llvm-project/llvm/lib/Fuzzer
Kostya Serebryany 95b1a434d2 [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files.
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp

Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
  (need to implement another API to get the module name by PC)

llvm-svn: 284554
2016-10-19 00:12:03 +00:00
..
afl [libFuzzer] extend the messages printed by afl_driver 2016-07-19 23:18:28 +00:00
test [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files. 2016-10-19 00:12:03 +00:00
CMakeLists.txt [libFuzzer] use __attribute__((target("popcnt"))) only on x86_64 2016-08-24 01:38:42 +00:00
FuzzerCorpus.h [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 2016-10-14 20:20:33 +00:00
FuzzerCrossOver.cpp [libFuzzer] more refactoring; NFC 2016-09-21 02:05:39 +00:00
FuzzerDefs.h [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files. 2016-10-19 00:12:03 +00:00
FuzzerDictionary.h [libFuzzer] more refactoring; NFC 2016-09-21 02:05:39 +00:00
FuzzerDriver.cpp [libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file) 2016-10-18 18:38:08 +00:00
FuzzerExtFunctions.def [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard) 2016-09-30 01:24:57 +00:00
FuzzerExtFunctions.h [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions`` 2016-06-07 23:32:50 +00:00
FuzzerExtFunctionsDlsym.cpp [libFuzzer] more refactoring 2016-09-21 21:17:23 +00:00
FuzzerExtFunctionsWeak.cpp [libFuzzer] more refactoring 2016-09-21 21:17:23 +00:00
FuzzerFlags.def [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 2016-10-14 20:20:33 +00:00
FuzzerFnAdapter.h [LibFuzzer] Add missing #include<string> 2016-05-26 21:54:25 +00:00
FuzzerIO.cpp [libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process 2016-10-08 23:24:45 +00:00
FuzzerInterface.h [libfuzzer] custom crossover interface function. 2016-06-07 20:22:15 +00:00
FuzzerInternal.h [libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file) 2016-10-18 18:38:08 +00:00
FuzzerLoop.cpp [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item 2016-10-18 18:06:05 +00:00
FuzzerMain.cpp [libFuzzer] refactoring: split the large header into many; NFC 2016-09-21 01:50:50 +00:00
FuzzerMutate.cpp [libFuzzer] swap bytes in integers when handling CMP traces 2016-10-15 04:00:07 +00:00
FuzzerMutate.h [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 2016-10-14 20:20:33 +00:00
FuzzerOptions.h [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 2016-10-14 20:20:33 +00:00
FuzzerRandom.h [libFuzzer] refactoring: split the large header into many; NFC 2016-09-21 01:50:50 +00:00
FuzzerSHA1.cpp [libFuzzer] more refactoring 2016-09-21 21:17:23 +00:00
FuzzerTracePC.cpp [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files. 2016-10-19 00:12:03 +00:00
FuzzerTracePC.h [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 2016-10-14 20:20:33 +00:00
FuzzerTraceState.cpp [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 2016-10-14 20:20:33 +00:00
FuzzerUtil.cpp [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files. 2016-10-19 00:12:03 +00:00
FuzzerUtilDarwin.cpp [libFuzzer] more refactoring 2016-09-21 21:17:23 +00:00
FuzzerUtilLinux.cpp [libFuzzer] more refactoring 2016-09-21 21:17:23 +00:00
FuzzerValueBitMap.h [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 2016-10-05 22:56:21 +00:00
README.txt
build.sh [libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process 2016-10-08 23:24:45 +00:00
cxx.dict [libFuzzer] add AFL-style dictionary for C++, remove the old file with tokens 2015-12-22 01:50:51 +00:00

README.txt

Move to http://llvm.org/docs/LibFuzzer.html