summaryrefslogtreecommitdiff
path: root/test/fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* [CMake] Fix the value of `config.target_cflags` for non-macOS Apple ↵Dan Liew2019-10-011-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | platforms. Attempt #3. The main problem here is that `-*-version_min=` was not being passed to the compiler when building test cases. This can cause problems when testing on devices running older OSs because Clang would previously assume the minimum deployment target is the the latest OS in the SDK which could be much newer than what the device is running. Previously the generated value looked like this: `-arch arm64 -isysroot <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` With this change it now looks like: `-arch arm64 -stdlib=libc++ -miphoneos-version-min=8.0 -isysroot <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` This mirrors the setting of config.target_cflags on macOS. This change is made for ASan, LibFuzzer, TSan, and UBSan. To implement this a new `get_test_cflags_for_apple_platform()` function has been added that when given an Apple platform name and architecture returns a string containing the C compiler flags to use when building tests. This also calls a new helper function `is_valid_apple_platform()` that validates Apple platform names. This is the third attempt at landing the patch. The first attempt (r359305) had to be reverted (r359327) due to a buildbot failure. The problem was that calling `get_test_cflags_for_apple_platform()` can trigger a CMake error if the provided architecture is not supported by the current CMake configuration. Previously, this could be triggered by passing `-DCOMPILER_RT_ENABLE_IOS=OFF` to CMake. The root cause is that we were generating test configurations for a list of architectures without checking if the relevant Sanitizer actually supported that architecture. We now intersect the list of architectures for an Apple platform with `<SANITIZER>_SUPPORTED_ARCH` (where `<SANITIZER>` is a Sanitizer name) to iterate through the correct list of architectures. The second attempt (r363633) had to be reverted (r363779) due to a build failure. The failed build was using a modified Apple toolchain where the iOS simulator SDK was missing. This exposed a bug in the existing UBSan test generation code where it was assumed that `COMPILER_RT_ENABLE_IOS` implied that the toolchain supported both iOS and the iOS simulator. This is not true. This has been fixed by using the list `SANITIZER_COMMON_SUPPORTED_OS` for the list of supported Apple platforms for UBSan. For consistency with the other Sanitizers we also now intersect the list of architectures with UBSAN_SUPPORTED_ARCH. rdar://problem/50124489 Differential Revision: https://reviews.llvm.org/D61242 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@373405 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Remove lazy counters.Matt Morehouse2019-10-011-3/+0
| | | | | | | | | | | | | | | | Summary: Lazy counters haven't improved performance for large fuzz targets. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Tags: #llvm Differential Revision: https://reviews.llvm.org/D67476 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@373403 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] [NFC] Fix grammar error with "it's"Mitch Phillips2019-09-261-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@372937 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Remove hardcoded number of new features in merge_two_step.test.Max Moroz2019-09-111-2/+2
| | | | | | | | | | | | | | | | | | | | Summary: The number of features can be different on different platforms. This should fixed broken builders, e.g. http://lab.llvm.org:8011/builders/clang-cmake-aarch64-full/builds/7946 Reviewers: Dor1s Reviewed By: Dor1s Subscribers: kristof.beyls, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D67458 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@371647 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Make -merge=1 to reuse coverage information from the control file.Max Moroz2019-09-112-2/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This change allows to perform corpus merging in two steps. This is useful when the user wants to address the following two points simultaneously: 1) Get trustworthy incremental stats for the coverage and corpus size changes when adding new corpus units. 2) Make sure the shorter units will be preferred when two or more units give the same unique signal (equivalent to the `REDUCE` logic). This solution was brainstormed together with @kcc, hopefully it looks good to the other people too. The proposed use case scenario: 1) We have a `fuzz_target` binary and `existing_corpus` directory. 2) We do fuzzing and write new units into the `new_corpus` directory. 3) We want to merge the new corpus into the existing corpus and satisfy the points mentioned above. 4) We create an empty directory `merged_corpus` and run the first merge step: ` ./fuzz_target -merge=1 -merge_control_file=MCF ./merged_corpus ./existing_corpus ` this provides the initial stats for `existing_corpus`, e.g. from the output: ` MERGE-OUTER: 3 new files with 11 new features added; 11 new coverage edges ` 5) We recreate `merged_corpus` directory and run the second merge step: ` ./fuzz_target -merge=1 -merge_control_file=MCF ./merged_corpus ./existing_corpus ./new_corpus ` this provides the final stats for the merged corpus, e.g. from the output: ` MERGE-OUTER: 6 new files with 14 new features added; 14 new coverage edges ` Alternative solutions to this approach are: A) Store precise coverage information for every unit (not only unique signal). B) Execute the same two steps without reusing the control file. Either of these would be suboptimal as it would impose an extra disk or CPU load respectively, which is bad given the quadratic complexity in the worst case. Tested on Linux, Mac, Windows. Reviewers: morehouse, metzman, hctim, kcc Reviewed By: morehouse Subscribers: JDevlieghere, delcypher, mgrang, #sanitizers, llvm-commits, kcc Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D66107 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@371620 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Disable fork.test on AArch64Diana Picus2019-07-151-1/+1
| | | | | | This crashes sporadically on our AArch64 buildbots. Disable for now. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@366055 91177308-0d34-0410-b5e6-96231b3b80d8
* Use clang driver for libfuzzer tests on WindowsReid Kleckner2019-07-112-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: There's no real reason to use clang-cl on Windows, the clang driver works just as well. This fixes a test which uses the -O0 flag, which was recently removed from clang-cl to match MSVC, which lacks this flag. While I'm here, remove the explicit -std=c++11 flag. Previously, this flag was necessary when the default C++ standard was C++98. Now that the default is C++14, this is no longer necessary. It's problematic on Windows, because the Visual C++ standard library relies on C++14 features, and attempting to compile it with C++11 results in errors. Rather than adding logic to conditionally set the standard to C++11 only on non-Win, this flag can be removed. See http://lab.llvm.org:8011/builders/clang-x64-windows-msvc and https://reviews.llvm.org/D64506. Reviewers: morehouse, thakis Subscribers: #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D64587 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@365841 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert "[TSan] Attempt to fix iOS on-device test"Julian Lettner2019-07-081-4/+7
| | | | | | This reverts commit a2ca358291a3a621bfae66eeb01f51eeb69d2dd4. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@365375 91177308-0d34-0410-b5e6-96231b3b80d8
* [TSan] Attempt to fix iOS on-device testJulian Lettner2019-07-061-4/+4
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@365257 91177308-0d34-0410-b5e6-96231b3b80d8
* Remove `XFAIL: ios` from test that passes in CIJulian Lettner2019-07-051-1/+0
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@365253 91177308-0d34-0410-b5e6-96231b3b80d8
* [compiler-rt] Rename lit.*.cfg.* -> lit.*.cfg.py.*Reid Kleckner2019-06-274-7/+7
| | | | | | | | | | | | | These lit configuration files are really Python source code. Using the .py file extension helps editors and tools use the correct language mode. LLVM and Clang already use this convention for lit configuration, this change simply applies it to all of compiler-rt. Reviewers: vitalybuka, dberris Differential Revision: https://reviews.llvm.org/D63658 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@364591 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] split DataFlow.cpp into two .cpp files, one of which can be ↵Kostya Serebryany2019-06-213-4/+7
| | | | | | compiled w/o dfsan to speed things up (~25% speedup) git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@364002 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] ensure that DFT and autofocus works for C++ (mangled) functionsKostya Serebryany2019-06-202-5/+10
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363905 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert r363633 "[CMake] Fix the value of `config.target_cflags` for ↵Hans Wennborg2019-06-191-9/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | non-macOS Apple platforms. Attempt #2." This caused Chromium's clang package to stop building, see comment on https://reviews.llvm.org/D61242 for details. > Summary: > The main problem here is that `-*-version_min=` was not being passed to > the compiler when building test cases. This can cause problems when > testing on devices running older OSs because Clang would previously > assume the minimum deployment target is the the latest OS in the SDK > which could be much newer than what the device is running. > > Previously the generated value looked like this: > > `-arch arm64 -isysroot > <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` > > With this change it now looks like: > > `-arch arm64 -stdlib=libc++ -miphoneos-version-min=8.0 -isysroot > <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` > > This mirrors the setting of `config.target_cflags` on macOS. > > This change is made for ASan, LibFuzzer, TSan, and UBSan. > > To implement this a new `get_test_cflags_for_apple_platform()` function > has been added that when given an Apple platform name and architecture > returns a string containing the C compiler flags to use when building > tests. This also calls a new helper function `is_valid_apple_platform()` > that validates Apple platform names. > > This is the second attempt at landing the patch. The first attempt (r359305) > had to be reverted (r359327) due to a buildbot failure. The problem was > that calling `get_test_cflags_for_apple_platform()` can trigger a CMake > error if the provided architecture is not supported by the current > CMake configuration. Previously, this could be triggered by passing > `-DCOMPILER_RT_ENABLE_IOS=OFF` to CMake. The root cause is that we were > generating test configurations for a list of architectures without > checking if the relevant Sanitizer actually supported that architecture. > We now intersect the list of architectures for an Apple platform > with `<SANITIZER>_SUPPORTED_ARCH` (where `<SANITIZER>` is a Sanitizer > name) to iterate through the correct list of architectures. > > rdar://problem/50124489 > > Reviewers: kubamracek, yln, vsk, juliehockett, phosek > > Subscribers: mgorny, javed.absar, kristof.beyls, #sanitizers, llvm-commits > > Tags: #llvm, #sanitizers > > Differential Revision: https://reviews.llvm.org/D61242 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363779 91177308-0d34-0410-b5e6-96231b3b80d8
* [CMake] Fix the value of `config.target_cflags` for non-macOS Apple ↵Dan Liew2019-06-171-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | platforms. Attempt #2. Summary: The main problem here is that `-*-version_min=` was not being passed to the compiler when building test cases. This can cause problems when testing on devices running older OSs because Clang would previously assume the minimum deployment target is the the latest OS in the SDK which could be much newer than what the device is running. Previously the generated value looked like this: `-arch arm64 -isysroot <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` With this change it now looks like: `-arch arm64 -stdlib=libc++ -miphoneos-version-min=8.0 -isysroot <path_to_xcode>/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS12.1.sdk` This mirrors the setting of `config.target_cflags` on macOS. This change is made for ASan, LibFuzzer, TSan, and UBSan. To implement this a new `get_test_cflags_for_apple_platform()` function has been added that when given an Apple platform name and architecture returns a string containing the C compiler flags to use when building tests. This also calls a new helper function `is_valid_apple_platform()` that validates Apple platform names. This is the second attempt at landing the patch. The first attempt (r359305) had to be reverted (r359327) due to a buildbot failure. The problem was that calling `get_test_cflags_for_apple_platform()` can trigger a CMake error if the provided architecture is not supported by the current CMake configuration. Previously, this could be triggered by passing `-DCOMPILER_RT_ENABLE_IOS=OFF` to CMake. The root cause is that we were generating test configurations for a list of architectures without checking if the relevant Sanitizer actually supported that architecture. We now intersect the list of architectures for an Apple platform with `<SANITIZER>_SUPPORTED_ARCH` (where `<SANITIZER>` is a Sanitizer name) to iterate through the correct list of architectures. rdar://problem/50124489 Reviewers: kubamracek, yln, vsk, juliehockett, phosek Subscribers: mgorny, javed.absar, kristof.beyls, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D61242 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363633 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] implement a better queue for the fork mode. Add an internal flag ↵Kostya Serebryany2019-06-141-1/+1
| | | | | | -stop_file to allow graceful shutdown of fuzzing. Enhance the logging in the fork mode git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363470 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] simplify the DFT trace collection using the new faster DFSan ↵Kostya Serebryany2019-06-143-48/+96
| | | | | | mode that traces up to 16 labels at a time and never runs out of labels. Second attempt. This time with a fix for windows (putenv instead of setenv)) git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363445 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Disable len_control by default if LLVMFuzzerCustomMutator is used.Max Moroz2019-06-141-0/+6
| | | | | | | | | | | | | | | | | | | | | | Summary: Some custom mutators may not peform well when size restriction is enforced by len_control. Because of that, it's safer to disable len_control by default in such cases, but still allow users to enable it manually. Bug example: https://bugs.chromium.org/p/chromium/issues/detail?id=919530. Tested manually with LPM-based and regular fuzz targets. Reviewers: kcc, vitalybuka, metzman Reviewed By: kcc, metzman Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D63334 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363443 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert r363326 "[libFuzzer] simplify the DFT trace collection using the new ↵Hans Wennborg2019-06-143-96/+48
| | | | | | | | | | | | faster DFSan mode that traces up to 16 labels at a time and never runs out of labels." It broke the Windows build: C:\b\s\w\ir\cache\builder\src\third_party\llvm\compiler-rt\lib\fuzzer\FuzzerDataFlowTrace.cpp(243): error C3861: 'setenv': identifier not found This also reverts the follow-up r363327. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363358 91177308-0d34-0410-b5e6-96231b3b80d8
* fix whitespacesKostya Serebryany2019-06-131-3/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363327 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] simplify the DFT trace collection using the new faster DFSan ↵Kostya Serebryany2019-06-133-48/+98
| | | | | | mode that traces up to 16 labels at a time and never runs out of labels. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363326 91177308-0d34-0410-b5e6-96231b3b80d8
* Add FuzzedDataProvider helper class / single header library.Max Moroz2019-06-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This class is useful for writing fuzz target that have multiple inputs. Current CL imports the existing `FuzzedDataProvider` from Chromium without any modifications. Feel free to review it thoroughly, if you're interested, but I'd prefer changing the class in a follow up CL. The CL also introduces an exhaustive test for the library, as the behavior of `FuzzedDataProvider` must not change over time. In follow up CLs I'm planning on changing some implementation details (I can share a doc with some comments to be addressed). After that, we will document how `FuzzedDataProvider` should be used. I have tested this on Linux, Windows and Mac platforms. Reviewers: morehouse, metzman, kcc Reviewed By: morehouse Subscribers: metzman, thakis, rnk, mgorny, ormris, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D62733 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363071 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] when using data-flow-trace (DFT) only load the DFT for the files ↵Kostya Serebryany2019-05-241-1/+1
| | | | | | present in the corpus git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361579 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] remove the data-flow-trace (DFT) python scripts; their ↵Kostya Serebryany2019-05-231-13/+0
| | | | | | functionality is now part of libFuzzer proper; also write functions.txt to the disk only if this file doesn't exist yet git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361452 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] automatically collect the data flow trace (DFT) in the fork mode ↵Kostya Serebryany2019-05-231-0/+12
| | | | | | if -collect_data_flow= is given git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361448 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Sleep after process exits in merge-sigusr.test.Matt Morehouse2019-05-221-0/+1
| | | | | | Ensure that log file has been fully updated before trying to read it. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361339 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Kill by session ID in merge-sigusr.test.Matt Morehouse2019-05-211-3/+3
| | | | | | Ensures that parent and all child processes are killed at once. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361336 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Ignore exit status of wait in merge-sigusr.test.Matt Morehouse2019-05-211-1/+1
| | | | | | | If process $PID has already exited, wait will give a non-zero exit status. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361326 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Reduce flakiness of merge-sigusr.test.Matt Morehouse2019-05-211-3/+10
| | | | | | Double the number of files to merge, and use wait instead of sleep. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361313 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Disable fork-sigusr.test on AArch64.Matt Morehouse2019-05-201-1/+1
| | | | | | Test fails on the clang-cmake-aarch64-lld build and I'm not sure why. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361185 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Dump input on failure for sigusr tests.Matt Morehouse2019-05-172-2/+2
| | | | | | Should help with debugging failures on the bots. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361070 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Use SleepOneSecondTest.cpp for fork-sigusr.test.Matt Morehouse2019-05-171-2/+2
| | | | | | | | ShallowOOMDeepCrash.cpp may hit libFuzzer's RSS limit before the SIGUSR2 is delivered, causing the test to be flaky when bots are under load. SleepOneSecondTest.cpp will keep running until the signal is delivered. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361048 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Disable merge-sigusr.test on linux.Matt Morehouse2019-05-161-1/+2
| | | | | | Make buildbot green while I rethink the test. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360914 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Increase merge-sigusr sleep after sending signal.Matt Morehouse2019-05-161-1/+1
| | | | | | | Test is flaky on buildbot at least partially due to the fuzz target not exiting before we read its output. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360848 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Also kill parent process in merge-siguser.test.Matt Morehouse2019-05-161-0/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360840 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Fix typo in merge-sigusr.test.Matt Morehouse2019-05-161-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360836 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Use PID to send signals rather than process name.Matt Morehouse2019-05-162-4/+4
| | | | | | | | pkill reads the process name as a pattern, not a raw name. This means that if the process name contains + or other regex characters, pkill fails. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360835 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Echo fuzzer output on sigusr tests.Matt Morehouse2019-05-152-2/+2
| | | | | | Improves debuggability when the fuzz target crashes. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360824 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] reimplement DFT's collect_data_flow inside libFuzzer so that we ↵Kostya Serebryany2019-05-142-8/+24
| | | | | | don't need external python scripts git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360712 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Unpoison parameters before calling user callback.Matt Morehouse2019-05-092-0/+33
| | | | | | | | | | | | | | | | | | | | Summary: Fixes an MSan false positive when compiling with -fsanitize=memory,fuzzer. See https://github.com/google/oss-fuzz/issues/2369 for more details. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, metzman, eugenis Tags: #llvm Differential Revision: https://reviews.llvm.org/D61753 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360390 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] perform more agressive value profiling in memcmpKostya Serebryany2019-05-091-1/+2
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360385 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] implement -focus_function=auto, to be used with Data Flow TracesKostya Serebryany2019-05-093-4/+21
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360378 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] simplify value-profile-mem.test a little bitKostya Serebryany2019-05-091-1/+2
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360372 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] DFT: when dumping coverage, also dump the total number of ↵Kostya Serebryany2019-05-081-2/+2
| | | | | | instrumented blocks in a function; update merge_data_flow.py to merge coverage git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360272 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] extend the test for data flow tracer and coverage; also ↵Kostya Serebryany2019-05-081-1/+11
| | | | | | hopefully fix it on the bot git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360215 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] extend the data flow tracer to also produce basic block coverage ↵Kostya Serebryany2019-05-083-25/+44
| | | | | | for every input. An extended test coming in a separte change. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360213 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] disable two tests on i386 that are causing timeouts on the botsKostya Serebryany2019-05-082-2/+2
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360211 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Increase timeouts on fork tests and skip one on aarch64Peter Smith2019-05-073-8/+8
| | | | | | | | | | | | | | | The tests fork.text, fork.sigusr.test and fork-ubsan.test intermittently fail on the aarch64 buildbots. Input gathered from the fork.sigusr.test implies that when the builder is under load the timeout value is not sufficient. The fork-ubsan.test doesn't have a timeout and I think is not always finding the error after 10000 runs so I've marked it as unsupported for now. Differential Revision: https://reviews.llvm.org/D61449 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360126 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Re-enable libFuzzer on i386 Linux and fix testJonathan Metzman2019-05-021-0/+2
| | | | | | | | | | | | | | | | | | | | | Summary: Re-enable libFuzzer on i386 Linux after it was accidentally disabled. Also disable gc-sections.test on i386 since lld isn't garbage collecting properly with ASAN on i386. Reviewers: morehouse Reviewed By: morehouse Subscribers: srhines, mgorny, #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D61415 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@359802 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Add --dump-input-on-failure to help diagnose AArch64 failuresPeter Smith2019-05-012-6/+6
| | | | | | | | | | | | | | | | The fork-siguser.test and fork.test intermittently fail on the AArch64 buildbot. Unfortunately these failures are not reproducible on a similar machine and seem to fail when the machines are under load. Before suggesting the tests be marked unsupported for AArch64 we'd like to see if we can get some more information about the failures to see if it helps us reproduce. This patch adds --dump-input-on-failure to the FileCheck commands to see if we can get some more information about the failures. Differential Revision: https://reviews.llvm.org/D61315 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@359675 91177308-0d34-0410-b5e6-96231b3b80d8
View Lorry Controller Status