The original libFuzzer Fuchsia port relied on convenience libraries,
but these are not exported as part of Fuchsia sysroot. This change
eliminates the use of these libraries and relies on public API only.
Differential Revision: https://reviews.llvm.org/D42996
llvm-svn: 324454
This avoids the warnings when building with LLVM_ENABLE_LIBCXX
which automatically adds -stdlib=libc++ to CMAKE_CXX_FLAGS.
Differential Revision: https://reviews.llvm.org/D42238
llvm-svn: 323969
This change updates the Fuchsia-specific code to use the C++ friendly
duration expressions and flips on the building of
libclang_rt.fuzzer-x86_64.a and similar for Fuchsia. Given that
compiler-rt doesn't build on Fuchsia, test have been run by explicitly
building the library and linking it against
lib/fuzzer/tests/FuzzerUnittest.cpp.
Differential Revision: https://reviews.llvm.org/D42670
llvm-svn: 323828
add_custom_libcxx uses the just built compiler and installs the
built libc++, e.g. for testing, neither of which is desirable in
case of Fuzzer where the libc++ should be built using the host
compiler and it's only linked into the libFuzzer and should never
be installed. This change introduces additional arguments to
add_custom_libcxx to allow parametrizing its behavior.
Differential Revision: https://reviews.llvm.org/D42330
llvm-svn: 323054
add_custom_libcxx uses the just built compiler and installs the
built libc++, e.g. for testing, neither of which is desirable in
case of Fuzzer where the libc++ should be built using the host
compiler and it's only linked into the libFuzzer and should never
be installed. This change introduces additional arguments to
add_custom_libcxx to allow parametrizing its behavior.
Differential Revision: https://reviews.llvm.org/D42330
llvm-svn: 323032
This is needed in case the users of libFuzzer use libc++ in their
code, which the fuzz target (libFuzzer) will be linked against.
When libc++ source is available, we build a private version of it
and link it against libFuzzer which allows using the same static
library against codebases which use both libc++ and libstdc++.
Differential Revision: https://reviews.llvm.org/D37631
llvm-svn: 322755
This is needed in case the users of libFuzzer use libc++ in their
code, which the fuzz target (libFuzzer) will be linked against.
When libc++ source is available, we build a private version of it
and link it against libFuzzer which allows using the same static
library against codebases which use both libc++ and libstdc++.
Differential Revision: https://reviews.llvm.org/D37631
llvm-svn: 322604
Summary: It is not necessary launching the build script with bash.
Reviewers: krytarowski
Reviewed By: krytarowski
Subscribers: llvm-commits, #sanitizers
Differential Revision: https://reviews.llvm.org/D42008
llvm-svn: 322422
Summary:
Add dummy call of LLVMFuzzerTestOneInput to afl_driver before it starts
executing on actual inputs. Do this so that first time initialization
performed by LLVMFuzzerTestOneInput is not considered code covered by
a particular input.
Patch By: metzman
Reviewers: kcc, morehouse
Reviewed By: kcc
Subscribers: llvm-commits, Sanitizers
Differential Revision: https://reviews.llvm.org/D41193
llvm-svn: 320643
Summary:
This patch adds the initial support for Fuchsia.
- LIBFUZZER_FUCHSIA is added as an OS type in FuzzerDefs.h
- Fuchsia is, by design, not POSIX compliant. However, it does use ELF and
supports common POSIX I/O functions. Thus, FuzzerExtFunctions.h and
FuzzerIO.h are implemented by extending the header guards in
FuzzerExtFunctionsWeak.cpp and FuzzerIOPosix.cpp to include
LIBFUZZER_FUCHSIA.
- The platform-specific portions of FuzzerUtil.h are implemented by
FuzzerUtilFuchsia.cpp, which makes use of exception ports, syscalls, and
the launchpad library.
- The experimental equivalence server is not currently supported, so
FuzzerShmem.h is implemented by stub methods in FuzzerShmemFuchsia.cpp.
Any future implementation will likely involve VMOs.
Tested with ASAN/SanCov on Fuchsia/x86-64 with the canonical toy fuzzer.
Patch By: aarongreen
Reviewers: kcc, morehouse, flowerhack, phosek
Reviewed By: kcc, phosek, Eugene.Zelenko
Subscribers: srhines, mgorny, Eugene.Zelenko
Differential Revision: https://reviews.llvm.org/D40974
llvm-svn: 320210
Summary: With 3 Dictionary objects, each containing space of ~16k DictionaryEntry objects, the MutationDispatcher object is fairly memory heavy. On platforms with a lower default stack size, this can cause panics in FuzzerUnittest as those tests stack-allocate the MutationDispatcher. This may be especially problematic for platforms that do not (yet) have a way to programmatically change their stack size, aside from link-time flags. In general, it seems more prudent to use the heap for an object of this size.
Reviewers: kcc, morehouse
Reviewed By: kcc
Differential Revision: https://reviews.llvm.org/D40926
llvm-svn: 319988
Summary:
To be more portable (especially w.r.t. platforms without system()),
commands should be managed programmatically rather than via string
manipulation on the command line. This change introduces
Fuzzer::Command, with methods to manage arguments and flags, set output
options, and execute the command.
Patch By: aarongreen
Reviewers: kcc, morehouse
Reviewed By: kcc, morehouse
Subscribers: llvm-commits, mgorny
Differential Revision: https://reviews.llvm.org/D40103
llvm-svn: 319680
This is based on discussion in https://reviews.llvm.org/D40376 .
The comments try to explain the reason for the current implementation
and note that it might change in the future, so clients should not
rely on this particular implementation.
Differential Revision: https://reviews.llvm.org/D40565
llvm-svn: 319190
Summary:
For some filesystems, readdir will not populate dirent::d_type with valuable information. This causes libfuzzer to proceed with an empty corpus, instead of the file it contains.
This has been tested on a server using XFS.
It should fix https://bugs.llvm.org//show_bug.cgi?id=25991
Reviewers: kcc
Reviewed By: kcc
Differential Revision: https://reviews.llvm.org/D40028
llvm-svn: 318303
Fails on darwin
Revert "[fuzzer] Script to detect unbalanced allocation in -trace_malloc output"
Needs previous one.
This reverts commit r317034, r317036.
llvm-svn: 317061
Summary: The result of clang-format and few manual changes (as prompted on D39155).
Reviewers: vitalybuka
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39211
llvm-svn: 316395
Summary:
Fuzzing targets that allocate/deallocate a lot of memory tend to consume
a lot of RSS when ASan quarantine is enabled. Purging quarantine between
iterations and returning memory to OS keeps RSS down and should not
reduce the quarantine effectiveness provided the fuzz target does not
preserve state between iterations (in this case this feature can be turned off).
Based on D39153.
Reviewers: vitalybuka
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39155
llvm-svn: 316382
