Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / c20b3383b78473fdfb958ebfe15227bded79ba78 / llvm / lib / Fuzzer / FuzzerLoop.cpp
  1. d01e956 [libFuzzer] when adding a reduced input print REDUCED instead of NEW by Kostya Serebryany · 8 years ago
  2. f1b5c64 [libFuzzer] improve -reduce_inputs=1: now only consider the unique features of very input (seems to work much better) by Kostya Serebryany · 8 years ago
  3. f64b848 [libFuzzer] simplify the handling of memmem/strstr by Kostya Serebryany · 8 years ago
  4. 1ca7388 [libFuzzer] experimental feature -reduce_inputs (off by default) that tries to replace elements in the corpus with smaller ones that have the same feature set. Still needs tuning by Kostya Serebryany · 8 years ago
  5. 398b414 [libFuzzer] remove include <sanitizer/coverage_interface.h>, not needed any more by Kostya Serebryany · 8 years ago
  6. 1e99d54 [libFuzzer] refactoring in preparation for -reduce_inputs; NFC intended by Kostya Serebryany · 8 years ago
  7. 589eae5 [libFuzzer] change the default max_len from 64 to 4096. This will affect cases where libFuzzer is run w/o initial corpus or with a corpus of very small items. by Kostya Serebryany · 8 years ago
  8. 6bda14b Sort the remaining #include lines in include/... and lib/.... by Chandler Carruth · 8 years ago
  9. fe4ed9b [libFuzzer] make sure the input data is not overwritten in the fuzz target (if it is -- report an error) by Kostya Serebryany · 8 years ago
  10. bec6371 [libFuzzer] exit without running atexit handlers in libfuzzer's crash handler by Vitaly Buka · 9 years ago
  11. a9e6cb8 [libFuzzer] remove -output_csv option. It duplicates the default output and got out of sync by Kostya Serebryany · 9 years ago
  12. a617e16 [libFuzzer] simplify the code a bit by Kostya Serebryany · 9 years ago
  13. 6d54125 [libFuzzer] call __sanitizer_print_memory_profile with two params by Kostya Serebryany · 9 years ago
  14. 7024043 [libFuzzer] remove even more stale code by Kostya Serebryany · 9 years ago
  15. 862a845 [libFuzzer] simplify code a bit by Kostya Serebryany · 9 years ago
  16. f81cc09 [libFuzzer] remove more stale code by Kostya Serebryany · 9 years ago
  17. a43a299 [libFuzzer] remove stale code by Kostya Serebryany · 9 years ago
  18. 41e7a27 [libFuzzer] remove usage of the old coverage instrumentation by Kostya Serebryany · 9 years ago
  19. 6ac64c3 [libFuzzer] replace std::random_shuffle with std::shuffle as std::random_shuffle is being deprecated in C++17. Also simplify fuzzer::Random. NFC by Kostya Serebryany · 9 years ago
  20. 419634b [libFuzzer] remove a bit of stale code by Kostya Serebryany · 9 years ago
  21. 15fbf68 [libFuzzer] AlrmHandler is executed in a different thread for Windows. by Marcos Pividori · 9 years ago
  22. 98d592c [libFuzzer] experimental support for 'equivalance fuzzing' by Kostya Serebryany · 9 years ago
  23. 38b5d3c [libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't special case 2-byte inputs by Kostya Serebryany · 9 years ago
  24. 6e47a10 [libFuzzer] add two tests for experimenting with equivalence fuzzing by Kostya Serebryany · 9 years ago
  25. 4aa0590 [libFuzzer] improve error handling during the merge (handle various IO failures) by Kostya Serebryany · 9 years ago
  26. 11a22bc [libFuzzer] cleaner implementation of -print_pcs=1 by Kostya Serebryany · 9 years ago
  27. 2a8440d [libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt) by Kostya Serebryany · 9 years ago
  28. 9b415be [libfuzzer] dump_coverage command line flag by Mike Aizatsky · 9 years ago
  29. fa1030e Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" by Daniel Jasper · 9 years ago
  30. 3a4e2dd [libFuzzer] avoid msan false positives in more cases by Kostya Serebryany · 9 years ago
  31. be7003f [libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code by Kostya Serebryany · 9 years ago
  32. 64d4147 [libFuzzer] Fix bug in detecting timeouts when input string is empty. by Marcos Pividori · 9 years ago
  33. 178fe58 [libFuzzer] Clean up headers and file formatting of LibFuzzer files. by Marcos Pividori · 9 years ago
  34. 463f8bd [libFuzzer] Properly use unsigned for Process ID. by Marcos Pividori · 9 years ago
  35. d4be889 [libFuzzer] respect -max_len during merge by Kostya Serebryany · 9 years ago
  36. fe1094b [libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( by Kostya Serebryany · 9 years ago
  37. dc6b8ca [libFuzzer] treat -rss_limit_mb=0 as no limit by Kostya Serebryany · 9 years ago
  38. 05f7791 [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit by Kostya Serebryany · 9 years ago
  39. 24a148b [LibFuzzer] Split up some functions among different headers. by Zachary Turner · 9 years ago
  40. 2fabeca [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once by Kostya Serebryany · 9 years ago
  41. 06b8757 [libFuzzer] simplify the code in TracePC::HandleTrace a bit more by Kostya Serebryany · 9 years ago
  42. a5b2e54 [libFuzzer] simplify the code to print new PCs by Kostya Serebryany · 9 years ago
  43. 275e260 [libFuzzer] simplify the code in TracePC::HandleTrace by Kostya Serebryany · 9 years ago
  44. 3364f90 [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test by Kostya Serebryany · 9 years ago
  45. ac2a2a8 Fix -Wunused-variable warning in libFuzzer by Reid Kleckner · 9 years ago
  46. 8dfed45 [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item by Kostya Serebryany · 9 years ago
  47. f9b8e8b [libFuzzer] better algorithm for -minimize_crash by Kostya Serebryany · 9 years ago
  48. a5f94fb [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode by Kostya Serebryany · 9 years ago
  49. 0381374 [libFuzzer] more detailed message for disabled leak detection by Kostya Serebryany · 9 years ago
  50. a17d23e [libFuzzer] add -trace_malloc= flag by Kostya Serebryany · 9 years ago
  51. c5325ed [libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process by Kostya Serebryany · 9 years ago
  52. 9adc7c8 [libFuzzer] control the reload interval by a flag, make it 10 seconds by default by Kostya Serebryany · 9 years ago
  53. 936b1e7 [libFuzzer] be more careful with memory usage, print peak rss in status lines by Kostya Serebryany · 9 years ago
  54. 3b564e9 [libFuzzer] when re-running for lsan, don't look at the coverage by Kostya Serebryany · 9 years ago
  55. 1c73f1b [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. by Kostya Serebryany · 9 years ago
  56. 2455f0d [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines by Kostya Serebryany · 9 years ago
  57. 4820cc9 [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway by Kostya Serebryany · 9 years ago
  58. d216922 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default by Kostya Serebryany · 9 years ago
  59. 90f8f36 [libFuzzer] remove some experimental code by Kostya Serebryany · 9 years ago
  60. e7e790b [libFuzzer] remove unused option by Kostya Serebryany · 9 years ago
  61. b3949ef [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard) by Kostya Serebryany · 9 years ago
  62. 2c55613 [libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input by Kostya Serebryany · 9 years ago
  63. a9b0dd0 [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals by Kostya Serebryany · 9 years ago
  64. 5ff481f [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag by Kostya Serebryany · 9 years ago
  65. 0800b81 [libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features. by Kostya Serebryany · 9 years ago
  66. ce1cab1 [libFuzzer] be more precise about what we reset in TracePC by Kostya Serebryany · 9 years ago
  67. 16a145f [libFuzzer] fix merging with trace-pc-guard by Kostya Serebryany · 9 years ago
  68. 87a598e [libFuzzer] simplify the TracePC logic by Kostya Serebryany · 9 years ago
  69. ab73c69 [libFuzzer] move value profiling logic into TracePC by Kostya Serebryany · 9 years ago
  70. d28099d [libFuzzer] change ValueBitMap to remember the number of bits in it by Kostya Serebryany · 9 years ago
  71. be0ed59 [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen by Kostya Serebryany · 9 years ago
  72. 624f59f [libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings by Kostya Serebryany · 9 years ago
  73. 29bb664 [libFuzzer] add stats to the corpus; more refactoring by Kostya Serebryany · 9 years ago
  74. 20801e1 [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one. by Kostya Serebryany · 9 years ago
  75. 6f5a804 [libFuzzer] refactoring: split the large header into many; NFC by Kostya Serebryany · 9 years ago
  76. 09aa01a [libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features by Kostya Serebryany · 9 years ago
  77. b706b48 [libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer by Kostya Serebryany · 9 years ago
  78. 3e36ec1 [libFuzzer] change trace-pc to use 8-byte guards by Kostya Serebryany · 9 years ago
  79. 5350178 [libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) by Kostya Serebryany · 9 years ago
  80. a5277d5 [libFuzzer] add 8-bit counters to trace-pc-guard handler by Kostya Serebryany · 9 years ago
  81. a00b243 [libFuzzer] start using trace-pc-guard as an alternative source of coverage by Kostya Serebryany · 9 years ago
  82. 8c537c5 [libFuzzer] print a failed-merge warning only in the merge mode by Kostya Serebryany · 9 years ago
  83. b991cc1 [libFuzzer] print a visible message if merge fails due to a crash by Kostya Serebryany · 9 years ago
  84. b76a2a5 [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itself by Kostya Serebryany · 9 years ago
  85. 8ea4f98 [libFuzzer] remove unneeded call by Kostya Serebryany · 9 years ago
  86. b077d3f [libfuzzer] simplified unit truncation; do not write trunc items to disc by Mike Aizatsky · 9 years ago
  87. 0f0fa4f [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them by Kostya Serebryany · 9 years ago
  88. f67357c [libFuzzer] simplify the code, NFC by Kostya Serebryany · 9 years ago
  89. a9a5480 [libFuzzer] when printing the reproducer input, also print the base input and the mutation sequence by Kostya Serebryany · 9 years ago
  90. d46a59f [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. by Kostya Serebryany · 9 years ago
  91. c98ef71 [libFuzzer] refactoring around PCMap, NFC by Kostya Serebryany · 9 years ago
  92. 728447b [libFuzzer] make libFuzzer work with a bit older clang versions by Kostya Serebryany · 9 years ago
  93. ff1f210 [libFuzzer] don't print bogus error message by Kostya Serebryany · 9 years ago
  94. b4bbc3b [sanitizers] trace buffer API to use user-allocated buffer. by Mike Aizatsky · 9 years ago
  95. f0b3e85 [libfuzzer] moving is_ascii handler inside mutation dispatcher. by Mike Aizatsky · 9 years ago
  96. fd6ad5b [libFuzzer] use the new chainable malloc hooks instead of the old un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable by Kostya Serebryany · 9 years ago
  97. 53b7b3c [libFuzzer] add 'weak' back to __sanitizer_malloc_hook and __sanitizer_free_hook by Kostya Serebryany · 9 years ago
  98. 76f4252 [libFuzzer] add a test that is built w/o coverage instrumentation but has the coverage rt (it should now fail with a descriptive message) by Kostya Serebryany · 9 years ago
  99. 1873a49 [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions`` by Dan Liew · 9 years ago
  100. 1f88b12 [libfuzzer] prune_corpus option for disabling pruning during the load. by Mike Aizatsky · 9 years ago