aboutsummaryrefslogtreecommitdiff
path: root/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
AgeCommit message (Collapse)AuthorFilesLines
2019-05-10[libFuzzer] code refactoring; NFCKostya Serebryany1-9/+29
llvm-svn: 360400
2019-05-10[libFuzzer] small refactoring in the driver; dummy implementation of ↵Kostya Serebryany1-21/+29
collect_data_flow; attempt to fix the windows bot llvm-svn: 360399
2019-04-30[libFuzzer] Replace -seed_corpus to better support fork mode on WinJonathan Metzman1-7/+16
Summary: Pass seed corpus list in a file to get around argument length limits on Windows. This limit was preventing many uses of fork mode on Windows. Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D60980 llvm-svn: 359610
2019-04-13[libFuzzer] add -features_dir= flag to dump unique input features on diskKostya Serebryany1-0/+2
llvm-svn: 358317
2019-02-15[libFuzzer] form mode: add -ignore_crashes flag, honor the max_total_time ↵Kostya Serebryany1-0/+1
flag, print the number of ooms/timeouts/crashes, fix a typo llvm-svn: 354175
2019-02-15[libFuzzer] when doing the merge, keep track of the coveraged edges, not ↵Kostya Serebryany1-2/+2
just features llvm-svn: 354087
2019-02-14[libFuzzer] add threads to the fork mode: now you can pass -fork=N to run N ↵Kostya Serebryany1-1/+1
concurrent workers. Fork mode is still work-in-progress. llvm-svn: 353997
2019-02-12[libFuzzer] move the implementation of the fork mode into a separate fileKostya Serebryany1-92/+3
llvm-svn: 353891
2019-02-12[libFuzzer] make the fork mode less verboseKostya Serebryany1-8/+14
llvm-svn: 353794
2019-02-12[libFuzzer] teach the fork mode to ignore OOMs and timeoutsKostya Serebryany1-0/+8
llvm-svn: 353792
2019-02-12[libFuzzer] extend the -fork=1 functionality. Still not fully usable, but ↵Kostya Serebryany1-18/+48
good enough for the first unit test llvm-svn: 353775
2019-02-09[libFuzzer] more refactoring; change some of the exit codes (timeout, OOM, ↵Kostya Serebryany1-9/+19
interrupt) so that the parent process can distinguish those llvm-svn: 353584
2019-02-08[libFuzzer] refactor the merging code, NFCKostya Serebryany1-18/+36
llvm-svn: 353576
2019-02-08[libFuzzer] remove two unused experimental flagsKostya Serebryany1-5/+2
llvm-svn: 353573
2019-02-08[libFuzzer] introduce an experimental mode -fork=1, where fuzzing happens in ↵Kostya Serebryany1-10/+58
a subprocess (still running multiple inputs per process), thus making the fuzzing more resilient to timeouts and OOMs. This is just a skeleton of the code, and some associated refactoring, not a fully working feature yet. llvm-svn: 353570
2019-02-08[libFuzzer] refactor the way we choose the element to cross-over with, NFC ↵Kostya Serebryany1-1/+13
(expected1); add a flag -seed_inputs= to pass extra seed inputs as file paths, not dirs llvm-svn: 353494
2019-01-31[libFuzzer] set libFuzzer's own SEGV handler even one is already present, ↵Kostya Serebryany1-3/+1
but call that handler from ours (unless we are unprotecting lazy counters). Call ProtectLazyCounters later, so that it runs after the initialization code in the target. llvm-svn: 352713
2019-01-31[libFuzzer] experimental performance optimization -lazy_counters, off by ↵Kostya Serebryany1-0/+3
default. Posix-only for now, tested on Linux llvm-svn: 352700
2019-01-30[libFuzzer] remove stale code, NFCKostya Serebryany1-29/+0
llvm-svn: 352604
2019-01-29[libFuzzer] remove stale code Kostya Serebryany1-1/+0
llvm-svn: 352571
2019-01-19Update the file headers across all of the LLVM projects in the monorepoChandler Carruth1-4/+3
to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. llvm-svn: 351636
2019-01-17[libFuzzer][MSVC] Make attribute-use compatible with MSVCJonathan Metzman1-0/+5
Summary: Replace attributes with macros that use equivalent declspecs for MSVC. Reviewers: vitalybuka Reviewed By: vitalybuka Differential Revision: https://reviews.llvm.org/D56512 llvm-svn: 351456
2019-01-15[libFuzzer] Remove unstable edge handlingJonathan Metzman1-4/+0
Summary: Remove code for handling unstable edges from libFuzzer since it has not been found useful. Differential Revision: https://reviews.llvm.org/D56730 llvm-svn: 351262
2018-08-29[libFuzzer] Remove mutation stats and weighted mutation selection.Max Moroz1-2/+0
Summary: This was an experimental feature. After evaluating it with: 1) https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison 2) enabling on real world fuzz targets running at ClusterFuzz and OSS-Fuzz The following conclusions were made: 1) With fuzz targets that have reached a code coverage plateau, the feature does not improve libFuzzer's ability to discover new coverage and may actually negatively impact it. 2) With fuzz targets that have not yet reached a code coverage plateau, the feature might speed up new units discovery in some cases, but it is quite rare and hard to confirm with a high level on confidence. Revert of https://reviews.llvm.org/D48054 and https://reviews.llvm.org/D49621. Reviewers: metzman, morehouse Reviewed By: metzman, morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D51455 llvm-svn: 340976
2018-08-02[libFuzzer] Initial implementation of weighted mutation leveraging during ↵Max Moroz1-0/+1
runtime. Summary: Added functions that calculate stats while fuzz targets are running and give mutations weight based on how much new coverage they provide, and choose better performing mutations more often. Patch by Kodé Williams (@kodewilliams). Reviewers: Dor1s, metzman, morehouse Reviewed By: Dor1s, morehouse Subscribers: delcypher, kcc, llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D49621 llvm-svn: 338776
2018-07-24[libFuzzer] Handle unstable edges by disregarding unstable edgesMax Moroz1-1/+2
Summary: Added a new mode within flag -handle_unstable for new unstable handling algorithm that does the following: When an edge is shown as unstable, copy to UnstableCounters the value 0. During ApplyUnstableCounters we copy back the value 0 to ModuleInline8bitCounters if the edge was unstable. This way we would be ignoring completely features that were collected through non-determinism. Unstable hits would be counted as if it never hit. Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, morehouse Subscribers: delcypher, llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D49684 llvm-svn: 337853
2018-07-23[libFuzzer] Handle unstable edges by using minimum hit countsMax Moroz1-0/+2
Summary: Created unstable_handle flag that takes 1 or 2, depending on the handling type. Modified RunOne to accommodate the following heuristic: Use the first CollectFeatures to count how many features there are. If no new features, CollectFeatures like before. If there is new feature, we run CB 2 more times, Check which edges are unstable per input and we store the least amount of hit counts for each edge. Apply these hit counts back to inline8bitcounters so that CollectFeatures can work as intended. Modified UnstableCounters to 8int_t and created a bitset UnstableSet to tell which edges are unstable. Patch by Kyungtak Woo (@kevinwkt). Reviewers: Dor1s, metzman, morehouse Reviewed By: Dor1s, morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D49525 llvm-svn: 337696
2018-07-17[libFuzzer] Mutation tracking and logging implemented.Max Moroz1-0/+1
Summary: Code now exists to track number of mutations that are used in fuzzing in total and ones that produce new coverage. The stats are currently being dumped to the command line. Patch by Kodé Williams (@kodewilliams). Reviewers: metzman, Dor1s, morehouse, kcc Reviewed By: Dor1s, morehouse, kcc Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny Differential Revision: https://reviews.llvm.org/D48054 llvm-svn: 337324
2018-07-16Revert r337194 (https://reviews.llvm.org/D48891) due to compilation errors.Max Moroz1-1/+0
llvm-svn: 337206
2018-07-16[libFuzzer] Mutation tracking and logging implemented.Max Moroz1-0/+1
Summary: Code now exists to track number of mutations that are used in fuzzing in total and ones that produce new coverage. The stats are currently being dumped to the command line. Patch by Kodé Williams (@kodewilliams). Reviewers: metzman, Dor1s, morehouse, kcc Reviewed By: Dor1s, morehouse, kcc Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny Differential Revision: https://reviews.llvm.org/D48054 llvm-svn: 337194
2018-07-16[libFuzzer] Implement stat::stability_rate based on the percentage of ↵Max Moroz1-0/+1
unstable edges. Summary: Created a -print_unstable_stats flag. When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array. On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does. Patch by Kyungtak Woo (@kevinwkt). Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, Dor1s, morehouse Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s Differential Revision: https://reviews.llvm.org/D49212 llvm-svn: 337187
2018-07-16Revert r337175 (https://reviews.llvm.org/D49212) due to unintentional format ↵Max Moroz1-6/+5
changes. llvm-svn: 337180
2018-07-16[libFuzzer] Implement stat::stability_rate based on the percentage of ↵Max Moroz1-5/+6
unstable edges. Summary: Created a -print_unstable_stats flag. When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array. On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does. Patch by Kyungtak Woo (@kevinwkt). Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, Dor1s, morehouse Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s Differential Revision: https://reviews.llvm.org/D49212 llvm-svn: 337175
2018-07-09[libFuzzer] Make -fsanitize=memory,fuzzer work.Matt Morehouse1-0/+2
This patch allows libFuzzer to fuzz applications instrumented with MSan without recompiling libFuzzer with MSan instrumentation. Fixes https://github.com/google/sanitizers/issues/958. Differential Revision: https://reviews.llvm.org/D48891 llvm-svn: 336619
2018-07-09Revert "[libFuzzer] Mutation tracking and logging implemented"Matt Morehouse1-1/+0
This reverts r336597 due to bot breakage. llvm-svn: 336616
2018-07-09[libFuzzer] Mutation tracking and logging implementedMatt Morehouse1-0/+1
Code now exists to track number of mutations that are used in fuzzing in total and ones that produce new coverage. The stats are currently being dumped to the command line. Patch By: Kode Williams Differntial Revision: https://reviews.llvm.org/D48054 llvm-svn: 336597
2018-06-06[libFuzzer] remove an experimental flag -use_feature_frequencyKostya Serebryany1-1/+0
llvm-svn: 334146
2018-06-06[libFuzzer] initial implementation of -data_flow_trace. It parses the data ↵Kostya Serebryany1-0/+2
flow trace and prints the summary, but doesn't use the information in any other way yet llvm-svn: 334058
2018-05-21[libFuzzer] reinstate -dump_coverage, which is still in use (reverts r332036)Kostya Serebryany1-0/+1
llvm-svn: 332876
2018-05-16[libFuzzer] add an experimental flag -focus_function: libFuzzer will try to ↵Kostya Serebryany1-0/+2
focus on inputs that trigger that function llvm-svn: 332554
2018-05-15[libFuzzer] deprecate equivalence_serverKostya Serebryany1-0/+2
llvm-svn: 332316
2018-05-10[libFuzzer] remove the dump_coverage flag, it hasn't been working with the ↵Kostya Serebryany1-1/+0
inline sanitizer coverage anyway llvm-svn: 332036
2018-05-10[libFuzzer] remove the experimental support for clang coverage ↵Kostya Serebryany1-1/+0
instrumentation. This mode has not been used and our experiments with https://github.com/google/fuzzer-test-suite show that this signal is weaker than the SanitizerCoverage llvm-svn: 332034
2018-03-13fix some user facing typos / in the commentsSylvestre Ledru1-1/+1
llvm-svn: 327402
2018-02-13[libFuzzer] Set -experimental_len_control=1000 as default.Matt Morehouse1-1/+1
Summary: Experiments using https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison show a significant increase in coverage and reduction in corpus size with this option enabled. Addresses https://llvm.org/pr36371. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D42932 llvm-svn: 325050
2017-12-06[libFuzzer] fix a minor regression in printingKostya Serebryany1-1/+1
llvm-svn: 319975
2017-12-04[libFuzzer] Encapsulate commands in a class.Matt Morehouse1-29/+37
Summary: To be more portable (especially w.r.t. platforms without system()), commands should be managed programmatically rather than via string manipulation on the command line. This change introduces Fuzzer::Command, with methods to manage arguments and flags, set output options, and execute the command. Patch By: aarongreen Reviewers: kcc, morehouse Reviewed By: kcc, morehouse Subscribers: llvm-commits, mgorny Differential Revision: https://reviews.llvm.org/D40103 llvm-svn: 319680
2017-12-01[libFuzzer] add a flag -malloc_limit_mbKostya Serebryany1-0/+3
llvm-svn: 319590
2017-12-01[libFuzzer] remove stale flags; NFCKostya Serebryany1-1/+0
llvm-svn: 319572
2017-12-01[libFuzzer] add an experimental search heuristic flag -reduce_depthKostya Serebryany1-0/+1
llvm-svn: 319571
generated by cgit v1.1 at 2025-10-03 19:25:02 +0000