maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
262,674 Commits 23 Branches 0 Tags 2.2 GiB
Commit Graph

181 Commits

Author SHA1 Message Date
Kostya Serebryany fe4ed9bd85 [libFuzzer] make sure the input data is not overwritten in the fuzz target (if it is -- report an error) 
llvm-svn: 302494
 2017-05-09 01:17:29 +00:00
Sanjoy Das 730edccb24 Remove unnecessary semicolon 
This shows up as a -Wpendatic error on GCC.

llvm-svn: 301616
 2017-04-28 04:49:32 +00:00
Kostya Serebryany 4fc6dd7f8f [libFuzzer] add two experimental flags to make corpus merging more scalable: -save_coverage_summary/-load_coverage_summary. This is still WIP, the documentation will come later if these flags survive 
llvm-svn: 298548
 2017-03-22 20:32:44 +00:00
Kostya Serebryany 70240430d9 [libFuzzer] remove even more stale code 
llvm-svn: 297797
 2017-03-15 00:39:06 +00:00
Kostya Serebryany 862a845aa5 [libFuzzer] simplify code a bit 
llvm-svn: 297796
 2017-03-15 00:34:25 +00:00
Kostya Serebryany f81cc098ca [libFuzzer] remove more stale code 
llvm-svn: 297785
 2017-03-14 21:47:52 +00:00
Kostya Serebryany a43a299382 [libFuzzer] remove stale code 
llvm-svn: 297781
 2017-03-14 21:30:14 +00:00
Kostya Serebryany 41e7a27811 [libFuzzer] remove usage of the old coverage instrumentation 
llvm-svn: 296536
 2017-02-28 23:23:48 +00:00
Kostya Serebryany 419634bdb8 [libFuzzer] remove a bit of stale code 
llvm-svn: 293129
 2017-01-26 01:45:54 +00:00
Kostya Serebryany 98d592cc91 [libFuzzer] experimental support for 'equivalance fuzzing' 
llvm-svn: 292646
 2017-01-20 20:57:07 +00:00
Kostya Serebryany 4aa0590e33 [libFuzzer] improve error handling during the merge (handle various IO failures) 
llvm-svn: 291182
 2017-01-05 22:05:47 +00:00
Marcos Pividori 64d4147396 [libFuzzer] Fix bug in detecting timeouts when input string is empty. 
I added a new flag RunningCB to know if the Fuzzer's main thread is
running the CB function, instead of using (!CurrentUnitSize).
(!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp,
inside ShuffleAndMinimize() function, we execute the callback with an
empty string (size=0). Previous implementation failed to detect timeouts
in that execution.
Also, I add a regression test for that case.

Differential Revision: https://reviews.llvm.org/D27433

llvm-svn: 289561
 2016-12-13 17:46:25 +00:00
Marcos Pividori 178fe58745 [libFuzzer] Clean up headers and file formatting of LibFuzzer files. 
Reorganize #includes to follow LLVM Coding Standards.
Include some missing headers. Required to use `Printf()`.

Aside from that, this patch contains no functional change.
It is purely a re-organization.

Differential Revision: https://reviews.llvm.org/D27363

llvm-svn: 289560
 2016-12-13 17:46:11 +00:00
Kostya Serebryany 111e1d69e3 [libFuzzer] implement crash-resistant merge (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). 
llvm-svn: 289166
 2016-12-09 01:17:24 +00:00
Kostya Serebryany 05f7791fbf [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit 
llvm-svn: 288281
 2016-11-30 22:39:35 +00:00
Zachary Turner 24a148b1d4 [LibFuzzer] Split up some functions among different headers. 
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't.  IO functions, for example, tend to be platform
specific.

This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.

Aside from that, this patch contains no functional change.  It
is purely a re-organization.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230

llvm-svn: 288264
 2016-11-30 19:06:14 +00:00
Kostya Serebryany a5b2e54fcb [libFuzzer] simplify the code to print new PCs 
llvm-svn: 285145
 2016-10-26 00:20:51 +00:00
Kostya Serebryany bb59ef77ca [libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file) 
llvm-svn: 284514
 2016-10-18 18:38:08 +00:00
Kostya Serebryany 8dfed45cd4 [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item 
llvm-svn: 284508
 2016-10-18 18:06:05 +00:00
Kostya Serebryany f9b8e8b117 [libFuzzer] better algorithm for -minimize_crash 
llvm-svn: 284299
 2016-10-15 01:00:24 +00:00
Kostya Serebryany 1c73f1bf27 [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
llvm-svn: 283409
 2016-10-05 22:56:21 +00:00
Kostya Serebryany 4820cc988f [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway 
llvm-svn: 283187
 2016-10-04 06:08:46 +00:00
Kostya Serebryany d216922a80 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default 
llvm-svn: 282995
 2016-10-01 01:04:29 +00:00
Kostya Serebryany 90f8f36bca [libFuzzer] remove some experimental code 
llvm-svn: 282983
 2016-09-30 23:29:27 +00:00
Kostya Serebryany b3949ef885 [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard) 
llvm-svn: 282831
 2016-09-30 01:24:57 +00:00
Kostya Serebryany 5ff481fd9e [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag 
llvm-svn: 282458
 2016-09-27 00:10:20 +00:00
Kostya Serebryany 0800b81a21 [libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features. 
llvm-svn: 282316
 2016-09-23 23:51:58 +00:00
Kostya Serebryany 16a145fd0f [libFuzzer] fix merging with trace-pc-guard 
llvm-svn: 282224
 2016-09-23 01:58:51 +00:00
Kostya Serebryany ab73c6924f [libFuzzer] move value profiling logic into TracePC 
llvm-svn: 282219
 2016-09-23 00:46:18 +00:00
Kostya Serebryany d28099de5d [libFuzzer] change ValueBitMap to remember the number of bits in it 
llvm-svn: 282216
 2016-09-23 00:22:46 +00:00
Kostya Serebryany be0ed59cdc [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen 
llvm-svn: 282211
 2016-09-22 23:16:36 +00:00
Kostya Serebryany 624f59f4d8 [libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings 
llvm-svn: 282129
 2016-09-22 01:34:58 +00:00
Kostya Serebryany 29bb664075 [libFuzzer] add stats to the corpus; more refactoring 
llvm-svn: 282121
 2016-09-21 22:42:17 +00:00
Kostya Serebryany 20801e1b8a [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one. 
llvm-svn: 282115
 2016-09-21 21:41:48 +00:00
Kostya Serebryany 225d8e45d4 [libFuzzer] fix libc++ build 
llvm-svn: 282050
 2016-09-21 03:50:37 +00:00
Kostya Serebryany 556894fb10 [libFuzzer] more refactoring; NFC 
llvm-svn: 282047
 2016-09-21 02:05:39 +00:00
Kostya Serebryany 6f5a804cdb [libFuzzer] refactoring: split the large header into many; NFC 
llvm-svn: 282044
 2016-09-21 01:50:50 +00:00
Kostya Serebryany 09aa01a6f8 [libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features 
llvm-svn: 282042
 2016-09-21 01:04:43 +00:00
Kostya Serebryany b706b481ba [libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer 
llvm-svn: 281866
 2016-09-18 21:47:08 +00:00
Kostya Serebryany 8e781a888a [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change the guard type to intptr_t; use separate array for 8-bit counters 
llvm-svn: 281845
 2016-09-18 04:52:23 +00:00
Kostya Serebryany bc3789a919 [libFuzzer] properly reset the guards when reseting the coverage. Also try to fix check-fuzzer on the bot 
llvm-svn: 281814
 2016-09-17 06:01:55 +00:00
Kostya Serebryany 3e36ec1d18 [libFuzzer] change trace-pc to use 8-byte guards 
llvm-svn: 281810
 2016-09-17 05:04:47 +00:00
Kostya Serebryany 0984517021 [libFuzzer] make caller-callee feedback work with trace-pc-guard 
llvm-svn: 281667
 2016-09-15 22:16:15 +00:00
Kostya Serebryany 5350178487 [libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) 
llvm-svn: 281577
 2016-09-15 04:36:45 +00:00
Kostya Serebryany a5277d59d0 [libFuzzer] add 8-bit counters to trace-pc-guard handler 
llvm-svn: 281568
 2016-09-15 01:30:18 +00:00
Kostya Serebryany a00b243c75 [libFuzzer] start using trace-pc-guard as an alternative source of coverage 
llvm-svn: 281435
 2016-09-14 02:13:06 +00:00
Kostya Serebryany b991cc1f0e [libFuzzer] print a visible message if merge fails due to a crash 
llvm-svn: 281122
 2016-09-10 00:15:41 +00:00
Kostya Serebryany b76a2a5503 [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itself 
llvm-svn: 281016
 2016-09-09 02:38:28 +00:00
Kostya Serebryany 8ea4f9873b [libFuzzer] remove unneeded call 
llvm-svn: 281014
 2016-09-09 01:57:38 +00:00
Kostya Serebryany 5c04bd250e [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better 
llvm-svn: 281007
 2016-09-09 01:17:03 +00:00