OSchip
/
llvm-project
mirror of https://github.com/THU-DSP-LAB/llvm-project.git
13
0
Fork 6
Code Issues Packages Projects Releases Wiki Activity
269,525 Commits 32 Branches 0 Tags 2.2 GiB
Commit Graph

188 Commits

Author SHA1 Message Date
Kostya Serebryany 8cb63ec20b [libFuzzer] reimplement experimental_len_control=1: bump the temporary max_len every time we failed to find new coverage during the last 1000 runs and 1 second. Also fix FileToVector to not load unfinished files 
llvm-svn: 308811
 2017-07-22 00:10:29 +00:00
Matt Morehouse 9e689792b2 Generate error reports when a fuzz target exits. 
Summary:
Implements https://github.com/google/sanitizers/issues/835.

Flush stdout before exiting in test cases.

Since the atexit hook is used for exit reports, pending prints to
stdout can be lost if they aren't flushed before calling exit().

Expect tests to have non-zero exit code if exit() is called.

Reviewers: vitalybuka, kcc

Reviewed By: kcc

Subscribers: eraman, llvm-commits, hiraditya

Differential Revision: https://reviews.llvm.org/D35602

llvm-svn: 308669
 2017-07-20 20:43:39 +00:00
Kostya Serebryany d01e956d38 [libFuzzer] when adding a reduced input print REDUCED instead of NEW 
llvm-svn: 308336
 2017-07-18 18:47:36 +00:00
Kostya Serebryany f1b5c64052 [libFuzzer] improve -reduce_inputs=1: now only consider the unique features of very input (seems to work much better) 
llvm-svn: 308253
 2017-07-18 01:36:50 +00:00
Kostya Serebryany f64b8487f9 [libFuzzer] simplify the handling of memmem/strstr 
llvm-svn: 307977
 2017-07-14 00:06:27 +00:00
Kostya Serebryany 1ca738809a [libFuzzer] experimental feature -reduce_inputs (off by default) that tries to replace elements in the corpus with smaller ones that have the same feature set. Still needs tuning 
llvm-svn: 307873
 2017-07-13 01:08:53 +00:00
Kostya Serebryany 1e99d543d2 [libFuzzer] refactoring in preparation for -reduce_inputs; NFC intended 
llvm-svn: 307857
 2017-07-12 22:20:04 +00:00
Kostya Serebryany fe4ed9bd85 [libFuzzer] make sure the input data is not overwritten in the fuzz target (if it is -- report an error) 
llvm-svn: 302494
 2017-05-09 01:17:29 +00:00
Sanjoy Das 730edccb24 Remove unnecessary semicolon 
This shows up as a -Wpendatic error on GCC.

llvm-svn: 301616
 2017-04-28 04:49:32 +00:00
Kostya Serebryany 4fc6dd7f8f [libFuzzer] add two experimental flags to make corpus merging more scalable: -save_coverage_summary/-load_coverage_summary. This is still WIP, the documentation will come later if these flags survive 
llvm-svn: 298548
 2017-03-22 20:32:44 +00:00
Kostya Serebryany 70240430d9 [libFuzzer] remove even more stale code 
llvm-svn: 297797
 2017-03-15 00:39:06 +00:00
Kostya Serebryany 862a845aa5 [libFuzzer] simplify code a bit 
llvm-svn: 297796
 2017-03-15 00:34:25 +00:00
Kostya Serebryany f81cc098ca [libFuzzer] remove more stale code 
llvm-svn: 297785
 2017-03-14 21:47:52 +00:00
Kostya Serebryany a43a299382 [libFuzzer] remove stale code 
llvm-svn: 297781
 2017-03-14 21:30:14 +00:00
Kostya Serebryany 41e7a27811 [libFuzzer] remove usage of the old coverage instrumentation 
llvm-svn: 296536
 2017-02-28 23:23:48 +00:00
Kostya Serebryany 419634bdb8 [libFuzzer] remove a bit of stale code 
llvm-svn: 293129
 2017-01-26 01:45:54 +00:00
Kostya Serebryany 98d592cc91 [libFuzzer] experimental support for 'equivalance fuzzing' 
llvm-svn: 292646
 2017-01-20 20:57:07 +00:00
Kostya Serebryany 4aa0590e33 [libFuzzer] improve error handling during the merge (handle various IO failures) 
llvm-svn: 291182
 2017-01-05 22:05:47 +00:00
Marcos Pividori 64d4147396 [libFuzzer] Fix bug in detecting timeouts when input string is empty. 
I added a new flag RunningCB to know if the Fuzzer's main thread is
running the CB function, instead of using (!CurrentUnitSize).
(!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp,
inside ShuffleAndMinimize() function, we execute the callback with an
empty string (size=0). Previous implementation failed to detect timeouts
in that execution.
Also, I add a regression test for that case.

Differential Revision: https://reviews.llvm.org/D27433

llvm-svn: 289561
 2016-12-13 17:46:25 +00:00
Marcos Pividori 178fe58745 [libFuzzer] Clean up headers and file formatting of LibFuzzer files. 
Reorganize #includes to follow LLVM Coding Standards.
Include some missing headers. Required to use `Printf()`.

Aside from that, this patch contains no functional change.
It is purely a re-organization.

Differential Revision: https://reviews.llvm.org/D27363

llvm-svn: 289560
 2016-12-13 17:46:11 +00:00
Kostya Serebryany 111e1d69e3 [libFuzzer] implement crash-resistant merge (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). 
llvm-svn: 289166
 2016-12-09 01:17:24 +00:00
Kostya Serebryany 05f7791fbf [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit 
llvm-svn: 288281
 2016-11-30 22:39:35 +00:00
Zachary Turner 24a148b1d4 [LibFuzzer] Split up some functions among different headers. 
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't.  IO functions, for example, tend to be platform
specific.

This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.

Aside from that, this patch contains no functional change.  It
is purely a re-organization.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230

llvm-svn: 288264
 2016-11-30 19:06:14 +00:00
Kostya Serebryany a5b2e54fcb [libFuzzer] simplify the code to print new PCs 
llvm-svn: 285145
 2016-10-26 00:20:51 +00:00
Kostya Serebryany bb59ef77ca [libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file) 
llvm-svn: 284514
 2016-10-18 18:38:08 +00:00
Kostya Serebryany 8dfed45cd4 [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item 
llvm-svn: 284508
 2016-10-18 18:06:05 +00:00
Kostya Serebryany f9b8e8b117 [libFuzzer] better algorithm for -minimize_crash 
llvm-svn: 284299
 2016-10-15 01:00:24 +00:00
Kostya Serebryany 1c73f1bf27 [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
llvm-svn: 283409
 2016-10-05 22:56:21 +00:00
Kostya Serebryany 4820cc988f [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway 
llvm-svn: 283187
 2016-10-04 06:08:46 +00:00
Kostya Serebryany d216922a80 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default 
llvm-svn: 282995
 2016-10-01 01:04:29 +00:00
Kostya Serebryany 90f8f36bca [libFuzzer] remove some experimental code 
llvm-svn: 282983
 2016-09-30 23:29:27 +00:00
Kostya Serebryany b3949ef885 [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard) 
llvm-svn: 282831
 2016-09-30 01:24:57 +00:00
Kostya Serebryany 5ff481fd9e [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag 
llvm-svn: 282458
 2016-09-27 00:10:20 +00:00
Kostya Serebryany 0800b81a21 [libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features. 
llvm-svn: 282316
 2016-09-23 23:51:58 +00:00
Kostya Serebryany 16a145fd0f [libFuzzer] fix merging with trace-pc-guard 
llvm-svn: 282224
 2016-09-23 01:58:51 +00:00
Kostya Serebryany ab73c6924f [libFuzzer] move value profiling logic into TracePC 
llvm-svn: 282219
 2016-09-23 00:46:18 +00:00
Kostya Serebryany d28099de5d [libFuzzer] change ValueBitMap to remember the number of bits in it 
llvm-svn: 282216
 2016-09-23 00:22:46 +00:00
Kostya Serebryany be0ed59cdc [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen 
llvm-svn: 282211
 2016-09-22 23:16:36 +00:00
Kostya Serebryany 624f59f4d8 [libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings 
llvm-svn: 282129
 2016-09-22 01:34:58 +00:00
Kostya Serebryany 29bb664075 [libFuzzer] add stats to the corpus; more refactoring 
llvm-svn: 282121
 2016-09-21 22:42:17 +00:00
Kostya Serebryany 20801e1b8a [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one. 
llvm-svn: 282115
 2016-09-21 21:41:48 +00:00
Kostya Serebryany 225d8e45d4 [libFuzzer] fix libc++ build 
llvm-svn: 282050
 2016-09-21 03:50:37 +00:00
Kostya Serebryany 556894fb10 [libFuzzer] more refactoring; NFC 
llvm-svn: 282047
 2016-09-21 02:05:39 +00:00
Kostya Serebryany 6f5a804cdb [libFuzzer] refactoring: split the large header into many; NFC 
llvm-svn: 282044
 2016-09-21 01:50:50 +00:00
Kostya Serebryany 09aa01a6f8 [libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features 
llvm-svn: 282042
 2016-09-21 01:04:43 +00:00
Kostya Serebryany b706b481ba [libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer 
llvm-svn: 281866
 2016-09-18 21:47:08 +00:00
Kostya Serebryany 8e781a888a [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change the guard type to intptr_t; use separate array for 8-bit counters 
llvm-svn: 281845
 2016-09-18 04:52:23 +00:00
Kostya Serebryany bc3789a919 [libFuzzer] properly reset the guards when reseting the coverage. Also try to fix check-fuzzer on the bot 
llvm-svn: 281814
 2016-09-17 06:01:55 +00:00
Kostya Serebryany 3e36ec1d18 [libFuzzer] change trace-pc to use 8-byte guards 
llvm-svn: 281810
 2016-09-17 05:04:47 +00:00
Kostya Serebryany 0984517021 [libFuzzer] make caller-callee feedback work with trace-pc-guard 
llvm-svn: 281667
 2016-09-15 22:16:15 +00:00