llvm-project

Commit Graph

Author	SHA1	Message	Date
Kostya Serebryany	e2d0f63654	[libFuzzer] add -minimize_crash flag (to minimize crashers). also add two tests that I failed to commit last time llvm-svn: 280332	2016-09-01 01:22:27 +00:00
Kostya Serebryany	a016a45d60	[libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow llvm-svn: 280098	2016-08-30 14:52:05 +00:00
Kostya Serebryany	0f0fa4faf2	[libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787	2016-08-25 22:35:08 +00:00
Kostya Serebryany	d46a59fac4	[libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. llvm-svn: 278839	2016-08-16 19:33:51 +00:00
Kostya Serebryany	bdb220c7a0	[libFuzzer] print a verbose message after executing inputs in non-fuzzing mode llvm-svn: 278724	2016-08-15 19:44:04 +00:00
Kostya Serebryany	c135b55ae0	[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp llvm-svn: 275648	2016-07-15 23:27:19 +00:00
Mike Aizatsky	f0b3e85f4e	[libfuzzer] moving is_ascii handler inside mutation dispatcher. Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611	2016-06-23 20:44:48 +00:00
Kostya Serebryany	042d1a7b04	[libFuzzer] make the single-run output more reliable llvm-svn: 272998	2016-06-17 13:07:06 +00:00
Dan Liew	1873a496e2	[LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions`` This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072	2016-06-07 23:32:50 +00:00
Mike Aizatsky	1f88b12272	[libfuzzer] prune_corpus option for disabling pruning during the load. Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035	2016-06-07 18:16:32 +00:00
Dan Liew	d3c33116fd	[LibFuzzer] Reimplement how the optional user functions are called. The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491	2016-06-02 05:48:02 +00:00
Kostya Serebryany	f817731a19	[libFuzzer] when an invalid flag is given, warn, but don't crash llvm-svn: 271404	2016-06-01 16:41:12 +00:00
Mike Aizatsky	af432a45e3	[libfuzzer] Trying random unit prefixes during corpus load. Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632	2016-05-24 23:14:29 +00:00
Kostya Serebryany	6289536922	[libFuzzer] print the file name before executing the input so that if there is a crash we know which files has caused it llvm-svn: 269450	2016-05-13 18:10:33 +00:00
Kostya Serebryany	8b8f7a3cda	[libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print the OOM reproducer. llvm-svn: 268821	2016-05-06 23:38:07 +00:00
Kostya Serebryany	52b394e981	[libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMs llvm-svn: 268807	2016-05-06 21:58:35 +00:00
Kostya Serebryany	baf7fd0b16	[libFuzzer] print stats after running individual inputs llvm-svn: 268547	2016-05-04 20:44:50 +00:00
Kostya Serebryany	1bfd583d82	[libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, it will help finding leaks while fuzzing llvm-svn: 266838	2016-04-20 00:24:21 +00:00
Kostya Serebryany	09087bba4d	[libFuzzer] warn if the corpus is empty llvm-svn: 266670	2016-04-18 21:14:11 +00:00
Mehdi Amini	b550cb1750	[NFC] Header cleanup Removed some unused headers, replaced some headers with forward class declarations. Found using simple scripts like this one: clear && ack --cpp -l '#include "llvm/ADT/IndexedMap.h"' \| xargs grep -L 'IndexedMap[<]' \| xargs grep -n --color=auto 'IndexedMap' Patch by Eugene Kosov <claprix@yandex.ru> Differential Revision: http://reviews.llvm.org/D19219 From: Mehdi Amini <mehdi.amini@apple.com> llvm-svn: 266595	2016-04-18 09:17:29 +00:00
Kostya Serebryany	b60397f54c	[libFuzzer] add a better warning for command line flags with -- (two dashes) llvm-svn: 266480	2016-04-15 21:56:29 +00:00
Hans Wennborg	e631996350	Remove redundant .c_str(), as suggested by PR25633 llvm-svn: 265988	2016-04-11 20:35:17 +00:00
Kostya Serebryany	f389ae12c1	[libFuzzer] handle SIGTERM llvm-svn: 264338	2016-03-24 21:03:58 +00:00
Kostya Serebryany	49e409068a	[libFuzzer] add a flag close_fd_mask so that we can silence spammy targets by closing stderr/stdout llvm-svn: 263831	2016-03-18 20:58:29 +00:00
Kostya Serebryany	945761b8c2	[libFuzzer] improve -merge functionality llvm-svn: 263769	2016-03-18 00:23:29 +00:00
Kostya Serebryany	c5575aabd6	[libFuzzer] deprecate several flags llvm-svn: 263739	2016-03-17 19:59:39 +00:00
Kostya Serebryany	0c5e3af862	[libFuzzer] use max_len exactly equal to the max size of input. Fix 32-bit build llvm-svn: 263518	2016-03-15 01:28:00 +00:00
Kostya Serebryany	64d24578d8	[libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes. llvm-svn: 263323	2016-03-12 01:57:04 +00:00
Kostya Serebryany	5c3701c621	[libFuzzer] log less when re-loading files; fix a silly bug: when running single files actually run all of them, not just the first one llvm-svn: 262754	2016-03-04 22:35:40 +00:00
Kostya Serebryany	3d95dd9149	[libFuzzer] deprecate exit_on_first flag llvm-svn: 262417	2016-03-01 22:33:14 +00:00
Kostya Serebryany	228d5b1ce4	[libFuzzer] add generic signal handlers so that libFuzzer can report at least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. llvm-svn: 262415	2016-03-01 22:19:21 +00:00
Kostya Serebryany	66ff0756e4	[libFuzzer] add -print_final_stats=1 flag llvm-svn: 262084	2016-02-26 22:42:23 +00:00
Kostya Serebryany	a35f7d383f	[libFuzzer] only read MaxLen bytes from every file in the corpus to speedup loading the corpus llvm-svn: 261267	2016-02-18 21:49:10 +00:00
Kostya Serebryany	8a5bef0fcf	[libFuzzer] remove std::vector operations from hot paths, NFC llvm-svn: 260829	2016-02-13 17:56:51 +00:00
Kostya Serebryany	29bcb9f54e	[libFuzzer] remove the C++-ish variant of FuzzerDriver from the interface llvm-svn: 260801	2016-02-13 03:59:26 +00:00
Kostya Serebryany	7ec0c56e07	[libFuzzer] get rid of UserSuppliedFuzzer; NFC llvm-svn: 260798	2016-02-13 03:25:16 +00:00
Kostya Serebryany	a399221c32	[libFuzzer] simplify the code around Random. NFC llvm-svn: 260797	2016-02-13 03:00:53 +00:00
Kostya Serebryany	ecab57b3ce	[libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea). llvm-svn: 260796	2016-02-13 02:39:30 +00:00
Kostya Serebryany	9d14e4bb15	[libFuzzer] make -runs=N flag also affect the simple runner (will execute every input N times) llvm-svn: 260649	2016-02-12 02:32:03 +00:00
Kostya Serebryany	bfbe7fc404	[libFuzzer] allow passing 1 or more files as individual inputs llvm-svn: 259459	2016-02-02 03:03:47 +00:00
Kostya Serebryany	54a6363a8f	[libFuzzer] add -timeout_exitcode option llvm-svn: 259265	2016-01-29 23:30:07 +00:00
Kostya Serebryany	9768e7f06b	[libFuzzer] add -abort_on_timeout option llvm-svn: 258631	2016-01-23 19:34:19 +00:00
Kostya Serebryany	311f27c0a8	[libFuzzer] use std::mt19937 for generating random numbers by default. Fix MyStoll to handle negative values. Use std::any_of instead of std::find_if llvm-svn: 258178	2016-01-19 20:33:57 +00:00
Kostya Serebryany	476f0ce31a	[libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path llvm-svn: 257985	2016-01-16 03:53:32 +00:00
Kostya Serebryany	ae5b9567bc	[libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) llvm-svn: 257873	2016-01-15 06:24:05 +00:00
Kostya Serebryany	4282d30516	[libFuzzer] use custom stol; also introduce __libfuzzer_is_present so that users can check for its presence. llvm-svn: 257848	2016-01-15 00:17:37 +00:00
Kostya Serebryany	b65805a939	[libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary llvm-svn: 257248	2016-01-09 03:08:58 +00:00
Kostya Serebryany	152ac7ad70	[libFuzzer] add a position hint to the dictionary-based mutator llvm-svn: 257013	2016-01-07 01:49:35 +00:00
Mike Aizatsky	8b11f877e4	[libfuzzer] print_new_cov_pcs experimental option. Differential Revision: http://reviews.llvm.org/D15901 llvm-svn: 256882	2016-01-06 00:21:22 +00:00
Kostya Serebryany	550e9c80a6	[libFuzzer] deprecate -save_minimized_corpus, -merge can be used instead llvm-svn: 256086	2015-12-19 03:42:16 +00:00

1 2

93 Commits