aboutsummaryrefslogtreecommitdiff
path: root/llvm/lib/Fuzzer/FuzzerMutate.cpp
AgeCommit message (Collapse)AuthorFilesLines
2017-10-16[libFuzzer] Delete llvm/lib/FuzzerVitaly Buka1-533/+0
Summary: Code is already in compiler-rt Reviewers: kcc Subscribers: krytarowski, llvm-commits, hiraditya Differential Revision: https://reviews.llvm.org/D38912 llvm-svn: 315937
2017-07-14[libFuzzer] remove stale code; NFCKostya Serebryany1-17/+0
llvm-svn: 307980
2017-07-14[libFuzzer] simplify the handling of memmem/strstrKostya Serebryany1-1/+5
llvm-svn: 307977
2017-06-06Sort the remaining #include lines in include/... and lib/....Chandler Carruth1-1/+1
I did this a long time ago with a janky python script, but now clang-format has built-in support for this. I fed clang-format every line with a #include and let it re-sort things according to the precise LLVM rules for include ordering baked into clang-format these days. I've reverted a number of files where the results of sorting includes isn't healthy. Either places where we have legacy code relying on particular include ordering (where possible, I'll fix these separately) or where we have particular formatting around #include lines that I didn't want to disturb in this patch. This patch is *entirely* mechanical. If you get merge conflicts or anything, just ignore the changes in this patch and run clang-format over your #include lines in the files. Sorry for any noise here, but it is important to keep these things stable. I was seeing an increasing number of patches with irrelevant re-ordering of #include lines because clang-format was used. This patch at least isolates that churn, makes it easy to skip when resolving conflicts, and gets us to a clean baseline (again). llvm-svn: 304787
2017-05-15[libFuzzer] fix a warning from Wunreachable-code-loop-increment reported by ↵Kostya Serebryany1-1/+1
Christian Holler. This also fixes a logical bug, which however does not affect the libFuzzer's ability too much (I wasn't able to create a differentiating test) llvm-svn: 303087
2017-05-10[libFuzzer] fix a compiler warningKostya Serebryany1-1/+2
llvm-svn: 302747
2017-03-31[libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while ↵Kostya Serebryany1-1/+1
calling mem*/str* inside libFuzzer itself llvm-svn: 299167
2017-03-15Revert "[libFuzzer] Use ChooseUnitIdxToMutate to pick item for crossover."Vitaly Buka1-1/+1
Fails LLVMFuzzer.LLVMFuzzer.value-profile-strncmp.test. This reverts commit r297891. llvm-svn: 297912
2017-03-15[libFuzzer] Use ChooseUnitIdxToMutate to pick item for crossover.Vitaly Buka1-1/+1
Differential Revision: https://reviews.llvm.org/D30683 llvm-svn: 297891
2017-03-07[fuzzer] Don't crash if LLVMFuzzerMutate was called by CustomCrossOverVitaly Buka1-2/+2
Reviewers: kcc Subscribers: llvm-commits, mgorny Differential Revision: https://reviews.llvm.org/D30682 llvm-svn: 297202
2017-02-07[libFuzzer] replace std::random_shuffle with std::shuffle as ↵Kostya Serebryany1-2/+1
std::random_shuffle is being deprecated in C++17. Also simplify fuzzer::Random. NFC llvm-svn: 294366
2017-02-06[libFuzzer] make code less clever to avoid fallthrough in switch (and in ↵Kostya Serebryany1-3/+3
turn avoid compiler warnings). NFC. Suggested by Christian Holler. llvm-svn: 294239
2017-01-23[libFuzzer] mutate empty input using the regular mutators (instead of a ↵Kostya Serebryany1-14/+5
custom dummy one). This way when we mutate an empty input there is a chance we will get a dictionary word llvm-svn: 292843
2017-01-19[libFuzzer] ensure that entries in PersistentAutoDictionary are not emptyKostya Serebryany1-0/+3
llvm-svn: 292520
2017-01-17[libFuzzer] use table of recent compares for memcmp/strcmp (to unify the ↵Kostya Serebryany1-13/+38
code between cmp and memcmp handling) llvm-svn: 292287
2016-12-27[libFuzzer] don't create large random mutations when given an empty seedKostya Serebryany1-1/+1
llvm-svn: 290634
2016-12-17Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 ↵Daniel Jasper1-0/+7
that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" This reverts commit r289998. See comment: https://reviews.llvm.org/rL289998 llvm-svn: 290043
2016-12-16[libFuzzer] add an experimental flag -experimental_len_control=1 that sets ↵Kostya Serebryany1-7/+0
max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code llvm-svn: 289998
2016-12-02Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner1-1/+1
This resubmits r288529, which was resubmitted because it broke a fuzzer bot. According to kcc@ the test that broke was flakey and it is unlikely to be a result of this patch. llvm-svn: 288549
2016-12-02Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows."Zachary Turner1-1/+1
This reverts commit r288529, as it seems to introduce some problems on the Linux bots. llvm-svn: 288533
2016-12-02[LibFuzzer] Split FuzzerUtil for Posix and Windows.Zachary Turner1-1/+1
Pave the way for separating out platform specific utility functions into separate files. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27234 llvm-svn: 288529
2016-11-30[LibFuzzer] Split up some functions among different headers.Zachary Turner1-2/+1
In an effort to get libfuzzer working on Windows, we need to make a distinction between what functions require platform specific code (e.g. different code on Windows vs Linux) and what code doesn't. IO functions, for example, tend to be platform specific. This patch separates out some of the functions which will need to have platform specific implementations into different headers, so that we can then provide different implementations for each platform. Aside from that, this patch contains no functional change. It is purely a re-organization. Patch by Marcos Pividori Differential Revision: https://reviews.llvm.org/D27230 llvm-svn: 288264
2016-10-25[libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the ↵Kostya Serebryany1-11/+3
desired bytes. Add another test for use_cmp llvm-svn: 285109
2016-10-25[libFuzzer] simplify the code for use_cmp, also use the position hint when ↵Kostya Serebryany1-18/+92
available, add a test llvm-svn: 285049
2016-10-22[libFuzzer] mutation: insert the size of the input in bytes as one of the ↵Kostya Serebryany1-9/+15
ways to mutate a binary integer llvm-svn: 284909
2016-10-15[libFuzzer] swap bytes in integers when handling CMP tracesKostya Serebryany1-5/+0
llvm-svn: 284301
2016-10-14[libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP ↵Kostya Serebryany1-3/+12
instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode llvm-svn: 284273
2016-09-22[libFuzzer] add 'features' to the corpus elements, allow mutations with Size ↵Kostya Serebryany1-5/+12
> MaxSize, fix sha1 in corpus stats; various refactorings llvm-svn: 282129
2016-09-21[libFuzzer] add stats to the corpus; more refactoringKostya Serebryany1-1/+0
llvm-svn: 282121
2016-09-21[libFuzzer] more refactoring; NFCKostya Serebryany1-1/+5
llvm-svn: 282047
2016-09-21[libFuzzer] refactoring: split the large header into many; NFCKostya Serebryany1-1/+5
llvm-svn: 282044
2016-08-19[libFuzzer] fix the non-debug build warningsKostya Serebryany1-1/+2
llvm-svn: 279321
2016-08-17[libFuzzer] given 0 and 255 more preference when inserting repeated bytesKostya Serebryany1-1/+2
llvm-svn: 278986
2016-08-17[libFuzzer] one more mutation: ChangeBinaryInteger; also fix the breakage ↵Kostya Serebryany1-1/+38
from r278970 llvm-svn: 278982
2016-08-17Replace a few more "fall through" comments with LLVM_FALLTHROUGHJustin Bogner1-1/+1
Follow up to r278902. I had missed "fall through", with a space. llvm-svn: 278970
2016-08-17[libFuzzer] more mutationsKostya Serebryany1-18/+69
llvm-svn: 278950
2016-08-15[libFuzzer] add InsertRepeatedBytes and EraseBytes.Kostya Serebryany1-7/+29
New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687
2016-07-15[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany1-3/+2
llvm-svn: 275648
2016-06-23[libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky1-1/+7
Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
2016-06-07[LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``Dan Liew1-4/+4
This fixes linking problems on OSX. Unfortunately it turns out we need to use an instance of the ``fuzzer::ExternalFunctions`` object in several places so this commit also replaces all instances with a single global instance. It also turns out initializing a global ``fuzzer::ExternalFunctions`` before main is entered (i.e. letting the object be initialised by the global initializers) is not safe (on OSX the call to ``Printf()`` in the CTOR crashes if it is called from a global initializer) so we instead have a global ``fuzzer::ExternalFunctions*`` and initialize it inside ``FuzzerDriver()``. Multiple unit tests depend also depend on the ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been added that initializes it before running any tests. Differential Revision: http://reviews.llvm.org/D20943 llvm-svn: 272072
2016-06-07[libfuzzer] custom crossover interface function.Mike Aizatsky1-0/+23
Differential Revision: http://reviews.llvm.org/D21089 llvm-svn: 272054
2016-06-03[libfuzzer] hiding custom mutator handling in MutationDispatcher.Mike Aizatsky1-19/+42
Summary: Refactoring, no functional changes. Differential Revision: http://reviews.llvm.org/D20975 llvm-svn: 271740
2016-02-13[libFuzzer] remove std::vector operations from hot paths, NFCKostya Serebryany1-1/+2
llvm-svn: 260829
2016-02-13[libFuzzer] don't require seed in fuzzer::Mutate, instead use the global ↵Kostya Serebryany1-6/+0
Fuzzer object for fuzzer::Mutate. This makes custom mutators fast llvm-svn: 260810
2016-02-13[libFuzzer] simplify CTOR of MutationDispatcherKostya Serebryany1-18/+18
llvm-svn: 260800
2016-02-13[libFuzzer] get rid of MutationDispatcher::Impl (simplify the code; NFC)Kostya Serebryany1-132/+37
llvm-svn: 260799
2016-02-13[libFuzzer] get rid of UserSuppliedFuzzer; NFCKostya Serebryany1-0/+7
llvm-svn: 260798
2016-02-13[libFuzzer] simplify the code around Random. NFCKostya Serebryany1-5/+5
llvm-svn: 260797
2016-01-22[libFuzzer] add more fields to DictionaryEntry to count the number of uses ↵Kostya Serebryany1-27/+50
and successes llvm-svn: 258589
2016-01-21[libFuzzer] don't use std::vector in one more hot pathKostya Serebryany1-6/+29
llvm-svn: 258380
generated by cgit v1.1 at 2025-10-19 06:07:00 +0000