ec20fd7731
[CMake] Add install target for LLVMFuzzer
...
This allows including LLVMFuzzer as distribution component.
Differential Revision: https://reviews.llvm.org/D36540
llvm-svn: 310897
2017-08-14 23:37:31 +00:00
e3cb3c519f
[libFuzzer] try to use less RAM while processing the initial corpus
...
llvm-svn: 310881
2017-08-14 20:34:35 +00:00
47cb4856d4
[libFuzzer] explicitly use -fsanitize-coverage=trace-pc-guard in test/dump_coverage.test; mark print_coverage/dump_coverage as To-be-deprecated
...
llvm-svn: 310877
2017-08-14 19:55:23 +00:00
0873be2ad0
[libFuzzer] experimental support for Clang's coverage (fprofile-instr-generate), Linux-only
...
llvm-svn: 310771
2017-08-11 23:03:22 +00:00
d20e8b4edb
[libFuzzer] Re-enable coverage.test on Darwin.
...
llvm-svn: 310750
2017-08-11 20:30:52 +00:00
7235bcdf8f
[libFuzzer] Update LibFuzzer w.r.t. the new comparisons instrumentation API
...
Added the _sanitizer_cov_trace_const_cmp[1248] callbacks.
For now they are implemented the same way as _sanitizer_cov_trace_cmp[1248].
For more details, please see https://reviews.llvm.org/D36465 .
Patch by Victor Chibotaru.
llvm-svn: 310592
2017-08-10 14:01:45 +00:00
e863796dca
[libFuzzer] simplify code, NFC
...
llvm-svn: 310326
2017-08-08 00:17:20 +00:00
22e5f9a16a
[libFuzzer] remove stale code
...
llvm-svn: 310325
2017-08-08 00:14:49 +00:00
854be98c93
[libFuzzer] simplify the implementation of -print_coverage=1
...
llvm-svn: 310324
2017-08-08 00:12:09 +00:00
00e25c5459
Do not instrument libFuzzer itself when built with -DLLVM_USE_SANITIZE_COVERAGE
...
Fixes regression from https://reviews.llvm.org/D36295
Differential Revision: https://reviews.llvm.org/D36428
llvm-svn: 310305
2017-08-07 20:56:11 +00:00
a84a6c1e48
[libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) to implement -exit_on_src_pos
...
llvm-svn: 310151
2017-08-04 23:49:53 +00:00
be7a35769d
[libFuzzer] print PCs using the in-binary PC-table instead of relying on PCs captured at run-time
...
llvm-svn: 310148
2017-08-04 23:13:58 +00:00
64426e3ba8
[libFuzzer] re-enable fuzzer-printcovpcs.test
...
llvm-svn: 310126
2017-08-04 20:47:22 +00:00
27cba58898
[libFuzzer] make a test more robust
...
llvm-svn: 310113
2017-08-04 20:09:15 +00:00
1d7a33b8ae
[libFuzzer] remove the now redundant 'LLVMFuzzer-' prefix from libFuzzer tests
...
llvm-svn: 310110
2017-08-04 20:05:25 +00:00
785cec91a4
[libFuzzer] split one test into several
...
llvm-svn: 310106
2017-08-04 20:01:04 +00:00
b0c2bb572d
[libFuzzer tests] Only enable libFuzzer tests if
...
-DLIBFUZZER_ENABLE_TESTS=ON is set.
llvm-svn: 310100
2017-08-04 19:29:16 +00:00
0c079d06d3
[libFuzzer] make trace-pc.test more reliable
...
llvm-svn: 310091
2017-08-04 18:43:39 +00:00
96d6008145
Fixing buildbots: do not register check-fuzzer if clang or asan are not
...
present.
llvm-svn: 310077
2017-08-04 17:43:29 +00:00
a5de052362
Drop Windows support from libFuzzer tests.
...
Differential Revision: https://reviews.llvm.org/D36205
llvm-svn: 310076
2017-08-04 17:43:28 +00:00
8ecdd7be15
Port libFuzzer tests to LIT. Do not require two-stage build for check-fuzzer.
...
This revision ports all libFuzzer tests apart from the unittest to LIT.
The advantages of doing so include:
- Tests being self-contained
- Much easier debugging of a single test
- No need for using a two-stage compilation
The unit-test is still compiled using CMake, but it does not need a
freshly built compiler.
NOTE: The previous two-stage bot configuration will NOT work, as in the
second stage build LLVM_USE_SANITIZER is set, which disables ASAN from
being built.
Thus bots will be reconfigured in the next few commits.
Differential Revision: https://reviews.llvm.org/D36295
llvm-svn: 310075
2017-08-04 17:19:45 +00:00
5bd0503680
Disable libFuzzer tests on Windows
...
Differential Revision: https://reviews.llvm.org/D36297
llvm-svn: 310009
2017-08-04 00:26:12 +00:00
f020c98912
[libFuzzer] Un-reverting change in tests after fixing the failure on Linux.
...
Differential Revision: https://reviews.llvm.org/D36242
llvm-svn: 309982
2017-08-03 20:28:16 +00:00
6f046b4dd7
Revert "[libFuzzer tests] Use substring comparison in libFuzzer tests"
...
This reverts commit 3592d8049660dcdd07f7c2e797f2de9790f93111.
Breaks the bots, reverting for now.
llvm-svn: 309899
2017-08-02 23:09:57 +00:00
03f9506477
[libFuzzer tests] Use substring comparison in libFuzzer tests
...
LIT launches executables with absolute, and not relative, path.
strncmp would try to do exact comparison and fail.
Differential Revision: https://reviews.llvm.org/D36242
llvm-svn: 309889
2017-08-02 21:38:50 +00:00
0fc5ee2db0
[libFuzzer] temporarty remove pc-tables and disable test/fuzzer-printcovpcs.test until this can be fixed on Windows
...
llvm-svn: 309716
2017-08-01 18:02:19 +00:00
6cdb5a61b5
[libFuzzer] implement more correct way of computing feature index for Inline8bitCounters
...
llvm-svn: 309647
2017-08-01 01:16:26 +00:00
4f2970037a
[libFuzzer] enable -fsanitize-coverage=pc-table for all tests
...
llvm-svn: 309646
2017-08-01 00:48:44 +00:00
b2a1eba2f5
[libFuzzer] implement __sanitizer_cov_pcs_init and add pc-table to build flags for one test (for now)
...
llvm-svn: 309615
2017-07-31 20:20:59 +00:00
f14996b962
[libFuzzer] improve support for inline-8bit-counters (make it more correct and faster)
...
llvm-svn: 309443
2017-07-28 22:00:56 +00:00
6eab1a8ee6
[libFuzzer] don't disable msan for TracePC::CollectFeatures: this started to cause false positives in msan. No tests for libFuzzer+msan yet -- tests will need to wait until we move libFuzzer to compiler-rt
...
llvm-svn: 309038
2017-07-25 22:05:31 +00:00
6f7befd10f
[libFuzzer] make one test faster, fix compiler warnings in tests
...
llvm-svn: 308945
2017-07-25 02:09:46 +00:00
9bc64acf90
Revert "Revert "[libFuzzer] Add a dependency on symbolizer from libFuzzer tests""
...
This reverts commit 15425f2bc6eac6249ee957a2a280511306c07547.
Should work now that atos is a default symbolizer on Darwin.
llvm-svn: 308910
2017-07-24 18:38:14 +00:00
8cb63ec20b
[libFuzzer] reimplement experimental_len_control=1: bump the temporary max_len every time we failed to find new coverage during the last 1000 runs and 1 second. Also fix FileToVector to not load unfinished files
...
llvm-svn: 308811
2017-07-22 00:10:29 +00:00
9e689792b2
Generate error reports when a fuzz target exits.
...
Summary:
Implements https://github.com/google/sanitizers/issues/835 .
Flush stdout before exiting in test cases.
Since the atexit hook is used for exit reports, pending prints to
stdout can be lost if they aren't flushed before calling exit().
Expect tests to have non-zero exit code if exit() is called.
Reviewers: vitalybuka, kcc
Reviewed By: kcc
Subscribers: eraman, llvm-commits, hiraditya
Differential Revision: https://reviews.llvm.org/D35602
llvm-svn: 308669
2017-07-20 20:43:39 +00:00
d1b731d57b
[libFuzzer] delete stale code
...
llvm-svn: 308663
2017-07-20 20:15:13 +00:00
a763be3d5f
[libFuzzer] make sure CheckExitOnSrcPosOrItem is called after the new input is saved to the corpus
...
llvm-svn: 308653
2017-07-20 18:53:25 +00:00
e55828c740
[libFuzzer] prototype implementation of recursion-depth coverage features (commented out; real implementation needs to use inlined instrumentation)
...
llvm-svn: 308577
2017-07-20 01:35:17 +00:00
15cc3713d3
[libFuzzer] add DeepRecursionTest, inspired by https://guidovranken.wordpress.com/2017/07/08/libfuzzer-gv-new-techniques-for-dramatically-faster-fuzzing/ (Stack-depth-guided fuzzing). libFuzzer does not solve it yet.
...
llvm-svn: 308571
2017-07-20 00:37:08 +00:00
6326639721
Try to deflake fuzzer-oom.test on Windows
...
llvm-svn: 308568
2017-07-20 00:11:39 +00:00
f1bafd9bf6
[libFuzzer] simplify two more tests
...
llvm-svn: 308560
2017-07-19 23:52:54 +00:00
a168af7b5f
[libFuzzer] change several tests to not limit the max len: with reduce_inputs=1 they are now fast enough even w/o this
...
llvm-svn: 308553
2017-07-19 23:45:46 +00:00
b3283b740f
Fix fuzzer-flags.test on Windows
...
The optional external function callbacks have to be exported in order
for them to be called. The test was failing because libFuzzer wasn't
calling LLVMFuzzerInitialize.
We can reconsider if this is the best way to mark these optional
callbacks exported later.
llvm-svn: 308548
2017-07-19 23:22:06 +00:00
4a27b70ed5
[libFuzzer] enable reduce_inputs=1 by default (seems to be a big win usually)
...
llvm-svn: 308541
2017-07-19 22:10:30 +00:00
d01e956d38
[libFuzzer] when adding a reduced input print REDUCED instead of NEW
...
llvm-svn: 308336
2017-07-18 18:47:36 +00:00
f1b5c64052
[libFuzzer] improve -reduce_inputs=1: now only consider the unique features of very input (seems to work much better)
...
llvm-svn: 308253
2017-07-18 01:36:50 +00:00
871c157b1a
[libFuzzer] disable fuzzer-flags.test on windows to fix the bots
...
llvm-svn: 308246
2017-07-18 01:00:28 +00:00
00727af610
Revert "[libFuzzer] Add a dependency on symbolizer from libFuzzer tests"
...
This reverts commit 546e006a023cccd0fd32afd442ab992d3515d4b8.
Reverting until I can figure out llvm-symbolizer breakages on mac os.
llvm-svn: 308202
2017-07-17 18:18:03 +00:00
e9838cdcc5
[libFuzzer] remove stale code
...
llvm-svn: 308075
2017-07-15 01:31:40 +00:00
c27a70d048
[libFuzzer] Allow non-fuzzer args after -ignore_remaining_args=1
...
With this change, libFuzzer will ignore any arguments after a sigil
argument, but it will preserve these arguments at the end of the
command line when launching subprocesses. Using this, its possible to
handle positional and single-dash arguments to the program under test
by discarding everything up to -ignore_remaining_args=1 in
LLVMFuzzerInitialize.
llvm-svn: 308069
2017-07-14 23:33:04 +00:00
Petr Hosek