RPCSX/llvm
1
0
Fork 0
mirror of https://github.com/RPCSX/llvm.git synced 2025-02-10 22:43:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
144,662 Commits 27 Branches 0 Tags
Commit Graph

209 Commits

Author SHA1 Message Date
Kostya Serebryany
6c2c7c89da [libFuzzer] remove a bit of stale code 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@293129 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-26 01:45:54 +00:00
Marcos Pividori
61d2c04941 [libFuzzer] AlrmHandler is executed in a different thread for Windows. 
Don't check for InFuzzingThread() on Windows, since the AlarmHandler() is
always executed by a different thread from a thread pool.
If we don't add these changes, the alarm handler will never execute.
Note that we decided to ignore possible problem in the synchronization.

Differential Revision: https://reviews.llvm.org/D28723

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292746 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-22 01:58:59 +00:00
Kostya Serebryany
74041145bc [libFuzzer] experimental support for 'equivalance fuzzing' 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292646 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-20 20:57:07 +00:00
Kostya Serebryany
6610ca1b8f [libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't special case 2-byte inputs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292511 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-19 19:38:12 +00:00
Kostya Serebryany
e1feb39408 [libFuzzer] add two tests for experimenting with equivalence fuzzing 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292509 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-19 19:07:26 +00:00
Kostya Serebryany
93bacfd838 [libFuzzer] improve error handling during the merge (handle various IO failures) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@291182 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-05 22:05:47 +00:00
Kostya Serebryany
f178652c93 [libFuzzer] cleaner implementation of -print_pcs=1 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290739 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-30 01:13:07 +00:00
Kostya Serebryany
d31ce373a9 [libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290637 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-27 23:24:55 +00:00
Mike Aizatsky
d576930959 [libfuzzer] dump_coverage command line flag 
Reviewers: kcc, vitalybuka

Differential Revision: https://reviews.llvm.org/D27942

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290138 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-19 22:18:08 +00:00
Daniel Jasper
a21e8a0091 Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" 
This reverts commit r289998.

See comment:
https://reviews.llvm.org/rL289998

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290043 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-17 12:27:49 +00:00
Kostya Serebryany
c7ab3c7402 [libFuzzer] avoid msan false positives in more cases 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289999 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-16 22:45:25 +00:00
Kostya Serebryany
eb30028464 [libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289998 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-16 22:42:05 +00:00
Marcos Pividori
f2c03c3bb0 [libFuzzer] Fix bug in detecting timeouts when input string is empty. 
I added a new flag RunningCB to know if the Fuzzer's main thread is
running the CB function, instead of using (!CurrentUnitSize).
(!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp,
inside ShuffleAndMinimize() function, we execute the callback with an
empty string (size=0). Previous implementation failed to detect timeouts
in that execution.
Also, I add a regression test for that case.

Differential Revision: https://reviews.llvm.org/D27433

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289561 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-13 17:46:25 +00:00
Marcos Pividori
f51c50474c [libFuzzer] Clean up headers and file formatting of LibFuzzer files. 
Reorganize #includes to follow LLVM Coding Standards.
Include some missing headers. Required to use `Printf()`.

Aside from that, this patch contains no functional change.
It is purely a re-organization.

Differential Revision: https://reviews.llvm.org/D27363

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289560 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-13 17:46:11 +00:00
Marcos Pividori
0ca1e73f19 [libFuzzer] Properly use unsigned for Process ID. 
Use unsigned for PID instead of signed int. GetCurrentProcessId() returns
an unsigned (DWORD) so we must be sure we can deal with all possible values.
I use a long unsigned to be sure it can hold a 32 bit unsigned (DWORD).

Differential Revision: https://reviews.llvm.org/D27281

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289558 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-13 17:45:44 +00:00
Kostya Serebryany
3937d703a6 [libFuzzer] respect -max_len during merge 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289467 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-12 20:39:35 +00:00
Kostya Serebryany
fe3cc4d2c5 [libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288731 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-05 23:35:22 +00:00
Kostya Serebryany
d0c8980196 [libFuzzer] treat -rss_limit_mb=0 as no limit 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288389 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-01 17:56:15 +00:00
Kostya Serebryany
b89fb12b58 [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288281 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-11-30 22:39:35 +00:00
Zachary Turner
1a3900e81e [LibFuzzer] Split up some functions among different headers. 
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't.  IO functions, for example, tend to be platform
specific.

This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.

Aside from that, this patch contains no functional change.  It
is purely a re-organization.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288264 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-11-30 19:06:14 +00:00
Kostya Serebryany
3c0deb17ec [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285223 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-26 18:52:04 +00:00
Kostya Serebryany
7f59a4b62d [libFuzzer] simplify the code in TracePC::HandleTrace a bit more 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285147 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-26 00:42:52 +00:00
Kostya Serebryany
9c904557f1 [libFuzzer] simplify the code to print new PCs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285145 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-26 00:20:51 +00:00
Kostya Serebryany
cbe5db8703 [libFuzzer] simplify the code in TracePC::HandleTrace 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285142 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-25 23:52:25 +00:00
Kostya Serebryany
d2c91bff2f [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285049 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-25 02:04:43 +00:00
Reid Kleckner
57a3dc5d8b Fix -Wunused-variable warning in libFuzzer 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284838 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-21 16:26:27 +00:00
Kostya Serebryany
db740ff84a [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284508 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-18 18:06:05 +00:00
Kostya Serebryany
75281e6436 [libFuzzer] better algorithm for -minimize_crash 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284299 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-15 01:00:24 +00:00
Kostya Serebryany
3af68729f8 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284273 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-14 20:20:33 +00:00
Kostya Serebryany
76edd8d153 [libFuzzer] more detailed message for disabled leak detection 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284169 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-13 22:24:10 +00:00
Kostya Serebryany
f980fc0b37 [libFuzzer] add -trace_malloc= flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284149 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-13 19:06:46 +00:00
Kostya Serebryany
1a60ba886d [libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283682 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-08 23:24:45 +00:00
Kostya Serebryany
19e25ecdf5 [libFuzzer] control the reload interval by a flag, make it 10 seconds by default 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283676 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-08 22:12:14 +00:00
Kostya Serebryany
89268017c2 [libFuzzer] be more careful with memory usage, print peak rss in status lines 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283418 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-06 05:14:00 +00:00
Kostya Serebryany
aca34111f6 [libFuzzer] when re-running for lsan, don't look at the coverage 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283411 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-05 23:31:01 +00:00
Kostya Serebryany
cc6cbfdebc [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283409 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-05 22:56:21 +00:00
Kostya Serebryany
d277734b71 [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283279 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-05 00:25:17 +00:00
Kostya Serebryany
eedfbe0313 [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283187 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-04 06:08:46 +00:00
Kostya Serebryany
f46303af79 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282995 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-01 01:04:29 +00:00
Kostya Serebryany
b6b3db73a6 [libFuzzer] remove some experimental code 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282983 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-30 23:29:27 +00:00
Kostya Serebryany
5d78fc63a4 [libFuzzer] remove unused option 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282971 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-30 22:29:57 +00:00
Kostya Serebryany
030bfb83e5 [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282831 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-30 01:24:57 +00:00
Kostya Serebryany
ec49d2d369 [libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282829 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-30 01:19:56 +00:00
Kostya Serebryany
efa54824a3 [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282735 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-29 17:43:24 +00:00
Kostya Serebryany
65f502816c [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282458 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-27 00:10:20 +00:00
Kostya Serebryany
e2e54904b7 [libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282316 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-23 23:51:58 +00:00
Kostya Serebryany
fd1fd77cb1 [libFuzzer] be more precise about what we reset in TracePC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282225 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-23 02:18:59 +00:00
Kostya Serebryany
07016d4bd5 [libFuzzer] fix merging with trace-pc-guard 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282224 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-23 01:58:51 +00:00
Kostya Serebryany
73508a3cb1 [libFuzzer] simplify the TracePC logic 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282222 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-23 01:20:07 +00:00
Kostya Serebryany
5a965a68f3 [libFuzzer] move value profiling logic into TracePC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282219 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-23 00:46:18 +00:00