Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / db75455990b9eeeb90698a4c518246bf65bfbda4 / llvm / lib / Fuzzer / FuzzerTraceState.cpp
  1. af2dfce [libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while calling mem*/str* inside libFuzzer itself by Kostya Serebryany · 9 years ago
  2. c58982d [libFuzzer] be more careful when calling strlen of strcmp parameters, PR32357 by Kostya Serebryany · 9 years ago
  3. 1b65812 [libfuzzer] chromium-related compilation fixes by Mike Aizatsky · 9 years ago
  4. bb91170 [libFuzzer] remove stale code by Kostya Serebryany · 9 years ago
  5. 3344f35 [libFuzzer] add ATTRIBUTE_NO_SANITIZE_MEMORY to sanitizer hooks by Kostya Serebryany · 9 years ago
  6. 1d8c2ce [libFuzzer] use table of recent compares for memcmp/strcmp (to unify the code between cmp and memcmp handling) by Kostya Serebryany · 9 years ago
  7. 61f5473 [libFuzzer] remove dead code, NFC by Kostya Serebryany · 9 years ago
  8. 6fa57ad Resubmit "[LibFuzzer] Split FuzzerUtil for Posix and Windows." by Zachary Turner · 9 years ago
  9. 3cfeab7 Revert "[LibFuzzer] Split FuzzerUtil for Posix and Windows." by Zachary Turner · 9 years ago
  10. 34dcfb9 [LibFuzzer] Split FuzzerUtil for Posix and Windows. by Zachary Turner · 9 years ago
  11. 24a148b [LibFuzzer] Split up some functions among different headers. by Zachary Turner · 9 years ago
  12. a5f94fb [libFuzzer] add -trace_cmp=1 (guiding mutations based on the observed CMP instructions). This is a reincarnation of the previously deleted -use_traces, but using a different approach for collecting traces. Still a toy, but at least it scales well. Also fix -merge in trace-pc-guard mode by Kostya Serebryany · 9 years ago
  13. 379359c [libFuzzer] add ShrinkValueProfileTest, move code around, NFC by Kostya Serebryany · 9 years ago
  14. 4820cc9 [libFuzzer] remove dfsan support and some related stale code. This is not being used and as is is pretty weak anyway by Kostya Serebryany · 9 years ago
  15. ab73c69 [libFuzzer] move value profiling logic into TracePC by Kostya Serebryany · 9 years ago
  16. d28099d [libFuzzer] change ValueBitMap to remember the number of bits in it by Kostya Serebryany · 9 years ago
  17. 6f5a804 [libFuzzer] refactoring: split the large header into many; NFC by Kostya Serebryany · 9 years ago
  18. 5c04bd2 [libFuzzer] remove use_traces=1 since use_value_profile seems to be strictly better by Kostya Serebryany · 9 years ago
  19. 248d115 [libFuzzer] stop using bits for memcmp's value profile -- seems to blow up the corpus too much by Kostya Serebryany · 9 years ago
  20. d4492f8 [libFuzzer] use bits instead of bytes for memcmp/strcmp value profile -- the fuzzer reaches the goal much faster, at least on the simple puzzles by Kostya Serebryany · 9 years ago
  21. 4d22e4f [libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests by Kostya Serebryany · 9 years ago
  22. bceadcf [libFuzzer] use __attribute__((target("popcnt"))) only on x86_64 by Kostya Serebryany · 9 years ago
  23. ac524cf [libFuzzer] collect 64 states for value profile, not 65 by Kostya Serebryany · 9 years ago
  24. 524c3f3 [sanitizer-coverage/libFuzzer] instrument comparisons with __sanitizer_cov_trace_cmp[1248] instead of __sanitizer_cov_trace_cmp, don't pass the comparison type to save a bit performance. Use these new callbacks in libFuzzer by Kostya Serebryany · 9 years ago
  25. 5a5d554 [libFuzzer] force proper popcnt instruction by Kostya Serebryany · 9 years ago
  26. d46a59f [libFuzzer] new experimental feature: value profiling. Profiles values that affect control flow and treats new values as new coverage. by Kostya Serebryany · 9 years ago
  27. 6b08be9 [libFuzzer] properly intercept memmem by Kostya Serebryany · 9 years ago
  28. c135b55 [libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp by Kostya Serebryany · 9 years ago
  29. f0b3e85 [libfuzzer] moving is_ascii handler inside mutation dispatcher. by Mike Aizatsky · 9 years ago
  30. b62e7e3 Fix compilation with GCC, which treats this as a constructor name not a type by Richard Smith · 9 years ago
  31. f26017b [libFuzzer] refactor: hide CurrentUnitData inside an interface function. NFC by Kostya Serebryany · 9 years ago
  32. f1f3f93 [libFuzzer] reimplement the way we do -only_ascii to allow more 'const' in function declarations. Add a test for -only_ascii. NFC intended by Kostya Serebryany · 9 years ago
  33. 64d2457 [libFuzzer] try to use max_len based on the items of the corpus instead of blindly defaulting to 64 bytes. by Kostya Serebryany · 10 years ago
  34. 2eed121 libfuzzer: fix compiler warnings by Dmitry Vyukov · 10 years ago
  35. 7ec0c56 [libFuzzer] get rid of UserSuppliedFuzzer; NFC by Kostya Serebryany · 10 years ago
  36. d88d130 [libFuzzer] don't create too many trace-based mutations as it may be too slow by Kostya Serebryany · 10 years ago
  37. b5e9849 [libFuzzer] don't do expensive memmem if the result will not be used by Kostya Serebryany · 10 years ago
  38. 476f0ce [libFuzzer] replace vector with a simpler data structure in the Dictionaries to avoid memory allocations on hot path by Kostya Serebryany · 10 years ago
  39. ae5b956 [libFuzzer] do mutations based on memcmp/strcmp interceptors under a separate flag (-use_memcmp, default=1) by Kostya Serebryany · 10 years ago
  40. 98abb2c [libFuzzer] make CurrentUnit a POD object instead of vector to avoid extra allocations by Kostya Serebryany · 10 years ago
  41. d50a3ee [libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector) by Kostya Serebryany · 10 years ago
  42. 4b83a4f [libFuzzer] add a macro LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS by Kostya Serebryany · 10 years ago
  43. 4174005 [libFuzzer] when a new unit is discovered using a dictionary, print all used dictionary entries by Kostya Serebryany · 10 years ago
  44. 859e86d [libFuzzer] add various debug prints. Also don't mutate based on a cmp trace like (a eq a) or (a neq a) by Kostya Serebryany · 10 years ago
  45. e358095 [libFuzzer] extend the weak memcmp/strcmp/strncmp interceptors to receive the result of the computations. With that, don't do any mutations if memcmp/etc returned 0 by Kostya Serebryany · 10 years ago
  46. 1f9c40d [libFuzzer] debug prints in tracing by Kostya Serebryany · 10 years ago
  47. b65805a [libFuzzer] change the way trace-based mutations are applied. Instead of a custom code just rely on the automatically created dictionary by Kostya Serebryany · 10 years ago
  48. c573316 [libFuzzer] don't limit memcmp tracing with 8 bytes by Kostya Serebryany · 10 years ago
  49. e7583d2 [libFuzzer] refactor the way we collect cmp traces (don't use std::vector, don't limit with 8 bytes) by Kostya Serebryany · 10 years ago
  50. 226b734 [libFuzzer] make trace-based fuzzing not crash in presence of threads by Kostya Serebryany · 10 years ago
  51. 4d62322 [libFuzzer] remove default initializer as a workaround for https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68399. Don't need it anyway. by Kostya Serebryany · 10 years ago
  52. 3287d7a [libFuzzer] Marking exported symbols as visible. Patch by Mike Aizatsky by Kostya Serebryany · 10 years ago
  53. 65f5086 [libFuzzer] refactor the code to allow building libFuzzer on platforms that don't have dfsan and don't support weak functions by Kostya Serebryany · 10 years ago
  54. 4b82de2 [libFuzzer] remove a piece of stale code by Kostya Serebryany · 10 years ago
  55. e641dd6 [libFuzzer] more accurate logic for traces, 80-char fix by Kostya Serebryany · 10 years ago
  56. 12c7837 [libFuzzer] add two flags, -tbm_depth and -tbm_width to control how the trace-based-mutations are applied by Kostya Serebryany · 10 years ago
  57. d46369d [libFuzzer] avoid build warnings in non-assert build (useful warning in this case) by Kostya Serebryany · 10 years ago
  58. 4cc10d4 [libFuzzer] in dfsan mode, set labels every time we start recording traces as opposed to doing it at process startup. This ensures that the labels are fresh. by Kostya Serebryany · 10 years ago
  59. 7f4227d [libFuzzer] use data-flow feedback from strcmp by Kostya Serebryany · 10 years ago
  60. 8ce7424 [libFuzzer] start refactoring the Mutator and adding tests to it by Kostya Serebryany · 10 years ago
  61. fe7e41e [libFuzzer] make sure that 2-byte arguments of switch() are handled properly by Kostya Serebryany · 10 years ago
  62. 73932e5 [libFuzzer] record traces from the switch statements only when told to do so by Kostya Serebryany · 10 years ago
  63. cd6a466 [libFuzzer] support switch interception in dfsan mode by Kostya Serebryany · 10 years ago
  64. fb7d8d9 [libFuzzer] trace switch statements and apply mutations based on the expected case values by Kostya Serebryany · 10 years ago
  65. c9dc96b [libFuzzer] fix the strncmp interceptor -- it should respect short strings. by Kostya Serebryany · 10 years ago
  66. b74ba42 [libFuzzer] implement strncmp hook for data-flow-guided fuzzing (w/ and w/o dfsan), add a test by Kostya Serebryany · 10 years ago
  67. 0e776a2 [libFuzzer] implement memcmp hook for data-flow-guided fuzzing (w/o dfsan), extend the memcmp fuzzer test by Kostya Serebryany · 10 years ago
  68. ae7df1c [libFuzzer] ensure that the dfsan tracing hooks actually run (using -verbosity=3 in tests) by Kostya Serebryany · 10 years ago
  69. 3595959 [libFuzzer] when using cmp traces, first check that the CMP is evaluated to one value much more frequently than to the other value (heuristic) by Kostya Serebryany · 10 years ago
  70. 404c69f [libFuzzer] allow users to supply their own implementation of rand by Kostya Serebryany · 10 years ago
  71. 3fe7682 [lib/Fuzzer] relax an assertion by Kostya Serebryany · 10 years ago
  72. 7c180ea [lib/Fuzzer] fully get rid of std::cerr in libFuzzer by Kostya Serebryany · 10 years ago
  73. 20e9bcb [lib/Fuzzer] start getting rid of std::cerr. Sadly, these parts of C++ library used in libFuzzer badly interract with the same code used in the target function and also with dfsan. It's easier to just not use std::cerr than to defeat these issues. by Kostya Serebryany · 10 years ago
  74. d8c5472 [lib/Fuzzer] remove the -dfsan=1 flag, just use -use_traces=1 (w/ or w/o dfsan) by Kostya Serebryany · 10 years ago
  75. 8817e86 [lib/Fuzzer] don't record traces when trace collection is off by Kostya Serebryany · 10 years ago
  76. 2252625 [lib/Fuzzer] rename FuzzerDFSan.cpp to FuzzerTraceState.cpp; update comments. NFC expected by Kostya Serebryany · 10 years ago[Renamed (82%) from llvm/lib/Fuzzer/FuzzerDFSan.cpp]
  77. 5a99ecb [lib/Fuzzer] add a trace-based mutatation logic. Same idea as with DFSan-based mutator, but instead of relying on taint tracking, try to find the data directly in the input. More (logic and comments) to go. by Kostya Serebryany · 10 years ago
  78. 21a3381 Update CMake flags, LibFuzzer comments and docs for new -fsanitize-coverage= flags. by Alexey Samsonov · 10 years ago
  79. beb24c3 [lib/Fuzzer] change the way we use taint information for fuzzing. Now, we run a single unit and collect suggested mutations based on tracing+taint data, then apply the suggested mutations one by one. The previous scheme was slower and more complex. by Kostya Serebryany · 10 years ago
  80. 7d470cf [lib/Fuzzer] minor refactoring/simplification, NFC by Kostya Serebryany · 10 years ago
  81. a407dde [lib/Fuzzer] add dfsan_weak_hook_memcmp, enable the test that uses it, simplify the test runner by Kostya Serebryany · 10 years ago
  82. 3befe94 [lib/Fuzzer] remove dfsan_fuzzer_abi.list -- its contents are now moved to dfsan proper by Kostya Serebryany · 10 years ago
  83. 16d03bd DFSan-based fuzzer (proof of concept). by Kostya Serebryany · 11 years ago