RPCSX/llvm
1
0
Fork 0
mirror of https://github.com/RPCSX/llvm.git synced 2025-01-12 07:22:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
140,113 Commits 27 Branches 0 Tags
Commit Graph

32 Commits

Author SHA1 Message Date
Kostya Serebryany
1a60ba886d [libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283682 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-08 23:24:45 +00:00
Kostya Serebryany
77ab75a9d6 [libFuzzer] more refactoring; NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282047 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-21 02:05:39 +00:00
Kostya Serebryany
60dd435850 [libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282042 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-21 01:04:43 +00:00
Dan Liew
1a1c8bea2d [LibFuzzer] Declare and use sanitizer functions in `fuzzer::ExternalFunctions` 
This fixes linking problems on OSX.

Unfortunately it turns out we need to use an instance of the
``fuzzer::ExternalFunctions`` object in several places so this
commit also replaces all instances with a single global instance.

It also turns out initializing a global ``fuzzer::ExternalFunctions``
before main is entered (i.e. letting the object be initialised by the
global initializers) is not safe (on OSX the call to ``Printf()`` in the
CTOR crashes if it is called from a global initializer) so we instead
have a global ``fuzzer::ExternalFunctions*`` and initialize it inside
``FuzzerDriver()``.

Multiple unit tests depend also depend on the
``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been
added that initializes it before running any tests.

Differential Revision: http://reviews.llvm.org/D20943

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@272072 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-07 23:32:50 +00:00
Kostya Serebryany
dc4065fcc1 [libFuzzer] use __sanitizer_set_report_fd with -close_fd_mask. This allows us to keep asan reports when closing target's stderr 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@271053 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-27 21:46:22 +00:00
Kostya Serebryany
3d4018c32c [libFuzzer] use fflush after every Printf 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@264459 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-25 20:31:26 +00:00
Kostya Serebryany
f4b00d0631 [libFuzzer] use fdopen+vfprintf instead of fsnprintf+write 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@264230 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-24 00:57:32 +00:00
Kostya Serebryany
4aa62c5d17 [libFuzzer] add a flag close_fd_mask so that we can silence spammy targets by closing stderr/stdout 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263831 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-18 20:58:29 +00:00
Kostya Serebryany
2b341f70ca [libFuzzer] read corpus dirs recursively 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263773 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-18 01:36:00 +00:00
Mike Aizatsky
fa4edb682f [libfuzzer] speeding up corpus load 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@263591 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-15 21:47:21 +00:00
Kostya Serebryany
2c1ecb8c48 [libFuzzer] log less when re-loading files; fix a silly bug: when running single files actually run all of them, not just the first one 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262754 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-03-04 22:35:40 +00:00
Kostya Serebryany
a755f1bd65 [libFuzzer] only read MaxLen bytes from every file in the corpus to speedup loading the corpus 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@261267 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-18 21:49:10 +00:00
Kostya Serebryany
73b0e08885 [libFuzzer] don't timeout when loading the corpus. Be a bit more verbose when loading large corpus. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@261143 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-17 19:42:34 +00:00
Kostya Serebryany
485551ecaf [libFuzzer] allow passing 1 or more files as individual inputs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259459 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-02 03:03:47 +00:00
Kostya Serebryany
05de8e95f6 [libFuzzer] fail if the corpus dir does not exist 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259454 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-02 02:07:26 +00:00
Kostya Serebryany
3f8065b694 [libFuzzer] compute base64 in-process instead of using an external lib. Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@254784 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-12-04 22:29:39 +00:00
Kostya Serebryany
ad9ec32c1f [libFuzzer] make libFuzzer build even with a compiler that does not have sanitizer headers 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@253003 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-11-13 01:54:40 +00:00
Kostya Serebryany
17062e257e [libFuzzer] When -test_single_input crashes the test it is not necessary to write crash-file because input is already known to the user. Patch by Mike Aizatsky 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@250564 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-10-16 22:41:47 +00:00
Kostya Serebryany
e96dc98acb [libFuzzer] be more robust when dealing with files on disk (e.g. don't crash if a file was there but disappeared) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@247066 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-09-08 20:36:33 +00:00
Kostya Serebryany
243e7c5f8c [libFuzzer] fix minor inefficiency, PR24584 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@246087 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-26 21:55:19 +00:00
Kostya Serebryany
75a2674466 [libFuzzer] use raw C IO to reduce the risk of a deadlock in a signal handler. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@244707 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-08-12 00:55:09 +00:00
Kostya Serebryany
f69bb85171 [libFuzzer] require the files and directories passed to the fuzzer to exist 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@242596 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-07-18 00:03:37 +00:00
Kostya Serebryany
4ea4cb3197 [lib/Fuzzer] start getting rid of std::cerr. Sadly, these parts of C++ library used in libFuzzer badly interract with the same code used in the target function and also with dfsan. It's easier to just not use std::cerr than to defeat these issues. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238078 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-23 01:07:46 +00:00
Kostya Serebryany
05ef67b6b9 [lib/Fuzzer] when -sync_command=<CMD> is given, periodically execute 'CMD CORPUS' to synchronize with other processes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237617 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-18 21:34:20 +00:00
Kostya Serebryany
8ae273d380 [lib/Fuzzer] use -fsanitize-coverage=trace-cmp when building LLVM with LLVM_USE_SANITIZE_COVERAGE; in lib/Fuzzer try to reload the corpus to pick up new units from other processes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236906 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-08 21:30:55 +00:00
Kostya Serebryany
605f316258 [lib/Fuzzer] on crash print the contents of the crashy input as base64 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236548 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-05 21:59:51 +00:00
Kostya Serebryany
3399e1fd73 [fuzzer] Add support for token-based fuzzing (e.g. for C++). Allow string flags. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233745 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-31 20:13:20 +00:00
Kostya Serebryany
eb884daa38 [fuzzer] make multi-process execution more verbose; fix mutation to actually respect mutation depth and to never produce empty units 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228170 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 19:10:20 +00:00
Aaron Ballman
94879c0134 Reverting r227452, which adds back the fuzzer library. Now excluding the fuzzer library based on LLVM_USE_SANITIZE_COVERAGE being set or unset. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227464 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 16:58:29 +00:00
Aaron Ballman
f316f2ea52 Temporarily reverting the fuzzer library as it causes too many build issues for MSVC users. This reverts: 227445, 227395, 227389, 227357, 227254, 227252 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227452 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 15:49:22 +00:00
Kostya Serebryany
1f3043175c [fuzzer] add option -save_minimized_corpus 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227395 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-28 23:48:39 +00:00
Kostya Serebryany
c9baf3befb Add a Fuzzer library 
Summary:
A simple genetic in-process coverage-guided fuzz testing library.

I've used this fuzzer to test clang-format
(it found 12+ bugs, thanks djasper@ for the fixes!)
and it may also help us test other parts of LLVM.
So why not keep it in the LLVM repository?

I plan to add the cmake build rules later (in a separate patch, if that's ok)
and also add a clang-format-fuzzer target.

See README.txt for details.

Test Plan: Tests will follow separately.

Reviewers: djasper, chandlerc, rnk

Reviewed By: rnk

Subscribers: majnemer, ygribov, dblaikie, llvm-commits

Differential Revision: http://reviews.llvm.org/D7184

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227252 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-27 22:08:41 +00:00