summaryrefslogtreecommitdiff
path: root/lib/fuzzer/FuzzerLoop.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [libFuzzer] Fix Alarm callback in fuchsia.Jake Ehrlich2019-10-091-2/+2
| | | | | | | | | | | | | | | | This patch adds an #if macro to skip the InFuzzingThread() comparison for fuchsia, similar to what it is done for Windows and NetBSD. In fuchsia, the alarm callback runs in a separate thread[0], making it fail the comparison InFuzzingThread(), breaking the -timeout flag. [0]: https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp#L323 Author: charco (aka Marco Vanotti) Differential Revision: https://reviews.llvm.org/D68166 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@374228 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Remove lazy counters.Matt Morehouse2019-10-011-4/+0
| | | | | | | | | | | | | | | | Summary: Lazy counters haven't improved performance for large fuzz targets. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Tags: #llvm Differential Revision: https://reviews.llvm.org/D67476 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@373403 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Dump trace and provide correct msg for overwritten input.Mitch Phillips2019-09-271-1/+3
| | | | | | | | | | | | | | | | | | Summary: Now crashes with a stacktrace and uses 'overwrites-const-input' as the error message instead of 'out-of-memory'. Reviewers: morehouse, Dor1s Reviewed By: morehouse, Dor1s Subscribers: #sanitizers, llvm-commits, metzman, Dor1s Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D68067 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@373130 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] [NFC] Fix grammar error with "it's"Mitch Phillips2019-09-261-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@372937 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Merge: print feature coverage number as well.Max Moroz2019-08-121-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: feature coverage is a useful signal that is available during the merge process, but was not printed previously. Output example: ``` $ ./fuzzer -use_value_profile=1 -merge=1 new_corpus/ seed_corpus/ INFO: Seed: 1676551929 INFO: Loaded 1 modules (2380 inline 8-bit counters): 2380 [0x90d180, 0x90dacc), INFO: Loaded 1 PC tables (2380 PCs): 2380 [0x684018,0x68d4d8), MERGE-OUTER: 180 files, 78 in the initial corpus MERGE-OUTER: attempt 1 INFO: Seed: 1676574577 INFO: Loaded 1 modules (2380 inline 8-bit counters): 2380 [0x90d180, 0x90dacc), INFO: Loaded 1 PC tables (2380 PCs): 2380 [0x684018,0x68d4d8), INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes MERGE-INNER: using the control file '/tmp/libFuzzerTemp.111754.txt' MERGE-INNER: 180 total files; 0 processed earlier; will process 180 files now #1 pulse cov: 134 ft: 330 exec/s: 0 rss: 37Mb #2 pulse cov: 142 ft: 462 exec/s: 0 rss: 38Mb #4 pulse cov: 152 ft: 651 exec/s: 0 rss: 38Mb #8 pulse cov: 152 ft: 943 exec/s: 0 rss: 38Mb #16 pulse cov: 520 ft: 2783 exec/s: 0 rss: 39Mb #32 pulse cov: 552 ft: 3280 exec/s: 0 rss: 41Mb #64 pulse cov: 576 ft: 3641 exec/s: 0 rss: 50Mb #78 LOADED cov: 602 ft: 3936 exec/s: 0 rss: 88Mb #128 pulse cov: 611 ft: 3996 exec/s: 0 rss: 93Mb #180 DONE cov: 611 ft: 4016 exec/s: 0 rss: 155Mb MERGE-OUTER: succesfull in 1 attempt(s) MERGE-OUTER: the control file has 39741 bytes MERGE-OUTER: consumed 0Mb (37Mb rss) to parse the control file MERGE-OUTER: 9 new files with 80 new features added; 9 new coverage edges ``` Reviewers: hctim, morehouse Reviewed By: morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D66030 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@368617 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] implement a better queue for the fork mode. Add an internal flag ↵Kostya Serebryany2019-06-141-0/+3
| | | | | | -stop_file to allow graceful shutdown of fuzzing. Enhance the logging in the fork mode git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@363470 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] when using data-flow-trace (DFT) only load the DFT for the files ↵Kostya Serebryany2019-05-241-3/+4
| | | | | | present in the corpus git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@361579 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] code refactoring; NFCKostya Serebryany2019-05-101-26/+10
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360400 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Unpoison parameters before calling user callback.Matt Morehouse2019-05-091-1/+3
| | | | | | | | | | | | | | | | | | | | Summary: Fixes an MSan false positive when compiling with -fsanitize=memory,fuzzer. See https://github.com/google/oss-fuzz/issues/2369 for more details. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, metzman, eugenis Tags: #llvm Differential Revision: https://reviews.llvm.org/D61753 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360390 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] implement -focus_function=auto, to be used with Data Flow TracesKostya Serebryany2019-05-091-2/+3
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@360378 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Disable MSan interceptors in SIGINT handler.Matt Morehouse2019-04-261-1/+2
| | | | | | | | | | | | | | | | | | | | | | Summary: Avoids an MSan false positive if the SIGINT comes while the user callback is running. The false positive happens when the interrupt handler calls opendir() to remove some temporary files, which is intercepted by MSan. Fixes https://github.com/google/oss-fuzz/issues/2332. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, Dor1s, metzman Tags: #llvm Differential Revision: https://reviews.llvm.org/D61163 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@359254 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] speedup the merge step in the fork mode by merging only the ↵Kostya Serebryany2019-04-131-4/+3
| | | | | | files that have unique features. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@358320 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] add -features_dir= flag to dump unique input features on diskKostya Serebryany2019-04-131-2/+26
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@358317 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Fallback to default Mutate when MutateWithMask fails.Max Moroz2019-04-111-1/+3
| | | | | | | | | | | | | | | | | | | | | | Summary: In case the current corpus input doesn't have bytes going into the focus function, MutateWithMask is useless and may fail gently, allowing the default mutation routine happen, rather than crashing on an assertion. For more context and the initial fix suggestion, see: https://github.com/google/oss-fuzz/issues/1632#issuecomment-481862879 Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60567 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@358190 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] make len_control less agressive: set the initial max len to the ↵Kostya Serebryany2019-02-161-1/+5
| | | | | | length of the largest seed. This was the original intent, but... Now, with a test, to ensure it stays this way git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@354191 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] fork mode: try harder to cleanup after itselfKostya Serebryany2019-02-161-0/+2
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@354186 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] when doing the merge, keep track of the coveraged edges, not ↵Kostya Serebryany2019-02-141-3/+3
| | | | | | just features git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@354076 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] extend the -fork=1 functionality. Still not fully usable, but ↵Kostya Serebryany2019-02-121-2/+3
| | | | | | good enough for the first unit test git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@353775 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] more refactoring; change some of the exit codes (timeout, OOM, ↵Kostya Serebryany2019-02-091-3/+4
| | | | | | interrupt) so that the parent process can distinguish those git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@353584 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] introduce an experimental mode -fork=1, where fuzzing happens in ↵Kostya Serebryany2019-02-081-2/+2
| | | | | | a subprocess (still running multiple inputs per process), thus making the fuzzing more resilient to timeouts and OOMs. This is just a skeleton of the code, and some associated refactoring, not a fully working feature yet. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@353570 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] refactor the way we choose the element to cross-over with, NFC ↵Kostya Serebryany2019-02-081-5/+13
| | | | | | (expected1); add a flag -seed_inputs= to pass extra seed inputs as file paths, not dirs git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@353494 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] set libFuzzer's own SEGV handler even one is already present, ↵Kostya Serebryany2019-01-311-5/+4
| | | | | | but call that handler from ours (unless we are unprotecting lazy counters). Call ProtectLazyCounters later, so that it runs after the initialization code in the target. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@352713 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Set default sanitizer options in fuzzer testsJulian Lettner2019-01-311-2/+3
| | | | | | | | | | | | | | | | | | | | | Summary: Set default `ASAN_OPTIONS` when running libFuzzer tests. This allows us to remove special casing in code for Darwin where we usually pass `abort_on_error=0` to override platform defaults for tests. A previous commit changed the code to make the tests pass: https://github.com/llvm/llvm-project/commit/7764a04af007eca68eafcf5caaea560ed05e35a9 Adapted a few tests to use `%env_asan_opts=` instead of directly setting the environment variable. rdar://problem/47515276 Reviewers: kcc, george.karpenkov Differential Revision: https://reviews.llvm.org/D57465 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@352711 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] experimental performance optimization -lazy_counters, off by ↵Kostya Serebryany2019-01-311-0/+5
| | | | | | default. Posix-only for now, tested on Linux git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@352700 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] remove stale code, NFCKostya Serebryany2019-01-301-35/+0
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@352604 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] remove stale code Kostya Serebryany2019-01-291-2/+0
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@352571 91177308-0d34-0410-b5e6-96231b3b80d8
* Update the file headers across all of the LLVM projects in the monorepoChandler Carruth2019-01-191-4/+3
| | | | | | | | | | | | | | | | | to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@351636 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer][MSVC] Make attribute-use compatible with MSVCJonathan Metzman2019-01-171-2/+2
| | | | | | | | | | | | | | Summary: Replace attributes with macros that use equivalent declspecs for MSVC. Reviewers: vitalybuka Reviewed By: vitalybuka Differential Revision: https://reviews.llvm.org/D56512 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@351456 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Remove unstable edge handlingJonathan Metzman2019-01-151-38/+0
| | | | | | | | | | Summary: Remove code for handling unstable edges from libFuzzer since it has not been found useful. Differential Revision: https://reviews.llvm.org/D56730 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@351262 91177308-0d34-0410-b5e6-96231b3b80d8
* Follow Windows' approach for NetBSD in AlarmCallback()Kamil Rytarowski2018-11-061-1/+2
| | | | | | | | NetBSD's current behavior needs to ignore check for InFuzzingThread() in Fuzzer::AlarmCallback(). git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@346194 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Remove mutation stats and weighted mutation selection.Max Moroz2018-08-291-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: This was an experimental feature. After evaluating it with: 1) https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison 2) enabling on real world fuzz targets running at ClusterFuzz and OSS-Fuzz The following conclusions were made: 1) With fuzz targets that have reached a code coverage plateau, the feature does not improve libFuzzer's ability to discover new coverage and may actually negatively impact it. 2) With fuzz targets that have not yet reached a code coverage plateau, the feature might speed up new units discovery in some cases, but it is quite rare and hard to confirm with a high level on confidence. Revert of https://reviews.llvm.org/D48054 and https://reviews.llvm.org/D49621. Reviewers: metzman, morehouse Reviewed By: metzman, morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D51455 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@340976 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Optimize handle unstable checks by reducing iterationsMax Moroz2018-08-081-10/+5
| | | | | | | | | | | | | | | | | | Summary: We only run the 3rd check if 2nd check finds unstable edges. 3rd UpdateUnstableCounters is now merged with ApplyUnstableCounters to only run 1 iteration. Patch by Kyungtak Woo (@kevinwkt). Reviewers: Dor1s, metzman, morehouse Reviewed By: Dor1s, morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D50411 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@339249 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Initial implementation of weighted mutation leveraging during ↵Max Moroz2018-08-021-0/+4
| | | | | | | | | | | | | | | | | | | | | runtime. Summary: Added functions that calculate stats while fuzz targets are running and give mutations weight based on how much new coverage they provide, and choose better performing mutations more often. Patch by Kodé Williams (@kodewilliams). Reviewers: Dor1s, metzman, morehouse Reviewed By: Dor1s, morehouse Subscribers: delcypher, kcc, llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D49621 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@338776 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Handle unstable edges by disregarding unstable edgesMax Moroz2018-07-241-1/+2
| | | | | | | | | | | | | | | | | | | | Summary: Added a new mode within flag -handle_unstable for new unstable handling algorithm that does the following: When an edge is shown as unstable, copy to UnstableCounters the value 0. During ApplyUnstableCounters we copy back the value 0 to ModuleInline8bitCounters if the edge was unstable. This way we would be ignoring completely features that were collected through non-determinism. Unstable hits would be counted as if it never hit. Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, morehouse Subscribers: delcypher, llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D49684 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337853 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Handle unstable edges by using minimum hit countsMax Moroz2018-07-231-7/+18
| | | | | | | | | | | | | | | | | | | | | | | | Summary: Created unstable_handle flag that takes 1 or 2, depending on the handling type. Modified RunOne to accommodate the following heuristic: Use the first CollectFeatures to count how many features there are. If no new features, CollectFeatures like before. If there is new feature, we run CB 2 more times, Check which edges are unstable per input and we store the least amount of hit counts for each edge. Apply these hit counts back to inline8bitcounters so that CollectFeatures can work as intended. Modified UnstableCounters to 8int_t and created a bitset UnstableSet to tell which edges are unstable. Patch by Kyungtak Woo (@kevinwkt). Reviewers: Dor1s, metzman, morehouse Reviewed By: Dor1s, morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D49525 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337696 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] first experimental attempt at DFT-based mutations ↵Kostya Serebryany2018-07-191-3/+7
| | | | | | (DFT=data-flow-trace) git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337434 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Mutation tracking and logging implemented.Max Moroz2018-07-171-0/+1
| | | | | | | | | | | | | | | | | | | Summary: Code now exists to track number of mutations that are used in fuzzing in total and ones that produce new coverage. The stats are currently being dumped to the command line. Patch by Kodé Williams (@kodewilliams). Reviewers: metzman, Dor1s, morehouse, kcc Reviewed By: Dor1s, morehouse, kcc Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny Differential Revision: https://reviews.llvm.org/D48054 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337324 91177308-0d34-0410-b5e6-96231b3b80d8
* libFuzzer: prevent irrelevant strings from leaking into auto-dictionaryMatt Morehouse2018-07-171-6/+8
| | | | | | | | | | | | | | | | This is a fix for bug 37047. https://bugs.llvm.org/show_bug.cgi?id=37047 Implemented by basically reversing the logic. Previously all strings were considered, with some operations excluded. Now strings are excluded by default, and only strings during the CB considered. Patch By: pdknsk Differential Revision: https://reviews.llvm.org/D48800 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337296 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert r337194 (https://reviews.llvm.org/D48891) due to compilation errors.Max Moroz2018-07-161-2/+0
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337206 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Mutation tracking and logging implemented.Max Moroz2018-07-161-0/+2
| | | | | | | | | | | | | | | | | | | Summary: Code now exists to track number of mutations that are used in fuzzing in total and ones that produce new coverage. The stats are currently being dumped to the command line. Patch by Kodé Williams (@kodewilliams). Reviewers: metzman, Dor1s, morehouse, kcc Reviewed By: Dor1s, morehouse, kcc Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny Differential Revision: https://reviews.llvm.org/D48054 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337194 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Implement stat::stability_rate based on the percentage of ↵Max Moroz2018-07-161-0/+31
| | | | | | | | | | | | | | | | | | | | | unstable edges. Summary: Created a -print_unstable_stats flag. When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array. On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does. Patch by Kyungtak Woo (@kevinwkt). Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, Dor1s, morehouse Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s Differential Revision: https://reviews.llvm.org/D49212 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337187 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert r337175 (https://reviews.llvm.org/D49212) due to unintentional format ↵Max Moroz2018-07-161-32/+1
| | | | | | changes. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337180 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Implement stat::stability_rate based on the percentage of ↵Max Moroz2018-07-161-1/+32
| | | | | | | | | | | | | | | | | | | | | unstable edges. Summary: Created a -print_unstable_stats flag. When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array. On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does. Patch by Kyungtak Woo (@kevinwkt). Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, Dor1s, morehouse Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s Differential Revision: https://reviews.llvm.org/D49212 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337175 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Make -fsanitize=memory,fuzzer work.Matt Morehouse2018-07-091-10/+16
| | | | | | | | | | | This patch allows libFuzzer to fuzz applications instrumented with MSan without recompiling libFuzzer with MSan instrumentation. Fixes https://github.com/google/sanitizers/issues/958. Differential Revision: https://reviews.llvm.org/D48891 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336619 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert "[libFuzzer] Mutation tracking and logging implemented"Matt Morehouse2018-07-091-2/+0
| | | | | | This reverts r336597 due to bot breakage. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336616 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] Mutation tracking and logging implementedMatt Morehouse2018-07-091-0/+2
| | | | | | | | | | | | Code now exists to track number of mutations that are used in fuzzing in total and ones that produce new coverage. The stats are currently being dumped to the command line. Patch By: Kode Williams Differntial Revision: https://reviews.llvm.org/D48054 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336597 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] add one more value profile metric, under a flag (experimental)Kostya Serebryany2018-07-031-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336234 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] make the corpus elements aware of their data flow tracesKostya Serebryany2018-06-071-1/+6
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334158 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] remove an experimental flag -use_feature_frequencyKostya Serebryany2018-06-061-4/+0
| | | | git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334146 91177308-0d34-0410-b5e6-96231b3b80d8
* [libFuzzer] initial implementation of -data_flow_trace. It parses the data ↵Kostya Serebryany2018-06-061-0/+1
| | | | | | flow trace and prints the summary, but doesn't use the information in any other way yet git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334058 91177308-0d34-0410-b5e6-96231b3b80d8
View Lorry Controller Status