Displaying 11 results from an estimated 11 matches for "fuzzerdriver".
2015 Sep 03
2
Fuzzing complex programs
...led as part of LLVM but
> it didn't get compiled when I built LLVM because I didn't build it
> with sanitize-coverage enabled. Now I can't get it to build because I
> get errors like:
>
> $ for i in *.cpp ; do clang -c -std=c++11 $i ; done
> $ clang -std=c++11 *.o
> FuzzerDriver.o: In function `fuzzer::ReadTokensFile(char const*)':
> FuzzerDriver.cpp:(.text+0x56): undefined reference to
> `std::allocator<char>::allocator()'
> FuzzerDriver.cpp:(.text+0x6d): undefined reference to
> `std::__cxx11::basic_string<char, std::char_traits<char>,...
2015 Dec 02
2
fuzzer crash (but not the good kind)
...ctor<unsigned char,
std::allocator<unsigned char> > const&)
/home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerLoop.cpp:212:3
#5 0x1b6be3 in fuzzer::Fuzzer::ShuffleAndMinimize()
/home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerLoop.cpp:195:11
#6 0x14477b in fuzzer::FuzzerDriver(std::vector<std::string,
std::allocator<std::string> > const&, fuzzer::UserSuppliedFuzzer&)
/home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerDriver.cpp:303:3
#7 0x14183f in fuzzer::FuzzerDriver(int, char**,
fuzzer::UserSuppliedFuzzer&)
/home/brian/src/fuzzpy/llvm_s...
2015 Dec 03
2
fuzzer crash (but not the good kind)
...r<unsigned char> > const&)
>> /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerLoop.cpp:212:3
>> #5 0x1b6be3 in fuzzer::Fuzzer::ShuffleAndMinimize()
>> /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerLoop.cpp:195:11
>> #6 0x14477b in fuzzer::FuzzerDriver(std::vector<std::string,
>> std::allocator<std::string> > const&, fuzzer::UserSuppliedFuzzer&)
>> /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerDriver.cpp:303:3
>> #7 0x14183f in fuzzer::FuzzerDriver(int, char**,
>> fuzzer::UserSuppliedFuzzer...
2015 Aug 30
4
Fuzzing complex programs
I have a project I want to do based on Libfuzzer. Is there a separate
list for it or should I bring up any ideas for it here?
What I have in mind is to fuzz Postgres. Trying to fuzz the SQL
interpreter in general
is not very productive because traditional fuzzers try to execute the
entire program repeatedly and it has a fairly high startup and
shutdown cost. Also the instrumentation-guided
2015 Dec 03
2
fuzzer crash (but not the good kind)
...t&)
>>>> /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerLoop.cpp:212:3
>>>> #5 0x1b6be3 in fuzzer::Fuzzer::ShuffleAndMinimize()
>>>> /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerLoop.cpp:195:11
>>>> #6 0x14477b in fuzzer::FuzzerDriver(std::vector<std::string,
>>>> std::allocator<std::string> > const&, fuzzer::UserSuppliedFuzzer&)
>>>> /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerDriver.cpp:303:3
>>>> #7 0x14183f in fuzzer::FuzzerDriver(int, char**,
>>>...
2015 Aug 11
3
libfuzzer questions
First off, thanks -- this is a pretty great library and it feels like I'm
learning a lot. I'm getting some more experience with libfuzzer and
finding that I have a couple of questions:
- How does libfuzzer decide to write a new test file? What distinguishes
this one from all the other cases for which new test inputs were not
written? Must be something about the path taken through the
2015 Aug 11
3
libfuzzer questions
...VectorOfUnits (Path=0x60300000eef0 "tests/testplist/inputs/", V=0x7fffd956e5e0, Epoch=0x7fffd956f580)
#40 0x000000000057b99e in fuzzer::Fuzzer::RereadOutputCorpus (this=0x7fffd956f440) at /home/brian/tmp/testing/llvm_src//llvm/lib/Fuzzer/FuzzerLoop.cpp:89
#41 0x000000000050b9fc in fuzzer::FuzzerDriver (argc=7, argv=0x7fffd95703e8, USF=...) at /home/brian/tmp/testing/llvm_src//llvm/lib/Fuzzer/FuzzerDriver.cpp:273
#42 0x00000000005095fc in fuzzer::FuzzerDriver (argc=7, argv=0x7fffd95703e8, Callback=0x5d0880 <LLVMFuzzerTestOneInput(unsigned char const*, unsigned long)>)
#43 0x00000000005598cf...
2017 Aug 24
3
Building LLVM's fuzzers
...@@ -16,6 +16,10 @@ extern "C" {
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
} // extern "C"
+__attribute__((weak)) void nop(void *p) {}
+extern void *__start___sancov_pcs;
+
int main(int argc, char **argv) {
+ nop(__start___sancov_pcs);
return fuzzer::FuzzerDriver(&argc, &argv, LLVMFuzzerTestOneInput);
}
The problem also goes away if I use "GNU ld (GNU Binutils)
2.28.51.20170105".
Peter
>
>
>
>
>
>>
>> Peter
>>
>>
>>>
>>>>
>>>> Kostya Serebryany <kcc at google....
2017 Aug 25
2
Building LLVM's fuzzers
...nt8_t *Data, size_t Size);
> > } // extern "C"
> >
> > +__attribute__((weak)) void nop(void *p) {}
> > +extern void *__start___sancov_pcs;
> > +
> > int main(int argc, char **argv) {
> > + nop(__start___sancov_pcs);
> > return fuzzer::FuzzerDriver(&argc, &argv, LLVMFuzzerTestOneInput);
> > }
>
> If we were to do this, we'd have to guard it appropriately - not all
> platforms name the __start symbols like this.
>
Of course. There's also the issue of how to keep the symbols alive in DSOs.
> The problem a...
2017 Sep 11
2
Building LLVM's fuzzers
...;C"
>>> >
>>> > +__attribute__((weak)) void nop(void *p) {}
>>> > +extern void *__start___sancov_pcs;
>>> > +
>>> > int main(int argc, char **argv) {
>>> > + nop(__start___sancov_pcs);
>>> > return fuzzer::FuzzerDriver(&argc, &argv, LLVMFuzzerTestOneInput);
>>> > }
>>>
>>> If we were to do this, we'd have to guard it appropriately - not all
>>> platforms name the __start symbols like this.
>>>
>>
>> Of course. There's also the issue of h...
2017 Aug 24
4
Building LLVM's fuzzers
On Thu, Aug 24, 2017 at 3:21 PM, Kostya Serebryany via llvm-dev <
llvm-dev at lists.llvm.org> wrote:
>
>
> On Thu, Aug 24, 2017 at 3:20 PM, Justin Bogner <mail at justinbogner.com>
> wrote:
>
>> I think the simplest fix is something like this:
>>
>> diff --git a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
>>