09f4fa5200
[libFuzzer] add a test for r288389 (-rss_limit_mb=0 means no limit).
...
llvm-svn: 288392
2016-12-01 18:02:07 +00:00
b66cb88c2e
revert r288283 as it causes debug info (line numbers) to be lost in instrumented code. also revert r288299 which was a workaround for the problem.
...
llvm-svn: 288300
2016-12-01 02:06:56 +00:00
73f438ef9a
[libFuzzer] temporary disable a part of the test broken by r288283
...
llvm-svn: 288299
2016-12-01 01:33:44 +00:00
05f7791fbf
[libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit
...
llvm-svn: 288281
2016-11-30 22:39:35 +00:00
1cba0a96e7
[libFuzzer] extend -print_coverage to print the comma-separated list of covered dirs. Note: the Windows stub for DirName is left unimplemented
...
llvm-svn: 288276
2016-11-30 21:53:32 +00:00
fc1c405f98
[libFuzzer] use less stack
...
llvm-svn: 286689
2016-11-12 00:24:35 +00:00
8a56917492
[libFuzzer] fix -error_exitcode=N, now with a test
...
llvm-svn: 285958
2016-11-03 19:31:18 +00:00
bcfb0802e2
[libFuzzer] enable use_cmp by default
...
llvm-svn: 285353
2016-10-27 21:44:37 +00:00
117976818e
[libFuzzer] add StandaloneFuzzTargetMain.c and a test for it
...
llvm-svn: 285135
2016-10-25 22:30:34 +00:00
c48c93184a
[libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp
...
llvm-svn: 285109
2016-10-25 20:15:15 +00:00
3364f90783
[libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test
...
llvm-svn: 285049
2016-10-25 02:04:43 +00:00
65f102d4d2
[libFuzzer] mutation: insert the size of the input in bytes as one of the ways to mutate a binary integer
...
llvm-svn: 284909
2016-10-22 03:48:53 +00:00
10ae9e23a3
[libFuzzer] typo in a test
...
llvm-svn: 284903
2016-10-22 01:07:38 +00:00
2bfff021ad
[libFuzzer] add a test for asan's strict_string_checks=1
...
llvm-svn: 284902
2016-10-22 00:05:44 +00:00
95b1a434d2
[libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files.
...
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp
Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
(need to implement another API to get the module name by PC)
llvm-svn: 284554
2016-10-19 00:12:03 +00:00
bb59ef77ca
[libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file)
...
llvm-svn: 284514
2016-10-18 18:38:08 +00:00
9a4b10a56f
[libFuzzer] swap bytes in integers when handling CMP traces
...
llvm-svn: 284301
2016-10-15 04:00:07 +00:00
a5f94fb6c9
[libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode
...
llvm-svn: 284273
2016-10-14 20:20:33 +00:00
a17d23eaa7
[libFuzzer] add -trace_malloc= flag
...
llvm-svn: 284149
2016-10-13 19:06:46 +00:00
d19919a80e
[libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it
...
llvm-svn: 283841
2016-10-11 01:14:41 +00:00
3e0e901a18
[libFuzzer] add switch tests
...
llvm-svn: 283840
2016-10-11 01:13:32 +00:00
7abb95d3b3
[libFuzzer] make a test less flaky
...
llvm-svn: 283686
2016-10-09 03:45:38 +00:00
c5325ed29d
[libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process
...
llvm-svn: 283682
2016-10-08 23:24:45 +00:00
1c73f1bf27
[libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.
...
llvm-svn: 283409
2016-10-05 22:56:21 +00:00
379359c53a
[libFuzzer] add ShrinkValueProfileTest, move code around, NFC
...
llvm-svn: 283286
2016-10-05 01:09:40 +00:00
4820cc988f
[libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway
...
llvm-svn: 283187
2016-10-04 06:08:46 +00:00
e7e790bad6
[libFuzzer] remove unused option
...
llvm-svn: 282971
2016-09-30 22:29:57 +00:00
b3949ef885
[libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard)
...
llvm-svn: 282831
2016-09-30 01:24:57 +00:00
5ff481fd9e
[libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag
...
llvm-svn: 282458
2016-09-27 00:10:20 +00:00
16a145fd0f
[libFuzzer] fix merging with trace-pc-guard
...
llvm-svn: 282224
2016-09-23 01:58:51 +00:00
624f59f4d8
[libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings
...
llvm-svn: 282129
2016-09-22 01:34:58 +00:00
c9e3de35ed
[libFuzzer] one more test
...
llvm-svn: 282127
2016-09-22 00:57:29 +00:00
29bb664075
[libFuzzer] add stats to the corpus; more refactoring
...
llvm-svn: 282121
2016-09-21 22:42:17 +00:00
20801e1b8a
[libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one.
...
llvm-svn: 282115
2016-09-21 21:41:48 +00:00
8658618ea0
[libFuzzer] more refactoring
...
llvm-svn: 282113
2016-09-21 21:17:23 +00:00
6f5a804cdb
[libFuzzer] refactoring: split the large header into many; NFC
...
llvm-svn: 282044
2016-09-21 01:50:50 +00:00
09aa01a6f8
[libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features
...
llvm-svn: 282042
2016-09-21 01:04:43 +00:00
b706b481ba
[libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer
...
llvm-svn: 281866
2016-09-18 21:47:08 +00:00
bc3789a919
[libFuzzer] properly reset the guards when reseting the coverage. Also try to fix check-fuzzer on the bot
...
llvm-svn: 281814
2016-09-17 06:01:55 +00:00
3e36ec1d18
[libFuzzer] change trace-pc to use 8-byte guards
...
llvm-svn: 281810
2016-09-17 05:04:47 +00:00
0984517021
[libFuzzer] make caller-callee feedback work with trace-pc-guard
...
llvm-svn: 281667
2016-09-15 22:16:15 +00:00
21c3573733
[libFuzzer] fix the build for AFLDriverTest
...
llvm-svn: 281633
2016-09-15 18:10:38 +00:00
09e416615e
[libFuzzer] disable test that requires debug info -- it fails on the bot
...
llvm-svn: 281584
2016-09-15 05:46:58 +00:00
0b47fbcb30
[libFuzzer] move the AFL driver build rule test into the uninstrumented dir
...
llvm-svn: 281583
2016-09-15 05:17:39 +00:00
33a497abf4
[libFuzzer] fix print_pcs test
...
llvm-svn: 281580
2016-09-15 04:43:06 +00:00
5350178487
[libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic)
...
llvm-svn: 281577
2016-09-15 04:36:45 +00:00
a5277d59d0
[libFuzzer] add 8-bit counters to trace-pc-guard handler
...
llvm-svn: 281568
2016-09-15 01:30:18 +00:00
a00b243c75
[libFuzzer] start using trace-pc-guard as an alternative source of coverage
...
llvm-svn: 281435
2016-09-14 02:13:06 +00:00
4529960a3b
[libFuzzer] don't print help for internal flags
...
llvm-svn: 281124
2016-09-10 00:35:30 +00:00
b991cc1f0e
[libFuzzer] print a visible message if merge fails due to a crash
...
llvm-svn: 281122
2016-09-10 00:15:41 +00:00
Kostya Serebryany