Commit Graph

502 Commits

Author SHA1 Message Date
Kostya Serebryany
99cbf23989 [libFuzzer] remove stale test
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290033 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-17 02:18:59 +00:00
Kostya Serebryany
fdff3a8925 [libFuzzer] when tracing switch statements, handle only one case at a time (to make things faster). Also ensure that the signals from value profile do not intersect with the regular coverage
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290031 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-17 02:03:34 +00:00
Mike Aizatsky
48d47ae3d9 [libfuzzer] removing experimental FuzzerFnAdapter
Summary: This is superceded by protobuf mutation work.

Reviewers: kcc

Subscribers: mgorny

Differential Revision: https://reviews.llvm.org/D27865

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290018 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-17 00:12:13 +00:00
Kostya Serebryany
c7ab3c7402 [libFuzzer] avoid msan false positives in more cases
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289999 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-16 22:45:25 +00:00
Kostya Serebryany
eb30028464 [libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289998 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-16 22:42:05 +00:00
Marcos Pividori
4682af7773 [libFuzzer] Fix index error in SearchMemory() implementation for Windows.
Differential Revision: https://reviews.llvm.org/D27731

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289966 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-16 17:35:25 +00:00
Marcos Pividori
37ea43a17c [libFuzzer] Remove unnecessary includes of posix headers.
Remove includes of "unistd.h" header, which is missing in non posix
systems.

Differential Revision: https://reviews.llvm.org/D277300

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289965 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-16 17:35:21 +00:00
Marcos Pividori
1c5866fe6b [libFuzzer] Update tests to use more general functions instead of posix specific.
Replace sleep() posix function by a more portable sleep_for() function
from std. Also, ignore memmem() and strcasestr() on Windows.

Differential Revision: https://reviews.llvm.org/D27729

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289964 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-16 17:35:13 +00:00
Kostya Serebryany
abe2ee53b6 [libFuzzer] enable the failure-resistant merge by default (with trace-pc-guard only)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289772 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-15 06:21:21 +00:00
Kostya Serebryany
d400714375 [libFuzzer] disable msan for one more hook that reads target's data that might be uninitialized
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289680 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-14 18:13:02 +00:00
Kostya Serebryany
57d813c8da [libFuzzer] fix an UB (invalid shift) spotted by ubsan. The code worked fine by luck, because the way shifts actually work on clang+x86
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289607 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-13 22:49:14 +00:00
Marcos Pividori
ebaf57b14f [libFuzzer] Add missing header needed for Windows.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289564 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-13 17:46:48 +00:00
Marcos Pividori
fae92e9e69 [libFuzzer] Avoid name collision with Windows API.
Windows uses some macros to replace DeleteFile() by DeleteFileA() or
DeleteFileW(). This was causing an error at link time.
DeleteFile was renamed to RemoveFile().

Differential Revision: https://reviews.llvm.org/D27577

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289563 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-13 17:46:40 +00:00
Marcos Pividori
fed659a90c [libFuzzer] Implement DirName() for Windows.
Implement DirName from scratch to avoid dependencies on external libraries.
It's based on MSDN documentation for Naming Files, Paths, and Namespaces.

The algorithm can't simply start from the end and look backwards for the
first separator, because we need to preserve the prefix that represent
the root location. We shouldn't remove anything there. In Windows we
have many different options, like:
 \\Server\Share\ , \ , C: , C:\ , \\?\C:\ , \\?\UNC\Server\Share\
We remove the last separator in the rest of the path, if it exists.

It was implemented to have a similar behaviour to dirname() in linux,
removing trailing separators, returning "." when the path doesn't
contain separators, etc.

Differential Revision: https://reviews.llvm.org/D27579

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289562 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-13 17:46:32 +00:00
Marcos Pividori
f2c03c3bb0 [libFuzzer] Fix bug in detecting timeouts when input string is empty.
I added a new flag RunningCB to know if the Fuzzer's main thread is
running the CB function, instead of using (!CurrentUnitSize).
(!CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp,
inside ShuffleAndMinimize() function, we execute the callback with an
empty string (size=0). Previous implementation failed to detect timeouts
in that execution.
Also, I add a regression test for that case.

Differential Revision: https://reviews.llvm.org/D27433

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289561 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-13 17:46:25 +00:00
Marcos Pividori
f51c50474c [libFuzzer] Clean up headers and file formatting of LibFuzzer files.
Reorganize #includes to follow LLVM Coding Standards.
Include some missing headers. Required to use `Printf()`.

Aside from that, this patch contains no functional change.
It is purely a re-organization.

Differential Revision: https://reviews.llvm.org/D27363

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289560 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-13 17:46:11 +00:00
Marcos Pividori
611506b936 [libFuzzer] Properly use unsigned for workers, jobs and NumberOfCpuCores.
std:🧵:hardware_concurrency() returns an unsigned, so I modify
NumberOfCpuCores() to return unsigned too.
The number of cpus is used to define the number of workers, so I decided
to update the worker and jobs flags to be declared as unsigned too.

Differential Revision: https://reviews.llvm.org/D27685

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289559 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-13 17:45:53 +00:00
Marcos Pividori
0ca1e73f19 [libFuzzer] Properly use unsigned for Process ID.
Use unsigned for PID instead of signed int. GetCurrentProcessId() returns
an unsigned (DWORD) so we must be sure we can deal with all possible values.
I use a long unsigned to be sure it can hold a 32 bit unsigned (DWORD).

Differential Revision: https://reviews.llvm.org/D27281

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289558 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-13 17:45:44 +00:00
Marcos Pividori
9fb21ea4f5 [libFuzzer] Improve Signal Handler interface.
Add new flags to FuzzingOptions to represent the different conditions
on the signal handling. These options are passed when calling
SetSignalHandler().
This changes simplify the implementation of Windows's exception
handling. Now we can define a unique handler for all the exceptions.

Differential Revision: https://reviews.llvm.org/D27238

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289557 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-13 17:45:20 +00:00
Kostya Serebryany
d7b8181022 [libFuzzer] don't require extra flags with -minimize_crash=1 (default to -max_total_time=600). Also respect exact_artifact_path when outputting the end result
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289506 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-13 00:40:47 +00:00
Marcos Pividori
beb753026a [libFuzzer] Implement Timers for Windows.
Implemented timeouts for Windows using TimerQueueTimers.
Timers are used to supervise the time of execution of the
callback function that is being fuzzed.

Differential Revision: https://reviews.llvm.org/D27237

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289495 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-12 23:25:11 +00:00
Kostya Serebryany
6e5e12ede9 [libFuzzer] split one slow test into several, for more parallel testing
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289481 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-12 22:55:25 +00:00
Kostya Serebryany
3e014d06f7 [libFuzzer] make SimpleCmpTest a bit simpler to crack and more verbose
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289477 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-12 22:39:33 +00:00
Kostya Serebryany
851cd4f9a2 [libFuzzer] build libFuzzer itself with asan
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289469 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-12 20:58:10 +00:00
Kostya Serebryany
3937d703a6 [libFuzzer] respect -max_len during merge
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289467 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-12 20:39:35 +00:00
Kostya Serebryany
d123ac5f20 [libFuzzer] don't depend on time in a test
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289368 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-11 06:28:09 +00:00
Kostya Serebryany
d27bd04048 [libFuzzer] test cleanup (3)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289314 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-10 02:48:42 +00:00
Kostya Serebryany
5cb386d1cd [libFuzzer] test cleanup (2)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289313 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-10 02:47:00 +00:00
Kostya Serebryany
9c5c57d05a [libFuzzer] test cleanup
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289312 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-10 02:45:56 +00:00
Kostya Serebryany
1b6cd25422 [libFuzzer] switch all libFuzzer tests to use -fsanitize-coverage=trace-pc-guard. Support for the previosly used instrumentation will be removed in the following changes
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289311 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-10 02:26:23 +00:00
Kostya Serebryany
bd9186853d [libFuzzer] use __sanitizer_get_module_and_offset_for_pc to get the module name while printing the coverage
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289310 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-10 01:19:35 +00:00
Kostya Serebryany
a3def13005 [libFuzzer] implement crash-resistant merge (https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests).
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289166 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-09 01:17:24 +00:00
Kostya Serebryany
152208fcde [libFuzzer] include FuzzerIO.h and hopefully fix the Mac build. reported by Dejan Mircevski
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288979 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-07 21:02:48 +00:00
Kostya Serebryany
fe3cc4d2c5 [libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :(
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288731 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-05 23:35:22 +00:00
Zachary Turner
1a45ade2ce Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
This resubmits r288529, which was resubmitted because it broke a
fuzzer bot.  According to kcc@ the test that broke was flakey
and it is unlikely to be a result of this patch.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288549 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-02 23:02:01 +00:00
Zachary Turner
609477eea7 Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."
This reverts commit r288529, as it seems to introduce some
problems on the Linux bots.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288533 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-02 20:54:56 +00:00
Zachary Turner
a6ae0e2562 [LibFuzzer] Introduce a portable WeakAlias implementation.
Windows doesn't really support weak aliases, but with some
linker magic we can get something that's pretty close on
Windows.  This introduces an interface to accessing weakly
aliased symbols that will work on any platform.  Linker
magic changes to come in a separate patch.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27235

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288530 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-02 19:41:17 +00:00
Zachary Turner
fd186677a2 [LibFuzzer] Split FuzzerUtil for Posix and Windows.
Pave the way for separating out platform specific
utility functions into separate files.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27234

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288529 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-02 19:38:19 +00:00
Kostya Serebryany
f833935579 [libFuzzer] add a test for r288389 (-rss_limit_mb=0 means no limit).
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288392 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-01 18:02:07 +00:00
Kostya Serebryany
d0c8980196 [libFuzzer] treat -rss_limit_mb=0 as no limit
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288389 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-01 17:56:15 +00:00
Kostya Serebryany
0719114a69 revert r288283 as it causes debug info (line numbers) to be lost in instrumented code. also revert r288299 which was a workaround for the problem.
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288300 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-01 02:06:56 +00:00
Kostya Serebryany
aa777036e4 [libFuzzer] temporary disable a part of the test broken by r288283
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288299 91177308-0d34-0410-b5e6-96231b3b80d8
2016-12-01 01:33:44 +00:00
Kostya Serebryany
b89fb12b58 [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288281 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-30 22:39:35 +00:00
Kostya Serebryany
297c443f76 [libFuzzer] extend -print_coverage to print the comma-separated list of covered dirs. Note: the Windows stub for DirName is left unimplemented
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288276 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-30 21:53:32 +00:00
Zachary Turner
12889449a8 [LibFuzzer] Add Windows implementations of some IO functions.
This patch moves some posix specific file i/o code into a new
file, FuzzerIOPosix.cpp, and provides implementations for these
functions on Windows in FuzzerIOWindows.cpp.  This is another
incremental step towards getting libfuzzer working on Windows,
although it still should not be expected to be fully working.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27233

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288275 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-30 21:44:26 +00:00
Zachary Turner
1a3900e81e [LibFuzzer] Split up some functions among different headers.
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't.  IO functions, for example, tend to be platform
specific.

This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.

Aside from that, this patch contains no functional change.  It
is purely a re-organization.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288264 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-30 19:06:14 +00:00
Zachary Turner
3ed9686965 [LibFuzzer] Add macro flags for Posix and Windows.
This is the beginning of an effort to get libfuzzer working on
Windows.  This is a NFC to just add some macros for platform
detection on Windows.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27229

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288249 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-30 16:32:54 +00:00
Kostya Serebryany
43aeb78cb8 [libFuzzer] replace 'auto' with 'auto *' to better follow the LLVM style
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286870 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-14 19:21:38 +00:00
Kostya Serebryany
8f3d5a342b [libFuzzer] use a valid ASCII string for a dummy seed corpus
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286702 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-12 02:27:21 +00:00
Kostya Serebryany
22480ffc37 [libFuzzer] use less stack
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286689 91177308-0d34-0410-b5e6-96231b3b80d8
2016-11-12 00:24:35 +00:00