OSchip
/
llvm-project
mirror of https://github.com/THU-DSP-LAB/llvm-project.git
13
0
Fork 6
Code Issues Packages Projects Releases Wiki Activity
257,842 Commits 32 Branches 0 Tags 2.2 GiB
Commit Graph

74 Commits

Author SHA1 Message Date
Mike Aizatsky 1b65812267 [libfuzzer] chromium-related compilation fixes 
Reviewers: kcc

Differential Revision: https://reviews.llvm.org/D29502

llvm-svn: 294035
 2017-02-03 20:26:44 +00:00
Kostya Serebryany bb91170cb5 [libFuzzer] remove stale code 
llvm-svn: 292325
 2017-01-18 01:10:18 +00:00
Kostya Serebryany 3344f3517f [libFuzzer] add ATTRIBUTE_NO_SANITIZE_MEMORY to sanitizer hooks 
llvm-svn: 292295
 2017-01-17 23:50:21 +00:00
Kostya Serebryany 1d8c2ce97e [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the code between cmp and memcmp handling) 
llvm-svn: 292287
 2017-01-17 23:09:05 +00:00
Kostya Serebryany 61f5473bad [libFuzzer] remove dead code, NFC 
llvm-svn: 291195
 2017-01-06 00:09:40 +00:00
Zachary Turner 6fa57ad9bd Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows." 
This resubmits r288529, which was resubmitted because it broke a
fuzzer bot.  According to kcc@ the test that broke was flakey
and it is unlikely to be a result of this patch.

llvm-svn: 288549
 2016-12-02 23:02:01 +00:00
Zachary Turner 3cfeab7059 Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows." 
This reverts commit r288529, as it seems to introduce some
problems on the Linux bots.

llvm-svn: 288533
 2016-12-02 20:54:56 +00:00
Zachary Turner 34dcfb9294 [LibFuzzer] Split FuzzerUtil for Posix and Windows. 
Pave the way for separating out platform specific
utility functions into separate files.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27234

llvm-svn: 288529
 2016-12-02 19:38:19 +00:00
Zachary Turner 24a148b1d4 [LibFuzzer] Split up some functions among different headers. 
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't.  IO functions, for example, tend to be platform
specific.

This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.

Aside from that, this patch contains no functional change.  It
is purely a re-organization.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230

llvm-svn: 288264
 2016-11-30 19:06:14 +00:00
Kostya Serebryany a5f94fb6c9 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
llvm-svn: 284273
 2016-10-14 20:20:33 +00:00
Kostya Serebryany 379359c53a [libFuzzer] add ShrinkValueProfileTest, move code around, NFC 
llvm-svn: 283286
 2016-10-05 01:09:40 +00:00
Kostya Serebryany 4820cc988f [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway 
llvm-svn: 283187
 2016-10-04 06:08:46 +00:00
Kostya Serebryany ab73c6924f [libFuzzer] move value profiling logic into TracePC 
llvm-svn: 282219
 2016-09-23 00:46:18 +00:00
Kostya Serebryany d28099de5d [libFuzzer] change ValueBitMap to remember the number of bits in it 
llvm-svn: 282216
 2016-09-23 00:22:46 +00:00
Kostya Serebryany 6f5a804cdb [libFuzzer] refactoring: split the large header into many; NFC 
llvm-svn: 282044
 2016-09-21 01:50:50 +00:00
Kostya Serebryany 5c04bd250e [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better 
llvm-svn: 281007
 2016-09-09 01:17:03 +00:00
Kostya Serebryany 248d11519a [libFuzzer] stop using bits for memcmp's value profile -- seems to blow up the corpus too much 
llvm-svn: 280096
 2016-08-30 14:39:33 +00:00
Kostya Serebryany d4492f8101 [libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the fuzzer reaches the goal much faster, at least on the simple puzzles 
llvm-svn: 280054
 2016-08-30 03:05:50 +00:00
Kostya Serebryany 4d22e4fcb9 [libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests 
llvm-svn: 280046
 2016-08-30 01:30:14 +00:00
Kostya Serebryany bceadcf1cd [libFuzzer] use __attribute__((target("popcnt"))) only on x86_64 
llvm-svn: 279601
 2016-08-24 01:38:42 +00:00
Kostya Serebryany ac524cfcce [libFuzzer] collect 64 states for value profile, not 65 
llvm-svn: 279588
 2016-08-23 23:37:37 +00:00
Kostya Serebryany 524c3f32e7 [sanitizer-coverage/libFuzzer] instrument comparisons with __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer 
llvm-svn: 279027
 2016-08-18 01:25:28 +00:00
Kostya Serebryany 5a5d5548f0 [libFuzzer] force proper popcnt instruction 
llvm-svn: 279002
 2016-08-17 23:09:57 +00:00
Kostya Serebryany d46a59fac4 [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. 
llvm-svn: 278839
 2016-08-16 19:33:51 +00:00
Kostya Serebryany 6b08be9279 [libFuzzer] properly intercept memmem 
llvm-svn: 276006
 2016-07-19 18:29:06 +00:00
Kostya Serebryany c135b55ae0 [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp 
llvm-svn: 275648
 2016-07-15 23:27:19 +00:00
Mike Aizatsky f0b3e85f4e [libfuzzer] moving is_ascii handler inside mutation dispatcher. 
Summary: It also fixes a bug, when first random might not be ascii.

Differential Revision: http://reviews.llvm.org/D21573

llvm-svn: 273611
 2016-06-23 20:44:48 +00:00
Richard Smith b62e7e31f7 Fix compilation with GCC, which treats this as a constructor name not a type 
name. (GCC is correct here per the latest language DRs.)

llvm-svn: 271044
 2016-05-27 21:05:35 +00:00
Kostya Serebryany f26017baf9 [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFC 
llvm-svn: 270922
 2016-05-26 21:32:30 +00:00
Kostya Serebryany f1f3f93c9e [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended 
llvm-svn: 270900
 2016-05-26 20:03:02 +00:00
Kostya Serebryany 64d24578d8 [libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes. 
llvm-svn: 263323
 2016-03-12 01:57:04 +00:00
Dmitry Vyukov 2eed1218e5 libfuzzer: fix compiler warnings 
- unused sigaction/setitimer result (used in assert)
- unchecked fscanf return value
- signed/unsigned comparison

llvm-svn: 262472
 2016-03-02 09:54:40 +00:00
Kostya Serebryany 7ec0c56e07 [libFuzzer] get rid of UserSuppliedFuzzer; NFC 
llvm-svn: 260798
 2016-02-13 03:25:16 +00:00
Kostya Serebryany d88d1305c4 [libFuzzer] don't create too many trace-based mutations as it may be too slow 
llvm-svn: 259600
 2016-02-02 23:17:45 +00:00
Kostya Serebryany b5e984992a [libFuzzer] don't do expensive memmem if the result will not be used 
llvm-svn: 258462
 2016-01-22 01:04:58 +00:00
Kostya Serebryany 476f0ce31a [libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path 
llvm-svn: 257985
 2016-01-16 03:53:32 +00:00
Kostya Serebryany ae5b9567bc [libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) 
llvm-svn: 257873
 2016-01-15 06:24:05 +00:00
Kostya Serebryany 98abb2c90a [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations 
llvm-svn: 257713
 2016-01-13 23:46:01 +00:00
Kostya Serebryany d50a3eedb4 [libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) 
llvm-svn: 257701
 2016-01-13 23:02:30 +00:00
Kostya Serebryany 4b83a4f6fe [libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS 
llvm-svn: 257482
 2016-01-12 16:50:18 +00:00
Kostya Serebryany 4174005622 [libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries 
llvm-svn: 257435
 2016-01-12 02:36:59 +00:00
Kostya Serebryany 859e86d962 [libFuzzer] add various debug prints. Also don't mutate based on a cmp trace like (a eq a) or (a neq a) 
llvm-svn: 257434
 2016-01-12 02:08:37 +00:00
Kostya Serebryany e3580956ea [libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive the result of the computations. With that, don't do any mutations if memcmp/etc returned 0 
llvm-svn: 257423
 2016-01-12 00:43:42 +00:00
Kostya Serebryany 1f9c40db1d [libFuzzer] debug prints in tracing 
llvm-svn: 257249
 2016-01-09 03:46:08 +00:00
Kostya Serebryany b65805a939 [libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary 
llvm-svn: 257248
 2016-01-09 03:08:58 +00:00
Kostya Serebryany c573316eee [libFuzzer] don't limit memcmp tracing with 8 bytes 
llvm-svn: 257245
 2016-01-09 01:39:55 +00:00
Kostya Serebryany e7583d21e3 [libFuzzer] refactor the way we collect cmp traces (don't use std::vector, don't limit with 8 bytes) 
llvm-svn: 257239
 2016-01-09 00:38:40 +00:00
Kostya Serebryany 226b734d73 [libFuzzer] make trace-based fuzzing not crash in presence of threads 
llvm-svn: 256876
 2016-01-06 00:03:35 +00:00
Kostya Serebryany 4d62322213 [libFuzzer] remove default initializer as a workaround for https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399. Don't need it anyway. 
llvm-svn: 253419
 2015-11-18 01:08:30 +00:00
Kostya Serebryany 3287d7a6ed [libFuzzer] Marking exported symbols as visible. Patch by Mike Aizatsky 
llvm-svn: 248954
 2015-09-30 22:22:37 +00:00