RPCSX/llvm
1
0
Fork 0
mirror of https://github.com/RPCSX/llvm.git synced 2025-01-09 05:31:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
148,032 Commits 27 Branches 0 Tags 473 MiB
bd2e6e0b1a
Commit Graph

76 Commits

Author SHA1 Message Date
Kostya Serebryany
2d9dd043ff [libFuzzer] best effort support for -fsanitize-coverage=trace-pc instrumentation. It is less efficient and precise than -fsanitize-coverage=trace-pc-guard, but still works 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@299046 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-03-30 01:27:20 +00:00
Kostya Serebryany
550e23d356 [libFuzzer] create experimental support for user-provided coverage signal 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@298654 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-03-23 22:43:12 +00:00
Kostya Serebryany
31c659fd54 [libFuzzer] inline the code of __sanitizer_cov_trace_pc_guard into it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@298032 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-03-17 01:45:15 +00:00
Marcos Pividori
fc4c8411e4 [libFuzzer] Use stoull instead of stol to ensure 64 bits. 
Differential revision: https://reviews.llvm.org/D29831

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@294769 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-02-10 18:44:14 +00:00
Marcos Pividori
2ee8a5f7b7 [libFuzzer] Use long long to ensure 64 bits. 
We should always use unsigned long long to ensure 64 bits. On Windows, unsigned
long is 4 bytes. This was the reason why value-profile-cmp4.test was failing on
Windows.

Differential Revision: https://reviews.llvm.org/D29617

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@294390 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-02-08 00:03:31 +00:00
Kostya Serebryany
66d69563f7 [libFuzzer] properly hide the memcmp interceptor from msan 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@294061 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-02-03 22:51:38 +00:00
Mike Aizatsky
0022fc7373 [libfuzzer] chromium-related compilation fixes 
Reviewers: kcc

Differential Revision: https://reviews.llvm.org/D29502

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@294035 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-02-03 20:26:44 +00:00
Kostya Serebryany
5459106ddf [libFuzzer] reorganize the tracing code to make it easier to experiment with inlined coverage instrumentation. NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@293928 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-02-02 19:56:01 +00:00
Kostya Serebryany
49c910dae1 [libFuzzer] simplify the value profiling callback further: don't use (idx MOD prime) on the hot path where it is useless anyway 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@293239 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-27 00:39:12 +00:00
Kostya Serebryany
eff755f3da [libFuzzer] make sure (again) that __builtin_popcountl is compiled into popcnt 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@293237 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-27 00:20:55 +00:00
Kostya Serebryany
bcc64b878f [libFuzzer] simplify the value profile code and disable asan/msan on it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@293236 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-27 00:09:59 +00:00
Kostya Serebryany
c43e0682f2 [libFuzzer] further simplify __sanitizer_cov_trace_pc_guard 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@293128 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-26 01:34:58 +00:00
Kostya Serebryany
df040aa50b [libFuzzer] simplify the code for __sanitizer_cov_trace_pc_guard and make sure it is not asan/msan-instrumented 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@293125 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-26 01:04:54 +00:00
Kostya Serebryany
13aa2bfeaf [libFuzzer] don't call GetPreviousInstructionPc on the hot path -- only when dumping the PCs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@293117 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-26 00:22:08 +00:00
Kostya Serebryany
fc4ec25a17 [libFuzzer] make sure we use the feedback from std::string operator == 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292835 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-23 22:11:04 +00:00
Marcos Pividori
55c19060a6 [libFuzzer] Portably disassemble and find calls to sanitizer_cov_trace_pc_guard. 
Instead of directly using objdump, which is not present on Windows, we consider
different tools depending on the platform.
For Windows, we consider dumpbin and llvm-objdump.

Differential Revision: https://reviews.llvm.org/D28635

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292739 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-22 01:58:26 +00:00
Marcos Pividori
8b351cd95a [libFuzzer] Portable implementation of IsInterestingCoverageFile(). 
For Posix systems and Windows, we need to consider different cases.

Differential Revision: https://reviews.llvm.org/D28633

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292738 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-22 01:27:47 +00:00
Marcos Pividori
6c13258b28 [libFuzzer] Expose Sanitizer Coverage functions from libFuzzer. 
We need to expose Sanitizer Coverage's functions that are rewritten with a
different implementation, so compiler-rt's libraries have access to it.

Differential Revision: https://reviews.llvm.org/D28618

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292736 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-22 01:27:38 +00:00
Kostya Serebryany
3a0d592eba [libFuzzer] fix gcc build 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292695 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-21 01:08:22 +00:00
Kostya Serebryany
02e6813300 [libFuzzer] call __sanitizer_dump_coverage via EF 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292681 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-20 23:35:29 +00:00
Mike Aizatsky
56992074d3 [libfuzzer] fixing collected pc addresses for coverage 
Summary: The causes google/ossfuzz#84

Reviewers: kcc

Subscribers: mgorny

Differential Revision: https://reviews.llvm.org/D28827

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292289 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-17 23:11:32 +00:00
Kostya Serebryany
db5325aae3 [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the code between cmp and memcmp handling) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@292287 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-17 23:09:05 +00:00
Kostya Serebryany
2aa90f609f [libFuzzer] disable -print_pcs by default (was enabled by mistake) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290899 91177308-0d34-0410-b5e6-96231b3b80d8
 2017-01-03 18:51:28 +00:00
Kostya Serebryany
f178652c93 [libFuzzer] cleaner implementation of -print_pcs=1 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290739 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-30 01:13:07 +00:00
Kostya Serebryany
e929bfc24b [libFuzzer] make __sanitizer_cov_trace_switch more predictable 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290703 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-29 02:50:35 +00:00
Mike Aizatsky
d576930959 [libfuzzer] dump_coverage command line flag 
Reviewers: kcc, vitalybuka

Differential Revision: https://reviews.llvm.org/D27942

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290138 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-19 22:18:08 +00:00
Kostya Serebryany
dbf288304b [libFuzzer] speed up __sanitizer_cov_trace_switch a bit more (remove DIV) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290034 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-17 02:23:35 +00:00
Kostya Serebryany
fdff3a8925 [libFuzzer] when tracing switch statements, handle only one case at a time (to make things faster). Also ensure that the signals from value profile do not intersect with the regular coverage 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@290031 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-17 02:03:34 +00:00
Kostya Serebryany
c7ab3c7402 [libFuzzer] avoid msan false positives in more cases 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289999 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-16 22:45:25 +00:00
Kostya Serebryany
d400714375 [libFuzzer] disable msan for one more hook that reads target's data that might be uninitialized 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289680 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-14 18:13:02 +00:00
Kostya Serebryany
bd9186853d [libFuzzer] use __sanitizer_get_module_and_offset_for_pc to get the module name while printing the coverage 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289310 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-10 01:19:35 +00:00
Kostya Serebryany
fe3cc4d2c5 [libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288731 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-05 23:35:22 +00:00
Kostya Serebryany
297c443f76 [libFuzzer] extend -print_coverage to print the comma-separated list of covered dirs. Note: the Windows stub for DirName is left unimplemented 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288276 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-11-30 21:53:32 +00:00
Zachary Turner
1a3900e81e [LibFuzzer] Split up some functions among different headers. 
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't.  IO functions, for example, tend to be platform
specific.

This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.

Aside from that, this patch contains no functional change.  It
is purely a re-organization.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288264 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-11-30 19:06:14 +00:00
Kostya Serebryany
04777c43f9 [libFuzzer] do not initialize parts of TracePC -- let them be initialized by the linker. Add no-msan attribute to the memcmp hook. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286665 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-11-11 23:06:53 +00:00
Kostya Serebryany
56a90b623f [libFuzzer] speculatively trying to fix the Mac build; second attempt 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285262 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-27 00:36:38 +00:00
Kostya Serebryany
3c0deb17ec [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285223 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-26 18:52:04 +00:00
Kostya Serebryany
7f59a4b62d [libFuzzer] simplify the code in TracePC::HandleTrace a bit more 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285147 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-26 00:42:52 +00:00
Kostya Serebryany
9c904557f1 [libFuzzer] simplify the code to print new PCs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285145 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-26 00:20:51 +00:00
Kostya Serebryany
cbe5db8703 [libFuzzer] simplify the code in TracePC::HandleTrace 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285142 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-25 23:52:25 +00:00
Kostya Serebryany
d2c91bff2f [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285049 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-25 02:04:43 +00:00
Kostya Serebryany
b3960e87ec [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files. 
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp

Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
  (need to implement another API to get the module name by PC)




git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284554 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-19 00:12:03 +00:00
Kostya Serebryany
ce6100541e [libFuzzer] swap bytes in integers when handling CMP traces 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284301 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-15 04:00:07 +00:00
Kostya Serebryany
3af68729f8 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284273 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-14 20:20:33 +00:00
Kostya Serebryany
53176d2749 [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a fix for gcc build 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284132 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-13 16:19:09 +00:00
Daniel Jasper
6f0cfa7ab9 Revert "[libFuzzer] refactoring to speed things up, NFC" 
This reverts commit r283946.

This breaks when build with GCC:
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes]
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch
lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283979 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-12 07:26:46 +00:00
Kostya Serebryany
61ec54d21d [libFuzzer] refactoring to speed things up, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283946 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-11 21:27:37 +00:00
Kostya Serebryany
bb0318af25 [libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283841 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-11 01:14:41 +00:00
Kostya Serebryany
cc6cbfdebc [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283409 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-05 22:56:21 +00:00
Kostya Serebryany
d4d50f6f47 [libFuzzer] add ShrinkValueProfileTest, move code around, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283286 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-05 01:09:40 +00:00