Age | Commit message (Collapse) | Author |
|
Summary:
Created unstable_handle flag that takes 1 or 2, depending on the handling type.
Modified RunOne to accommodate the following heuristic:
Use the first CollectFeatures to count how many features there are.
If no new features, CollectFeatures like before.
If there is new feature, we run CB 2 more times,
Check which edges are unstable per input and we store the least amount of hit counts for each edge.
Apply these hit counts back to inline8bitcounters so that CollectFeatures can work as intended.
Modified UnstableCounters to 8int_t and created a bitset UnstableSet to tell which edges are unstable.
Patch by Kyungtak Woo (@kevinwkt).
Reviewers: Dor1s, metzman, morehouse
Reviewed By: Dor1s, morehouse
Subscribers: delcypher, #sanitizers, llvm-commits, kcc
Differential Revision: https://reviews.llvm.org/D49525
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337696 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
seeds that hit every given function)
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337501 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Created IterateInline8bitCounters, a single template for visiting Inline8bitCounters (nested for loop)
Made InitializeUnstableCounters and UpdateUnstableCounters both send a lambda to IterateInline8bitCounters.
Patch by Kyungtak Woo (@kevinwkt).
Reviewers: Dor1s, metzman, kcc, morehouse
Reviewed By: metzman, morehouse
Subscribers: delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D49453
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337403 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is a fix for bug 37047.
https://bugs.llvm.org/show_bug.cgi?id=37047
Implemented by basically reversing the logic. Previously all strings
were considered, with some operations excluded. Now strings are excluded
by default, and only strings during the CB considered.
Patch By: pdknsk
Differential Revision: https://reviews.llvm.org/D48800
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337296 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
unstable edges.
Summary:
Created a -print_unstable_stats flag.
When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array.
On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does.
Patch by Kyungtak Woo (@kevinwkt).
Reviewers: metzman, Dor1s, kcc, morehouse
Reviewed By: metzman, Dor1s, morehouse
Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s
Differential Revision: https://reviews.llvm.org/D49212
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337187 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
changes.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337180 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
unstable edges.
Summary:
Created a -print_unstable_stats flag.
When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array.
On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does.
Patch by Kyungtak Woo (@kevinwkt).
Reviewers: metzman, Dor1s, kcc, morehouse
Reviewed By: metzman, Dor1s, morehouse
Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s
Differential Revision: https://reviews.llvm.org/D49212
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337175 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336234 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332876 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
focus on inputs that trigger that function
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332554 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332073 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
inline sanitizer coverage anyway
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332036 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
instrumentation. This mode has not been used and our experiments with https://github.com/google/fuzzer-test-suite show that this signal is weaker than the SanitizerCoverage
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332034 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
__builtin_clz used for Log calculation returns an undefined result
when argument is 0. I noticed that issue when was testing some fuzzers:
```
/src/libfuzzer/FuzzerTracePC.h:282:33: runtime error: shift exponent 450349 is too large for 32-bit type 'uint32_t' (aka 'unsigned int')
#0 0x43d83f in operator() /src/libfuzzer/FuzzerTracePC.h:283:33
#1 0x43d83f in void fuzzer::TracePC::CollectFeatures<fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)::$_1>(fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)::$_1) const /src/libfuzzer/FuzzerTracePC.h:290
#2 0x43cbd4 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:445:7
#3 0x43e5f1 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:706:5
#4 0x43e9e1 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:739:3
#5 0x432f8c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6
#6 0x42ee18 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#7 0x7f17ffeb182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#8 0x407838 in _start (/out/rotate_fuzzer+0x407838)
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D41457
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@321211 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
max_len slower
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320531 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
use asan in one test to speed it up
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320259 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
sometimes exploding the corpus size. This still needs more analysis and tuning
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320237 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
-experimental_len_control, call UpdateFeatureFrequency only if instructed by the flag
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320205 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is based on discussion in https://reviews.llvm.org/D40376 .
The comments try to explain the reason for the current implementation
and note that it might change in the future, so clients should not
rely on this particular implementation.
Differential Revision: https://reviews.llvm.org/D40565
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319190 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
It can be enabled via "-use_clang_coverage=1" flag. Reason for disabling:
libFuzzer resets Clang Counters and makes it impossible to generate coverage
report for a regular fuzz target (i.e. not standalone build).
Reviewers: kcc
Reviewed By: kcc
Subscribers: kcc
Differential Revision: https://reviews.llvm.org/D38604
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315029 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@313406 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
function printed
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311945 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Avoids ODR violations causing spurious ASAN warnings.
Differential Revision: https://reviews.llvm.org/D37086
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311866 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
functions during fuzzing
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311797 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311794 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311420 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Resulting library binaries will be named libclang_rt.fuzzer*, and will
be placed in Clang toolchain, allowing redistribution.
Differential Revision: https://reviews.llvm.org/D36908
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311407 91177308-0d34-0410-b5e6-96231b3b80d8
|