llvm-project

Commit Graph

Author	SHA1	Message	Date
Kostya Serebryany	70240430d9	[libFuzzer] remove even more stale code llvm-svn: 297797	2017-03-15 00:39:06 +00:00
Kostya Serebryany	862a845aa5	[libFuzzer] simplify code a bit llvm-svn: 297796	2017-03-15 00:34:25 +00:00
Kostya Serebryany	f81cc098ca	[libFuzzer] remove more stale code llvm-svn: 297785	2017-03-14 21:47:52 +00:00
Kostya Serebryany	a43a299382	[libFuzzer] remove stale code llvm-svn: 297781	2017-03-14 21:30:14 +00:00
Kostya Serebryany	41e7a27811	[libFuzzer] remove usage of the old coverage instrumentation llvm-svn: 296536	2017-02-28 23:23:48 +00:00
Kostya Serebryany	6ac64c3a6d	[libFuzzer] replace std::random_shuffle with std::shuffle as std::random_shuffle is being deprecated in C++17. Also simplify fuzzer::Random. NFC llvm-svn: 294366	2017-02-07 22:37:34 +00:00
Kostya Serebryany	419634bdb8	[libFuzzer] remove a bit of stale code llvm-svn: 293129	2017-01-26 01:45:54 +00:00
Marcos Pividori	15fbf682a1	[libFuzzer] AlrmHandler is executed in a different thread for Windows. Don't check for InFuzzingThread() on Windows, since the AlarmHandler() is always executed by a different thread from a thread pool. If we don't add these changes, the alarm handler will never execute. Note that we decided to ignore possible problem in the synchronization. Differential Revision: https://reviews.llvm.org/D28723 llvm-svn: 292746	2017-01-22 01:58:59 +00:00
Kostya Serebryany	98d592cc91	[libFuzzer] experimental support for 'equivalance fuzzing' llvm-svn: 292646	2017-01-20 20:57:07 +00:00
Kostya Serebryany	38b5d3ca54	[libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't special case 2-byte inputs llvm-svn: 292511	2017-01-19 19:38:12 +00:00
Kostya Serebryany	6e47a10ec7	[libFuzzer] add two tests for experimenting with equivalence fuzzing llvm-svn: 292509	2017-01-19 19:07:26 +00:00
Kostya Serebryany	4aa0590e33	[libFuzzer] improve error handling during the merge (handle various IO failures) llvm-svn: 291182	2017-01-05 22:05:47 +00:00
Kostya Serebryany	11a22bc39d	[libFuzzer] cleaner implementation of -print_pcs=1 llvm-svn: 290739	2016-12-30 01:13:07 +00:00
Kostya Serebryany	2a8440df70	[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt) llvm-svn: 290637	2016-12-27 23:24:55 +00:00
Mike Aizatsky	9b415be1bf	[libfuzzer] dump_coverage command line flag Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138	2016-12-19 22:18:08 +00:00
Daniel Jasper	fa1030e40b	Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" This reverts commit r289998. See comment: https://reviews.llvm.org/rL289998 llvm-svn: 290043	2016-12-17 12:27:49 +00:00
Kostya Serebryany	3a4e2dd92f	[libFuzzer] avoid msan false positives in more cases llvm-svn: 289999	2016-12-16 22:45:25 +00:00
Kostya Serebryany	be7003f99c	[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code llvm-svn: 289998	2016-12-16 22:42:05 +00:00
Marcos Pividori	64d4147396	[libFuzzer] Fix bug in detecting timeouts when input string is empty. I added a new flag RunningCB to know if the Fuzzer's main thread is running the CB function, instead of using (!CurrentUnitSize). (!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp, inside ShuffleAndMinimize() function, we execute the callback with an empty string (size=0). Previous implementation failed to detect timeouts in that execution. Also, I add a regression test for that case. Differential Revision: https://reviews.llvm.org/D27433 llvm-svn: 289561	2016-12-13 17:46:25 +00:00
Marcos Pividori	178fe58745	[libFuzzer] Clean up headers and file formatting of LibFuzzer files. Reorganize #includes to follow LLVM Coding Standards. Include some missing headers. Required to use `Printf()`. Aside from that, this patch contains no functional change. It is purely a re-organization. Differential Revision: https://reviews.llvm.org/D27363 llvm-svn: 289560	2016-12-13 17:46:11 +00:00
Marcos Pividori	463f8bdd0b	[libFuzzer] Properly use unsigned for Process ID. Use unsigned for PID instead of signed int. GetCurrentProcessId() returns an unsigned (DWORD) so we must be sure we can deal with all possible values. I use a long unsigned to be sure it can hold a 32 bit unsigned (DWORD). Differential Revision: https://reviews.llvm.org/D27281 llvm-svn: 289558	2016-12-13 17:45:44 +00:00
Kostya Serebryany	d4be88913e	[libFuzzer] respect -max_len during merge llvm-svn: 289467	2016-12-12 20:39:35 +00:00
Kostya Serebryany	fe1094b811	[libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( llvm-svn: 288731	2016-12-05 23:35:22 +00:00
Kostya Serebryany	dc6b8ca879	[libFuzzer] treat -rss_limit_mb=0 as no limit llvm-svn: 288389	2016-12-01 17:56:15 +00:00
Kostya Serebryany	05f7791fbf	[libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit llvm-svn: 288281	2016-11-30 22:39:35 +00:00
Zachary Turner	24a148b1d4	[LibFuzzer] Split up some functions among different headers. In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264	2016-11-30 19:06:14 +00:00
Kostya Serebryany	2fabecaee3	[libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once llvm-svn: 285223	2016-10-26 18:52:04 +00:00
Kostya Serebryany	06b8757b57	[libFuzzer] simplify the code in TracePC::HandleTrace a bit more llvm-svn: 285147	2016-10-26 00:42:52 +00:00
Kostya Serebryany	a5b2e54fcb	[libFuzzer] simplify the code to print new PCs llvm-svn: 285145	2016-10-26 00:20:51 +00:00
Kostya Serebryany	275e260258	[libFuzzer] simplify the code in TracePC::HandleTrace llvm-svn: 285142	2016-10-25 23:52:25 +00:00
Kostya Serebryany	3364f90783	[libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test llvm-svn: 285049	2016-10-25 02:04:43 +00:00
Reid Kleckner	ac2a2a86e4	Fix -Wunused-variable warning in libFuzzer llvm-svn: 284838	2016-10-21 16:26:27 +00:00
Kostya Serebryany	8dfed45cd4	[libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item llvm-svn: 284508	2016-10-18 18:06:05 +00:00
Kostya Serebryany	f9b8e8b117	[libFuzzer] better algorithm for -minimize_crash llvm-svn: 284299	2016-10-15 01:00:24 +00:00
Kostya Serebryany	a5f94fb6c9	[libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273	2016-10-14 20:20:33 +00:00
Kostya Serebryany	0381374f96	[libFuzzer] more detailed message for disabled leak detection llvm-svn: 284169	2016-10-13 22:24:10 +00:00
Kostya Serebryany	a17d23eaa7	[libFuzzer] add -trace_malloc= flag llvm-svn: 284149	2016-10-13 19:06:46 +00:00
Kostya Serebryany	c5325ed29d	[libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process llvm-svn: 283682	2016-10-08 23:24:45 +00:00
Kostya Serebryany	9adc7c8b4a	[libFuzzer] control the reload interval by a flag, make it 10 seconds by default llvm-svn: 283676	2016-10-08 22:12:14 +00:00
Kostya Serebryany	936b1e774f	[libFuzzer] be more careful with memory usage, print peak rss in status lines llvm-svn: 283418	2016-10-06 05:14:00 +00:00
Kostya Serebryany	3b564e9765	[libFuzzer] when re-running for lsan, don't look at the coverage llvm-svn: 283411	2016-10-05 23:31:01 +00:00
Kostya Serebryany	1c73f1bf27	[libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. llvm-svn: 283409	2016-10-05 22:56:21 +00:00
Kostya Serebryany	2455f0d013	[libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines llvm-svn: 283279	2016-10-05 00:25:17 +00:00
Kostya Serebryany	4820cc988f	[libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway llvm-svn: 283187	2016-10-04 06:08:46 +00:00
Kostya Serebryany	d216922a80	[libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default llvm-svn: 282995	2016-10-01 01:04:29 +00:00
Kostya Serebryany	90f8f36bca	[libFuzzer] remove some experimental code llvm-svn: 282983	2016-09-30 23:29:27 +00:00
Kostya Serebryany	e7e790bad6	[libFuzzer] remove unused option llvm-svn: 282971	2016-09-30 22:29:57 +00:00
Kostya Serebryany	b3949ef885	[libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard) llvm-svn: 282831	2016-09-30 01:24:57 +00:00
Kostya Serebryany	2c55613a08	[libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input llvm-svn: 282829	2016-09-30 01:19:56 +00:00
Kostya Serebryany	a9b0dd0e51	[sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals llvm-svn: 282735	2016-09-29 17:43:24 +00:00

1 2 3 4 5

215 Commits