llvm-project

Commit Graph

Author	SHA1	Message	Date
Dan Liew	d3c33116fd	[LibFuzzer] Reimplement how the optional user functions are called. The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491	2016-06-02 05:48:02 +00:00
Kostya Serebryany	0edb563f27	[libFuzzer] make OOM-handling more portable. Instead of sending a signal to the main fuzzing thread, print the message in the getrusage thread and exit. llvm-svn: 270945	2016-05-27 00:54:15 +00:00
Kostya Serebryany	8fc3a27c5c	[libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid pointer to read from llvm-svn: 270942	2016-05-27 00:21:33 +00:00
Kostya Serebryany	d8384122a3	[libFuzzer] more refactoring around CurrentUnit. Also add a threading test on which we currently have a race (when reporting bugs from multiple threads) llvm-svn: 270929	2016-05-26 22:17:32 +00:00
Kostya Serebryany	f26017baf9	[libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFC llvm-svn: 270922	2016-05-26 21:32:30 +00:00
Kostya Serebryany	4b92326b17	[libFuzzer] when there is a leak in the existing corpus report the reproducer properly llvm-svn: 270905	2016-05-26 20:25:49 +00:00
Kostya Serebryany	f1f3f93c9e	[libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended llvm-svn: 270900	2016-05-26 20:03:02 +00:00
Mike Aizatsky	af432a45e3	[libfuzzer] Trying random unit prefixes during corpus load. Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632	2016-05-24 23:14:29 +00:00
Dan Liew	3868e468fe	[LibFuzzer] Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX. Under Mac OSX we intercept calls to malloc before thread local storage is initialised leading to a crash when accessing ``AllocTracer``. To workaround this ``AllocTracer`` is only accessed in the hook under Linux. For symmetry ``__sanitizer_free_hook()`` is also modified in the same way. To support this change a set of new macros LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be used to check the target being compiled for. Differential Revision: http://reviews.llvm.org/D20402 llvm-svn: 270145	2016-05-19 22:00:33 +00:00
Kostya Serebryany	8b0d90a6d4	[libFuzzer] simplify FuzzerInterface.h llvm-svn: 269448	2016-05-13 18:04:35 +00:00
Mike Aizatsky	1aa501e7e8	[libfuzzer] Refactoring coverage state-management code. It is now less state-dependent and will allow easier comparing of coverages of different units. Differential Revision: http://reviews.llvm.org/D20085 llvm-svn: 269140	2016-05-10 23:43:15 +00:00
Kostya Serebryany	8b8f7a3cda	[libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print the OOM reproducer. llvm-svn: 268821	2016-05-06 23:38:07 +00:00
Kostya Serebryany	52b394e981	[libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMs llvm-svn: 268807	2016-05-06 21:58:35 +00:00
Kostya Serebryany	baf7fd0b16	[libFuzzer] print stats after running individual inputs llvm-svn: 268547	2016-05-04 20:44:50 +00:00
Kostya Serebryany	2fe9304d62	[libFuzzer] enable detect_leaks=1, add proper docs llvm-svn: 268088	2016-04-29 18:49:55 +00:00
Kostya Serebryany	7018a1aaa4	[libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak llvm-svn: 267770	2016-04-27 19:52:34 +00:00
Kostya Serebryany	9ba19182be	[libFuzzer] remove dead code llvm-svn: 267455	2016-04-25 19:41:45 +00:00
Kostya Serebryany	1bfd583d82	[libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, it will help finding leaks while fuzzing llvm-svn: 266838	2016-04-20 00:24:21 +00:00
Kostya Serebryany	ebb932d060	[libFuzzer] try to print correct time in seconds when reporting a timeout. Don't report timeouts while still loading the corpus. llvm-svn: 266693	2016-04-18 22:50:39 +00:00
Kostya Serebryany	f389ae12c1	[libFuzzer] handle SIGTERM llvm-svn: 264338	2016-03-24 21:03:58 +00:00
Kostya Serebryany	49e409068a	[libFuzzer] add a flag close_fd_mask so that we can silence spammy targets by closing stderr/stdout llvm-svn: 263831	2016-03-18 20:58:29 +00:00
Kostya Serebryany	945761b8c2	[libFuzzer] improve -merge functionality llvm-svn: 263769	2016-03-18 00:23:29 +00:00
Kostya Serebryany	c5575aabd6	[libFuzzer] deprecate several flags llvm-svn: 263739	2016-03-17 19:59:39 +00:00
Kostya Serebryany	64d24578d8	[libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes. llvm-svn: 263323	2016-03-12 01:57:04 +00:00
Kostya Serebryany	3d95dd9149	[libFuzzer] deprecate exit_on_first flag llvm-svn: 262417	2016-03-01 22:33:14 +00:00
Kostya Serebryany	228d5b1ce4	[libFuzzer] add generic signal handlers so that libFuzzer can report at least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. llvm-svn: 262415	2016-03-01 22:19:21 +00:00
Kostya Serebryany	66ff0756e4	[libFuzzer] add -print_final_stats=1 flag llvm-svn: 262084	2016-02-26 22:42:23 +00:00
Kostya Serebryany	da63c1d09a	[libFuzzer] initial implementation of path coverage based on -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds llvm-svn: 262073	2016-02-26 21:33:56 +00:00
Kostya Serebryany	a35f7d383f	[libFuzzer] only read MaxLen bytes from every file in the corpus to speedup loading the corpus llvm-svn: 261267	2016-02-18 21:49:10 +00:00
Kostya Serebryany	8a5bef0fcf	[libFuzzer] remove std::vector operations from hot paths, NFC llvm-svn: 260829	2016-02-13 17:56:51 +00:00
Kostya Serebryany	1deb0498f5	[libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast llvm-svn: 260810	2016-02-13 06:24:18 +00:00
Kostya Serebryany	23194963f7	[libFuzzer] simplify CTOR of MutationDispatcher llvm-svn: 260800	2016-02-13 03:46:26 +00:00
Kostya Serebryany	292cf0379c	[libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC) llvm-svn: 260799	2016-02-13 03:37:24 +00:00
Kostya Serebryany	7ec0c56e07	[libFuzzer] get rid of UserSuppliedFuzzer; NFC llvm-svn: 260798	2016-02-13 03:25:16 +00:00
Kostya Serebryany	a399221c32	[libFuzzer] simplify the code around Random. NFC llvm-svn: 260797	2016-02-13 03:00:53 +00:00
Kostya Serebryany	ecab57b3ce	[libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea). llvm-svn: 260796	2016-02-13 02:39:30 +00:00
Kostya Serebryany	bfbe7fc404	[libFuzzer] allow passing 1 or more files as individual inputs llvm-svn: 259459	2016-02-02 03:03:47 +00:00
Kostya Serebryany	54a6363a8f	[libFuzzer] add -timeout_exitcode option llvm-svn: 259265	2016-01-29 23:30:07 +00:00
Kostya Serebryany	9768e7f06b	[libFuzzer] add -abort_on_timeout option llvm-svn: 258631	2016-01-23 19:34:19 +00:00
Kostya Serebryany	160dcba81f	[libFuzzer] add more fields to DictionaryEntry to count the number of uses and successes llvm-svn: 258589	2016-01-22 23:55:14 +00:00
Ivan Krasin	df91910bd4	Use std::piecewise_constant_distribution instead of ad-hoc binary search. Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed. Reviewers: aizatsky, kcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D16487 llvm-svn: 258571	2016-01-22 22:28:27 +00:00
Ivan Krasin	d84f74cab7	Revert r258473 as it's breaking the build with libc++ Reviewers: kcc Differential Revision: http://reviews.llvm.org/D16441 llvm-svn: 258479	2016-01-22 03:21:52 +00:00
Ivan Krasin	b008fd4d89	Use std::piecewise_constant_distribution instead of ad-hoc binary search. Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: I had to change the seed for one test to make it pass. Alternatively, the number of runs could be increased. I believe that the average time of 'foo' discovery is not increased, just seed=1 was particularly convenient for the previous PRNG scheme used. Reviewers: aizatsky, kcc Subscribers: llvm-commits, kcc Differential Revision: http://reviews.llvm.org/D16419 llvm-svn: 258473	2016-01-22 01:32:34 +00:00
Kostya Serebryany	476f0ce31a	[libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path llvm-svn: 257985	2016-01-16 03:53:32 +00:00
Kostya Serebryany	aca7696f4d	[libFuzzer] introduce LLVMFuzzerInitialize llvm-svn: 257980	2016-01-16 01:23:12 +00:00
Kostya Serebryany	628bc3ec00	[libFuzzer] move some code from public interface header to a non-public header. NFC llvm-svn: 257963	2016-01-16 00:04:36 +00:00
Kostya Serebryany	ae5b9567bc	[libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) llvm-svn: 257873	2016-01-15 06:24:05 +00:00
Kostya Serebryany	98abb2c90a	[libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations llvm-svn: 257713	2016-01-13 23:46:01 +00:00
Kostya Serebryany	d50a3eedb4	[libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) llvm-svn: 257701	2016-01-13 23:02:30 +00:00
Kostya Serebryany	4174005622	[libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries llvm-svn: 257435	2016-01-12 02:36:59 +00:00

1 2 3

115 Commits