aboutsummaryrefslogtreecommitdiff
path: root/llvm/lib/Fuzzer/FuzzerLoop.cpp
AgeCommit message (Collapse)AuthorFilesLines
2016-09-10[libFuzzer] print a failed-merge warning only in the merge modeKostya Serebryany1-0/+1
llvm-svn: 281130
2016-09-10[libFuzzer] print a visible message if merge fails due to a crash Kostya Serebryany1-0/+16
llvm-svn: 281122
2016-09-09[libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itselfKostya Serebryany1-5/+17
llvm-svn: 281016
2016-09-09[libFuzzer] remove unneeded callKostya Serebryany1-8/+0
llvm-svn: 281014
2016-08-30[libfuzzer] simplified unit truncation; do not write trunc items to discMike Aizatsky1-29/+11
Differential Revision: https://reviews.llvm.org/D24049 llvm-svn: 280153
2016-08-25[libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more ↵Kostya Serebryany1-7/+17
useful: print PCs only after the initial corpus has been read and symbolize them llvm-svn: 279787
2016-08-25[libFuzzer] simplify the code, NFCKostya Serebryany1-87/+72
llvm-svn: 279697
2016-08-17[libFuzzer] when printing the reproducer input, also print the base input ↵Kostya Serebryany1-0/+3
and the mutation sequence llvm-svn: 278975
2016-08-16[libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany1-2/+11
affect control flow and treats new values as new coverage. llvm-svn: 278839
2016-08-16[libFuzzer] refactoring around PCMap, NFCKostya Serebryany1-8/+7
llvm-svn: 278825
2016-08-06[libFuzzer] make libFuzzer work with a bit older clang versionsKostya Serebryany1-8/+10
llvm-svn: 277941
2016-08-06[libFuzzer] don't print bogus error messageKostya Serebryany1-2/+3
llvm-svn: 277940
2016-08-05[sanitizers] trace buffer API to use user-allocated buffer.Mike Aizatsky1-23/+44
Differential Revision: https://reviews.llvm.org/D23185 llvm-svn: 277859
2016-06-23[libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky1-7/+3
Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
2016-06-16[libFuzzer] use the new chainable malloc hooks instead of the old ↵Kostya Serebryany1-32/+24
un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable llvm-svn: 272948
2016-06-08[libFuzzer] add 'weak' back to __sanitizer_malloc_hook and __sanitizer_free_hookKostya Serebryany1-0/+2
llvm-svn: 272116
2016-06-08[libFuzzer] add a test that is built w/o coverage instrumentation but has ↵Kostya Serebryany1-0/+5
the coverage rt (it should now fail with a descriptive message) llvm-svn: 272090
2016-06-07[LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew1-50/+28
This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
2016-06-07[libfuzzer] prune_corpus option for disabling pruning during the load.Mike Aizatsky1-1/+2
Summary: The option is very useful for testing, plus I intend to measure its effect on fuzzer effectiveness. Differential Revision: http://reviews.llvm.org/D21084 llvm-svn: 272035
2016-06-03[libfuzzer] hiding custom mutator handling in MutationDispatcher.Mike Aizatsky1-6/+2
Summary: Refactoring, no functional changes. Differential Revision: http://reviews.llvm.org/D20975 llvm-svn: 271740
2016-06-02[LibFuzzer] Reimplement how the optional user functions are called.Dan Liew1-6/+3
The motivation for this change is to fix linking issues on OSX. However this only partially fixes linking issues (the uninstrumented tests and a few others won't succesfully link yet). This change introduces a struct of function pointers (``fuzzer::ExternalFuntions``) which when initialised will point to the optional functions if they are available. Currently these ``LLVMFuzzerInitialize`` and ``LLVMFuzzerCustomMutator`` functions. Two implementations of ``fuzzer::ExternalFunctions`` constructor are provided one for Linux and one for OSX. The OSX implementation uses ``dlsym()`` because the prior implementation using weak symbols does not work unless the additional flags are passed to the linker. The Linux implementation continues to use weak symbols because the ``dlsym()`` approach does not work unless additional flags are passed to the linker. Differential Revision: http://reviews.llvm.org/D20741 llvm-svn: 271491
2016-06-02[libFuzzer] use __sanitizer_print_memory_profile to print the memory profile ↵Kostya Serebryany1-1/+4
on OOM llvm-svn: 271465
2016-05-29[libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL ↵Kostya Serebryany1-1/+1
caused a push_back in the main corpus invalidating the vector<> iterators in rare cases. llvm-svn: 271186
2016-05-28[libFuzzer] fix a failure that occurs when running individual inputsKostya Serebryany1-0/+1
llvm-svn: 271095
2016-05-27[libFuzzer] make OOM-handling more portable. Instead of sending a signal to ↵Kostya Serebryany1-43/+19
the main fuzzing thread, print the message in the getrusage thread and exit. llvm-svn: 270945
2016-05-27[libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid ↵Kostya Serebryany1-12/+20
pointer to read from llvm-svn: 270942
2016-05-26[libFuzzer] more refactoring around CurrentUnit. Also add a threading test ↵Kostya Serebryany1-18/+34
on which we currently have a race (when reporting bugs from multiple threads) llvm-svn: 270929
2016-05-26[libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFCKostya Serebryany1-0/+3
llvm-svn: 270922
2016-05-26[libFuzzer] when there is a leak in the existing corpus report the ↵Kostya Serebryany1-20/+9
reproducer properly llvm-svn: 270905
2016-05-26[libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in ↵Kostya Serebryany1-5/+6
function declarations. Add a test for -only_ascii. NFC intended llvm-svn: 270900
2016-05-25[libFuzzer] print stats if we crash on empty inputKostya Serebryany1-3/+4
llvm-svn: 270639
2016-05-24[libfuzzer] Trying random unit prefixes during corpus load.Mike Aizatsky1-0/+43
Differential Revision: http://reviews.llvm.org/D20301 llvm-svn: 270632
2016-05-19[LibFuzzer]Dan Liew1-2/+12
Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX. Under Mac OSX we intercept calls to malloc before thread local storage is initialised leading to a crash when accessing ``AllocTracer``. To workaround this ``AllocTracer`` is only accessed in the hook under Linux. For symmetry ``__sanitizer_free_hook()`` is also modified in the same way. To support this change a set of new macros LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be used to check the target being compiled for. Differential Revision: http://reviews.llvm.org/D20402 llvm-svn: 270145
2016-05-13[libFuzzer] do the merge faster and a bit less preciseKostya Serebryany1-1/+2
llvm-svn: 269497
2016-05-13[libFuzzer] simplify FuzzerInterface.hKostya Serebryany1-5/+8
llvm-svn: 269448
2016-05-10[libfuzzer] Refactoring coverage state-management code.Mike Aizatsky1-71/+111
It is now less state-dependent and will allow easier comparing of coverages of different units. Differential Revision: http://reviews.llvm.org/D20085 llvm-svn: 269140
2016-05-06[libFuzzer] enhance -rss_limit_mb and enable by default. Now it will print ↵Kostya Serebryany1-9/+21
the OOM reproducer. llvm-svn: 268821
2016-05-06[libFuzzer] add exeprimental -rss_limit_mb flag to fight against OOMsKostya Serebryany1-0/+11
llvm-svn: 268807
2016-04-27[libFuzzer] disable leak detection if we have tried it for 1000 times w/o ↵Kostya Serebryany1-0/+9
finding a leak llvm-svn: 267770
2016-04-25[libFuzzer] remove dead codeKostya Serebryany1-4/+2
llvm-svn: 267455
2016-04-20[libFuzzer] added -detect_leaks flag (0 by default for now). When enabled, ↵Kostya Serebryany1-1/+74
it will help finding leaks while fuzzing llvm-svn: 266838
2016-04-18[libFuzzer] try to print correct time in seconds when reporting a timeout. ↵Kostya Serebryany1-3/+3
Don't report timeouts while still loading the corpus. llvm-svn: 266693
2016-04-08[libfuzzer] defensive assertMike Aizatsky1-1/+2
llvm-svn: 265866
2016-03-24[libFuzzer] don't report memory leaks if we are dying due to a timeout (just ↵Kostya Serebryany1-1/+1
use _Exit instead of exit in the timeout callback) llvm-svn: 264237
2016-03-18[Fuzzer] Guard no_sanitize_memory attributes behind __has_feature.Benjamin Kramer1-2/+10
Otherwise GCC fails to build it because it doesn't know the attribute. llvm-svn: 263787
2016-03-18[libFuzzer] improve -merge functionalityKostya Serebryany1-51/+75
llvm-svn: 263769
2016-03-17[libFuzzer] deprecate several flagsKostya Serebryany1-12/+0
llvm-svn: 263739
2016-03-17[libFuzzer] add __attribute__((no_sanitize_memory)) to two functions that ↵Kostya Serebryany1-0/+2
may be called from signal handler(s) or from msan. This will hopefully avoid msan false reports which I can't reproduce llvm-svn: 263737
2016-03-12[libFuzzer] try to use max_len based on the items of the corpus instead of ↵Kostya Serebryany1-7/+23
blindly defaulting to 64 bytes. llvm-svn: 263323
2016-03-03[libFuzzer] when interrupted, call _Exit() instead of exit()Kostya Serebryany1-1/+1
llvm-svn: 262667
generated by cgit v1.1 at 2025-10-15 13:08:51 +0000