Kostya Serebryany
43aeb78cb8
[libFuzzer] replace 'auto' with 'auto *' to better follow the LLVM style
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286870 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-14 19:21:38 +00:00
Kostya Serebryany
8f3d5a342b
[libFuzzer] use a valid ASCII string for a dummy seed corpus
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286702 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-12 02:27:21 +00:00
Kostya Serebryany
22480ffc37
[libFuzzer] use less stack
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286689 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-12 00:24:35 +00:00
Kostya Serebryany
04777c43f9
[libFuzzer] do not initialize parts of TracePC -- let them be initialized by the linker. Add no-msan attribute to the memcmp hook.
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286665 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-11 23:06:53 +00:00
Kostya Serebryany
2d1f4f5e9e
[libFuzzer] fix -error_exitcode=N, now with a test
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285958 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-03 19:31:18 +00:00
Kostya Serebryany
302a19a141
[libFuzzer] enable use_cmp by default
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285353 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-27 21:44:37 +00:00
Kostya Serebryany
56a90b623f
[libFuzzer] speculatively trying to fix the Mac build; second attempt
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285262 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-27 00:36:38 +00:00
Kostya Serebryany
9df8914246
[libFuzzer] revert 285259 -- hit commit too soon
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285260 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-27 00:24:34 +00:00
Kostya Serebryany
06289376f7
[libFuzzer] speculatively trying to fix the Mac build
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285259 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-27 00:22:39 +00:00
Kostya Serebryany
3c0deb17ec
[libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285223 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-26 18:52:04 +00:00
Kostya Serebryany
7f59a4b62d
[libFuzzer] simplify the code in TracePC::HandleTrace a bit more
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285147 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-26 00:42:52 +00:00
Kostya Serebryany
9c904557f1
[libFuzzer] simplify the code to print new PCs
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285145 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-26 00:20:51 +00:00
Kostya Serebryany
cbe5db8703
[libFuzzer] simplify the code in TracePC::HandleTrace
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285142 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-25 23:52:25 +00:00
Kostya Serebryany
98711e2ac8
[libFuzzer] add StandaloneFuzzTargetMain.c and a test for it
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285135 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-25 22:30:34 +00:00
Kostya Serebryany
0895ad474e
[libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285109 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-25 20:15:15 +00:00
Kostya Serebryany
d2c91bff2f
[libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285049 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-25 02:04:43 +00:00
Kostya Serebryany
9b71256a5b
[libFuzzer] mutation: insert the size of the input in bytes as one of the ways to mutate a binary integer
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284909 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-22 03:48:53 +00:00
Kostya Serebryany
76857efb50
[libFuzzer] typo in a test
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284903 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-22 01:07:38 +00:00
Kostya Serebryany
7430a26dd8
[libFuzzer] add a test for asan's strict_string_checks=1
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284902 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-22 00:05:44 +00:00
Reid Kleckner
57a3dc5d8b
Fix -Wunused-variable warning in libFuzzer
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284838 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-21 16:26:27 +00:00
Kostya Serebryany
b3960e87ec
[libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files.
...
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp
Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
(need to implement another API to get the module name by PC)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284554 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-19 00:12:03 +00:00
Kostya Serebryany
761c1ffc64
[libFuzzer] detect leaks after every run when executing fixed inputs (./fuzzer -runs=1000000 my-file)
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284514 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-18 18:38:08 +00:00
Kostya Serebryany
db740ff84a
[libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284508 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-18 18:06:05 +00:00
Kostya Serebryany
ce6100541e
[libFuzzer] swap bytes in integers when handling CMP traces
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284301 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-15 04:00:07 +00:00
Kostya Serebryany
75281e6436
[libFuzzer] better algorithm for -minimize_crash
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284299 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-15 01:00:24 +00:00
Kostya Serebryany
58313a9d67
[libFuzzer] remove subdir fuzzer-test-suite as it is now superseded with https://github.com/google/fuzzer-test-suite
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284275 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-14 20:26:40 +00:00
Kostya Serebryany
3af68729f8
[libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284273 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-14 20:20:33 +00:00
Kostya Serebryany
76edd8d153
[libFuzzer] more detailed message for disabled leak detection
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284169 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-13 22:24:10 +00:00
Kostya Serebryany
f980fc0b37
[libFuzzer] add -trace_malloc= flag
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284149 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-13 19:06:46 +00:00
Kostya Serebryany
53176d2749
[libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a fix for gcc build
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284132 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-13 16:19:09 +00:00
Daniel Jasper
6f0cfa7ab9
Revert "[libFuzzer] refactoring to speed things up, NFC"
...
This reverts commit r283946.
This breaks when build with GCC:
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes]
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch
lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283979 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-12 07:26:46 +00:00
Kostya Serebryany
61ec54d21d
[libFuzzer] refactoring to speed things up, NFC
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283946 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-11 21:27:37 +00:00
Kostya Serebryany
bb0318af25
[libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283841 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-11 01:14:41 +00:00
Kostya Serebryany
a0151b6ab1
[libFuzzer] add switch tests
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283840 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-11 01:13:32 +00:00
Kostya Serebryany
0600ead4b7
[libFuzzer] make a test less flaky
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283686 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-09 03:45:38 +00:00
Kostya Serebryany
1a60ba886d
[libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283682 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-08 23:24:45 +00:00
Kostya Serebryany
19e25ecdf5
[libFuzzer] control the reload interval by a flag, make it 10 seconds by default
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283676 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-08 22:12:14 +00:00
Kostya Serebryany
c628031047
[libFuzzer] fix use-after-free in libFuzzer found by ... fuzzing.
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283675 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-08 21:57:48 +00:00
Kostya Serebryany
89268017c2
[libFuzzer] be more careful with memory usage, print peak rss in status lines
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283418 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-06 05:14:00 +00:00
Kostya Serebryany
aca34111f6
[libFuzzer] when re-running for lsan, don't look at the coverage
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283411 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-05 23:31:01 +00:00
Kostya Serebryany
cc6cbfdebc
[libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283409 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-05 22:56:21 +00:00
Kostya Serebryany
d4d50f6f47
[libFuzzer] add ShrinkValueProfileTest, move code around, NFC
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283286 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-05 01:09:40 +00:00
Kostya Serebryany
d277734b71
[libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283279 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-05 00:25:17 +00:00
Kostya Serebryany
eedfbe0313
[libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283187 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-04 06:08:46 +00:00
Kostya Serebryany
bd79a5935d
[libFuzzer] change the probabilities so that we choose only the inputs that are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now)
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283178 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-04 01:51:44 +00:00
Kostya Serebryany
120924c695
[libFuzzer] add fuzzer test for libxml2, finds https://bugzilla.gnome.org/show_bug.cgi?id=751631
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283024 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-01 07:37:40 +00:00
Kostya Serebryany
1acd70c658
[libFuzzer] fix a recent bugs (buffer overflow)
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283021 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-01 07:13:25 +00:00
Kostya Serebryany
f46303af79
[libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282995 91177308-0d34-0410-b5e6-96231b3b80d8
2016-10-01 01:04:29 +00:00
Kostya Serebryany
b6b3db73a6
[libFuzzer] remove some experimental code
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282983 91177308-0d34-0410-b5e6-96231b3b80d8
2016-09-30 23:29:27 +00:00
Kostya Serebryany
7faa446ffd
[libFuzzer] fix openssl fuzzer tests when running on a machine w/o openssl installed
...
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282972 91177308-0d34-0410-b5e6-96231b3b80d8
2016-09-30 22:35:08 +00:00