llvm-project

Commit Graph

Author	SHA1	Message	Date
Zachary Turner	6fa57ad9bd	Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows." This resubmits r288529, which was resubmitted because it broke a fuzzer bot. According to kcc@ the test that broke was flakey and it is unlikely to be a result of this patch. llvm-svn: 288549	2016-12-02 23:02:01 +00:00
Zachary Turner	3cfeab7059	Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows." This reverts commit r288529, as it seems to introduce some problems on the Linux bots. llvm-svn: 288533	2016-12-02 20:54:56 +00:00
Zachary Turner	34dcfb9294	[LibFuzzer] Split FuzzerUtil for Posix and Windows. Pave the way for separating out platform specific utility functions into separate files. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27234 llvm-svn: 288529	2016-12-02 19:38:19 +00:00
Zachary Turner	24a148b1d4	[LibFuzzer] Split up some functions among different headers. In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264	2016-11-30 19:06:14 +00:00
Kostya Serebryany	c48c93184a	[libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp llvm-svn: 285109	2016-10-25 20:15:15 +00:00
Kostya Serebryany	3364f90783	[libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test llvm-svn: 285049	2016-10-25 02:04:43 +00:00
Kostya Serebryany	65f102d4d2	[libFuzzer] mutation: insert the size of the input in bytes as one of the ways to mutate a binary integer llvm-svn: 284909	2016-10-22 03:48:53 +00:00
Kostya Serebryany	9a4b10a56f	[libFuzzer] swap bytes in integers when handling CMP traces llvm-svn: 284301	2016-10-15 04:00:07 +00:00
Kostya Serebryany	a5f94fb6c9	[libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273	2016-10-14 20:20:33 +00:00
Kostya Serebryany	624f59f4d8	[libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129	2016-09-22 01:34:58 +00:00
Kostya Serebryany	29bb664075	[libFuzzer] add stats to the corpus; more refactoring llvm-svn: 282121	2016-09-21 22:42:17 +00:00
Kostya Serebryany	556894fb10	[libFuzzer] more refactoring; NFC llvm-svn: 282047	2016-09-21 02:05:39 +00:00
Kostya Serebryany	6f5a804cdb	[libFuzzer] refactoring: split the large header into many; NFC llvm-svn: 282044	2016-09-21 01:50:50 +00:00
Kostya Serebryany	a533e514b8	[libFuzzer] fix the non-debug build warnings llvm-svn: 279321	2016-08-19 20:57:09 +00:00
Kostya Serebryany	e72774dd69	[libFuzzer] given 0 and 255 more preference when inserting repeated bytes llvm-svn: 278986	2016-08-17 21:50:54 +00:00
Kostya Serebryany	0c537b124c	[libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage from r278970 llvm-svn: 278982	2016-08-17 21:30:30 +00:00
Justin Bogner	cd1d5aaf2e	Replace a few more "fall through" comments with LLVM_FALLTHROUGH Follow up to r278902. I had missed "fall through", with a space. llvm-svn: 278970	2016-08-17 20:30:52 +00:00
Kostya Serebryany	a7398ba024	[libFuzzer] more mutations llvm-svn: 278950	2016-08-17 18:10:42 +00:00
Kostya Serebryany	dfbe59b03d	[libFuzzer] add InsertRepeatedBytes and EraseBytes. New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687	2016-08-15 17:48:28 +00:00
Kostya Serebryany	c135b55ae0	[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp llvm-svn: 275648	2016-07-15 23:27:19 +00:00
Mike Aizatsky	f0b3e85f4e	[libfuzzer] moving is_ascii handler inside mutation dispatcher. Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611	2016-06-23 20:44:48 +00:00
Dan Liew	1873a496e2	[LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions`` This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072	2016-06-07 23:32:50 +00:00
Mike Aizatsky	41d6683c39	[libfuzzer] custom crossover interface function. Differential Revision: http://reviews.llvm.org/D21089 llvm-svn: 272054	2016-06-07 20:22:15 +00:00
Mike Aizatsky	70fd3e412a	[libfuzzer] hiding custom mutator handling in MutationDispatcher. Summary: Refactoring, no functional changes. Differential Revision: http://reviews.llvm.org/D20975 llvm-svn: 271740	2016-06-03 21:34:29 +00:00
Kostya Serebryany	8a5bef0fcf	[libFuzzer] remove std::vector operations from hot paths, NFC llvm-svn: 260829	2016-02-13 17:56:51 +00:00
Kostya Serebryany	1deb0498f5	[libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast llvm-svn: 260810	2016-02-13 06:24:18 +00:00
Kostya Serebryany	23194963f7	[libFuzzer] simplify CTOR of MutationDispatcher llvm-svn: 260800	2016-02-13 03:46:26 +00:00
Kostya Serebryany	292cf0379c	[libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC) llvm-svn: 260799	2016-02-13 03:37:24 +00:00
Kostya Serebryany	7ec0c56e07	[libFuzzer] get rid of UserSuppliedFuzzer; NFC llvm-svn: 260798	2016-02-13 03:25:16 +00:00
Kostya Serebryany	a399221c32	[libFuzzer] simplify the code around Random. NFC llvm-svn: 260797	2016-02-13 03:00:53 +00:00
Kostya Serebryany	160dcba81f	[libFuzzer] add more fields to DictionaryEntry to count the number of uses and successes llvm-svn: 258589	2016-01-22 23:55:14 +00:00
Kostya Serebryany	2f13f223c7	[libFuzzer] don't use std::vector in one more hot path llvm-svn: 258380	2016-01-21 01:52:14 +00:00
Kostya Serebryany	311f27c0a8	[libFuzzer] use std::mt19937 for generating random numbers by default. Fix MyStoll to handle negative values. Use std::any_of instead of std::find_if llvm-svn: 258178	2016-01-19 20:33:57 +00:00
Kostya Serebryany	476f0ce31a	[libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path llvm-svn: 257985	2016-01-16 03:53:32 +00:00
Kostya Serebryany	4b35874b2a	[libFuzzer] suggest a dictionary to the user of some of the trace-based dictionary entries were successful llvm-svn: 257736	2016-01-14 02:36:44 +00:00
Kostya Serebryany	4174005622	[libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries llvm-svn: 257435	2016-01-12 02:36:59 +00:00
Kostya Serebryany	b65805a939	[libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary llvm-svn: 257248	2016-01-09 03:08:58 +00:00
Kostya Serebryany	152ac7ad70	[libFuzzer] add a position hint to the dictionary-based mutator llvm-svn: 257013	2016-01-07 01:49:35 +00:00
Kostya Serebryany	80eb76abf4	[libFuzzer] extend the dictionary mutator to optionally overwrite data with the dict entry llvm-svn: 256900	2016-01-06 02:13:04 +00:00
Kostya Serebryany	27ab2d759f	[libFuzzer] make CrossOver just one of the other mutations llvm-svn: 256081	2015-12-19 02:49:09 +00:00
Kostya Serebryany	14c50288cc	[libFuzzer] print successfull mutations sequences llvm-svn: 256071	2015-12-19 01:09:49 +00:00
Kostya Serebryany	3b804877fd	[libFuzzer] fix 32-bit build llvm-svn: 249646	2015-10-08 00:59:25 +00:00
Kostya Serebryany	25425ad920	[libFuzzer] add one more mutator: Mutate_ChangeASCIIInteger llvm-svn: 247027	2015-09-08 17:19:31 +00:00
Kostya Serebryany	b2e9897644	[libFuzzer] when a single mutation fails try a few more times with other mutations before returning un-mutated data llvm-svn: 246828	2015-09-04 00:40:29 +00:00
Kostya Serebryany	7d21166218	[libFuzzer] actually make the dictionaries work (+docs) llvm-svn: 246825	2015-09-04 00:12:11 +00:00
Kostya Serebryany	ec2dcb1d91	[libFuzzer] refactor the mutation functions so that they are now methods of a class. NFC llvm-svn: 246808	2015-09-03 21:24:19 +00:00
Kostya Serebryany	bf29ff2fa5	[libFuzzer] add one more mutation strategy: byte shuffling llvm-svn: 244188	2015-08-06 01:29:13 +00:00
Kostya Serebryany	86a5fba71d	[libFuzzer] more refactoring of the Mutator and adding tests to it llvm-svn: 243818	2015-08-01 02:23:06 +00:00
Kostya Serebryany	8ce7424e9c	[libFuzzer] start refactoring the Mutator and adding tests to it llvm-svn: 243817	2015-08-01 01:42:51 +00:00
Kostya Serebryany	404c69f2c8	[libFuzzer] allow users to supply their own implementation of rand llvm-svn: 243078	2015-07-24 01:06:40 +00:00

1 2

56 Commits