George Karpenkov
748bf121bb
Moving libFuzzer from LLVM to compiler-rt.
...
This change only removes libFuzzer tests and CMake machinery,
the source copy temporarily remains at the old location.
Differential Revision: https://reviews.llvm.org/D36980
llvm-svn: 311405
2017-08-21 23:25:12 +00:00
George Karpenkov
fb0994b37e
Always compile libFuzzer with no coverage
...
Do not compile libFuzzer itself with coverage, regardless of LLVM variables
Differential Revision: https://reviews.llvm.org/D36887
llvm-svn: 311374
2017-08-21 20:12:58 +00:00
Kuba Mracek
d3f3fae32d
Get rid of even more "%T" expansions, see < https://reviews.llvm.org/D35396 >.
...
llvm-svn: 311294
2017-08-20 17:05:22 +00:00
Matt Morehouse
5c7fc76983
[SanitizerCoverage] Add stack depth tracing instrumentation.
...
Summary:
Augment SanitizerCoverage to insert maximum stack depth tracing for
use by libFuzzer. The new instrumentation is enabled by the flag
-fsanitize-coverage=stack-depth and is compatible with the existing
trace-pc-guard coverage. The user must also declare the following
global variable in their code:
thread_local uintptr_t __sancov_lowest_stack
https://bugs.llvm.org/show_bug.cgi?id=33857
Reviewers: vitalybuka, kcc
Reviewed By: vitalybuka
Subscribers: kubamracek, hiraditya, cfe-commits, llvm-commits
Differential Revision: https://reviews.llvm.org/D36839
llvm-svn: 311186
2017-08-18 18:43:30 +00:00
Petr Hosek
ec20fd7731
[CMake] Add install target for LLVMFuzzer
...
This allows including LLVMFuzzer as distribution component.
Differential Revision: https://reviews.llvm.org/D36540
llvm-svn: 310897
2017-08-14 23:37:31 +00:00
Kostya Serebryany
e3cb3c519f
[libFuzzer] try to use less RAM while processing the initial corpus
...
llvm-svn: 310881
2017-08-14 20:34:35 +00:00
Kostya Serebryany
47cb4856d4
[libFuzzer] explicitly use -fsanitize-coverage=trace-pc-guard in test/dump_coverage.test; mark print_coverage/dump_coverage as To-be-deprecated
...
llvm-svn: 310877
2017-08-14 19:55:23 +00:00
Kostya Serebryany
0873be2ad0
[libFuzzer] experimental support for Clang's coverage (fprofile-instr-generate), Linux-only
...
llvm-svn: 310771
2017-08-11 23:03:22 +00:00
George Karpenkov
d20e8b4edb
[libFuzzer] Re-enable coverage.test on Darwin.
...
llvm-svn: 310750
2017-08-11 20:30:52 +00:00
Alexander Potapenko
7235bcdf8f
[libFuzzer] Update LibFuzzer w.r.t. the new comparisons instrumentation API
...
Added the _sanitizer_cov_trace_const_cmp[1248] callbacks.
For now they are implemented the same way as _sanitizer_cov_trace_cmp[1248].
For more details, please see https://reviews.llvm.org/D36465 .
Patch by Victor Chibotaru.
llvm-svn: 310592
2017-08-10 14:01:45 +00:00
Kostya Serebryany
e863796dca
[libFuzzer] simplify code, NFC
...
llvm-svn: 310326
2017-08-08 00:17:20 +00:00
Kostya Serebryany
22e5f9a16a
[libFuzzer] remove stale code
...
llvm-svn: 310325
2017-08-08 00:14:49 +00:00
Kostya Serebryany
854be98c93
[libFuzzer] simplify the implementation of -print_coverage=1
...
llvm-svn: 310324
2017-08-08 00:12:09 +00:00
George Karpenkov
00e25c5459
Do not instrument libFuzzer itself when built with -DLLVM_USE_SANITIZE_COVERAGE
...
Fixes regression from https://reviews.llvm.org/D36295
Differential Revision: https://reviews.llvm.org/D36428
llvm-svn: 310305
2017-08-07 20:56:11 +00:00
Kostya Serebryany
a84a6c1e48
[libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) to implement -exit_on_src_pos
...
llvm-svn: 310151
2017-08-04 23:49:53 +00:00
Kostya Serebryany
be7a35769d
[libFuzzer] print PCs using the in-binary PC-table instead of relying on PCs captured at run-time
...
llvm-svn: 310148
2017-08-04 23:13:58 +00:00
Kostya Serebryany
64426e3ba8
[libFuzzer] re-enable fuzzer-printcovpcs.test
...
llvm-svn: 310126
2017-08-04 20:47:22 +00:00
Kostya Serebryany
27cba58898
[libFuzzer] make a test more robust
...
llvm-svn: 310113
2017-08-04 20:09:15 +00:00
Kostya Serebryany
1d7a33b8ae
[libFuzzer] remove the now redundant 'LLVMFuzzer-' prefix from libFuzzer tests
...
llvm-svn: 310110
2017-08-04 20:05:25 +00:00
Kostya Serebryany
785cec91a4
[libFuzzer] split one test into several
...
llvm-svn: 310106
2017-08-04 20:01:04 +00:00
George Karpenkov
b0c2bb572d
[libFuzzer tests] Only enable libFuzzer tests if
...
-DLIBFUZZER_ENABLE_TESTS=ON is set.
llvm-svn: 310100
2017-08-04 19:29:16 +00:00
Kostya Serebryany
0c079d06d3
[libFuzzer] make trace-pc.test more reliable
...
llvm-svn: 310091
2017-08-04 18:43:39 +00:00
George Karpenkov
96d6008145
Fixing buildbots: do not register check-fuzzer if clang or asan are not
...
present.
llvm-svn: 310077
2017-08-04 17:43:29 +00:00
George Karpenkov
a5de052362
Drop Windows support from libFuzzer tests.
...
Differential Revision: https://reviews.llvm.org/D36205
llvm-svn: 310076
2017-08-04 17:43:28 +00:00
George Karpenkov
8ecdd7be15
Port libFuzzer tests to LIT. Do not require two-stage build for check-fuzzer.
...
This revision ports all libFuzzer tests apart from the unittest to LIT.
The advantages of doing so include:
- Tests being self-contained
- Much easier debugging of a single test
- No need for using a two-stage compilation
The unit-test is still compiled using CMake, but it does not need a
freshly built compiler.
NOTE: The previous two-stage bot configuration will NOT work, as in the
second stage build LLVM_USE_SANITIZER is set, which disables ASAN from
being built.
Thus bots will be reconfigured in the next few commits.
Differential Revision: https://reviews.llvm.org/D36295
llvm-svn: 310075
2017-08-04 17:19:45 +00:00
George Karpenkov
5bd0503680
Disable libFuzzer tests on Windows
...
Differential Revision: https://reviews.llvm.org/D36297
llvm-svn: 310009
2017-08-04 00:26:12 +00:00
George Karpenkov
f020c98912
[libFuzzer] Un-reverting change in tests after fixing the failure on Linux.
...
Differential Revision: https://reviews.llvm.org/D36242
llvm-svn: 309982
2017-08-03 20:28:16 +00:00
George Karpenkov
6f046b4dd7
Revert "[libFuzzer tests] Use substring comparison in libFuzzer tests"
...
This reverts commit 3592d8049660dcdd07f7c2e797f2de9790f93111.
Breaks the bots, reverting for now.
llvm-svn: 309899
2017-08-02 23:09:57 +00:00
George Karpenkov
03f9506477
[libFuzzer tests] Use substring comparison in libFuzzer tests
...
LIT launches executables with absolute, and not relative, path.
strncmp would try to do exact comparison and fail.
Differential Revision: https://reviews.llvm.org/D36242
llvm-svn: 309889
2017-08-02 21:38:50 +00:00
Kostya Serebryany
0fc5ee2db0
[libFuzzer] temporarty remove pc-tables and disable test/fuzzer-printcovpcs.test until this can be fixed on Windows
...
llvm-svn: 309716
2017-08-01 18:02:19 +00:00
Kostya Serebryany
6cdb5a61b5
[libFuzzer] implement more correct way of computing feature index for Inline8bitCounters
...
llvm-svn: 309647
2017-08-01 01:16:26 +00:00
Kostya Serebryany
4f2970037a
[libFuzzer] enable -fsanitize-coverage=pc-table for all tests
...
llvm-svn: 309646
2017-08-01 00:48:44 +00:00
Kostya Serebryany
b2a1eba2f5
[libFuzzer] implement __sanitizer_cov_pcs_init and add pc-table to build flags for one test (for now)
...
llvm-svn: 309615
2017-07-31 20:20:59 +00:00
Kostya Serebryany
f14996b962
[libFuzzer] improve support for inline-8bit-counters (make it more correct and faster)
...
llvm-svn: 309443
2017-07-28 22:00:56 +00:00
Kostya Serebryany
6eab1a8ee6
[libFuzzer] don't disable msan for TracePC::CollectFeatures: this started to cause false positives in msan. No tests for libFuzzer+msan yet -- tests will need to wait until we move libFuzzer to compiler-rt
...
llvm-svn: 309038
2017-07-25 22:05:31 +00:00
Kostya Serebryany
6f7befd10f
[libFuzzer] make one test faster, fix compiler warnings in tests
...
llvm-svn: 308945
2017-07-25 02:09:46 +00:00
George Karpenkov
9bc64acf90
Revert "Revert "[libFuzzer] Add a dependency on symbolizer from libFuzzer tests""
...
This reverts commit 15425f2bc6eac6249ee957a2a280511306c07547.
Should work now that atos is a default symbolizer on Darwin.
llvm-svn: 308910
2017-07-24 18:38:14 +00:00
Kostya Serebryany
8cb63ec20b
[libFuzzer] reimplement experimental_len_control=1: bump the temporary max_len every time we failed to find new coverage during the last 1000 runs and 1 second. Also fix FileToVector to not load unfinished files
...
llvm-svn: 308811
2017-07-22 00:10:29 +00:00
Matt Morehouse
9e689792b2
Generate error reports when a fuzz target exits.
...
Summary:
Implements https://github.com/google/sanitizers/issues/835 .
Flush stdout before exiting in test cases.
Since the atexit hook is used for exit reports, pending prints to
stdout can be lost if they aren't flushed before calling exit().
Expect tests to have non-zero exit code if exit() is called.
Reviewers: vitalybuka, kcc
Reviewed By: kcc
Subscribers: eraman, llvm-commits, hiraditya
Differential Revision: https://reviews.llvm.org/D35602
llvm-svn: 308669
2017-07-20 20:43:39 +00:00
Kostya Serebryany
d1b731d57b
[libFuzzer] delete stale code
...
llvm-svn: 308663
2017-07-20 20:15:13 +00:00
Kostya Serebryany
a763be3d5f
[libFuzzer] make sure CheckExitOnSrcPosOrItem is called after the new input is saved to the corpus
...
llvm-svn: 308653
2017-07-20 18:53:25 +00:00
Kostya Serebryany
e55828c740
[libFuzzer] prototype implementation of recursion-depth coverage features (commented out; real implementation needs to use inlined instrumentation)
...
llvm-svn: 308577
2017-07-20 01:35:17 +00:00
Kostya Serebryany
15cc3713d3
[libFuzzer] add DeepRecursionTest, inspired by https://guidovranken.wordpress.com/2017/07/08/libfuzzer-gv-new-techniques-for-dramatically-faster-fuzzing/ (Stack-depth-guided fuzzing). libFuzzer does not solve it yet.
...
llvm-svn: 308571
2017-07-20 00:37:08 +00:00
Reid Kleckner
6326639721
Try to deflake fuzzer-oom.test on Windows
...
llvm-svn: 308568
2017-07-20 00:11:39 +00:00
Kostya Serebryany
f1bafd9bf6
[libFuzzer] simplify two more tests
...
llvm-svn: 308560
2017-07-19 23:52:54 +00:00
Kostya Serebryany
a168af7b5f
[libFuzzer] change several tests to not limit the max len: with reduce_inputs=1 they are now fast enough even w/o this
...
llvm-svn: 308553
2017-07-19 23:45:46 +00:00
Reid Kleckner
b3283b740f
Fix fuzzer-flags.test on Windows
...
The optional external function callbacks have to be exported in order
for them to be called. The test was failing because libFuzzer wasn't
calling LLVMFuzzerInitialize.
We can reconsider if this is the best way to mark these optional
callbacks exported later.
llvm-svn: 308548
2017-07-19 23:22:06 +00:00
Kostya Serebryany
4a27b70ed5
[libFuzzer] enable reduce_inputs=1 by default (seems to be a big win usually)
...
llvm-svn: 308541
2017-07-19 22:10:30 +00:00
Kostya Serebryany
d01e956d38
[libFuzzer] when adding a reduced input print REDUCED instead of NEW
...
llvm-svn: 308336
2017-07-18 18:47:36 +00:00
Kostya Serebryany
f1b5c64052
[libFuzzer] improve -reduce_inputs=1: now only consider the unique features of very input (seems to work much better)
...
llvm-svn: 308253
2017-07-18 01:36:50 +00:00