Commit Graph

659 Commits

Author SHA1 Message Date
Kuba Mracek c3ecc4b314 Fixup for r301007: Restrict the -D hack to Darwin.
llvm-svn: 301017
2017-04-21 18:19:56 +00:00
Kuba Mracek 81acbf3daa Revert r301010: Bot failures on Windows, NetBSD and even some old Darwin.
llvm-svn: 301012
2017-04-21 18:02:22 +00:00
Kuba Mracek a0ab8c2e40 [libFuzzer] Always build libFuzzer
There are two reasons why users might want to build libfuzzer:
- To fuzz LLVM itself
- To get the libFuzzer.a archive file, so that they can attach it to their code
This change always builds libfuzzer, and supports the second use case if the specified flag is set.

The point of this patch is to have something that can potentially be shipped with the compiler, and this also ensures that the version of libFuzzer is correct to use with that compiler.

Patch by George Karpenkov.

Differential Revision: https://reviews.llvm.org/D32096

llvm-svn: 301010
2017-04-21 17:47:44 +00:00
Kuba Mracek 309182a7d3 [libFuzzer] Changing thread_local to __thread in libFuzzer
Old Apple compilers do not support thread_local keyword. This patch adds -Dthread_local=__thread when the compiler doesn't support thread_local.

Differential Revision: https://reviews.llvm.org/D32312

llvm-svn: 301007
2017-04-21 17:39:50 +00:00
Kuba Mracek 9eb170fede [libFuzzer] Check for target(popcnt) capability before usage
Older compilers (e.g. LLVM 3.4) do not support the attribute target("popcnt").
In order to support those, this diff check the attribute support using the preprocessor.

Patch by George Karpenkov.

Differential Revision: https://reviews.llvm.org/D32311

llvm-svn: 300999
2017-04-21 16:57:37 +00:00
Ahmed Bougacha db2c16aebb Revert "[libFuzzer] XFAIL fuzzer-oom.test on Darwin."
This reverts commit r300127.

r300759 implemented StopTheWorld for Darwin, so the test passes again.

llvm-svn: 300801
2017-04-20 00:16:13 +00:00
Kostya Serebryany f60f61d0b3 [libFuzzer] extend help for -minimize_crash to cover ASAN_OPTIONS=dedup_token_length=3
llvm-svn: 300800
2017-04-19 23:58:05 +00:00
Kuba Mracek 7fe92fc521 Revert r300789: There are Windows bot failures.
llvm-svn: 300794
2017-04-19 23:44:33 +00:00
Kuba Mracek a89fd60a91 [libFuzzer] Always build libFuzzer
There are two reasons why users might want to build libfuzzer:
- To fuzz LLVM itself
- To get the libFuzzer.a archive file, so that they can attach it to their code
This change always builds libfuzzer, and supports the second use case if the specified flag is set.

The point of this patch is to have something that can potentially be shipped with the compiler, and this also ensures that the version of libFuzzer is correct to use with that compiler.

Differential Revision: https://reviews.llvm.org/D32096

llvm-svn: 300789
2017-04-19 23:34:08 +00:00
Kostya Serebryany a9e6cb8633 [libFuzzer] remove -output_csv option. It duplicates the default output and got out of sync
llvm-svn: 300768
2017-04-19 21:34:58 +00:00
Kostya Serebryany 1f231e7cc7 [libFuzzer] update -help: mention -exact_artifact_path in help for -minimize_crash and -cleanse_crash
llvm-svn: 300642
2017-04-19 01:22:04 +00:00
Kostya Serebryany ac7a9eae0b [libFuzzer] experimental option -cleanse_crash: tries to replace all bytes in a crash reproducer with garbage, while still preserving the crash
llvm-svn: 300498
2017-04-17 20:58:21 +00:00
Akira Hatanaka 48b1dee7b4 [libFuzzer] XFAIL fuzzer-oom.test on Darwin.
The test fails on Darwin because Fuzzer::DeathCallback (which calls
DumpCurrentUnit("crash-")) is called before DumpCurrentUnit("oom-") is
called in Fuzzer::RssLimitCallback. DeathCallback is transitively called
from __sanitizer_print_memory_profile.

This should fix the fuzzer bot that has been failing for a while:

http://lab.llvm.org:8080/green/job/libFuzzer/

llvm-svn: 300127
2017-04-12 23:15:10 +00:00
Vitaly Buka ea997e10cb [libFuzzer] fix type in signal name.
Fixes PR32576.

Patch by Jakub Zawadzki.

llvm-svn: 299968
2017-04-11 18:20:05 +00:00
Reid Kleckner 67cecd1e1c [Fuzzer] Flush std::cout before aborting in CxxStringEqTest
On Windows, abort() does not appear to flush std::cout. Should fix red
sanitizer-windows bot.

llvm-svn: 299398
2017-04-03 23:00:25 +00:00
Kostya Serebryany a617e16ff1 [libFuzzer] simplify the code a bit
llvm-svn: 299180
2017-03-31 04:17:45 +00:00
Kostya Serebryany 7de1f1a826 [libFuzzer] tests: don't test 64-bit comparison on 32-bit builds
llvm-svn: 299179
2017-03-31 03:51:40 +00:00
Kostya Serebryany b1f802cf80 [libFuzzer] ensure that strncmp is not inlined in a test
llvm-svn: 299177
2017-03-31 03:34:33 +00:00
Kostya Serebryany af2dfce683 [libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while calling mem*/str* inside libFuzzer itself
llvm-svn: 299167
2017-03-31 02:21:28 +00:00
Kostya Serebryany 3033065df9 [libFuzzer] try to fix value-profile-strncmp on the Mac bot
llvm-svn: 299145
2017-03-31 00:52:39 +00:00
Kostya Serebryany 01ddc1cfd5 [libFuzzer] remove a stale flag from tests, run value-profile-strncmp.test longer (hopefully, will fix the OSX bot)
llvm-svn: 299051
2017-03-30 04:22:20 +00:00
Kostya Serebryany d7d1d517ee [libFuzzer] best effort support for -fsanitize-coverage=trace-pc instrumentation. It is less efficient and precise than -fsanitize-coverage=trace-pc-guard, but still works
llvm-svn: 299046
2017-03-30 01:27:20 +00:00
Juergen Ributzka dea6379421 [libfuzzer] Remove XFAIL for OutOfMemory test.
This test is now passing on Darwin.

See rdar://problem/31282257.

llvm-svn: 298886
2017-03-27 22:33:05 +00:00
Vitaly Buka 72b8acfb70 [libFuzzer] Fix test on Windows.
llvm-svn: 298757
2017-03-25 01:19:45 +00:00
Kostya Serebryany 86e630b857 [libFuzzer] read asan's dedup_token while minimizing a crash and stop minimization if another bug was found during minimization (https://github.com/google/oss-fuzz/issues/452)
llvm-svn: 298755
2017-03-25 00:56:08 +00:00
Kostya Serebryany c58982d6fa [libFuzzer] be more careful when calling strlen of strcmp parameters, PR32357
llvm-svn: 298746
2017-03-24 22:19:52 +00:00
Kostya Serebryany dba9ded61f [libFuzzer] honor -exact_artifact_path for all intermediate files during crash minimization (https://github.com/google/oss-fuzz/issues/250)
llvm-svn: 298740
2017-03-24 21:09:16 +00:00
Kostya Serebryany e54785c6e9 [libFuzzer] split two tests to get more parallelism in test runs
llvm-svn: 298673
2017-03-24 00:51:18 +00:00
Kostya Serebryany 382730ab23 [libFuzzer] increase kFeatureSetSize to 2^21 and make InputCorpus scale to that size. This will potentially make libFuzzer more sensitive on targets with lots of signals
llvm-svn: 298671
2017-03-24 00:45:15 +00:00
Kostya Serebryany 5f25495c4d [libFuzzer] fix non-linux build
llvm-svn: 298666
2017-03-23 23:48:47 +00:00
Kostya Serebryany 6ca44f9161 [libFuzzer] create experimental support for user-provided coverage signal
llvm-svn: 298654
2017-03-23 22:43:12 +00:00
Kostya Serebryany 4fc6dd7f8f [libFuzzer] add two experimental flags to make corpus merging more scalable: -save_coverage_summary/-load_coverage_summary. This is still WIP, the documentation will come later if these flags survive
llvm-svn: 298548
2017-03-22 20:32:44 +00:00
Kostya Serebryany 7acabdc497 [libFuzzer] inline the code of __sanitizer_cov_trace_pc_guard into it
llvm-svn: 298032
2017-03-17 01:45:15 +00:00
Kostya Serebryany f7e610eda1 [libFuzzer] Experimenting with dictionary minimization.
Summary:
Tracking issue: https://github.com/google/oss-fuzz/issues/331


Reviewers: kcc

Reviewed By: kcc

Differential Revision: https://reviews.llvm.org/D30940

llvm-svn: 298031
2017-03-17 01:40:09 +00:00
Kostya Serebryany a52c8d0daf [libFuzzer] add a test with two different bugs
llvm-svn: 298030
2017-03-17 01:33:16 +00:00
Kostya Serebryany 63689ca031 [libFuzzer] add a dummy LLVMFuzzerMutate to afl/afl_driver.cpp (https://github.com/google/oss-fuzz/issues/460)
llvm-svn: 297919
2017-03-15 23:54:40 +00:00
Kostya Serebryany 6d5412596c [libFuzzer] call __sanitizer_print_memory_profile with two params
llvm-svn: 297916
2017-03-15 23:27:53 +00:00
Vitaly Buka fbf031f27b Revert "[libFuzzer] Use ChooseUnitIdxToMutate to pick item for crossover."
Fails LLVMFuzzer.LLVMFuzzer.value-profile-strncmp.test.

This reverts commit r297891.

llvm-svn: 297912
2017-03-15 23:08:18 +00:00
Vitaly Buka b99247e608 [libFuzzer] Use ChooseUnitIdxToMutate to pick item for crossover.
Differential Revision: https://reviews.llvm.org/D30683

llvm-svn: 297891
2017-03-15 20:59:27 +00:00
Kostya Serebryany 70240430d9 [libFuzzer] remove even more stale code
llvm-svn: 297797
2017-03-15 00:39:06 +00:00
Kostya Serebryany 862a845aa5 [libFuzzer] simplify code a bit
llvm-svn: 297796
2017-03-15 00:34:25 +00:00
Kostya Serebryany f81cc098ca [libFuzzer] remove more stale code
llvm-svn: 297785
2017-03-14 21:47:52 +00:00
Kostya Serebryany 24d0016bbd [libFuzzer] don't clear Counters in TracePC::CollectFeatures since they will be cleared anyway in ResetMaps
llvm-svn: 297783
2017-03-14 21:40:53 +00:00
Kostya Serebryany a43a299382 [libFuzzer] remove stale code
llvm-svn: 297781
2017-03-14 21:30:14 +00:00
Vitaly Buka 0c736d8b36 [libFuzzer] Reorder includes in test
llvm-svn: 297692
2017-03-13 23:49:00 +00:00
Vitaly Buka 27441e5c47 [libFuzzer] Fix compilation of CustomCrossOverAndMutateTest on Windows
llvm-svn: 297690
2017-03-13 23:46:30 +00:00
Kostya Serebryany d481e1c361 [libFuzzer] add more iterations to LLVMFuzzer-Memcmp64BytesTest
llvm-svn: 297554
2017-03-11 05:14:49 +00:00
Kostya Serebryany 5dfa9642a8 [libFuzzer] reduce the number of vector resizes during merge (https://github.com/google/oss-fuzz/issues/445)
llvm-svn: 297551
2017-03-11 02:50:47 +00:00
Kostya Serebryany 81d1744519 [libFuzzer] print how much memory is consumed by the outer merge process (https://github.com/google/oss-fuzz/issues/445)
llvm-svn: 297546
2017-03-11 02:26:20 +00:00
Kostya Serebryany b6b2f18ea8 [libFuzzer] add test/LargeTest.cpp, mostly for manual experiments with large number of edges, not yet suitable for unit testing
llvm-svn: 297544
2017-03-11 01:54:06 +00:00