c05cb60369
[libFuzzer] test cleanup (3)
...
llvm-svn: 289314
2016-12-10 02:48:42 +00:00
2f962fe5f7
[libFuzzer] test cleanup
...
llvm-svn: 289312
2016-12-10 02:45:56 +00:00
61be0f947d
[libFuzzer] switch all libFuzzer tests to use -fsanitize-coverage=trace-pc-guard. Support for the previosly used instrumentation will be removed in the following changes
...
llvm-svn: 289311
2016-12-10 02:26:23 +00:00
05f7791fbf
[libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit
...
llvm-svn: 288281
2016-11-30 22:39:35 +00:00
117976818e
[libFuzzer] add StandaloneFuzzTargetMain.c and a test for it
...
llvm-svn: 285135
2016-10-25 22:30:34 +00:00
2bfff021ad
[libFuzzer] add a test for asan's strict_string_checks=1
...
llvm-svn: 284902
2016-10-22 00:05:44 +00:00
9a4b10a56f
[libFuzzer] swap bytes in integers when handling CMP traces
...
llvm-svn: 284301
2016-10-15 04:00:07 +00:00
a17d23eaa7
[libFuzzer] add -trace_malloc= flag
...
llvm-svn: 284149
2016-10-13 19:06:46 +00:00
379359c53a
[libFuzzer] add ShrinkValueProfileTest, move code around, NFC
...
llvm-svn: 283286
2016-10-05 01:09:40 +00:00
4820cc988f
[libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway
...
llvm-svn: 283187
2016-10-04 06:08:46 +00:00
c9e3de35ed
[libFuzzer] one more test
...
llvm-svn: 282127
2016-09-22 00:57:29 +00:00
0984517021
[libFuzzer] make caller-callee feedback work with trace-pc-guard
...
llvm-svn: 281667
2016-09-15 22:16:15 +00:00
0b47fbcb30
[libFuzzer] move the AFL driver build rule test into the uninstrumented dir
...
llvm-svn: 281583
2016-09-15 05:17:39 +00:00
4b17a331ae
[libFuzzer] one more puzzle for value profile
...
llvm-svn: 281106
2016-09-09 21:58:42 +00:00
00ef27112e
[libFuzzer] one more puzzle, value_profile cracks it in a second
...
llvm-svn: 281066
2016-09-09 18:00:04 +00:00
4d22e4fcb9
[libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests
...
llvm-svn: 280046
2016-08-30 01:30:14 +00:00
1426f59a76
[libFuzzer] make sure we have symbols on fuzzer tests
...
llvm-svn: 279792
2016-08-25 23:30:02 +00:00
d46a59fac4
[libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage.
...
llvm-svn: 278839
2016-08-16 19:33:51 +00:00
dfbe59b03d
[libFuzzer] add InsertRepeatedBytes and EraseBytes.
...
New mutation: InsertRepeatedBytes.
Updated mutation: EraseByte => EraseBytes.
This helps https://github.com/google/sanitizers/issues/710
where libFuzzer was not able to find a known bug.
Now it finds it in minutes.
Hopefully, the change is general enough to help other targets.
llvm-svn: 278687
2016-08-15 17:48:28 +00:00
c135b55ae0
[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp
...
llvm-svn: 275648
2016-07-15 23:27:19 +00:00
5d9a17742e
[libFuzzer] add ThreadedLeakTest
...
llvm-svn: 275582
2016-07-15 17:19:43 +00:00
d01720d46d
Enable libFuzzer's afl_driver to append stderr to a file.
...
Summary:
[libFuzzer] Enable afl_driver to append stderr to a user specified file.
Append stderr of afl_driver to the file specified by the environmental variable
AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs
on crashes without rerunning crashing test cases (which won't work for crashes
that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz
and users would have no way of seeing it.
Reviewers: llvm-commits, aizatsky, kcc, vitalybuka
Subscribers: vitalybuka
Differential Revision: http://reviews.llvm.org/D21194
llvm-svn: 272858
2016-06-16 00:14:42 +00:00
dca553d021
Revert "Enable libFuzzer's afl_driver to append stderr to a file."
...
Crashes with AddressSanitizer: SEGV on unknown address
http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer/builds/9924/steps/annotate/logs/stdio
This reverts commit r272706.
llvm-svn: 272726
2016-06-14 22:09:00 +00:00
4b73cc88bf
Enable libFuzzer's afl_driver to append stderr to a file.
...
Summary:
[libFuzzer] Enable afl_driver to append stderr to a user specified file.
Append stderr of afl_driver to the file specified by the environmental variable
AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs
on crashes without rerunning crashing test cases (which won't work for crashes
that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz
and users would have no way of seeing it.
Reviewers: llvm-commits, aizatsky, kcc, vitalybuka
Subscribers: vitalybuka
Differential Revision: http://reviews.llvm.org/D21194
llvm-svn: 272706
2016-06-14 20:42:05 +00:00
f7798526b9
[libFuzzer] add one more OOM test, which we currently don't handle very well
...
llvm-svn: 272240
2016-06-09 01:20:35 +00:00
76f425211e
[libFuzzer] add a test that is built w/o coverage instrumentation but has the coverage rt (it should now fail with a descriptive message)
...
llvm-svn: 272090
2016-06-08 01:46:13 +00:00
41d6683c39
[libfuzzer] custom crossover interface function.
...
Differential Revision: http://reviews.llvm.org/D21089
llvm-svn: 272054
2016-06-07 20:22:15 +00:00
d15c106c9b
[LibFuzzer] s/dataflow sanitizer/DataflowSanitizer/
...
llvm-svn: 271980
2016-06-07 04:44:49 +00:00
0d09f14554
[LibFuzzer] Disable building and running LSan tests on Apple platforms because LSan is not currently supported.
...
Differential Revision: http://reviews.llvm.org/D20947
llvm-svn: 271979
2016-06-07 04:44:39 +00:00
fba4a67a32
[LibFuzzer] Disable compiling and running the LibFuzzer dataflow sanitizer tests on Apple platforms.
...
This fixes a broken part of the build on OSX as the dataflow sanitizer is not supported
on OSX yet.
Differential Revision: http://reviews.llvm.org/D20894
llvm-svn: 271492
2016-06-02 05:48:09 +00:00
8c11fce707
[LibFuzzer] Refactor declaration of tests in CMake.
...
Add a new CMake function (``add_libfuzzer_test()``) to simplify
declaration of executables for testing LibFuzzer and use it to
reorganise how tests are declared.
Note that configuration of the lit configuration files has been moved
as late as possible because we are going to need to disable some tests
for some platforms and we will need to propagate this information into
the lit configuration.
Note the code for custom mains was removed because no tests are
currently written for this and Kostya seems happy to remove this.
Differential Revision: http://reviews.llvm.org/D20706
llvm-svn: 270958
2016-05-27 03:14:40 +00:00
d8384122a3
[libFuzzer] more refactoring around CurrentUnit. Also add a threading test on which we currently have a race (when reporting bugs from multiple threads)
...
llvm-svn: 270929
2016-05-26 22:17:32 +00:00
676892a5d5
[LibFuzzer] Allow LibFuzzer to be built in modes other than RELEASE.
...
Previously the flags were only being set correctly when the
build type was "Release". Now the build should work properly
for all the supported build types. When building libFuzzer
the optimization level respects whatever is used for the
rest of LLVM but for the LibFuzzer tests we force -O0.
Differential Revision: http://reviews.llvm.org/D20558
llvm-svn: 270912
2016-05-26 20:55:05 +00:00
e66846ab32
[libfuzzer] replacing unittest for truncate_units with functional test.
...
Differential Revision: http://reviews.llvm.org/D20641
llvm-svn: 270755
2016-05-25 21:00:17 +00:00
ff2e6badbd
[libFuzzer] print stats if we crash on empty input
...
llvm-svn: 270639
2016-05-25 00:15:36 +00:00
ca9694ba2c
[libFuzzer] add a test for libFuzzer+ubsan, extend the docs on using libFuzzer+ubsan
...
llvm-svn: 268968
2016-05-09 21:02:36 +00:00
8b8f7a3cda
[libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print the OOM reproducer.
...
llvm-svn: 268821
2016-05-06 23:38:07 +00:00
7018a1aaa4
[libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak
...
llvm-svn: 267770
2016-04-27 19:52:34 +00:00
315167339e
[libFuzzer] don't report memory leaks if we are dying due to a timeout (just use _Exit instead of exit in the timeout callback)
...
llvm-svn: 264237
2016-03-24 01:32:08 +00:00
49e409068a
[libFuzzer] add a flag close_fd_mask so that we can silence spammy targets by closing stderr/stdout
...
llvm-svn: 263831
2016-03-18 20:58:29 +00:00
b8627a89a6
[libfuzzer] arbitrary function adapter.
...
The adapter automates converting sequence of bytes into arbitrary
arguments.
Differential Revision: http://reviews.llvm.org/D17829
llvm-svn: 262673
2016-03-03 23:45:29 +00:00
da63c1d09a
[libFuzzer] initial implementation of path coverage based on -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds
...
llvm-svn: 262073
2016-02-26 21:33:56 +00:00
ecab57b3ce
[libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea).
...
llvm-svn: 260796
2016-02-13 02:39:30 +00:00
22cc5e2375
[libFuzzer] provide a plain C interface for custom mutators (experimental)
...
llvm-svn: 260794
2016-02-13 02:29:38 +00:00
9d14e4bb15
[libFuzzer] make -runs=N flag also affect the simple runner (will execute every input N times)
...
llvm-svn: 260649
2016-02-12 02:32:03 +00:00
b92602ada0
[libFuzzer] don't write the test unit when a leak is detected (since we don't know which unit causes the leak)
...
llvm-svn: 259731
2016-02-04 00:02:17 +00:00
aca7696f4d
[libFuzzer] introduce LLVMFuzzerInitialize
...
llvm-svn: 257980
2016-01-16 01:23:12 +00:00
4b35874b2a
[libFuzzer] suggest a dictionary to the user of some of the trace-based dictionary entries were successful
...
llvm-svn: 257736
2016-01-14 02:36:44 +00:00
d50a3eedb4
[libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector)
...
llvm-svn: 257701
2016-01-13 23:02:30 +00:00
226b734d73
[libFuzzer] make trace-based fuzzing not crash in presence of threads
...
llvm-svn: 256876
2016-01-06 00:03:35 +00:00
Kostya Serebryany