|
LLVM
4.0.0
|
Classes | |
| struct | InputInfo |
| class | InputCorpus |
| struct | ScopedDoingMyOwnMemmem |
| class | FixedWord |
| class | DictionaryEntry |
| class | Dictionary |
| struct | FlagDescription |
| struct | ExternalFunctions |
| class | Fuzzer |
| struct | MallocFreeTracer |
| struct | MergeFileInfo |
| struct | Merger |
| class | MutationDispatcher |
| struct | FuzzingOptions |
| class | Random |
| struct | TableOfRecentCompares |
| class | TracePC |
| struct | TraceBasedMutation |
| class | TraceState |
| struct | ValueBitMap |
Typedefs | |
| typedef std::vector< uint8_t > | Unit |
| typedef std::vector< Unit > | UnitVector |
| typedef int(* | UserCallback )(const uint8_t *Data, size_t Size) |
| typedef FixedWord< 27 > | Word |
Functions | |
| template<class T > | |
| T | Min (T a, T b) |
| template<class T > | |
| T | Max (T a, T b) |
| int | FuzzerDriver (int *argc, char ***argv, UserCallback Callback) |
| uint8_t | Bswap (uint8_t x) |
| uint16_t | Bswap (uint16_t x) |
| uint32_t | Bswap (uint32_t x) |
| uint64_t | Bswap (uint64_t x) |
| bool | ParseOneDictionaryEntry (const std::string &Str, Unit *U) |
| bool | ParseDictionaryFile (const std::string &Text, std::vector< Unit > *Units) |
| FUZZER_FLAG_INT (runs,-1,"Number of individual test runs (-1 for infinite runs).") FUZZER_FLAG_INT(max_len | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it | FUZZER_FLAG_INT (mutate_depth, 5,"Apply this number of consecutive mutations to each input.") FUZZER_FLAG_INT(prefer_small |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle | FUZZER_FLAG_INT (timeout, 1200,"Timeout in seconds (if positive). ""If one unit runs more than this number of seconds the process will abort.") FUZZER_FLAG_INT(error_exitcode |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used | FUZZER_FLAG_INT (timeout_exitcode, 77,"When libFuzzer reports a timeout ""this exit code will be used.") FUZZER_FLAG_INT(max_total_time |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer | FUZZER_FLAG_INT (merge, 0,"If 1, the 2-nd, 3-rd, etc corpora will be ""merged into the 1-st corpus. Only interesting units will be taken. ""This flag can be used to minimize a corpus.") FUZZER_FLAG_INT(minimize_crash |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc | FUZZER_FLAG_INT (use_memmem, 1,"Use hints from intercepting memmem, strstr, etc") FUZZER_FLAG_INT(use_value_profile |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing | FUZZER_FLAG_UNSIGNED (jobs, 0,"Number of jobs to run. If jobs >= 1 we spawn"" this number of jobs in separate worker processes"" with stdout/stderr redirected to fuzz-JOB.log.") FUZZER_FLAG_UNSIGNED(workers |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If | min (jobs, NumberOfCpuCores()/2)\" is used.") FUZZER_FLAG_INT(reload |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled | FUZZER_FLAG_INT (report_slow_units, 10,"Report slowest units if they run for more than this number of seconds.") FUZZER_FLAG_INT(only_ascii |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only | ASCII (isprint+isspace) inputs.") FUZZER_FLAG_STRING(artifact_prefix |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing | artifacts (crash," "timeout, or slow inputs) as" "$(artifact_prefix) file") FUZZER_FLAG_STRING(exact_artifact_path |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on | failure (crash, timeout)" "as $(exact_artifact_path).This override s-artifact_prefix" "and will not use checksum in the file name.Do not" "use the same path for several parallel processes.") FUZZER_FLAG_INT(print_corpus_stats |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit | FUZZER_FLAG_INT (print_coverage, 0,"If 1, print coverage information at exit."" Experimental, only with trace-pc-guard") FUZZER_FLAG_INT(dump_coverage |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit only with trace pc guard | FUZZER_FLAG_INT (close_fd_mask, 0,"If 1, close stdout at startup; ""if 2, close stderr; if 3, close both. ""Be careful, this will also close e.g. asan's stderr/stdout.") FUZZER_FLAG_INT(detect_leaks |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit only with trace pc guard and if LeakSanitizer is enabled try to detect memory leaks during | fuzzing (i.e.not only at shut down).") FUZZER_FLAG_INT(trace_malloc |
| long | GetEpoch (const std::string &Path) |
| Unit | FileToVector (const std::string &Path, size_t MaxSize, bool ExitOnError) |
| std::string | FileToString (const std::string &Path) |
| void | CopyFileToErr (const std::string &Path) |
| void | WriteToFile (const Unit &U, const std::string &Path) |
| void | ReadDirToVectorOfUnits (const char *Path, std::vector< Unit > *V, long *Epoch, size_t MaxSize, bool ExitOnError) |
| std::string | DirPlusFile (const std::string &DirPath, const std::string &FileName) |
| void | DupAndCloseStderr () |
| void | CloseStdout () |
| void | Printf (const char *Fmt,...) |
| std::string | DirName (const std::string &FileName) |
| std::string | TmpDir () |
| bool | IsFile (const std::string &Path) |
| void | ListFilesInDirRecursive (const std::string &Dir, long *Epoch, std::vector< std::string > *V, bool TopDir) |
| char | GetSeparator () |
| FILE * | OpenFile (int Fd, const char *Mode) |
| int | CloseFile (int Fd) |
| int | DuplicateFile (int Fd) |
| void | RemoveFile (const std::string &Path) |
| static void | MissingExternalApiFunction (const char *FnName) |
| ATTRIBUTE_NO_SANITIZE_MEMORY void | MallocHook (const volatile void *ptr, size_t size) |
| ATTRIBUTE_NO_SANITIZE_MEMORY void | FreeHook (const volatile void *ptr) |
| static void | WarnOnUnsuccessfullMerge (bool DoWarn) |
| static size_t | ComputeMutationLen (size_t MaxInputSize, size_t MaxMutationLen, Random &Rand) |
| static void | PrintASCII (const Word &W, const char *PrintAfter) |
| static char | RandCh (Random &Rand) |
| template<class T > | |
| size_t | ChangeBinaryInteger (uint8_t *Data, size_t Size, Random &Rand) |
| void | ComputeSHA1 (const uint8_t *Data, size_t Len, uint8_t *Out) |
| std::string | Sha1ToString (const uint8_t Sha1[kSHA1NumBytes]) |
| std::string | Hash (const Unit &U) |
| static bool | IsInterestingCoverageFile (std::string &File) |
| static size_t | InternalStrnlen (const char *S, size_t MaxLen) |
| void | PrintHexArray (const uint8_t *Data, size_t Size, const char *PrintAfter) |
| void | Print (const Unit &v, const char *PrintAfter) |
| void | PrintASCIIByte (uint8_t Byte) |
| void | PrintASCII (const uint8_t *Data, size_t Size, const char *PrintAfter) |
| void | PrintASCII (const Unit &U, const char *PrintAfter) |
| bool | ToASCII (uint8_t *Data, size_t Size) |
| bool | IsASCII (const Unit &U) |
| bool | IsASCII (const uint8_t *Data, size_t Size) |
| std::string | Base64 (const Unit &U) |
| std::string | DescribePC (const char *SymbolizedFMT, uintptr_t PC) |
| void | PrintPC (const char *SymbolizedFMT, const char *FallbackFMT, uintptr_t PC) |
| unsigned | NumberOfCpuCores () |
| bool | ExecuteCommandAndReadOutput (const std::string &Command, std::string *Out) |
| void | PrintHexArray (const Unit &U, const char *PrintAfter="") |
| void | SetSignalHandler (const FuzzingOptions &Options) |
| void | SleepSeconds (int Seconds) |
| unsigned long | GetPid () |
| size_t | GetPeakRSSMb () |
| int | ExecuteCommand (const std::string &Command) |
| FILE * | OpenProcessPipe (const char *Command, const char *Mode) |
| const void * | SearchMemory (const void *haystack, size_t haystacklen, const void *needle, size_t needlelen) |
| std::string | CloneArgsWithoutX (const std::vector< std::string > &Args, const char *X1, const char *X2) |
| std::string | CloneArgsWithoutX (const std::vector< std::string > &Args, const char *X) |
Variables | |
| ExternalFunctions * | EF |
| struct { | |
| Maximum length of the test input fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If fuzzer::positive | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with fuzzer::runs | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with fuzzer::strcmp | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If fuzzer::zero | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit fuzzer::Experimental | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit only with trace pc guard fuzzer::If | |
| } | Flags |
| static FILE * | OutputFile = stderr |
| static const size_t | kMaxUnitSizeToPrint = 256 |
| static Fuzzer * | F |
| static MallocFreeTracer | AllocTracer |
| static const int | kSHA1NumBytes = 20 |
| TracePC | TPC |
| static bool | RecordingMemcmp = false |
| static bool | RecordingMemmem = false |
| static bool | DoingMyOwnMemmem = false |
| static TraceState * | TS |
| typedef std::vector<uint8_t> fuzzer::Unit |
Definition at line 71 of file FuzzerDefs.h.
| typedef std::vector<Unit> fuzzer::UnitVector |
Definition at line 72 of file FuzzerDefs.h.
| typedef int(* fuzzer::UserCallback)(const uint8_t *Data, size_t Size) |
Definition at line 73 of file FuzzerDefs.h.
| typedef FixedWord<27> fuzzer::Word |
Definition at line 53 of file FuzzerDictionary.h.
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing fuzzer::@269::artifacts | ( | crash | , |
| " " | timeout, | ||
| or slow | inputs | ||
| ) |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every<N> seconds to get new units discovered by other processes disabled generate only fuzzer::ASCII | ( | isprint+ | isspace | ) |
| std::string fuzzer::Base64 | ( | const Unit & | U | ) |
|
inline |
Definition at line 82 of file FuzzerDefs.h.
Referenced by ChangeBinaryInteger().
|
inline |
Definition at line 83 of file FuzzerDefs.h.
Definition at line 84 of file FuzzerDefs.h.
|
inline |
Definition at line 85 of file FuzzerDefs.h.
| size_t fuzzer::ChangeBinaryInteger | ( | uint8_t * | Data, |
| size_t | Size, | ||
| Random & | Rand | ||
| ) |
Definition at line 362 of file FuzzerMutate.cpp.
References llvm::MCID::Add, assert(), Bswap(), fuzzer::Random::RandBool(), and T.
| std::string fuzzer::CloneArgsWithoutX | ( | const std::vector< std::string > & | Args, |
| const char * | X1, | ||
| const char * | X2 | ||
| ) |
Referenced by CloneArgsWithoutX(), and fuzzer::Fuzzer::CrashResistantMerge().
|
inline |
Definition at line 65 of file FuzzerUtil.h.
References CloneArgsWithoutX().
| int fuzzer::CloseFile | ( | int | Fd | ) |
Referenced by CloseStdout(), and DupAndCloseStderr().
| void fuzzer::CloseStdout | ( | ) |
Definition at line 105 of file FuzzerIO.cpp.
References CloseFile().
|
static |
Definition at line 710 of file FuzzerLoop.cpp.
References assert(), Min(), and fuzzer::Random::Rand().
| void fuzzer::ComputeSHA1 | ( | const uint8_t * | Data, |
| size_t | Len, | ||
| uint8_t * | Out | ||
| ) |
Definition at line 202 of file FuzzerSHA1.cpp.
References HASH_LENGTH.
Referenced by fuzzer::InputCorpus::AddToCorpus(), and Hash().
| void fuzzer::CopyFileToErr | ( | const std::string & | Path | ) |
Definition at line 57 of file FuzzerIO.cpp.
References llvm::c_str(), FileToString(), and Printf().
| std::string fuzzer::DescribePC | ( | const char * | SymbolizedFMT, |
| uintptr_t | PC | ||
| ) |
Definition at line 182 of file FuzzerUtil.cpp.
References EF.
Referenced by fuzzer::TracePC::PrintCoverage(), and PrintPC().
| std::string fuzzer::DirName | ( | const std::string & | FileName | ) |
Referenced by fuzzer::TracePC::PrintCoverage().
Definition at line 87 of file FuzzerIO.cpp.
References GetSeparator().
Referenced by fuzzer::Fuzzer::CrashResistantMerge(), and fuzzer::InputCorpus::DeleteInput().
| void fuzzer::DupAndCloseStderr | ( | ) |
Definition at line 92 of file FuzzerIO.cpp.
References CloseFile(), DuplicateFile(), EF, OpenFile(), and OutputFile.
| int fuzzer::DuplicateFile | ( | int | Fd | ) |
Referenced by DupAndCloseStderr().
| int fuzzer::ExecuteCommand | ( | const std::string & | Command | ) |
Referenced by fuzzer::Fuzzer::CrashResistantMerge().
Definition at line 208 of file FuzzerUtil.cpp.
References N, OpenProcessPipe(), and AMDGPU::RuntimeMD::KernelArg::Pipe.
Referenced by fuzzer::TracePC::PrintCoverage().
|
override |
| std::string fuzzer::FileToString | ( | const std::string & | Path | ) |
Definition at line 33 of file FuzzerIO.cpp.
References min(), Printf(), and T.
Referenced by fuzzer::Fuzzer::CrashResistantMerge(), fuzzer::Fuzzer::CrashResistantMergeInternalStep(), and ReadDirToVectorOfUnits().
| ATTRIBUTE_NO_SANITIZE_MEMORY void fuzzer::FreeHook | ( | const volatile void * | ptr | ) |
Definition at line 152 of file FuzzerLoop.cpp.
References AllocTracer, EF, fuzzer::MallocFreeTracer::Frees, N, Printf(), and fuzzer::MallocFreeTracer::TraceLevel.
Referenced by fuzzer::Fuzzer::Fuzzer().
| fuzzer::@269::FUZZER_FLAG_INT | ( | runs | , |
| - | 1, | ||
| "Number of individual test runs (-1 for infinite runs)." | |||
| ) |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it fuzzer::@269::FUZZER_FLAG_INT | ( | mutate_depth | , |
| 5 | , | ||
| "Apply this number of consecutive mutations to each input." | |||
| ) |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle fuzzer::@269::FUZZER_FLAG_INT | ( | timeout | , |
| 1200 | , | ||
| "Timeout in seconds (if positive). ""If one unit runs more than this number of seconds the process will abort." | |||
| ) |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used fuzzer::@269::FUZZER_FLAG_INT | ( | timeout_exitcode | , |
| 77 | , | ||
| "When libFuzzer reports a timeout ""this exit code will be used." | |||
| ) |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer fuzzer::@269::FUZZER_FLAG_INT | ( | merge | , |
| 0 | , | ||
| "If | 1, | ||
| the 2- | nd, | ||
| 3- | rd, | ||
| etc corpora will be" "merged into the 1-st corpus.Only interesting units will be taken." "This flag can be used to minimize a corpus." | |||
| ) |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc fuzzer::@269::FUZZER_FLAG_INT | ( | use_memmem | , |
| 1 | , | ||
| "Use hints from intercepting | memmem, | ||
| strstr | , | ||
| etc" | |||
| ) |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled fuzzer::@269::FUZZER_FLAG_INT | ( | report_slow_units | , |
| 10 | , | ||
| "Report slowest units if they run for more than this number of seconds." | |||
| ) |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit fuzzer::@269::FUZZER_FLAG_INT | ( | print_coverage | , |
| 0 | , | ||
| "If | 1, | ||
| print coverage information at exit." " | Experimental, | ||
| only with trace-pc-guard" | |||
| ) |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit only with trace pc guard fuzzer::@269::FUZZER_FLAG_INT | ( | close_fd_mask | , |
| 0 | , | ||
| "If | 1, | ||
| close stdout at startup;" "if | 2, | ||
| close stderr;if | 3, | ||
| close both." "Be | careful, | ||
| this will also close e.g.asan's stderr/stdout." | |||
| ) |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing fuzzer::@269::FUZZER_FLAG_UNSIGNED | ( | jobs | , |
| 0 | , | ||
| "Number of jobs to run. If jobs >= 1 we spawn"" this number of jobs in separate worker processes"" with stdout/stderr redirected to fuzz-JOB.log." | |||
| ) |
| int fuzzer::FuzzerDriver | ( | int * | argc, |
| char *** | argv, | ||
| UserCallback | Callback | ||
| ) |
Referenced by main().
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit only with trace pc guard and if LeakSanitizer is enabled try to detect memory leaks during fuzzer::@269::fuzzing | ( | i.e.not only at shut | down | ) |
| long fuzzer::GetEpoch | ( | const std::string & | Path | ) |
Definition at line 26 of file FuzzerIO.cpp.
Referenced by fuzzer::Fuzzer::Fuzzer(), and ReadDirToVectorOfUnits().
| size_t fuzzer::GetPeakRSSMb | ( | ) |
Definition at line 113 of file afl_driver.cpp.
References assert().
Referenced by fuzzer::Fuzzer::PrintFinalStats(), fuzzer::Fuzzer::RssLimitCallback(), and write_extra_stats().
| unsigned long fuzzer::GetPid | ( | ) |
| char fuzzer::GetSeparator | ( | ) |
Referenced by DirPlusFile().
| std::string fuzzer::Hash | ( | const Unit & | U | ) |
Definition at line 216 of file FuzzerSHA1.cpp.
References ComputeSHA1(), kSHA1NumBytes, and Sha1ToString().
Referenced by fuzzer::InputCorpus::AddToCorpus(), llvm::OnDiskChainedHashTableGenerator< Info >::contains(), llvm::DWARFAcceleratorTable::dump(), llvm::DenseMapInfo< MemOpKey >::getHashValue(), llvm::pdb::NameHashTable::getIDForString(), llvm::IndexedInstrProfReader::getInstrProfRecord(), llvm::RegisterBankInfo::getOperandsMapping(), llvm::RegisterBankInfo::getPartialMapping(), llvm::RegisterBankInfo::getValueMapping(), llvm::SHA1::hash(), llvm::MD5::hash(), HashMachineInstr(), llvm::pdb::hashStringV2(), fuzzer::InputCorpus::HasUnit(), LLVMFuzzerTestOneInput(), llvm::DwarfDebug::makeTypeSignature(), llvm::MD5Hash(), llvm::InstrProfLookupTrait::ReadData(), llvm::SHA1::result(), simple_hash(), and TEST().
|
static |
Definition at line 199 of file FuzzerTraceState.cpp.
Referenced by __sanitizer_weak_hook_strncmp().
Definition at line 73 of file FuzzerUtil.cpp.
Definition at line 75 of file FuzzerUtil.cpp.
References i.
|
static |
Definition at line 70 of file FuzzerTracePC.cpp.
Referenced by fuzzer::TracePC::PrintCoverage().
| void fuzzer::ListFilesInDirRecursive | ( | const std::string & | Dir, |
| long * | Epoch, | ||
| std::vector< std::string > * | V, | ||
| bool | TopDir | ||
| ) |
Referenced by fuzzer::Fuzzer::CrashResistantMerge(), and ReadDirToVectorOfUnits().
| ATTRIBUTE_NO_SANITIZE_MEMORY void fuzzer::MallocHook | ( | const volatile void * | ptr, |
| size_t | size | ||
| ) |
Definition at line 141 of file FuzzerLoop.cpp.
References AllocTracer, EF, F, fuzzer::Fuzzer::HandleMalloc(), fuzzer::MallocFreeTracer::Mallocs, N, Printf(), and fuzzer::MallocFreeTracer::TraceLevel.
Referenced by fuzzer::Fuzzer::Fuzzer().
Definition at line 57 of file FuzzerDefs.h.
Referenced by getDecodedRMWOperation().
Definition at line 56 of file FuzzerDefs.h.
Referenced by fuzzer::TracePC::CollectFeatures(), ComputeMutationLen(), getDecodedRMWOperation(), and fuzzer::TracePC::GetNumPCs().
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If fuzzer::min | ( | jobs | , |
| NumberOfCpuCores()/ | 2 | ||
| ) |
Referenced by __sanitizer_weak_hook_strcmp(), __sanitizer_weak_hook_strncmp(), llvm::AbsoluteDifference(), add(), fuzzer::TraceState::AddInterestingWord(), llvm::DwarfExpression::AddUnsignedConstant(), fuzzer::TracePC::AddValueForMemcmp(), fuzzer::TracePC::AddValueForStrcmp(), llvm::IntervalMapImpl::NodeBase< std::pair< KeyT, KeyT >, ValT, N >::adjustFromLeftSib(), llvm::GCNHazardRecognizer::AdvanceCycle(), llvm::BitVector::anyCommon(), llvm::SmallBitVector::anyCommon(), llvm::LanaiInstrInfo::areMemAccessesTriviallyDisjoint(), llvm::HexagonFrameLowering::assignCalleeSavedSpillSlots(), assignCalleeSavedSpillSlots(), calculateSetFPREG(), canReduceVMulWidth(), llvm::CC_ARM_AAPCS_Custom_Aggregate(), llvm::CC_X86_32_MCUInReg(), checkLinkerOptCommand(), combineLoad(), combineStore(), llvm::StringRef::compare(), llvm::StringRef::compare_lower(), llvm::StringRef::compare_numeric(), llvm::ComputeEditDistance(), llvm::SelectionDAG::computeKnownBits(), computeKnownBitsFromOperator(), computeKnownBitsMul(), ComputeNumSignBits(), llvm::SelectionDAG::ComputeNumSignBits(), computeNumSignBitsVectorConstant(), llvm::FunctionLoweringInfo::ComputePHILiveOutRegInfo(), llvm::ConstantFoldBinaryInstruction(), llvm::APInt::countTrailingZeros(), fuzzer::MutationDispatcher::CrossOver(), DecodeDPRRegListOperand(), llvm::msf::StreamRefBase< ReadableStream, ReadableStreamRef >::drop_front(), EmitNop(), llvm::ARMFrameLowering::emitPrologue(), llvm::emitSourceFileHeader(), llvm::X86FrameLowering::emitSPUpdate(), llvm::SystemZSelectionDAGInfo::EmitTargetCodeForMemset(), llvm::emitThumbRegPlusImmediate(), llvm::CodeViewContext::encodeDefRange(), llvm::CodeViewContext::encodeInlineLineTable(), estimateRSStackSizeLimit(), llvm::AlignmentFromAssumptionsPass::extractAlignmentInfo(), FileToVector(), llvm::BlockFrequencyInfoImplBase::finalizeMetrics(), llvm::StringRef::find(), llvm::StringRef::find_first_not_of(), llvm::StringRef::find_first_of(), llvm::StringRef::find_last_not_of(), llvm::StringRef::find_last_of(), findCommonAlignment(), FoldIntToFPToInt(), llvm::InstCombiner::FoldItoFPtoI(), llvm::X86InstrInfo::foldMemoryOperandImpl(), getBranchHint(), llvm::AMDGPUSubtarget::getFlatWorkGroupSizes(), getFullUnrollBoostingFactor(), llvm::AMDGPUDisassembler::getInstruction(), getInt64Count(), llvm::ARMTTIImpl::getIntImmCost(), llvm::SIRegisterInfo::getMaxNumSGPRs(), getMaxWaves(), getMemsetStringVal(), llvm::ScalarEvolution::GetMinTrailingZeros(), llvm::ScalarEvolution::getMulExpr(), getNoopInput(), llvm::getOrEnforceKnownAlignment(), llvm::object::COFFObjectFile::getSymbolAlignment(), llvm::MipsTargetLowering::HandleByVal(), llvm::TextInstrProfReader::hasFormat(), llvm::raw_ostream::indent(), llvm::SelectionDAG::InferPtrAlignment(), llvm::ResourcePriorityQueue::initNumRegDefsLeft(), llvm::InlineFunction(), intersect(), llvm::AArch64TargetLowering::isLegalAddImmediate(), isOverwrite(), isVectorPromotionViableForSlice(), llvm::msf::StreamRefBase< ReadableStream, ReadableStreamRef >::keep_front(), KnuthDiv(), LLVMDisasmInstruction(), LLVMInitializeMCJITCompilerOptions(), llvm::AMDGPUTargetLowering::LowerDIVREM24(), LowerVAARG(), llvm::ConstantRange::lshr(), llvm::StringRef::ltrim(), llvm::detail::IEEEFloat::makeNaN(), mapNameAndUniqueName(), llvm::codeview::CodeViewRecordIO::maxFieldLength(), llvm::RandomNumberGenerator::min(), MIsNeedChainEdge(), llvm::object::COFFObjectFile::moveSymbolNext(), llvm::ConstantRange::multiply(), fuzzer::MutationDispatcher::Mutate_InsertRepeatedBytes(), fuzzer::MutationDispatcher::Mutate_ShuffleBytes(), operator new(), llvm::BitVector::operator&=(), llvm::BitVector::operator==(), llvm::pdb::PDBFile::parseFileHeaders(), PerformSTORECombine(), PerformVMOVRRDCombine(), llvm::SMDiagnostic::print(), llvm::X86FrameLowering::processFunctionBeforeFrameFinalized(), llvm::AArch64TargetLowering::ReconstructShuffle(), llvm::BitVector::reset(), llvm::SmallBitVector::reset(), RewriteP2Align(), llvm::StringRef::rfind(), llvm::StringRef::rfind_lower(), llvm::StringRef::rtrim(), llvm::Interpreter::runFunction(), scalarizeMaskedLoad(), llvm::detail::scalbn(), llvm::CachePruning::setMaxSize(), llvm::ConstantRange::shl(), SimplifyExtractValueInst(), llvm::StringRef::slice(), llvm::SplitEditor::splitRegInBlock(), llvm::SplitEditor::splitRegOutBlock(), llvm::SplitEditor::splitSingleBlock(), llvm::StringRef::substr(), llvm::SmallPtrSetImplBase::swap(), llvm::BitVector::test(), llvm::SmallBitVector::test(), llvm::MachineInstr::tieOperands(), llvm::ScaledNumberBase::toString(), toStringAPFloat(), fuzzer::TraceState::TraceMemcmpCallback(), llvm::sroa::AllocaSliceRewriter::visit(), llvm::InstCombiner::visitSwitchInst(), llvm::write_hex(), and llvm::msf::WritableMappedBlockStream::writeBytes().
|
static |
Definition at line 45 of file FuzzerLoop.cpp.
References Printf().
| unsigned fuzzer::NumberOfCpuCores | ( | ) |
Definition at line 198 of file FuzzerUtil.cpp.
| FILE* fuzzer::OpenFile | ( | int | Fd, |
| const char * | Mode | ||
| ) |
Referenced by DupAndCloseStderr().
Referenced by ExecuteCommandAndReadOutput().
Definition at line 127 of file FuzzerUtil.cpp.
References ParseOneDictionaryEntry(), and Printf().
Referenced by TEST().
Definition at line 81 of file FuzzerUtil.cpp.
Referenced by ParseDictionaryFile(), and TEST().
Definition at line 34 of file FuzzerUtil.cpp.
References PrintAfter(), and PrintHexArray().
Definition at line 23 of file FuzzerMutate.cpp.
References fuzzer::FixedWord< kMaxSize >::data(), PrintAfter(), and fuzzer::FixedWord< kMaxSize >::size().
Referenced by fuzzer::DictionaryEntry::Print(), PrintASCII(), fuzzer::MutationDispatcher::PrintMutationSequence(), fuzzer::MutationDispatcher::PrintRecommendedDictionary(), fuzzer::TraceState::StopTraceRecording(), and fuzzer::TraceState::TraceMemcmpCallback().
Definition at line 49 of file FuzzerUtil.cpp.
References i, PrintASCIIByte(), and Printf().
Definition at line 55 of file FuzzerUtil.cpp.
References PrintAfter(), and PrintASCII().
| void fuzzer::PrintASCIIByte | ( | uint8_t | Byte | ) |
| void fuzzer::Printf | ( | const char * | Fmt, |
| ... | |||
| ) |
Definition at line 109 of file FuzzerIO.cpp.
References OutputFile.
Referenced by fuzzer::InputCorpus::AddFeature(), fuzzer::InputCorpus::AddToCorpus(), CopyFileToErr(), fuzzer::Fuzzer::CrashResistantMerge(), fuzzer::Fuzzer::CrashResistantMergeInternalStep(), fuzzer::InputCorpus::DeleteInput(), FileToVector(), FreeHook(), fuzzer::Fuzzer::HandleMalloc(), MallocHook(), fuzzer::Fuzzer::Merge(), MissingExternalApiFunction(), NumberOfCpuCores(), ParseDictionaryFile(), fuzzer::Merger::ParseOrExit(), fuzzer::DictionaryEntry::Print(), PrintASCII(), PrintASCIIByte(), fuzzer::TracePC::PrintCoverage(), fuzzer::InputCorpus::PrintFeatureSet(), fuzzer::Fuzzer::PrintFinalStats(), PrintHexArray(), fuzzer::TracePC::PrintModuleInfo(), fuzzer::MutationDispatcher::PrintMutationSequence(), PrintPC(), fuzzer::MutationDispatcher::PrintRecommendedDictionary(), fuzzer::InputCorpus::PrintStats(), ReadDirToVectorOfUnits(), fuzzer::Fuzzer::RereadOutputCorpus(), fuzzer::Fuzzer::RssLimitCallback(), fuzzer::Fuzzer::SetMaxInputLen(), fuzzer::Fuzzer::ShuffleAndMinimize(), fuzzer::MallocFreeTracer::Start(), fuzzer::Fuzzer::StaticFileSizeExceedCallback(), fuzzer::MallocFreeTracer::Stop(), fuzzer::TraceState::StopTraceRecording(), fuzzer::TraceState::TraceMemcmpCallback(), fuzzer::Fuzzer::TryDetectingAMemoryLeak(), and WarnOnUnsuccessfullMerge().
Definition at line 191 of file FuzzerUtil.cpp.
References llvm::c_str(), DescribePC(), EF, and Printf().
Referenced by fuzzer::TracePC::PrintNewPCs().
|
static |
Definition at line 65 of file FuzzerMutate.cpp.
References fuzzer::Random::RandBool().
Referenced by fuzzer::MutationDispatcher::Mutate_ChangeByte(), and fuzzer::MutationDispatcher::Mutate_InsertByte().
| void fuzzer::ReadDirToVectorOfUnits | ( | const char * | Path, |
| std::vector< Unit > * | V, | ||
| long * | Epoch, | ||
| size_t | MaxSize, | ||
| bool | ExitOnError | ||
| ) |
Definition at line 69 of file FuzzerIO.cpp.
References E, FileToVector(), GetEpoch(), i, ListFilesInDirRecursive(), Printf(), and X.
Referenced by fuzzer::Fuzzer::Merge(), and fuzzer::Fuzzer::RereadOutputCorpus().
| void fuzzer::RemoveFile | ( | const std::string & | Path | ) |
Referenced by fuzzer::Fuzzer::CrashResistantMerge(), and fuzzer::InputCorpus::DeleteInput().
| const void* fuzzer::SearchMemory | ( | const void * | haystack, |
| size_t | haystacklen, | ||
| const void * | needle, | ||
| size_t | needlelen | ||
| ) |
Referenced by fuzzer::TraceState::TryToAddDesiredData().
| void fuzzer::SetSignalHandler | ( | const FuzzingOptions & | Options | ) |
| std::string fuzzer::Sha1ToString | ( | const uint8_t | Sha1[kSHA1NumBytes] | ) |
Definition at line 209 of file FuzzerSHA1.cpp.
References kSHA1NumBytes.
Referenced by fuzzer::InputCorpus::AddToCorpus(), fuzzer::InputCorpus::DeleteInput(), Hash(), and fuzzer::InputCorpus::PrintStats().
| void fuzzer::SleepSeconds | ( | int | Seconds | ) |
| std::string fuzzer::TmpDir | ( | ) |
Referenced by fuzzer::Fuzzer::CrashResistantMerge().
| bool fuzzer::ToASCII | ( | uint8_t * | Data, |
| size_t | Size | ||
| ) |
Definition at line 59 of file FuzzerUtil.cpp.
|
static |
Definition at line 219 of file FuzzerLoop.cpp.
References Printf().
Definition at line 61 of file FuzzerIO.cpp.
|
static |
Definition at line 138 of file FuzzerLoop.cpp.
Referenced by fuzzer::Fuzzer::ExecuteCallback(), FreeHook(), and MallocHook().
Definition at line 35 of file FuzzerTraceState.cpp.
Referenced by __sanitizer_weak_hook_memmem(), fuzzer::ScopedDoingMyOwnMemmem::ScopedDoingMyOwnMemmem(), and fuzzer::ScopedDoingMyOwnMemmem::~ScopedDoingMyOwnMemmem().
| ExternalFunctions* fuzzer::EF |
Referenced by DescribePC(), DupAndCloseStderr(), FreeHook(), fuzzer::Fuzzer::Fuzzer(), llvm::object::ELFObjectFile< ELFT >::getArch(), llvm::object::ELFObjectFile< ELFT >::getFileFormatName(), llvm::object::ELFObjectFile< ELFT >::getRel(), llvm::object::ELFObjectFile< ELFT >::getRela(), llvm::object::ELFObjectFile< ELFT >::getRelocatedSection(), llvm::object::ELFObjectFile< ELFT >::getRelocationOffset(), llvm::object::ELFObjectFile< ELFT >::getRelocationSymbol(), llvm::object::ELFObjectFile< ELFT >::getRelocationType(), llvm::object::ELFObjectFile< ELFT >::getRelocationTypeName(), llvm::object::ELFObjectFile< ELFT >::getSectionName(), llvm::object::ELFObjectFile< ELFT >::getSymbolAddress(), llvm::object::ELFObjectFile< ELFT >::getSymbolFlags(), llvm::object::ELFObjectFile< ELFT >::getSymbolName(), llvm::object::ELFObjectFile< ELFT >::getSymbolSection(), llvm::object::ELFObjectFile< ELFT >::getSymbolValueImpl(), fuzzer::Fuzzer::HandleMalloc(), llvm::object::ELFObjectFile< ELFT >::isRelocatableObject(), MallocHook(), fuzzer::MutationDispatcher::Mutate_Custom(), fuzzer::MutationDispatcher::Mutate_CustomCrossOver(), fuzzer::MutationDispatcher::MutationDispatcher(), fuzzer::TracePC::PrintCoverage(), PrintPC(), fuzzer::Fuzzer::RssLimitCallback(), llvm::object::ELFObjectFile< ELFT >::section_begin(), llvm::object::ELFObjectFile< ELFT >::section_end(), llvm::object::ELFObjectFile< ELFT >::section_rel_begin(), llvm::object::ELFObjectFile< ELFT >::section_rel_end(), TEST(), TestAddWordFromDictionary(), TestAddWordFromDictionaryWithHint(), TestChangeASCIIInteger(), TestChangeBinaryInteger(), TestChangeBit(), TestChangeByte(), TestCopyPart(), TestEraseBytes(), TestInsertByte(), TestInsertRepeatedBytes(), TestShuffleBytes(), and fuzzer::Fuzzer::TryDetectingAMemoryLeak().
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit fuzzer::Experimental |
Definition at line 86 of file FuzzerDriver.cpp.
|
static |
Definition at line 59 of file FuzzerLoop.cpp.
Referenced by fuzzer::Fuzzer::CrashResistantMerge(), fuzzer::Fuzzer::CrashResistantMergeInternalStep(), fuzzer::Fuzzer::Fuzzer(), LLVMFuzzerMutate(), MallocHook(), fuzzer::Fuzzer::StaticAlarmCallback(), fuzzer::Fuzzer::StaticCrashSignalCallback(), and fuzzer::Fuzzer::StaticInterruptCallback().
| struct { ... } fuzzer::Flags |
Referenced by llvm::MachineInstrBuilder::addDef(), addFastMathFlag(), llvm::addFrameReference(), llvm::ModuleSymbolTable::addModule(), addSaveRestoreRegs(), llvm::MachineInstrBuilder::addUse(), llvm::BitstreamCursor::advance(), llvm::BitstreamCursor::advanceSkippingSubblocks(), llvm::FastMathFlags::allowReciprocal(), llvm::CCState::AnalyzeCallResult(), llvm::FastMathFlags::any(), argsAreStructReturn(), llvm::DwarfDebug::beginInstruction(), llvm::BinaryConstantExpr::BinaryConstantExpr(), BuildExactSDIV(), llvm::buildModuleSummaryIndex(), llvm::TargetLowering::BuildSDIV(), callIsStructReturn(), canUseSiblingCall(), llvm::object::MachOObjectFile::checkSymbolTable(), llvm::FastMathFlags::clear(), llvm::MachineInstr::clearFlag(), combineBrCond(), combineCMov(), computeAliasSummary(), computeFunctionSummary(), llvm::rdf::Liveness::computePhiInfo(), llvm::RuntimeDyldImpl::computeTotalAllocSize(), computeVariableSummary(), llvm::GetElementPtrConstantExpr::Create(), llvm::MCContext::createELFRelSection(), llvm::IRBuilderBase::CreateGCStatepointCall(), llvm::IRBuilderBase::CreateGCStatepointInvoke(), llvm::FastISel::createMachineMemOperandFor(), llvm::DIBuilder::createObjectPointerType(), llvm::MDBuilder::createTBAANode(), llvm::MipsTargetELFStreamer::emitDirectiveAbiCalls(), llvm::MipsTargetELFStreamer::emitDirectiveNaN2008(), llvm::MipsTargetELFStreamer::emitDirectiveNaNLegacy(), llvm::MipsTargetELFStreamer::emitDirectiveOptionPic0(), llvm::MipsTargetELFStreamer::emitDirectiveOptionPic2(), llvm::MipsTargetELFStreamer::emitDirectiveSetMips16(), llvm::MipsTargetELFStreamer::emitDirectiveSetNoReorder(), EmitDwarfLineTable(), llvm::ARMAsmPrinter::EmitEndOfAsmFile(), llvm::X86AsmPrinter::EmitEndOfAsmFile(), llvm::SITargetLowering::EmitInstrWithCustomInserter(), llvm::TargetLoweringBase::emitPatchPoint(), llvm::TargetLoweringObjectFileELF::emitPersonalityValue(), llvm::HexagonSelectionDAGInfo::EmitTargetCodeForMemcpy(), llvm::ARMBaseInstrInfo::expandLoadStackGuardBase(), llvm::pdb::DIARawSymbol::findChildren(), llvm::pdb::DIARawSymbol::findChildrenByRVA(), llvm::orc::remote::OrcRemoteTargetClient< ChannelT >::RCIndirectStubsManager::findPointer(), llvm::orc::remote::OrcRemoteTargetClient< ChannelT >::RCIndirectStubsManager::findStub(), llvm::object::MachOBindEntry::flags(), llvm::TargetInstrInfo::foldMemoryOperand(), llvm::JITSymbolFlags::fromGlobalValue(), llvm::JITSymbolFlags::fromObjectSymbol(), false::GepNode::GepNode(), ExtraFlags::get(), llvm::ConstantExpr::getAdd(), llvm::ScalarEvolution::getAddRecExpr(), llvm::rdf::Liveness::getAllReachingDefs(), getCOFFSectionFlags(), getELFSectionFlags(), llvm::TargetLoweringObjectFileELF::getExplicitSectionGlobal(), llvm::MachineInstr::getFlag(), llvm::MCSectionELF::getFlags(), llvm::MCDwarfLoc::getFlags(), llvm::MachineInstr::getFlags(), llvm::SymbolTableEntry::getFlags(), llvm::DILocalVariable::getFlags(), llvm::MDNodeKeyImpl< DIDerivedType >::getHashValue(), llvm::MDNodeKeyImpl< DISubroutineType >::getHashValue(), llvm::MDNodeKeyImpl< DILocalVariable >::getHashValue(), getMClassFlagsMask(), llvm::ConstantExpr::getMul(), GetNegatedExpression(), llvm::rdf::DataFlowGraph::getNextShadow(), getOptimizationFlags(), llvm::NVPTXTargetLowering::getPrototype(), llvm::CCState::getRemainingRegParmsForType(), llvm::GetReturnInfo(), llvm::object::MachOObjectFile::getSectionType(), llvm::ConstantExpr::getShl(), getStaticStructorSection(), llvm::ConstantExpr::getSub(), llvm::object::ObjectFile::getSymbolValue(), getTargetFlagName(), getXCoreSectionFlags(), handleAsmUndefinedRefs(), llvm::CallLowering::handleAssignments(), llvm::FunctionImporter::importFunctions(), llvm::ARMElfTargetObjectFile::Initialize(), llvm::HexagonInstrInfo::insertBranch(), llvm::HexagonMCInstrInfo::isInnerLoop(), llvm::MDNodeKeyImpl< DIDerivedType >::isKeyOf(), llvm::MDNodeKeyImpl< DICompositeType >::isKeyOf(), llvm::MDNodeKeyImpl< DISubroutineType >::isKeyOf(), llvm::MDNodeKeyImpl< DISubprogram >::isKeyOf(), llvm::MDNodeKeyImpl< DILocalVariable >::isKeyOf(), llvm::HexagonMCInstrInfo::isMemReorderDisabled(), llvm::HexagonMCInstrInfo::isMemStoreReorderEnabled(), llvm::HexagonMCInstrInfo::isOuterLoop(), llvm::rdf::DataFlowGraph::IsPreservingDef(), llvm::object::MachOObjectFile::isSectionBSS(), llvm::object::MachOObjectFile::isSectionData(), llvm::object::MachOObjectFile::isSectionText(), llvm::RuntimeDyldImpl::loadObjectImpl(), llvm::SelectionDAGBuilder::LowerAsSTATEPOINT(), llvm::HexagonTargetLowering::LowerCall(), llvm::NVPTXTargetLowering::LowerCall(), llvm::SparcTargetLowering::LowerCall_32(), llvm::FastISel::lowerCallTo(), llvm::TargetLowering::LowerCallTo(), llvm::HexagonTargetLowering::LowerFormalArguments(), llvm::SITargetLowering::LowerFormalArguments(), llvm::SparcTargetLowering::LowerFormalArguments_32(), llvm::HexagonTargetLowering::LowerINLINEASM(), makeStatepointExplicitImpl(), llvm::MapMetadata(), llvm::MapValue(), llvm::codeview::MemberAttributes::MemberAttributes(), llvm::object::MachOBindEntry::moveNext(), llvm::FastMathFlags::noInfs(), llvm::FastMathFlags::noNaNs(), llvm::FastMathFlags::noSignedZeros(), llvm::FastMathFlags::operator&=(), llvm::rdf::operator<<(), llvm::MachineInstr::print(), llvm::ARMAsmPrinter::PrintAsmOperand(), llvm::MipsAsmPrinter::PrintAsmOperand(), llvm::opt::OptTable::PrintHelp(), llvm::MCSectionELF::PrintSwitchToSection(), llvm::MIPrinter::printTargetFlags(), promoteExtBeforeAdd(), llvm::RemapFunction(), llvm::RemapInstruction(), llvm::SelectionDAGISel::SelectInlineAsmMemoryOperands(), llvm::TargetLoweringObjectFileELF::SelectSectionForGlobal(), llvm::FastMathFlags::setAllowReciprocal(), llvm::MCAssembler::setELFHeaderEFlags(), llvm::MachineInstr::setFlag(), llvm::MCSectionELF::setFlags(), llvm::MCDwarfLoc::setFlags(), llvm::MachineInstr::setFlags(), llvm::FastMathFlags::setNoInfs(), llvm::FastMathFlags::setNoNaNs(), llvm::FastMathFlags::setNoSignedZeros(), llvm::SCEVCommutativeExpr::setNoWrapFlags(), llvm::SCEVAddRecExpr::setNoWrapFlags(), llvm::FastMathFlags::setUnsafeAlgebra(), llvm::MipsTargetELFStreamer::setUsesMicroMips(), llvm::TargetLowering::SimplifyDemandedBits(), llvm::DINode::splitFlags(), StrengthenNoWrapFlags(), llvm::thinLTOInternalizeModule(), llvm::InductionDescriptor::transform(), llvm::FastMathFlags::unsafeAlgebra(), llvm::InstCombiner::visitFDiv(), llvm::MachObjectWriter::writeHeader(), and llvm::MachObjectWriter::writeObject().
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit only with trace pc guard and if LeakSanitizer is enabled try to detect memory leaks during fuzzer::If |
Definition at line 18 of file FuzzerDriver.cpp.
|
static |
Definition at line 41 of file FuzzerLoop.cpp.
|
static |
Definition at line 22 of file FuzzerSHA1.h.
Referenced by fuzzer::InputCorpus::AddToCorpus(), Hash(), and Sha1ToString().
|
static |
Definition at line 24 of file FuzzerIO.cpp.
Referenced by DupAndCloseStderr(), Printf(), and printSymbolizedStackTrace().
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If fuzzer::positive |
Definition at line 36 of file FuzzerDriver.cpp.
Definition at line 33 of file FuzzerTraceState.cpp.
Referenced by __sanitizer_weak_hook_memcmp(), __sanitizer_weak_hook_strcmp(), __sanitizer_weak_hook_strncmp(), fuzzer::TraceState::StartTraceRecording(), fuzzer::TraceState::StopTraceRecording(), and fuzzer::TraceState::TraceMemcmpCallback().
Definition at line 34 of file FuzzerTraceState.cpp.
Referenced by fuzzer::TraceState::AddInterestingWord(), and fuzzer::TraceState::StartTraceRecording().
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with fuzzer::runs |
Definition at line 44 of file FuzzerDriver.cpp.
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with fuzzer::strcmp |
Definition at line 44 of file FuzzerDriver.cpp.
Referenced by Eq(), llvm::Mips16HardFloatInfo::findFuncSignature(), llvm::MCSubtargetInfo::getSchedModelForCPU(), llvm::TargetLibraryInfo::hasOptimizedCodeGen(), llvm::inferLibFuncAttributes(), isF128SoftLibCall(), isFP128ABICall(), llvm::MachineOperand::isIdenticalTo(), LLVMFuzzerTestOneInput(), OptNameCompare(), llvm::NVPTXInstPrinter::printCmpMode(), llvm::NVPTXInstPrinter::printCvtMode(), llvm::NVPTXInstPrinter::printLdStCode(), printLeaMemReference(), llvm::NVPTXInstPrinter::printMemOperand(), llvm::SparcInstPrinter::printMemOperand(), printOperand(), llvm::AsmPrinter::PrintSpecial(), regatoi(), llvm::SelectionDAG::setSubgraphColor(), llvm::opt::StrCmpOptionName(), and SubNameCompare().
| TracePC fuzzer::TPC |
Definition at line 29 of file FuzzerTracePC.cpp.
Referenced by __attribute__(), __sanitizer_weak_hook_memcmp(), __sanitizer_weak_hook_strcmp(), __sanitizer_weak_hook_strncmp(), fuzzer::TracePC::AddValueForMemcmp(), fuzzer::TracePC::AddValueForStrcmp(), fuzzer::Fuzzer::CrashResistantMergeInternalStep(), fuzzer::Fuzzer::ExecuteCallback(), fuzzer::Fuzzer::FindExtraUnits(), fuzzer::Fuzzer::Fuzzer(), fuzzer::Fuzzer::Loop(), fuzzer::MutationDispatcher::Mutate_AddWordFromTORC(), fuzzer::Fuzzer::PrintFinalStats(), fuzzer::Fuzzer::RunOne(), llvm::InstructionSelect::runOnMachineFunction(), and llvm::Legalizer::runOnMachineFunction().
|
static |
Definition at line 182 of file FuzzerTraceState.cpp.
Referenced by __sanitizer_weak_hook_memcmp(), __sanitizer_weak_hook_memmem(), __sanitizer_weak_hook_strcasestr(), __sanitizer_weak_hook_strcmp(), __sanitizer_weak_hook_strncmp(), __sanitizer_weak_hook_strstr(), llvm::MCStreamer::EmitAssignment(), llvm::MipsAsmPrinter::EmitBasicBlockEnd(), llvm::ARMAsmPrinter::EmitEndOfAsmFile(), llvm::MipsAsmPrinter::EmitFunctionBodyEnd(), llvm::MipsAsmPrinter::EmitFunctionBodyStart(), llvm::MipsAsmPrinter::EmitFunctionEntryLabel(), llvm::AMDGPUAsmPrinter::EmitFunctionEntryLabel(), llvm::ARMAsmPrinter::EmitInstruction(), llvm::MipsAsmPrinter::EmitInstruction(), llvm::MCStreamer::EmitLabel(), llvm::MipsAsmPrinter::EmitStartOfAsmFile(), llvm::AMDGPUAsmPrinter::EmitStartOfAsmFile(), llvm::MCStreamer::Finish(), fuzzer::Fuzzer::InitializeTraceState(), and llvm::MipsAsmPrinter::printSavedRegsBitmask().
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If fuzzer::zero |
Definition at line 60 of file FuzzerDriver.cpp.
Referenced by llvm::BinaryOperator::CreateFNeg(), llvm::IRBuilder< TargetFolder >::CreateGlobalStringPtr(), llvm::BinaryOperator::CreateNeg(), llvm::BinaryOperator::CreateNSWNeg(), llvm::BinaryOperator::CreateNUWNeg(), and llvm::AMDGPUTargetLowering::LowerUDIVREM64().
1.8.6