| Age | Commit message (Collapse) | Author |
|---|
|
Summary:
Add dummy call of LLVMFuzzerTestOneInput to afl_driver before it starts
executing on actual inputs. Do this so that first time initialization
performed by LLVMFuzzerTestOneInput is not considered code covered by
a particular input.
Patch By: metzman
Reviewers: kcc, morehouse
Reviewed By: kcc
Subscribers: llvm-commits, Sanitizers
Differential Revision: https://reviews.llvm.org/D41193
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320643 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
max_len slower
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320531 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
use asan in one test to speed it up
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320259 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
sometimes exploding the corpus size. This still needs more analysis and tuning
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320237 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This patch adds the initial support for Fuchsia.
- LIBFUZZER_FUCHSIA is added as an OS type in FuzzerDefs.h
- Fuchsia is, by design, not POSIX compliant. However, it does use ELF and
supports common POSIX I/O functions. Thus, FuzzerExtFunctions.h and
FuzzerIO.h are implemented by extending the header guards in
FuzzerExtFunctionsWeak.cpp and FuzzerIOPosix.cpp to include
LIBFUZZER_FUCHSIA.
- The platform-specific portions of FuzzerUtil.h are implemented by
FuzzerUtilFuchsia.cpp, which makes use of exception ports, syscalls, and
the launchpad library.
- The experimental equivalence server is not currently supported, so
FuzzerShmem.h is implemented by stub methods in FuzzerShmemFuchsia.cpp.
Any future implementation will likely involve VMOs.
Tested with ASAN/SanCov on Fuchsia/x86-64 with the canonical toy fuzzer.
Patch By: aarongreen
Reviewers: kcc, morehouse, flowerhack, phosek
Reviewed By: kcc, phosek, Eugene.Zelenko
Subscribers: srhines, mgorny, Eugene.Zelenko
Differential Revision: https://reviews.llvm.org/D40974
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320210 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
-experimental_len_control, call UpdateFeatureFrequency only if instructed by the flag
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320205 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: With 3 Dictionary objects, each containing space of ~16k DictionaryEntry objects, the MutationDispatcher object is fairly memory heavy. On platforms with a lower default stack size, this can cause panics in FuzzerUnittest as those tests stack-allocate the MutationDispatcher. This may be especially problematic for platforms that do not (yet) have a way to programmatically change their stack size, aside from link-time flags. In general, it seems more prudent to use the heap for an object of this size.
Reviewers: kcc, morehouse
Reviewed By: kcc
Differential Revision: https://reviews.llvm.org/D40926
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319988 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319975 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
"> file" must come before "2>&1" to have redirection occur correctly in
all cases. Fixes a regression on minimize_two_crashes.test.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319792 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
In this case const does nothing but trigger a warning.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319685 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
FuzzerCommand.cpp was not introduced in r319680. Instead, it was
implemented in the header file.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319682 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
To be more portable (especially w.r.t. platforms without system()),
commands should be managed programmatically rather than via string
manipulation on the command line. This change introduces
Fuzzer::Command, with methods to manage arguments and flags, set output
options, and execute the command.
Patch By: aarongreen
Reviewers: kcc, morehouse
Reviewed By: kcc, morehouse
Subscribers: llvm-commits, mgorny
Differential Revision: https://reviews.llvm.org/D40103
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319680 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319590 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319572 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319571 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is based on discussion in https://reviews.llvm.org/D40376 .
The comments try to explain the reason for the current implementation
and note that it might change in the future, so clients should not
rely on this particular implementation.
Differential Revision: https://reviews.llvm.org/D40565
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319190 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
__sanitizer_symbolize_pc is not instrumented so msan assumes that PcDescr
was not initialized.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@318488 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
For some filesystems, readdir will not populate dirent::d_type with valuable information. This causes libfuzzer to proceed with an empty corpus, instead of the file it contains.
This has been tested on a server using XFS.
It should fix https://bugs.llvm.org//show_bug.cgi?id=25991
Reviewers: kcc
Reviewed By: kcc
Differential Revision: https://reviews.llvm.org/D40028
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@318303 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@318302 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317835 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39850
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317831 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317829 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317767 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317747 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: Nested mallocs are possible with internal symbolizer.
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39397
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317186 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39466
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317119 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39397
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317071 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fails on darwin
Revert "[fuzzer] Script to detect unbalanced allocation in -trace_malloc output"
Needs previous one.
This reverts commit r317034, r317036.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317061 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39466
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317036 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: Nested mallocs are possible with internal symbolizer.
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39397
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317034 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: The result of clang-format and few manual changes (as prompted on D39155).
Reviewers: vitalybuka
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39211
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@316395 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
sessions.
Summary:
Fuzzing targets that allocate/deallocate a lot of memory tend to consume
a lot of RSS when ASan quarantine is enabled. Purging quarantine between
iterations and returning memory to OS keeps RSS down and should not
reduce the quarantine effectiveness provided the fuzz target does not
preserve state between iterations (in this case this feature can be turned off).
Based on D39153.
Reviewers: vitalybuka
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39155
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@316382 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315778 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Lacking frame pointers, sanitized fuzzers collect bogus stack
traces and the set of stack traces grows indefinitely, leading to OOMs.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315770 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
input before the seed corpus
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315657 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
benchmarks too much :(
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315503 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315490 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
improve the situation dramatically on the png benchmark and make things worse on a number of micro-puzzles. Needs more A/B testing
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315407 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
It can be enabled via "-use_clang_coverage=1" flag. Reason for disabling:
libFuzzer resets Clang Counters and makes it impossible to generate coverage
report for a regular fuzz target (i.e. not standalone build).
Reviewers: kcc
Reviewed By: kcc
Subscribers: kcc
Differential Revision: https://reviews.llvm.org/D38604
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315029 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@313406 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
redundant features into it
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@313403 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@313081 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
memory leak.
Summary:
Fuzzer::TryDetectingAMemoryLeak may call ExecuteCallback which would
increment TotalNumberOfRuns, but it doesn't respect Options.MaxNumberOfRuns
value specified by a user.
Context: https://github.com/google/oss-fuzz/issues/822#issuecomment-328153970
Reviewers: kcc
Reviewed By: kcc
Differential Revision: https://reviews.llvm.org/D37632
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312993 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312848 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312269 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
This code already works and passes some number of tests.
There is need to finish remaining sanitizers to get better coverage.
Many tests fail due to overly long file names of executables (>31).
This is a current shortcoming of the NetBSD 8(beta) kernel, as
certain functions can fail (like retrieving file name of executable).
Sponsored by <The NetBSD Foundation>
Reviewers: joerg, kcc, vitalybuka, george.karpenkov
Reviewed By: kcc
Subscribers: mgorny, llvm-commits, #sanitizers
Tags: #sanitizers
Differential Revision: https://reviews.llvm.org/D37304
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312183 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
files and these executing all files, load and execute them one-by-one. This should reduce the memory usage in many cases
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312033 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
consumed; NFC
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311972 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
function printed
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311945 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Under the previous configurations, flags from SANITIZER_COMMON were not
propagated for standalone builds.
Differential Revision: https://reviews.llvm.org/D37225
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311912 91177308-0d34-0410-b5e6-96231b3b80d8
|
