aboutsummaryrefslogtreecommitdiff
path: root/llvm/lib/Fuzzer/FuzzerDriver.cpp
AgeCommit message (Collapse)AuthorFilesLines
2016-10-06[libFuzzer] be more careful with memory usage, print peak rss in status linesKostya Serebryany1-0/+1
llvm-svn: 283418
2016-10-05[libFuzzer] refactoring to make -shrink=1 work for value profile, added a test.Kostya Serebryany1-1/+1
llvm-svn: 283409
2016-10-05[libFuzzer] clear the corpus elements if they are evicted (i.e. smaller ↵Kostya Serebryany1-1/+1
elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines llvm-svn: 283279
2016-10-01[libFuzzer] implement the -shrink=1 option that tires to make elements of ↵Kostya Serebryany1-0/+3
the corpus smaller, off by default llvm-svn: 282995
2016-09-30[libFuzzer] remove unused optionKostya Serebryany1-1/+0
llvm-svn: 282971
2016-09-27[libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script ↵Kostya Serebryany1-0/+2
for RE2 that uses this flag llvm-svn: 282458
2016-09-23[libFuzzer] fix merging with trace-pc-guardKostya Serebryany1-1/+1
llvm-svn: 282224
2016-09-23[libFuzzer] move value profiling logic into TracePCKostya Serebryany1-3/+1
llvm-svn: 282219
2016-09-22[libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen ↵Kostya Serebryany1-9/+5
and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen llvm-svn: 282211
2016-09-22[libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany1-1/+1
> MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
2016-09-21[libFuzzer] add stats to the corpus; more refactoringKostya Serebryany1-4/+7
llvm-svn: 282121
2016-09-21[libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany1-0/+2
llvm-svn: 282044
2016-09-21[libFuzzer] refactoring: move the Corpus into a separate class; delete two ↵Kostya Serebryany1-15/+15
unused experimental features llvm-svn: 282042
2016-09-18[libFuzzer] add -print_coverage=1 flag to print coverage directly from ↵Kostya Serebryany1-0/+1
libFuzzer llvm-svn: 281866
2016-09-10[libFuzzer] don't print help for internal flags Kostya Serebryany1-0/+1
llvm-svn: 281124
2016-09-09[libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly ↵Kostya Serebryany1-1/+0
better llvm-svn: 281007
2016-09-01[libFuzzer] add -minimize_crash flag (to minimize crashers). also add two ↵Kostya Serebryany1-8/+99
tests that I failed to commit last time llvm-svn: 280332
2016-08-30[libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, ↵Kostya Serebryany1-5/+5
M<N, caused a buffer overflow llvm-svn: 280098
2016-08-25[libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more ↵Kostya Serebryany1-1/+1
useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787
2016-08-16[libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany1-0/+3
affect control flow and treats new values as new coverage. llvm-svn: 278839
2016-08-15[libFuzzer] print a verbose message after executing inputs in non-fuzzing modeKostya Serebryany1-0/+4
llvm-svn: 278724
2016-07-15[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany1-0/+1
llvm-svn: 275648
2016-06-23[libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky1-2/+2
Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
2016-06-17[libFuzzer] make the single-run output more reliableKostya Serebryany1-2/+2
llvm-svn: 272998
2016-06-07[LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew1-3/+7
This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
2016-06-07[libfuzzer] prune_corpus option for disabling pruning during the load.Mike Aizatsky1-0/+1
Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035
2016-06-02[LibFuzzer] Reimplement how the optional user functions are called.Dan Liew1-8/+6
The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491
2016-06-01[libFuzzer] when an invalid flag is given, warn, but don't crashKostya Serebryany1-2/+3
llvm-svn: 271404
2016-05-24[libfuzzer] Trying random unit prefixes during corpus load.Mike Aizatsky1-0/+1
Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632
2016-05-13[libFuzzer] print the file name before executing the input so that if there ↵Kostya Serebryany1-1/+2
is a crash we know which files has caused it llvm-svn: 269450
2016-05-06[libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print ↵Kostya Serebryany1-3/+4
the OOM reproducer. llvm-svn: 268821
2016-05-06[libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMsKostya Serebryany1-0/+17
llvm-svn: 268807
2016-05-04[libFuzzer] print stats after running individual inputsKostya Serebryany1-1/+2
llvm-svn: 268547
2016-04-20[libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, ↵Kostya Serebryany1-0/+1
it will help finding leaks while fuzzing llvm-svn: 266838
2016-04-18[libFuzzer] warn if the corpus is emptyKostya Serebryany1-1/+4
llvm-svn: 266670
2016-04-18[NFC] Header cleanupMehdi Amini1-7/+5
Removed some unused headers, replaced some headers with forward class declarations. Found using simple scripts like this one: clear && ack --cpp -l '#include "llvm/ADT/IndexedMap.h"' | xargs grep -L 'IndexedMap[<]' | xargs grep -n --color=auto 'IndexedMap' Patch by Eugene Kosov <claprix@yandex.ru> Differential Revision: http://reviews.llvm.org/D19219 From: Mehdi Amini <mehdi.amini@apple.com> llvm-svn: 266595
2016-04-15[libFuzzer] add a better warning for command line flags with -- (two dashes)Kostya Serebryany1-0/+3
llvm-svn: 266480
2016-04-11Remove redundant .c_str(), as suggested by PR25633Hans Wennborg1-1/+1
llvm-svn: 265988
2016-03-24[libFuzzer] handle SIGTERMKostya Serebryany1-0/+1
llvm-svn: 264338
2016-03-18[libFuzzer] add a flag close_fd_mask so that we can silence spammy targets ↵Kostya Serebryany1-0/+5
by closing stderr/stdout llvm-svn: 263831
2016-03-18[libFuzzer] improve -merge functionalityKostya Serebryany1-2/+1
llvm-svn: 263769
2016-03-17[libFuzzer] deprecate several flagsKostya Serebryany1-10/+4
llvm-svn: 263739
2016-03-15[libFuzzer] use max_len exactly equal to the max size of input. Fix 32-bit buildKostya Serebryany1-1/+2
llvm-svn: 263518
2016-03-12[libFuzzer] try to use max_len based on the items of the corpus instead of ↵Kostya Serebryany1-4/+13
blindly defaulting to 64 bytes. llvm-svn: 263323
2016-03-04[libFuzzer] log less when re-loading files; fix a silly bug: when running ↵Kostya Serebryany1-1/+1
single files actually run all of them, not just the first one llvm-svn: 262754
2016-03-01[libFuzzer] deprecate exit_on_first flagKostya Serebryany1-6/+8
llvm-svn: 262417
2016-03-01[libFuzzer] add generic signal handlers so that libFuzzer can report at ↵Kostya Serebryany1-1/+6
least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. llvm-svn: 262415
2016-02-26[libFuzzer] add -print_final_stats=1 flagKostya Serebryany1-0/+2
llvm-svn: 262084
2016-02-18[libFuzzer] only read MaxLen bytes from every file in the corpus to speedup ↵Kostya Serebryany1-1/+1
loading the corpus llvm-svn: 261267
2016-02-13[libFuzzer] remove std::vector operations from hot paths, NFCKostya Serebryany1-1/+1
llvm-svn: 260829
generated by cgit v1.1 at 2025-10-11 18:17:31 +0000