Disable a dataflow fuzz test after "Have REQUIRES support the target triple"

See: https://lab.llvm.org/buildbot/#/builders/75/builds/8095/steps/8/logs/stdio

which shows:
unsupported option '-fsanit

Disable a dataflow fuzz test after "Have REQUIRES support the target triple"

See: https://lab.llvm.org/buildbot/#/builders/75/builds/8095/steps/8/logs/stdio

which shows:
unsupported option '-fsanitize=dataflow' for target 'i386-unknown-linux-gnu'

The other dataflow tests in the same directory were already disabled,
so I think it's fine to disable this one as well.

show more ...

[dfsan] Add full fast8 support

Complete support for fast8:
- amend shadow size and mapping in runtime
- remove fast16 mode and -dfsan-fast-16-labels flag
- remove legacy mode and make fast8 mode the

[dfsan] Add full fast8 support

Complete support for fast8:
- amend shadow size and mapping in runtime
- remove fast16 mode and -dfsan-fast-16-labels flag
- remove legacy mode and make fast8 mode the default
- remove dfsan-fast-8-labels flag
- remove functions in dfsan interface only applicable to legacy
- remove legacy-related instrumentation code and tests
- update documentation.

Reviewed By: stephan.yichao.zhao, browneee

Differential Revision: https://reviews.llvm.org/D103745

show more ...

[DFSan] Add efficient fast16labels instrumentation mode.

Adds the -fast-16-labels flag, which enables efficient instrumentation
for DFSan when the user needs <=16 labels. The instrumentation
elimin

[DFSan] Add efficient fast16labels instrumentation mode.

Adds the -fast-16-labels flag, which enables efficient instrumentation
for DFSan when the user needs <=16 labels. The instrumentation
eliminates most branches and most calls to __dfsan_union or
__dfsan_union_load.

Reviewed By: vitalybuka

Differential Revision: https://reviews.llvm.org/D84371

show more ...

[libFuzzer] Fix denominator in the "inputs have DFT" log line.

Summary:
The number of "inputs have the Data Flow Trace" cannot be greater than
the number of inputs touching the focus function. The e

[libFuzzer] Fix denominator in the "inputs have DFT" log line.

Summary:
The number of "inputs have the Data Flow Trace" cannot be greater than
the number of inputs touching the focus function. The existing message is rather
confusing as the same log would mention a greater total number of traces a few
lines above.

Reviewers: kcc, metzman

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D74779

show more ...

[libFuzzer] Make dataflow and focus functions more user friendly.

Summary:
- Fail loudly if SetFocusFunction failed when it should not. For more info see
- https://github.com/google/oss-fuzz/issue

[libFuzzer] Make dataflow and focus functions more user friendly.

Summary:
- Fail loudly if SetFocusFunction failed when it should not. For more info see
- https://github.com/google/oss-fuzz/issues/3311
- https://github.com/google/sanitizers/issues/1190
- Fail loudly if CollectDataFlow is called without seed corpus.

Reviewers: kcc, metzman

Subscribers: #sanitizers, llvm-commits

Tags: #sanitizers, #llvm

Differential Revision: https://reviews.llvm.org/D73813

show more ...

[libFuzzer] split DataFlow.cpp into two .cpp files, one of which can be compiled w/o dfsan to speed things up (~25% speedup)

llvm-svn: 364002

[libFuzzer] simplify the DFT trace collection using the new faster DFSan mode that traces up to 16 labels at a time and never runs out of labels. Second attempt. This time with a fix for windows (put

[libFuzzer] simplify the DFT trace collection using the new faster DFSan mode that traces up to 16 labels at a time and never runs out of labels. Second attempt. This time with a fix for windows (putenv instead of setenv))

llvm-svn: 363445

show more ...

Revert r363326 "[libFuzzer] simplify the DFT trace collection using the new faster DFSan mode that traces up to 16 labels at a time and never runs out of labels."

It broke the Windows build:

C:\b\s

Revert r363326 "[libFuzzer] simplify the DFT trace collection using the new faster DFSan mode that traces up to 16 labels at a time and never runs out of labels."

It broke the Windows build:

C:\b\s\w\ir\cache\builder\src\third_party\llvm\compiler-rt\lib\fuzzer\FuzzerDataFlowTrace.cpp(243): error C3861: 'setenv': identifier not found

This also reverts the follow-up r363327.

llvm-svn: 363358

show more ...

[libFuzzer] simplify the DFT trace collection using the new faster DFSan mode that traces up to 16 labels at a time and never runs out of labels.

llvm-svn: 363326

[libFuzzer] when using data-flow-trace (DFT) only load the DFT for the files present in the corpus

llvm-svn: 361579

[libFuzzer] remove the data-flow-trace (DFT) python scripts; their functionality is now part of libFuzzer proper; also write functions.txt to the disk only if this file doesn't exist yet

llvm-svn: 3

[libFuzzer] remove the data-flow-trace (DFT) python scripts; their functionality is now part of libFuzzer proper; also write functions.txt to the disk only if this file doesn't exist yet

llvm-svn: 361452

show more ...

[libFuzzer] reimplement DFT's collect_data_flow inside libFuzzer so that we don't need external python scripts

llvm-svn: 360712

[libFuzzer] implement -focus_function=auto, to be used with Data Flow Traces

llvm-svn: 360378

[libFuzzer] DFT: when dumping coverage, also dump the total number of instrumented blocks in a function; update merge_data_flow.py to merge coverage

llvm-svn: 360272

[libFuzzer] extend the test for data flow tracer and coverage; also hopefully fix it on the bot

llvm-svn: 360215

[libFuzzer] extend the data flow tracer to also produce basic block coverage for every input. An extended test coming in a separte change.

llvm-svn: 360213

Enable x86 builds

llvm-svn: 359583

[libFuzzer] Fix DataFlow.cpp logic when tracing long inputs.

Summary:
1. Do not create DFSan labels for the bytes which we do not trace. This is where we run out of labels at the first place.
2. Whe

[libFuzzer] Fix DataFlow.cpp logic when tracing long inputs.

Summary:
1. Do not create DFSan labels for the bytes which we do not trace. This is where we run out of labels at the first place.
2. When dumping the traces on the disk, make sure to offset the label identifiers by the number of the first byte in the trace range.
3. For the last label, make sure to write it at the last position of the trace bit string, as that label represents the input size, not any particular byte.

Also fixed the bug with division in python which I've introduced when migrated the scripts to Python3 (`//` is required for integral division).

Otherwise, the scripts are wasting too much time unsuccessfully trying to
collect and process traces from the long inputs. For more context, see
https://github.com/google/oss-fuzz/issues/1632#issuecomment-481761789

Reviewers: kcc

Reviewed By: kcc

Subscribers: delcypher, #sanitizers, llvm-commits

Tags: #llvm, #sanitizers

Differential Revision: https://reviews.llvm.org/D60538

llvm-svn: 358311

show more ...

[libFuzzer] Disable dataflow.test on AArch64.

Summary:
After my recent change to allow MSan + libFuzzer, the
ExplodeDFSanLabelsTest.cpp test started to overflow the stack with
recursive function Set

[libFuzzer] Disable dataflow.test on AArch64.

Summary:
After my recent change to allow MSan + libFuzzer, the
ExplodeDFSanLabelsTest.cpp test started to overflow the stack with
recursive function SetBytesForLabel() on an AArch64 bot. Perhaps that
bot has a smaller stack size, or maybe AArch64 has larger stack frames
for this particular function.

Reviewers: kcc, javed.absar

Reviewed By: kcc

Subscribers: kristof.beyls, llvm-commits

Differential Revision: https://reviews.llvm.org/D49150

llvm-svn: 336725

show more ...

[libFuzzer] initial implementation of -data_flow_trace. It parses the data flow trace and prints the summary, but doesn't use the information in any other way yet

llvm-svn: 334058

[libFuzzer] add collect_data_flow.py that allows to run the data-flow tracer several times on subsets of inputs bytes, to overcome DFSan out-of-label failures

llvm-svn: 333616

[libFuzzer] DataFlow tracer now tags a subset of the input. A separate script merges traces from the subsets

llvm-svn: 333149

[libFuzzer] fix two off-by-ones (!!) in the data flow tracer

llvm-svn: 333142

[libFuzzer] change the output format for the DataFlow tracer

llvm-svn: 333122

[libFuzzer] add a stress test for the DataFlow tracer

llvm-svn: 333119