summaryrefslogtreecommitdiff
path: root/lib/fuzzer
AgeCommit message (Collapse)Author
2017-12-06[libFuzzer] fix a minor regression in printingKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319975 91177308-0d34-0410-b5e6-96231b3b80d8
2017-12-05[libFuzzer] Make redirects happen in proper sequence.Matt Morehouse
"> file" must come before "2>&1" to have redirection occur correctly in all cases. Fixes a regression on minimize_two_crashes.test. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319792 91177308-0d34-0410-b5e6-96231b3b80d8
2017-12-04[libFuzzer] Remove const from ignoreRemainingArgs return value.Matt Morehouse
In this case const does nothing but trigger a warning. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319685 91177308-0d34-0410-b5e6-96231b3b80d8
2017-12-04[libFuzzer] Remove FuzzerCommand.cpp from build sources.Matt Morehouse
FuzzerCommand.cpp was not introduced in r319680. Instead, it was implemented in the header file. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319682 91177308-0d34-0410-b5e6-96231b3b80d8
2017-12-04[libFuzzer] Encapsulate commands in a class.Matt Morehouse
Summary: To be more portable (especially w.r.t. platforms without system()), commands should be managed programmatically rather than via string manipulation on the command line. This change introduces Fuzzer::Command, with methods to manage arguments and flags, set output options, and execute the command. Patch By: aarongreen Reviewers: kcc, morehouse Reviewed By: kcc, morehouse Subscribers: llvm-commits, mgorny Differential Revision: https://reviews.llvm.org/D40103 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319680 91177308-0d34-0410-b5e6-96231b3b80d8
2017-12-01[libFuzzer] add a flag -malloc_limit_mbKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319590 91177308-0d34-0410-b5e6-96231b3b80d8
2017-12-01[libFuzzer] remove stale flags; NFCKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319572 91177308-0d34-0410-b5e6-96231b3b80d8
2017-12-01[libFuzzer] add an experimental search heuristic flag -reduce_depthKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319571 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-28[LibFuzzer] Improve comments on `CounterToFeature()` function.Dan Liew
This is based on discussion in https://reviews.llvm.org/D40376 . The comments try to explain the reason for the current implementation and note that it might change in the future, so clients should not rely on this particular implementation. Differential Revision: https://reviews.llvm.org/D40565 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319190 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-17[fuzzer] Initialize PcDescr buffer before calling __sanitizer_symbolize_pcVitaly Buka
__sanitizer_symbolize_pc is not instrumented so msan assumes that PcDescr was not initialized. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@318488 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-15libfuzzer: Fix file listing on some filesystemsKostya Serebryany
Summary: For some filesystems, readdir will not populate dirent::d_type with valuable information. This causes libfuzzer to proceed with an empty corpus, instead of the file it contains. This has been tested on a server using XFS. It should fix https://bugs.llvm.org//show_bug.cgi?id=25991 Reviewers: kcc Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D40028 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@318303 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-15[libFuzzer] respect max_len during mergeKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@318302 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-09[libFuzzer] make sure to flush IO when done merging one fileKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317835 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-09[libFuzzer] Don't add leaking inputs to corpus.Matt Morehouse
Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39850 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317831 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-09[libFuzzer] handle SIGUSR1/SIGUSR2 and try to exit grafully on these signalsKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317829 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-09[libFuzzer] allow merge to resume after being preempted Kostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317767 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-09[libFuzzer] allow user to specify the merge control fileKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317747 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-02[fuzzer] Fix nested mallocsVitaly Buka
Summary: Nested mallocs are possible with internal symbolizer. Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39397 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317186 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-01[fuzzer] Script to detect unbalanced allocation in -trace_malloc outputVitaly Buka
Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39466 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317119 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-01[fuzzer] Fix threaded stack printingVitaly Buka
Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39397 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317071 91177308-0d34-0410-b5e6-96231b3b80d8
2017-11-01Revert "[fuzzer] Fix threaded stack printing and nested mallocs"Vitaly Buka
Fails on darwin Revert "[fuzzer] Script to detect unbalanced allocation in -trace_malloc output" Needs previous one. This reverts commit r317034, r317036. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317061 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-31[fuzzer] Script to detect unbalanced allocation in -trace_malloc outputVitaly Buka
Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39466 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317036 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-31[fuzzer] Fix threaded stack printing and nested mallocsVitaly Buka
Summary: Nested mallocs are possible with internal symbolizer. Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39397 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317034 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-23[Sanitizers-libFuzzer] Addressing coding style issues.Alex Shlyapnikov
Summary: The result of clang-format and few manual changes (as prompted on D39155). Reviewers: vitalybuka Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39211 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@316395 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-23[libFuzzer] Periodically purge allocator's quarantine to prolong fuzzing ↵Alex Shlyapnikov
sessions. Summary: Fuzzing targets that allocate/deallocate a lot of memory tend to consume a lot of RSS when ASan quarantine is enabled. Purging quarantine between iterations and returning memory to OS keeps RSS down and should not reduce the quarantine effectiveness provided the fuzz target does not preserve state between iterations (in this case this feature can be turned off). Based on D39153. Reviewers: vitalybuka Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39155 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@316382 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-14[libFuzzer] print a better warning if we hit the ld bugKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315778 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-13[Sanitizers] Always build libFuzzer with frame pointers.Alex Shlyapnikov
Lacking frame pointers, sanitized fuzzers collect bogus stack traces and the set of stack traces grows indefinitely, leading to OOMs. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315770 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-13[libFuzzer] tweam use_feature_frequency to be less aggressive; run a dummy ↵Kostya Serebryany
input before the seed corpus git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315657 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-11[libFuzzer] disable use_feature_frequency as it degrades some of the ↵Kostya Serebryany
benchmarks too much :( git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315503 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-11[libFuzzer] make -use_feature_frequency less aggressive and enable by defaultKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315490 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-11[libFuzzer] experimental flag to tweak the corpus distribution. Seems to ↵Kostya Serebryany
improve the situation dramatically on the png benchmark and make things worse on a number of micro-puzzles. Needs more A/B testing git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315407 91177308-0d34-0410-b5e6-96231b3b80d8
2017-10-05[libFuzzer] Disable experimental clang coverage support by default.Max Moroz
Summary: It can be enabled via "-use_clang_coverage=1" flag. Reason for disabling: libFuzzer resets Clang Counters and makes it impossible to generate coverage report for a regular fuzz target (i.e. not standalone build). Reviewers: kcc Reviewed By: kcc Subscribers: kcc Differential Revision: https://reviews.llvm.org/D38604 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315029 91177308-0d34-0410-b5e6-96231b3b80d8
2017-09-15[libFuzzer] minor refactoring, NFCKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@313406 91177308-0d34-0410-b5e6-96231b3b80d8
2017-09-15[libFuzzer] reduce the size of the merge control file by not dumping ↵Kostya Serebryany
redundant features into it git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@313403 91177308-0d34-0410-b5e6-96231b3b80d8
2017-09-12[libFuzzer] factor out some code into GetSizedFilesFromDir; NFCKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@313081 91177308-0d34-0410-b5e6-96231b3b80d8
2017-09-12[libfuzzer] Compare TotalNumberOfRuns with MaxNumberOfRuns when testing a ↵Max Moroz
memory leak. Summary: Fuzzer::TryDetectingAMemoryLeak may call ExecuteCallback which would increment TotalNumberOfRuns, but it doesn't respect Options.MaxNumberOfRuns value specified by a user. Context: https://github.com/google/oss-fuzz/issues/822#issuecomment-328153970 Reviewers: kcc Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D37632 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312993 91177308-0d34-0410-b5e6-96231b3b80d8
2017-09-09[libFuzzer] remove a couple of reduntant includesKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312848 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-31[libFuzzer] tolerate missing files when loading the seed corpusKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312269 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-30Add preliminary NetBSD support in libfuzzerKamil Rytarowski
Summary: This code already works and passes some number of tests. There is need to finish remaining sanitizers to get better coverage. Many tests fail due to overly long file names of executables (>31). This is a current shortcoming of the NetBSD 8(beta) kernel, as certain functions can fail (like retrieving file name of executable). Sponsored by <The NetBSD Foundation> Reviewers: joerg, kcc, vitalybuka, george.karpenkov Reviewed By: kcc Subscribers: mgorny, llvm-commits, #sanitizers Tags: #sanitizers Differential Revision: https://reviews.llvm.org/D37304 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312183 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-29[libFUzzer] change the way we load the seed corpora: instead of loading all ↵Kostya Serebryany
files and these executing all files, load and execute them one-by-one. This should reduce the memory usage in many cases git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312033 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-29[libFuzzer] refactoring: move reading the seed corpus closer to where it's ↵Kostya Serebryany
consumed; NFC git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311972 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-28[libFuzzer] allow -print_funcs=N: N is the max number of new covered ↵Kostya Serebryany
function printed git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311945 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-28[libFuzzer] Fix libFuzzer flag propagation for standalone builds.George Karpenkov
Under the previous configurations, flags from SANITIZER_COMMON were not propagated for standalone builds. Differential Revision: https://reviews.llvm.org/D37225 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311912 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-27[libFuzzer] Use custom allocators for STL containers in libFuzzer.George Karpenkov
Avoids ODR violations causing spurious ASAN warnings. Differential Revision: https://reviews.llvm.org/D37086 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311866 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-26Revert "[libFuzzer] Use custom allocators for STL containers in libFuzzer"George Karpenkov
This reverts commit 3539efc2f2218dba2bcbd645d0fe276f2b5cf588. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311831 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-26[libFuzzer] Use custom allocators for STL containers in libFuzzerGeorge Karpenkov
Avoids ODR violations causing spurious ASAN container overflow warnings. Differential Revision: https://reviews.llvm.org/D37086 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311830 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-25[libFuzzer] prepare tests for switching from ↵Kostya Serebryany
-fsanitize-coverage=trace-pc-guard to -fsanitize-coverage=inline-8bit-counters git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311798 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-25[libFuzzer] add -print_funcs=1 (on bey default): print newly discovered ↵Kostya Serebryany
functions during fuzzing git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311797 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-25[sanitizer-coverage] extend fsanitize-coverage=pc-table with flags for every PCKostya Serebryany
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311794 91177308-0d34-0410-b5e6-96231b3b80d8
2017-08-22[SanitizerCoverage] Optimize stack-depth instrumentation.Matt Morehouse
Summary: Use the initialexec TLS type and eliminate calls to the TLS wrapper. Fixes the sanitizer-x86_64-linux-fuzzer bot failure. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: hiraditya, llvm-commits Differential Revision: https://reviews.llvm.org/D37026 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311490 91177308-0d34-0410-b5e6-96231b3b80d8
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-01 23:27:55 +0000