Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / 3b428cb76472b0c4706e9075f5977233a79a3786 / llvm / lib / Fuzzer / FuzzerTraceState.cpp
  1. b5e9849 [libFuzzer] don't do expensive memmem if the result will not be used by Kostya Serebryany · 10 years ago
  2. 476f0ce [libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path by Kostya Serebryany · 10 years ago
  3. ae5b956 [libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) by Kostya Serebryany · 10 years ago
  4. 98abb2c [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations by Kostya Serebryany · 10 years ago
  5. d50a3ee [libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) by Kostya Serebryany · 10 years ago
  6. 4b83a4f [libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS by Kostya Serebryany · 10 years ago
  7. 4174005 [libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries by Kostya Serebryany · 10 years ago
  8. 859e86d [libFuzzer] add various debug prints. Also don't mutate based on a cmp trace like (a eq a) or (a neq a) by Kostya Serebryany · 10 years ago
  9. e358095 [libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive the result of the computations. With that, don't do any mutations if memcmp/etc returned 0 by Kostya Serebryany · 10 years ago
  10. 1f9c40d [libFuzzer] debug prints in tracing by Kostya Serebryany · 10 years ago
  11. b65805a [libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary by Kostya Serebryany · 10 years ago
  12. c573316 [libFuzzer] don't limit memcmp tracing with 8 bytes by Kostya Serebryany · 10 years ago
  13. e7583d2 [libFuzzer] refactor the way we collect cmp traces (don't use std::vector, don't limit with 8 bytes) by Kostya Serebryany · 10 years ago
  14. 226b734 [libFuzzer] make trace-based fuzzing not crash in presence of threads by Kostya Serebryany · 10 years ago
  15. 4d62322 [libFuzzer] remove default initializer as a workaround for https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399. Don't need it anyway. by Kostya Serebryany · 10 years ago
  16. 3287d7a [libFuzzer] Marking exported symbols as visible. Patch by Mike Aizatsky by Kostya Serebryany · 10 years ago
  17. 65f5086 [libFuzzer] refactor the code to allow building libFuzzer on platforms that don't have dfsan and don't support weak functions by Kostya Serebryany · 10 years ago
  18. 4b82de2 [libFuzzer] remove a piece of stale code by Kostya Serebryany · 10 years ago
  19. e641dd6 [libFuzzer] more accurate logic for traces, 80-char fix by Kostya Serebryany · 10 years ago
  20. 12c7837 [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the trace-based-mutations are applied by Kostya Serebryany · 10 years ago
  21. d46369d [libFuzzer] avoid build warnings in non-assert build (useful warning in this case) by Kostya Serebryany · 10 years ago
  22. 4cc10d4 [libFuzzer] in dfsan mode, set labels every time we start recording traces as opposed to doing it at process startup. This ensures that the labels are fresh. by Kostya Serebryany · 10 years ago
  23. 7f4227d [libFuzzer] use data-flow feedback from strcmp by Kostya Serebryany · 10 years ago
  24. 8ce7424 [libFuzzer] start refactoring the Mutator and adding tests to it by Kostya Serebryany · 10 years ago
  25. fe7e41e [libFuzzer] make sure that 2-byte arguments of switch() are handled properly by Kostya Serebryany · 10 years ago
  26. 73932e5 [libFuzzer] record traces from the switch statements only when told to do so by Kostya Serebryany · 10 years ago
  27. cd6a466 [libFuzzer] support switch interception in dfsan mode by Kostya Serebryany · 10 years ago
  28. fb7d8d9 [libFuzzer] trace switch statements and apply mutations based on the expected case values by Kostya Serebryany · 10 years ago
  29. c9dc96b [libFuzzer] fix the strncmp interceptor -- it should respect short strings. by Kostya Serebryany · 10 years ago
  30. b74ba42 [libFuzzer] implement strncmp hook for data-flow-guided fuzzing (w/ and w/o dfsan), add a test by Kostya Serebryany · 10 years ago
  31. 0e776a2 [libFuzzer] implement memcmp hook for data-flow-guided fuzzing (w/o dfsan), extend the memcmp fuzzer test by Kostya Serebryany · 10 years ago
  32. ae7df1c [libFuzzer] ensure that the dfsan tracing hooks actually run (using -verbosity=3 in tests) by Kostya Serebryany · 10 years ago
  33. 3595959 [libFuzzer] when using cmp traces, first check that the CMP is evaluated to one value much more frequently than to the other value (heuristic) by Kostya Serebryany · 10 years ago
  34. 404c69f [libFuzzer] allow users to supply their own implementation of rand by Kostya Serebryany · 10 years ago
  35. 3fe7682 [lib/Fuzzer] relax an assertion by Kostya Serebryany · 10 years ago
  36. 7c180ea [lib/Fuzzer] fully get rid of std::cerr in libFuzzer by Kostya Serebryany · 10 years ago
  37. 20e9bcb [lib/Fuzzer] start getting rid of std::cerr. Sadly, these parts of C++ library used in libFuzzer badly interract with the same code used in the target function and also with dfsan. It's easier to just not use std::cerr than to defeat these issues. by Kostya Serebryany · 10 years ago
  38. d8c5472 [lib/Fuzzer] remove the -dfsan=1 flag, just use -use_traces=1 (w/ or w/o dfsan) by Kostya Serebryany · 10 years ago
  39. 8817e86 [lib/Fuzzer] don't record traces when trace collection is off by Kostya Serebryany · 10 years ago
  40. 2252625 [lib/Fuzzer] rename FuzzerDFSan.cpp to FuzzerTraceState.cpp; update comments. NFC expected by Kostya Serebryany · 10 years ago[Renamed (82%) from llvm/lib/Fuzzer/FuzzerDFSan.cpp]
  41. 5a99ecb [lib/Fuzzer] add a trace-based mutatation logic. Same idea as with DFSan-based mutator, but instead of relying on taint tracking, try to find the data directly in the input. More (logic and comments) to go. by Kostya Serebryany · 10 years ago
  42. 21a3381 Update CMake flags, LibFuzzer comments and docs for new -fsanitize-coverage= flags. by Alexey Samsonov · 10 years ago
  43. beb24c3 [lib/Fuzzer] change the way we use taint information for fuzzing. Now, we run a single unit and collect suggested mutations based on tracing+taint data, then apply the suggested mutations one by one. The previous scheme was slower and more complex. by Kostya Serebryany · 10 years ago
  44. 7d470cf [lib/Fuzzer] minor refactoring/simplification, NFC by Kostya Serebryany · 10 years ago
  45. a407dde [lib/Fuzzer] add dfsan_weak_hook_memcmp, enable the test that uses it, simplify the test runner by Kostya Serebryany · 10 years ago
  46. 3befe94 [lib/Fuzzer] remove dfsan_fuzzer_abi.list -- its contents are now moved to dfsan proper by Kostya Serebryany · 10 years ago
  47. 16d03bd DFSan-based fuzzer (proof of concept). by Kostya Serebryany · 11 years ago