summaryrefslogtreecommitdiff
path: root/lib/fuzzer/FuzzerLoop.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* [libFuzzer] Don't complain about lack of interesting inputs when -runs=0.Max Moroz2018-05-231-1/+1
| | | | | | | | | | | | | | | | | | | Summary: The most common usecase for -runs=0 is for generating code coverage over some corpus. Coverage reports based on sancov are about to be deprecated, which means some external coverage solution will be used, e.g. Clang source based code coverage, which does not use any sancov instrumentations and thus libFuzzer would consider any input to be not interesting in that case. Reviewers: kcc Reviewed By: kcc Subscribers: alex, delcypher, #sanitizers, llvm-commits Differential Revision: https://reviews.llvm.org/D47271 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@333116 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] reinstate -dump_coverage, which is still in use (reverts r332036)Kostya Serebryany2018-05-211-0/+2
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332876 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] add an experimental flag -focus_function: libFuzzer will try to ↵Kostya Serebryany2018-05-161-0/+8
| | | | | | focus on inputs that trigger that function git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332554 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] remove the dump_coverage flag, it hasn't been working with the ↵Kostya Serebryany2018-05-101-2/+0
| | | | | | inline sanitizer coverage anyway git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332036 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] remove the experimental support for clang coverage ↵Kostya Serebryany2018-05-101-1/+0
| | | | | | instrumentation. This mode has not been used and our experiments with https://github.com/google/fuzzer-test-suite show that this signal is weaker than the SanitizerCoverage git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332034 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Guard symbolization with try-lock.Matt Morehouse2018-05-081-12/+7
| | | | | | | | | | | | | | | | | | Summary: When out-of-memory or timeout occurs, threads can be stopped during symbolization, thereby causing a deadlock when the OOM/TO handlers attempt symbolization. We avoid this deadlock by skipping symbolization if another thread is symbolizing. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D46605 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@331825 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Don't short-circuit from CrashCallback.Matt Morehouse2018-05-021-3/+2
| | | | | | | | Short-circuiting causes tests to fail on Mac since libFuzzer crashes rather than exiting with an error code when an unexpected signal happens. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@331324 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Report at most one crash per input.Matt Morehouse2018-05-011-0/+12
| | | | | | | | | | | | | | | | | | Summary: Fixes https://github.com/google/sanitizers/issues/788/, a deadlock caused by multiple crashes happening at the same time. Before printing a crash report, we now test and set an atomic flag. If the flag was already set, the crash handler returns immediately. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, kubamracek Differential Revision: https://reviews.llvm.org/D46277 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@331310 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Include TEMP_MAX_LEN in Fuzzer::PrintStats.Matt Morehouse2018-02-221-4/+2
| | | | | | | | | | | | Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D43597 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@325817 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Set -experimental_len_control=1000 as default.Matt Morehouse2018-02-131-3/+3
| | | | | | | | | | | | | | | | | | | | Summary: Experiments using https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison show a significant increase in coverage and reduction in corpus size with this option enabled. Addresses https://llvm.org/pr36371. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D42932 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@325050 91177308-0d34-0410-b5e6-96231b3b80d8
* Reland "[libFuzzer] Support using libc++"Petr Hosek2018-01-171-2/+4
| | | | | | | | | | | | This is needed in case the users of libFuzzer use libc++ in their code, which the fuzz target (libFuzzer) will be linked against. When libc++ source is available, we build a private version of it and link it against libFuzzer which allows using the same static library against codebases which use both libc++ and libstdc++. Differential Revision: https://reviews.llvm.org/D37631 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@322755 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert "[libFuzzer] Support using libc++"Petr Hosek2018-01-171-4/+2
| | | | | | This reverts commit r322604: test is failing for standalone compiler-rt. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@322689 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Support using libc++Petr Hosek2018-01-171-2/+4
| | | | | | | | | | | | This is needed in case the users of libFuzzer use libc++ in their code, which the fuzz target (libFuzzer) will be linked against. When libc++ source is available, we build a private version of it and link it against libFuzzer which allows using the same static library against codebases which use both libc++ and libstdc++. Differential Revision: https://reviews.llvm.org/D37631 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@322604 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] change the strategy for -experimental_len_control to grow ↵Kostya Serebryany2017-12-121-8/+4
| | | | | | max_len slower git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320531 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] honor -use_counters, sligntly change the meaning of ↵Kostya Serebryany2017-12-081-4/+7
| | | | | | -experimental_len_control, call UpdateFeatureFrequency only if instructed by the flag git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320205 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] add a flag -malloc_limit_mbKostya Serebryany2017-12-011-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319590 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] remove stale flags; NFCKostya Serebryany2017-12-011-1/+0
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319572 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] add an experimental search heuristic flag -reduce_depthKostya Serebryany2017-12-011-3/+12
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319571 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Don't add leaking inputs to corpus.Matt Morehouse2017-11-091-2/+3
| | | | | | | | | | | | Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39850 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317831 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] handle SIGUSR1/SIGUSR2 and try to exit grafully on these signalsKostya Serebryany2017-11-091-0/+14
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317829 91177308-0d34-0410-b5e6-96231b3b80d8
* [fuzzer] Fix nested mallocsVitaly Buka2017-11-021-3/+26
| | | | | | | | | | | | Summary: Nested mallocs are possible with internal symbolizer. Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39397 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317186 91177308-0d34-0410-b5e6-96231b3b80d8
* [fuzzer] Fix threaded stack printingVitaly Buka2017-11-011-0/+5
| | | | | | | | | | Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39397 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317071 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert "[fuzzer] Fix threaded stack printing and nested mallocs"Vitaly Buka2017-11-011-19/+0
| | | | | | | | | | | Fails on darwin Revert "[fuzzer] Script to detect unbalanced allocation in -trace_malloc output" Needs previous one. This reverts commit r317034, r317036. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317061 91177308-0d34-0410-b5e6-96231b3b80d8
* [fuzzer] Fix threaded stack printing and nested mallocsVitaly Buka2017-10-311-0/+19
| | | | | | | | | | | | Summary: Nested mallocs are possible with internal symbolizer. Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39397 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317034 91177308-0d34-0410-b5e6-96231b3b80d8
* [Sanitizers-libFuzzer] Addressing coding style issues.Alex Shlyapnikov2017-10-231-37/+44
| | | | | | | | | | | | Summary: The result of clang-format and few manual changes (as prompted on D39155). Reviewers: vitalybuka Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39211 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@316395 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Periodically purge allocator's quarantine to prolong fuzzing ↵Alex Shlyapnikov2017-10-231-1/+22
| | | | | | | | | | | | | | | | | | | | | sessions. Summary: Fuzzing targets that allocate/deallocate a lot of memory tend to consume a lot of RSS when ASan quarantine is enabled. Purging quarantine between iterations and returning memory to OS keeps RSS down and should not reduce the quarantine effectiveness provided the fuzz target does not preserve state between iterations (in this case this feature can be turned off). Based on D39153. Reviewers: vitalybuka Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39155 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@316382 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] tweam use_feature_frequency to be less aggressive; run a dummy ↵Kostya Serebryany2017-10-131-3/+4
| | | | | | input before the seed corpus git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315657 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] experimental flag to tweak the corpus distribution. Seems to ↵Kostya Serebryany2017-10-111-0/+3
| | | | | | improve the situation dramatically on the png benchmark and make things worse on a number of micro-puzzles. Needs more A/B testing git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315407 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Disable experimental clang coverage support by default.Max Moroz2017-10-051-0/+1
| | | | | | | | | | | | | | | | | Summary: It can be enabled via "-use_clang_coverage=1" flag. Reason for disabling: libFuzzer resets Clang Counters and makes it impossible to generate coverage report for a regular fuzz target (i.e. not standalone build). Reviewers: kcc Reviewed By: kcc Subscribers: kcc Differential Revision: https://reviews.llvm.org/D38604 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@315029 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] factor out some code into GetSizedFilesFromDir; NFCKostya Serebryany2017-09-121-19/+14
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@313081 91177308-0d34-0410-b5e6-96231b3b80d8
* [libfuzzer] Compare TotalNumberOfRuns with MaxNumberOfRuns when testing a ↵Max Moroz2017-09-121-0/+2
| | | | | | | | | | | | | | | | | | | memory leak. Summary: Fuzzer::TryDetectingAMemoryLeak may call ExecuteCallback which would increment TotalNumberOfRuns, but it doesn't respect Options.MaxNumberOfRuns value specified by a user. Context: https://github.com/google/oss-fuzz/issues/822#issuecomment-328153970 Reviewers: kcc Reviewed By: kcc Differential Revision: https://reviews.llvm.org/D37632 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312993 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] tolerate missing files when loading the seed corpusKostya Serebryany2017-08-311-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312269 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFUzzer] change the way we load the seed corpora: instead of loading all ↵Kostya Serebryany2017-08-291-49/+58
| | | | | | files and these executing all files, load and execute them one-by-one. This should reduce the memory usage in many cases git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312033 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] refactoring: move reading the seed corpus closer to where it's ↵Kostya Serebryany2017-08-291-2/+29
| | | | | | consumed; NFC git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311972 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Use custom allocators for STL containers in libFuzzer.George Karpenkov2017-08-271-2/+2
| | | | | | | | Avoids ODR violations causing spurious ASAN warnings. Differential Revision: https://reviews.llvm.org/D37086 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311866 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert "[libFuzzer] Use custom allocators for STL containers in libFuzzer"George Karpenkov2017-08-261-1/+1
| | | | | | This reverts commit 3539efc2f2218dba2bcbd645d0fe276f2b5cf588. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311831 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Use custom allocators for STL containers in libFuzzerGeorge Karpenkov2017-08-261-1/+1
| | | | | | | | Avoids ODR violations causing spurious ASAN container overflow warnings. Differential Revision: https://reviews.llvm.org/D37086 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311830 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] add -print_funcs=1 (on bey default): print newly discovered ↵Kostya Serebryany2017-08-251-0/+1
| | | | | | functions during fuzzing git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311797 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] apply changes lost during the migration to compiler-rtKostya Serebryany2017-08-221-1/+2
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311420 91177308-0d34-0410-b5e6-96231b3b80d8
* Move libFuzzer to compiler_rt.George Karpenkov2017-08-211-0/+721
Resulting library binaries will be named libclang_rt.fuzzer*, and will be placed in Clang toolchain, allowing redistribution. Differential Revision: https://reviews.llvm.org/D36908 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@311407 91177308-0d34-0410-b5e6-96231b3b80d8
View Lorry Controller Status