r342698 removed the 'UNSUPPORTED: windows' flags from a number of fuzzer
tests, however too many lines were removed from 'fuzzer-flags.test',
including the run-line that generates the test binary, which breaks that
test for me (and the clang-x64-ninja-win7 buildbot). This patch just
re-adds that line.

llvm-svn: 342720

Summary:
Replace FuzzerExtFunctionsDlsymWin.cpp with FuzzerExtFunctionsWeakAlias.cpp
to get externally defined functions (eg: LLVMFuzzerInitialize,
LLVMFuzzerCustomMutator, etc) working again.

Also enable tests that depended on these functions (on windows)

Reviewers: rnk, morehouse

Reviewed By: rnk, morehouse

Subscribers: rnk, morehouse, mgorny

Differential Revision: https://reviews.llvm.org/D51700

llvm-svn: 342698

Test no longer finds the BINGO on clang-cmake-aarch64-full bot, and I
can't reproduce on our ARM machine.

llvm-svn: 342255

Summary:
Enables trace-malloc-unbalanced.test on Windows, fixing two problems it had with Windows before.
The first fix is specifying python instead of relying on a script's shebang since they can't be used on Windows.
The second fix is making the regex tolerate windows' implementation of the "%p" format string.

Reviewers: Dor1s

Reviewed By: Dor1s

Subscribers: morehouse

Differential Revision: https://reviews.llvm.org/D51760

llvm-svn: 341632

Summary:
When targeting MSVC: compile using clang's cl driver mode (this is needed for
libfuzzer's exit_on_src_pos feature). Don't use -lstdc++ when linking,
it isn't needed and causes a warning.
On Windows: Fix exit_on_src_pos.test by making sure debug info isn't
overwritten during compilation of second binary by using .exe extension.

Reviewers: morehouse

Reviewed By: morehouse

Subscribers: aprantl, JDevlieghere

Differential Revision: https://reviews.llvm.org/D51757

llvm-svn: 341622

Differential Revision: https://reviews.llvm.org/D51739

llvm-svn: 341569

Summary: Patch by Jonathan Metzman (@metzman).

Reviewers: Dor1s, morehouse

Reviewed By: Dor1s

Subscribers: delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D51735

llvm-svn: 341562

Summary:
Patch by Jonathan Metzman (@metzman).


Reviewers: morehouse, Dor1s

Reviewed By: Dor1s

Subscribers: kcc, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D51712

llvm-svn: 341514

Summary: Memmem is not available on Windows.

Patch By: metzman

Reviewers: morehouse

Reviewed By: morehouse

Subscribers: george.karpenkov, morehouse

Differential Revision: https://reviews.llvm.org/D51692

llvm-svn: 341495

Summary:
Remove unneeded #include of <unistd.h> from SymbolizeDeadlock.cpp to
enable compilation on Windows and enable symbolize-deadlock.test on
Windows.

Patch by Jonathan Metzman (@metzman).

Reviewers: Dor1s

Reviewed By: Dor1s

Subscribers: kcc, delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D51685

llvm-svn: 341473

Summary:
Enable tests on Windows and make check-fuzzer pass on it.  Make
check-fuzzer pass on Windows by fixing libFuzzer, fixing tests, and by
disabling tests on Windows. Most of these are disabled temporarily as
support for the tests and the features they test will be added
incrementally.  Other tests will not be enabled since they require
things that are not on Windows (eg: afl_driver tests).  Every test
that was explicitly disabled on Windows has a comment explaining why
(unless obvious like merge-posix.test).

The lit.cfg file was modified to support running tests on windows.
fuzzer-dirs.test was fixed by making the Windows implementation print
the same error message as the posix version.
merge-control-file.test was fixed by making the test binary end with
the ".exe" extension (on all platforms).

Patch By: metzman

Reviewers: morehouse

Reviewed By: morehouse

Subscribers: srhines, mgorny

Differential Revision: https://reviews.llvm.org/D51549

llvm-svn: 341385

Summary:
This was an experimental feature. After evaluating it with:

1) https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison

2) enabling on real world fuzz targets running at ClusterFuzz and OSS-Fuzz

The following conclusions were made:

1) With fuzz targets that have reached a code coverage plateau, the feature does
   not improve libFuzzer's ability to discover new coverage and may actually
   negatively impact it.

2) With fuzz targets that have not yet reached a code coverage plateau, the
   feature might speed up new units discovery in some cases, but it is quite
   rare and hard to confirm with a high level on confidence.

Revert of https://reviews.llvm.org/D48054 and https://reviews.llvm.org/D49621.

Reviewers: metzman, morehouse

Reviewed By: metzman, morehouse

Subscribers: delcypher, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D51455

llvm-svn: 340976

Split off from D50251.

llvm-svn: 339996

Summary:
Without this metadata LLD strips unused PC table entries
but won't strip unused guards.  This metadata also seems
to influence the linker to change the ordering in the PC
guard section to match that of the PC table section.

The libFuzzer runtime library depends on the ordering
of the PC table and PC guard sections being the same.  This
is not generally guaranteed, so we may need to redesign
PC tables/guards/counters in the future.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: kcc, hiraditya, llvm-commits

Differential Revision: https://reviews.llvm.org/D50483

llvm-svn: 339733

After https://reviews.llvm.org/D48800, shrink.test started failing on
x86_64h architecture.
Looking into this, the optimization pass is too eager to unroll the loop
on x86_64h, possibly leading to worse coverage data.

Alternative solutions include not unrolling the loop when fuzzing, or
disabling this test on that architecture.

Differential Revision: https://reviews.llvm.org/D50484

llvm-svn: 339303

Summary:
Follow-up for https://reviews.llvm.org/D50264. Reported by testbots:
http://lab.llvm.org:8011/builders/clang-cmake-aarch64-full/builds/5592

Reviewers: morehouse, kevinwkt, metzman, javed.absar, Dor1s

Reviewed By: Dor1s

Subscribers: kristof.beyls, delcypher, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D50386

llvm-svn: 339143

Summary:
There may be cases in which a user wants to know which part of their code is unstable.
We use ObservedFuncs and UnstableCounters to print at exit which of the ObservedFunctions
are unstable under the -print_unstable_stats flag.

Patch by Kyungtak Woo (@kevinwkt).

Reviewers: Dor1s, metzman, morehouse

Reviewed By: Dor1s, metzman, morehouse

Subscribers: delcypher, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D50264

llvm-svn: 339081

Summary:
Added functions that calculate stats while fuzz targets are running and give
mutations weight based on how much new coverage they provide, and choose better
performing mutations more often.

Patch by Kodé Williams (@kodewilliams).

Reviewers: Dor1s, metzman, morehouse

Reviewed By: Dor1s, morehouse

Subscribers: delcypher, kcc, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D49621

llvm-svn: 338776

[libFuzzer] use absolute distance in addition to the hamming distance in value profiling; our A/B testing have (somewhat weak) indication that this provides an additional signal for corpus expansion

llvm-svn: 338661

Summary:
This is a compiler-rt part.
The clang part is D48958.

See [[ https://bugs.llvm.org/show_bug.cgi?id=21530 | PR21530 ]], https://github.com/google/sanitizers/issues/940.

Reviewers: #sanitizers, samsonov, vsk, rsmith, pcc, eugenis, kcc, filcab

Reviewed By: #sanitizers, vsk, filcab

Subscribers: llvm-commits, eugenis, filcab, kubamracek, dberris, #sanitizers, regehr

Tags: #sanitizers

Differential Revision: https://reviews.llvm.org/D48959

llvm-svn: 338287

Summary:
This change should fix the failures mentioned in
https://reviews.llvm.org/D49684#1175245

Reviewers: kevinwkt, morehouse, metzman

Reviewed By: kevinwkt, morehouse

Subscribers: kristof.beyls, delcypher, chrib, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D49810

llvm-svn: 337949

Summary:
Added a new mode within flag -handle_unstable for new unstable handling algorithm that does the following:
    When an edge is shown as unstable, copy to UnstableCounters the value 0.
    During ApplyUnstableCounters we copy back the value 0 to ModuleInline8bitCounters if the edge was unstable.

This way we would be ignoring completely features that were collected through non-determinism.
Unstable hits would be counted as if it never hit.

Reviewers: metzman, Dor1s, kcc, morehouse

Reviewed By: metzman, morehouse

Subscribers: delcypher, llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D49684

llvm-svn: 337853

Summary:
Created unstable_handle flag that takes 1 or 2, depending on the handling type.
Modified RunOne to accommodate the following heuristic:
    Use the first CollectFeatures to count how many features there are.
    If no new features, CollectFeatures like before.
    If there is new feature, we run CB 2 more times,
        Check which edges are unstable per input and we store the least amount of hit counts for each edge.
        Apply these hit counts back to inline8bitcounters so that CollectFeatures can work as intended.
Modified UnstableCounters to 8int_t and created a bitset UnstableSet to tell which edges are unstable.

Patch by Kyungtak Woo (@kevinwkt).

Reviewers: Dor1s, metzman, morehouse

Reviewed By: Dor1s, morehouse

Subscribers: delcypher, #sanitizers, llvm-commits, kcc

Differential Revision: https://reviews.llvm.org/D49525

llvm-svn: 337696

Previously, check-all failed many tests for me.  It was running the
X86_64DefaultLinuxConfig, X86_64LibcxxLinuxConfig, and
X86_64StaticLibcxxLinuxConfig configs out of
llvm-build/projects/compiler-rt/test/fuzzer.  Now, it runs them out of
separate subdirectories there, and most tests pass.

Reviewed By: morehouse, george.karpenkov

Differential Revision: https://reviews.llvm.org/D49249

llvm-svn: 337521

[libFuzzer] when -print_coverage=1 is given, print more stats (the number of seeds that hit every given function)

llvm-svn: 337501

llvm-svn: 337436

llvm-svn: 337434

Summary:
Code now exists to track number of mutations that are used in fuzzing in total
and ones that produce new coverage. The stats are currently being dumped to the
command line.

Patch by Kodé Williams (@kodewilliams).

Reviewers: metzman, Dor1s, morehouse, kcc

Reviewed By: Dor1s, morehouse, kcc

Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny

Differential Revision: https://reviews.llvm.org/D48054

llvm-svn: 337324

This is a fix for bug 37047.

https://bugs.llvm.org/show_bug.cgi?id=37047

Implemented by basically reversing the logic. Previously all strings
were considered, with some operations excluded. Now strings are excluded
by default, and only strings during the CB considered.

Patch By: pdknsk

Differential Revision: https://reviews.llvm.org/D48800

llvm-svn: 337296

Summary:
STL can cause MSan false positives if lib[std]c++ isn't instrumented
with MSan.

Reviewers: kcc

Reviewed By: kcc

Subscribers: Dor1s, llvm-commits

Differential Revision: https://reviews.llvm.org/D49404

llvm-svn: 337224

llvm-svn: 337206

to test deps for libfuzzer when they're not supported by the platform

llvm-svn: 337203

Summary:
Code now exists to track number of mutations that are used in fuzzing in total
and ones that produce new coverage. The stats are currently being dumped to the
command line.

Patch by Kodé Williams (@kodewilliams).

Reviewers: metzman, Dor1s, morehouse, kcc

Reviewed By: Dor1s, morehouse, kcc

Subscribers: delcypher, kubamracek, kcc, morehouse, llvm-commits, #sanitizers, mgorny

Differential Revision: https://reviews.llvm.org/D48054

llvm-svn: 337194

Required now that we have tests using MSan and DFSan.

llvm-svn: 337193

Summary:
Created a -print_unstable_stats flag.
When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array.
On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does.

Patch by Kyungtak Woo (@kevinwkt).

Reviewers: metzman, Dor1s, kcc, morehouse

Reviewed By: metzman, Dor1s, morehouse

Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s

Differential Revision: https://reviews.llvm.org/D49212

llvm-svn: 337187

llvm-svn: 337180

Summary:
Created a -print_unstable_stats flag.
When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array.
On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does.

Patch by Kyungtak Woo (@kevinwkt).

Reviewers: metzman, Dor1s, kcc, morehouse

Reviewed By: metzman, Dor1s, morehouse

Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s

Differential Revision: https://reviews.llvm.org/D49212

llvm-svn: 337175

The test is flaky otherwise on some of our macOS machines in the test fleet.

Differential Revision: https://reviews.llvm.org/D49277

llvm-svn: 336966

Summary:
This allows counters associated with unused functions to be
dead-stripped along with their functions.  This approach is the same one
we used for PC tables.

Fixes an issue where LLD removes an unused PC table but leaves the 8-bit
counter.

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: llvm-commits, hiraditya, kcc

Differential Revision: https://reviews.llvm.org/D49264

llvm-svn: 336941

Since we now have a test that requires LLD, make sure it is built before
that test runs.

llvm-svn: 336932