aboutsummaryrefslogtreecommitdiff
path: root/llvm/lib/Fuzzer/FuzzerLoop.cpp
AgeCommit message (Collapse)AuthorFilesLines
2016-04-08[libfuzzer] defensive assertMike Aizatsky1-1/+2
llvm-svn: 265866
2016-03-24[libFuzzer] don't report memory leaks if we are dying due to a timeout (just ↵Kostya Serebryany1-1/+1
use _Exit instead of exit in the timeout callback) llvm-svn: 264237
2016-03-18[Fuzzer] Guard no_sanitize_memory attributes behind __has_feature.Benjamin Kramer1-2/+10
Otherwise GCC fails to build it because it doesn't know the attribute. llvm-svn: 263787
2016-03-18[libFuzzer] improve -merge functionalityKostya Serebryany1-51/+75
llvm-svn: 263769
2016-03-17[libFuzzer] deprecate several flagsKostya Serebryany1-12/+0
llvm-svn: 263739
2016-03-17[libFuzzer] add __attribute__((no_sanitize_memory)) to two functions that ↵Kostya Serebryany1-0/+2
may be called from signal handler(s) or from msan. This will hopefully avoid msan false reports which I can't reproduce llvm-svn: 263737
2016-03-12[libFuzzer] try to use max_len based on the items of the corpus instead of ↵Kostya Serebryany1-7/+23
blindly defaulting to 64 bytes. llvm-svn: 263323
2016-03-03[libFuzzer] when interrupted, call _Exit() instead of exit()Kostya Serebryany1-1/+1
llvm-svn: 262667
2016-03-01[libFuzzer] deprecate exit_on_first flagKostya Serebryany1-2/+0
llvm-svn: 262417
2016-03-01[libFuzzer] add generic signal handlers so that libFuzzer can report at ↵Kostya Serebryany1-12/+38
least something if ASan is not handlig the signals for us. Remove abort_on_timeout flag. llvm-svn: 262415
2016-02-26[libFuzzer] add -print_final_stats=1 flagKostya Serebryany1-3/+14
llvm-svn: 262084
2016-02-26[libFuzzer] initial implementation of path coverage based on ↵Kostya Serebryany1-0/+8
-fsanitize-coverage=trace-pc. This does not scale well yet, but already cracks FullCoverageSetTest in seconds llvm-svn: 262073
2016-02-18[libFuzzer] only read MaxLen bytes from every file in the corpus to speedup ↵Kostya Serebryany1-3/+3
loading the corpus llvm-svn: 261267
2016-02-17[libFuzzer] don't timeout when loading the corpus. Be a bit more verbose ↵Kostya Serebryany1-0/+2
when loading large corpus. llvm-svn: 261143
2016-02-13[libFuzzer] remove std::vector operations from hot paths, NFCKostya Serebryany1-23/+24
llvm-svn: 260829
2016-02-13[libFuzzer] don't require seed in fuzzer::Mutate, instead use the global ↵Kostya Serebryany1-0/+5
Fuzzer object for fuzzer::Mutate. This makes custom mutators fast llvm-svn: 260810
2016-02-13[libFuzzer] get rid of UserSuppliedFuzzer; NFCKostya Serebryany1-13/+14
llvm-svn: 260798
2016-02-13[libFuzzer] provide a plain C interface for custom mutators (experimental)Kostya Serebryany1-1/+10
llvm-svn: 260794
2016-02-04[libFuzzer] don't write the test unit when a leak is detected (since we ↵Kostya Serebryany1-0/+1
don't know which unit causes the leak) llvm-svn: 259731
2016-01-29[libFuzzer] add -timeout_exitcode optionKostya Serebryany1-1/+1
llvm-svn: 259265
2016-01-23[libFuzzer] add -abort_on_timeout optionKostya Serebryany1-0/+2
llvm-svn: 258631
2016-01-22Use std::piecewise_constant_distribution instead of ad-hoc binary search.Ivan Krasin1-35/+45
Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: this is the second attempt (prev: r258473). Now, libc++ build is fixed. Reviewers: aizatsky, kcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D16487 llvm-svn: 258571
2016-01-22Revert r258473 as it's breaking the build with libc++Ivan Krasin1-18/+15
Reviewers: kcc Differential Revision: http://reviews.llvm.org/D16441 llvm-svn: 258479
2016-01-22Use std::piecewise_constant_distribution instead of ad-hoc binary search.Ivan Krasin1-15/+18
Summary: Fix the issue with the most recently discovered unit receiving much less attention. Note: I had to change the seed for one test to make it pass. Alternatively, the number of runs could be increased. I believe that the average time of 'foo' discovery is not increased, just seed=1 was particularly convenient for the previous PRNG scheme used. Reviewers: aizatsky, kcc Subscribers: llvm-commits, kcc Differential Revision: http://reviews.llvm.org/D16419 llvm-svn: 258473
2016-01-21[libfuzzer] use %p for printing addressesMike Aizatsky1-1/+1
llvm-svn: 258370
2016-01-16[libFuzzer] move some code from public interface header to a non-public ↵Kostya Serebryany1-1/+1
header. NFC llvm-svn: 257963
2016-01-14[libFuzzer] suggest a dictionary to the user of some of the trace-based ↵Kostya Serebryany1-2/+4
dictionary entries were successful llvm-svn: 257736
2016-01-13[libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra ↵Kostya Serebryany1-22/+18
allocations llvm-svn: 257713
2016-01-13[libFuzzer] make sure we find buffer overflow in the input buffer. ↵Kostya Serebryany1-5/+8
Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) llvm-svn: 257701
2016-01-13[libFuzzer] make sure to update CurrentUnit when drillingKostya Serebryany1-1/+4
llvm-svn: 257560
2016-01-09[libFuzzer] change the way trace-based mutations are applied. Instead of a ↵Kostya Serebryany1-15/+3
custom code just rely on the automatically created dictionary llvm-svn: 257248
2016-01-06[libfuzzer] print_new_cov_pcs experimental option.Mike Aizatsky1-1/+17
Differential Revision: http://reviews.llvm.org/D15901 llvm-svn: 256882
2015-12-19[libFuzzer] make CrossOver just one of the other mutationsKostya Serebryany1-29/+18
llvm-svn: 256081
2015-12-19[libFuzzer] print successfull mutations sequencesKostya Serebryany1-6/+3
llvm-svn: 256071
2015-12-05[libFuzzer] don't reload the corpus more than once every secondKostya Serebryany1-1/+6
llvm-svn: 254824
2015-12-04[libFuzzer] compute base64 in-process instead of using an external lib. ↵Kostya Serebryany1-4/+2
Since libFuzzer should not depend on anything, just re-implement base64 encoder. PR25746 llvm-svn: 254784
2015-12-02Libfuzzer: do not pass null into user functionMike Aizatsky1-1/+5
Differential Revision: http://reviews.llvm.org/D15098 llvm-svn: 254558
2015-11-25[libFuzzer] add a flag -exact_artifact_pathKostya Serebryany1-0/+2
llvm-svn: 254100
2015-11-13[libFuzzer] make libFuzzer build even with a compiler that does not have ↵Kostya Serebryany1-2/+7
sanitizer headers llvm-svn: 253003
2015-11-12output_csv libfuzzer optionMike Aizatsky1-8/+22
Summary: The option outputs statistics in CSV format preceded by 1 header line. This is intended for machine processing of the output. -verbosity=0 should likely be set. Differential Revision: http://reviews.llvm.org/D14600 llvm-svn: 252856
2015-11-12[libFuzzer] experimental flag -drill (another search heuristic; Mike ↵Kostya Serebryany1-9/+61
Aizatsky's idea) llvm-svn: 252838
2015-11-09[libFuzzer] make libFuzzer link if there is no sanitizer coverage ↵Kostya Serebryany1-0/+23
instrumentation (it will fail at start-up time) llvm-svn: 252533
2015-11-05[libFuzzer] print a bit fewer linesKostya Serebryany1-1/+3
llvm-svn: 252123
2015-11-04[libFuzzer] when choosing the next unit to mutate, give some preference to ↵Kostya Serebryany1-26/+45
the most recent units (they are more likely to be interesting) llvm-svn: 252097
2015-10-24[libFuzzer] add -merge flag to merge corporaKostya Serebryany1-0/+32
llvm-svn: 251168
2015-10-23[libFuzzer] remove some old code; also make ↵Kostya Serebryany1-0/+3
__sanitizer_get_total_unique_caller_callee_pairs weak so that newer libFuzzer works with older asan llvm-svn: 251133
2015-10-22[libFuzzer] use the indirect caller-callee counter as an independent search ↵Kostya Serebryany1-1/+14
heuristic llvm-svn: 251078
2015-10-22[libFuzzer] more refactoring the code that checks the coverage. NFCKostya Serebryany1-7/+8
llvm-svn: 251075
2015-10-22[libFuzzer] refactoring the code that checks the coverage. NFCKostya Serebryany1-29/+35
llvm-svn: 251074
2015-10-22[libFuzzer] remove the deprecated 'tokens' featureKostya Serebryany1-32/+7
llvm-svn: 251069
generated by cgit v1.1 at 2025-10-18 12:06:37 +0000