maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
243,634 Commits 23 Branches 0 Tags 2.2 GiB
Commit Graph

62 Commits

Author SHA1 Message Date
Kostya Serebryany ab73c6924f [libFuzzer] move value profiling logic into TracePC 
llvm-svn: 282219
 2016-09-23 00:46:18 +00:00
Kostya Serebryany d28099de5d [libFuzzer] change ValueBitMap to remember the number of bits in it 
llvm-svn: 282216
 2016-09-23 00:22:46 +00:00
Kostya Serebryany 6f5a804cdb [libFuzzer] refactoring: split the large header into many; NFC 
llvm-svn: 282044
 2016-09-21 01:50:50 +00:00
Kostya Serebryany 5c04bd250e [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better 
llvm-svn: 281007
 2016-09-09 01:17:03 +00:00
Kostya Serebryany 248d11519a [libFuzzer] stop using bits for memcmp's value profile -- seems to blow up the corpus too much 
llvm-svn: 280096
 2016-08-30 14:39:33 +00:00
Kostya Serebryany d4492f8101 [libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the fuzzer reaches the goal much faster, at least on the simple puzzles 
llvm-svn: 280054
 2016-08-30 03:05:50 +00:00
Kostya Serebryany 4d22e4fcb9 [libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests 
llvm-svn: 280046
 2016-08-30 01:30:14 +00:00
Kostya Serebryany bceadcf1cd [libFuzzer] use __attribute__((target("popcnt"))) only on x86_64 
llvm-svn: 279601
 2016-08-24 01:38:42 +00:00
Kostya Serebryany ac524cfcce [libFuzzer] collect 64 states for value profile, not 65 
llvm-svn: 279588
 2016-08-23 23:37:37 +00:00
Kostya Serebryany 524c3f32e7 [sanitizer-coverage/libFuzzer] instrument comparisons with __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer 
llvm-svn: 279027
 2016-08-18 01:25:28 +00:00
Kostya Serebryany 5a5d5548f0 [libFuzzer] force proper popcnt instruction 
llvm-svn: 279002
 2016-08-17 23:09:57 +00:00
Kostya Serebryany d46a59fac4 [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. 
llvm-svn: 278839
 2016-08-16 19:33:51 +00:00
Kostya Serebryany 6b08be9279 [libFuzzer] properly intercept memmem 
llvm-svn: 276006
 2016-07-19 18:29:06 +00:00
Kostya Serebryany c135b55ae0 [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp 
llvm-svn: 275648
 2016-07-15 23:27:19 +00:00
Mike Aizatsky f0b3e85f4e [libfuzzer] moving is_ascii handler inside mutation dispatcher. 
Summary: It also fixes a bug, when first random might not be ascii.

Differential Revision: http://reviews.llvm.org/D21573

llvm-svn: 273611
 2016-06-23 20:44:48 +00:00
Richard Smith b62e7e31f7 Fix compilation with GCC, which treats this as a constructor name not a type 
name. (GCC is correct here per the latest language DRs.)

llvm-svn: 271044
 2016-05-27 21:05:35 +00:00
Kostya Serebryany f26017baf9 [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFC 
llvm-svn: 270922
 2016-05-26 21:32:30 +00:00
Kostya Serebryany f1f3f93c9e [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended 
llvm-svn: 270900
 2016-05-26 20:03:02 +00:00
Kostya Serebryany 64d24578d8 [libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes. 
llvm-svn: 263323
 2016-03-12 01:57:04 +00:00
Dmitry Vyukov 2eed1218e5 libfuzzer: fix compiler warnings 
- unused sigaction/setitimer result (used in assert)
- unchecked fscanf return value
- signed/unsigned comparison

llvm-svn: 262472
 2016-03-02 09:54:40 +00:00
Kostya Serebryany 7ec0c56e07 [libFuzzer] get rid of UserSuppliedFuzzer; NFC 
llvm-svn: 260798
 2016-02-13 03:25:16 +00:00
Kostya Serebryany d88d1305c4 [libFuzzer] don't create too many trace-based mutations as it may be too slow 
llvm-svn: 259600
 2016-02-02 23:17:45 +00:00
Kostya Serebryany b5e984992a [libFuzzer] don't do expensive memmem if the result will not be used 
llvm-svn: 258462
 2016-01-22 01:04:58 +00:00
Kostya Serebryany 476f0ce31a [libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path 
llvm-svn: 257985
 2016-01-16 03:53:32 +00:00
Kostya Serebryany ae5b9567bc [libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) 
llvm-svn: 257873
 2016-01-15 06:24:05 +00:00
Kostya Serebryany 98abb2c90a [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations 
llvm-svn: 257713
 2016-01-13 23:46:01 +00:00
Kostya Serebryany d50a3eedb4 [libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) 
llvm-svn: 257701
 2016-01-13 23:02:30 +00:00
Kostya Serebryany 4b83a4f6fe [libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS 
llvm-svn: 257482
 2016-01-12 16:50:18 +00:00
Kostya Serebryany 4174005622 [libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries 
llvm-svn: 257435
 2016-01-12 02:36:59 +00:00
Kostya Serebryany 859e86d962 [libFuzzer] add various debug prints. Also don't mutate based on a cmp trace like (a eq a) or (a neq a) 
llvm-svn: 257434
 2016-01-12 02:08:37 +00:00
Kostya Serebryany e3580956ea [libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive the result of the computations. With that, don't do any mutations if memcmp/etc returned 0 
llvm-svn: 257423
 2016-01-12 00:43:42 +00:00
Kostya Serebryany 1f9c40db1d [libFuzzer] debug prints in tracing 
llvm-svn: 257249
 2016-01-09 03:46:08 +00:00
Kostya Serebryany b65805a939 [libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary 
llvm-svn: 257248
 2016-01-09 03:08:58 +00:00
Kostya Serebryany c573316eee [libFuzzer] don't limit memcmp tracing with 8 bytes 
llvm-svn: 257245
 2016-01-09 01:39:55 +00:00
Kostya Serebryany e7583d21e3 [libFuzzer] refactor the way we collect cmp traces (don't use std::vector, don't limit with 8 bytes) 
llvm-svn: 257239
 2016-01-09 00:38:40 +00:00
Kostya Serebryany 226b734d73 [libFuzzer] make trace-based fuzzing not crash in presence of threads 
llvm-svn: 256876
 2016-01-06 00:03:35 +00:00
Kostya Serebryany 4d62322213 [libFuzzer] remove default initializer as a workaround for https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399. Don't need it anyway. 
llvm-svn: 253419
 2015-11-18 01:08:30 +00:00
Kostya Serebryany 3287d7a6ed [libFuzzer] Marking exported symbols as visible. Patch by Mike Aizatsky 
llvm-svn: 248954
 2015-09-30 22:22:37 +00:00
Kostya Serebryany 65f50868e5 [libFuzzer] refactor the code to allow building libFuzzer on platforms that don't have dfsan and don't support weak functions 
llvm-svn: 247321
 2015-09-10 18:48:38 +00:00
Kostya Serebryany 4b82de2e47 [libFuzzer] remove a piece of stale code 
llvm-svn: 247067
 2015-09-08 20:40:10 +00:00
Kostya Serebryany e641dd6479 [libFuzzer] more accurate logic for traces, 80-char fix 
llvm-svn: 246888
 2015-09-04 22:32:25 +00:00
Kostya Serebryany 12c7837381 [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the trace-based-mutations are applied 
llvm-svn: 244712
 2015-08-12 01:55:37 +00:00
Kostya Serebryany d46369d8b3 [libFuzzer] avoid build warnings in non-assert build (useful warning in this case) 
llvm-svn: 244177
 2015-08-05 23:44:42 +00:00
Kostya Serebryany 4cc10d432a [libFuzzer] in dfsan mode, set labels every time we start recording traces as opposed to doing it at process startup. This ensures that the labels are fresh. 
llvm-svn: 244165
 2015-08-05 23:02:57 +00:00
Kostya Serebryany 7f4227d59a [libFuzzer] use data-flow feedback from strcmp 
llvm-svn: 244084
 2015-08-05 18:23:01 +00:00
Kostya Serebryany 8ce7424e9c [libFuzzer] start refactoring the Mutator and adding tests to it 
llvm-svn: 243817
 2015-08-01 01:42:51 +00:00
Kostya Serebryany fe7e41e8f5 [libFuzzer] make sure that 2-byte arguments of switch() are handled properly 
llvm-svn: 243781
 2015-07-31 20:58:55 +00:00
Kostya Serebryany 73932e5fe3 [libFuzzer] record traces from the switch statements only when told to do so 
llvm-svn: 243768
 2015-07-31 18:09:08 +00:00
Kostya Serebryany cd6a4665e0 [libFuzzer] support switch interception in dfsan mode 
llvm-svn: 243760
 2015-07-31 17:05:05 +00:00
Kostya Serebryany fb7d8d9d06 [libFuzzer] trace switch statements and apply mutations based on the expected case values 
llvm-svn: 243726
 2015-07-31 01:33:06 +00:00