mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-05-10 09:46:06 +00:00
Code Issues Projects Releases Wiki Activity
244,725 Commits 1,258 Branches 288 Tags
Commit Graph

181 Commits

Author SHA1 Message Date
Kostya Serebryany
a5f94fb6c9 [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode 
llvm-svn: 284273
 2016-10-14 20:20:33 +00:00
Kostya Serebryany
0381374f96 [libFuzzer] more detailed message for disabled leak detection 
llvm-svn: 284169
 2016-10-13 22:24:10 +00:00
Kostya Serebryany
a17d23eaa7 [libFuzzer] add -trace_malloc= flag 
llvm-svn: 284149
 2016-10-13 19:06:46 +00:00
Kostya Serebryany
c5325ed29d [libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process 
llvm-svn: 283682
 2016-10-08 23:24:45 +00:00
Kostya Serebryany
9adc7c8b4a [libFuzzer] control the reload interval by a flag, make it 10 seconds by default 
llvm-svn: 283676
 2016-10-08 22:12:14 +00:00
Kostya Serebryany
936b1e774f [libFuzzer] be more careful with memory usage, print peak rss in status lines 
llvm-svn: 283418
 2016-10-06 05:14:00 +00:00
Kostya Serebryany
3b564e9765 [libFuzzer] when re-running for lsan, don't look at the coverage 
llvm-svn: 283411
 2016-10-05 23:31:01 +00:00
Kostya Serebryany
1c73f1bf27 [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. 
llvm-svn: 283409
 2016-10-05 22:56:21 +00:00
Kostya Serebryany
2455f0d013 [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines 
llvm-svn: 283279
 2016-10-05 00:25:17 +00:00
Kostya Serebryany
4820cc988f [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway 
llvm-svn: 283187
 2016-10-04 06:08:46 +00:00
Kostya Serebryany
d216922a80 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default 
llvm-svn: 282995
 2016-10-01 01:04:29 +00:00
Kostya Serebryany
90f8f36bca [libFuzzer] remove some experimental code 
llvm-svn: 282983
 2016-09-30 23:29:27 +00:00
Kostya Serebryany
e7e790bad6 [libFuzzer] remove unused option 
llvm-svn: 282971
 2016-09-30 22:29:57 +00:00
Kostya Serebryany
b3949ef885 [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard) 
llvm-svn: 282831
 2016-09-30 01:24:57 +00:00
Kostya Serebryany
2c55613a08 [libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input 
llvm-svn: 282829
 2016-09-30 01:19:56 +00:00
Kostya Serebryany
a9b0dd0e51 [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals 
llvm-svn: 282735
 2016-09-29 17:43:24 +00:00
Kostya Serebryany
5ff481fd9e [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag 
llvm-svn: 282458
 2016-09-27 00:10:20 +00:00
Kostya Serebryany
0800b81a21 [libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features. 
llvm-svn: 282316
 2016-09-23 23:51:58 +00:00
Kostya Serebryany
ce1cab169f [libFuzzer] be more precise about what we reset in TracePC 
llvm-svn: 282225
 2016-09-23 02:18:59 +00:00
Kostya Serebryany
16a145fd0f [libFuzzer] fix merging with trace-pc-guard 
llvm-svn: 282224
 2016-09-23 01:58:51 +00:00
Kostya Serebryany
87a598e19f [libFuzzer] simplify the TracePC logic 
llvm-svn: 282222
 2016-09-23 01:20:07 +00:00
Kostya Serebryany
ab73c6924f [libFuzzer] move value profiling logic into TracePC 
llvm-svn: 282219
 2016-09-23 00:46:18 +00:00
Kostya Serebryany
d28099de5d [libFuzzer] change ValueBitMap to remember the number of bits in it 
llvm-svn: 282216
 2016-09-23 00:22:46 +00:00
Kostya Serebryany
be0ed59cdc [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen 
llvm-svn: 282211
 2016-09-22 23:16:36 +00:00
Kostya Serebryany
624f59f4d8 [libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings 
llvm-svn: 282129
 2016-09-22 01:34:58 +00:00
Kostya Serebryany
29bb664075 [libFuzzer] add stats to the corpus; more refactoring 
llvm-svn: 282121
 2016-09-21 22:42:17 +00:00
Kostya Serebryany
20801e1b8a [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one. 
llvm-svn: 282115
 2016-09-21 21:41:48 +00:00
Kostya Serebryany
6f5a804cdb [libFuzzer] refactoring: split the large header into many; NFC 
llvm-svn: 282044
 2016-09-21 01:50:50 +00:00
Kostya Serebryany
09aa01a6f8 [libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features 
llvm-svn: 282042
 2016-09-21 01:04:43 +00:00
Kostya Serebryany
b706b481ba [libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer 
llvm-svn: 281866
 2016-09-18 21:47:08 +00:00
Kostya Serebryany
3e36ec1d18 [libFuzzer] change trace-pc to use 8-byte guards 
llvm-svn: 281810
 2016-09-17 05:04:47 +00:00
Kostya Serebryany
5350178487 [libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) 
llvm-svn: 281577
 2016-09-15 04:36:45 +00:00
Kostya Serebryany
a5277d59d0 [libFuzzer] add 8-bit counters to trace-pc-guard handler 
llvm-svn: 281568
 2016-09-15 01:30:18 +00:00
Kostya Serebryany
a00b243c75 [libFuzzer] start using trace-pc-guard as an alternative source of coverage 
llvm-svn: 281435
 2016-09-14 02:13:06 +00:00
Kostya Serebryany
8c537c556a [libFuzzer] print a failed-merge warning only in the merge mode 
llvm-svn: 281130
 2016-09-10 02:17:22 +00:00
Kostya Serebryany
b991cc1f0e [libFuzzer] print a visible message if merge fails due to a crash 
llvm-svn: 281122
 2016-09-10 00:15:41 +00:00
Kostya Serebryany
b76a2a5503 [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itself 
llvm-svn: 281016
 2016-09-09 02:38:28 +00:00
Kostya Serebryany
8ea4f9873b [libFuzzer] remove unneeded call 
llvm-svn: 281014
 2016-09-09 01:57:38 +00:00
Mike Aizatsky
b077d3fef2 [libfuzzer] simplified unit truncation; do not write trunc items to disc 
Differential Revision: https://reviews.llvm.org/D24049

llvm-svn: 280153
 2016-08-30 20:49:07 +00:00
Kostya Serebryany
0f0fa4faf2 [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them 
llvm-svn: 279787
 2016-08-25 22:35:08 +00:00
Kostya Serebryany
f67357c671 [libFuzzer] simplify the code, NFC 
llvm-svn: 279697
 2016-08-25 01:25:03 +00:00
Kostya Serebryany
a9a548049a [libFuzzer] when printing the reproducer input, also print the base input and the mutation sequence 
llvm-svn: 278975
 2016-08-17 20:45:23 +00:00
Kostya Serebryany
d46a59fac4 [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. 
llvm-svn: 278839
 2016-08-16 19:33:51 +00:00
Kostya Serebryany
c98ef718ea [libFuzzer] refactoring around PCMap, NFC 
llvm-svn: 278825
 2016-08-16 17:37:13 +00:00
Kostya Serebryany
728447bd3b [libFuzzer] make libFuzzer work with a bit older clang versions 
llvm-svn: 277941
 2016-08-06 21:28:56 +00:00
Kostya Serebryany
ff1f2107ec [libFuzzer] don't print bogus error message 
llvm-svn: 277940
 2016-08-06 21:23:29 +00:00
Mike Aizatsky
b4bbc3bb7a [sanitizers] trace buffer API to use user-allocated buffer. 
Differential Revision: https://reviews.llvm.org/D23185

llvm-svn: 277859
 2016-08-05 20:09:53 +00:00
Mike Aizatsky
f0b3e85f4e [libfuzzer] moving is_ascii handler inside mutation dispatcher. 
Summary: It also fixes a bug, when first random might not be ascii.

Differential Revision: http://reviews.llvm.org/D21573

llvm-svn: 273611
 2016-06-23 20:44:48 +00:00
Kostya Serebryany
fd6ad5bba9 [libFuzzer] use the new chainable malloc hooks instead of the old un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable 
llvm-svn: 272948
 2016-06-16 20:17:41 +00:00
Kostya Serebryany
53b7b3ca5f [libFuzzer] add 'weak' back to __sanitizer_malloc_hook and __sanitizer_free_hook 
llvm-svn: 272116
 2016-06-08 04:49:29 +00:00