6502/llvm-6502
1
0
Fork 0
mirror of https://github.com/c64scene-ar/llvm-6502.git synced 2025-02-24 12:29:33 +00:00
Code Issues Projects Releases Wiki Activity
119,335 Commits 39 Branches 0 Tags
Commit Graph

17 Commits

Author SHA1 Message Date
Kostya Serebryany
4ea4cb3197 [lib/Fuzzer] start getting rid of std::cerr. Sadly, these parts of C++ library used in libFuzzer badly interract with the same code used in the target function and also with dfsan. It's easier to just not use std::cerr than to defeat these issues. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238078 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-23 01:07:46 +00:00
Kostya Serebryany
464deacf05 [lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is unlikely to ever scale 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238063 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-22 22:47:03 +00:00
Kostya Serebryany
ebada2c2bc [lib/Fuzzer] extend the fuzzer interface to allow user-supplied mutators 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238059 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-22 22:35:31 +00:00
Kostya Serebryany
c9389db422 [lib/Fuzzer] ignore flags that start with --; use git pull --rebase instead of just git pull 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237950 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-21 20:39:13 +00:00
Kostya Serebryany
556425f9a9 [lib/Fuzzer] change the meaning of -timeout flag: now timeout is applied to every unit of work separately 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237735 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-19 22:12:57 +00:00
Kostya Serebryany
05ef67b6b9 [lib/Fuzzer] when -sync_command=<CMD> is given, periodically execute 'CMD CORPUS' to synchronize with other processes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237617 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-18 21:34:20 +00:00
Kostya Serebryany
eaba2dd2f1 [lib/Fuzzer] guess the right number of workers if -jobs=N is given but -workers=M is not. Update the docs. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237163 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 18:51:57 +00:00
Kostya Serebryany
de65922947 [lib/Fuzzer] remove the -dfsan=1 flag, just use -use_traces=1 (w/ or w/o dfsan) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237083 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 01:58:34 +00:00
Kostya Serebryany
772410aef6 [lib/Fuzzer] detach the pulse thread instad of joining it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237082 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 01:43:20 +00:00
Kostya Serebryany
1d4481df82 [lib/Fuzzer] when running multiple fuzzing processes, print something every 10 minutes to avoid buildbot timeouts 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237054 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-11 21:31:51 +00:00
Kostya Serebryany
0cdb698aae [lib/Fuzzer] add a trace-based mutatation logic. Same idea as with DFSan-based mutator, but instead of relying on taint tracking, try to find the data directly in the input. More (logic and comments) to go. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237043 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-11 20:51:19 +00:00
Kostya Serebryany
8ae273d380 [lib/Fuzzer] use -fsanitize-coverage=trace-cmp when building LLVM with LLVM_USE_SANITIZE_COVERAGE; in lib/Fuzzer try to reload the corpus to pick up new units from other processes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236906 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-08 21:30:55 +00:00
Kostya Serebryany
3399e1fd73 [fuzzer] Add support for token-based fuzzing (e.g. for C++). Allow string flags. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233745 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-31 20:13:20 +00:00
Kostya Serebryany
29c6bd6e4f DFSan-based fuzzer (proof of concept). 
Summary:
This adds a simple DFSan-based (i.e. taint-guided) fuzzer mutator,
see the comments for details.

Test Plan: a test added

Reviewers: samsonov, pcc

Reviewed By: samsonov, pcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D8669

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233613 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 22:09:51 +00:00
Kostya Serebryany
ae0620c4e9 [sanitizer/coverage] Add AFL-style coverage counters (search heuristic for fuzzing). 
Introduce -mllvm -sanitizer-coverage-8bit-counters=1
which adds imprecise thread-unfriendly 8-bit coverage counters.

The run-time library maps these 8-bit counters to 8-bit bitsets in the same way
AFL (http://lcamtuf.coredump.cx/afl/technical_details.txt) does:
counter values are divided into 8 ranges and based on the counter
value one of the bits in the bitset is set.
The AFL ranges are used here: 1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+.

These counters provide a search heuristic for single-threaded
coverage-guided fuzzers, we do not expect them to be useful for other purposes.

Depending on the value of -fsanitize-coverage=[123] flag,
these counters will be added to the function entry blocks (=1),
every basic block (=2), or every edge (=3).

Use these counters as an optional search heuristic in the Fuzzer library.
Add a test where this heuristic is critical.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@231166 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-03 23:27:02 +00:00
Kostya Serebryany
f7c1020041 [fuzzer] one more experimental search mode: -use_coverage_pairs=1 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@229957 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-20 03:02:37 +00:00
Kostya Serebryany
ce7a848558 [fuzzer] split main() into FuzzerDriver() that takes a callback as a parameter and a tiny main() in a separate file 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@229882 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-19 18:45:37 +00:00