RPCSX/llvm
1
0
Fork 0
mirror of https://github.com/RPCSX/llvm.git synced 2025-01-09 05:31:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
143,374 Commits 27 Branches 0 Tags 473 MiB
6fc369afea
Commit Graph

516 Commits

Author SHA1 Message Date
Mike Aizatsky
b0d0618635 [libfuzzer] Trying random unit prefixes during corpus load. 
Differential Revision: http://reviews.llvm.org/D20301

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270632 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-24 23:14:29 +00:00
Kostya Serebryany
7e463431d7 [libFuzzer] add a license header to afl/afl_driver.cpp 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270598 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-24 19:05:25 +00:00
Dan Liew
036e9cc7c7 [LibFuzzer] Fix implementation of `GetPeakRSSMb()` on Mac OSX. 
On Linux ``rusage.ru_maxrss`` is in KiB but on Mac OSX it is in bytes.

Differential Revision: http://reviews.llvm.org/D20410

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270173 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-20 01:37:54 +00:00
Dan Liew
adef8786dd [LibFuzzer] Fix `NumberOfCpuCores()` on Mac OSX. 
The ``nprocs`` command does not exist under Mac OSX so use
``sysctl`` instead on that platform.

Whilst I'm here

* Use ``pclose()`` instead of ``fclose()`` which the ``popen()``
  documentation says should be used.
* Check for errors that were previously unhandled.

Differential Revision: http://reviews.llvm.org/D20409

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270172 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-20 01:30:36 +00:00
Dan Liew
86af2862c5 [LibFuzzer] 
Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX.

Under Mac OSX we intercept calls to malloc before thread local
storage is initialised leading to a crash when accessing
``AllocTracer``. To workaround this ``AllocTracer`` is only accessed
in the hook under Linux. For symmetry ``__sanitizer_free_hook()``
is also modified in the same way.

To support this change a set of new macros
LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be
used to check the target being compiled for.

Differential Revision: http://reviews.llvm.org/D20402

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270145 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-19 22:00:33 +00:00
Kostya Serebryany
d8c064b2e9 [libFuzzer] do the merge faster and a bit less precise 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269497 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-13 22:11:23 +00:00
Kostya Serebryany
909ee84abf [libFuzzer] print the file name before executing the input so that if there is a crash we know which files has caused it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269450 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-13 18:10:33 +00:00
Kostya Serebryany
22dd3bbcf0 [libFuzzer] simplify FuzzerInterface.h 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269448 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-13 18:04:35 +00:00
Kostya Serebryany
32409ab4c5 [libFuzzer] add a driver file to use AFL on LLVMFuzzerTestOneInput 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269141 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-10 23:46:50 +00:00
Mike Aizatsky
0d68393b0f [libfuzzer] Refactoring coverage state-management code. 
It is now less state-dependent and will allow easier comparing of
coverages of different units.

Differential Revision: http://reviews.llvm.org/D20085

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269140 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-10 23:43:15 +00:00
Kostya Serebryany
c48930b338 [libFuzzer] add a test for libFuzzer+ubsan, extend the docs on using libFuzzer+ubsan 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268968 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-09 21:02:36 +00:00
Kostya Serebryany
2f120989e3 [libFuzzer] better document the -merge=1 flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268957 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-09 19:11:36 +00:00
Kostya Serebryany
f01dfdd8aa [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print the OOM reproducer. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268821 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-06 23:38:07 +00:00
Kostya Serebryany
815a884f59 [libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268807 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-06 21:58:35 +00:00
Kostya Serebryany
18c0216842 [libFuzzer] print stats after running individual inputs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268547 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-04 20:44:50 +00:00
Kostya Serebryany
168e51186d [libFuzzer] enable detect_leaks=1, add proper docs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268088 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-29 18:49:55 +00:00
Kostya Serebryany
cb249e3b07 [libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak [part 2] 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@267771 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-27 19:52:56 +00:00
Kostya Serebryany
30f53168fa [libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@267770 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-27 19:52:34 +00:00
Kostya Serebryany
cb05ff9241 [libFuzzer] remove dead code 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@267455 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-25 19:41:45 +00:00
Kostya Serebryany
a0a13e0ee1 [libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, it will help finding leaks while fuzzing 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@266838 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-20 00:24:21 +00:00
Kostya Serebryany
d3f038dc3e [libFuzzer] try to print correct time in seconds when reporting a timeout. Don't report timeouts while still loading the corpus. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@266693 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-18 22:50:39 +00:00
Kostya Serebryany
37e715dc57 [libFuzzer] warn if the corpus is empty 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@266670 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-18 21:14:11 +00:00
Mehdi Amini
f6071e14c5 [NFC] Header cleanup 
Removed some unused headers, replaced some headers with forward class declarations.

Found using simple scripts like this one:
clear && ack --cpp -l '#include "llvm/ADT/IndexedMap.h"' | xargs grep -L 'IndexedMap[<]' | xargs grep -n --color=auto 'IndexedMap'

Patch by Eugene Kosov <claprix@yandex.ru>

Differential Revision: http://reviews.llvm.org/D19219

From: Mehdi Amini <mehdi.amini@apple.com>

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@266595 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-18 09:17:29 +00:00
Kostya Serebryany
ac6d266478 [libFuzzer] add a better warning for command line flags with -- (two dashes) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@266480 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-15 21:56:29 +00:00
Hans Wennborg
f721b994c5 Remove redundant .c_str(), as suggested by PR25633 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@265988 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-11 20:35:17 +00:00
Mike Aizatsky
5bb9d06dac [libfuzzer] defensive assert 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@265866 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-08 23:32:24 +00:00
Mike Aizatsky
f4643f6392 [libfuzzer] adding license headers to cpp files 
Differential Revision: http://reviews.llvm.org/D18705

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@265174 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-01 18:38:58 +00:00
Kostya Serebryany
7544ffc130 [libFuzzer] more docs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@264803 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-29 23:07:36 +00:00
Kostya Serebryany
3d4018c32c [libFuzzer] use fflush after every Printf 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@264459 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-25 20:31:26 +00:00
Kostya Serebryany
d32f138d30 [libFuzzer] handle SIGTERM 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@264338 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-24 21:03:58 +00:00
Kostya Serebryany
c09d592889 [libFuzzer] don't report memory leaks if we are dying due to a timeout (just use _Exit instead of exit in the timeout callback) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@264237 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-24 01:32:08 +00:00
Kostya Serebryany
f4b00d0631 [libFuzzer] use fdopen+vfprintf instead of fsnprintf+write 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@264230 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-24 00:57:32 +00:00
Kostya Serebryany
4aa62c5d17 [libFuzzer] add a flag close_fd_mask so that we can silence spammy targets by closing stderr/stdout 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263831 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-18 20:58:29 +00:00
Benjamin Kramer
3ac2aa592d [Fuzzer] Guard no_sanitize_memory attributes behind __has_feature. 
Otherwise GCC fails to build it because it doesn't know the attribute.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263787 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-18 14:19:19 +00:00
Kostya Serebryany
2b341f70ca [libFuzzer] read corpus dirs recursively 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263773 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-18 01:36:00 +00:00
Kostya Serebryany
ab641c1abd [libFuzzer] improve -merge functionality 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263769 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-18 00:23:29 +00:00
Kostya Serebryany
bcace10c40 [libFuzzer] deprecate several flags 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263739 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-17 19:59:39 +00:00
Kostya Serebryany
227603719a [libFuzzer] add __attribute__((no_sanitize_memory)) to two functions that may be called from signal handler(s) or from msan. This will hopefully avoid msan false reports which I can't reproduce 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263737 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-17 19:42:35 +00:00
Mike Aizatsky
fa4edb682f [libfuzzer] speeding up corpus load 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263591 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-15 21:47:21 +00:00
Kostya Serebryany
2f2c2e3539 [libFuzzer] use max_len exactly equal to the max size of input. Fix 32-bit build 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263518 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-15 01:28:00 +00:00
Kostya Serebryany
b30f32650e [libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263323 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-12 01:57:04 +00:00
Mike Aizatsky
c0d25bf9b8 [libfuzzer] adding std:string to allowed adaptable argument. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262757 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-04 23:18:01 +00:00
Kostya Serebryany
2c1ecb8c48 [libFuzzer] log less when re-loading files; fix a silly bug: when running single files actually run all of them, not just the first one 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262754 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-04 22:35:40 +00:00
Mike Aizatsky
d7ee221d4d [libfuzzer] arbitrary function adapter. 
The adapter automates converting sequence of bytes into arbitrary
arguments.

Differential Revision: http://reviews.llvm.org/D17829

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262673 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-03 23:45:29 +00:00
Kostya Serebryany
2ef77db652 [libFuzzer] when interrupted, call _Exit() instead of exit() 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262667 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-03 22:36:37 +00:00
Kostya Serebryany
c2ecfd6993 [libFuzzer] add -Werror for libFuzzer build rule 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262517 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-02 21:08:16 +00:00
Dmitry Vyukov
f984411dc5 libfuzzer: fix compiler warnings 
- unused sigaction/setitimer result (used in assert)
- unchecked fscanf return value
- signed/unsigned comparison



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262472 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-02 09:54:40 +00:00
Kostya Serebryany
66bb64fd43 [libFuzzer] deprecate exit_on_first flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262417 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-01 22:33:14 +00:00
Kostya Serebryany
7a1dcf9965 [libFuzzer] add generic signal handlers so that libFuzzer can report at least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262415 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-01 22:19:21 +00:00
Kostya Serebryany
8ca429497a [libFuzzer] remove FuzzerSanitizerOptions.cpp 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262354 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-01 17:46:32 +00:00
Rafael Espindola
93ed620d27 Refactor duplicated code for linking with pthread. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262344 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-01 15:54:40 +00:00
Kostya Serebryany
0b3b8cba94 [libFuzzer] fixing the bot 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262106 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-27 03:14:23 +00:00
Kostya Serebryany
a6b4efd1d0 [libFuzzer] speedup path coverage handling 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262102 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-27 01:50:16 +00:00
Kostya Serebryany
86b1b67565 [libFuzzer] add -print_final_stats=1 flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262084 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-26 22:42:23 +00:00
Kostya Serebryany
1ff29eb9ca [libFuzzer] initial implementation of path coverage based on -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262073 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-26 21:33:56 +00:00
Kostya Serebryany
a755f1bd65 [libFuzzer] only read MaxLen bytes from every file in the corpus to speedup loading the corpus 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@261267 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-18 21:49:10 +00:00
Kostya Serebryany
b73d5ba466 [libFuzzer] fix the libFuzzer bot 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@261184 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-18 02:02:40 +00:00
Kostya Serebryany
73b0e08885 [libFuzzer] don't timeout when loading the corpus. Be a bit more verbose when loading large corpus. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@261143 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-17 19:42:34 +00:00
Kostya Serebryany
2d7392fe48 [libFuzzer] remove std::vector operations from hot paths, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260829 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 17:56:51 +00:00
Kostya Serebryany
49429cee7f [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260810 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 06:24:18 +00:00
Kostya Serebryany
5a08f1b013 [libFuzzer] remove the C++-ish variant of FuzzerDriver from the interface 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260801 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 03:59:26 +00:00
Kostya Serebryany
d1eacb8ffc [libFuzzer] simplify CTOR of MutationDispatcher 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260800 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 03:46:26 +00:00
Kostya Serebryany
1d35d47455 [libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260799 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 03:37:24 +00:00
Kostya Serebryany
efb0cc7640 [libFuzzer] get rid of UserSuppliedFuzzer; NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260798 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 03:25:16 +00:00
Kostya Serebryany
728ca1266f [libFuzzer] simplify the code around Random. NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260797 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 03:00:53 +00:00
Kostya Serebryany
f71ac00d01 [libFuzzer] remove UserSuppliedFuzzer from the interface (it was a bad idea). 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260796 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 02:39:30 +00:00
Kostya Serebryany
e6d7e3d948 [libFuzzer] provide a plain C interface for custom mutators (experimental) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260794 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 02:29:38 +00:00
Kostya Serebryany
14c6007ab2 [libFuzzer] make -runs=N flag also affect the simple runner (will execute every input N times) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260649 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-12 02:32:03 +00:00
Mike Aizatsky
dff48e6497 [libfuzzer] Removing coverage-related flags from asan options. 
Summary:
Reasons to remove are twofold:
 - we don't really need coverage=1 for libfuzzer operation
 - makes controlling coverage for fuzzer processes non-trivial.

Differential Revision: http://reviews.llvm.org/D17168

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260611 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-11 22:20:34 +00:00
Kostya Serebryany
5a91878f44 [libFuzzer] hot fix a test 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259732 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-04 00:12:28 +00:00
Kostya Serebryany
598f7017b4 [libFuzzer] don't write the test unit when a leak is detected (since we don't know which unit causes the leak) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259731 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-04 00:02:17 +00:00
Kostya Serebryany
7cec6c634b [libFuzzer] don't create too many trace-based mutations as it may be too slow 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259600 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-02 23:17:45 +00:00
Kostya Serebryany
485551ecaf [libFuzzer] allow passing 1 or more files as individual inputs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259459 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-02 03:03:47 +00:00
Kostya Serebryany
05de8e95f6 [libFuzzer] fail if the corpus dir does not exist 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259454 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-02 02:07:26 +00:00
Kostya Serebryany
58b3c64b6b [libFuzzer] add -timeout_exitcode option 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259265 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-29 23:30:07 +00:00
Kostya Serebryany
fb614ec4d4 [libFuzzer] re-enable test for -abort_on_timeout=1, this time protecting from ASAN_OPTIONS set outside 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259263 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-29 23:19:00 +00:00
Ivan Krasin
79890da71d Temporary disable broken fuzzer/timeout tests. 
Reviewers: kcc

Differential Revision: http://reviews.llvm.org/D16543

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258702 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-25 19:05:45 +00:00
Kostya Serebryany
d75ddafc2f [libFuzzer] add -abort_on_timeout option 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258631 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-23 19:34:19 +00:00
Kostya Serebryany
21a169fad1 [libFuzzer] add more fields to DictionaryEntry to count the number of uses and successes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258589 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-22 23:55:14 +00:00
Ivan Krasin
da57df2854 Use std::piecewise_constant_distribution instead of ad-hoc binary search. 
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.

Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed.

Reviewers: aizatsky, kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D16487

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258571 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-22 22:28:27 +00:00
Ivan Krasin
55b3567cb1 Revert r258473 as it's breaking the build with libc++ 
Reviewers: kcc

Differential Revision: http://reviews.llvm.org/D16441

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258479 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-22 03:21:52 +00:00
Ivan Krasin
3e0fdb8944 Use std::piecewise_constant_distribution instead of ad-hoc binary search. 
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.

Note: I had to change the seed for one test to make it pass. Alternatively,
the number of runs could be increased. I believe that the average time of
'foo' discovery is not increased, just seed=1 was particularly convenient
for the previous PRNG scheme used.

Reviewers: aizatsky, kcc

Subscribers: llvm-commits, kcc

Differential Revision: http://reviews.llvm.org/D16419

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258473 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-22 01:32:34 +00:00
Kostya Serebryany
75da488104 [libFuzzer] don't do expensive memmem if the result will not be used 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258462 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-22 01:04:58 +00:00
Kostya Serebryany
7e85cfa5be [libFuzzer] don't use std::vector in one more hot path 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258380 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-21 01:52:14 +00:00
Mike Aizatsky
b1020e3809 [libfuzzer] use %p for printing addresses 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258370 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-21 00:02:09 +00:00
Kostya Serebryany
429a7edf9b [libFuzzer] use std::mt19937 for generating random numbers by default. Fix MyStoll to handle negative values. Use std::any_of instead of std::find_if 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258178 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-19 20:33:57 +00:00
Kostya Serebryany
baa00e52a5 [libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257985 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-16 03:53:32 +00:00
Kostya Serebryany
1e595319e3 [libFuzzer] introduce LLVMFuzzerInitialize 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257980 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-16 01:23:12 +00:00
Kostya Serebryany
f7dd1d2c0c [libFuzzer] move some code from public interface header to a non-public header. NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257963 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-16 00:04:36 +00:00
Kostya Serebryany
f1af856009 [libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257873 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-15 06:24:05 +00:00
Kostya Serebryany
9039b1ff4e [libFuzzer] use custom stol; also introduce __libfuzzer_is_present so that users can check for its presence. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257848 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-15 00:17:37 +00:00
Kostya Serebryany
a416b73b12 [libFuzzer] suggest a dictionary to the user of some of the trace-based dictionary entries were successful 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257736 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-14 02:36:44 +00:00
Kostya Serebryany
92e8dcd607 [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257713 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-13 23:46:01 +00:00
Kostya Serebryany
3888fb079a [libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257701 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-13 23:02:30 +00:00
Kostya Serebryany
43a24b5d93 [libFuzzer] make sure to update CurrentUnit when drilling 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257560 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-13 01:58:27 +00:00
Kostya Serebryany
53ff84bf11 [libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257482 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-12 16:50:18 +00:00
Kostya Serebryany
7b0624d17e [libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257435 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-12 02:36:59 +00:00
Kostya Serebryany
71afbb96dc [libFuzzer] add various debug prints. Also don't mutate based on a cmp trace like (a eq a) or (a neq a) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257434 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-12 02:08:37 +00:00
Kostya Serebryany
d89bfb65a8 [libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive the result of the computations. With that, don't do any mutations if memcmp/etc returned 0 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257423 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-12 00:43:42 +00:00
Kostya Serebryany
38c36e3216 [libFuzzer] debug prints in tracing 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257249 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-09 03:46:08 +00:00
Kostya Serebryany
7fddde9543 [libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257248 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-09 03:08:58 +00:00
Kostya Serebryany
295ef47f9e [libFuzzer] don't limit memcmp tracing with 8 bytes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257245 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-09 01:39:55 +00:00
Kostya Serebryany
461ac91112 [libFuzzer] refactor the way we collect cmp traces (don't use std::vector, don't limit with 8 bytes) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257239 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-09 00:38:40 +00:00
Kostya Serebryany
ab240104f0 [libFuzzer] add a position hint to the dictionary-based mutator 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257013 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-07 01:49:35 +00:00
Kostya Serebryany
92ec084eaf [libFuzzer] extend the dictionary mutator to optionally overwrite data with the dict entry 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256900 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-06 02:13:04 +00:00
Mike Aizatsky
1cea7723fa [libfuzzer] print_new_cov_pcs experimental option. 
Differential Revision: http://reviews.llvm.org/D15901

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256882 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-06 00:21:22 +00:00
Kostya Serebryany
325442be58 [libFuzzer] make trace-based fuzzing not crash in presence of threads 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256876 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-06 00:03:35 +00:00
Kostya Serebryany
7482ffbe49 [libFuzzer] add AFL-style dictionary for C++, remove the old file with tokens 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256229 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-22 01:50:51 +00:00
Kostya Serebryany
62663ee66e [libFuzzer] deprecate -save_minimized_corpus, -merge can be used instead 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256086 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-19 03:42:16 +00:00
Kostya Serebryany
cf686ded44 [libFuzzer] split the tests to run them in parallel, remove one redundant test 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256085 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-19 03:35:30 +00:00
Kostya Serebryany
a1e5f35b02 [libFuzzer] make CrossOver just one of the other mutations 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256081 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-19 02:49:09 +00:00
Kostya Serebryany
7ed616c150 [libFuzzer] print successfull mutations sequences 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256071 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-19 01:09:49 +00:00
Peter Collingbourne
5b00f3232b Fuzzer: Fix library dependencies. 
Newer versions of libstdc++ (4.9+), as well as libc++, depend directly on
libpthread from the standard library headers, so libfuzzer needs to declare
a standard library dependency.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@255745 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-16 02:14:57 +00:00
Mike Aizatsky
6d5ee5a800 [LibFuzzer] Introducing FUZZER_FLAG_UNSIGNED and using it for seeding. 
Differential Revision: http://reviews.llvm.org/D15339

done

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@255296 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-10 20:41:53 +00:00
Kostya Serebryany
d33fc70ecf [libFuzzer] don't reload the corpus more than once every second 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@254824 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-05 02:09:22 +00:00
Kostya Serebryany
3f8065b694 [libFuzzer] compute base64 in-process instead of using an external lib. Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@254784 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-04 22:29:39 +00:00
Mike Aizatsky
ba2d199d49 Libfuzzer: do not pass null into user function 
Differential Revision: http://reviews.llvm.org/D15098

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@254558 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-02 22:43:53 +00:00
Kostya Serebryany
569415a25b [libFuzzer] add a test that is built with -fsanitize-coverage=trace-bb 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@254484 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-02 02:49:37 +00:00
Kostya Serebryany
e8d7ae6209 [libFuzzer] add a flag -exact_artifact_path 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@254100 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-25 21:40:46 +00:00
Kostya Serebryany
45ac8bc6fc [libFuzzer] don't crash when reporting a leak in test_single_input mode 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@253761 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-21 03:46:43 +00:00
Kostya Serebryany
01400f4e22 [libFuzzer] remove default initializer as a workaround for https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399. Don't need it anyway. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@253419 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-18 01:08:30 +00:00
Kostya Serebryany
ad9ec32c1f [libFuzzer] make libFuzzer build even with a compiler that does not have sanitizer headers 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@253003 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-13 01:54:40 +00:00
Mike Aizatsky
c1a030fd64 output_csv libfuzzer option 
Summary:
The option outputs statistics in CSV format preceded by 1 header line.
This is intended for machine processing of the output.
-verbosity=0 should likely be set.

Differential Revision: http://reviews.llvm.org/D14600

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@252856 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-12 04:38:40 +00:00
Kostya Serebryany
1a42a60ebc [libFuzzer] experimental flag -drill (another search heuristic; Mike Aizatsky's idea) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@252838 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-12 01:02:01 +00:00
Kostya Serebryany
f357e6fb5f [libFuzzer] add UninstrumentedTest.cpp (missing from a previous commit) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@252658 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-10 22:02:56 +00:00
Kostya Serebryany
f41e3780b3 [libFuzzer] make libFuzzer link if there is no sanitizer coverage instrumentation (it will fail at start-up time) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@252533 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-09 23:17:45 +00:00
Kostya Serebryany
331a8c8a87 [libFuzzer] print a bit fewer lines 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@252123 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-05 01:19:42 +00:00
Kostya Serebryany
d022e94463 [libFuzzer] when choosing the next unit to mutate, give some preference to the most recent units (they are more likely to be interesting) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@252097 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-04 23:22:25 +00:00
Kostya Serebryany
af639be62f [libFuzzer] make -test_single_input more reliable: make sure the input's size is equal to it's capacity 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@251961 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-03 18:57:25 +00:00
Kostya Serebryany
242325ad98 [libFuzzer] add -merge flag to merge corpora 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@251168 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-24 01:16:40 +00:00
Kostya Serebryany
b33343ddb1 [libFuzzer] remove some old code; also make __sanitizer_get_total_unique_caller_callee_pairs weak so that newer libFuzzer works with older asan 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@251133 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-23 18:37:58 +00:00
Kostya Serebryany
7bcc4cdbdd [libFuzzer] use the indirect caller-callee counter as an independent search heuristic 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@251078 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-22 23:55:39 +00:00
Kostya Serebryany
41180c6eba [libFuzzer] more refactoring the code that checks the coverage. NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@251075 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-22 22:56:45 +00:00
Kostya Serebryany
1969ec112d [libFuzzer] refactoring the code that checks the coverage. NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@251074 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-22 22:50:47 +00:00
Kostya Serebryany
a3619c6b43 [libFuzzer] remove the deprecated 'tokens' feature 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@251069 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-22 21:48:09 +00:00
Craig Topper
44bf343ec1 Make a bunch of static arrays const. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@250642 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-18 05:15:34 +00:00
Kostya Serebryany
2a50aa48db [libFuzzer] add -shuffle flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@250603 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-17 04:38:26 +00:00
Kostya Serebryany
9b24e29d72 [libFuzzer] print a stack trace on timeout 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@250571 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-16 23:04:31 +00:00
Kostya Serebryany
5792846506 [libFuzzer] reduce the size of artifacts printed on the screen 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@250565 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-16 22:47:20 +00:00
Kostya Serebryany
17062e257e [libFuzzer] When -test_single_input crashes the test it is not necessary to write crash-file because input is already known to the user. Patch by Mike Aizatsky 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@250564 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-16 22:41:47 +00:00
Kostya Serebryany
002f1b00d6 [libFuzzer] don't print large artifacts to stderr 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249808 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-09 04:03:14 +00:00
Kostya Serebryany
22d6013f13 [libFuzzer] add -artifact_prefix flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249807 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-09 03:57:59 +00:00
Kostya Serebryany
5cacd53f76 [libFuzzer] fix 32-bit build 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249646 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-08 00:59:25 +00:00
Kostya Serebryany
2e700c9bf6 [libFuzzer] trying to fix at-exit hang 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249231 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-03 07:02:05 +00:00
Kostya Serebryany
9906eefc84 [libFuzzer] make LLVMFuzzerTestOneInput (the fuzzer target function) return int instead of void. The actual return value is not *yet* used (and expected to be 0). This change is API breaking, so the fuzzers will need to be updated. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249214 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-02 23:34:06 +00:00
Kostya Serebryany
f351bce7bd [libFuzzer] remove experimental flag and functionality 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249194 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-02 22:00:32 +00:00
Kostya Serebryany
cd0d243e72 [libFuzzer] add a flag -max_total_time 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249181 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-02 20:47:55 +00:00
Ivan Krasin
55928e792c [LibFuzzer] test_single_input option to run a single test case. 
-test_single_input flag specifies a file name with test data.

Review URL: http://reviews.llvm.org/D13359

Patch by Mike Aizatsky!



git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249096 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-01 23:23:06 +00:00
Kostya Serebryany
22e2376e14 [libFuzzer] Marking exported symbols as visible. Patch by Mike Aizatsky 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@248954 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-30 22:22:37 +00:00
Kostya Serebryany
8a15ef599e [libFuzzer] perform fewer crossover operations compared to plain mutations 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@247364 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-11 00:20:58 +00:00
Kostya Serebryany
8eaf34eed8 [libFuzzer] refactor the code to allow building libFuzzer on platforms that don't have dfsan and don't support weak functions 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@247321 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-10 18:48:38 +00:00
Kostya Serebryany
a8d8dba0a6 [libFuzzer] add two more variants of FuzzerDriver for convenience 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@247300 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-10 16:57:57 +00:00
Ivan Krasin
9e01a11e67 [libFuzzer]Add a test for defeating a hash sum. 
Summary:
Add a test for a data followed by 4-byte hash value.
I use a slightly modified Jenkins hash function,
as described in https://en.wikipedia.org/wiki/Jenkins_hash_function

The modification is to ensure that hash(zeros) != 0.

Reviewers: kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D12648

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@247076 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-08 21:22:52 +00:00
Kostya Serebryany
88d071c626 [libFuzzer] remove a piece of stale code 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@247067 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-08 20:40:10 +00:00
Kostya Serebryany
e96dc98acb [libFuzzer] be more robust when dealing with files on disk (e.g. don't crash if a file was there but disappeared) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@247066 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-08 20:36:33 +00:00
Kostya Serebryany
828d315fd6 [libFuzzer] better documentatio for -save_minimized_corpus=1 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@247033 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-08 17:43:51 +00:00
Kostya Serebryany
06465a68cc [libFuzzer] remove -iterations as redundant (there is also -num_runs) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@247030 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-08 17:30:35 +00:00
Kostya Serebryany
872c556fa8 [libFuzzer] add one more mutator: Mutate_ChangeASCIIInteger 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@247027 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-08 17:19:31 +00:00
Kostya Serebryany
87e6608466 [libFuzzer] more accurate logic for traces, 80-char fix 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@246888 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-04 22:32:25 +00:00
Kostya Serebryany
c18fae603d [libFuzzer] when a single mutation fails try a few more times with other mutations before returning un-mutated data 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@246828 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-04 00:40:29 +00:00
Kostya Serebryany
6cc3ed7cdd [libFuzzer] actually make the dictionaries work (+docs) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@246825 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-04 00:12:11 +00:00
Kostya Serebryany
bf6bd487d5 [libFuzzer] refactor the mutation functions so that they are now methods of a class. NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@246808 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-03 21:24:19 +00:00
Kostya Serebryany
446d906a52 [libFuzzer] adding a parser for AFL-style dictionaries + tests. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@246800 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-03 20:23:46 +00:00
Kostya Serebryany
8f6c191d6c [libFuzzer] deprecate the -tokens flag. This was a bad idea because the corpus with this flag contains encrypted inputs, not the real inputs, which complicates interoperation with other fuzzers. Instead we'll need to implement AFL dictionary support 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@246734 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-02 23:27:39 +00:00
Kostya Serebryany
580504f120 [libFuzzer] honour -only_ascii=1 when reading the initial corpus. Also, remove ugly #ifdef 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@246689 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-02 19:08:08 +00:00
Kostya Serebryany
243e7c5f8c [libFuzzer] fix minor inefficiency, PR24584 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@246087 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-26 21:55:19 +00:00
Lenny Maiorani
5320ef0b60 Fix missing space in libfuzzer's help text. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244800 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-12 20:00:10 +00:00
Kostya Serebryany
234cfada18 [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the trace-based-mutations are applied 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244712 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-12 01:55:37 +00:00
Kostya Serebryany
e0b167c66c [libFuzzer] add colons to the stats output to avoid confusion 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244708 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-12 01:04:27 +00:00
Kostya Serebryany
75a2674466 [libFuzzer] use raw C IO to reduce the risk of a deadlock in a signal handler. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244707 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-12 00:55:09 +00:00
Nick Lewycky
eacc53d67e Fix unused variable 'X' in release builds. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244571 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-11 05:57:10 +00:00
Kostya Serebryany
89f52ac188 [libFuzzer] add -only_ascii flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244559 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-11 01:44:42 +00:00
Yaron Keren
b80a26544b Add missing include guard to FuzzerInternal.h, NFC. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244457 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-10 16:37:40 +00:00
Kostya Serebryany
397ed3e704 [libFuzzer] move the mutators to public interface so that custom mutators may reuse these functions directly 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244250 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-06 19:19:55 +00:00
Kostya Serebryany
596885b016 [libFuzzer] add one more mutation strategy: byte shuffling 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244188 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-06 01:29:13 +00:00
Kostya Serebryany
c2f74a9478 [libFuzzer] avoid build warnings in non-assert build (useful warning in this case) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244177 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-05 23:44:42 +00:00
Kostya Serebryany
5707219e94 [libFuzzer] in dfsan mode, set labels every time we start recording traces as opposed to doing it at process startup. This ensures that the labels are fresh. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244165 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-05 23:02:57 +00:00
Kostya Serebryany
7141424447 [libFuzzer] add option -report_slow_units=Nsec to control when slow units are printed 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244152 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-05 21:43:48 +00:00
Kostya Serebryany
764fea6d11 [libFuzzer] add a missing test file 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244151 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-05 21:32:13 +00:00
Kostya Serebryany
d2f9ac2486 [libFuzzer] use data-flow feedback from strcmp 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244084 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-05 18:23:01 +00:00
Kostya Serebryany
0dd9ec77d1 [libFuzzer] more refactoring of the Mutator and adding tests to it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243818 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-01 02:23:06 +00:00
Kostya Serebryany
8d4c8061c9 [libFuzzer] start refactoring the Mutator and adding tests to it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243817 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-01 01:42:51 +00:00
Kostya Serebryany
427b5a50cf [libFuzzer] limit the size of the inputs printed to stderr 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243795 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-31 22:07:17 +00:00
Kostya Serebryany
f7aa7e6f49 [libFuzzer] make sure that 2-byte arguments of switch() are handled properly 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243781 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-31 20:58:55 +00:00
Kostya Serebryany
207cfe14a9 [libFuzzer] record traces from the switch statements only when told to do so 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243768 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-31 18:09:08 +00:00
Kostya Serebryany
26e09e2da5 [libFuzzer] support switch interception in dfsan mode 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243760 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-31 17:05:05 +00:00
Kostya Serebryany
02c18f4db9 [libFuzzer] trace switch statements and apply mutations based on the expected case values 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243726 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-31 01:33:06 +00:00
Kostya Serebryany
dd6dcb6cee [libFuzzer] fix the strncmp interceptor -- it should respect short strings. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243691 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-30 21:22:22 +00:00
Kostya Serebryany
11186e1752 [libFuzzer] implement strncmp hook for data-flow-guided fuzzing (w/ and w/o dfsan), add a test 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243611 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-30 02:33:45 +00:00
Kostya Serebryany
c01d39e6b8 [libFuzzer] implement memcmp hook for data-flow-guided fuzzing (w/o dfsan), extend the memcmp fuzzer test 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243603 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-30 01:34:58 +00:00
Kostya Serebryany
c830cebe1f [libFuzzer] ensure that the dfsan tracing hooks actually run (using -verbosity=3 in tests) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243365 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-28 01:25:00 +00:00
Kostya Serebryany
322fda4b3e [libFuzzer] when using cmp traces, first check that the CMP is evaluated to one value much more frequently than to the other value (heuristic) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243363 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-28 00:59:53 +00:00
Kostya Serebryany
33a9a09cd7 [libFuzzer] allow users to supply their own implementation of rand 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243078 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-24 01:06:40 +00:00
Kostya Serebryany
6cbc095f13 [libFuzzer] dump long running units to disk 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@243031 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-23 18:37:22 +00:00
Alexey Samsonov
3dee92c907 [Fuzzer] Rely on $PATH expansion instead of hardcoding paths in tests. NFC. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@242851 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-21 22:51:55 +00:00
Alexey Samsonov
bb577748c0 [Fuzzer] Clearly separate regular and DFSan tests. NFC. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@242850 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-21 22:51:49 +00:00
Kostya Serebryany
f69bb85171 [libFuzzer] require the files and directories passed to the fuzzer to exist 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@242596 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-18 00:03:37 +00:00
Kostya Serebryany
63da212749 [lib/Fuzzer] make assertions more informative and update comments for the user-supplied mutator 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238658 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-30 17:33:13 +00:00
Kostya Serebryany
873d4e200d [lib/Fuzzer] relax an assertion 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238608 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-29 20:31:17 +00:00
Kostya Serebryany
ea8a3963b4 [lib/Fuzzer] make the fuzzing timeout 1200 seconds by default (was: infinity) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238251 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-26 20:57:47 +00:00
Kostya Serebryany
e4af3b4160 [lib/Fuzzer] fix docs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238236 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-26 19:32:52 +00:00
Kostya Serebryany
f580f3683c [lib/Fuzzer] fix build with assertions 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238235 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-26 19:29:33 +00:00
Kostya Serebryany
762dbd0574 [lib/Fuzzer] doxygen-ify the comments for the user interface 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238086 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-23 02:12:05 +00:00
Kostya Serebryany
d434a0a1b2 [lib/Fuzzer] fully get rid of std::cerr in libFuzzer 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238081 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-23 01:22:35 +00:00
Kostya Serebryany
4ea4cb3197 [lib/Fuzzer] start getting rid of std::cerr. Sadly, these parts of C++ library used in libFuzzer badly interract with the same code used in the target function and also with dfsan. It's easier to just not use std::cerr than to defeat these issues. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238078 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-23 01:07:46 +00:00
Kostya Serebryany
464deacf05 [lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is unlikely to ever scale 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238063 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-22 22:47:03 +00:00
Kostya Serebryany
ebada2c2bc [lib/Fuzzer] extend the fuzzer interface to allow user-supplied mutators 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238059 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-22 22:35:31 +00:00
Kostya Serebryany
c9389db422 [lib/Fuzzer] ignore flags that start with --; use git pull --rebase instead of just git pull 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237950 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-21 20:39:13 +00:00
Kostya Serebryany
556425f9a9 [lib/Fuzzer] change the meaning of -timeout flag: now timeout is applied to every unit of work separately 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237735 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-19 22:12:57 +00:00
Kostya Serebryany
3b3cbed1b0 [lib/Fuzzer] more efficient reload logic; also don't spam git too much 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237649 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-19 01:06:07 +00:00
Kostya Serebryany
05ef67b6b9 [lib/Fuzzer] when -sync_command=<CMD> is given, periodically execute 'CMD CORPUS' to synchronize with other processes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237617 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-18 21:34:20 +00:00
Logan Chien
9380329c4e Code cleanup: Reindent Fuzzer::MutateAndTestOne. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237533 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-17 02:44:31 +00:00
Kostya Serebryany
6f1b9541ba [lib/Fuzzer] Add SHA1 implementation from public domain. 
Summary:
This adds a SHA1 implementation taken from public domain code.
The change is trivial, but as it involves third-party code I'd like
a second pair of eyes before commit.

LibFuzzer can not use SHA1 from openssl because openssl may not be available
and because we may be fuzzing openssl itself.
Using sha1sum via a pipe is too slow.

Test Plan: n/a

Reviewers: chandlerc

Reviewed By: chandlerc

Subscribers: majnemer, llvm-commits

Differential Revision: http://reviews.llvm.org/D9733

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237400 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-14 22:41:49 +00:00
Kostya Serebryany
2727b58c88 [lib/Fuzzer] enable -use_counters=1 by default 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237272 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-13 18:31:46 +00:00
Kostya Serebryany
a5a1b190d8 [lib/Fuzzer] A simple script to synchronise a fuzz test corpus with an external git repository. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237208 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 23:19:12 +00:00
Kostya Serebryany
b8a0c0ecb3 [lib/Fuzzer] use sha1sum for the file hash 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237198 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 22:03:34 +00:00
Kostya Serebryany
eaba2dd2f1 [lib/Fuzzer] guess the right number of workers if -jobs=N is given but -workers=M is not. Update the docs. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237163 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 18:51:57 +00:00
Kostya Serebryany
de65922947 [lib/Fuzzer] remove the -dfsan=1 flag, just use -use_traces=1 (w/ or w/o dfsan) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237083 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 01:58:34 +00:00
Kostya Serebryany
772410aef6 [lib/Fuzzer] detach the pulse thread instad of joining it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237082 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 01:43:20 +00:00
Kostya Serebryany
66c6a4c240 [lib/Fuzzer] don't record traces when trace collection is off 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237067 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-11 23:25:28 +00:00
Kostya Serebryany
1d4481df82 [lib/Fuzzer] when running multiple fuzzing processes, print something every 10 minutes to avoid buildbot timeouts 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237054 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-11 21:31:51 +00:00
Kostya Serebryany
051ef86497 [lib/Fuzzer] rename FuzzerDFSan.cpp to FuzzerTraceState.cpp; update comments. NFC expected 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237050 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-11 21:16:27 +00:00
Kostya Serebryany
0cdb698aae [lib/Fuzzer] add a trace-based mutatation logic. Same idea as with DFSan-based mutator, but instead of relying on taint tracking, try to find the data directly in the input. More (logic and comments) to go. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237043 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-11 20:51:19 +00:00
Kostya Serebryany
5ba2a0b8b0 [lib/Fuzzer] build tests that work well with dfsan also w/o dfsan 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236909 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-08 21:45:19 +00:00
Kostya Serebryany
8ae273d380 [lib/Fuzzer] use -fsanitize-coverage=trace-cmp when building LLVM with LLVM_USE_SANITIZE_COVERAGE; in lib/Fuzzer try to reload the corpus to pick up new units from other processes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236906 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-08 21:30:55 +00:00
Alexey Samsonov
8227e6a8b4 Update CMake flags, LibFuzzer comments and docs for new -fsanitize-coverage= flags. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236797 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-07 23:33:24 +00:00
Kostya Serebryany
6564ee8933 [lib/Fuzzer] change the way we use taint information for fuzzing. Now, we run a single unit and collect suggested mutations based on tracing+taint data, then apply the suggested mutations one by one. The previous scheme was slower and more complex. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236772 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-07 21:02:11 +00:00
Kostya Serebryany
46fa0aabcb [lib/Fuzzer] minor refactoring/simplification, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236757 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-07 18:32:29 +00:00
Kostya Serebryany
49204878d7 [lib/Fuzzer] add dfsan_weak_hook_memcmp, enable the test that uses it, simplify the test runner 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236683 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-07 00:11:33 +00:00
Kostya Serebryany
8434a039e2 [lib/Fuzzer] remove dfsan_fuzzer_abi.list -- its contents are now moved to dfsan proper 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236659 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-06 22:47:24 +00:00
Kostya Serebryany
b350776f03 [lib/Fuzzer] add a fuzzer test for memcmp (does not work yet) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236656 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-06 22:36:00 +00:00
Kostya Serebryany
b6ca45c39f [lib/Fuzzer] rename TestOneInput to LLVMFuzzerTestOneInput to make it more unique 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236652 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-06 22:19:00 +00:00
Kostya Serebryany
605f316258 [lib/Fuzzer] on crash print the contents of the crashy input as base64 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236548 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-05 21:59:51 +00:00
Kostya Serebryany
3784f79d64 [lib/Fuzzer] use handle_abort=1 by default so that when assert() fires we save the test case 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236476 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-05 01:42:55 +00:00
Aaron Ballman
1f1fecb823 Removing a spurious space; NFC. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@234168 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-04-06 16:09:13 +00:00
Kostya Serebryany
01055ec7e3 [fuzzer] document the -tokens flag. Also change the diagnostic output 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233842 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-04-01 21:33:20 +00:00
Kostya Serebryany
3399e1fd73 [fuzzer] Add support for token-based fuzzing (e.g. for C++). Allow string flags. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233745 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-31 20:13:20 +00:00
Kostya Serebryany
3506457311 Move lib/Fuzzer docs from a README.txt to a proper .rst file. 
Summary:
Move lib/Fuzzer docs from a README.txt to a proper .rst file.
This change does not add any content, just formatting.

Test Plan: n/a

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D8710

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233638 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 23:05:30 +00:00
Kostya Serebryany
e6d25ad0e0 [fuzzer] when a single unit takes over 1 second to run and it is the slowest one so far, print it. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233637 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 23:04:35 +00:00
Kostya Serebryany
b0b7c53ee4 [fuzzer] print various stats in a unified way 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233624 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 22:44:03 +00:00
Kostya Serebryany
29c6bd6e4f DFSan-based fuzzer (proof of concept). 
Summary:
This adds a simple DFSan-based (i.e. taint-guided) fuzzer mutator,
see the comments for details.

Test Plan: a test added

Reviewers: samsonov, pcc

Reviewed By: samsonov, pcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D8669

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233613 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 22:09:51 +00:00
Kostya Serebryany
ae0620c4e9 [sanitizer/coverage] Add AFL-style coverage counters (search heuristic for fuzzing). 
Introduce -mllvm -sanitizer-coverage-8bit-counters=1
which adds imprecise thread-unfriendly 8-bit coverage counters.

The run-time library maps these 8-bit counters to 8-bit bitsets in the same way
AFL (http://lcamtuf.coredump.cx/afl/technical_details.txt) does:
counter values are divided into 8 ranges and based on the counter
value one of the bits in the bitset is set.
The AFL ranges are used here: 1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+.

These counters provide a search heuristic for single-threaded
coverage-guided fuzzers, we do not expect them to be useful for other purposes.

Depending on the value of -fsanitize-coverage=[123] flag,
these counters will be added to the function entry blocks (=1),
every basic block (=2), or every edge (=3).

Use these counters as an optional search heuristic in the Fuzzer library.
Add a test where this heuristic is critical.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@231166 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-03 23:27:02 +00:00
Kostya Serebryany
f7c1020041 [fuzzer] one more experimental search mode: -use_coverage_pairs=1 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@229957 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-20 03:02:37 +00:00
Kostya Serebryany
ce7a848558 [fuzzer] split main() into FuzzerDriver() that takes a callback as a parameter and a tiny main() in a separate file 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@229882 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-19 18:45:37 +00:00
Kostya Serebryany
0b1ec08b77 [fuzzer] properly annotate fallthrough, add one more entry to FAQ 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@229880 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-19 18:21:12 +00:00
Kostya Serebryany
9b13b8c338 [fuzzer] move default sanitizer options to a separate file 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228429 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-06 19:52:07 +00:00
Kostya Serebryany
5d85a10810 [fuzzer] add flag prefer_small_during_initial_shuffle, be a bit more verbose 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228235 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 23:42:42 +00:00
Kostya Serebryany
46c638cfc8 [fuzzer] add -runs=N to limit the number of runs per session. Also, make sure we do some mutations w/o cross over. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228214 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 22:20:09 +00:00
Kostya Serebryany
eb884daa38 [fuzzer] make multi-process execution more verbose; fix mutation to actually respect mutation depth and to never produce empty units 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228170 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 19:10:20 +00:00
Kostya Serebryany
8fa9947e4d [fuzzer]: fix exit code, add more diagnostics 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228103 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 01:22:57 +00:00
Kostya Serebryany
04e540582b [fuzzer] Add proper dependensices to the fuzzer tests 
Summary: Make sure that FileCheck is built when running check-fuzzer

Test Plan:
run on bot:
lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7387

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228045 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-03 21:57:32 +00:00
Kostya Serebryany
32a12b924e [fuzzer] update the include line to use the new header name 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228018 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-03 19:42:05 +00:00
Kostya Serebryany
a1667be228 [fuzzer] add flags to run fuzzer in multiple parallel processes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227664 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-31 01:14:40 +00:00
Kostya Serebryany
05efde62f5 [fuzzer] Add a gtest-style test 
Summary: Add one gtest-style test.

Test Plan: run on bot

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7287

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227639 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-30 23:26:57 +00:00
Kostya Serebryany
4ac4c33f2d [fuzzer] add -use_full_coverage_set=1 which solves FullCoverageSetTest. This does not scale very well yet, but might be a good start. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227507 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 23:01:07 +00:00
Kostya Serebryany
df31d7bea7 [fuzzer] fix warning in a test 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227478 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 18:13:36 +00:00
Kostya Serebryany
c8f69d069e [fuzzer] minor cleanup based on reviews: remove redundant includes, fix a copy-pasto in tests 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227468 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 17:16:23 +00:00
Kostya Serebryany
a51685f651 [fuzzer] add FAQ section to the README.txt 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227466 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 17:11:30 +00:00
Aaron Ballman
94879c0134 Reverting r227452, which adds back the fuzzer library. Now excluding the fuzzer library based on LLVM_USE_SANITIZE_COVERAGE being set or unset. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227464 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 16:58:29 +00:00
Aaron Ballman
f316f2ea52 Temporarily reverting the fuzzer library as it causes too many build issues for MSVC users. This reverts: 227445, 227395, 227389, 227357, 227254, 227252 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227452 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 15:49:22 +00:00
Aaron Ballman
c77764d5a4 Adding missing #includes to try to get this to compile on Windows with Visual Studio. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227445 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 15:19:13 +00:00
Kostya Serebryany
1f3043175c [fuzzer] add option -save_minimized_corpus 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227395 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-28 23:48:39 +00:00
Kostya Serebryany
408796c672 Add lit-style tests for the Fuzzer library 
Summary: Add test targets and the lit-style runner.

Test Plan: Run the tests on bot.

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7217

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227389 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-28 22:49:25 +00:00
Kostya Serebryany
b0f9090173 [fuzzer] instructions for building/running clang-format-fuzzer 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227357 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-28 19:51:58 +00:00
Kostya Serebryany
556d1a3b80 [fuzzer] properly enable asan's coverage feedback 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227254 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-27 22:19:55 +00:00
Kostya Serebryany
c9baf3befb Add a Fuzzer library 
Summary:
A simple genetic in-process coverage-guided fuzz testing library.

I've used this fuzzer to test clang-format
(it found 12+ bugs, thanks djasper@ for the fixes!)
and it may also help us test other parts of LLVM.
So why not keep it in the LLVM repository?

I plan to add the cmake build rules later (in a separate patch, if that's ok)
and also add a clang-format-fuzzer target.

See README.txt for details.

Test Plan: Tests will follow separately.

Reviewers: djasper, chandlerc, rnk

Reviewed By: rnk

Subscribers: majnemer, ygribov, dblaikie, llvm-commits

Differential Revision: http://reviews.llvm.org/D7184

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227252 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-27 22:08:41 +00:00