| Age | Commit message (Collapse) | Author |
|---|
|
Summary:
Added a new mode within flag -handle_unstable for new unstable handling algorithm that does the following:
When an edge is shown as unstable, copy to UnstableCounters the value 0.
During ApplyUnstableCounters we copy back the value 0 to ModuleInline8bitCounters if the edge was unstable.
This way we would be ignoring completely features that were collected through non-determinism.
Unstable hits would be counted as if it never hit.
Reviewers: metzman, Dor1s, kcc, morehouse
Reviewed By: metzman, morehouse
Subscribers: delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D49684
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337853 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is a preparation for breaking change when all Zircon calls that
take time as an argument will start using signed valued. We will
transition back to ZX_TIME_INFITINE after all the changes to these
symbols are done and become part of the Fuchsia SDK.
Differential Revision: https://reviews.llvm.org/D49694
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337802 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This reverts commit r337775 since r337727 has been reverted in r337782.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337784 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The path to headers which are installed into libc++ build directory
has changed in r337727 which broke the libFuzzer build.
Differential Revision: https://reviews.llvm.org/D49705
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337775 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Created unstable_handle flag that takes 1 or 2, depending on the handling type.
Modified RunOne to accommodate the following heuristic:
Use the first CollectFeatures to count how many features there are.
If no new features, CollectFeatures like before.
If there is new feature, we run CB 2 more times,
Check which edges are unstable per input and we store the least amount of hit counts for each edge.
Apply these hit counts back to inline8bitcounters so that CollectFeatures can work as intended.
Modified UnstableCounters to 8int_t and created a bitset UnstableSet to tell which edges are unstable.
Patch by Kyungtak Woo (@kevinwkt).
Reviewers: Dor1s, metzman, morehouse
Reviewed By: Dor1s, morehouse
Subscribers: delcypher, #sanitizers, llvm-commits, kcc
Differential Revision: https://reviews.llvm.org/D49525
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337696 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
seeds that hit every given function)
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337501 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337437 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
(DFT=data-flow-trace)
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337434 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fuchsia doesn't have signals; instead it expects processes to have a
dedicated exception thread that binds to the process' exception port and
waits for exception packets to be delivered. On the other hand,
libFuzzer and sanitizer_common use expect to collect crash information
via libunwind from the same thread that caused the exception.
The long term fix is to improve support for remote unwinding in
libunbwind, plumb this through sanitizer_common and libFuzzer, and
handle the exception exclusively on the exception thread. In the
meantime, this revision has the exception thread "resurrect" the
crashing thread by:
* saving its general purpose register state onto the crashing thread's
stack,
* setting the crashing thread's program counter to an assembly trampoline
with the CFI information needed by libunwind, and
* resuming the crashed thread.
Patch By: aarongreen
Differential Revision: https://reviews.llvm.org/D48509
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337418 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Created IterateInline8bitCounters, a single template for visiting Inline8bitCounters (nested for loop)
Made InitializeUnstableCounters and UpdateUnstableCounters both send a lambda to IterateInline8bitCounters.
Patch by Kyungtak Woo (@kevinwkt).
Reviewers: Dor1s, metzman, kcc, morehouse
Reviewed By: metzman, morehouse
Subscribers: delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D49453
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337403 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Code now exists to track number of mutations that are used in fuzzing in total
and ones that produce new coverage. The stats are currently being dumped to the
command line.
Patch by Kodé Williams (@kodewilliams).
Reviewers: metzman, Dor1s, morehouse, kcc
Reviewed By: Dor1s, morehouse, kcc
Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny
Differential Revision: https://reviews.llvm.org/D48054
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337324 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is a fix for bug 37047.
https://bugs.llvm.org/show_bug.cgi?id=37047
Implemented by basically reversing the logic. Previously all strings
were considered, with some operations excluded. Now strings are excluded
by default, and only strings during the CB considered.
Patch By: pdknsk
Differential Revision: https://reviews.llvm.org/D48800
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337296 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337206 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
We no longer pass CLANG_DEFAULT_CXX_STDLIB to the runtimes build
as it was causing issues so we can no longer use this variable. We
instead use cxx-headers as a dependency whenever this is available
since both XRay and libFuzzer are built as static libraries so this
is sufficient.
Differential Revision: https://reviews.llvm.org/D49346
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337199 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary:
Code now exists to track number of mutations that are used in fuzzing in total
and ones that produce new coverage. The stats are currently being dumped to the
command line.
Patch by Kodé Williams (@kodewilliams).
Reviewers: metzman, Dor1s, morehouse, kcc
Reviewed By: Dor1s, morehouse, kcc
Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny
Differential Revision: https://reviews.llvm.org/D48054
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337194 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
unstable edges.
Summary:
Created a -print_unstable_stats flag.
When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array.
On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does.
Patch by Kyungtak Woo (@kevinwkt).
Reviewers: metzman, Dor1s, kcc, morehouse
Reviewed By: metzman, Dor1s, morehouse
Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s
Differential Revision: https://reviews.llvm.org/D49212
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337187 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
changes.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337180 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
unstable edges.
Summary:
Created a -print_unstable_stats flag.
When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array.
On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does.
Patch by Kyungtak Woo (@kevinwkt).
Reviewers: metzman, Dor1s, kcc, morehouse
Reviewed By: metzman, Dor1s, morehouse
Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s
Differential Revision: https://reviews.llvm.org/D49212
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337175 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This reverts rL334510 due to breakage of afl_driver's command line
interface.
Patch By: Jonathan Metzman
Differential Revision: https://reviews.llvm.org/D49141
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336719 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
when building with an IDE so that header files show up in the UI.
This massively improves the development workflow in IDEs.
To implement this a new function `compiler_rt_process_sources(...)` has
been added that adds header files to the list of sources when the
generator is an IDE. For non-IDE generators (e.g. Ninja/Makefile) no
changes are made to the list of source files.
The function can be passed a list of headers via the
`ADDITIONAL_HEADERS` argument. For each runtime library a list of
explicit header files has been added and passed via
`ADDITIONAL_HEADERS`. For `tsan` and `sanitizer_common` a list of
headers was already present but it was stale and has been updated
to reflect the current state of the source tree.
The original version of this patch used file globbing (`*.{h,inc,def}`)
to find the headers but the approach was changed due to this being a
CMake anti-pattern (if the list of headers changes CMake won't
automatically re-generate if globbing is used).
The LLVM repo contains a similar function named `llvm_process_sources()`
but we don't use it here for several reasons:
* It depends on the `LLVM_ENABLE_OPTION` cache variable which is
not set in standalone compiler-rt builds.
* We would have to `include(LLVMProcessSources)` which I'd like to
avoid because it would include a bunch of stuff we don't need.
Differential Revision: https://reviews.llvm.org/D48422
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336663 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This patch allows libFuzzer to fuzz applications instrumented with MSan
without recompiling libFuzzer with MSan instrumentation.
Fixes https://github.com/google/sanitizers/issues/958.
Differential Revision: https://reviews.llvm.org/D48891
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336619 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This reverts r336597 due to bot breakage.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336616 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Code now exists to track number of mutations that are used in fuzzing in
total and ones that produce new coverage. The stats are currently being
dumped to the command line.
Patch By: Kode Williams
Differntial Revision: https://reviews.llvm.org/D48054
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336597 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: This is a minor cosmetic change. When function/path exceed ~1000 characters, the output is truncated before the line-break. I noticed this for NEW_FUNC.
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D48799
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336461 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: https://reviews.llvm.org/D48650
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336238 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336234 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336230 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Some warnings originating from googletest were causing bots to fail
while bulding unit tests. The sanitizers address this issue by not
using -Werror. We adopt this approach for libFuzzer.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335640 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@335487 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
On targets that don't link internal libc++ (Fuchsia and Linux) but
use libc++ as their C++ library and libFuzzer is being built using
the just built compiler together with libc++ as part of runtimes, we
need an explicit dependency from libFuzzer object library to libc++ to
make sure the headers are available by the time we start building
libFuzzer.
Differential Revision: https://reviews.llvm.org/D48261
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334928 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334902 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334901 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Don't hardcode the architecture for Fuzzer tests which breaks when
compiler-rt is being compiled for architectures other than x86_64.
Differential Revision: https://reviews.llvm.org/D48207
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334852 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Differential Revision: https://reviews.llvm.org/D47296
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334768 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is needed when we're cross-compiling compiler-rt.
Differential Revision: https://reviews.llvm.org/D47834
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334570 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Reverts changes to AddCompilerRT.cmake due to breakage of
http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334528 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Handling differently the iterations with the type limit and eventually an error message.
Reviewers: morehouse, kcc
Reviewed By: morehouse
Differential Revision: https://reviews.llvm.org/D47880
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334510 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Summary: Otherwise we print things like [0/1] which is visually confusing.
Reviewers: kcc
Reviewed By: kcc
Subscribers: delcypher, llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D47837
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334234 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The path now includes lib/ prefix.
Differential Revision: https://reviews.llvm.org/D47866
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334213 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334158 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334146 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
On Fuchsia, we use libc++ compiled with ASan for our ASan built
executable which means we cannot use the same libc++ for libFuzzer when
building fuzz targets, instead we'll link a custom internal libc++ into
Fuchsia's build of libFuzzer like we already do on Linux.
Differential Revision: https://reviews.llvm.org/D47835
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334144 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is needed when we're cross-compiling compiler-rt.
Differential Revision: https://reviews.llvm.org/D47834
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334139 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
By adding a ctor to create fuzzer_allocator<T> from fuzzer_allocator<U>.
This mimics construcotrs of std::allocator<T>.
Without the constructors, some versions of libstdc++ can't compile
`vector<bool, fuzzer_allocator<bool>>`.
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334077 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
flow trace and prints the summary, but doesn't use the information in any other way yet
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334058 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
fdio_spawn is the new public API for launching processes in Fuchsia.
Differential Revision: https://reviews.llvm.org/D47649
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@333809 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
several times on subsets of inputs bytes, to overcome DFSan out-of-label failures
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@333616 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fuchsia's _zx_port_wait no longer takes the count argument. This
change also updates all symbol uses to use the underscored versions.
Differential Revision: https://reviews.llvm.org/D47403
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@333328 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
LIT tests are used to test other cross-compiled architectures,
unit tests are only run on the host.
NFC now as currently only a single architecture is supported.
Differential Revision: https://reviews.llvm.org/D47286
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@333241 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
script merges traces from the subsets
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@333149 91177308-0d34-0410-b5e6-96231b3b80d8
|
