RPCSX/llvm
1
0
Fork 0
mirror of https://github.com/RPCSX/llvm.git synced 2025-02-14 17:57:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
132,227 Commits 27 Branches 0 Tags
Commit Graph

115 Commits

Author SHA1 Message Date
Dan Liew
86af2862c5 [LibFuzzer] 
Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX.

Under Mac OSX we intercept calls to malloc before thread local
storage is initialised leading to a crash when accessing
``AllocTracer``. To workaround this ``AllocTracer`` is only accessed
in the hook under Linux. For symmetry ``__sanitizer_free_hook()``
is also modified in the same way.

To support this change a set of new macros
LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be
used to check the target being compiled for.

Differential Revision: http://reviews.llvm.org/D20402

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@270145 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-19 22:00:33 +00:00
Kostya Serebryany
d8c064b2e9 [libFuzzer] do the merge faster and a bit less precise 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269497 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-13 22:11:23 +00:00
Kostya Serebryany
22dd3bbcf0 [libFuzzer] simplify FuzzerInterface.h 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269448 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-13 18:04:35 +00:00
Mike Aizatsky
0d68393b0f [libfuzzer] Refactoring coverage state-management code. 
It is now less state-dependent and will allow easier comparing of
coverages of different units.

Differential Revision: http://reviews.llvm.org/D20085

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269140 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-10 23:43:15 +00:00
Kostya Serebryany
f01dfdd8aa [libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print the OOM reproducer. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268821 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-06 23:38:07 +00:00
Kostya Serebryany
815a884f59 [libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@268807 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-06 21:58:35 +00:00
Kostya Serebryany
30f53168fa [libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@267770 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-27 19:52:34 +00:00
Kostya Serebryany
cb05ff9241 [libFuzzer] remove dead code 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@267455 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-25 19:41:45 +00:00
Kostya Serebryany
a0a13e0ee1 [libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, it will help finding leaks while fuzzing 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@266838 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-20 00:24:21 +00:00
Kostya Serebryany
d3f038dc3e [libFuzzer] try to print correct time in seconds when reporting a timeout. Don't report timeouts while still loading the corpus. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@266693 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-18 22:50:39 +00:00
Mike Aizatsky
5bb9d06dac [libfuzzer] defensive assert 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@265866 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-04-08 23:32:24 +00:00
Kostya Serebryany
c09d592889 [libFuzzer] don't report memory leaks if we are dying due to a timeout (just use _Exit instead of exit in the timeout callback) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@264237 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-24 01:32:08 +00:00
Benjamin Kramer
3ac2aa592d [Fuzzer] Guard no_sanitize_memory attributes behind __has_feature. 
Otherwise GCC fails to build it because it doesn't know the attribute.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263787 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-18 14:19:19 +00:00
Kostya Serebryany
ab641c1abd [libFuzzer] improve -merge functionality 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263769 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-18 00:23:29 +00:00
Kostya Serebryany
bcace10c40 [libFuzzer] deprecate several flags 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263739 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-17 19:59:39 +00:00
Kostya Serebryany
227603719a [libFuzzer] add __attribute__((no_sanitize_memory)) to two functions that may be called from signal handler(s) or from msan. This will hopefully avoid msan false reports which I can't reproduce 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263737 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-17 19:42:35 +00:00
Kostya Serebryany
b30f32650e [libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263323 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-12 01:57:04 +00:00
Kostya Serebryany
2ef77db652 [libFuzzer] when interrupted, call _Exit() instead of exit() 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262667 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-03 22:36:37 +00:00
Kostya Serebryany
66bb64fd43 [libFuzzer] deprecate exit_on_first flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262417 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-01 22:33:14 +00:00
Kostya Serebryany
7a1dcf9965 [libFuzzer] add generic signal handlers so that libFuzzer can report at least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262415 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-01 22:19:21 +00:00
Kostya Serebryany
86b1b67565 [libFuzzer] add -print_final_stats=1 flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262084 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-26 22:42:23 +00:00
Kostya Serebryany
1ff29eb9ca [libFuzzer] initial implementation of path coverage based on -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262073 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-26 21:33:56 +00:00
Kostya Serebryany
a755f1bd65 [libFuzzer] only read MaxLen bytes from every file in the corpus to speedup loading the corpus 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@261267 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-18 21:49:10 +00:00
Kostya Serebryany
73b0e08885 [libFuzzer] don't timeout when loading the corpus. Be a bit more verbose when loading large corpus. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@261143 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-17 19:42:34 +00:00
Kostya Serebryany
2d7392fe48 [libFuzzer] remove std::vector operations from hot paths, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260829 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 17:56:51 +00:00
Kostya Serebryany
49429cee7f [libFuzzer] don't require seed in fuzzer::Mutate, instead use the global Fuzzer object for fuzzer::Mutate. This makes custom mutators fast 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260810 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 06:24:18 +00:00
Kostya Serebryany
efb0cc7640 [libFuzzer] get rid of UserSuppliedFuzzer; NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260798 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 03:25:16 +00:00
Kostya Serebryany
e6d7e3d948 [libFuzzer] provide a plain C interface for custom mutators (experimental) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@260794 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-13 02:29:38 +00:00
Kostya Serebryany
598f7017b4 [libFuzzer] don't write the test unit when a leak is detected (since we don't know which unit causes the leak) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259731 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-04 00:02:17 +00:00
Kostya Serebryany
58b3c64b6b [libFuzzer] add -timeout_exitcode option 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259265 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-29 23:30:07 +00:00
Kostya Serebryany
d75ddafc2f [libFuzzer] add -abort_on_timeout option 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258631 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-23 19:34:19 +00:00
Ivan Krasin
da57df2854 Use std::piecewise_constant_distribution instead of ad-hoc binary search. 
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.

Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed.

Reviewers: aizatsky, kcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D16487

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258571 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-22 22:28:27 +00:00
Ivan Krasin
55b3567cb1 Revert r258473 as it's breaking the build with libc++ 
Reviewers: kcc

Differential Revision: http://reviews.llvm.org/D16441

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258479 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-22 03:21:52 +00:00
Ivan Krasin
3e0fdb8944 Use std::piecewise_constant_distribution instead of ad-hoc binary search. 
Summary:
Fix the issue with the most recently discovered unit receiving much less attention.

Note: I had to change the seed for one test to make it pass. Alternatively,
the number of runs could be increased. I believe that the average time of
'foo' discovery is not increased, just seed=1 was particularly convenient
for the previous PRNG scheme used.

Reviewers: aizatsky, kcc

Subscribers: llvm-commits, kcc

Differential Revision: http://reviews.llvm.org/D16419

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258473 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-22 01:32:34 +00:00
Mike Aizatsky
b1020e3809 [libfuzzer] use %p for printing addresses 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258370 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-21 00:02:09 +00:00
Kostya Serebryany
f7dd1d2c0c [libFuzzer] move some code from public interface header to a non-public header. NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257963 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-16 00:04:36 +00:00
Kostya Serebryany
a416b73b12 [libFuzzer] suggest a dictionary to the user of some of the trace-based dictionary entries were successful 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257736 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-14 02:36:44 +00:00
Kostya Serebryany
92e8dcd607 [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257713 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-13 23:46:01 +00:00
Kostya Serebryany
3888fb079a [libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257701 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-13 23:02:30 +00:00
Kostya Serebryany
43a24b5d93 [libFuzzer] make sure to update CurrentUnit when drilling 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257560 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-13 01:58:27 +00:00
Kostya Serebryany
7fddde9543 [libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@257248 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-09 03:08:58 +00:00
Mike Aizatsky
1cea7723fa [libfuzzer] print_new_cov_pcs experimental option. 
Differential Revision: http://reviews.llvm.org/D15901

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256882 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-01-06 00:21:22 +00:00
Kostya Serebryany
a1e5f35b02 [libFuzzer] make CrossOver just one of the other mutations 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256081 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-19 02:49:09 +00:00
Kostya Serebryany
7ed616c150 [libFuzzer] print successfull mutations sequences 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@256071 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-19 01:09:49 +00:00
Kostya Serebryany
d33fc70ecf [libFuzzer] don't reload the corpus more than once every second 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@254824 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-05 02:09:22 +00:00
Kostya Serebryany
3f8065b694 [libFuzzer] compute base64 in-process instead of using an external lib. Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@254784 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-04 22:29:39 +00:00
Mike Aizatsky
ba2d199d49 Libfuzzer: do not pass null into user function 
Differential Revision: http://reviews.llvm.org/D15098

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@254558 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-02 22:43:53 +00:00
Kostya Serebryany
e8d7ae6209 [libFuzzer] add a flag -exact_artifact_path 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@254100 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-25 21:40:46 +00:00
Kostya Serebryany
ad9ec32c1f [libFuzzer] make libFuzzer build even with a compiler that does not have sanitizer headers 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@253003 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-13 01:54:40 +00:00
Mike Aizatsky
c1a030fd64 output_csv libfuzzer option 
Summary:
The option outputs statistics in CSV format preceded by 1 header line.
This is intended for machine processing of the output.
-verbosity=0 should likely be set.

Differential Revision: http://reviews.llvm.org/D14600

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@252856 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-12 04:38:40 +00:00