Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / cee3fc61cb57166d38b4b23c3ed268284db76239 / llvm / lib / Fuzzer / FuzzerLoop.cpp
  1. 7024043 [libFuzzer] remove even more stale code by Kostya Serebryany · 9 years ago
  2. 862a845 [libFuzzer] simplify code a bit by Kostya Serebryany · 9 years ago
  3. f81cc09 [libFuzzer] remove more stale code by Kostya Serebryany · 9 years ago
  4. a43a299 [libFuzzer] remove stale code by Kostya Serebryany · 9 years ago
  5. 41e7a27 [libFuzzer] remove usage of the old coverage instrumentation by Kostya Serebryany · 9 years ago
  6. 6ac64c3 [libFuzzer] replace std::random_shuffle with std::shuffle as std::random_shuffle is being deprecated in C++17. Also simplify fuzzer::Random. NFC by Kostya Serebryany · 9 years ago
  7. 419634b [libFuzzer] remove a bit of stale code by Kostya Serebryany · 9 years ago
  8. 15fbf68 [libFuzzer] AlrmHandler is executed in a different thread for Windows. by Marcos Pividori · 9 years ago
  9. 98d592c [libFuzzer] experimental support for 'equivalance fuzzing' by Kostya Serebryany · 9 years ago
  10. 38b5d3c [libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't special case 2-byte inputs by Kostya Serebryany · 9 years ago
  11. 6e47a10 [libFuzzer] add two tests for experimenting with equivalence fuzzing by Kostya Serebryany · 9 years ago
  12. 4aa0590 [libFuzzer] improve error handling during the merge (handle various IO failures) by Kostya Serebryany · 9 years ago
  13. 11a22bc [libFuzzer] cleaner implementation of -print_pcs=1 by Kostya Serebryany · 9 years ago
  14. 2a8440d [libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually (second attempt) by Kostya Serebryany · 9 years ago
  15. 9b415be [libfuzzer] dump_coverage command line flag by Mike Aizatsky · 9 years ago
  16. fa1030e Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code" by Daniel Jasper · 9 years ago
  17. 3a4e2dd [libFuzzer] avoid msan false positives in more cases by Kostya Serebryany · 9 years ago
  18. be7003f [libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code by Kostya Serebryany · 9 years ago
  19. 64d4147 [libFuzzer] Fix bug in detecting timeouts when input string is empty. by Marcos Pividori · 9 years ago
  20. 178fe58 [libFuzzer] Clean up headers and file formatting of LibFuzzer files. by Marcos Pividori · 9 years ago
  21. 463f8bd [libFuzzer] Properly use unsigned for Process ID. by Marcos Pividori · 9 years ago
  22. d4be889 [libFuzzer] respect -max_len during merge by Kostya Serebryany · 9 years ago
  23. fe1094b [libFuzzer] refactor the code to allow collecting features in different ways. Also initialize a couple of Fuzzer:: members that might have been used uninitialized :( by Kostya Serebryany · 9 years ago
  24. dc6b8ca [libFuzzer] treat -rss_limit_mb=0 as no limit by Kostya Serebryany · 9 years ago
  25. 05f7791 [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit by Kostya Serebryany · 9 years ago
  26. 24a148b [LibFuzzer] Split up some functions among different headers. by Zachary Turner · 9 years ago
  27. 2fabeca [libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once by Kostya Serebryany · 9 years ago
  28. 06b8757 [libFuzzer] simplify the code in TracePC::HandleTrace a bit more by Kostya Serebryany · 9 years ago
  29. a5b2e54 [libFuzzer] simplify the code to print new PCs by Kostya Serebryany · 9 years ago
  30. 275e260 [libFuzzer] simplify the code in TracePC::HandleTrace by Kostya Serebryany · 9 years ago
  31. 3364f90 [libFuzzer] simplify the code for use_cmp, also use the position hint when available, add a test by Kostya Serebryany · 9 years ago
  32. ac2a2a8 Fix -Wunused-variable warning in libFuzzer by Reid Kleckner · 9 years ago
  33. 8dfed45 [libFuzzer] reshuffle the code for -exit_on_src_pos and -exit_on_item by Kostya Serebryany · 9 years ago
  34. f9b8e8b [libFuzzer] better algorithm for -minimize_crash by Kostya Serebryany · 9 years ago
  35. a5f94fb [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode by Kostya Serebryany · 9 years ago
  36. 0381374 [libFuzzer] more detailed message for disabled leak detection by Kostya Serebryany · 9 years ago
  37. a17d23e [libFuzzer] add -trace_malloc= flag by Kostya Serebryany · 9 years ago
  38. c5325ed [libFuzzer] when shrinking the corpus, delete evicted files previously created by the current process by Kostya Serebryany · 9 years ago
  39. 9adc7c8 [libFuzzer] control the reload interval by a flag, make it 10 seconds by default by Kostya Serebryany · 9 years ago
  40. 936b1e7 [libFuzzer] be more careful with memory usage, print peak rss in status lines by Kostya Serebryany · 9 years ago
  41. 3b564e9 [libFuzzer] when re-running for lsan, don't look at the coverage by Kostya Serebryany · 9 years ago
  42. 1c73f1b [libFuzzer] refactoring to make -shrink=1 work for value profile, added a test. by Kostya Serebryany · 9 years ago
  43. 2455f0d [libFuzzer] clear the corpus elements if they are evicted (i.e. smaller elements with proper coverage are found). Make sure we never try to mutate empty element. Print the corpus size in bytes in the status lines by Kostya Serebryany · 9 years ago
  44. 4820cc9 [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway by Kostya Serebryany · 9 years ago
  45. d216922 [libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default by Kostya Serebryany · 9 years ago
  46. 90f8f36 [libFuzzer] remove some experimental code by Kostya Serebryany · 9 years ago
  47. e7e790b [libFuzzer] remove unused option by Kostya Serebryany · 9 years ago
  48. b3949ef [libFuzzer] remove the code for -print_pcs=1 with the old coverage. It still works with the new one (trace-pc-guard) by Kostya Serebryany · 9 years ago
  49. 2c55613 [libFuzzer] more the feature set to InputCorpus; on feature update, change the feature counter of the old best input by Kostya Serebryany · 9 years ago
  50. a9b0dd0 [sanitizer-coverage/libFuzzer] make the guards for trace-pc 32-bit; create one array of guards per function, instead of one guard per BB. reorganize the code so that trace-pc-guard does not create unneeded globals by Kostya Serebryany · 9 years ago
  51. 5ff481f [libFuzzer] add -exit_on_src_pos to test libFuzzer itself, add a test script for RE2 that uses this flag by Kostya Serebryany · 9 years ago
  52. 0800b81 [libFuzzer] simplify HandleTrace again, start re-running interesting units and collecting their features. by Kostya Serebryany · 9 years ago
  53. ce1cab1 [libFuzzer] be more precise about what we reset in TracePC by Kostya Serebryany · 9 years ago
  54. 16a145f [libFuzzer] fix merging with trace-pc-guard by Kostya Serebryany · 9 years ago
  55. 87a598e [libFuzzer] simplify the TracePC logic by Kostya Serebryany · 9 years ago
  56. ab73c69 [libFuzzer] move value profiling logic into TracePC by Kostya Serebryany · 9 years ago
  57. d28099d [libFuzzer] change ValueBitMap to remember the number of bits in it by Kostya Serebryany · 9 years ago
  58. be0ed59 [libFuzzer] simplify the crash minimizer; split MaxLen into two: MaxInputLen and MaxMutationLen, allow MaxMutationLen to be less than MaxInputLen by Kostya Serebryany · 9 years ago
  59. 624f59f [libFuzzer] add 'features' to the corpus elements, allow mutations with Size > MaxSize, fix sha1 in corpus stats; various refactorings by Kostya Serebryany · 9 years ago
  60. 29bb664 [libFuzzer] add stats to the corpus; more refactoring by Kostya Serebryany · 9 years ago
  61. 20801e1 [libFuzzer] more refactoring; don't compute sha1sum every time we mutate a unit from the corpus, use the stored one. by Kostya Serebryany · 9 years ago
  62. 6f5a804 [libFuzzer] refactoring: split the large header into many; NFC by Kostya Serebryany · 9 years ago
  63. 09aa01a [libFuzzer] refactoring: move the Corpus into a separate class; delete two unused experimental features by Kostya Serebryany · 9 years ago
  64. b706b48 [libFuzzer] add -print_coverage=1 flag to print coverage directly from libFuzzer by Kostya Serebryany · 9 years ago
  65. 3e36ec1 [libFuzzer] change trace-pc to use 8-byte guards by Kostya Serebryany · 9 years ago
  66. 5350178 [libFuzzer] implement print_pcs with trace-pc-guard. Change the trace-pc-guard heuristic for 8-bit counters to look more like in AFL (not that it's provable better, but the existin test preferes this heuristic) by Kostya Serebryany · 9 years ago
  67. a5277d5 [libFuzzer] add 8-bit counters to trace-pc-guard handler by Kostya Serebryany · 9 years ago
  68. a00b243 [libFuzzer] start using trace-pc-guard as an alternative source of coverage by Kostya Serebryany · 9 years ago
  69. 8c537c5 [libFuzzer] print a failed-merge warning only in the merge mode by Kostya Serebryany · 9 years ago
  70. b991cc1 [libFuzzer] print a visible message if merge fails due to a crash by Kostya Serebryany · 9 years ago
  71. b76a2a5 [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itself by Kostya Serebryany · 9 years ago
  72. 8ea4f98 [libFuzzer] remove unneeded call by Kostya Serebryany · 9 years ago
  73. b077d3f [libfuzzer] simplified unit truncation; do not write trunc items to disc by Mike Aizatsky · 9 years ago
  74. 0f0fa4f [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them by Kostya Serebryany · 9 years ago
  75. f67357c [libFuzzer] simplify the code, NFC by Kostya Serebryany · 9 years ago
  76. a9a5480 [libFuzzer] when printing the reproducer input, also print the base input and the mutation sequence by Kostya Serebryany · 9 years ago
  77. d46a59f [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. by Kostya Serebryany · 9 years ago
  78. c98ef71 [libFuzzer] refactoring around PCMap, NFC by Kostya Serebryany · 9 years ago
  79. 728447b [libFuzzer] make libFuzzer work with a bit older clang versions by Kostya Serebryany · 9 years ago
  80. ff1f210 [libFuzzer] don't print bogus error message by Kostya Serebryany · 9 years ago
  81. b4bbc3b [sanitizers] trace buffer API to use user-allocated buffer. by Mike Aizatsky · 9 years ago
  82. f0b3e85 [libfuzzer] moving is_ascii handler inside mutation dispatcher. by Mike Aizatsky · 9 years ago
  83. fd6ad5b [libFuzzer] use the new chainable malloc hooks instead of the old un-chainable ones, use atomic for malloc/free counters instead of a thread local counter in the main thread. This should make on-the-spot leak detection in libFuzzer more reliable by Kostya Serebryany · 9 years ago
  84. 53b7b3c [libFuzzer] add 'weak' back to __sanitizer_malloc_hook and __sanitizer_free_hook by Kostya Serebryany · 9 years ago
  85. 76f4252 [libFuzzer] add a test that is built w/o coverage instrumentation but has the coverage rt (it should now fail with a descriptive message) by Kostya Serebryany · 9 years ago
  86. 1873a49 [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions`` by Dan Liew · 9 years ago
  87. 1f88b12 [libfuzzer] prune_corpus option for disabling pruning during the load. by Mike Aizatsky · 9 years ago
  88. 70fd3e4 [libfuzzer] hiding custom mutator handling in MutationDispatcher. by Mike Aizatsky · 9 years ago
  89. d3c3311 [LibFuzzer] Reimplement how the optional user functions are called. by Dan Liew · 9 years ago
  90. f641442 [libFuzzer] use __sanitizer_print_memory_profile to print the memory profile on OOM by Kostya Serebryany · 9 years ago
  91. 4795210 [libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL caused a push_back in the main corpus invalidating the vector<> iterators in rare cases. by Kostya Serebryany · 9 years ago
  92. 311cc83 [libFuzzer] fix a failure that occurs when running individual inputs by Kostya Serebryany · 9 years ago
  93. 0edb563 [libFuzzer] make OOM-handling more portable. Instead of sending a signal to the main fuzzing thread, print the message in the getrusage thread and exit. by Kostya Serebryany · 9 years ago
  94. 8fc3a27 [libFuzzer] more refactoring: make sure CurrentUnitData is awlays a valid pointer to read from by Kostya Serebryany · 9 years ago
  95. d838412 [libFuzzer] more refactoring around CurrentUnit. Also add a threading test on which we currently have a race (when reporting bugs from multiple threads) by Kostya Serebryany · 9 years ago
  96. f26017b [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFC by Kostya Serebryany · 9 years ago
  97. 4b92326 [libFuzzer] when there is a leak in the existing corpus report the reproducer properly by Kostya Serebryany · 9 years ago
  98. f1f3f93 [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended by Kostya Serebryany · 9 years ago
  99. ff2e6ba [libFuzzer] print stats if we crash on empty input by Kostya Serebryany · 9 years ago
  100. af432a4 [libfuzzer] Trying random unit prefixes during corpus load. by Mike Aizatsky · 9 years ago