RPCS3/llvm
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm.git synced 2025-01-09 21:50:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
137,869 Commits 39 Branches 10 Tags 850 MiB
8eddc0f657
Commit Graph

143 Commits

Author SHA1 Message Date
Mike Aizatsky
d7a5ad2193 [libfuzzer] simplified unit truncation; do not write trunc items to disc 
Differential Revision: https://reviews.llvm.org/D24049

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@280153 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-30 20:49:07 +00:00
Kostya Serebryany
7750b380af [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@279787 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-25 22:35:08 +00:00
Kostya Serebryany
cf1269a0b2 [libFuzzer] simplify the code, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@279697 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-25 01:25:03 +00:00
Kostya Serebryany
7526feb22f [libFuzzer] when printing the reproducer input, also print the base input and the mutation sequence 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@278975 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-17 20:45:23 +00:00
Kostya Serebryany
2e1aa9cd1c [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@278839 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-16 19:33:51 +00:00
Kostya Serebryany
b4d6119096 [libFuzzer] refactoring around PCMap, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@278825 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-16 17:37:13 +00:00
Kostya Serebryany
3aa06bae18 [libFuzzer] make libFuzzer work with a bit older clang versions 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@277941 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-06 21:28:56 +00:00
Kostya Serebryany
1efe1f7b69 [libFuzzer] don't print bogus error message 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@277940 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-06 21:23:29 +00:00
Mike Aizatsky
4613003000 [sanitizers] trace buffer API to use user-allocated buffer. 
Differential Revision: https://reviews.llvm.org/D23185

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@277859 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-05 20:09:53 +00:00
Mike Aizatsky
8bbe924637 [libfuzzer] moving is_ascii handler inside mutation dispatcher. 
Summary: It also fixes a bug, when first random might not be ascii.

Differential Revision: http://reviews.llvm.org/D21573

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@273611 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-23 20:44:48 +00:00
Kostya Serebryany
c0e47a82c1 [libFuzzer] use the new chainable malloc hooks instead of the old un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@272948 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-16 20:17:41 +00:00
Kostya Serebryany
819b4d1da2 [libFuzzer] add 'weak' back to __sanitizer_malloc_hook and __sanitizer_free_hook 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@272116 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-08 04:49:29 +00:00
Kostya Serebryany
fd9cb1a5c5 [libFuzzer] add a test that is built w/o coverage instrumentation but has the coverage rt (it should now fail with a descriptive message) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@272090 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-08 01:46:13 +00:00
Dan Liew
1a1c8bea2d [LibFuzzer] Declare and use sanitizer functions in `fuzzer::ExternalFunctions` 
This fixes linking problems on OSX.

Unfortunately it turns out we need to use an instance of the
``fuzzer::ExternalFunctions`` object in several places so this
commit also replaces all instances with a single global instance.

It also turns out initializing a global ``fuzzer::ExternalFunctions``
before main is entered (i.e. letting the object be initialised by the
global initializers) is not safe (on OSX the call to ``Printf()`` in the
CTOR crashes if it is called from a global initializer) so we instead
have a global ``fuzzer::ExternalFunctions*`` and initialize it inside
``FuzzerDriver()``.

Multiple unit tests depend also depend on the
``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been
added that initializes it before running any tests.

Differential Revision: http://reviews.llvm.org/D20943

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@272072 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-07 23:32:50 +00:00
Mike Aizatsky
c7f790d744 [libfuzzer] prune_corpus option for disabling pruning during the load. 
Summary:
The option is very useful for testing, plus I intend to measure
its effect on fuzzer effectiveness.

Differential Revision: http://reviews.llvm.org/D21084

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@272035 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-07 18:16:32 +00:00
Mike Aizatsky
664513feca [libfuzzer] hiding custom mutator handling in MutationDispatcher. 
Summary: Refactoring, no functional changes.

Differential Revision: http://reviews.llvm.org/D20975

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@271740 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-03 21:34:29 +00:00
Dan Liew
8bb56ccbc0 [LibFuzzer] Reimplement how the optional user functions are called. 
The motivation for this change is to fix linking issues on OSX.
However this only partially fixes linking issues (the uninstrumented
tests and a few others  won't succesfully link yet).

This change introduces a struct of function pointers
(``fuzzer::ExternalFuntions``) which when initialised will point to the
optional functions if they are available.  Currently these
``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions.

Two implementations of ``fuzzer::ExternalFunctions`` constructor are
provided one for Linux and one for OSX.

The OSX implementation uses ``dlsym()`` because the prior implementation
using weak symbols does not work unless the additional flags are passed
to the linker.

The Linux implementation continues to use weak symbols because the
``dlsym()`` approach does not work unless additional flags are passed
to the linker.

Differential Revision: http://reviews.llvm.org/D20741

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@271491 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-02 05:48:02 +00:00
Kostya Serebryany
08b019eaf8 [libFuzzer] use __sanitizer_print_memory_profile to print the memory profile on OOM 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@271465 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-02 01:33:11 +00:00
Kostya Serebryany
a736e85343 [libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL caused a push_back in the main corpus invalidating the vector<> iterators in rare cases. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@271186 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-29 15:58:57 +00:00
Kostya Serebryany
8c598528c3 [libFuzzer] fix a failure that occurs when running individual inputs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@271095 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-28 04:19:46 +00:00
Kostya Serebryany
6effb7148b [libFuzzer] make OOM-handling more portable. Instead of sending a signal to the main fuzzing thread, print the message in the getrusage thread and exit. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270945 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-27 00:54:15 +00:00
Kostya Serebryany
d59f71d0d3 [libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid pointer to read from 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270942 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-27 00:21:33 +00:00
Kostya Serebryany
b987d27af9 [libFuzzer] more refactoring around CurrentUnit. Also add a threading test on which we currently have a race (when reporting bugs from multiple threads) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270929 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-26 22:17:32 +00:00
Kostya Serebryany
1c5d1efdb3 [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270922 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-26 21:32:30 +00:00
Kostya Serebryany
ddaf22d2ba [libFuzzer] when there is a leak in the existing corpus report the reproducer properly 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270905 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-26 20:25:49 +00:00
Kostya Serebryany
34fca4b9ec [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270900 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-26 20:03:02 +00:00
Kostya Serebryany
305ed5060f [libFuzzer] print stats if we crash on empty input 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270639 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-25 00:15:36 +00:00
Mike Aizatsky
b0d0618635 [libfuzzer] Trying random unit prefixes during corpus load. 
Differential Revision: http://reviews.llvm.org/D20301

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270632 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-24 23:14:29 +00:00
Dan Liew
86af2862c5 [LibFuzzer] 
Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX.

Under Mac OSX we intercept calls to malloc before thread local
storage is initialised leading to a crash when accessing
``AllocTracer``. To workaround this ``AllocTracer`` is only accessed
in the hook under Linux. For symmetry ``__sanitizer_free_hook()``
is also modified in the same way.

To support this change a set of new macros
LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be
used to check the target being compiled for.

Differential Revision: http://reviews.llvm.org/D20402

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270145 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-19 22:00:33 +00:00
Kostya Serebryany
d8c064b2e9 [libFuzzer] do the merge faster and a bit less precise 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269497 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-13 22:11:23 +00:00
Kostya Serebryany
22dd3bbcf0 [libFuzzer] simplify FuzzerInterface.h 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269448 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-13 18:04:35 +00:00
Mike Aizatsky
0d68393b0f [libfuzzer] Refactoring coverage state-management code. 
It is now less state-dependent and will allow easier comparing of
coverages of different units.

Differential Revision: http://reviews.llvm.org/D20085

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269140 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-10 23:43:15 +00:00
Kostya Serebryany
f01dfdd8aa [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print the OOM reproducer. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268821 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-06 23:38:07 +00:00
Kostya Serebryany
815a884f59 [libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268807 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-06 21:58:35 +00:00
Kostya Serebryany
30f53168fa [libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@267770 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-27 19:52:34 +00:00
Kostya Serebryany
cb05ff9241 [libFuzzer] remove dead code 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@267455 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-25 19:41:45 +00:00
Kostya Serebryany
a0a13e0ee1 [libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, it will help finding leaks while fuzzing 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@266838 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-20 00:24:21 +00:00
Kostya Serebryany
d3f038dc3e [libFuzzer] try to print correct time in seconds when reporting a timeout. Don't report timeouts while still loading the corpus. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@266693 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-18 22:50:39 +00:00
Mike Aizatsky
5bb9d06dac [libfuzzer] defensive assert 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@265866 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-08 23:32:24 +00:00
Kostya Serebryany
c09d592889 [libFuzzer] don't report memory leaks if we are dying due to a timeout (just use _Exit instead of exit in the timeout callback) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@264237 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-24 01:32:08 +00:00
Benjamin Kramer
3ac2aa592d [Fuzzer] Guard no_sanitize_memory attributes behind __has_feature. 
Otherwise GCC fails to build it because it doesn't know the attribute.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263787 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-18 14:19:19 +00:00
Kostya Serebryany
ab641c1abd [libFuzzer] improve -merge functionality 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263769 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-18 00:23:29 +00:00
Kostya Serebryany
bcace10c40 [libFuzzer] deprecate several flags 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263739 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-17 19:59:39 +00:00
Kostya Serebryany
227603719a [libFuzzer] add __attribute__((no_sanitize_memory)) to two functions that may be called from signal handler(s) or from msan. This will hopefully avoid msan false reports which I can't reproduce 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263737 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-17 19:42:35 +00:00
Kostya Serebryany
b30f32650e [libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263323 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-12 01:57:04 +00:00
Kostya Serebryany
2ef77db652 [libFuzzer] when interrupted, call _Exit() instead of exit() 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262667 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-03 22:36:37 +00:00
Kostya Serebryany
66bb64fd43 [libFuzzer] deprecate exit_on_first flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262417 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-01 22:33:14 +00:00
Kostya Serebryany
7a1dcf9965 [libFuzzer] add generic signal handlers so that libFuzzer can report at least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262415 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-01 22:19:21 +00:00
Kostya Serebryany
86b1b67565 [libFuzzer] add -print_final_stats=1 flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262084 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-26 22:42:23 +00:00
Kostya Serebryany
1ff29eb9ca [libFuzzer] initial implementation of path coverage based on -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262073 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-26 21:33:56 +00:00