6502/llvm-6502
1
0
Fork 0
mirror of https://github.com/c64scene-ar/llvm-6502.git synced 2025-10-30 16:17:05 +00:00
Code Issues Projects Releases Wiki Activity
119,311 Commits 39 Branches 0 Tags
dbbfabaf0188e826f43ebe363ca5b345e82bd32b
Commit Graph

34 Commits

Author SHA1 Message Date
Kostya Serebryany
63da212749 [lib/Fuzzer] make assertions more informative and update comments for the user-supplied mutator 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238658 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-30 17:33:13 +00:00
Kostya Serebryany
ea8a3963b4 [lib/Fuzzer] make the fuzzing timeout 1200 seconds by default (was: infinity) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238251 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-26 20:57:47 +00:00
Kostya Serebryany
f580f3683c [lib/Fuzzer] fix build with assertions 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238235 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-26 19:29:33 +00:00
Kostya Serebryany
d434a0a1b2 [lib/Fuzzer] fully get rid of std::cerr in libFuzzer 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238081 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-23 01:22:35 +00:00
Kostya Serebryany
464deacf05 [lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is unlikely to ever scale 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238063 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-22 22:47:03 +00:00
Kostya Serebryany
ebada2c2bc [lib/Fuzzer] extend the fuzzer interface to allow user-supplied mutators 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238059 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-22 22:35:31 +00:00
Kostya Serebryany
556425f9a9 [lib/Fuzzer] change the meaning of -timeout flag: now timeout is applied to every unit of work separately 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237735 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-19 22:12:57 +00:00
Kostya Serebryany
3b3cbed1b0 [lib/Fuzzer] more efficient reload logic; also don't spam git too much 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237649 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-19 01:06:07 +00:00
Kostya Serebryany
05ef67b6b9 [lib/Fuzzer] when -sync_command=<CMD> is given, periodically execute 'CMD CORPUS' to synchronize with other processes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237617 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-18 21:34:20 +00:00
Logan Chien
9380329c4e Code cleanup: Reindent Fuzzer::MutateAndTestOne. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237533 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-17 02:44:31 +00:00
Kostya Serebryany
051ef86497 [lib/Fuzzer] rename FuzzerDFSan.cpp to FuzzerTraceState.cpp; update comments. NFC expected 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237050 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-11 21:16:27 +00:00
Kostya Serebryany
8ae273d380 [lib/Fuzzer] use -fsanitize-coverage=trace-cmp when building LLVM with LLVM_USE_SANITIZE_COVERAGE; in lib/Fuzzer try to reload the corpus to pick up new units from other processes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236906 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-08 21:30:55 +00:00
Kostya Serebryany
6564ee8933 [lib/Fuzzer] change the way we use taint information for fuzzing. Now, we run a single unit and collect suggested mutations based on tracing+taint data, then apply the suggested mutations one by one. The previous scheme was slower and more complex. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236772 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-07 21:02:11 +00:00
Kostya Serebryany
46fa0aabcb [lib/Fuzzer] minor refactoring/simplification, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236757 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-07 18:32:29 +00:00
Kostya Serebryany
605f316258 [lib/Fuzzer] on crash print the contents of the crashy input as base64 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236548 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-05 21:59:51 +00:00
Kostya Serebryany
3399e1fd73 [fuzzer] Add support for token-based fuzzing (e.g. for C++). Allow string flags. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233745 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-31 20:13:20 +00:00
Kostya Serebryany
e6d25ad0e0 [fuzzer] when a single unit takes over 1 second to run and it is the slowest one so far, print it. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233637 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 23:04:35 +00:00
Kostya Serebryany
b0b7c53ee4 [fuzzer] print various stats in a unified way 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233624 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 22:44:03 +00:00
Kostya Serebryany
29c6bd6e4f DFSan-based fuzzer (proof of concept). 
Summary:
This adds a simple DFSan-based (i.e. taint-guided) fuzzer mutator,
see the comments for details.

Test Plan: a test added

Reviewers: samsonov, pcc

Reviewed By: samsonov, pcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D8669

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233613 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 22:09:51 +00:00
Kostya Serebryany
ae0620c4e9 [sanitizer/coverage] Add AFL-style coverage counters (search heuristic for fuzzing). 
Introduce -mllvm -sanitizer-coverage-8bit-counters=1
which adds imprecise thread-unfriendly 8-bit coverage counters.

The run-time library maps these 8-bit counters to 8-bit bitsets in the same way
AFL (http://lcamtuf.coredump.cx/afl/technical_details.txt) does:
counter values are divided into 8 ranges and based on the counter
value one of the bits in the bitset is set.
The AFL ranges are used here: 1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+.

These counters provide a search heuristic for single-threaded
coverage-guided fuzzers, we do not expect them to be useful for other purposes.

Depending on the value of -fsanitize-coverage=[123] flag,
these counters will be added to the function entry blocks (=1),
every basic block (=2), or every edge (=3).

Use these counters as an optional search heuristic in the Fuzzer library.
Add a test where this heuristic is critical.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@231166 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-03 23:27:02 +00:00
Kostya Serebryany
f7c1020041 [fuzzer] one more experimental search mode: -use_coverage_pairs=1 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@229957 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-20 03:02:37 +00:00
Kostya Serebryany
ce7a848558 [fuzzer] split main() into FuzzerDriver() that takes a callback as a parameter and a tiny main() in a separate file 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@229882 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-19 18:45:37 +00:00
Kostya Serebryany
5d85a10810 [fuzzer] add flag prefer_small_during_initial_shuffle, be a bit more verbose 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228235 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 23:42:42 +00:00
Kostya Serebryany
46c638cfc8 [fuzzer] add -runs=N to limit the number of runs per session. Also, make sure we do some mutations w/o cross over. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228214 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 22:20:09 +00:00
Kostya Serebryany
eb884daa38 [fuzzer] make multi-process execution more verbose; fix mutation to actually respect mutation depth and to never produce empty units 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228170 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 19:10:20 +00:00
Kostya Serebryany
8fa9947e4d [fuzzer]: fix exit code, add more diagnostics 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228103 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 01:22:57 +00:00
Kostya Serebryany
32a12b924e [fuzzer] update the include line to use the new header name 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228018 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-03 19:42:05 +00:00
Kostya Serebryany
4ac4c33f2d [fuzzer] add -use_full_coverage_set=1 which solves FullCoverageSetTest. This does not scale very well yet, but might be a good start. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227507 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 23:01:07 +00:00
Kostya Serebryany
c8f69d069e [fuzzer] minor cleanup based on reviews: remove redundant includes, fix a copy-pasto in tests 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227468 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 17:16:23 +00:00
Aaron Ballman
94879c0134 Reverting r227452, which adds back the fuzzer library. Now excluding the fuzzer library based on LLVM_USE_SANITIZE_COVERAGE being set or unset. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227464 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 16:58:29 +00:00
Aaron Ballman
f316f2ea52 Temporarily reverting the fuzzer library as it causes too many build issues for MSVC users. This reverts: 227445, 227395, 227389, 227357, 227254, 227252 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227452 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 15:49:22 +00:00
Kostya Serebryany
1f3043175c [fuzzer] add option -save_minimized_corpus 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227395 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-28 23:48:39 +00:00
Kostya Serebryany
408796c672 Add lit-style tests for the Fuzzer library 
Summary: Add test targets and the lit-style runner.

Test Plan: Run the tests on bot.

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7217

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227389 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-28 22:49:25 +00:00
Kostya Serebryany
c9baf3befb Add a Fuzzer library 
Summary:
A simple genetic in-process coverage-guided fuzz testing library.

I've used this fuzzer to test clang-format
(it found 12+ bugs, thanks djasper@ for the fixes!)
and it may also help us test other parts of LLVM.
So why not keep it in the LLVM repository?

I plan to add the cmake build rules later (in a separate patch, if that's ok)
and also add a clang-format-fuzzer target.

See README.txt for details.

Test Plan: Tests will follow separately.

Reviewers: djasper, chandlerc, rnk

Reviewed By: rnk

Subscribers: majnemer, ygribov, dblaikie, llvm-commits

Differential Revision: http://reviews.llvm.org/D7184

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227252 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-27 22:08:41 +00:00