OSchip
/
llvm-project
mirror of https://github.com/THU-DSP-LAB/llvm-project.git
13
0
Fork 6
Code Issues Packages Projects Releases Wiki Activity
253,853 Commits 31 Branches 0 Tags 2.2 GiB
Commit Graph

71 Commits

Author SHA1 Message Date
Kostya Serebryany 9f8e47b28c [libFuzzer] properly hide the memcmp interceptor from msan 
llvm-svn: 294061
 2017-02-03 22:51:38 +00:00
Mike Aizatsky 1b65812267 [libfuzzer] chromium-related compilation fixes 
Reviewers: kcc

Differential Revision: https://reviews.llvm.org/D29502

llvm-svn: 294035
 2017-02-03 20:26:44 +00:00
Kostya Serebryany 68382d0900 [libFuzzer] reorganize the tracing code to make it easier to experiment with inlined coverage instrumentation. NFC 
llvm-svn: 293928
 2017-02-02 19:56:01 +00:00
Kostya Serebryany 70182deaae [libFuzzer] simplify the value profiling callback further: don't use (idx MOD prime) on the hot path where it is useless anyway 
llvm-svn: 293239
 2017-01-27 00:39:12 +00:00
Kostya Serebryany 8e9ac42742 [libFuzzer] make sure (again) that __builtin_popcountl is compiled into popcnt 
llvm-svn: 293237
 2017-01-27 00:20:55 +00:00
Kostya Serebryany 7f058972ee [libFuzzer] simplify the value profile code and disable asan/msan on it 
llvm-svn: 293236
 2017-01-27 00:09:59 +00:00
Kostya Serebryany 7856fb36b0 [libFuzzer] further simplify __sanitizer_cov_trace_pc_guard 
llvm-svn: 293128
 2017-01-26 01:34:58 +00:00
Kostya Serebryany d0ecb4c69e [libFuzzer] simplify the code for __sanitizer_cov_trace_pc_guard and make sure it is not asan/msan-instrumented 
llvm-svn: 293125
 2017-01-26 01:04:54 +00:00
Kostya Serebryany 7c021afef2 [libFuzzer] don't call GetPreviousInstructionPc on the hot path -- only when dumping the PCs 
llvm-svn: 293117
 2017-01-26 00:22:08 +00:00
Kostya Serebryany 6bdd8fc5b6 [libFuzzer] make sure we use the feedback from std::string operator == 
llvm-svn: 292835
 2017-01-23 22:11:04 +00:00
Marcos Pividori 62c8fc571a [libFuzzer] Portably disassemble and find calls to sanitizer_cov_trace_pc_guard. 
Instead of directly using objdump, which is not present on Windows, we consider
different tools depending on the platform.
For Windows, we consider dumpbin and llvm-objdump.

Differential Revision: https://reviews.llvm.org/D28635

llvm-svn: 292739
 2017-01-22 01:58:26 +00:00
Marcos Pividori 60cc2fbba1 [libFuzzer] Portable implementation of `IsInterestingCoverageFile()`. 
For Posix systems and Windows, we need to consider different cases.

Differential Revision: https://reviews.llvm.org/D28633

llvm-svn: 292738
 2017-01-22 01:27:47 +00:00
Marcos Pividori 6137f98c2a [libFuzzer] Expose Sanitizer Coverage functions from libFuzzer. 
We need to expose Sanitizer Coverage's functions that are rewritten with a
different implementation, so compiler-rt's libraries have access to it.

Differential Revision: https://reviews.llvm.org/D28618

llvm-svn: 292736
 2017-01-22 01:27:38 +00:00
Kostya Serebryany 963ffd6485 [libFuzzer] fix gcc build 
llvm-svn: 292695
 2017-01-21 01:08:22 +00:00
Kostya Serebryany eee8b4a617 [libFuzzer] call __sanitizer_dump_coverage via EF 
llvm-svn: 292681
 2017-01-20 23:35:29 +00:00
Mike Aizatsky 0e37f8e41d [libfuzzer] fixing collected pc addresses for coverage 
Summary: The causes google/ossfuzz#84

Reviewers: kcc

Subscribers: mgorny

Differential Revision: https://reviews.llvm.org/D28827

llvm-svn: 292289
 2017-01-17 23:11:32 +00:00
Kostya Serebryany 1d8c2ce97e [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the code between cmp and memcmp handling) 
llvm-svn: 292287
 2017-01-17 23:09:05 +00:00
Kostya Serebryany 4986e819dc [libFuzzer] disable -print_pcs by default (was enabled by mistake) 
llvm-svn: 290899
 2017-01-03 18:51:28 +00:00
Kostya Serebryany 11a22bc39d [libFuzzer] cleaner implementation of -print_pcs=1 
llvm-svn: 290739
 2016-12-30 01:13:07 +00:00
Kostya Serebryany d723804fa2 [libFuzzer] make __sanitizer_cov_trace_switch more predictable 
llvm-svn: 290703
 2016-12-29 02:50:35 +00:00
Mike Aizatsky 9b415be1bf [libfuzzer] dump_coverage command line flag 
Reviewers: kcc, vitalybuka

Differential Revision: https://reviews.llvm.org/D27942

llvm-svn: 290138
 2016-12-19 22:18:08 +00:00
Kostya Serebryany 01c82f50f7 [libFuzzer] speed up __sanitizer_cov_trace_switch a bit more (remove DIV) 
llvm-svn: 290034
 2016-12-17 02:23:35 +00:00
Kostya Serebryany 00e638e642 [libFuzzer] when tracing switch statements, handle only one case at a time (to make things faster). Also ensure that the signals from value profile do not intersect with the regular coverage 
llvm-svn: 290031
 2016-12-17 02:03:34 +00:00
Kostya Serebryany 3a4e2dd92f [libFuzzer] avoid msan false positives in more cases 
llvm-svn: 289999
 2016-12-16 22:45:25 +00:00
Kostya Serebryany d9d9a54511 [libFuzzer] disable msan for one more hook that reads target's data that might be uninitialized 
llvm-svn: 289680
 2016-12-14 18:13:02 +00:00
Kostya Serebryany 1394ce2aa2 [libFuzzer] use __sanitizer_get_module_and_offset_for_pc to get the module name while printing the coverage 
llvm-svn: 289310
 2016-12-10 01:19:35 +00:00
Kostya Serebryany fe1094b811 [libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( 
llvm-svn: 288731
 2016-12-05 23:35:22 +00:00
Kostya Serebryany 1cba0a96e7 [libFuzzer] extend -print_coverage to print the comma-separated list of covered dirs. Note: the Windows stub for DirName is left unimplemented 
llvm-svn: 288276
 2016-11-30 21:53:32 +00:00
Zachary Turner 24a148b1d4 [LibFuzzer] Split up some functions among different headers. 
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't.  IO functions, for example, tend to be platform
specific.

This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.

Aside from that, this patch contains no functional change.  It
is purely a re-organization.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230

llvm-svn: 288264
 2016-11-30 19:06:14 +00:00
Kostya Serebryany 235679181b [libFuzzer] do not initialize parts of TracePC -- let them be initialized by the linker. Add no-msan attribute to the memcmp hook. 
llvm-svn: 286665
 2016-11-11 23:06:53 +00:00
Kostya Serebryany 94c427c23e [libFuzzer] speculatively trying to fix the Mac build; second attempt 
llvm-svn: 285262
 2016-10-27 00:36:38 +00:00
Kostya Serebryany 2fabecaee3 [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once 
llvm-svn: 285223
 2016-10-26 18:52:04 +00:00
Kostya Serebryany 06b8757b57 [libFuzzer] simplify the code in TracePC::HandleTrace a bit more 
llvm-svn: 285147
 2016-10-26 00:42:52 +00:00
Kostya Serebryany a5b2e54fcb [libFuzzer] simplify the code to print new PCs 
llvm-svn: 285145
 2016-10-26 00:20:51 +00:00
Kostya Serebryany 275e260258 [libFuzzer] simplify the code in TracePC::HandleTrace 
llvm-svn: 285142
 2016-10-25 23:52:25 +00:00
Kostya Serebryany 3364f90783 [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test 
llvm-svn: 285049
 2016-10-25 02:04:43 +00:00
Kostya Serebryany 95b1a434d2 [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files. 
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp

Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
  (need to implement another API to get the module name by PC)

llvm-svn: 284554
 2016-10-19 00:12:03 +00:00
Kostya Serebryany 9a4b10a56f [libFuzzer] swap bytes in integers when handling CMP traces 
llvm-svn: 284301
 2016-10-15 04:00:07 +00:00
Kostya Serebryany a5f94fb6c9 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
llvm-svn: 284273
 2016-10-14 20:20:33 +00:00
Kostya Serebryany 17d176e16b [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a fix for gcc build 
llvm-svn: 284132
 2016-10-13 16:19:09 +00:00
Daniel Jasper 90d990e034 Revert "[libFuzzer] refactoring to speed things up, NFC" 
This reverts commit r283946.

This breaks when build with GCC:
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes]
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch
lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here

llvm-svn: 283979
 2016-10-12 07:26:46 +00:00
Kostya Serebryany a09d11e108 [libFuzzer] refactoring to speed things up, NFC 
llvm-svn: 283946
 2016-10-11 21:27:37 +00:00
Kostya Serebryany d19919a80e [libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it 
llvm-svn: 283841
 2016-10-11 01:14:41 +00:00
Kostya Serebryany 1c73f1bf27 [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
llvm-svn: 283409
 2016-10-05 22:56:21 +00:00
Kostya Serebryany 379359c53a [libFuzzer] add ShrinkValueProfileTest, move code around, NFC 
llvm-svn: 283286
 2016-10-05 01:09:40 +00:00
Kostya Serebryany d1f31d0a49 [libFuzzer] fix a recent bugs (buffer overflow) 
llvm-svn: 283021
 2016-10-01 07:13:25 +00:00
Kostya Serebryany d216922a80 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default 
llvm-svn: 282995
 2016-10-01 01:04:29 +00:00
Kostya Serebryany 2c55613a08 [libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input 
llvm-svn: 282829
 2016-09-30 01:19:56 +00:00
Kostya Serebryany a9b0dd0e51 [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals 
llvm-svn: 282735
 2016-09-29 17:43:24 +00:00
Kostya Serebryany 3ee6c213d6 [libFuzzer] speedup TracePC::FinalizeTrace 
llvm-svn: 282562
 2016-09-28 01:16:24 +00:00