RPCSX/llvm
1
0
Fork 0
mirror of https://github.com/RPCSX/llvm.git synced 2025-01-09 21:50:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
142,179 Commits 27 Branches 0 Tags 473 MiB
d400714375
Commit Graph

47 Commits

Author SHA1 Message Date
Kostya Serebryany
d400714375 [libFuzzer] disable msan for one more hook that reads target's data that might be uninitialized 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289680 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-14 18:13:02 +00:00
Kostya Serebryany
bd9186853d [libFuzzer] use __sanitizer_get_module_and_offset_for_pc to get the module name while printing the coverage 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@289310 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-10 01:19:35 +00:00
Kostya Serebryany
fe3cc4d2c5 [libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288731 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-12-05 23:35:22 +00:00
Kostya Serebryany
297c443f76 [libFuzzer] extend -print_coverage to print the comma-separated list of covered dirs. Note: the Windows stub for DirName is left unimplemented 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288276 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-11-30 21:53:32 +00:00
Zachary Turner
1a3900e81e [LibFuzzer] Split up some functions among different headers. 
In an effort to get libfuzzer working on Windows, we need to make
a distinction between what functions require platform specific
code (e.g. different code on Windows vs Linux) and what code
doesn't.  IO functions, for example, tend to be platform
specific.

This patch separates out some of the functions which will need
to have platform specific implementations into different headers,
so that we can then provide different implementations for each
platform.

Aside from that, this patch contains no functional change.  It
is purely a re-organization.

Patch by Marcos Pividori
Differential Revision: https://reviews.llvm.org/D27230

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@288264 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-11-30 19:06:14 +00:00
Kostya Serebryany
04777c43f9 [libFuzzer] do not initialize parts of TracePC -- let them be initialized by the linker. Add no-msan attribute to the memcmp hook. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@286665 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-11-11 23:06:53 +00:00
Kostya Serebryany
56a90b623f [libFuzzer] speculatively trying to fix the Mac build; second attempt 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285262 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-27 00:36:38 +00:00
Kostya Serebryany
3c0deb17ec [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285223 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-26 18:52:04 +00:00
Kostya Serebryany
7f59a4b62d [libFuzzer] simplify the code in TracePC::HandleTrace a bit more 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285147 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-26 00:42:52 +00:00
Kostya Serebryany
9c904557f1 [libFuzzer] simplify the code to print new PCs 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285145 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-26 00:20:51 +00:00
Kostya Serebryany
cbe5db8703 [libFuzzer] simplify the code in TracePC::HandleTrace 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285142 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-25 23:52:25 +00:00
Kostya Serebryany
d2c91bff2f [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285049 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-25 02:04:43 +00:00
Kostya Serebryany
b3960e87ec [libFuzzer] extend -print_coverage to also print uncovered lines, functions, and files. 
Example of output:
COVERAGE:
COVERED: in DSO2(int) /pathto/DSO2.cpp:6
COVERED: in DSO2(int) /pathto/DSO2.cpp:8
COVERED: in DSO1(int) /pathto/DSO1.cpp:6
COVERED: in DSO1(int) /pathto/DSO1.cpp:8
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:16
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:19
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:25
COVERED: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:26
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO1.so
UNCOVERED_LINE: in DSO1(int) /pathto/DSO1.cpp:9
UNCOVERED_FUNC: in Uncovered1()
MODULE_WITH_COVERAGE: /pathto/libLLVMFuzzer-DSO2.so
UNCOVERED_LINE: in DSO2(int) /pathto/DSO2.cpp:9
UNCOVERED_FUNC: in Uncovered2()
MODULE_WITH_COVERAGE: /pathto/LLVMFuzzer-DSOTest
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:21
UNCOVERED_LINE: in LLVMFuzzerTestOneInput /pathto/DSOTestMain.cpp:27
UNCOVERED_FILE: /pathto/DSOTestExtra.cpp

Several things are not perfect here:
* we are using objdump+awk instead of sancov because sancov does not support DSOs yet.
* this breaks in the presence of ASAN_OPTIONS=strip_path_prefix=...
  (need to implement another API to get the module name by PC)




git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284554 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-19 00:12:03 +00:00
Kostya Serebryany
ce6100541e [libFuzzer] swap bytes in integers when handling CMP traces 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284301 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-15 04:00:07 +00:00
Kostya Serebryany
3af68729f8 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284273 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-14 20:20:33 +00:00
Kostya Serebryany
53176d2749 [libFuzzer] reapply r283946: refactoring to speed things up, NFC. Now with a fix for gcc build 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@284132 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-13 16:19:09 +00:00
Daniel Jasper
6f0cfa7ab9 Revert "[libFuzzer] refactoring to speed things up, NFC" 
This reverts commit r283946.

This breaks when build with GCC:
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: always_inline function might not be inlinable [-Werror=attributes]
lib/Fuzzer/FuzzerTracePC.cpp:169:6: error: inlining failed in call to always_inline 'void fuzzer::TracePC::HandleCmp(void*, T, T) [with T = long unsigned int]': target specific option mismatch
lib/Fuzzer/FuzzerTracePC.cpp:198:65: error: called from here

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283979 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-12 07:26:46 +00:00
Kostya Serebryany
61ec54d21d [libFuzzer] refactoring to speed things up, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283946 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-11 21:27:37 +00:00
Kostya Serebryany
bb0318af25 [libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283841 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-11 01:14:41 +00:00
Kostya Serebryany
cc6cbfdebc [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283409 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-05 22:56:21 +00:00
Kostya Serebryany
d4d50f6f47 [libFuzzer] add ShrinkValueProfileTest, move code around, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283286 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-05 01:09:40 +00:00
Kostya Serebryany
1acd70c658 [libFuzzer] fix a recent bugs (buffer overflow) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283021 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-01 07:13:25 +00:00
Kostya Serebryany
f46303af79 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282995 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-10-01 01:04:29 +00:00
Kostya Serebryany
ec49d2d369 [libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282829 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-30 01:19:56 +00:00
Kostya Serebryany
efa54824a3 [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282735 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-29 17:43:24 +00:00
Kostya Serebryany
d3cf92ddf9 [libFuzzer] speedup TracePC::FinalizeTrace 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282562 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-28 01:16:24 +00:00
Kostya Serebryany
65f502816c [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282458 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-27 00:10:20 +00:00
Kostya Serebryany
e2e54904b7 [libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282316 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-23 23:51:58 +00:00
Kostya Serebryany
73508a3cb1 [libFuzzer] simplify the TracePC logic 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282222 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-23 01:20:07 +00:00
Kostya Serebryany
28f017d845 [libFuzzer] change ValueBitMap to remember the number of bits in it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282216 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-23 00:22:46 +00:00
Kostya Serebryany
e9b850b5c5 [libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282129 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-22 01:34:58 +00:00
Kostya Serebryany
e52f15bf1a [libFuzzer] more refactoring 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282113 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-21 21:17:23 +00:00
Kostya Serebryany
2a546868cb [libFuzzer] refactoring: split the large header into many; NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@282044 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-21 01:50:50 +00:00
Kostya Serebryany
304a0b44f3 [libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@281866 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-18 21:47:08 +00:00
Kostya Serebryany
2bed90363f [libFuzzer] use 'if guard' instead of 'if guard >= 0' with trace-pc; change the guard type to intptr_t; use separate array for 8-bit counters 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@281845 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-18 04:52:23 +00:00
Kostya Serebryany
338f974b6e [libFuzzer] properly reset the guards when reseting the coverage. Also try to fix check-fuzzer on the bot 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@281814 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-17 06:01:55 +00:00
Kostya Serebryany
b9cc2c457f [libFuzzer] change trace-pc to use 8-byte guards 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@281810 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-17 05:04:47 +00:00
Kostya Serebryany
dcc5ba2671 [libFuzzer] make caller-callee feedback work with trace-pc-guard 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@281667 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-15 22:16:15 +00:00
Kostya Serebryany
f0b5dd76ab [libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@281577 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-15 04:36:45 +00:00
Kostya Serebryany
26586a8660 [libFuzzer] add 8-bit counters to trace-pc-guard handler 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@281568 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-15 01:30:18 +00:00
Kostya Serebryany
a4826c1b99 [libFuzzer] start using trace-pc-guard as an alternative source of coverage 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@281435 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-09-14 02:13:06 +00:00
Kostya Serebryany
2fb93610ff [libFuzzer] add more __attribute__((visibility("default"))) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@279143 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-18 20:52:52 +00:00
Kostya Serebryany
b4d6119096 [libFuzzer] refactoring around PCMap, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@278825 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-08-16 17:37:13 +00:00
Dan Liew
47f223bd24 [LibFuzzer] Provide stub implementation of __sanitizer_cov_trace_pc_indir 
Calls to this function are currently injected by the
``SanitizerCoverageModule`` pass when the both the ``indirect-calls``
and ``trace-pc`` sanitizer coverage options are enabled and the code
being instrumented has indirect calls. Previously because LibFuzzer did
not define this function this would lead to link errors when building
some of the tests on OSX.

Differential Revision: http://reviews.llvm.org/D20946

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@271938 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-06-06 20:27:09 +00:00
Mike Aizatsky
0d68393b0f [libfuzzer] Refactoring coverage state-management code. 
It is now less state-dependent and will allow easier comparing of
coverages of different units.

Differential Revision: http://reviews.llvm.org/D20085

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269140 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-05-10 23:43:15 +00:00
Kostya Serebryany
a6b4efd1d0 [libFuzzer] speedup path coverage handling 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262102 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-27 01:50:16 +00:00
Kostya Serebryany
1ff29eb9ca [libFuzzer] initial implementation of path coverage based on -fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@262073 91177308-0d34-0410-b5e6-96231b3b80d8
 2016-02-26 21:33:56 +00:00