Commit Graph

480 Commits

Author SHA1 Message Date
Kostya Serebryany
3e014d06f7 [libFuzzer] make SimpleCmpTest a bit simpler to crack and more verbose
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289477 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-12 22:39:33 +00:00
Kostya Serebryany
851cd4f9a2 [libFuzzer] build libFuzzer itself with asan
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289469 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-12 20:58:10 +00:00
Kostya Serebryany
3937d703a6 [libFuzzer] respect -max_len during merge
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289467 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-12 20:39:35 +00:00
Kostya Serebryany
d123ac5f20 [libFuzzer] don't depend on time in a test
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289368 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-11 06:28:09 +00:00
Kostya Serebryany
d27bd04048 [libFuzzer] test cleanup (3)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289314 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-10 02:48:42 +00:00
Kostya Serebryany
5cb386d1cd [libFuzzer] test cleanup (2)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289313 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-10 02:47:00 +00:00
Kostya Serebryany
9c5c57d05a [libFuzzer] test cleanup
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289312 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-10 02:45:56 +00:00
Kostya Serebryany
1b6cd25422 [libFuzzer] switch all libFuzzer tests to use -fsanitize-coverage=trace-pc-guard. Support for the previosly used instrumentation will be removed in the following changes
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289311 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-10 02:26:23 +00:00
Kostya Serebryany
bd9186853d [libFuzzer] use __sanitizer_get_module_and_offset_for_pc to get the module name while printing the coverage
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289310 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-10 01:19:35 +00:00
Kostya Serebryany
a3def13005 [libFuzzer] implement crash-resistant merge (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests).
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289166 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-09 01:17:24 +00:00
Kostya Serebryany
152208fcde [libFuzzer] include FuzzerIO.h and hopefully fix the Mac build. reported by Dejan Mircevski
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288979 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-07 21:02:48 +00:00
Kostya Serebryany
fe3cc4d2c5 [libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :(
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288731 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-05 23:35:22 +00:00
Zachary Turner
1a45ade2ce Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
This resubmits r288529, which was resubmitted because it broke a
fuzzer bot.  According to kcc@ the test that broke was flakey
and it is unlikely to be a result of this patch.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288549 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-02 23:02:01 +00:00
Zachary Turner
609477eea7 Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
This reverts commit r288529, as it seems to introduce some
problems on the Linux bots.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288533 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-02 20:54:56 +00:00
Zachary Turner
a6ae0e2562 [LibFuzzer] Introduce a portable WeakAlias implementation.
Windows doesn't really support weak aliases, but with some
linker magic we can get something that's pretty close on
Windows.  This introduces an interface to accessing weakly
aliased symbols that will work on any platform.  Linker
magic changes to come in a separate patch.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27235

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288530 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-02 19:41:17 +00:00
Zachary Turner
fd186677a2 [LibFuzzer] Split FuzzerUtil for Posix and Windows.
Pave the way for separating out platform specific
utility functions into separate files.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27234

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288529 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-02 19:38:19 +00:00
Kostya Serebryany
f833935579 [libFuzzer] add a test for r288389 (-rss_limit_mb=0 means no limit).
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288392 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-01 18:02:07 +00:00
Kostya Serebryany
d0c8980196 [libFuzzer] treat -rss_limit_mb=0 as no limit
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288389 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-01 17:56:15 +00:00
Kostya Serebryany
0719114a69 revert r288283 as it causes debug info (line numbers) to be lost in instrumented code. also revert r288299 which was a workaround for the problem.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288300 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-01 02:06:56 +00:00
Kostya Serebryany
aa777036e4 [libFuzzer] temporary disable a part of the test broken by r288283
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288299 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-01 01:33:44 +00:00
Kostya Serebryany
b89fb12b58 [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288281 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-30 22:39:35 +00:00
Kostya Serebryany
297c443f76 [libFuzzer] extend -print_coverage to print the comma-separated list of covered dirs. Note: the Windows stub for DirName is left unimplemented
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288276 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-30 21:53:32 +00:00
Zachary Turner
12889449a8 [LibFuzzer] Add Windows implementations of some IO functions.
This patch moves some posix specific file i/o code into a new
file, FuzzerIOPosix.cpp, and provides implementations for these
functions on Windows in FuzzerIOWindows.cpp.  This is another
incremental step towards getting libfuzzer working on Windows,
although it still should not be expected to be fully working.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27233

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288275 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-30 21:44:26 +00:00
Zachary Turner
1a3900e81e [LibFuzzer] Split up some functions among different headers.
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't.  IO functions, for example, tend to be platform
specific.

This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.

Aside from that, this patch contains no functional change.  It
is purely a re-organization.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288264 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-30 19:06:14 +00:00
Zachary Turner
3ed9686965 [LibFuzzer] Add macro flags for Posix and Windows.
This is the beginning of an effort to get libfuzzer working on
Windows.  This is a NFC to just add some macros for platform
detection on Windows.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27229

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288249 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-30 16:32:54 +00:00
Kostya Serebryany
43aeb78cb8 [libFuzzer] replace 'auto' with 'auto *' to better follow the LLVM style
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286870 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-14 19:21:38 +00:00
Kostya Serebryany
8f3d5a342b [libFuzzer] use a valid ASCII string for a dummy seed corpus
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286702 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-12 02:27:21 +00:00
Kostya Serebryany
22480ffc37 [libFuzzer] use less stack
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286689 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-12 00:24:35 +00:00
Kostya Serebryany
04777c43f9 [libFuzzer] do not initialize parts of TracePC -- let them be initialized by the linker. Add no-msan attribute to the memcmp hook.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286665 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-11 23:06:53 +00:00
Kostya Serebryany
2d1f4f5e9e [libFuzzer] fix -error_exitcode=N, now with a test
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285958 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-03 19:31:18 +00:00
Kostya Serebryany
302a19a141 [libFuzzer] enable use_cmp by default
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285353 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-27 21:44:37 +00:00
Kostya Serebryany
56a90b623f [libFuzzer] speculatively trying to fix the Mac build; second attempt
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285262 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-27 00:36:38 +00:00
Kostya Serebryany
9df8914246 [libFuzzer] revert 285259 -- hit commit too soon
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285260 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-27 00:24:34 +00:00
Kostya Serebryany
06289376f7 [libFuzzer] speculatively trying to fix the Mac build
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285259 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-27 00:22:39 +00:00
Kostya Serebryany
3c0deb17ec [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285223 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-26 18:52:04 +00:00
Kostya Serebryany
7f59a4b62d [libFuzzer] simplify the code in TracePC::HandleTrace a bit more
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285147 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-26 00:42:52 +00:00
Kostya Serebryany
9c904557f1 [libFuzzer] simplify the code to print new PCs
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285145 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-26 00:20:51 +00:00
Kostya Serebryany
cbe5db8703 [libFuzzer] simplify the code in TracePC::HandleTrace
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285142 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-25 23:52:25 +00:00
Kostya Serebryany
98711e2ac8 [libFuzzer] add StandaloneFuzzTargetMain.c and a test for it
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285135 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-25 22:30:34 +00:00
Kostya Serebryany
0895ad474e [libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285109 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-25 20:15:15 +00:00
Kostya Serebryany
d2c91bff2f [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285049 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-25 02:04:43 +00:00
Kostya Serebryany
9b71256a5b [libFuzzer] mutation: insert the size of the input in bytes as one of the ways to mutate a binary integer
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284909 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-22 03:48:53 +00:00
Kostya Serebryany
76857efb50 [libFuzzer] typo in a test
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284903 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-22 01:07:38 +00:00
Kostya Serebryany
7430a26dd8 [libFuzzer] add a test for asan's strict_string_checks=1
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284902 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-22 00:05:44 +00:00
Reid Kleckner
57a3dc5d8b Fix -Wunused-variable warning in libFuzzer
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284838 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-21 16:26:27 +00:00
Kostya Serebryany
b3960e87ec [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files.
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp

Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
  (need to implement another API to get the module name by PC)




git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284554 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-19 00:12:03 +00:00
Kostya Serebryany
761c1ffc64 [libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284514 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-18 18:38:08 +00:00
Kostya Serebryany
db740ff84a [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284508 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-18 18:06:05 +00:00
Kostya Serebryany
ce6100541e [libFuzzer] swap bytes in integers when handling CMP traces
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284301 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-15 04:00:07 +00:00
Kostya Serebryany
75281e6436 [libFuzzer] better algorithm for -minimize_crash
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284299 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-15 01:00:24 +00:00