aboutsummaryrefslogtreecommitdiff
path: root/llvm/lib/Fuzzer/FuzzerTraceState.cpp
AgeCommit message (Collapse)AuthorFilesLines
2016-09-09[libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly ↵Kostya Serebryany1-46/+9
better llvm-svn: 281007
2016-08-30[libFuzzer] stop using bits for memcmp's value profile -- seems to blow up ↵Kostya Serebryany1-6/+6
the corpus too much llvm-svn: 280096
2016-08-30[libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the ↵Kostya Serebryany1-10/+18
fuzzer reaches the goal much faster, at least on the simple puzzles llvm-svn: 280054
2016-08-30[libFuzzer] use trace-div and trace-gep for guided fuzzing, add testsKostya Serebryany1-0/+21
llvm-svn: 280046
2016-08-24[libFuzzer] use __attribute__((target("popcnt"))) only on x86_64Kostya Serebryany1-1/+1
llvm-svn: 279601
2016-08-23[libFuzzer] collect 64 states for value profile, not 65Kostya Serebryany1-1/+5
llvm-svn: 279588
2016-08-18[sanitizer-coverage/libFuzzer] instrument comparisons with ↵Kostya Serebryany1-3/+48
__sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer llvm-svn: 279027
2016-08-17[libFuzzer] force proper popcnt instructionKostya Serebryany1-0/+1
llvm-svn: 279002
2016-08-16[libFuzzer] new experimental feature: value profiling. Profiles values that ↵Kostya Serebryany1-5/+65
affect control flow and treats new values as new coverage. llvm-svn: 278839
2016-07-19[libFuzzer] properly intercept memmemKostya Serebryany1-1/+10
llvm-svn: 276006
2016-07-15[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmpKostya Serebryany1-1/+38
llvm-svn: 275648
2016-06-23[libfuzzer] moving is_ascii handler inside mutation dispatcher.Mike Aizatsky1-4/+5
Summary: It also fixes a bug, when first random might not be ascii. Differential Revision: http://reviews.llvm.org/D21573 llvm-svn: 273611
2016-05-27Fix compilation with GCC, which treats this as a constructor name not a typeRichard Smith1-1/+1
name. (GCC is correct here per the latest language DRs.) llvm-svn: 271044
2016-05-26[libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFCKostya Serebryany1-28/+24
llvm-svn: 270922
2016-05-26[libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in ↵Kostya Serebryany1-2/+2
function declarations. Add a test for -only_ascii. NFC intended llvm-svn: 270900
2016-03-12[libFuzzer] try to use max_len based on the items of the corpus instead of ↵Kostya Serebryany1-10/+13
blindly defaulting to 64 bytes. llvm-svn: 263323
2016-03-02libfuzzer: fix compiler warningsDmitry Vyukov1-1/+1
- unused sigaction/setitimer result (used in assert) - unchecked fscanf return value - signed/unsigned comparison llvm-svn: 262472
2016-02-13[libFuzzer] get rid of UserSuppliedFuzzer; NFCKostya Serebryany1-7/+7
llvm-svn: 260798
2016-02-02[libFuzzer] don't create too many trace-based mutations as it may be too slowKostya Serebryany1-2/+18
llvm-svn: 259600
2016-01-22[libFuzzer] don't do expensive memmem if the result will not be usedKostya Serebryany1-0/+2
llvm-svn: 258462
2016-01-16[libFuzzer] replace vector with a simpler data structure in the Dictionaries ↵Kostya Serebryany1-15/+8
to avoid memory allocations on hot path llvm-svn: 257985
2016-01-15[libFuzzer] do mutations based on memcmp/strcmp interceptors under a ↵Kostya Serebryany1-18/+25
separate flag (-use_memcmp, default=1) llvm-svn: 257873
2016-01-13[libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra ↵Kostya Serebryany1-17/+19
allocations llvm-svn: 257713
2016-01-13[libFuzzer] make sure we find buffer overflow in the input buffer. ↵Kostya Serebryany1-12/+15
Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) llvm-svn: 257701
2016-01-12[libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKSKostya Serebryany1-0/+8
llvm-svn: 257482
2016-01-12[libFuzzer] when a new unit is discovered using a dictionary, print all used ↵Kostya Serebryany1-22/+3
dictionary entries llvm-svn: 257435
2016-01-12[libFuzzer] add various debug prints. Also don't mutate based on a cmp trace ↵Kostya Serebryany1-5/+28
like (a eq a) or (a neq a) llvm-svn: 257434
2016-01-12[libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive ↵Kostya Serebryany1-3/+6
the result of the computations. With that, don't do any mutations if memcmp/etc returned 0 llvm-svn: 257423
2016-01-09[libFuzzer] debug prints in tracingKostya Serebryany1-2/+27
llvm-svn: 257249
2016-01-09[libFuzzer] change the way trace-based mutations are applied. Instead of a ↵Kostya Serebryany1-30/+15
custom code just rely on the automatically created dictionary llvm-svn: 257248
2016-01-09[libFuzzer] don't limit memcmp tracing with 8 bytesKostya Serebryany1-38/+76
llvm-svn: 257245
2016-01-09[libFuzzer] refactor the way we collect cmp traces (don't use std::vector, ↵Kostya Serebryany1-22/+35
don't limit with 8 bytes) llvm-svn: 257239
2016-01-06[libFuzzer] make trace-based fuzzing not crash in presence of threadsKostya Serebryany1-6/+15
llvm-svn: 256876
2015-11-18[libFuzzer] remove default initializer as a workaround for ↵Kostya Serebryany1-1/+1
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399. Don't need it anyway. llvm-svn: 253419
2015-09-30[libFuzzer] Marking exported symbols as visible. Patch by Mike AizatskyKostya Serebryany1-1/+2
llvm-svn: 248954
2015-09-10[libFuzzer] refactor the code to allow building libFuzzer on platforms that ↵Kostya Serebryany1-17/+14
don't have dfsan and don't support weak functions llvm-svn: 247321
2015-09-08[libFuzzer] remove a piece of stale codeKostya Serebryany1-41/+1
llvm-svn: 247067
2015-09-04[libFuzzer] more accurate logic for traces, 80-char fixKostya Serebryany1-6/+5
llvm-svn: 246888
2015-08-12[libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the ↵Kostya Serebryany1-2/+1
trace-based-mutations are applied llvm-svn: 244712
2015-08-05[libFuzzer] avoid build warnings in non-assert build (useful warning in this ↵Kostya Serebryany1-1/+4
case) llvm-svn: 244177
2015-08-05[libFuzzer] in dfsan mode, set labels every time we start recording traces ↵Kostya Serebryany1-1/+3
as opposed to doing it at process startup. This ensures that the labels are fresh. llvm-svn: 244165
2015-08-05[libFuzzer] use data-flow feedback from strcmpKostya Serebryany1-2/+36
llvm-svn: 244084
2015-08-01[libFuzzer] start refactoring the Mutator and adding tests to itKostya Serebryany1-1/+1
llvm-svn: 243817
2015-07-31[libFuzzer] make sure that 2-byte arguments of switch() are handled properlyKostya Serebryany1-10/+30
llvm-svn: 243781
2015-07-31[libFuzzer] record traces from the switch statements only when told to do soKostya Serebryany1-0/+1
llvm-svn: 243768
2015-07-31[libFuzzer] support switch interception in dfsan modeKostya Serebryany1-2/+34
llvm-svn: 243760
2015-07-31[libFuzzer] trace switch statements and apply mutations based on the ↵Kostya Serebryany1-0/+17
expected case values llvm-svn: 243726
2015-07-30[libFuzzer] fix the strncmp interceptor -- it should respect short strings. Kostya Serebryany1-2/+26
llvm-svn: 243691
2015-07-30[libFuzzer] implement strncmp hook for data-flow-guided fuzzing (w/ and w/o ↵Kostya Serebryany1-2/+14
dfsan), add a test llvm-svn: 243611
2015-07-30[libFuzzer] implement memcmp hook for data-flow-guided fuzzing (w/o dfsan), ↵Kostya Serebryany1-0/+12
extend the memcmp fuzzer test llvm-svn: 243603
generated by cgit v1.1 at 2025-10-14 02:33:34 +0000