summaryrefslogtreecommitdiff
path: root/lib/fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Don't prefix absolute paths in fuchsia.Jake Ehrlich2019-10-111-5/+6
| | | | | | | | | | | | | | | | | | | | | | | The ExecuteCommand function in fuchsia used to prefix the getOutputFile for each command run with the artifact_prefix flag if it was available, because fuchsia components don't have a writable working directory. However, if a file with a global path is provided, fuchsia should honor that. An example of this is using the global /tmp directory to store stuff. In fuchsia it ended up being translated to data///tmp, whereas we want to make sure it is using /tmp (which is available to components using the isolated-temp feature). To test this I made the change, compiled fuchsia with this toolchain and ran a fuzzer with the -fork=1 flag (that mode makes use of the /tmp directory). I also tested that normal fuzzing workflow was not affected by this. Author: charco (Marco Vanotti) Differential Revision: https://reviews.llvm.org/D68774 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@374612 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Fix Alarm callback in fuchsia.Jake Ehrlich2019-10-091-2/+2
| | | | | | | | | | | | | | | | This patch adds an #if macro to skip the InFuzzingThread() comparison for fuchsia, similar to what it is done for Windows and NetBSD. In fuchsia, the alarm callback runs in a separate thread[0], making it fail the comparison InFuzzingThread(), breaking the -timeout flag. [0]: https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp#L323 Author: charco (aka Marco Vanotti) Differential Revision: https://reviews.llvm.org/D68166 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@374228 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Remove lazy counters.Matt Morehouse2019-10-0110-67/+0
| | | | | | | | | | | | | | | | Summary: Lazy counters haven't improved performance for large fuzz targets. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Tags: #llvm Differential Revision: https://reviews.llvm.org/D67476 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@373403 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Dump trace and provide correct msg for overwritten input.Mitch Phillips2019-09-271-1/+3
| | | | | | | | | | | | | | | | | | Summary: Now crashes with a stacktrace and uses 'overwrites-const-input' as the error message instead of 'out-of-memory'. Reviewers: morehouse, Dor1s Reviewed By: morehouse, Dor1s Subscribers: #sanitizers, llvm-commits, metzman, Dor1s Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D68067 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@373130 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] [NFC] Fix grammar error with "it's"Mitch Phillips2019-09-261-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@372937 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Always print DSO map on Fuchsia libFuzzer launchJake Ehrlich2019-09-172-0/+12
| | | | | | | | | | | | | | | | Fuchsia doesn't have /proc/id/maps, so it relies on the kernel logging system to provide the DSO map to be able to symbolize in the context of ASLR. The DSO map is logged automatically on Fuchsia when encountering a crash or writing to the sanitizer log for the first time in a process. There are several cases where libFuzzer doesn't encounter a crash, e.g. on timeouts, OOMs, and when configured to print new PCs as they become covered, to name a few. Therefore, this change always writes to the sanitizer log on startup to ensure the DSO map is available in the log. Author: aarongreen Differential Revision: https://reviews.llvm.org/D66233 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@372056 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Remove unused version of FuzzedDataProvider.h.Max Moroz2019-09-161-247/+0
| | | | | | | | | | | | | | | | Summary: The actual version lives in compiler-rt/include/fuzzer/. Reviewers: Dor1s Reviewed By: Dor1s Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D67623 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@371997 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Make -merge=1 to reuse coverage information from the control file.Max Moroz2019-09-112-21/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This change allows to perform corpus merging in two steps. This is useful when the user wants to address the following two points simultaneously: 1) Get trustworthy incremental stats for the coverage and corpus size changes when adding new corpus units. 2) Make sure the shorter units will be preferred when two or more units give the same unique signal (equivalent to the `REDUCE` logic). This solution was brainstormed together with @kcc, hopefully it looks good to the other people too. The proposed use case scenario: 1) We have a `fuzz_target` binary and `existing_corpus` directory. 2) We do fuzzing and write new units into the `new_corpus` directory. 3) We want to merge the new corpus into the existing corpus and satisfy the points mentioned above. 4) We create an empty directory `merged_corpus` and run the first merge step: ` ./fuzz_target -merge=1 -merge_control_file=MCF ./merged_corpus ./existing_corpus ` this provides the initial stats for `existing_corpus`, e.g. from the output: ` MERGE-OUTER: 3 new files with 11 new features added; 11 new coverage edges ` 5) We recreate `merged_corpus` directory and run the second merge step: ` ./fuzz_target -merge=1 -merge_control_file=MCF ./merged_corpus ./existing_corpus ./new_corpus ` this provides the final stats for the merged corpus, e.g. from the output: ` MERGE-OUTER: 6 new files with 14 new features added; 14 new coverage edges ` Alternative solutions to this approach are: A) Store precise coverage information for every unit (not only unique signal). B) Execute the same two steps without reusing the control file. Either of these would be suboptimal as it would impose an extra disk or CPU load respectively, which is bad given the quadratic complexity in the worst case. Tested on Linux, Mac, Windows. Reviewers: morehouse, metzman, hctim, kcc Reviewed By: morehouse Subscribers: JDevlieghere, delcypher, mgrang, #sanitizers, llvm-commits, kcc Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D66107 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@371620 91177308-0d34-0410-b5e6-96231b3b80d8
* LibFuzzer support for 32bit MSVCMatthew G McGovern2019-08-221-4/+18
| | | | | | | | | This fixes the two build errors when trying to compile LibFuzzer for 32bit with MSVC. - authored by Max Shavrick (mxms at microsoft) git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@369704 91177308-0d34-0410-b5e6-96231b3b80d8
* reland [gtest] Fix printing of StringRef and SmallString in assert messages.Sam McCall2019-08-211-2/+2
| | | | | | | | | Renames GTEST_NO_LLVM_RAW_OSTREAM -> GTEST_NO_LLVM_SUPPORT and guards the new features behind it. This reverts commit a063bcf3ef5a879adbe9639a3c187d876eee0e66. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@369527 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Merge: print feature coverage number as well.Max Moroz2019-08-123-6/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: feature coverage is a useful signal that is available during the merge process, but was not printed previously. Output example: ``` $ ./fuzzer -use_value_profile=1 -merge=1 new_corpus/ seed_corpus/ INFO: Seed: 1676551929 INFO: Loaded 1 modules (2380 inline 8-bit counters): 2380 [0x90d180, 0x90dacc), INFO: Loaded 1 PC tables (2380 PCs): 2380 [0x684018,0x68d4d8), MERGE-OUTER: 180 files, 78 in the initial corpus MERGE-OUTER: attempt 1 INFO: Seed: 1676574577 INFO: Loaded 1 modules (2380 inline 8-bit counters): 2380 [0x90d180, 0x90dacc), INFO: Loaded 1 PC tables (2380 PCs): 2380 [0x684018,0x68d4d8), INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes MERGE-INNER: using the control file '/tmp/libFuzzerTemp.111754.txt' MERGE-INNER: 180 total files; 0 processed earlier; will process 180 files now #1 pulse cov: 134 ft: 330 exec/s: 0 rss: 37Mb #2 pulse cov: 142 ft: 462 exec/s: 0 rss: 38Mb #4 pulse cov: 152 ft: 651 exec/s: 0 rss: 38Mb #8 pulse cov: 152 ft: 943 exec/s: 0 rss: 38Mb #16 pulse cov: 520 ft: 2783 exec/s: 0 rss: 39Mb #32 pulse cov: 552 ft: 3280 exec/s: 0 rss: 41Mb #64 pulse cov: 576 ft: 3641 exec/s: 0 rss: 50Mb #78 LOADED cov: 602 ft: 3936 exec/s: 0 rss: 88Mb #128 pulse cov: 611 ft: 3996 exec/s: 0 rss: 93Mb #180 DONE cov: 611 ft: 4016 exec/s: 0 rss: 155Mb MERGE-OUTER: succesfull in 1 attempt(s) MERGE-OUTER: the control file has 39741 bytes MERGE-OUTER: consumed 0Mb (37Mb rss) to parse the control file MERGE-OUTER: 9 new files with 80 new features added; 9 new coverage edges ``` Reviewers: hctim, morehouse Reviewed By: morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D66030 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@368617 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Merge: print stats after reading the output corpus dir.Max Moroz2019-08-091-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Summary: The purpose is to be able to extract the number of new edges added to the original (i.e. output) corpus directory after doing the merge. Use case example: in ClusterFuzz, we do merge after every fuzzing session, to avoid uploading too many corpus files, and we also record coverage stats at that point. Having a separate line indicating stats after reading the initial output corpus directory would make the stats extraction easier for both humans and parsing scripts. Context: https://github.com/google/clusterfuzz/issues/802. Reviewers: morehouse, hctim Reviewed By: hctim Subscribers: delcypher, #sanitizers, llvm-commits, kcc Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D66020 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@368461 91177308-0d34-0410-b5e6-96231b3b80d8
* [compiler-rt] Add ConsumeProbability and ConsumeFloatingPoint methods to FDP.Max Moroz2019-08-083-3/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: Also slightly cleaned up the comments and changed the header's extension back to `.h` as per comments on https://reviews.llvm.org/D65812. New methods added: * `ConsumeProbability` returns [0.0, 1.0] by consuming an unsigned integer value from the input data and dividing that value by the integer's max value. * `ConsumeFloatingPointInRange` returns a floating point value in the given range. Relies on `ConsumeProbability` method. This method does not have the limitation of `std::uniform_real_distribution` that requires the given range to be <= the floating point type's max. If the range is too large, this implementation will additionally call `ConsumeBool` to decide whether the result will be in the first or the second half of the range. * `ConsumeFloatingPoint` returns a floating point value in the range `[std::numeric_limits<T>::lowest(), std::numeric_limits<T>::min()]`. Tested on Linux, Mac, Windows. Reviewers: morehouse Reviewed By: morehouse Subscribers: kubamracek, mgorny, dberris, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D65905 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@368331 91177308-0d34-0410-b5e6-96231b3b80d8
* [compiler-rt] Rename FuzzedDataProvider.h to .hpp and other minor changes.Max Moroz2019-08-062-1/+3
| | | | | | | | | | | | | | | | | | Summary: .hpp makes more sense for this header as it's C++ only, plus it contains the actual implementation. Reviewers: Dor1s Reviewed By: Dor1s Subscribers: kubamracek, dberris, mgorny, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D65812 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@368054 91177308-0d34-0410-b5e6-96231b3b80d8
* Build libfuzzer libcxx-static with PICYi Kong2019-08-051-0/+1
| | | | | | | | | | r356153 changed default build option of static libcxx to no PIC. We now need to explicitly specify CMAKE_POSITION_INDEPENDENT_CODE to get PIC libcxx. Differential Revision: https://reviews.llvm.org/D65773 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@367943 91177308-0d34-0410-b5e6-96231b3b80d8
* [compiler-rt] Move FDP to include/fuzzer/FuzzedDataProvider.h for easier use.Max Moroz2019-08-054-9/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: FuzzedDataProvider is a helper class for writing fuzz targets that fuzz multple inputs simultaneously. The header is supposed to be used for fuzzing engine agnostic fuzz targets (i.e. the same target can be used with libFuzzer, AFL, honggfuzz, and other engines). The common thing though is that fuzz targets are typically compiled with clang, as it provides all sanitizers as well as different coverage instrumentation modes. Therefore, making this FDP class a part of the compiler-rt installation package would make it easier to develop and distribute fuzz targets across different projects, build systems, etc. Some context also available in https://github.com/google/oss-fuzz/pull/2547. This CL does not delete the header from `lib/fuzzer/utils` directory in order to provide the downstream users some time for a smooth migration to the new header location. Reviewers: kcc, morehouse Reviewed By: morehouse Subscribers: lebedev.ri, kubamracek, dberris, mgorny, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D65661 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@367917 91177308-0d34-0410-b5e6-96231b3b80d8
* compiler-rt: Rename .cc file in lib/sanitizer_common to .cppNico Weber2019-07-311-1/+1
| | | | | | | | | | | | See https://reviews.llvm.org/D58620 for discussion, and for the commands I ran. In addition I also ran for f in $(svn diff | diffstat | grep .cc | cut -f 2 -d ' '); do rg $f . ; done and manually updated (many) references to renamed files found by that. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@367463 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Fix __sanitizer_print_memory_profile return type in ExtFunctions.defMax Moroz2019-07-231-1/+1
| | | | | | | | | | | | | | | | | | Summary: Looks like a typo, as that function actually returns void and is used as such in libFuzzer code as well. Reviewers: kcc, Dor1s Reviewed By: Dor1s Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D65160 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@366834 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Include FuzzedDataProvider.h in the test without "utils" subdir.Max Moroz2019-07-092-1/+3
| | | | | | | | | | | | | | | | | | Summary: This way the test would better match the intended usage of the header, plus it makes some additional testing (e.g. in CI) a bit easier to set up. Reviewers: morehouse Reviewed By: morehouse Subscribers: mgorny, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D64440 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@365544 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Migrate to the new exception syscalls on FuchsiaPetr Hosek2019-06-271-26/+28
| | | | | | | | | This is part of the transition to the new Fuchsia exception syscalls signature. Differential Revision: https://reviews.llvm.org/D63897 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@364594 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] split DataFlow.cpp into two .cpp files, one of which can be ↵Kostya Serebryany2019-06-213-100/+147
| | | | | | compiled w/o dfsan to speed things up (~25% speedup) git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@364002 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] ensure that DFT and autofocus works for C++ (mangled) functionsKostya Serebryany2019-06-201-1/+3
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363905 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Remove too aggressive static_assert in FuzzedDataProvider.Max Moroz2019-06-191-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: http://lab.llvm.org:8011/builders/clang-cmake-aarch64-full/builds/31 error: static_assert failed due to requirement 'std::numeric_limits<char>::is_signed' "Destination type must be signed." static_assert(std::numeric_limits<TS>::is_signed, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /home/buildslave/buildslave/clang-cmake-aarch64-full/llvm/projects/compiler-rt/lib/fuzzer/utils/FuzzedDataProvider.h:126:19: note: in instantiation of function template specialization 'FuzzedDataProvider::ConvertUnsignedToSigned<char, unsigned char>' requested here char next = ConvertUnsignedToSigned<char>(data_ptr_[0]); ^ 1 error generated. Reviewers: Dor1s Reviewed By: Dor1s Subscribers: javed.absar, kristof.beyls, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D63553 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363805 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Improve FuzzedDataProvider helper.Max Moroz2019-06-182-65/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: The following changes are made based on the feedback from Tim King: - Removed default template parameters, to have less assumptions. - Implemented `ConsumeBytesWithTerminator` method. - Made `PickValueInArray` method work with `initializer_list` argument. - Got rid of `data_type` type alias, that was redundant. - Refactored `ConsumeBytes` logic into a private method for better code reuse. - Replaced implementation defined unsigned to signed conversion. - Fixed `ConsumeRandomLengthString` to always call `shrink_to_fit`. - Clarified and fixed some commments. - Applied clang-format to both the library and the unittest source. Tested on Linux, Mac, Windows. Reviewers: morehouse, metzman Reviewed By: morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D63348 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363735 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] in autofocus mode, give more weight to functions with DFTKostya Serebryany2019-06-143-5/+21
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363473 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] implement a better queue for the fork mode. Add an internal flag ↵Kostya Serebryany2019-06-145-34/+57
| | | | | | -stop_file to allow graceful shutdown of fuzzing. Enhance the logging in the fork mode git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363470 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] fix -Werror buildKostya Serebryany2019-06-141-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363469 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] simplify the DFT trace collection using the new faster DFSan ↵Kostya Serebryany2019-06-143-136/+76
| | | | | | mode that traces up to 16 labels at a time and never runs out of labels. Second attempt. This time with a fix for windows (putenv instead of setenv)) git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363445 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Disable len_control by default if LLVMFuzzerCustomMutator is used.Max Moroz2019-06-142-3/+9
| | | | | | | | | | | | | | | | | | | | | | Summary: Some custom mutators may not peform well when size restriction is enforced by len_control. Because of that, it's safer to disable len_control by default in such cases, but still allow users to enable it manually. Bug example: https://bugs.chromium.org/p/chromium/issues/detail?id=919530. Tested manually with LPM-based and regular fuzz targets. Reviewers: kcc, vitalybuka, metzman Reviewed By: kcc, metzman Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D63334 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363443 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert r363326 "[libFuzzer] simplify the DFT trace collection using the new ↵Hans Wennborg2019-06-143-75/+136
| | | | | | | | | | | | faster DFSan mode that traces up to 16 labels at a time and never runs out of labels." It broke the Windows build: C:\b\s\w\ir\cache\builder\src\third_party\llvm\compiler-rt\lib\fuzzer\FuzzerDataFlowTrace.cpp(243): error C3861: 'setenv': identifier not found This also reverts the follow-up r363327. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363358 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] simplify the DFT trace collection using the new faster DFSan ↵Kostya Serebryany2019-06-133-136/+75
| | | | | | mode that traces up to 16 labels at a time and never runs out of labels. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363326 91177308-0d34-0410-b5e6-96231b3b80d8
* Add FuzzedDataProvider helper class / single header library.Max Moroz2019-06-113-2/+543
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This class is useful for writing fuzz target that have multiple inputs. Current CL imports the existing `FuzzedDataProvider` from Chromium without any modifications. Feel free to review it thoroughly, if you're interested, but I'd prefer changing the class in a follow up CL. The CL also introduces an exhaustive test for the library, as the behavior of `FuzzedDataProvider` must not change over time. In follow up CLs I'm planning on changing some implementation details (I can share a doc with some comments to be addressed). After that, we will document how `FuzzedDataProvider` should be used. I have tested this on Linux, Windows and Mac platforms. Reviewers: morehouse, metzman, kcc Reviewed By: morehouse Subscribers: metzman, thakis, rnk, mgorny, ormris, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D62733 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363071 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] when using data-flow-trace (DFT) only load the DFT for the files ↵Kostya Serebryany2019-05-243-10/+17
| | | | | | present in the corpus git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361579 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] remove the data-flow-trace (DFT) python scripts; their ↵Kostya Serebryany2019-05-233-143/+8
| | | | | | functionality is now part of libFuzzer proper; also write functions.txt to the disk only if this file doesn't exist yet git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361452 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] automatically collect the data flow trace (DFT) in the fork mode ↵Kostya Serebryany2019-05-235-3/+41
| | | | | | if -collect_data_flow= is given git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361448 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Ignore synthetic exceptions on FuchsiaPetr Hosek2019-05-221-42/+58
| | | | | | | | | | | | | Fuchsia has several exceptions which are merely informational and should not be treated as crashes. This patch puts logic that read from the exception port and handled the exception in a loop, and ignores non-exceptions and informational exceptions. Patch By: aarongreen Differential Revision: https://reviews.llvm.org/D62226 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361407 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] replace string_view with string to fix the bots. This is NFC, ↵Kostya Serebryany2019-05-141-6/+7
| | | | | | just slower. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360717 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] #include <string_view>, hopefully should fix the windows build Kostya Serebryany2019-05-141-0/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360715 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] reimplement DFT's collect_data_flow inside libFuzzer so that we ↵Kostya Serebryany2019-05-142-35/+146
| | | | | | don't need external python scripts git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360712 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] code refactoring; NFCKostya Serebryany2019-05-105-45/+45
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360400 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] small refactoring in the driver; dummy implementation of ↵Kostya Serebryany2019-05-104-21/+44
| | | | | | collect_data_flow; attempt to fix the windows bot git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360399 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Unpoison parameters before calling user callback.Matt Morehouse2019-05-092-1/+4
| | | | | | | | | | | | | | | | | | | | Summary: Fixes an MSan false positive when compiling with -fsanitize=memory,fuzzer. See https://github.com/google/oss-fuzz/issues/2369 for more details. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, metzman, eugenis Tags: #llvm Differential Revision: https://reviews.llvm.org/D61753 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360390 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] perform more agressive value profiling in memcmpKostya Serebryany2019-05-091-2/+7
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360385 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] implement -focus_function=auto, to be used with Data Flow TracesKostya Serebryany2019-05-095-8/+276
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360378 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] DFT: when dumping coverage, also dump the total number of ↵Kostya Serebryany2019-05-083-22/+44
| | | | | | instrumented blocks in a function; update merge_data_flow.py to merge coverage git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360272 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] extend the data flow tracer to also produce basic block coverage ↵Kostya Serebryany2019-05-082-16/+72
| | | | | | for every input. An extended test coming in a separte change. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360213 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Replace -seed_corpus to better support fork mode on WinJonathan Metzman2019-04-305-10/+32
| | | | | | | | | | | | | | | | | | Summary: Pass seed corpus list in a file to get around argument length limits on Windows. This limit was preventing many uses of fork mode on Windows. Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D60980 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@359610 91177308-0d34-0410-b5e6-96231b3b80d8
* change orderJonathan Metzman2019-04-301-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@359587 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Enable for i386Jonathan Metzman2019-04-301-2/+2
| | | | | | | | | | | | Summary: Get libFuzzer to build on i386 and fix tests. Subscribers: mgorny, #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D61070 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@359585 91177308-0d34-0410-b5e6-96231b3b80d8
* Enable x86 buildsJonathan Metzman2019-04-301-2/+7
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@359583 91177308-0d34-0410-b5e6-96231b3b80d8
View Lorry Controller Status