aboutsummaryrefslogtreecommitdiff
path: root/llvm/lib/Fuzzer/FuzzerDriver.cpp
AgeCommit message (Collapse)AuthorFilesLines
2017-10-16[libFuzzer] Delete llvm/lib/FuzzerVitaly Buka1-764/+0
Summary: Code is already in compiler-rt Reviewers: kcc Subscribers: krytarowski, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D38912 llvm-svn: 315937
2017-07-22[libFuzzer] reimplement experimental_len_control=1: bump the temporary ↵Kostya Serebryany1-2/+0
max_len every time we failed to find new coverage during the last 1000 runs and 1 second. Also fix FileToVector to not load unfinished files llvm-svn: 308811
2017-07-20Generate error reports when a fuzz target exits.Matt Morehouse1-0/+3
Summary: Implements https://github.com/google/sanitizers/issues/835. Flush stdout before exiting in test cases. Since the atexit hook is used for exit reports, pending prints to stdout can be lost if they aren't flushed before calling exit(). Expect tests to have non-zero exit code if exit() is called. Reviewers: vitalybuka, kcc Reviewed By: kcc Subscribers: eraman, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D35602 llvm-svn: 308669
2017-07-14[libFuzzer] Allow non-fuzzer args after -ignore_remaining_args=1Justin Bogner1-7/+13
With this change, libFuzzer will ignore any arguments after a sigil argument, but it will preserve these arguments at the end of the command line when launching subprocesses. Using this, its possible to handle positional and single-dash arguments to the program under test by discarding everything up to -ignore_remaining_args=1 in LLVMFuzzerInitialize. llvm-svn: 308069
2017-07-13[libFuzzer] experimental feature -reduce_inputs (off by default) that tries ↵Kostya Serebryany1-1/+0
to replace elements in the corpus with smaller ones that have the same feature set. Still needs tuning llvm-svn: 307873
2017-07-12[libFuzzer] refactoring in preparation for -reduce_inputs; NFC intendedKostya Serebryany1-2/+3
llvm-svn: 307857
2017-06-15[libFuzzer] change the default max_len from 64 to 4096. This will affect ↵Kostya Serebryany1-2/+2
cases where libFuzzer is run w/o initial corpus or with a corpus of very small items. llvm-svn: 305521
2017-06-06Sort the remaining #include lines in include/... and lib/....Chandler Carruth1-1/+1
I did this a long time ago with a janky python script, but now clang-format has built-in support for this. I fed clang-format every line with a #include and let it re-sort things according to the precise LLVM rules for include ordering baked into clang-format these days. I've reverted a number of files where the results of sorting includes isn't healthy. Either places where we have legacy code relying on particular include ordering (where possible, I'll fix these separately) or where we have particular formatting around #include lines that I didn't want to disturb in this patch. This patch is *entirely* mechanical. If you get merge conflicts or anything, just ignore the changes in this patch and run clang-format over your #include lines in the files. Sorry for any noise here, but it is important to keep these things stable. I was seeing an increasing number of patches with irrelevant re-ordering of #include lines because clang-format was used. This patch at least isolates that churn, makes it easy to skip when resolving conflicts, and gets us to a clean baseline (again). llvm-svn: 304787
2017-06-06[llvm] Remove double semicolonsMandeep Singh Grang1-1/+1
Reviewers: craig.topper, arsenm, mehdi_amini Reviewed By: mehdi_amini Subscribers: mehdi_amini, wdng, nhaehnle, javed.absar, llvm-commits Differential Revision: https://reviews.llvm.org/D33924 llvm-svn: 304767
2017-05-09[libFuzzer] make sure the input data is not overwritten in the fuzz target ↵Kostya Serebryany1-1/+2
(if it is -- report an error) llvm-svn: 302494
2017-04-19[libFuzzer] remove -output_csv option. It duplicates the default output and ↵Kostya Serebryany1-1/+0
got out of sync llvm-svn: 300768
2017-04-17[libFuzzer] experimental option -cleanse_crash: tries to replace all bytes ↵Kostya Serebryany1-0/+63
in a crash reproducer with garbage, while still preserving the crash llvm-svn: 300498
2017-03-25[libFuzzer] read asan's dedup_token while minimizing a crash and stop ↵Kostya Serebryany1-4/+37
minimization if another bug was found during minimization (https://github.com/google/oss-fuzz/issues/452) llvm-svn: 298755
2017-03-24[libFuzzer] honor -exact_artifact_path for all intermediate files during ↵Kostya Serebryany1-1/+3
crash minimization (https://github.com/google/oss-fuzz/issues/250) llvm-svn: 298740
2017-03-22[libFuzzer] add two experimental flags to make corpus merging more scalable: ↵Kostya Serebryany1-1/+3
-save_coverage_summary/-load_coverage_summary. This is still WIP, the documentation will come later if these flags survive llvm-svn: 298548
2017-03-17[libFuzzer] Experimenting with dictionary minimization.Kostya Serebryany1-0/+81
Summary: Tracking issue: https://github.com/google/oss-fuzz/issues/331 Reviewers: kcc Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D30940 llvm-svn: 298031
2017-03-14[libFuzzer] remove more stale codeKostya Serebryany1-8/+4
llvm-svn: 297785
2017-02-14Use "%zd" format specifier for printing number of testcases executed.Kostya Serebryany1-1/+1
Summary: This helps to avoid signed integer overflow after running a fast fuzz target for several hours, e.g.: <...> Done -1097903291 runs in 54001 second(s) Reviewers: kcc Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D29941 llvm-svn: 295112
2017-02-01[libFuzzer] increase the default size for shmemKostya Serebryany1-2/+2
llvm-svn: 293722
2017-01-21[libFuzzer] use print+exit(1) instead of assert to report an errorKostya Serebryany1-2/+4
llvm-svn: 292685
2017-01-20[libFuzzer] add an assert to protect against LLVMFuzzerInitialize changing ↵Kostya Serebryany1-0/+3
argv[0] llvm-svn: 292652
2017-01-20[libFuzzer] experimental support for 'equivalance fuzzing'Kostya Serebryany1-0/+26
llvm-svn: 292646
2017-01-19[libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't ↵Kostya Serebryany1-10/+11
special case 2-byte inputs llvm-svn: 292511
2017-01-18[libFuzzer] remove stale codeKostya Serebryany1-1/+0
llvm-svn: 292325
2017-01-05[libFuzzer] improve error handling during the merge (handle various IO failures)Kostya Serebryany1-0/+1
llvm-svn: 291182
2016-12-27[libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany1-0/+3
max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt) llvm-svn: 290637
2016-12-27[libFuzzer] fix UB and simplify the computation of the RNG seed ↵Kostya Serebryany1-2/+2
(https://llvm.org/bugs/show_bug.cgi?id=31456) llvm-svn: 290622
2016-12-19[libfuzzer] dump_coverage command line flagMike Aizatsky1-0/+1
Reviewers: kcc, vitalybuka Differential Revision: https://reviews.llvm.org/D27942 llvm-svn: 290138
2016-12-17Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 ↵Daniel Jasper1-3/+0
that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" This reverts commit r289998. See comment: https://reviews.llvm.org/rL289998 llvm-svn: 290043
2016-12-16[libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany1-0/+3
max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code llvm-svn: 289998
2016-12-15[libFuzzer] enable the failure-resistant merge by default (with ↵Kostya Serebryany1-11/+9
trace-pc-guard only) llvm-svn: 289772
2016-12-13[libFuzzer] Clean up headers and file formatting of LibFuzzer files.Marcos Pividori1-1/+0
Reorganize #includes to follow LLVM Coding Standards. Include some missing headers. Required to use `Printf()`. Aside from that, this patch contains no functional change. It is purely a re-organization. Differential Revision: https://reviews.llvm.org/D27363 llvm-svn: 289560
2016-12-13[libFuzzer] Properly use unsigned for workers, jobs and NumberOfCpuCores.Marcos Pividori1-8/+8
std::thread::hardware_concurrency() returns an unsigned, so I modify NumberOfCpuCores() to return unsigned too. The number of cpus is used to define the number of workers, so I decided to update the worker and jobs flags to be declared as unsigned too. Differential Revision: https://reviews.llvm.org/D27685 llvm-svn: 289559
2016-12-13[libFuzzer] Improve Signal Handler interface.Marcos Pividori1-10/+8
Add new flags to FuzzingOptions to represent the different conditions on the signal handling. These options are passed when calling SetSignalHandler(). This changes simplify the implementation of Windows's exception handling. Now we can define a unique handler for all the exceptions. Differential Revision: https://reviews.llvm.org/D27238 llvm-svn: 289557
2016-12-13[libFuzzer] don't require extra flags with -minimize_crash=1 (default to ↵Kostya Serebryany1-6/+12
-max_total_time=600). Also respect exact_artifact_path when outputting the end result llvm-svn: 289506
2016-12-09[libFuzzer] implement crash-resistant merge ↵Kostya Serebryany1-7/+12
(https://github.com/google/sanitizers/issues/722). This is a first experimental variant that needs some more testing, thus not yet adding a lit test (but there are unit tests). llvm-svn: 289166
2016-12-02Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner1-2/+1
This resubmits r288529, which was resubmitted because it broke a fuzzer bot. According to kcc@ the test that broke was flakey and it is unlikely to be a result of this patch. llvm-svn: 288549
2016-12-02Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner1-1/+2
This reverts commit r288529, as it seems to introduce some problems on the Linux bots. llvm-svn: 288533
2016-12-02[LibFuzzer] Split FuzzerUtil for Posix and Windows.Zachary Turner1-2/+1
Pave the way for separating out platform specific utility functions into separate files. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27234 llvm-svn: 288529
2016-11-30[LibFuzzer] Split up some functions among different headers.Zachary Turner1-0/+1
In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
2016-11-14[libFuzzer] replace 'auto' with 'auto *' to better follow the LLVM styleKostya Serebryany1-3/+3
llvm-svn: 286870
2016-11-12[libFuzzer] use a valid ASCII string for a dummy seed corpusKostya Serebryany1-1/+1
llvm-svn: 286702
2016-11-12[libFuzzer] use less stackKostya Serebryany1-16/+16
llvm-svn: 286689
2016-11-03[libFuzzer] fix -error_exitcode=N, now with a test Kostya Serebryany1-0/+1
llvm-svn: 285958
2016-10-18[libFuzzer] detect leaks after every run when executing fixed inputs ↵Kostya Serebryany1-0/+1
(./fuzzer -runs=1000000 my-file) llvm-svn: 284514
2016-10-15[libFuzzer] better algorithm for -minimize_crashKostya Serebryany1-1/+1
llvm-svn: 284299
2016-10-14[libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany1-0/+1
instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
2016-10-13[libFuzzer] add -trace_malloc= flagKostya Serebryany1-0/+1
llvm-svn: 284149
2016-10-08[libFuzzer] when shrinking the corpus, delete evicted files previously ↵Kostya Serebryany1-2/+3
created by the current process llvm-svn: 283682
2016-10-08[libFuzzer] control the reload interval by a flag, make it 10 seconds by defaultKostya Serebryany1-1/+1
llvm-svn: 283676
generated by cgit v1.1 at 2025-10-11 14:22:05 +0000