzzer] move common parts of shell scripts into a separate file
llvm-svn: 282954
|
2016-09-30 21:12:30 +00:00 |
Kostya Serebryany
|
cfa31b6307
|
[libFuzzer] add a fuzzer test that finds CVE-2015-3193
llvm-svn: 282892
|
2016-09-30 18:16:16 +00:00 |
Kostya Serebryany
|
cad612a472
|
[libfuzzer] test for c-ares CVE-2016-5180
llvm-svn: 282839
|
2016-09-30 05:15:45 +00:00 |
Kostya Serebryany
|
b3949ef885
|
[libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard)
llvm-svn: 282831
|
2016-09-30 01:24:57 +00:00 |
Kostya Serebryany
|
2c55613a08
|
[libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input
llvm-svn: 282829
|
2016-09-30 01:19:56 +00:00 |
Kostya Serebryany
|
a9b0dd0e51
|
[sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals
llvm-svn: 282735
|
2016-09-29 17:43:24 +00:00 |
Kostya Serebryany
|
a9a135b4f5
|
[libFuzzer] initialize ValueBitMap::NumBits
llvm-svn: 282721
|
2016-09-29 15:51:28 +00:00 |
Kostya Serebryany
|
3ee6c213d6
|
[libFuzzer] speedup TracePC::FinalizeTrace
llvm-svn: 282562
|
2016-09-28 01:16:24 +00:00 |
Kostya Serebryany
|
7d6935c184
|
[libFuzzer] run re2 test in 8 threads by default
llvm-svn: 282469
|
2016-09-27 03:33:57 +00:00 |
Kostya Serebryany
|
45c144754b
|
[sanitizer-coverage] fix a bug in trace-gep
llvm-svn: 282467
|
2016-09-27 01:55:08 +00:00 |
Kostya Serebryany
|
53543af036
|
[libFuzzer] add a test based on openssl-1.0.1f (finds heartbleed)
llvm-svn: 282460
|
2016-09-27 00:27:40 +00:00 |
Kostya Serebryany
|
5ff481fd9e
|
[libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag
llvm-svn: 282458
|
2016-09-27 00:10:20 +00:00 |
Kostya Serebryany
|
273d767215
|
[libFuzzer] add a standalone build script
llvm-svn: 282321
|
2016-09-24 04:00:00 +00:00 |
Kostya Serebryany
|
0800b81a21
|
[libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features.
llvm-svn: 282316
|
2016-09-23 23:51:58 +00:00 |
Kostya Serebryany
|
2d1d944f7e
|
[libFuzzer] first steps in adding a proper automated test suite based on real-life code: add a script to build RE2 at a revision that has known bugs
llvm-svn: 282292
|
2016-09-23 20:43:22 +00:00 |
Kostya Serebryany
|
0d26de3922
|
[libFuzzer] reset Counters (trace-pc-guard) before every run
llvm-svn: 282284
|
2016-09-23 20:04:13 +00:00 |
Kostya Serebryany
|
ce1cab169f
|
[libFuzzer] be more precise about what we reset in TracePC
llvm-svn: 282225
|
2016-09-23 02:18:59 +00:00 |
Kostya Serebryany
|
16a145fd0f
|
[libFuzzer] fix merging with trace-pc-guard
llvm-svn: 282224
|
2016-09-23 01:58:51 +00:00 |
Kostya Serebryany
|
87a598e19f
|
[libFuzzer] simplify the TracePC logic
llvm-svn: 282222
|
2016-09-23 01:20:07 +00:00 |
Kostya Serebryany
|
ab73c6924f
|
[libFuzzer] move value profiling logic into TracePC
llvm-svn: 282219
|
2016-09-23 00:46:18 +00:00 |
Kostya Serebryany
|
d28099de5d
|
[libFuzzer] change ValueBitMap to remember the number of bits in it
llvm-svn: 282216
|
2016-09-23 00:22:46 +00:00 |
Kostya Serebryany
|
be0ed59cdc
|
[libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen
llvm-svn: 282211
|
2016-09-22 23:16:36 +00:00 |
Kostya Serebryany
|
624f59f4d8
|
[libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings
llvm-svn: 282129
|
2016-09-22 01:34:58 +00:00 |
Kostya Serebryany
|
c9e3de35ed
|
[libFuzzer] one more test
llvm-svn: 282127
|
2016-09-22 00:57:29 +00:00 |
Kostya Serebryany
|
29bb664075
|
[libFuzzer] add stats to the corpus; more refactoring
llvm-svn: 282121
|
2016-09-21 22:42:17 +00:00 |
Kostya Serebryany
|
20801e1b8a
|
[libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one.
llvm-svn: 282115
|
2016-09-21 21:41:48 +00:00 |
Kostya Serebryany
|
8658618ea0
|
[libFuzzer] more refactoring
llvm-svn: 282113
|
2016-09-21 21:17:23 +00:00 |
Kostya Serebryany
|
225d8e45d4
|
[libFuzzer] fix libc++ build
llvm-svn: 282050
|
2016-09-21 03:50:37 +00:00 |
Kostya Serebryany
|
556894fb10
|
[libFuzzer] more refactoring; NFC
llvm-svn: 282047
|
2016-09-21 02:05:39 +00:00 |
Kostya Serebryany
|
6f5a804cdb
|
[libFuzzer] refactoring: split the large header into many; NFC
llvm-svn: 282044
|
2016-09-21 01:50:50 +00:00 |
Kostya Serebryany
|
09aa01a6f8
|
[libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features
llvm-svn: 282042
|
2016-09-21 01:04:43 +00:00 |
Kostya Serebryany
|
3750c04f7e
|
[libFuzzer] use sleep() instead of std::this_thread::sleep_for to avoid coverage from instrumented libc++
llvm-svn: 281933
|
2016-09-19 20:32:34 +00:00 |
Kostya Serebryany
|
b706b481ba
|
[libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer
llvm-svn: 281866
|
2016-09-18 21:47:08 +00:00 |