llvm/lib/Transforms/Instrumentation
Kostya Serebryany ae0620c4e9 [sanitizer/coverage] Add AFL-style coverage counters (search heuristic for fuzzing).
Introduce -mllvm -sanitizer-coverage-8bit-counters=1
which adds imprecise thread-unfriendly 8-bit coverage counters.

The run-time library maps these 8-bit counters to 8-bit bitsets in the same way
AFL (http://lcamtuf.coredump.cx/afl/technical_details.txt) does:
counter values are divided into 8 ranges and based on the counter
value one of the bits in the bitset is set.
The AFL ranges are used here: 1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+.

These counters provide a search heuristic for single-threaded
coverage-guided fuzzers, we do not expect them to be useful for other purposes.

Depending on the value of -fsanitize-coverage=[123] flag,
these counters will be added to the function entry blocks (=1),
every basic block (=2), or every edge (=3).

Use these counters as an optional search heuristic in the Fuzzer library.
Add a test where this heuristic is critical.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@231166 91177308-0d34-0410-b5e6-96231b3b80d8
2015-03-03 23:27:02 +00:00
..
AddressSanitizer.cpp [asan] Skip promotable allocas to improve performance at -O0 2015-02-27 03:12:36 +00:00
BoundsChecking.cpp [PM] Separate the TargetLibraryInfo object from the immutable pass. 2015-01-15 10:41:28 +00:00
CMakeLists.txt Use ADDITIONAL_HEADER_DIRS in all LLVM CMake projects. 2015-02-11 03:28:02 +00:00
DataFlowSanitizer.cpp Prefer SmallVector::append/insert over push_back loops. 2015-02-17 15:29:18 +00:00
GCOVProfiling.cpp Remove dynamic allocation/indirection from GCOVBlocks owned by GCOVFunction 2014-12-22 23:12:42 +00:00
InstrProfiling.cpp InstrProf: Make the __llvm_profile_runtime_user symbol hidden 2015-02-25 22:52:20 +00:00
Instrumentation.cpp InstrProf: An intrinsic and lowering for instrumentation based profiling 2014-12-08 18:02:35 +00:00
LLVMBuild.txt Update libdeps since TLI was moved from Target to Analysis in r226078. 2015-01-15 05:21:00 +00:00
Makefile
MaximumSpanningTree.h Move all of the header files which are involved in modelling the LLVM IR 2013-01-02 11:36:10 +00:00
MemorySanitizer.cpp [MSan][MIPS] VarArgHelper for MIPS64 2015-02-18 11:41:24 +00:00
SanitizerCoverage.cpp [sanitizer/coverage] Add AFL-style coverage counters (search heuristic for fuzzing). 2015-03-03 23:27:02 +00:00
ThreadSanitizer.cpp tsan: do not instrument not captured values 2015-02-12 09:55:28 +00:00