Index: docs/LibFuzzer.rst =================================================================== --- docs/LibFuzzer.rst +++ docs/LibFuzzer.rst @@ -624,12 +624,15 @@ Developing libFuzzer ==================== -Building libFuzzer as a part of LLVM project and running its test requires -fresh clang as the host compiler and special CMake configuration: +LibFuzzer is built as a part of LLVM project by default on macos and Linux. +Users of other operating systems can explicitly request compilation using +``-DLIBFUZZER_ENABLE=YES`` flag. +Tests are run using ``check-fuzzer`` target from the build directory +(note that tests will take a long time to run if the compiler was compiled +without optimizations): .. code-block:: console - cmake -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DLLVM_USE_SANITIZER=Address -DLLVM_USE_SANITIZE_COVERAGE=YES -DCMAKE_BUILD_TYPE=Release -DLLVM_ENABLE_ASSERTIONS=ON /path/to/llvm ninja check-fuzzer Index: lib/Fuzzer/CMakeLists.txt =================================================================== --- lib/Fuzzer/CMakeLists.txt +++ lib/Fuzzer/CMakeLists.txt @@ -13,22 +13,17 @@ endif() endif() -set(LIBFUZZER_FLAGS_BASE "${CMAKE_CXX_FLAGS}") -if( LLVM_USE_SANITIZE_COVERAGE ) - if(NOT "${LLVM_USE_SANITIZER}" STREQUAL "Address") - message(FATAL_ERROR - "LibFuzzer and its tests require LLVM_USE_SANITIZER=Address and " - "LLVM_USE_SANITIZE_COVERAGE=YES to be set." - ) - endif() - - # Disable the coverage and sanitizer instrumentation for the fuzzer itself. - set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=trace-pc-guard,edge,trace-cmp,indirect-calls,8bit-counters -Werror") +if (CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux") + set(LIBFUZZER_ENABLED_CHECK ON) +else() + set(LIBFUZZER_ENABLED_CHECK OFF) endif() # Compile libFuzzer if the compilation is specifically requested, OR # if the platform is known to be working. -if ( LLVM_USE_SANITIZE_COVERAGE OR CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux" ) +set(LIBFUZZER_ENABLE ${LIBFUZZER_ENABLED_CHECK} CACHE BOOL "Build libFuzzer and its tests") + +if (LIBFUZZER_ENABLE) add_library(LLVMFuzzerNoMainObjects OBJECT FuzzerCrossOver.cpp FuzzerDriver.cpp @@ -63,6 +58,7 @@ target_link_libraries(LLVMFuzzer ${LLVM_PTHREAD_LIB}) endif() -if( LLVM_USE_SANITIZE_COVERAGE AND LLVM_INCLUDE_TESTS ) + +if (LLVM_INCLUDE_TESTS AND LIBFUZZER_ENABLE) add_subdirectory(test) endif() Index: lib/Fuzzer/test/CMakeLists.txt =================================================================== --- lib/Fuzzer/test/CMakeLists.txt +++ lib/Fuzzer/test/CMakeLists.txt @@ -8,15 +8,11 @@ CMAKE_CXX_FLAGS_DEBUG CMAKE_CXX_FLAGS_RELWITHDEBINFO CMAKE_CXX_FLAGS_MINSIZEREL - LIBFUZZER_FLAGS_BASE ) foreach (VARNAME ${variables_to_filter}) string(REGEX REPLACE "([-/]O)[123s]" "\\10" ${VARNAME} "${${VARNAME}}") endforeach() -# Enable the coverage instrumentation (it is disabled for the Fuzzer lib). -set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp,trace-div,trace-gep -gline-tables-only") - if(MSVC) # For tests use the CRT specified for release build # (asan doesn't support MDd and MTd) @@ -39,105 +35,6 @@ set(CMAKE_CXX_CREATE_SHARED_LIBRARY " ${CMAKE_CXX_FLAGS} ${CRT_FLAG} /LD -o /link ") endif() -add_custom_target(TestBinaries) - -# add_libfuzzer_test( -# SOURCES source0.cpp [source1.cpp ...] -# ) -# -# Declares a LibFuzzer test executable with target name LLVMFuzzer-. -# -# One or more source files to be compiled into the binary must be declared -# after the SOURCES keyword. -function(add_libfuzzer_test name) - set(multi_arg_options "SOURCES") - cmake_parse_arguments( - "add_libfuzzer_test" "" "" "${multi_arg_options}" ${ARGN}) - if ("${add_libfuzzer_test_SOURCES}" STREQUAL "") - message(FATAL_ERROR "Source files must be specified") - endif() - add_executable(LLVMFuzzer-${name} - ${add_libfuzzer_test_SOURCES} - ) - target_link_libraries(LLVMFuzzer-${name} LLVMFuzzer) - # Place binary where llvm-lit expects to find it - set_target_properties(LLVMFuzzer-${name} - PROPERTIES RUNTIME_OUTPUT_DIRECTORY - "${CMAKE_BINARY_DIR}/lib/Fuzzer/test" - ) - add_dependencies(TestBinaries LLVMFuzzer-${name}) -endfunction() - -############################################################################### -# Basic tests -############################################################################### - -set(Tests - AbsNegAndConstantTest - AbsNegAndConstant64Test - AccumulateAllocationsTest - BadStrcmpTest - BogusInitializeTest - BufferOverflowOnInput - CallerCalleeTest - CleanseTest - CounterTest - CustomCrossOverAndMutateTest - CustomCrossOverTest - CustomMutatorTest - CxxStringEqTest - DeepRecursionTest - DivTest - EmptyTest - EquivalenceATest - EquivalenceBTest - FlagsTest - FourIndependentBranchesTest - FullCoverageSetTest - InitializeTest - Memcmp64BytesTest - MemcmpTest - LeakTest - LeakTimeoutTest - LoadTest - NullDerefTest - NullDerefOnEmptyTest - NthRunCrashTest - OneHugeAllocTest - OutOfMemoryTest - OutOfMemorySingleLargeMallocTest - OverwriteInputTest - RepeatedMemcmp - RepeatedBytesTest - SimpleCmpTest - SimpleDictionaryTest - SimpleHashTest - SimpleTest - SimpleThreadedTest - SingleByteInputTest - SingleMemcmpTest - SingleStrcmpTest - SingleStrncmpTest - SpamyTest - ShrinkControlFlowTest - ShrinkControlFlowSimpleTest - ShrinkValueProfileTest - StrcmpTest - StrncmpOOBTest - StrncmpTest - StrstrTest - SwapCmpTest - SwitchTest - Switch2Test - TableLookupTest - ThreadedLeakTest - ThreadedTest - TimeoutTest - TimeoutEmptyTest - TraceMallocTest - TwoDifferentBugsTest - ) - if(APPLE OR MSVC) # LeakSanitizer is not supported on OSX and Windows right now set(HAS_LSAN 0) @@ -148,35 +45,14 @@ set(HAS_LSAN 1) endif() -foreach(Test ${Tests}) - add_libfuzzer_test(${Test} SOURCES ${Test}.cpp) -endforeach() - -function(test_export_symbol target symbol) - if(MSVC) - set_target_properties(LLVMFuzzer-${target} PROPERTIES LINK_FLAGS - "-export:${symbol}") - endif() -endfunction() - -test_export_symbol(FlagsTest "LLVMFuzzerInitialize") -test_export_symbol(InitializeTest "LLVMFuzzerInitialize") -test_export_symbol(BogusInitializeTest "LLVMFuzzerInitialize") -test_export_symbol(CustomCrossOverTest "LLVMFuzzerCustomCrossOver") -test_export_symbol(CustomMutatorTest "LLVMFuzzerCustomMutator") - ############################################################################### # Unit tests ############################################################################### -add_executable(LLVMFuzzer-Unittest - FuzzerUnittest.cpp - ) +add_custom_target(FuzzerUnitTests) +set_target_properties(FuzzerUnitTests PROPERTIES FOLDER "libFuzzer tests") -add_executable(LLVMFuzzer-StandaloneInitializeTest - InitializeTest.cpp - ../standalone/StandaloneFuzzTargetMain.c - ) +add_executable(LLVMFuzzer-Unittest FuzzerUnittest.cpp) target_link_libraries(LLVMFuzzer-Unittest gtest @@ -188,64 +64,13 @@ "${LLVM_MAIN_SRC_DIR}/utils/unittest/googletest/include" ) -add_dependencies(TestBinaries LLVMFuzzer-Unittest) set_target_properties(LLVMFuzzer-Unittest PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}" ) -add_dependencies(TestBinaries LLVMFuzzer-StandaloneInitializeTest) -set_target_properties(LLVMFuzzer-StandaloneInitializeTest - PROPERTIES RUNTIME_OUTPUT_DIRECTORY - "${CMAKE_CURRENT_BINARY_DIR}" -) - -############################################################################### -# Additional tests -############################################################################### - include_directories(..) -# add_subdirectory(uninstrumented) -add_subdirectory(no-coverage) -add_subdirectory(trace-pc) -add_subdirectory(ubsan) -if (NOT MSVC) - add_subdirectory(inline-8bit-counters) -endif() - -add_library(LLVMFuzzer-DSO1 SHARED DSO1.cpp) -add_library(LLVMFuzzer-DSO2 SHARED DSO2.cpp) - -add_executable(LLVMFuzzer-DSOTest - DSOTestMain.cpp - DSOTestExtra.cpp) - -target_link_libraries(LLVMFuzzer-DSOTest - LLVMFuzzer-DSO1 - LLVMFuzzer-DSO2 - LLVMFuzzer - ) - -set_target_properties(LLVMFuzzer-DSOTest PROPERTIES RUNTIME_OUTPUT_DIRECTORY - "${CMAKE_BINARY_DIR}/lib/Fuzzer/test") - -if(MSVC) - set_output_directory(LLVMFuzzer-DSO1 - BINARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test" - LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test") - set_output_directory(LLVMFuzzer-DSO2 - BINARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test" - LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test") -else(MSVC) - set_output_directory(LLVMFuzzer-DSO1 - LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/lib") - set_output_directory(LLVMFuzzer-DSO2 - LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/lib") -endif() - -add_dependencies(TestBinaries LLVMFuzzer-DSOTest) - ############################################################################### # Configure lit to run the tests # @@ -257,11 +82,23 @@ set(LIBFUZZER_POSIX 0) endif() +# Use just-built Clang to compile/link tests on all platforms, except for +# Windows where we need to use clang-cl instead. +if(NOT MSVC) + set(LIBFUZZER_TEST_COMPILER ${LLVM_RUNTIME_OUTPUT_INTDIR}/clang) + set(LIBFUZZER_TEST_CXX_COMPILER ${LLVM_RUNTIME_OUTPUT_INTDIR}/clang++) +else() + set(LIBFUZZER_TEST_COMPILER ${LLVM_RUNTIME_OUTPUT_INTDIR}/clang.exe) + set(LIBFUZZER_TEST_CXX_COMPILER ${LLVM_RUNTIME_OUTPUT_INTDIR}/clang++.exe) +endif() + +# LIT-based libFuzzer tests. configure_lit_site_cfg( ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/lit.site.cfg ) +# libFuzzer unit tests. configure_lit_site_cfg( ${CMAKE_CURRENT_SOURCE_DIR}/unit/lit.site.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/unit/lit.site.cfg @@ -269,11 +106,12 @@ add_lit_testsuite(check-fuzzer "Running Fuzzer tests" ${CMAKE_CURRENT_BINARY_DIR} - DEPENDS TestBinaries + DEPENDS LLVMFuzzer-Unittest ) + # Don't add dependencies on Windows. The linker step would fail on Windows, # since cmake will use link.exe for linking and won't include compiler-rt libs. if(NOT MSVC) - add_dependencies(check-fuzzer FileCheck sancov not llvm-symbolizer) + add_dependencies(check-fuzzer clang llvm-symbolizer FileCheck sancov not) endif() Index: lib/Fuzzer/test/afl-driver-extra-stats.test =================================================================== --- lib/Fuzzer/test/afl-driver-extra-stats.test +++ lib/Fuzzer/test/afl-driver-extra-stats.test @@ -1,24 +1,26 @@ REQUIRES: posix +RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %S/../afl/afl_driver.cpp -o %t-AFLDriverTest + ; Test that not specifying an extra stats file isn't broken. RUN: unset AFL_DRIVER_EXTRA_STATS_FILENAME -RUN: AFLDriverTest +RUN: %t-AFLDriverTest ; Test that specifying an invalid extra stats file causes a crash. -RUN: ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%T not --crash AFLDriverTest +RUN: ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%T not --crash %t-AFLDriverTest ; Test that specifying a corrupted stats file causes a crash. echo "peak_rss_mb :0" > %t -ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%t not --crash AFLDriverTest +ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%t not --crash %t-AFLDriverTest ; Test that specifying a valid nonexistent stats file works. RUN: rm -f %t -RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t AFLDriverTest +RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest RUN: [[ $(grep "peak_rss_mb\|slowest_unit_time_sec" %t | wc -l) -eq 2 ]] ; Test that specifying a valid preexisting stats file works. RUN: printf "peak_rss_mb : 0\nslowest_unit_time_sec: 0\n" > %t -RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t AFLDriverTest +RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest ; Check that both lines were printed. RUN: [[ $(grep "peak_rss_mb\|slowest_unit_time_sec" %t | wc -l) -eq 2 ]] @@ -26,5 +28,5 @@ ; Check that both lines have 9999 since there's no way we have exceeded that ; amount of time or virtual memory. RUN: printf "peak_rss_mb : 9999\nslowest_unit_time_sec: 9999\n" > %t -RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t AFLDriverTest +RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest RUN: [[ $(grep "9999" %t | wc -l) -eq 2 ]] Index: lib/Fuzzer/test/afl-driver-stderr.test =================================================================== --- lib/Fuzzer/test/afl-driver-stderr.test +++ lib/Fuzzer/test/afl-driver-stderr.test @@ -1,12 +1,14 @@ REQUIRES: posix +RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %S/../afl/afl_driver.cpp -o %t-AFLDriverTest + ; Test that not specifying a stderr file isn't broken. RUN: unset AFL_DRIVER_STDERR_DUPLICATE_FILENAME -RUN: AFLDriverTest +RUN: %t-AFLDriverTest ; Test that specifying an invalid file causes a crash. -RUN: ASAN_OPTIONS= AFL_DRIVER_STDERR_DUPLICATE_FILENAME="%T" not --crash AFLDriverTest +RUN: ASAN_OPTIONS= AFL_DRIVER_STDERR_DUPLICATE_FILENAME="%T" not --crash %t-AFLDriverTest ; Test that a file is created when specified as the duplicate stderr. -RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=%t AFLDriverTest +RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=%t %t-AFLDriverTest RUN: stat %t Index: lib/Fuzzer/test/afl-driver.test =================================================================== --- lib/Fuzzer/test/afl-driver.test +++ lib/Fuzzer/test/afl-driver.test @@ -1,26 +1,29 @@ REQUIRES: linux + +RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %S/../afl/afl_driver.cpp -o %t-AFLDriverTest + RUN: echo -n "abc" > %t.file3 RUN: echo -n "abcd" > %t.file4 -RUN: AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK1 +RUN: %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK1 CHECK1: __afl_persistent_loop calle, Count = 1000 CHECK1: LLVMFuzzerTestOneInput called; Size = 3 -RUN: AFLDriverTest < %t.file3 -42 2>&1 | FileCheck %s --check-prefix=CHECK2 +RUN: %t-AFLDriverTest < %t.file3 -42 2>&1 | FileCheck %s --check-prefix=CHECK2 CHECK2: __afl_persistent_loop calle, Count = 42 CHECK2: LLVMFuzzerTestOneInput called; Size = 3 -RUN: AFLDriverTest < %t.file3 666 2>&1 | FileCheck %s --check-prefix=CHECK3 +RUN: %t-AFLDriverTest < %t.file3 666 2>&1 | FileCheck %s --check-prefix=CHECK3 CHECK3: WARNING: using the deprecated call style CHECK3: __afl_persistent_loop calle, Count = 666 CHECK3: LLVMFuzzerTestOneInput called; Size = 3 -RUN: AFLDriverTest %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK4 +RUN: %t-AFLDriverTest %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK4 CHECK4: LLVMFuzzerTestOneInput called; Size = 3 -RUN: AFLDriverTest %t.file3 %t.file4 2>&1 | FileCheck %s --check-prefix=CHECK5 +RUN: %t-AFLDriverTest %t.file3 %t.file4 2>&1 | FileCheck %s --check-prefix=CHECK5 CHECK5: LLVMFuzzerTestOneInput called; Size = 3 CHECK5: LLVMFuzzerTestOneInput called; Size = 4 Index: lib/Fuzzer/test/bad-strcmp.test =================================================================== --- lib/Fuzzer/test/bad-strcmp.test +++ lib/Fuzzer/test/bad-strcmp.test @@ -1 +1,2 @@ -RUN: LLVMFuzzer-BadStrcmpTest -runs=100000 +RUN: %cpp_compiler %S/BadStrcmpTest.cpp -o %t-LLVMFuzzer-BadStrcmpTest +RUN: %t-LLVMFuzzer-BadStrcmpTest -runs=100000 Index: lib/Fuzzer/test/caller-callee.test =================================================================== --- lib/Fuzzer/test/caller-callee.test +++ lib/Fuzzer/test/caller-callee.test @@ -1,2 +1,3 @@ +RUN: %cpp_compiler %S/CallerCalleeTest.cpp -o %t-LLVMFuzzer-CallerCalleeTest CHECK: BINGO -RUN: not LLVMFuzzer-CallerCalleeTest -use_value_profile=1 -cross_over=0 -seed=1 -runs=10000000 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-CallerCalleeTest -use_value_profile=1 -cross_over=0 -seed=1 -runs=10000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/cleanse.test =================================================================== --- lib/Fuzzer/test/cleanse.test +++ lib/Fuzzer/test/cleanse.test @@ -1,3 +1,4 @@ +RUN: %cpp_compiler %S/CleanseTest.cpp -o %t-LLVMFuzzer-CleanseTest RUN: echo -n 0123456789ABCDEFGHIZ > %t-in -RUN: LLVMFuzzer-CleanseTest -cleanse_crash=1 %t-in -exact_artifact_path=%t-out +RUN: %t-LLVMFuzzer-CleanseTest -cleanse_crash=1 %t-in -exact_artifact_path=%t-out RUN: echo -n ' 1 5 A Z' | diff - %t-out Index: lib/Fuzzer/test/coverage.test =================================================================== --- lib/Fuzzer/test/coverage.test +++ lib/Fuzzer/test/coverage.test @@ -1,14 +1,19 @@ XFAIL: darwin +RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest +RUN: %cpp_compiler %S/DSO1.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO1.so +RUN: %cpp_compiler %S/DSO2.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO2.so +RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-LLVMFuzzer-DSO1.so %t-LLVMFuzzer-DSO2.so -o %t-LLVMFuzzer-DSOTest + CHECK: COVERAGE: CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:13 CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:14 CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:16 CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:19 CHECK: COVERED_DIRS: {{.*}}lib{{[/\\]}}Fuzzer{{[/\\]}}test -RUN: not LLVMFuzzer-NullDerefTest -print_coverage=1 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-NullDerefTest -print_coverage=1 2>&1 | FileCheck %s -RUN: LLVMFuzzer-DSOTest -print_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO +RUN: %t-LLVMFuzzer-DSOTest -print_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO DSO: COVERAGE: DSO-DAG: COVERED:{{.*}}DSO1{{.*}}DSO1.cpp DSO-DAG: COVERED:{{.*}}DSO2{{.*}}DSO2.cpp Index: lib/Fuzzer/test/cxxstring.test =================================================================== --- lib/Fuzzer/test/cxxstring.test +++ lib/Fuzzer/test/cxxstring.test @@ -1,4 +1,6 @@ UNSUPPORTED: windows -RUN: not LLVMFuzzer-CxxStringEqTest -seed=1 -runs=1000000 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/CxxStringEqTest.cpp -o %t-LLVMFuzzer-CxxStringEqTest + +RUN: not %t-LLVMFuzzer-CxxStringEqTest -seed=1 -runs=1000000 2>&1 | FileCheck %s CHECK: BINGO Index: lib/Fuzzer/test/disable-leaks.test =================================================================== --- lib/Fuzzer/test/disable-leaks.test +++ lib/Fuzzer/test/disable-leaks.test @@ -1,4 +1,5 @@ REQUIRES: lsan -RUN: LLVMFuzzer-AccumulateAllocationsTest -detect_leaks=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=ACCUMULATE_ALLOCS +RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-LLVMFuzzer-AccumulateAllocationsTest +RUN: %t-LLVMFuzzer-AccumulateAllocationsTest -detect_leaks=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=ACCUMULATE_ALLOCS ACCUMULATE_ALLOCS: INFO: libFuzzer disabled leak detection after every mutation Index: lib/Fuzzer/test/dump_coverage.test =================================================================== --- lib/Fuzzer/test/dump_coverage.test +++ lib/Fuzzer/test/dump_coverage.test @@ -1,8 +1,14 @@ +RUN: %cpp_compiler %S/DSO1.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO1.so +RUN: %cpp_compiler %S/DSO2.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO2.so +RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-LLVMFuzzer-DSO1.so %t-LLVMFuzzer-DSO2.so -o %t-LLVMFuzzer-DSOTest + +RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest + RUN: rm -rf %t_workdir && mkdir -p %t_workdir -RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not LLVMFuzzer-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s -RUN: sancov -covered-functions LLVMFuzzer-NullDerefTest* %t_workdir/*.sancov | FileCheck %s --check-prefix=SANCOV -RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' LLVMFuzzer-DSOTest -dump_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO -RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not LLVMFuzzer-NullDerefTest -dump_coverage=0 2>&1 | FileCheck %s --check-prefix=NOCOV +RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %t-LLVMFuzzer-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s +RUN: sancov -covered-functions %t-LLVMFuzzer-NullDerefTest* %t_workdir/*.sancov | FileCheck %s --check-prefix=SANCOV +RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' %t-LLVMFuzzer-DSOTest -dump_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO +RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %t-LLVMFuzzer-NullDerefTest -dump_coverage=0 2>&1 | FileCheck %s --check-prefix=NOCOV CHECK: SanitizerCoverage: {{.*}}LLVMFuzzer-NullDerefTest.{{.*}}.sancov: {{.*}} PCs written SANCOV: LLVMFuzzerTestOneInput Index: lib/Fuzzer/test/equivalence-signals.test =================================================================== --- lib/Fuzzer/test/equivalence-signals.test +++ lib/Fuzzer/test/equivalence-signals.test @@ -3,7 +3,8 @@ # to stress the signal handling and ensure that shmem doesn't mind # the signals. -RUN: LLVMFuzzer-EquivalenceATest -timeout=1 -run_equivalence_server=EQUIV_SIG_TEST & export APID=$! +RUN: %cpp_compiler %S/EquivalenceATest.cpp -o %t-LLVMFuzzer-EquivalenceATest +RUN: %t-LLVMFuzzer-EquivalenceATest -timeout=1 -run_equivalence_server=EQUIV_SIG_TEST & export APID=$! RUN: sleep 3 -RUN: LLVMFuzzer-EquivalenceATest -timeout=1 -use_equivalence_server=EQUIV_SIG_TEST -runs=500000 2>&1 +RUN: %t-LLVMFuzzer-EquivalenceATest -timeout=1 -use_equivalence_server=EQUIV_SIG_TEST -runs=500000 2>&1 RUN: kill -9 $APID Index: lib/Fuzzer/test/equivalence.test =================================================================== --- lib/Fuzzer/test/equivalence.test +++ lib/Fuzzer/test/equivalence.test @@ -1,8 +1,10 @@ REQUIRES: posix +RUN: %cpp_compiler %S/EquivalenceATest.cpp -o %t-LLVMFuzzer-EquivalenceATest +RUN: %cpp_compiler %S/EquivalenceBTest.cpp -o %t-LLVMFuzzer-EquivalenceBTest -RUN: LLVMFuzzer-EquivalenceATest -run_equivalence_server=EQUIV_TEST & export APID=$! +RUN: %t-LLVMFuzzer-EquivalenceATest -run_equivalence_server=EQUIV_TEST & export APID=$! RUN: sleep 3 -RUN: not LLVMFuzzer-EquivalenceBTest -use_equivalence_server=EQUIV_TEST -max_len=4096 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-EquivalenceBTest -use_equivalence_server=EQUIV_TEST -max_len=4096 2>&1 | FileCheck %s CHECK: ERROR: libFuzzer: equivalence-mismatch. Sizes: {{.*}}; offset 2 CHECK: SUMMARY: libFuzzer: equivalence-mismatch RUN: kill -9 $APID Index: lib/Fuzzer/test/exit-report.test =================================================================== --- lib/Fuzzer/test/exit-report.test +++ lib/Fuzzer/test/exit-report.test @@ -1,4 +1,5 @@ -RUN: not LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest +RUN: not %t-LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s CHECK: ERROR: libFuzzer: fuzz target exited CHECK: SUMMARY: libFuzzer: fuzz target exited Index: lib/Fuzzer/test/extra-counters.test =================================================================== --- lib/Fuzzer/test/extra-counters.test +++ lib/Fuzzer/test/extra-counters.test @@ -1,6 +1,7 @@ REQUIRES: linux -RUN: not LLVMFuzzer-TableLookupTest -print_final_stats=1 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/TableLookupTest.cpp -o %t-LLVMFuzzer-TableLookupTest +RUN: not %t-LLVMFuzzer-TableLookupTest -print_final_stats=1 2>&1 | FileCheck %s CHECK: BINGO // Expecting >= 4096 new_units_added CHECK: stat::new_units_added:{{.*[4][0-9][0-9][0-9]}} Index: lib/Fuzzer/test/fuzzer-customcrossover.test =================================================================== --- lib/Fuzzer/test/fuzzer-customcrossover.test +++ lib/Fuzzer/test/fuzzer-customcrossover.test @@ -1,8 +1,10 @@ +RUN: %cpp_compiler %S/CustomCrossOverTest.cpp -o %t-LLVMFuzzer-CustomCrossOverTest + RUN: rm -rf %t/CustomCrossover RUN: mkdir -p %t/CustomCrossover RUN: echo "0123456789" > %t/CustomCrossover/digits RUN: echo "abcdefghij" > %t/CustomCrossover/chars -RUN: not LLVMFuzzer-CustomCrossOverTest -seed=1 -runs=100000 %t/CustomCrossover 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomCrossover +RUN: not %t-LLVMFuzzer-CustomCrossOverTest -seed=1 -runs=100000 %t/CustomCrossover 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomCrossover RUN: rm -rf %t/CustomCrossover LLVMFuzzerCustomCrossover: In LLVMFuzzerCustomCrossover Index: lib/Fuzzer/test/fuzzer-customcrossoverandmutate.test =================================================================== --- lib/Fuzzer/test/fuzzer-customcrossoverandmutate.test +++ lib/Fuzzer/test/fuzzer-customcrossoverandmutate.test @@ -1 +1,2 @@ -RUN: LLVMFuzzer-CustomCrossOverAndMutateTest -seed=1 -runs=100000 +RUN: %cpp_compiler %S/CustomCrossOverAndMutateTest.cpp -o %t-LLVMFuzzer-CustomCrossOverAndMutateTest +RUN: %t-LLVMFuzzer-CustomCrossOverAndMutateTest -seed=1 -runs=100000 Index: lib/Fuzzer/test/fuzzer-custommutator.test =================================================================== --- lib/Fuzzer/test/fuzzer-custommutator.test +++ lib/Fuzzer/test/fuzzer-custommutator.test @@ -1,4 +1,5 @@ -RUN: not LLVMFuzzer-CustomMutatorTest 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomMutator +RUN: %cpp_compiler %S/CustomMutatorTest.cpp -o %t-LLVMFuzzer-CustomMutatorTest +RUN: not %t-LLVMFuzzer-CustomMutatorTest 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomMutator LLVMFuzzerCustomMutator: In LLVMFuzzerCustomMutator LLVMFuzzerCustomMutator: BINGO Index: lib/Fuzzer/test/fuzzer-dict.test =================================================================== --- lib/Fuzzer/test/fuzzer-dict.test +++ lib/Fuzzer/test/fuzzer-dict.test @@ -1,6 +1,8 @@ +RUN: %cpp_compiler %S/SimpleDictionaryTest.cpp -o %t-LLVMFuzzer-SimpleDictionaryTest + CHECK: BINGO Done1000000: Done 1000000 runs in -RUN: not LLVMFuzzer-SimpleDictionaryTest -dict=%S/dict1.txt -seed=1 -runs=1000003 2>&1 | FileCheck %s -RUN: LLVMFuzzer-SimpleDictionaryTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000 +RUN: not %t-LLVMFuzzer-SimpleDictionaryTest -dict=%S/dict1.txt -seed=1 -runs=1000003 2>&1 | FileCheck %s +RUN: %t-LLVMFuzzer-SimpleDictionaryTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000 Index: lib/Fuzzer/test/fuzzer-dirs.test =================================================================== --- lib/Fuzzer/test/fuzzer-dirs.test +++ lib/Fuzzer/test/fuzzer-dirs.test @@ -1,19 +1,21 @@ +RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest + RUN: rm -rf %t/SUB1 RUN: mkdir -p %t/SUB1/SUB2/SUB3 RUN: echo a > %t/SUB1/a RUN: echo b > %t/SUB1/SUB2/b RUN: echo c > %t/SUB1/SUB2/SUB3/c -RUN: LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=SUBDIRS +RUN: %t-LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=SUBDIRS SUBDIRS: READ units: 3 RUN: echo -n zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz > %t/SUB1/f64 RUN: cat %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 > %t/SUB1/f256 RUN: cat %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 > %t/SUB1/f1024 RUN: cat %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 > %t/SUB1/f4096 RUN: cat %t/SUB1/f4096 %t/SUB1/f4096 > %t/SUB1/f8192 -RUN: LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=LONG +RUN: %t-LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=LONG LONG: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 8192 bytes RUN: rm -rf %t/SUB1 -RUN: not LLVMFuzzer-SimpleTest NONEXISTENT_DIR 2>&1 | FileCheck %s --check-prefix=NONEXISTENT_DIR +RUN: not %t-LLVMFuzzer-SimpleTest NONEXISTENT_DIR 2>&1 | FileCheck %s --check-prefix=NONEXISTENT_DIR NONEXISTENT_DIR: No such directory: NONEXISTENT_DIR; exiting Index: lib/Fuzzer/test/fuzzer-fdmask.test =================================================================== --- lib/Fuzzer/test/fuzzer-fdmask.test +++ lib/Fuzzer/test/fuzzer-fdmask.test @@ -1,8 +1,10 @@ -RUN: LLVMFuzzer-SpamyTest -runs=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_0 -RUN: LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=0 2>&1 | FileCheck %s --check-prefix=FD_MASK_0 -RUN: LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_1 -RUN: LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=2 2>&1 | FileCheck %s --check-prefix=FD_MASK_2 -RUN: LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=FD_MASK_3 +RUN: %cpp_compiler %S/SpamyTest.cpp -o %t-LLVMFuzzer-SpamyTest + +RUN: %t-LLVMFuzzer-SpamyTest -runs=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_0 +RUN: %t-LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=0 2>&1 | FileCheck %s --check-prefix=FD_MASK_0 +RUN: %t-LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_1 +RUN: %t-LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=2 2>&1 | FileCheck %s --check-prefix=FD_MASK_2 +RUN: %t-LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=FD_MASK_3 FD_MASK_0: PRINTF_STDOUT FD_MASK_0: PRINTF_STDERR Index: lib/Fuzzer/test/fuzzer-finalstats.test =================================================================== --- lib/Fuzzer/test/fuzzer-finalstats.test +++ lib/Fuzzer/test/fuzzer-finalstats.test @@ -1,11 +1,12 @@ -RUN: LLVMFuzzer-SimpleTest -seed=1 -runs=77 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS +RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest +RUN: %t-LLVMFuzzer-SimpleTest -seed=1 -runs=77 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS FINAL_STATS: stat::number_of_executed_units: 77 FINAL_STATS: stat::average_exec_per_sec: 0 FINAL_STATS: stat::new_units_added: FINAL_STATS: stat::slowest_unit_time_sec: 0 FINAL_STATS: stat::peak_rss_mb: -RUN: LLVMFuzzer-SimpleTest %S/dict1.txt -runs=33 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS1 +RUN: %t-LLVMFuzzer-SimpleTest %S/dict1.txt -runs=33 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS1 FINAL_STATS1: stat::number_of_executed_units: 33 FINAL_STATS1: stat::peak_rss_mb: Index: lib/Fuzzer/test/fuzzer-flags.test =================================================================== --- lib/Fuzzer/test/fuzzer-flags.test +++ lib/Fuzzer/test/fuzzer-flags.test @@ -1,18 +1,19 @@ -RUN: not LLVMFuzzer-FlagsTest -foo_bar=1 2>&1 | FileCheck %s --check-prefix=FOO_BAR +RUN: %cpp_compiler %S/FlagsTest.cpp -o %t-LLVMFuzzer-FlagsTest +RUN: not %t-LLVMFuzzer-FlagsTest -foo_bar=1 2>&1 | FileCheck %s --check-prefix=FOO_BAR FOO_BAR: WARNING: unrecognized flag '-foo_bar=1'; use -help=1 to list all flags FOO_BAR: BINGO -RUN: not LLVMFuzzer-FlagsTest -runs=10 --max_len=100 2>&1 | FileCheck %s --check-prefix=DASH_DASH +RUN: not %t-LLVMFuzzer-FlagsTest -runs=10 --max_len=100 2>&1 | FileCheck %s --check-prefix=DASH_DASH DASH_DASH: WARNING: did you mean '-max_len=100' (single dash)? DASH_DASH: INFO: A corpus is not provided, starting from an empty corpus -RUN: LLVMFuzzer-FlagsTest -help=1 2>&1 | FileCheck %s --check-prefix=NO_INTERNAL +RUN: %t-LLVMFuzzer-FlagsTest -help=1 2>&1 | FileCheck %s --check-prefix=NO_INTERNAL NO_INTERNAL-NOT: internal flag -RUN: not LLVMFuzzer-FlagsTest --foo-bar -runs=10 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU +RUN: not %t-LLVMFuzzer-FlagsTest --foo-bar -runs=10 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU PASSTHRU: BINGO --foo-bar --baz -help=1 test RUN: mkdir -p %t/T0 %t/T1 RUN: touch %t/T1/empty -RUN: not LLVMFuzzer-FlagsTest --foo-bar -merge=1 %t/T0 %t/T1 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU-MERGE +RUN: not %t-LLVMFuzzer-FlagsTest --foo-bar -merge=1 %t/T0 %t/T1 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU-MERGE PASSTHRU-MERGE: BINGO --foo-bar --baz -help=1 test Index: lib/Fuzzer/test/fuzzer-leak.test =================================================================== --- lib/Fuzzer/test/fuzzer-leak.test +++ lib/Fuzzer/test/fuzzer-leak.test @@ -1,5 +1,9 @@ REQUIRES: lsan -RUN: not LLVMFuzzer-LeakTest -runs=100000 -detect_leaks=1 2>&1 | FileCheck %s --check-prefix=LEAK_DURING +RUN: %cpp_compiler %S/LeakTest.cpp -o %t-LLVMFuzzer-LeakTest +RUN: %cpp_compiler %S/ThreadedLeakTest.cpp -o %t-LLVMFuzzer-ThreadedLeakTest +RUN: %cpp_compiler %S/LeakTimeoutTest.cpp -o %t-LLVMFuzzer-LeakTimeoutTest + +RUN: not %t-LLVMFuzzer-LeakTest -runs=100000 -detect_leaks=1 2>&1 | FileCheck %s --check-prefix=LEAK_DURING LEAK_DURING: ERROR: LeakSanitizer: detected memory leaks LEAK_DURING: Direct leak of 4 byte(s) in 1 object(s) allocated from: LEAK_DURING: INFO: to ignore leaks on libFuzzer side use -detect_leaks=0 @@ -7,27 +11,27 @@ LEAK_DURING-NOT: DONE LEAK_DURING-NOT: Done -RUN: not LLVMFuzzer-LeakTest -runs=0 -detect_leaks=1 %S 2>&1 | FileCheck %s --check-prefix=LEAK_IN_CORPUS +RUN: not %t-LLVMFuzzer-LeakTest -runs=0 -detect_leaks=1 %S 2>&1 | FileCheck %s --check-prefix=LEAK_IN_CORPUS LEAK_IN_CORPUS: ERROR: LeakSanitizer: detected memory leaks LEAK_IN_CORPUS: INFO: a leak has been found in the initial corpus. -RUN: not LLVMFuzzer-LeakTest -runs=100000000 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=MULTI_RUN_LEAK +RUN: not %t-LLVMFuzzer-LeakTest -runs=100000000 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=MULTI_RUN_LEAK MULTI_RUN_LEAK-NOT: pulse MULTI_RUN_LEAK: LeakSanitizer: detected memory leaks -RUN: not LLVMFuzzer-LeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER -RUN: not LLVMFuzzer-LeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING -RUN: not LLVMFuzzer-ThreadedLeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER -RUN: not LLVMFuzzer-ThreadedLeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING +RUN: not %t-LLVMFuzzer-LeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER +RUN: not %t-LLVMFuzzer-LeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING +RUN: not %t-LLVMFuzzer-ThreadedLeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER +RUN: not %t-LLVMFuzzer-ThreadedLeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING LEAK_AFTER: Done 100000 runs in LEAK_AFTER: ERROR: LeakSanitizer: detected memory leaks -RUN: not LLVMFuzzer-LeakTest -runs=100000 -max_len=1 2>&1 | FileCheck %s --check-prefix=MAX_LEN_1 +RUN: not %t-LLVMFuzzer-LeakTest -runs=100000 -max_len=1 2>&1 | FileCheck %s --check-prefix=MAX_LEN_1 MAX_LEN_1: Test unit written to ./leak-7cf184f4c67ad58283ecb19349720b0cae756829 -RUN: not LLVMFuzzer-LeakTimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=LEAK_TIMEOUT +RUN: not %t-LLVMFuzzer-LeakTimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=LEAK_TIMEOUT LEAK_TIMEOUT: ERROR: libFuzzer: timeout after LEAK_TIMEOUT-NOT: LeakSanitizer -RUN: LLVMFuzzer-LeakTest -error_exitcode=0 +RUN: %t-LLVMFuzzer-LeakTest -error_exitcode=0 Index: lib/Fuzzer/test/fuzzer-oom-with-profile.test =================================================================== --- lib/Fuzzer/test/fuzzer-oom-with-profile.test +++ lib/Fuzzer/test/fuzzer-oom-with-profile.test @@ -1,5 +1,6 @@ REQUIRES: linux -RUN: not LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-LLVMFuzzer-OutOfMemoryTest +RUN: not %t-LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 300Mb) CHECK: Live Heap Allocations CHECK: Test unit written to ./oom- Index: lib/Fuzzer/test/fuzzer-oom.test =================================================================== --- lib/Fuzzer/test/fuzzer-oom.test +++ lib/Fuzzer/test/fuzzer-oom.test @@ -1,10 +1,14 @@ -RUN: not LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-LLVMFuzzer-OutOfMemoryTest +RUN: %cpp_compiler %S/OutOfMemorySingleLargeMallocTest.cpp -o %t-LLVMFuzzer-OutOfMemorySingleLargeMallocTest +RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-LLVMFuzzer-AccumulateAllocationsTest + +RUN: not %t-LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 300Mb) CHECK: Test unit written to ./oom- SUMMARY: libFuzzer: out-of-memory -RUN: not LLVMFuzzer-OutOfMemorySingleLargeMallocTest -rss_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC +RUN: not %t-LLVMFuzzer-OutOfMemorySingleLargeMallocTest -rss_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC We used to check for "out-of-memory (malloc(53{{.*}}))", but that would fail sometimes, so now we accept any OOM message. @@ -13,4 +17,4 @@ SINGLE_LARGE_MALLOC: in LLVMFuzzerTestOneInput # Check that -rss_limit_mb=0 means no limit. -RUN: LLVMFuzzer-AccumulateAllocationsTest -runs=1000 -rss_limit_mb=0 +RUN: %t-LLVMFuzzer-AccumulateAllocationsTest -runs=1000 -rss_limit_mb=0 Index: lib/Fuzzer/test/fuzzer-printcovpcs.test =================================================================== --- lib/Fuzzer/test/fuzzer-printcovpcs.test +++ lib/Fuzzer/test/fuzzer-printcovpcs.test @@ -1,5 +1,5 @@ -RUN: echo -DISABLED: not LLVMFuzzer-SimpleTest -print_pcs=1 -seed=1 2>&1 | FileCheck %s --check-prefix=PCS +RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest +DISABLED: not %t-LLVMFuzzer-SimpleTest -print_pcs=1 -seed=1 2>&1 | FileCheck %s --check-prefix=PCS PCS-NOT: NEW_PC PCS:INITED PCS:NEW_PC: {{0x[a-f0-9]+}} Index: lib/Fuzzer/test/fuzzer-runs.test =================================================================== --- lib/Fuzzer/test/fuzzer-runs.test +++ lib/Fuzzer/test/fuzzer-runs.test @@ -1,8 +1,9 @@ RUN: mkdir -p %t +RUN: %cpp_compiler %S/NthRunCrashTest.cpp -o %t-LLVMFuzzer-NthRunCrashTest RUN: echo abcd > %t/NthRunCrashTest.in -RUN: LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in -RUN: LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in -runs=10 -RUN: not LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in -runs=10000 2>&1 | FileCheck %s +RUN: %t-LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in +RUN: %t-LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in -runs=10 +RUN: not %t-LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in -runs=10000 2>&1 | FileCheck %s RUN: rm %t/NthRunCrashTest.in CHECK: BINGO Index: lib/Fuzzer/test/fuzzer-seed.test =================================================================== --- lib/Fuzzer/test/fuzzer-seed.test +++ lib/Fuzzer/test/fuzzer-seed.test @@ -1,3 +1,4 @@ -RUN: LLVMFuzzer-SimpleCmpTest -seed=-1 -runs=0 2>&1 | FileCheck %s --check-prefix=CHECK_SEED_MINUS_ONE +RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-SimpleCmpTest +RUN: %t-LLVMFuzzer-SimpleCmpTest -seed=-1 -runs=0 2>&1 | FileCheck %s --check-prefix=CHECK_SEED_MINUS_ONE CHECK_SEED_MINUS_ONE: Seed: 4294967295 Index: lib/Fuzzer/test/fuzzer-segv.test =================================================================== --- lib/Fuzzer/test/fuzzer-segv.test +++ lib/Fuzzer/test/fuzzer-segv.test @@ -1,7 +1,8 @@ -RUN: env ASAN_OPTIONS=handle_segv=0 not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_OWN_SEGV_HANDLER +RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest +RUN: env ASAN_OPTIONS=handle_segv=0 not %t-LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_OWN_SEGV_HANDLER LIBFUZZER_OWN_SEGV_HANDLER: == ERROR: libFuzzer: deadly signal LIBFUZZER_OWN_SEGV_HANDLER: SUMMARY: libFuzzer: deadly signal LIBFUZZER_OWN_SEGV_HANDLER: Test unit written to ./crash- -RUN: env ASAN_OPTIONS=handle_segv=1 not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_ASAN_SEGV_HANDLER +RUN: env ASAN_OPTIONS=handle_segv=1 not %t-LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_ASAN_SEGV_HANDLER LIBFUZZER_ASAN_SEGV_HANDLER: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address Index: lib/Fuzzer/test/fuzzer-singleinputs.test =================================================================== --- lib/Fuzzer/test/fuzzer-singleinputs.test +++ lib/Fuzzer/test/fuzzer-singleinputs.test @@ -1,12 +1,15 @@ -RUN: not LLVMFuzzer-NullDerefTest %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInput +RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest +RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest + +RUN: not %t-LLVMFuzzer-NullDerefTest %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInput SingleInput-NOT: Test unit written to ./crash- RUN: rm -rf %tmp/SINGLE_INPUTS RUN: mkdir -p %tmp/SINGLE_INPUTS RUN: echo aaa > %tmp/SINGLE_INPUTS/aaa RUN: echo bbb > %tmp/SINGLE_INPUTS/bbb -RUN: LLVMFuzzer-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS -RUN: LLVMFuzzer-SimpleTest -max_len=2 %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS +RUN: %t-LLVMFuzzer-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS +RUN: %t-LLVMFuzzer-SimpleTest -max_len=2 %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS RUN: rm -rf %tmp/SINGLE_INPUTS SINGLE_INPUTS: LLVMFuzzer-SimpleTest{{.*}}: Running 2 inputs 1 time(s) each. SINGLE_INPUTS: aaa in Index: lib/Fuzzer/test/fuzzer-threaded.test =================================================================== --- lib/Fuzzer/test/fuzzer-threaded.test +++ lib/Fuzzer/test/fuzzer-threaded.test @@ -1,7 +1,8 @@ CHECK: Done 1000 runs in +RUN: %cpp_compiler %S/ThreadedTest.cpp -o %t-LLVMFuzzer-ThreadedTest -RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s -RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s -RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s -RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s +RUN: %t-LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s +RUN: %t-LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s +RUN: %t-LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s +RUN: %t-LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/fuzzer-timeout.test =================================================================== --- lib/Fuzzer/test/fuzzer-timeout.test +++ lib/Fuzzer/test/fuzzer-timeout.test @@ -1,4 +1,6 @@ -RUN: not LLVMFuzzer-TimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutTest +RUN: %cpp_compiler %S/TimeoutTest.cpp -o %t-LLVMFuzzer-TimeoutTest +RUN: %cpp_compiler %S/TimeoutEmptyTest.cpp -o %t-LLVMFuzzer-TimeoutEmptyTest +RUN: not %t-LLVMFuzzer-TimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutTest TimeoutTest: ALARM: working on the last Unit for TimeoutTest: Test unit written to ./timeout- TimeoutTest: == ERROR: libFuzzer: timeout after @@ -7,13 +9,13 @@ TimeoutTest: #2 TimeoutTest: SUMMARY: libFuzzer: timeout -RUN: not LLVMFuzzer-TimeoutTest -timeout=1 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInputTimeoutTest +RUN: not %t-LLVMFuzzer-TimeoutTest -timeout=1 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInputTimeoutTest SingleInputTimeoutTest: ALARM: working on the last Unit for {{[1-3]}} seconds SingleInputTimeoutTest-NOT: Test unit written to ./timeout- -RUN: LLVMFuzzer-TimeoutTest -timeout=1 -timeout_exitcode=0 +RUN: %t-LLVMFuzzer-TimeoutTest -timeout=1 -timeout_exitcode=0 -RUN: not LLVMFuzzer-TimeoutEmptyTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutEmptyTest +RUN: not %t-LLVMFuzzer-TimeoutEmptyTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutEmptyTest TimeoutEmptyTest: ALARM: working on the last Unit for TimeoutEmptyTest: == ERROR: libFuzzer: timeout after TimeoutEmptyTest: SUMMARY: libFuzzer: timeout Index: lib/Fuzzer/test/fuzzer-traces-hooks.test =================================================================== --- lib/Fuzzer/test/fuzzer-traces-hooks.test +++ lib/Fuzzer/test/fuzzer-traces-hooks.test @@ -1,16 +1,23 @@ // FIXME: Support for sanitizer hooks for memcmp and strcmp needs to // be implemented in the sanitizer runtime for this test UNSUPPORTED: windows +RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-LLVMFuzzer-MemcmpTest +RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-LLVMFuzzer-StrncmpTest +RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-LLVMFuzzer-StrcmpTest +RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-LLVMFuzzer-StrstrTest +RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-LLVMFuzzer-Memcmp64BytesTest +RUN: %cpp_compiler %S/RepeatedMemcmp.cpp -o %t-LLVMFuzzer-RepeatedMemcmp + CHECK: BINGO -RUN: not LLVMFuzzer-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s -RUN: not LLVMFuzzer-StrncmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s -RUN: not LLVMFuzzer-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s -RUN: not LLVMFuzzer-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-StrncmpTest -seed=2 -runs=2000000 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s -RUN: not LLVMFuzzer-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s -RUN: LLVMFuzzer-RepeatedMemcmp -seed=11 -runs=100000 -max_len=20 2>&1 | FileCheck %s --check-prefix=RECOMMENDED_DICT +RUN: %t-LLVMFuzzer-RepeatedMemcmp -seed=11 -runs=100000 -max_len=20 2>&1 | FileCheck %s --check-prefix=RECOMMENDED_DICT RECOMMENDED_DICT:###### Recommended dictionary. ###### RECOMMENDED_DICT-DAG: "foo" RECOMMENDED_DICT-DAG: "bar" Index: lib/Fuzzer/test/fuzzer-ubsan.test =================================================================== --- lib/Fuzzer/test/fuzzer-ubsan.test +++ lib/Fuzzer/test/fuzzer-ubsan.test @@ -1,4 +1,5 @@ -RUN: not LLVMFuzzer-SignedIntOverflowTest-Ubsan 2>&1 | FileCheck %s +RUN: %cpp_compiler -fsanitize=undefined -fno-sanitize-recover=all %S/SignedIntOverflowTest.cpp -o %t-LLVMFuzzer-SignedIntOverflowTest-Ubsan +RUN: not %t-LLVMFuzzer-SignedIntOverflowTest-Ubsan 2>&1 | FileCheck %s CHECK: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' CHECK: Test unit written to ./crash- Index: lib/Fuzzer/test/fuzzer.test =================================================================== --- lib/Fuzzer/test/fuzzer.test +++ lib/Fuzzer/test/fuzzer.test @@ -1,29 +1,44 @@ CHECK: BINGO Done1000000: Done 1000000 runs in - -RUN: not LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/BogusInitializeTest.cpp -o %t-LLVMFuzzer-BogusInitializeTest +RUN: %cpp_compiler %S/BufferOverflowOnInput.cpp -o %t-LLVMFuzzer-BufferOverflowOnInput +RUN: %cpp_compiler %S/CounterTest.cpp -o %t-LLVMFuzzer-CounterTest +RUN: %cpp_compiler %S/DSO1.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO1.so +RUN: %cpp_compiler %S/DSO2.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO2.so +RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-LLVMFuzzer-DSO1.so %t-LLVMFuzzer-DSO2.so -o %t-LLVMFuzzer-DSOTest +RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-LLVMFuzzer-FullCoverageSetTest +RUN: %cpp_compiler %S/InitializeTest.cpp -o %t-LLVMFuzzer-InitializeTest +RUN: %cpp_compiler %S/NotinstrumentedTest.cpp -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -o %t-LLVMFuzzer-NotinstrumentedTest-NoCoverage +RUN: %cpp_compiler %S/NullDerefOnEmptyTest.cpp -o %t-LLVMFuzzer-NullDerefOnEmptyTest +RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest +RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-LLVMFuzzer-ShrinkControlFlowTest +RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-LLVMFuzzer-SimpleCmpTest +RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest +RUN: %cpp_compiler %S/StrncmpOOBTest.cpp -o %t-LLVMFuzzer-StrncmpOOBTest + +RUN: not %t-LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s # only_ascii mode. Will perform some minimal self-validation. -RUN: not LLVMFuzzer-SimpleTest -only_ascii=1 2>&1 +RUN: not %t-LLVMFuzzer-SimpleTest -only_ascii=1 2>&1 -RUN: LLVMFuzzer-SimpleCmpTest -max_total_time=1 -use_cmp=0 2>&1 | FileCheck %s --check-prefix=MaxTotalTime +RUN: %t-LLVMFuzzer-SimpleCmpTest -max_total_time=1 -use_cmp=0 2>&1 | FileCheck %s --check-prefix=MaxTotalTime MaxTotalTime: Done {{.*}} runs in {{.}} second(s) -RUN: not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest -RUN: not LLVMFuzzer-NullDerefTest -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=NullDerefTest +RUN: not %t-LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest +RUN: not %t-LLVMFuzzer-NullDerefTest -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=NullDerefTest NullDerefTest: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address NullDerefTest: Test unit written to ./crash- -RUN: not LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix +RUN: not %t-LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix NullDerefTestPrefix: Test unit written to ZZZcrash- -RUN: not LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=NullDerefTestExactPath +RUN: not %t-LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=NullDerefTestExactPath NullDerefTestExactPath: Test unit written to FOOBAR -RUN: not LLVMFuzzer-NullDerefOnEmptyTest -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=NULL_DEREF_ON_EMPTY +RUN: not %t-LLVMFuzzer-NullDerefOnEmptyTest -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=NULL_DEREF_ON_EMPTY NULL_DEREF_ON_EMPTY: stat::number_of_executed_units: -#not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s +#not %t-LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s -RUN: not LLVMFuzzer-CounterTest -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=COUNTERS +RUN: not %t-LLVMFuzzer-CounterTest -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=COUNTERS COUNTERS: INITED {{.*}} {{bits:|ft:}} COUNTERS: NEW {{.*}} {{bits:|ft:}} {{[1-9]*}} @@ -31,30 +46,30 @@ COUNTERS: BINGO # Don't run UninstrumentedTest for now since we build libFuzzer itself with asan. -DISABLED: not LLVMFuzzer-UninstrumentedTest-Uninstrumented 2>&1 | FileCheck %s --check-prefix=UNINSTRUMENTED +DISABLED: not %t-LLVMFuzzer-UninstrumentedTest-Uninstrumented 2>&1 | FileCheck %s --check-prefix=UNINSTRUMENTED UNINSTRUMENTED: ERROR: __sanitizer_set_death_callback is not defined. Exiting. -RUN: not LLVMFuzzer-NotinstrumentedTest-NoCoverage 2>&1 | FileCheck %s --check-prefix=NO_COVERAGE +RUN: not %t-LLVMFuzzer-NotinstrumentedTest-NoCoverage 2>&1 | FileCheck %s --check-prefix=NO_COVERAGE NO_COVERAGE: ERROR: no interesting inputs were found. Is the code instrumented for coverage? Exiting -RUN: not LLVMFuzzer-BufferOverflowOnInput 2>&1 | FileCheck %s --check-prefix=OOB +RUN: not %t-LLVMFuzzer-BufferOverflowOnInput 2>&1 | FileCheck %s --check-prefix=OOB OOB: AddressSanitizer: heap-buffer-overflow OOB: is located 0 bytes to the right of 3-byte region -RUN: not LLVMFuzzer-InitializeTest -use_value_profile=1 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-InitializeTest -use_value_profile=1 2>&1 | FileCheck %s -RUN: not LLVMFuzzer-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO +RUN: not %t-LLVMFuzzer-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO DSO: INFO: Loaded 3 modules DSO: BINGO -RUN: LLVMFuzzer-SimpleTest -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS -RUN: LLVMFuzzer-ShrinkControlFlowTest -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS +RUN: %t-LLVMFuzzer-SimpleTest -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS +RUN: %t-LLVMFuzzer-ShrinkControlFlowTest -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting. -RUN: env ASAN_OPTIONS=strict_string_checks=1 not LLVMFuzzer-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP +RUN: env ASAN_OPTIONS=strict_string_checks=1 not %t-LLVMFuzzer-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP STRNCMP: AddressSanitizer: heap-buffer-overflow STRNCMP-NOT: __sanitizer_weak_hook_strncmp STRNCMP: in LLVMFuzzerTestOneInput -RUN: not LLVMFuzzer-BogusInitializeTest 2>&1 | FileCheck %s --check-prefix=BOGUS_INITIALIZE +RUN: not %t-LLVMFuzzer-BogusInitializeTest 2>&1 | FileCheck %s --check-prefix=BOGUS_INITIALIZE BOGUS_INITIALIZE: argv[0] has been modified in LLVMFuzzerInitialize Index: lib/Fuzzer/test/inline-8bit-counters.test =================================================================== --- lib/Fuzzer/test/inline-8bit-counters.test +++ lib/Fuzzer/test/inline-8bit-counters.test @@ -1,4 +1,5 @@ REQUIRES: linux +RUN: %cpp_compiler %S/SimpleTest.cpp -fno-sanitize-coverage=trace-pc-guard -fsanitize-coverage=inline-8bit-counters -o %t-LLVMFuzzer-SimpleTest-Inline8bitCounters CHECK: INFO: Loaded 1 modules ({{.*}} inline 8-bit counters) CHECK: BINGO -RUN: not LLVMFuzzer-SimpleTest-Inline8bitCounters -runs=1000000 -seed=1 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-SimpleTest-Inline8bitCounters -runs=1000000 -seed=1 2>&1 | FileCheck %s Index: lib/Fuzzer/test/inline-8bit-counters/CMakeLists.txt =================================================================== --- lib/Fuzzer/test/inline-8bit-counters/CMakeLists.txt +++ /dev/null @@ -1,12 +0,0 @@ -# These tests are instrumented with -fsanitize-coverage=inline-8bit-counters - -set(CMAKE_CXX_FLAGS - "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=trace-pc-guard -fsanitize-coverage=inline-8bit-counters,pc-table") - -set(Inline8bitCounterTests - SimpleTest - ) - -foreach(Test ${Inline8bitCounterTests}) - add_libfuzzer_test(${Test}-Inline8bitCounters SOURCES ../${Test}.cpp) -endforeach() Index: lib/Fuzzer/test/lit.cfg =================================================================== --- lib/Fuzzer/test/lit.cfg +++ lib/Fuzzer/test/lit.cfg @@ -53,3 +53,36 @@ config.available_features.add('linux') else: lit_config.note('linux feature unavailable') + +config.substitutions.append(('%build_dir', config.cmake_binary_dir)) + +def generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True, asan_enabled=True): + compiler_cmd = config.cpp_compiler if is_cpp else config.c_compiler + std_cmd = '-std=c++11' if is_cpp else '' + sanitizers = [] + if asan_enabled: + sanitizers.append('fuzzer') + if fuzzer_enabled: + sanitizers.append('address') + isysroot_cmd = '-isysroot %s' % ( + config.osx_sysroot if 'darwin' in config.target_triple else '') + sanitizers_cmd = '-fsanitize=%s' % ','.join(sanitizers) if sanitizers else '' + include_cmd = '-I%s/../.' % config.test_source_root + return '%s %s -gline-tables-only %s %s %s' % ( + compiler_cmd, std_cmd, isysroot_cmd, sanitizers_cmd, include_cmd) + +config.substitutions.append(('%cpp_compiler', + generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True, asan_enabled=True) + )) + +config.substitutions.append(('%c_compiler', + generate_compiler_cmd(is_cpp=False, fuzzer_enabled=True, asan_enabled=True) + )) + +config.substitutions.append(('%no_fuzzer_cpp_compiler', + generate_compiler_cmd(is_cpp=True, fuzzer_enabled=False, asan_enabled=True) + )) + +config.substitutions.append(('%no_fuzzer_c_compiler', + generate_compiler_cmd(is_cpp=False, fuzzer_enabled=False, asan_enabled=True) + )) Index: lib/Fuzzer/test/lit.site.cfg.in =================================================================== --- lib/Fuzzer/test/lit.site.cfg.in +++ lib/Fuzzer/test/lit.site.cfg.in @@ -2,4 +2,9 @@ config.llvm_tools_dir = "@LLVM_TOOLS_DIR@" config.has_lsan = True if @HAS_LSAN@ == 1 else False config.is_posix = @LIBFUZZER_POSIX@ +config.cpp_compiler = "@LIBFUZZER_TEST_CXX_COMPILER@" +config.c_compiler = "@LIBFUZZER_TEST_COMPILER@" +config.osx_sysroot = "@CMAKE_OSX_SYSROOT@" +config.cmake_binary_dir = "@CMAKE_BINARY_DIR@" +config.target_triple = "@TARGET_TRIPLE@" lit_config.load_config(config, "@CMAKE_CURRENT_SOURCE_DIR@/lit.cfg") Index: lib/Fuzzer/test/merge-posix.test =================================================================== --- lib/Fuzzer/test/merge-posix.test +++ lib/Fuzzer/test/merge-posix.test @@ -1,5 +1,7 @@ REQUIRES: posix +RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-LLVMFuzzer-FullCoverageSetTest + RUN: rm -rf %tmp/T1 %tmp/T2 RUN: mkdir -p %tmp/T1 %tmp/T2 @@ -15,9 +17,9 @@ RUN: echo .....R > %tmp/T2/6 # Check that we can report an error if file size exceeded -RUN: (ulimit -f 1; not LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=SIGXFSZ) +RUN: (ulimit -f 1; not %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=SIGXFSZ) SIGXFSZ: ERROR: libFuzzer: file size exceeded # Check that we honor TMPDIR -RUN: TMPDIR=DIR_DOES_NOT_EXIST not LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=TMPDIR +RUN: TMPDIR=DIR_DOES_NOT_EXIST not %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=TMPDIR TMPDIR: MERGE-OUTER: failed to write to the control file: DIR_DOES_NOT_EXIST/libFuzzerTemp Index: lib/Fuzzer/test/merge-summary.test =================================================================== --- lib/Fuzzer/test/merge-summary.test +++ lib/Fuzzer/test/merge-summary.test @@ -1,3 +1,5 @@ +RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-LLVMFuzzer-FullCoverageSetTest + RUN: rm -rf %t/T1 %t/T2 RUN: mkdir -p %t/T0 %t/T1 %t/T2 RUN: echo ...Z.. > %t/T2/1 @@ -7,9 +9,9 @@ RUN: echo .U.... > %t/T2/b RUN: echo ..Z... > %t/T2/c -RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -save_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=SAVE_SUMMARY +RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -save_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=SAVE_SUMMARY SAVE_SUMMARY: MERGE-OUTER: writing coverage summary for 6 files to {{.*}}SUMMARY RUN: rm %t/T1/* -RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -load_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=LOAD_SUMMARY +RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -load_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=LOAD_SUMMARY LOAD_SUMMARY: MERGE-OUTER: coverage summary loaded from {{.*}}SUMMAR LOAD_SUMMARY: MERGE-OUTER: 0 new files with 0 new features added Index: lib/Fuzzer/test/merge.test =================================================================== --- lib/Fuzzer/test/merge.test +++ lib/Fuzzer/test/merge.test @@ -1,5 +1,7 @@ CHECK: BINGO +RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-LLVMFuzzer-FullCoverageSetTest + RUN: rm -rf %tmp/T0 %tmp/T1 %tmp/T2 RUN: mkdir -p %tmp/T0 %tmp/T1 %tmp/T2 RUN: echo F..... > %tmp/T0/1 @@ -8,7 +10,7 @@ # T1 has 3 elements, T2 is empty. RUN: cp %tmp/T0/* %tmp/T1/ -RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK1 +RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK1 CHECK1: MERGE-OUTER: 3 files, 3 in the initial corpus CHECK1: MERGE-OUTER: 0 new files with 0 new features added @@ -20,12 +22,12 @@ RUN: echo ..Z... > %tmp/T2/c # T1 has 3 elements, T2 has 6 elements, only 3 are new. -RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK2 +RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK2 CHECK2: MERGE-OUTER: 9 files, 3 in the initial corpus CHECK2: MERGE-OUTER: 3 new files with 3 new features added # Now, T1 has 6 units and T2 has no new interesting units. -RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK3 +RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK3 CHECK3: MERGE-OUTER: 12 files, 6 in the initial corpus CHECK3: MERGE-OUTER: 0 new files with 0 new features added @@ -33,21 +35,21 @@ RUN: rm %tmp/T1/* RUN: cp %tmp/T0/* %tmp/T1/ RUN: echo looooooooong > %tmp/T2/looooooooong -RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=6 2>&1 | FileCheck %s --check-prefix=MAX_LEN +RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=6 2>&1 | FileCheck %s --check-prefix=MAX_LEN MAX_LEN: MERGE-OUTER: 3 new files # Check that merge tolerates failures. RUN: rm %tmp/T1/* RUN: cp %tmp/T0/* %tmp/T1/ RUN: echo 'FUZZER' > %tmp/T2/FUZZER -RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=MERGE_WITH_CRASH +RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=MERGE_WITH_CRASH MERGE_WITH_CRASH: MERGE-OUTER: succesfull in 2 attempt(s) MERGE_WITH_CRASH: MERGE-OUTER: 3 new files # Check that we actually limit the size with max_len -RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=5 2>&1 | FileCheck %s --check-prefix=MERGE_LEN5 +RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=5 2>&1 | FileCheck %s --check-prefix=MERGE_LEN5 MERGE_LEN5: MERGE-OUTER: succesfull in 1 attempt(s) RUN: rm -rf %tmp/T1/* %tmp/T2/* -RUN: not LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=EMPTY +RUN: not %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=EMPTY EMPTY: MERGE-OUTER: zero succesfull attempts, exiting Index: lib/Fuzzer/test/minimize_crash.test =================================================================== --- lib/Fuzzer/test/minimize_crash.test +++ lib/Fuzzer/test/minimize_crash.test @@ -1,12 +1,15 @@ +RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest +RUN: %cpp_compiler %S/SingleByteInputTest.cpp -o %t-LLVMFuzzer-SingleByteInputTest + RUN: echo 'Hi!rv349f34t3gg' > not_minimal_crash -RUN: LLVMFuzzer-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 2>&1 | FileCheck %s +RUN: %t-LLVMFuzzer-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 2>&1 | FileCheck %s CHECK: CRASH_MIN: failed to minimize beyond ./minimized-from-{{.*}} (3 bytes), exiting -RUN: LLVMFuzzer-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=CHECK_EXACT +RUN: %t-LLVMFuzzer-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=CHECK_EXACT CHECK_EXACT: CRASH_MIN: failed to minimize beyond exact_minimized_path (3 bytes), exiting RUN: rm not_minimal_crash minimized-from-* exact_minimized_path RUN: echo -n 'abcd*xyz' > not_minimal_crash -RUN: LLVMFuzzer-SingleByteInputTest -minimize_crash=1 not_minimal_crash -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=MIN1 +RUN: %t-LLVMFuzzer-SingleByteInputTest -minimize_crash=1 not_minimal_crash -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=MIN1 MIN1: Test unit written to exact_minimized_path MIN1: Test unit written to exact_minimized_path MIN1: INFO: The input is small enough, exiting Index: lib/Fuzzer/test/minimize_two_crashes.test =================================================================== --- lib/Fuzzer/test/minimize_two_crashes.test +++ lib/Fuzzer/test/minimize_two_crashes.test @@ -1,8 +1,10 @@ # Test that the minimizer stops when it sees a differe bug. +RUN: %cpp_compiler %S/TwoDifferentBugsTest.cpp -o %t-LLVMFuzzer-TwoDifferentBugsTest + RUN: rm -rf %t && mkdir %t RUN: echo H12345678901234667888090 > %t/long_crash -RUN: env ASAN_OPTIONS=dedup_token_length=3 LLVMFuzzer-TwoDifferentBugsTest -seed=1 -minimize_crash=1 %t/long_crash -exact_artifact_path=%t/result 2>&1 | FileCheck %s +RUN: env ASAN_OPTIONS=dedup_token_length=3 %t-LLVMFuzzer-TwoDifferentBugsTest -seed=1 -minimize_crash=1 %t/long_crash -exact_artifact_path=%t/result 2>&1 | FileCheck %s CHECK: DedupToken1: DEDUP_TOKEN: Bar CHECK: DedupToken2: DEDUP_TOKEN: Bar @@ -10,7 +12,7 @@ CHECK: DedupToken2: DEDUP_TOKEN: Foo CHECK: CRASH_MIN: mismatch in dedup tokens -RUN: not LLVMFuzzer-TwoDifferentBugsTest %t/result 2>&1 | FileCheck %s --check-prefix=VERIFY +RUN: not %t-LLVMFuzzer-TwoDifferentBugsTest %t/result 2>&1 | FileCheck %s --check-prefix=VERIFY VERIFY: ERROR: AddressSanitizer: VERIFY: in Bar Index: lib/Fuzzer/test/no-coverage/CMakeLists.txt =================================================================== --- lib/Fuzzer/test/no-coverage/CMakeLists.txt +++ /dev/null @@ -1,29 +0,0 @@ -# These tests are not instrumented with coverage, -# but have coverage rt in the binary. - -set(CMAKE_CXX_FLAGS - "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard") - -set(NoCoverageTests - NotinstrumentedTest - ) - -foreach(Test ${NoCoverageTests}) - add_libfuzzer_test(${Test}-NoCoverage SOURCES ../${Test}.cpp) -endforeach() - - -############################################################################### -# AFL Driver test -############################################################################### -if(NOT MSVC) - add_executable(AFLDriverTest - ../AFLDriverTest.cpp ../../afl/afl_driver.cpp) - - set_target_properties(AFLDriverTest - PROPERTIES RUNTIME_OUTPUT_DIRECTORY - "${CMAKE_BINARY_DIR}/lib/Fuzzer/test" - ) - - add_dependencies(TestBinaries AFLDriverTest) -endif() Index: lib/Fuzzer/test/overwrite-input.test =================================================================== --- lib/Fuzzer/test/overwrite-input.test +++ lib/Fuzzer/test/overwrite-input.test @@ -1,2 +1,3 @@ -RUN: not LLVMFuzzer-OverwriteInputTest 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/OverwriteInputTest.cpp -o %t-LLVMFuzzer-OverwriteInputTest +RUN: not %t-LLVMFuzzer-OverwriteInputTest 2>&1 | FileCheck %s CHECK: ERROR: libFuzzer: fuzz target overwrites it's const input Index: lib/Fuzzer/test/reduce_inputs.test =================================================================== --- lib/Fuzzer/test/reduce_inputs.test +++ lib/Fuzzer/test/reduce_inputs.test @@ -2,13 +2,15 @@ RUN: rm -rf %t/C RUN: mkdir -p %t/C -RUN: LLVMFuzzer-ShrinkControlFlowSimpleTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 %t/C 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/ShrinkControlFlowSimpleTest.cpp -o %t-LLVMFuzzer-ShrinkControlFlowSimpleTest +RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-LLVMFuzzer-ShrinkControlFlowTest +RUN: %t-LLVMFuzzer-ShrinkControlFlowSimpleTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 %t/C 2>&1 | FileCheck %s CHECK: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60' # Test that reduce_inputs deletes redundant files in the corpus. -RUN: LLVMFuzzer-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT +RUN: %t-LLVMFuzzer-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT COUNT: READ units: 4 # a bit longer test -RUN: LLVMFuzzer-ShrinkControlFlowTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -seed=1 -runs=1000000 2>&1 | FileCheck %s +RUN: %t-LLVMFuzzer-ShrinkControlFlowTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -seed=1 -runs=1000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/repeated-bytes.test =================================================================== --- lib/Fuzzer/test/repeated-bytes.test +++ lib/Fuzzer/test/repeated-bytes.test @@ -1,2 +1,3 @@ +RUN: %cpp_compiler %S/RepeatedBytesTest.cpp -o %t-LLVMFuzzer-RepeatedBytesTest CHECK: BINGO -RUN: not LLVMFuzzer-RepeatedBytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-RepeatedBytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/shrink.test =================================================================== --- lib/Fuzzer/test/shrink.test +++ lib/Fuzzer/test/shrink.test @@ -1,7 +1,9 @@ -RUN: LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=1 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK1 +RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-LLVMFuzzer-ShrinkControlFlowTest +RUN: %cpp_compiler %S/ShrinkValueProfileTest.cpp -o %t-LLVMFuzzer-ShrinkValueProfileTest +RUN: %t-LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=1 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK1 # Limit max_len to run this negative test faster. -RUN: LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=0 -reduce_inputs=0 -max_len=64 2>&1 | FileCheck %s --check-prefix=SHRINK0 -RUN: LLVMFuzzer-ShrinkValueProfileTest -seed=1 -exit_on_item=aea2e3923af219a8956f626558ef32f30a914ebc -runs=100000 -shrink=1 -reduce_inputs=0 -use_value_profile=1 2>&1 | FileCheck %s --check-prefix=SHRINK1_VP +RUN: %t-LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=0 -reduce_inputs=0 -max_len=64 2>&1 | FileCheck %s --check-prefix=SHRINK0 +RUN: %t-LLVMFuzzer-ShrinkValueProfileTest -seed=1 -exit_on_item=aea2e3923af219a8956f626558ef32f30a914ebc -runs=100000 -shrink=1 -reduce_inputs=0 -use_value_profile=1 2>&1 | FileCheck %s --check-prefix=SHRINK1_VP SHRINK0: Done 1000000 runs in SHRINK1: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60', exiting. Index: lib/Fuzzer/test/simple-cmp.test =================================================================== --- lib/Fuzzer/test/simple-cmp.test +++ lib/Fuzzer/test/simple-cmp.test @@ -1,2 +1,3 @@ +RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-LLVMFuzzer-SimpleCmpTest CHECK: BINGO -RUN: not LLVMFuzzer-SimpleCmpTest -seed=1 -runs=100000000 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-SimpleCmpTest -seed=1 -runs=100000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/standalone.test =================================================================== --- lib/Fuzzer/test/standalone.test +++ lib/Fuzzer/test/standalone.test @@ -1,4 +1,8 @@ -RUN: LLVMFuzzer-StandaloneInitializeTest %S/hi.txt %S/dict1.txt 2>&1 | FileCheck %s +RUN: %no_fuzzer_c_compiler %S/../standalone/StandaloneFuzzTargetMain.c -c -o %t_1.o +RUN: %no_fuzzer_cpp_compiler %S/InitializeTest.cpp -c -o %t_2.o + +RUN: %no_fuzzer_cpp_compiler %t_1.o %t_2.o %build_dir/lib/libLLVMFuzzerNoMain.a -o %t-LLVMFuzzer-StandaloneInitializeTest +RUN: %t-LLVMFuzzer-StandaloneInitializeTest %S/hi.txt %S/dict1.txt 2>&1 | FileCheck %s CHECK: StandaloneFuzzTargetMain: running 2 inputs CHECK: Done: {{.*}}hi.txt: (3 bytes) CHECK: Done: {{.*}}dict1.txt: (61 bytes) Index: lib/Fuzzer/test/swap-cmp.test =================================================================== --- lib/Fuzzer/test/swap-cmp.test +++ lib/Fuzzer/test/swap-cmp.test @@ -1,2 +1,3 @@ +RUN: %cpp_compiler %S/SwapCmpTest.cpp -o %t-LLVMFuzzer-SwapCmpTest CHECK: BINGO -RUN: not LLVMFuzzer-SwapCmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-SwapCmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/trace-malloc-2.test =================================================================== --- lib/Fuzzer/test/trace-malloc-2.test +++ lib/Fuzzer/test/trace-malloc-2.test @@ -2,7 +2,9 @@ // printing a stack trace repeatedly UNSUPPORTED: darwin -RUN: LLVMFuzzer-TraceMallocTest -seed=1 -trace_malloc=2 -runs=1000 2>&1 | FileCheck %s --check-prefix=TRACE2 +RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-LLVMFuzzer-TraceMallocTest + +RUN: %t-LLVMFuzzer-TraceMallocTest -seed=1 -trace_malloc=2 -runs=1000 2>&1 | FileCheck %s --check-prefix=TRACE2 TRACE2-DAG: FREE[0] TRACE2-DAG: MALLOC[0] TRACE2-DAG: in LLVMFuzzerTestOneInput Index: lib/Fuzzer/test/trace-malloc.test =================================================================== --- lib/Fuzzer/test/trace-malloc.test +++ lib/Fuzzer/test/trace-malloc.test @@ -1,4 +1,6 @@ -RUN: LLVMFuzzer-TraceMallocTest -seed=1 -trace_malloc=1 -runs=10000 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-LLVMFuzzer-TraceMallocTest + +RUN: %t-LLVMFuzzer-TraceMallocTest -seed=1 -trace_malloc=1 -runs=10000 2>&1 | FileCheck %s CHECK-DAG: MallocFreeTracer: STOP 0 0 (same) CHECK-DAG: MallocFreeTracer: STOP 0 1 (DIFFERENT) CHECK-DAG: MallocFreeTracer: STOP 1 0 (DIFFERENT) Index: lib/Fuzzer/test/trace-pc.test =================================================================== --- lib/Fuzzer/test/trace-pc.test +++ lib/Fuzzer/test/trace-pc.test @@ -1,2 +1,3 @@ +RUN: %cpp_compiler %S/SimpleTest.cpp -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -fsanitize-coverage=trace-pc -o %t-LLVMFuzzer-SimpleTest-TracePC CHECK: BINGO -RUN: not LLVMFuzzer-SimpleTest-TracePC -runs=100000 -seed=1 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-SimpleTest-TracePC -runs=100000 -seed=1 2>&1 | FileCheck %s Index: lib/Fuzzer/test/trace-pc/CMakeLists.txt =================================================================== --- lib/Fuzzer/test/trace-pc/CMakeLists.txt +++ /dev/null @@ -1,12 +0,0 @@ -# These tests are instrumented with -fsanitize-coverage=trace-pc - -set(CMAKE_CXX_FLAGS - "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -fsanitize-coverage=trace-pc") - -set(TracePCTests - SimpleTest - ) - -foreach(Test ${TracePCTests}) - add_libfuzzer_test(${Test}-TracePC SOURCES ../${Test}.cpp) -endforeach() Index: lib/Fuzzer/test/ubsan/CMakeLists.txt =================================================================== --- lib/Fuzzer/test/ubsan/CMakeLists.txt +++ /dev/null @@ -1,12 +0,0 @@ -# These tests are instrumented with ubsan in non-recovery mode. - -set(CMAKE_CXX_FLAGS - "${LIBFUZZER_FLAGS_BASE} -fsanitize=undefined -fno-sanitize-recover=all") - -set(UbsanTests - SignedIntOverflowTest - ) - -foreach(Test ${UbsanTests}) - add_libfuzzer_test(${Test}-Ubsan SOURCES ../${Test}.cpp) -endforeach() Index: lib/Fuzzer/test/ulimit.test =================================================================== --- lib/Fuzzer/test/ulimit.test +++ lib/Fuzzer/test/ulimit.test @@ -1,4 +1,5 @@ REQUIRES: posix +RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest RUN: ulimit -s 1000 -RUN: not LLVMFuzzer-SimpleTest +RUN: not %t-LLVMFuzzer-SimpleTest Index: lib/Fuzzer/test/uninstrumented/CMakeLists.txt =================================================================== --- lib/Fuzzer/test/uninstrumented/CMakeLists.txt +++ /dev/null @@ -1,13 +0,0 @@ -# These tests are not instrumented with coverage and don't -# have coverage rt in the binary. - -set(CMAKE_CXX_FLAGS - "${LIBFUZZER_FLAGS_BASE} -fno-sanitize=all -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard") - -set(UninstrumentedTests - UninstrumentedTest - ) - -foreach(Test ${UninstrumentedTests}) - add_libfuzzer_test(${Test}-Uninstrumented SOURCES ../${Test}.cpp) -endforeach() Index: lib/Fuzzer/test/value-profile-cmp.test =================================================================== --- lib/Fuzzer/test/value-profile-cmp.test +++ lib/Fuzzer/test/value-profile-cmp.test @@ -1,2 +1,3 @@ CHECK: BINGO -RUN: not LLVMFuzzer-SimpleCmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-LLVMFuzzer-SimpleCmpTest +RUN: not %t-LLVMFuzzer-SimpleCmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/value-profile-cmp2.test =================================================================== --- lib/Fuzzer/test/value-profile-cmp2.test +++ lib/Fuzzer/test/value-profile-cmp2.test @@ -1,2 +1,3 @@ CHECK: BINGO -RUN: not LLVMFuzzer-SimpleHashTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 -max_len=64 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/SimpleHashTest.cpp -o %t-LLVMFuzzer-SimpleHashTest +RUN: not %t-LLVMFuzzer-SimpleHashTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 -max_len=64 2>&1 | FileCheck %s Index: lib/Fuzzer/test/value-profile-cmp3.test =================================================================== --- lib/Fuzzer/test/value-profile-cmp3.test +++ lib/Fuzzer/test/value-profile-cmp3.test @@ -1,2 +1,3 @@ CHECK: BINGO -RUN: not LLVMFuzzer-AbsNegAndConstantTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/AbsNegAndConstantTest.cpp -o %t-LLVMFuzzer-AbsNegAndConstantTest +RUN: not %t-LLVMFuzzer-AbsNegAndConstantTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/value-profile-cmp4.test =================================================================== --- lib/Fuzzer/test/value-profile-cmp4.test +++ lib/Fuzzer/test/value-profile-cmp4.test @@ -1,2 +1,3 @@ CHECK: BINGO -RUN: not LLVMFuzzer-AbsNegAndConstant64Test -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/AbsNegAndConstant64Test.cpp -o %t-LLVMFuzzer-AbsNegAndConstant64Test +RUN: not %t-LLVMFuzzer-AbsNegAndConstant64Test -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/value-profile-div.test =================================================================== --- lib/Fuzzer/test/value-profile-div.test +++ lib/Fuzzer/test/value-profile-div.test @@ -1,3 +1,4 @@ CHECK: AddressSanitizer: {{FPE|int-divide-by-zero}} -RUN: not LLVMFuzzer-DivTest -seed=1 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/DivTest.cpp -fsanitize-coverage=trace-div -o %t-LLVMFuzzer-DivTest +RUN: not %t-LLVMFuzzer-DivTest -seed=1 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/value-profile-load.test =================================================================== --- lib/Fuzzer/test/value-profile-load.test +++ lib/Fuzzer/test/value-profile-load.test @@ -1,3 +1,3 @@ CHECK: AddressSanitizer: global-buffer-overflow -RUN: not LLVMFuzzer-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s - +RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-gep,trace-div,trace-cmp -o %t-LLVMFuzzer-LoadTest +RUN: not %t-LLVMFuzzer-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/value-profile-mem.test =================================================================== --- lib/Fuzzer/test/value-profile-mem.test +++ lib/Fuzzer/test/value-profile-mem.test @@ -1,2 +1,3 @@ CHECK: BINGO -RUN: not LLVMFuzzer-SingleMemcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/SingleMemcmpTest.cpp -o %t-LLVMFuzzer-SingleMemcmpTest +RUN: not %t-LLVMFuzzer-SingleMemcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/value-profile-set.test =================================================================== --- lib/Fuzzer/test/value-profile-set.test +++ lib/Fuzzer/test/value-profile-set.test @@ -1,3 +1,4 @@ CHECK: BINGO -RUN: not LLVMFuzzer-FourIndependentBranchesTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/FourIndependentBranchesTest.cpp -o %t-LLVMFuzzer-FourIndependentBranchesTest +RUN: not %t-LLVMFuzzer-FourIndependentBranchesTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/value-profile-strcmp.test =================================================================== --- lib/Fuzzer/test/value-profile-strcmp.test +++ lib/Fuzzer/test/value-profile-strcmp.test @@ -1,2 +1,3 @@ CHECK: BINGO -RUN: not LLVMFuzzer-SingleStrcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/SingleStrcmpTest.cpp -o %t-LLVMFuzzer-SingleStrcmpTest +RUN: not %t-LLVMFuzzer-SingleStrcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/value-profile-strncmp.test =================================================================== --- lib/Fuzzer/test/value-profile-strncmp.test +++ lib/Fuzzer/test/value-profile-strncmp.test @@ -1,2 +1,3 @@ CHECK: BINGO -RUN: not LLVMFuzzer-SingleStrncmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/SingleStrncmpTest.cpp -o %t-LLVMFuzzer-SingleStrncmpTest +RUN: not %t-LLVMFuzzer-SingleStrncmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s Index: lib/Fuzzer/test/value-profile-switch.test =================================================================== --- lib/Fuzzer/test/value-profile-switch.test +++ lib/Fuzzer/test/value-profile-switch.test @@ -1,3 +1,5 @@ CHECK: BINGO -RUN: not LLVMFuzzer-SwitchTest -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s -RUN: not LLVMFuzzer-Switch2Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s +RUN: %cpp_compiler %S/SwitchTest.cpp -o %t-LLVMFuzzer-SwitchTest +RUN: %cpp_compiler %S/Switch2Test.cpp -o %t-LLVMFuzzer-Switch2Test +RUN: not %t-LLVMFuzzer-SwitchTest -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s +RUN: not %t-LLVMFuzzer-Switch2Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s