[libFuzzer] Use octal instead of hex escape sequences in PrintASCII

Previously, PrintASCII would print the string "\ta" as "\x09a". However,
in C/C++ those strings are not the same: the trailing 'a'

[libFuzzer] Use octal instead of hex escape sequences in PrintASCII

Previously, PrintASCII would print the string "\ta" as "\x09a". However,
in C/C++ those strings are not the same: the trailing 'a' is part of the
escape sequence, which means it's equivalent to "\x9a". This is an
annoying quirk of the standard. (See
https://eel.is/c++draft/lex.ccon#nt:hexadecimal-escape-sequence)

To fix this, output three-digit octal escape sequences instead. Since
octal escapes are limited to max three digits, this avoids the problem
of subsequent characters unintentionally becoming part of the escape
sequence.

Dictionary files still use the non-C-compatible hex escapes, but I
believe we can't change the format since it comes from AFL, and
libfuzzer never writes such files, it only has to read them, so they're
not affected by this change.

Differential revision: https://reviews.llvm.org/D110920

show more ...

[libFuzzer] replace Vector/Set with std::vector/std::set. The custom names are not required any more since we now build with a private version of libc++. Fix some of the 81+ character lines. Mechanic

[libFuzzer] replace Vector/Set with std::vector/std::set. The custom names are not required any more since we now build with a private version of libc++. Fix some of the 81+ character lines. Mechanical change, NFC expected.

[libFuzzer] replace Vector/Set with std::vector/std::set.

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D107374

show more ...

[fuzzer] Print reloaded file paths

In order to integrate libFuzzer with a dynamic symbolic execution tool
Sydr we need to print loaded file paths.

Reviewed By: morehouse

Differential Revision: htt

[fuzzer] Print reloaded file paths

In order to integrate libFuzzer with a dynamic symbolic execution tool
Sydr we need to print loaded file paths.

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D100303

show more ...

[libFuzzer] Add a command-line option for tracing mutation of corpus inputs in the dot graph format.

This patch adds a new command-line option -mutation_graph_file=FILE for
debugging purposes, which

[libFuzzer] Add a command-line option for tracing mutation of corpus inputs in the dot graph format.

This patch adds a new command-line option -mutation_graph_file=FILE for
debugging purposes, which traces how corpus inputs evolve during a fuzzing
run. For each new input that is added to the corpus, a new vertex corresponding
to the added input, as well as a new edge that connects its base input to itself
are written to the given file. Each vertex is labeled with the filename of the
input, and each edge is labeled with the mutation sequence that led to the input
w.r.t. its base input.

The format of the mutation graph file is the dot file format. Once prepended and
appended with "graph {" and "}", respectively, the graph becomes a valid dot
file and can be visualized.

Differential Revision: https://reviews.llvm.org/D86560

show more ...

[fuzzer] Create user provided fuzzer writeable directories when requested if they dont exist

Currently, libFuzzer will exit with an error message if a non-existent
directory is provided for any of t

[fuzzer] Create user provided fuzzer writeable directories when requested if they dont exist

Currently, libFuzzer will exit with an error message if a non-existent
directory is provided for any of the appropriate arguments. For cases
where libFuzzer is used in a specialized embedded environment, it would
be much easier to have libFuzzer create the directories for the user.

This patch accommodates for this scenario by allowing the user to provide
the argument `-create_missing_dirs=1` which makes libFuzzer attempt to
create the `artifact_prefix`, `exact_artifact_path`,
`features_dir` and/or corpus directory if they don't already exist rather
than throw an error and exit.

Split off from D84808 as requested [here](https://reviews.llvm.org/D84808#2208546).

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86733

show more ...

Revert "[fuzzer] Create user provided fuzzer writeable directories when requested if they dont exist"

This reverts commit cb8912799d4372a3a1c0bf528bb4c4885caf4c45, since the
test fails on Windows.

[fuzzer] Create user provided fuzzer writeable directories when requested if they dont exist

Currently, libFuzzer will exit with an error message if a non-existent
directory is provided for any of t

[fuzzer] Create user provided fuzzer writeable directories when requested if they dont exist

Currently, libFuzzer will exit with an error message if a non-existent
directory is provided for any of the appropriate arguments. For cases
where libFuzzer is used in a specialized embedded environment, it would
be much easier to have libFuzzer create the directories for the user.

This patch accommodates for this scenario by allowing the user to provide
the argument `-create_missing_dirs=1` which makes libFuzzer attempt to
create the `artifact_prefix`, `exact_artifact_path`,
`features_dir` and/or corpus directory if they don't already exist rather
than throw an error and exit.

Split off from D84808 as requested [here](https://reviews.llvm.org/D84808#2208546).

Reviewed By: morehouse

Differential Revision: https://reviews.llvm.org/D86733

show more ...

Reland "[NFC][libFuzzer] Prefix TempPath with string showing the work it is doing."

With fix (somehow one hunk is missed).

Revert "[NFC][libFuzzer] Prefix TempPath with string showing the work it is doing."

This reverts commit 8a29cb4421f1196bc40c4db5298ca13df516bf19.

fuzzer-linux bot has failure because of this.

[NFC][libFuzzer] Prefix TempPath with string showing the work it is doing.

[libFuzzer] Fix fd check in DupAndCloseStderr.

Summary:
This commit fixes the check in the return value from the `DuplicateFile`
function, which returns a new file descriptor. `DuplicateFile` can
re

[libFuzzer] Fix fd check in DupAndCloseStderr.

Summary:
This commit fixes the check in the return value from the `DuplicateFile`
function, which returns a new file descriptor. `DuplicateFile` can
return 0 if that file descriptor is available (for example, if stdin has
already been closed).

In particular, this could cause a bug with the `-close_fd_mask` flag in
some platforms: just call the fuzzer with stdin closed and the
`-close_fd_mask=2` flag, and stderr will not be muted.

Example fuzzer:

```

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) {
fprintf(stderr, "STDERR\n");
fprintf(stdout, "STDOUT\n");
return 0;
}
```

Invocation (muting both stderr and stdout):
```
./test -close_fd_mask=3 -runs=1 0<&-
INFO: Seed: 1155116940
INFO: Loaded 1 modules (1 inline 8-bit counters): 1 [0x48b020, 0x48b021),
INFO: Loaded 1 PC tables (1 PCs): 1 [0x478dc8,0x478dd8),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
STDERR
INFO: A corpus is not provided, starting from an empty corpus
STDERR
Done 2 runs in 0 second(s)
```

Reviewers: mcgrathr, jakehehrlich, phosek, kcc, aarongreen

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D68775

show more ...

[libFuzzer] Replace -seed_corpus to better support fork mode on Win

Summary:
Pass seed corpus list in a file to get around argument length limits on Windows.
This limit was preventing many uses of f

[libFuzzer] Replace -seed_corpus to better support fork mode on Win

Summary:
Pass seed corpus list in a file to get around argument length limits on Windows.
This limit was preventing many uses of fork mode on Windows.

Reviewers: kcc, morehouse

Reviewed By: kcc

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D60980

llvm-svn: 359610

show more ...

[libFuzzer] add -features_dir= flag to dump unique input features on disk

llvm-svn: 358317

Use binary write mode in WriteToFile function to avoid appended \r characters on Windows

Summary:
When using libfuzzer on Windows, in the contents of a crash sample, bytes that can be mistaken for a

Use binary write mode in WriteToFile function to avoid appended \r characters on Windows

Summary:
When using libfuzzer on Windows, in the contents of a crash sample, bytes that can be mistaken for a \n are replaced by a \r\n sequence. As a consequence, crashes are not reproducible. This patch will open files in binary mode to fix this issue. The patch does not affect POSIX systems.

Patch by tuktuk

Reviewers: kcc, vitalybuka

Reviewed By: vitalybuka

Subscribers: dexonsmith, jdoerfert, llvm-commits, #sanitizers

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D60008

llvm-svn: 357807

show more ...

[libFuzzer] form mode: add -ignore_crashes flag, honor the max_total_time flag, print the number of ooms/timeouts/crashes, fix a typo

llvm-svn: 354175

[libFuzzer] a bit of refactoring of the fork mode

llvm-svn: 353910

[libFuzzer] move the implementation of the fork mode into a separate file

llvm-svn: 353891

[libFuzzer] make the fork mode less verbose

llvm-svn: 353794

[libFuzzer] extend the -fork=1 functionality. Still not fully usable, but good enough for the first unit test

llvm-svn: 353775

Update the file headers across all of the LLVM projects in the monorepo
to reflect the new license.

We understand that people may be surprised that we're moving the header
entirely to discuss the ne

Update the file headers across all of the LLVM projects in the monorepo
to reflect the new license.

We understand that people may be surprised that we're moving the header
entirely to discuss the new license. We checked this carefully with the
Foundation's lawyer and we believe this is the correct approach.

Essentially, all code in the project is now made available by the LLVM
project under our new license, so you will see that the license headers
include that license only. Some of our contributors have contributed
code under our old license, and accordingly, we have retained a copy of
our old license notice in the top-level files in each project and
repository.

llvm-svn: 351636

show more ...

[fuzzer] Read files as binary

Summary: Read corpus files as binary to avoid automatic conversions

Reviewers: Dor1s, morehouse

Reviewed By: Dor1s, morehouse

Differential Revision: https://reviews.

[fuzzer] Read files as binary

Summary: Read corpus files as binary to avoid automatic conversions

Reviewers: Dor1s, morehouse

Reviewed By: Dor1s, morehouse

Differential Revision: https://reviews.llvm.org/D54180

llvm-svn: 346279

show more ...

[libFuzzer] Port to Windows

Summary:
Port libFuzzer to windows-msvc.
This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It a

[libFuzzer] Port to Windows

Summary:
Port libFuzzer to windows-msvc.
This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well.
It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch.
It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them.

Patch By: metzman

Reviewers: morehouse, rnk

Reviewed By: morehouse, rnk

Subscribers: #sanitizers, delcypher, morehouse, kcc, eraman

Differential Revision: https://reviews.llvm.org/D51022

llvm-svn: 341082

show more ...

Revert "[libFuzzer] Port to Windows"

This reverts r340949 due to bot breakage again.

llvm-svn: 340954

[libFuzzer] Port to Windows

Summary:
Port libFuzzer to windows-msvc.
This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It a

[libFuzzer] Port to Windows

Summary:
Port libFuzzer to windows-msvc.
This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well.
It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch.
It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them.

Reviewers: morehouse, rnk

Reviewed By: morehouse, rnk

Subscribers: #sanitizers, delcypher, morehouse, kcc, eraman

Differential Revision: https://reviews.llvm.org/D51022

llvm-svn: 340949

show more ...

Revert "[libFuzzer] Port to Windows"

This reverts commit r340860 due to failing tests.

llvm-svn: 340867