6502/llvm-6502
1
0
Fork 0
mirror of https://github.com/c64scene-ar/llvm-6502.git synced 2024-07-21 18:29:45 +00:00
Code Issues Projects Releases Wiki Activity
117,171 Commits 39 Branches 0 Tags 277 MiB
a036cd4093
Commit Graph

52 Commits

Author SHA1 Message Date
Kostya Serebryany
a5a1b190d8 [lib/Fuzzer] A simple script to synchronise a fuzz test corpus with an external git repository. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237208 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 23:19:12 +00:00
Kostya Serebryany
b8a0c0ecb3 [lib/Fuzzer] use sha1sum for the file hash 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237198 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 22:03:34 +00:00
Kostya Serebryany
eaba2dd2f1 [lib/Fuzzer] guess the right number of workers if -jobs=N is given but -workers=M is not. Update the docs. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237163 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 18:51:57 +00:00
Kostya Serebryany
de65922947 [lib/Fuzzer] remove the -dfsan=1 flag, just use -use_traces=1 (w/ or w/o dfsan) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237083 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 01:58:34 +00:00
Kostya Serebryany
772410aef6 [lib/Fuzzer] detach the pulse thread instad of joining it 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237082 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-12 01:43:20 +00:00
Kostya Serebryany
66c6a4c240 [lib/Fuzzer] don't record traces when trace collection is off 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237067 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-11 23:25:28 +00:00
Kostya Serebryany
1d4481df82 [lib/Fuzzer] when running multiple fuzzing processes, print something every 10 minutes to avoid buildbot timeouts 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237054 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-11 21:31:51 +00:00
Kostya Serebryany
051ef86497 [lib/Fuzzer] rename FuzzerDFSan.cpp to FuzzerTraceState.cpp; update comments. NFC expected 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237050 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-11 21:16:27 +00:00
Kostya Serebryany
0cdb698aae [lib/Fuzzer] add a trace-based mutatation logic. Same idea as with DFSan-based mutator, but instead of relying on taint tracking, try to find the data directly in the input. More (logic and comments) to go. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@237043 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-11 20:51:19 +00:00
Kostya Serebryany
5ba2a0b8b0 [lib/Fuzzer] build tests that work well with dfsan also w/o dfsan 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236909 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-08 21:45:19 +00:00
Kostya Serebryany
8ae273d380 [lib/Fuzzer] use -fsanitize-coverage=trace-cmp when building LLVM with LLVM_USE_SANITIZE_COVERAGE; in lib/Fuzzer try to reload the corpus to pick up new units from other processes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236906 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-08 21:30:55 +00:00
Alexey Samsonov
8227e6a8b4 Update CMake flags, LibFuzzer comments and docs for new -fsanitize-coverage= flags. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236797 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-07 23:33:24 +00:00
Kostya Serebryany
6564ee8933 [lib/Fuzzer] change the way we use taint information for fuzzing. Now, we run a single unit and collect suggested mutations based on tracing+taint data, then apply the suggested mutations one by one. The previous scheme was slower and more complex. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236772 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-07 21:02:11 +00:00
Kostya Serebryany
46fa0aabcb [lib/Fuzzer] minor refactoring/simplification, NFC 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236757 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-07 18:32:29 +00:00
Kostya Serebryany
49204878d7 [lib/Fuzzer] add dfsan_weak_hook_memcmp, enable the test that uses it, simplify the test runner 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236683 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-07 00:11:33 +00:00
Kostya Serebryany
8434a039e2 [lib/Fuzzer] remove dfsan_fuzzer_abi.list -- its contents are now moved to dfsan proper 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236659 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-06 22:47:24 +00:00
Kostya Serebryany
b350776f03 [lib/Fuzzer] add a fuzzer test for memcmp (does not work yet) 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236656 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-06 22:36:00 +00:00
Kostya Serebryany
b6ca45c39f [lib/Fuzzer] rename TestOneInput to LLVMFuzzerTestOneInput to make it more unique 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236652 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-06 22:19:00 +00:00
Kostya Serebryany
605f316258 [lib/Fuzzer] on crash print the contents of the crashy input as base64 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236548 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-05 21:59:51 +00:00
Kostya Serebryany
3784f79d64 [lib/Fuzzer] use handle_abort=1 by default so that when assert() fires we save the test case 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236476 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-05-05 01:42:55 +00:00
Aaron Ballman
1f1fecb823 Removing a spurious space; NFC. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@234168 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-04-06 16:09:13 +00:00
Kostya Serebryany
01055ec7e3 [fuzzer] document the -tokens flag. Also change the diagnostic output 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233842 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-04-01 21:33:20 +00:00
Kostya Serebryany
3399e1fd73 [fuzzer] Add support for token-based fuzzing (e.g. for C++). Allow string flags. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233745 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-31 20:13:20 +00:00
Kostya Serebryany
3506457311 Move lib/Fuzzer docs from a README.txt to a proper .rst file. 
Summary:
Move lib/Fuzzer docs from a README.txt to a proper .rst file.
This change does not add any content, just formatting.

Test Plan: n/a

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D8710

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233638 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 23:05:30 +00:00
Kostya Serebryany
e6d25ad0e0 [fuzzer] when a single unit takes over 1 second to run and it is the slowest one so far, print it. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233637 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 23:04:35 +00:00
Kostya Serebryany
b0b7c53ee4 [fuzzer] print various stats in a unified way 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233624 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 22:44:03 +00:00
Kostya Serebryany
29c6bd6e4f DFSan-based fuzzer (proof of concept). 
Summary:
This adds a simple DFSan-based (i.e. taint-guided) fuzzer mutator,
see the comments for details.

Test Plan: a test added

Reviewers: samsonov, pcc

Reviewed By: samsonov, pcc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D8669

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233613 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-30 22:09:51 +00:00
Kostya Serebryany
ae0620c4e9 [sanitizer/coverage] Add AFL-style coverage counters (search heuristic for fuzzing). 
Introduce -mllvm -sanitizer-coverage-8bit-counters=1
which adds imprecise thread-unfriendly 8-bit coverage counters.

The run-time library maps these 8-bit counters to 8-bit bitsets in the same way
AFL (http://lcamtuf.coredump.cx/afl/technical_details.txt) does:
counter values are divided into 8 ranges and based on the counter
value one of the bits in the bitset is set.
The AFL ranges are used here: 1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+.

These counters provide a search heuristic for single-threaded
coverage-guided fuzzers, we do not expect them to be useful for other purposes.

Depending on the value of -fsanitize-coverage=[123] flag,
these counters will be added to the function entry blocks (=1),
every basic block (=2), or every edge (=3).

Use these counters as an optional search heuristic in the Fuzzer library.
Add a test where this heuristic is critical.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@231166 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-03-03 23:27:02 +00:00
Kostya Serebryany
f7c1020041 [fuzzer] one more experimental search mode: -use_coverage_pairs=1 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@229957 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-20 03:02:37 +00:00
Kostya Serebryany
ce7a848558 [fuzzer] split main() into FuzzerDriver() that takes a callback as a parameter and a tiny main() in a separate file 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@229882 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-19 18:45:37 +00:00
Kostya Serebryany
0b1ec08b77 [fuzzer] properly annotate fallthrough, add one more entry to FAQ 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@229880 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-19 18:21:12 +00:00
Kostya Serebryany
9b13b8c338 [fuzzer] move default sanitizer options to a separate file 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228429 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-06 19:52:07 +00:00
Kostya Serebryany
5d85a10810 [fuzzer] add flag prefer_small_during_initial_shuffle, be a bit more verbose 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228235 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 23:42:42 +00:00
Kostya Serebryany
46c638cfc8 [fuzzer] add -runs=N to limit the number of runs per session. Also, make sure we do some mutations w/o cross over. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228214 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 22:20:09 +00:00
Kostya Serebryany
eb884daa38 [fuzzer] make multi-process execution more verbose; fix mutation to actually respect mutation depth and to never produce empty units 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228170 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 19:10:20 +00:00
Kostya Serebryany
8fa9947e4d [fuzzer]: fix exit code, add more diagnostics 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228103 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-04 01:22:57 +00:00
Kostya Serebryany
04e540582b [fuzzer] Add proper dependensices to the fuzzer tests 
Summary: Make sure that FileCheck is built when running check-fuzzer

Test Plan:
run on bot:
lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7387

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228045 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-03 21:57:32 +00:00
Kostya Serebryany
32a12b924e [fuzzer] update the include line to use the new header name 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228018 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-02-03 19:42:05 +00:00
Kostya Serebryany
a1667be228 [fuzzer] add flags to run fuzzer in multiple parallel processes 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227664 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-31 01:14:40 +00:00
Kostya Serebryany
05efde62f5 [fuzzer] Add a gtest-style test 
Summary: Add one gtest-style test.

Test Plan: run on bot

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7287

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227639 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-30 23:26:57 +00:00
Kostya Serebryany
4ac4c33f2d [fuzzer] add -use_full_coverage_set=1 which solves FullCoverageSetTest. This does not scale very well yet, but might be a good start. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227507 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 23:01:07 +00:00
Kostya Serebryany
df31d7bea7 [fuzzer] fix warning in a test 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227478 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 18:13:36 +00:00
Kostya Serebryany
c8f69d069e [fuzzer] minor cleanup based on reviews: remove redundant includes, fix a copy-pasto in tests 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227468 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 17:16:23 +00:00
Kostya Serebryany
a51685f651 [fuzzer] add FAQ section to the README.txt 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227466 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 17:11:30 +00:00
Aaron Ballman
94879c0134 Reverting r227452, which adds back the fuzzer library. Now excluding the fuzzer library based on LLVM_USE_SANITIZE_COVERAGE being set or unset. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227464 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 16:58:29 +00:00
Aaron Ballman
f316f2ea52 Temporarily reverting the fuzzer library as it causes too many build issues for MSVC users. This reverts: 227445, 227395, 227389, 227357, 227254, 227252 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227452 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 15:49:22 +00:00
Aaron Ballman
c77764d5a4 Adding missing #includes to try to get this to compile on Windows with Visual Studio. 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227445 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-29 15:19:13 +00:00
Kostya Serebryany
1f3043175c [fuzzer] add option -save_minimized_corpus 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227395 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-28 23:48:39 +00:00
Kostya Serebryany
408796c672 Add lit-style tests for the Fuzzer library 
Summary: Add test targets and the lit-style runner.

Test Plan: Run the tests on bot.

Reviewers: samsonov

Reviewed By: samsonov

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D7217

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227389 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-28 22:49:25 +00:00
Kostya Serebryany
b0f9090173 [fuzzer] instructions for building/running clang-format-fuzzer 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@227357 91177308-0d34-0410-b5e6-96231b3b80d8
 2015-01-28 19:51:58 +00:00