RPCS3/llvm
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm.git synced 2025-05-23 22:06:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
147,497 Commits 39 Branches 10 Tags
Commit Graph

76 Commits

Author SHA1 Message Date
Kostya Serebryany
f43d588ee8 [libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while calling mem*/str* inside libFuzzer itself 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@299167 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-03-31 02:21:28 +00:00
Kostya Serebryany
e1646b6e51 [libFuzzer] be more careful when calling strlen of strcmp parameters, PR32357 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@298746 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-03-24 22:19:52 +00:00
Mike Aizatsky
0022fc7373 [libfuzzer] chromium-related compilation fixes 
Reviewers: kcc

Differential Revision: https://reviews.llvm.org/D29502

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@294035 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-02-03 20:26:44 +00:00
Kostya Serebryany
c4a7209e7b [libFuzzer] remove stale code 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292325 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-18 01:10:18 +00:00
Kostya Serebryany
0f463958d8 [libFuzzer] add ATTRIBUTE_NO_SANITIZE_MEMORY to sanitizer hooks 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292295 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-17 23:50:21 +00:00
Kostya Serebryany
db5325aae3 [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the code between cmp and memcmp handling) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292287 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-17 23:09:05 +00:00
Kostya Serebryany
71ae15e6e7 [libFuzzer] remove dead code, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@291195 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-06 00:09:40 +00:00
Zachary Turner
1a45ade2ce Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows." 
This resubmits r288529, which was resubmitted because it broke a
fuzzer bot.  According to kcc@ the test that broke was flakey
and it is unlikely to be a result of this patch.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288549 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-02 23:02:01 +00:00
Zachary Turner
609477eea7 Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows." 
This reverts commit r288529, as it seems to introduce some
problems on the Linux bots.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288533 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-02 20:54:56 +00:00
Zachary Turner
fd186677a2 [LibFuzzer] Split FuzzerUtil for Posix and Windows. 
Pave the way for separating out platform specific
utility functions into separate files.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27234

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288529 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-02 19:38:19 +00:00
Zachary Turner
1a3900e81e [LibFuzzer] Split up some functions among different headers. 
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't.  IO functions, for example, tend to be platform
specific.

This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.

Aside from that, this patch contains no functional change.  It
is purely a re-organization.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288264 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-11-30 19:06:14 +00:00
Kostya Serebryany
3af68729f8 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284273 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-14 20:20:33 +00:00
Kostya Serebryany
d4d50f6f47 [libFuzzer] add ShrinkValueProfileTest, move code around, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283286 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-05 01:09:40 +00:00
Kostya Serebryany
eedfbe0313 [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283187 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-04 06:08:46 +00:00
Kostya Serebryany
5a965a68f3 [libFuzzer] move value profiling logic into TracePC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282219 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-23 00:46:18 +00:00
Kostya Serebryany
28f017d845 [libFuzzer] change ValueBitMap to remember the number of bits in it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282216 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-23 00:22:46 +00:00
Kostya Serebryany
2a546868cb [libFuzzer] refactoring: split the large header into many; NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282044 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-21 01:50:50 +00:00
Kostya Serebryany
05e1dea79e [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@281007 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-09 01:17:03 +00:00
Kostya Serebryany
773652b49c [libFuzzer] stop using bits for memcmp's value profile -- seems to blow up the corpus too much 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@280096 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-30 14:39:33 +00:00
Kostya Serebryany
c7c6f45c22 [libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the fuzzer reaches the goal much faster, at least on the simple puzzles 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@280054 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-30 03:05:50 +00:00
Kostya Serebryany
ff612bcd8e [libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@280046 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-30 01:30:14 +00:00
Kostya Serebryany
0c7940eaf1 [libFuzzer] use __attribute__((target("popcnt"))) only on x86_64 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@279601 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-24 01:38:42 +00:00
Kostya Serebryany
bb66a7d956 [libFuzzer] collect 64 states for value profile, not 65 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@279588 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-23 23:37:37 +00:00
Kostya Serebryany
aa4e23e1bb [sanitizer-coverage/libFuzzer] instrument comparisons with __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@279027 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-18 01:25:28 +00:00
Kostya Serebryany
ac9c0f4d45 [libFuzzer] force proper popcnt instruction 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@279002 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-17 23:09:57 +00:00
Kostya Serebryany
2e1aa9cd1c [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@278839 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-16 19:33:51 +00:00
Kostya Serebryany
3487192114 [libFuzzer] properly intercept memmem 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@276006 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-07-19 18:29:06 +00:00
Kostya Serebryany
730992dc3b [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@275648 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-07-15 23:27:19 +00:00
Mike Aizatsky
8bbe924637 [libfuzzer] moving is_ascii handler inside mutation dispatcher. 
Summary: It also fixes a bug, when first random might not be ascii.

Differential Revision: http://reviews.llvm.org/D21573

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@273611 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-23 20:44:48 +00:00
Richard Smith
0513d1e203 Fix compilation with GCC, which treats this as a constructor name not a type 
name. (GCC is correct here per the latest language DRs.)


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@271044 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-27 21:05:35 +00:00
Kostya Serebryany
1c5d1efdb3 [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270922 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-26 21:32:30 +00:00
Kostya Serebryany
34fca4b9ec [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270900 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-26 20:03:02 +00:00
Kostya Serebryany
b30f32650e [libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263323 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-12 01:57:04 +00:00
Dmitry Vyukov
f984411dc5 libfuzzer: fix compiler warnings 
- unused sigaction/setitimer result (used in assert)
- unchecked fscanf return value
- signed/unsigned comparison



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262472 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-02 09:54:40 +00:00
Kostya Serebryany
efb0cc7640 [libFuzzer] get rid of UserSuppliedFuzzer; NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260798 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 03:25:16 +00:00
Kostya Serebryany
7cec6c634b [libFuzzer] don't create too many trace-based mutations as it may be too slow 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259600 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-02 23:17:45 +00:00
Kostya Serebryany
75da488104 [libFuzzer] don't do expensive memmem if the result will not be used 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258462 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-22 01:04:58 +00:00
Kostya Serebryany
baa00e52a5 [libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257985 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-16 03:53:32 +00:00
Kostya Serebryany
f1af856009 [libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257873 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-15 06:24:05 +00:00
Kostya Serebryany
92e8dcd607 [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257713 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-13 23:46:01 +00:00
Kostya Serebryany
3888fb079a [libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257701 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-13 23:02:30 +00:00
Kostya Serebryany
53ff84bf11 [libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257482 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-12 16:50:18 +00:00
Kostya Serebryany
7b0624d17e [libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257435 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-12 02:36:59 +00:00
Kostya Serebryany
71afbb96dc [libFuzzer] add various debug prints. Also don't mutate based on a cmp trace like (a eq a) or (a neq a) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257434 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-12 02:08:37 +00:00
Kostya Serebryany
d89bfb65a8 [libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive the result of the computations. With that, don't do any mutations if memcmp/etc returned 0 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257423 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-12 00:43:42 +00:00
Kostya Serebryany
38c36e3216 [libFuzzer] debug prints in tracing 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257249 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-09 03:46:08 +00:00
Kostya Serebryany
7fddde9543 [libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257248 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-09 03:08:58 +00:00
Kostya Serebryany
295ef47f9e [libFuzzer] don't limit memcmp tracing with 8 bytes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257245 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-09 01:39:55 +00:00
Kostya Serebryany
461ac91112 [libFuzzer] refactor the way we collect cmp traces (don't use std::vector, don't limit with 8 bytes) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257239 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-09 00:38:40 +00:00
Kostya Serebryany
325442be58 [libFuzzer] make trace-based fuzzing not crash in presence of threads 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256876 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-06 00:03:35 +00:00