delta/compiler-rt.git/lib/fuzzer/FuzzerMutate.cpp, branch master llvm.org: Obsolete (use llvm) [libFuzzer] Make MutateWithMask work when the Mask is shorter than the input. 2019-04-11T18:21:53+00:00 Max Moroz mmoroz@chromium.org 2019-04-11T18:21:53+00:00 f12ea2f51ce2775fb019e7938ff5ff6512b31826 Summary: Before this change, MutateWithMask used to assert that Mask should be of sufficient length (>= Size of the input). However, in real cases we may have inputs that are longer than the Mask they have inherited from the based inputs. Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60571 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@358207 91177308-0d34-0410-b5e6-96231b3b80d8 
Summary:
Before this change, MutateWithMask used to assert that Mask should be
of sufficient length (>= Size of the input). However, in real cases we may have
inputs that are longer than the Mask they have inherited from the based inputs.

Reviewers: kcc, morehouse

Reviewed By: kcc

Subscribers: delcypher, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D60571

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@358207 91177308-0d34-0410-b5e6-96231b3b80d8
[libFuzzer] Fallback to default Mutate when MutateWithMask fails. 2019-04-11T16:24:53+00:00 Max Moroz mmoroz@chromium.org 2019-04-11T16:24:53+00:00 fa58f7c1deb283b8b9cfce4b631ecaa10bfc583a Summary: In case the current corpus input doesn't have bytes going into the focus function, MutateWithMask is useless and may fail gently, allowing the default mutation routine happen, rather than crashing on an assertion. For more context and the initial fix suggestion, see: https://github.com/google/oss-fuzz/issues/1632#issuecomment-481862879 Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60567 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@358190 91177308-0d34-0410-b5e6-96231b3b80d8 
Summary:
In case the current corpus input doesn't have bytes going into the
focus function, MutateWithMask is useless and may fail gently, allowing the
default mutation routine happen, rather than crashing on an assertion.

For more context and the initial fix suggestion, see:
https://github.com/google/oss-fuzz/issues/1632#issuecomment-481862879

Reviewers: kcc, morehouse

Reviewed By: kcc

Subscribers: delcypher, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D60567

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@358190 91177308-0d34-0410-b5e6-96231b3b80d8
[libFuzzer] refactor the way we choose the element to cross-over with, NFC (expected1); add a flag -seed_inputs= to pass extra seed inputs as file paths, not dirs 2019-02-08T01:20:54+00:00 Kostya Serebryany kcc@google.com 2019-02-08T01:20:54+00:00 89ce99374691983d64bdbd008b151e7d356cee8d git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@353494 91177308-0d34-0410-b5e6-96231b3b80d8 
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@353494 91177308-0d34-0410-b5e6-96231b3b80d8
Update the file headers across all of the LLVM projects in the monorepo 2019-01-19T08:50:56+00:00 Chandler Carruth chandlerc@gmail.com 2019-01-19T08:50:56+00:00 58d43607862096aeb32d72173911c9df244a30f1 to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@351636 91177308-0d34-0410-b5e6-96231b3b80d8 
to reflect the new license.

We understand that people may be surprised that we're moving the header
entirely to discuss the new license. We checked this carefully with the
Foundation's lawyer and we believe this is the correct approach.

Essentially, all code in the project is now made available by the LLVM
project under our new license, so you will see that the license headers
include that license only. Some of our contributors have contributed
code under our old license, and accordingly, we have retained a copy of
our old license notice in the top-level files in each project and
repository.

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@351636 91177308-0d34-0410-b5e6-96231b3b80d8
[libFuzzer] Remove mutation stats and weighted mutation selection. 2018-08-29T21:53:15+00:00 Max Moroz mmoroz@chromium.org 2018-08-29T21:53:15+00:00 9bf9f89d6293e8a66257a1a6ea1c5a2a2f3e7f11 Summary: This was an experimental feature. After evaluating it with: 1) https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison 2) enabling on real world fuzz targets running at ClusterFuzz and OSS-Fuzz The following conclusions were made: 1) With fuzz targets that have reached a code coverage plateau, the feature does not improve libFuzzer's ability to discover new coverage and may actually negatively impact it. 2) With fuzz targets that have not yet reached a code coverage plateau, the feature might speed up new units discovery in some cases, but it is quite rare and hard to confirm with a high level on confidence. Revert of https://reviews.llvm.org/D48054 and https://reviews.llvm.org/D49621. Reviewers: metzman, morehouse Reviewed By: metzman, morehouse Subscribers: delcypher, #sanitizers, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D51455 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@340976 91177308-0d34-0410-b5e6-96231b3b80d8 
Summary:
This was an experimental feature. After evaluating it with:

1) https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison

2) enabling on real world fuzz targets running at ClusterFuzz and OSS-Fuzz

The following conclusions were made:

1) With fuzz targets that have reached a code coverage plateau, the feature does
   not improve libFuzzer's ability to discover new coverage and may actually
   negatively impact it.

2) With fuzz targets that have not yet reached a code coverage plateau, the
   feature might speed up new units discovery in some cases, but it is quite
   rare and hard to confirm with a high level on confidence.

Revert of https://reviews.llvm.org/D48054 and https://reviews.llvm.org/D49621.

Reviewers: metzman, morehouse

Reviewed By: metzman, morehouse

Subscribers: delcypher, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D51455

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@340976 91177308-0d34-0410-b5e6-96231b3b80d8
[libFuzzer] Initial implementation of weighted mutation leveraging during runtime. 2018-08-02T22:30:03+00:00 Max Moroz mmoroz@chromium.org 2018-08-02T22:30:03+00:00 27f6922bac686ad0c060989e480e71495e028199 Summary: Added functions that calculate stats while fuzz targets are running and give mutations weight based on how much new coverage they provide, and choose better performing mutations more often. Patch by Kodé Williams (@kodewilliams). Reviewers: Dor1s, metzman, morehouse Reviewed By: Dor1s, morehouse Subscribers: delcypher, kcc, llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D49621 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@338776 91177308-0d34-0410-b5e6-96231b3b80d8 
Summary:
Added functions that calculate stats while fuzz targets are running and give
mutations weight based on how much new coverage they provide, and choose better
performing mutations more often.

Patch by Kodé Williams (@kodewilliams).

Reviewers: Dor1s, metzman, morehouse

Reviewed By: Dor1s, morehouse

Subscribers: delcypher, kcc, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D49621

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@338776 91177308-0d34-0410-b5e6-96231b3b80d8
[libFuzzer] fix the bot (the no-assert build) 2018-07-19T03:16:12+00:00 Kostya Serebryany kcc@google.com 2018-07-19T03:16:12+00:00 456e46e79e9905cef504154aa83505b76d9e32cd git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337437 91177308-0d34-0410-b5e6-96231b3b80d8 
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337437 91177308-0d34-0410-b5e6-96231b3b80d8
[libFuzzer] first experimental attempt at DFT-based mutations (DFT=data-flow-trace) 2018-07-19T01:23:32+00:00 Kostya Serebryany kcc@google.com 2018-07-19T01:23:32+00:00 b245ab336ef0cef374b36d0fa4be432b3e6afcd2 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337434 91177308-0d34-0410-b5e6-96231b3b80d8 
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337434 91177308-0d34-0410-b5e6-96231b3b80d8
[libFuzzer] Mutation tracking and logging implemented. 2018-07-17T20:37:40+00:00 Max Moroz mmoroz@chromium.org 2018-07-17T20:37:40+00:00 9d27f84cb4ddc9a9401507f60cb3ac09a37231a4 Summary: Code now exists to track number of mutations that are used in fuzzing in total and ones that produce new coverage. The stats are currently being dumped to the command line. Patch by Kodé Williams (@kodewilliams). Reviewers: metzman, Dor1s, morehouse, kcc Reviewed By: Dor1s, morehouse, kcc Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny Differential Revision: https://reviews.llvm.org/D48054 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337324 91177308-0d34-0410-b5e6-96231b3b80d8 
Summary:
Code now exists to track number of mutations that are used in fuzzing in total
and ones that produce new coverage. The stats are currently being dumped to the
command line.

Patch by Kodé Williams (@kodewilliams).

Reviewers: metzman, Dor1s, morehouse, kcc

Reviewed By: Dor1s, morehouse, kcc

Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny

Differential Revision: https://reviews.llvm.org/D48054

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337324 91177308-0d34-0410-b5e6-96231b3b80d8
libFuzzer: prevent irrelevant strings from leaking into auto-dictionary 2018-07-17T16:12:00+00:00 Matt Morehouse mascasa@google.com 2018-07-17T16:12:00+00:00 823b254fc6354740a99e824b7757c83668496918 This is a fix for bug 37047. https://bugs.llvm.org/show_bug.cgi?id=37047 Implemented by basically reversing the logic. Previously all strings were considered, with some operations excluded. Now strings are excluded by default, and only strings during the CB considered. Patch By: pdknsk Differential Revision: https://reviews.llvm.org/D48800 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337296 91177308-0d34-0410-b5e6-96231b3b80d8 
This is a fix for bug 37047.

https://bugs.llvm.org/show_bug.cgi?id=37047

Implemented by basically reversing the logic. Previously all strings
were considered, with some operations excluded. Now strings are excluded
by default, and only strings during the CB considered.

Patch By: pdknsk

Differential Revision: https://reviews.llvm.org/D48800

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337296 91177308-0d34-0410-b5e6-96231b3b80d8