Index: llvm/trunk/lib/CMakeLists.txt =================================================================== --- llvm/trunk/lib/CMakeLists.txt +++ llvm/trunk/lib/CMakeLists.txt @@ -21,7 +21,6 @@ add_subdirectory(AsmParser) add_subdirectory(LineEditor) add_subdirectory(ProfileData) -add_subdirectory(Fuzzer) add_subdirectory(Passes) add_subdirectory(ToolDrivers) add_subdirectory(XRay) Index: llvm/trunk/lib/Fuzzer/CMakeLists.txt =================================================================== --- llvm/trunk/lib/Fuzzer/CMakeLists.txt +++ llvm/trunk/lib/Fuzzer/CMakeLists.txt @@ -1,99 +0,0 @@ -include(CheckCXXSourceCompiles) - -if( APPLE ) - CHECK_CXX_SOURCE_COMPILES(" - static thread_local int blah; - int main() { - return 0; - } - " HAS_THREAD_LOCAL) - - if( NOT HAS_THREAD_LOCAL ) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Dthread_local=__thread") - endif() -endif() - -if (CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux") - set(LIBFUZZER_ENABLED_CHECK ON) -else() - set(LIBFUZZER_ENABLED_CHECK OFF) -endif() - -# Compile libFuzzer if the compilation is specifically requested, OR -# if the platform is known to be working. -set(LIBFUZZER_ENABLE ${LIBFUZZER_ENABLED_CHECK} CACHE BOOL "Build libFuzzer and its tests") -set(LIBFUZZER_ENABLE_TESTS OFF CACHE BOOL "Build libFuzzer and its tests") - -if (CMAKE_CXX_FLAGS MATCHES "fsanitize-coverage") - set(CMAKE_CXX_FLAGS - "${CMAKE_CXX_FLAGS} -fsanitize-coverage=0") -endif() - -if (LIBFUZZER_ENABLE) - add_library(LLVMFuzzerNoMainObjects OBJECT - FuzzerClangCounters.cpp - FuzzerCrossOver.cpp - FuzzerDriver.cpp - FuzzerExtFunctionsDlsym.cpp - FuzzerExtFunctionsDlsymWin.cpp - FuzzerExtFunctionsWeak.cpp - FuzzerExtraCounters.cpp - FuzzerIO.cpp - FuzzerIOPosix.cpp - FuzzerIOWindows.cpp - FuzzerLoop.cpp - FuzzerMerge.cpp - FuzzerMutate.cpp - FuzzerSHA1.cpp - FuzzerShmemPosix.cpp - FuzzerShmemWindows.cpp - FuzzerTracePC.cpp - FuzzerUtil.cpp - FuzzerUtilDarwin.cpp - FuzzerUtilLinux.cpp - FuzzerUtilPosix.cpp - FuzzerUtilWindows.cpp - ) - add_library(LLVMFuzzerNoMain STATIC - $ - ) - target_link_libraries(LLVMFuzzerNoMain ${LLVM_PTHREAD_LIB}) - add_library(LLVMFuzzer STATIC - FuzzerMain.cpp - $ - ) - target_link_libraries(LLVMFuzzer ${LLVM_PTHREAD_LIB}) - - if(LLVMFuzzer IN_LIST LLVM_DISTRIBUTION_COMPONENTS OR - NOT LLVM_DISTRIBUTION_COMPONENTS) - set(export_to_llvmexports EXPORT LLVMExports) - set_property(GLOBAL PROPERTY LLVM_HAS_EXPORTS True) - endif() - - install(TARGETS LLVMFuzzer - ${export_to_llvmexports} - ARCHIVE DESTINATION lib${LLVM_LIBDIR_SUFFIX} - COMPONENT LLVMFuzzer) - - if (NOT CMAKE_CONFIGURATION_TYPES) - add_custom_target(install-LLVMFuzzer - DEPENDS LLVMFuzzer - COMMAND "${CMAKE_COMMAND}" - -DCMAKE_INSTALL_COMPONENT=LLVMFuzzer - -P "${CMAKE_BINARY_DIR}/cmake_install.cmake") - endif() - - set_property(GLOBAL APPEND PROPERTY LLVM_EXPORTS LLVMFuzzer) -endif() - -if (MSVC) - - # Until bots are reconfigured, check-fuzzer on Windows is a no-OP. - add_custom_target(check-fuzzer) - add_custom_command(TARGET check-fuzzer - COMMAND cmake -E echo "check-fuzzer is disalbed on Windows") -else() - if (LLVM_INCLUDE_TESTS AND LIBFUZZER_ENABLE_TESTS) - add_subdirectory(test) - endif() -endif() Index: llvm/trunk/lib/Fuzzer/README.txt =================================================================== --- llvm/trunk/lib/Fuzzer/README.txt +++ llvm/trunk/lib/Fuzzer/README.txt @@ -1,2 +1,5 @@ -Move to http://llvm.org/docs/LibFuzzer.html +libFuzzer was moved to compiler-rt in https://reviews.llvm.org/D36908. +All future changes should be directed there. +The copy of sources is temporarily left in this folder for the duration of a +move. Index: llvm/trunk/lib/Fuzzer/test/AFLDriverTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/AFLDriverTest.cpp +++ llvm/trunk/lib/Fuzzer/test/AFLDriverTest.cpp @@ -1,28 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Contains dummy functions used to avoid dependency on AFL. -#include -#include -#include - -extern "C" void __afl_manual_init() {} - -extern "C" int __afl_persistent_loop(unsigned int N) { - static int Count = N; - fprintf(stderr, "__afl_persistent_loop calle, Count = %d\n", Count); - if (Count--) return 1; - return 0; -} - -// This declaration exists to prevent the Darwin linker -// from complaining about this being a missing weak symbol. -extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { - fprintf(stderr, "LLVMFuzzerInitialize called\n"); - return 0; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - fprintf(stderr, "LLVMFuzzerTestOneInput called; Size = %zd\n", Size); - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp +++ llvm/trunk/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp @@ -1,24 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// abs(x) < 0 and y == Const puzzle, 64-bit variant. -#include -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 16) return 0; - int64_t x; - uint64_t y; - memcpy(&x, Data, sizeof(x)); - memcpy(&y, Data + sizeof(x), sizeof(y)); - if (llabs(x) < 0 && y == 0xbaddcafedeadbeefULL) { - printf("BINGO; Found the target, exiting; x = 0x%lx y 0x%lx\n", x, y); - fflush(stdout); - exit(1); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/AbsNegAndConstantTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/AbsNegAndConstantTest.cpp +++ llvm/trunk/lib/Fuzzer/test/AbsNegAndConstantTest.cpp @@ -1,24 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// abs(x) < 0 and y == Const puzzle. -#include -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 8) return 0; - int x; - unsigned y; - memcpy(&x, Data, sizeof(x)); - memcpy(&y, Data + sizeof(x), sizeof(y)); - if (abs(x) < 0 && y == 0xbaddcafe) { - printf("BINGO; Found the target, exiting; x = 0x%x y 0x%x\n", x, y); - fflush(stdout); - exit(1); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/AccumulateAllocationsTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/AccumulateAllocationsTest.cpp +++ llvm/trunk/lib/Fuzzer/test/AccumulateAllocationsTest.cpp @@ -1,17 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test with a more mallocs than frees, but no leak. -#include -#include - -const int kAllocatedPointersSize = 10000; -int NumAllocatedPointers = 0; -int *AllocatedPointers[kAllocatedPointersSize]; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (NumAllocatedPointers < kAllocatedPointersSize) - AllocatedPointers[NumAllocatedPointers++] = new int; - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/BadStrcmpTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/BadStrcmpTest.cpp +++ llvm/trunk/lib/Fuzzer/test/BadStrcmpTest.cpp @@ -1,19 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test that we don't creash in case of bad strcmp params. -#include -#include -#include - -static volatile int Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size != 10) return 0; - // Data is not zero-terminated, so this call is bad. - // Still, there are cases when such calles appear, see e.g. - // https://bugs.llvm.org/show_bug.cgi?id=32357 - Sink = strcmp(reinterpret_cast(Data), "123456789"); - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/BogusInitializeTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/BogusInitializeTest.cpp +++ llvm/trunk/lib/Fuzzer/test/BogusInitializeTest.cpp @@ -1,15 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Make sure LLVMFuzzerInitialize does not change argv[0]. -#include -#include - -extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { - ***argv = 'X'; - return 0; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/BufferOverflowOnInput.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/BufferOverflowOnInput.cpp +++ llvm/trunk/lib/Fuzzer/test/BufferOverflowOnInput.cpp @@ -1,24 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find the string "Hi!". -#include -#include -#include -#include -#include -#include - -static volatile bool SeedLargeBuffer; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - assert(Data); - if (Size >= 4) - SeedLargeBuffer = true; - if (Size == 3 && SeedLargeBuffer && Data[3]) { - std::cout << "Woops, reading Data[3] w/o crashing\n" << std::flush; - exit(1); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt =================================================================== --- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt +++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt @@ -1,66 +0,0 @@ - -if(APPLE) - # LeakSanitizer is not supported on OSX and Windows right now - set(HAS_LSAN 0) - message(WARNING "LeakSanitizer is not supported." - " Building and running LibFuzzer LeakSanitizer tests is disabled." - ) -else() - set(HAS_LSAN 1) -endif() - -############################################################################### -# Unit tests -############################################################################### - -add_custom_target(FuzzerUnitTests) -set_target_properties(FuzzerUnitTests PROPERTIES FOLDER "libFuzzer tests") - -add_executable(LLVMFuzzer-Unittest FuzzerUnittest.cpp) - -target_link_libraries(LLVMFuzzer-Unittest - gtest - gtest_main - LLVMFuzzerNoMain - ) - -target_include_directories(LLVMFuzzer-Unittest PRIVATE - "${LLVM_MAIN_SRC_DIR}/utils/unittest/googletest/include" - ) - -set_target_properties(LLVMFuzzer-Unittest - PROPERTIES RUNTIME_OUTPUT_DIRECTORY - "${CMAKE_CURRENT_BINARY_DIR}" -) - -include_directories(..) - -############################################################################### -# Configure lit to run the tests -# -# Note this is done after declaring all tests so we can inform lit if any tests -# need to be disabled. -############################################################################### - -# Use just-built Clang to compile/link tests on all platforms, except for -# Windows where we need to use clang-cl instead. -set(LIBFUZZER_TEST_COMPILER ${LLVM_RUNTIME_OUTPUT_INTDIR}/clang) -set(LIBFUZZER_TEST_CXX_COMPILER ${LLVM_RUNTIME_OUTPUT_INTDIR}/clang++) - -# LIT-based libFuzzer tests. -configure_lit_site_cfg( - ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in - ${CMAKE_CURRENT_BINARY_DIR}/lit.site.cfg - ) - -# libFuzzer unit tests. -configure_lit_site_cfg( - ${CMAKE_CURRENT_SOURCE_DIR}/unit/lit.site.cfg.in - ${CMAKE_CURRENT_BINARY_DIR}/unit/lit.site.cfg - ) - -add_lit_testsuite(check-fuzzer "Running Fuzzer tests" - ${CMAKE_CURRENT_BINARY_DIR} - DEPENDS LLVMFuzzer-Unittest) - -add_dependencies(check-fuzzer LLVMFuzzer asan clang llvm-symbolizer FileCheck sancov not) Index: llvm/trunk/lib/Fuzzer/test/CallerCalleeTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/CallerCalleeTest.cpp +++ llvm/trunk/lib/Fuzzer/test/CallerCalleeTest.cpp @@ -1,59 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. -// Try to find the target using the indirect caller-callee pairs. -#include -#include -#include -#include -#include - -typedef void (*F)(); -static F t[256]; - -void f34() { - std::cerr << "BINGO\n"; - exit(1); -} -void f23() { t[(unsigned)'d'] = f34;} -void f12() { t[(unsigned)'c'] = f23;} -void f01() { t[(unsigned)'b'] = f12;} -void f00() {} - -static F t0[256] = { - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, - f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, -}; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 4) return 0; - // Spoof the counters. - for (int i = 0; i < 200; i++) { - f23(); - f12(); - f01(); - } - memcpy(t, t0, sizeof(t)); - t[(unsigned)'a'] = f01; - t[Data[0]](); - t[Data[1]](); - t[Data[2]](); - t[Data[3]](); - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/CleanseTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/CleanseTest.cpp +++ llvm/trunk/lib/Fuzzer/test/CleanseTest.cpp @@ -1,16 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test the the fuzzer is able to 'cleanse' the reproducer -// by replacing all irrelevant bytes with garbage. -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size >= 20 && Data[1] == '1' && Data[5] == '5' && Data[10] == 'A' && - Data[19] == 'Z') - abort(); - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/CounterTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/CounterTest.cpp +++ llvm/trunk/lib/Fuzzer/test/CounterTest.cpp @@ -1,18 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test for a fuzzer: must find the case where a particular basic block is -// executed many times. -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - int Num = 0; - for (size_t i = 0; i < Size; i++) - if (Data[i] == 'A' + i) - Num++; - if (Num >= 4) { - std::cerr << "BINGO!\n"; - exit(1); - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/CustomCrossOverAndMutateTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/CustomCrossOverAndMutateTest.cpp +++ llvm/trunk/lib/Fuzzer/test/CustomCrossOverAndMutateTest.cpp @@ -1,34 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test that libFuzzer does not crash when LLVMFuzzerMutate called from -// LLVMFuzzerCustomCrossOver. -#include -#include -#include -#include -#include -#include -#include - -#include "FuzzerInterface.h" - -static volatile int sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - std::string Str(reinterpret_cast(Data), Size); - if (Size && Data[0] == '0') - sink++; - return 0; -} - -extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1, - const uint8_t *Data2, size_t Size2, - uint8_t *Out, size_t MaxOutSize, - unsigned int Seed) { - std::vector Buffer(MaxOutSize * 10); - LLVMFuzzerMutate(Buffer.data(), Buffer.size(), Buffer.size()); - size_t Size = std::min(Size1, MaxOutSize); - memcpy(Out, Data1, Size); - return Size; -} Index: llvm/trunk/lib/Fuzzer/test/CustomCrossOverTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/CustomCrossOverTest.cpp +++ llvm/trunk/lib/Fuzzer/test/CustomCrossOverTest.cpp @@ -1,64 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a cutom mutator. -#include -#include -#include -#include -#include -#include -#include -#include - -#include "FuzzerInterface.h" - -static const char *Separator = "-_^_-"; -static const char *Target = "012-_^_-abc"; - -static volatile int sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - assert(Data); - std::string Str(reinterpret_cast(Data), Size); - - // Ensure that two different elements exist in the corpus. - if (Size && Data[0] == '0') sink++; - if (Size && Data[0] == 'a') sink--; - - if (Str.find(Target) != std::string::npos) { - std::cout << "BINGO; Found the target, exiting\n" << std::flush; - exit(1); - } - return 0; -} - -extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1, - const uint8_t *Data2, size_t Size2, - uint8_t *Out, size_t MaxOutSize, - unsigned int Seed) { - static bool Printed; - static size_t SeparatorLen = strlen(Separator); - - if (!Printed) { - std::cerr << "In LLVMFuzzerCustomCrossover\n"; - Printed = true; - } - - std::mt19937 R(Seed); - - size_t Offset1 = 0; - size_t Len1 = R() % (Size1 - Offset1); - size_t Offset2 = 0; - size_t Len2 = R() % (Size2 - Offset2); - size_t Size = Len1 + Len2 + SeparatorLen; - - if (Size > MaxOutSize) - return 0; - - memcpy(Out, Data1 + Offset1, Len1); - memcpy(Out + Len1, Separator, SeparatorLen); - memcpy(Out + Len1 + SeparatorLen, Data2 + Offset2, Len2); - - return Len1 + Len2 + SeparatorLen; -} Index: llvm/trunk/lib/Fuzzer/test/CustomMutatorTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/CustomMutatorTest.cpp +++ llvm/trunk/lib/Fuzzer/test/CustomMutatorTest.cpp @@ -1,39 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a cutom mutator. -#include -#include -#include -#include -#include -#include - -#include "FuzzerInterface.h" - -static volatile int Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - assert(Data); - if (Size > 0 && Data[0] == 'H') { - Sink = 1; - if (Size > 1 && Data[1] == 'i') { - Sink = 2; - if (Size > 2 && Data[2] == '!') { - std::cout << "BINGO; Found the target, exiting\n" << std::flush; - exit(1); - } - } - } - return 0; -} - -extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, - size_t MaxSize, unsigned int Seed) { - static bool Printed; - if (!Printed) { - std::cerr << "In LLVMFuzzerCustomMutator\n"; - Printed = true; - } - return LLVMFuzzerMutate(Data, Size, MaxSize); -} Index: llvm/trunk/lib/Fuzzer/test/CxxStringEqTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/CxxStringEqTest.cpp +++ llvm/trunk/lib/Fuzzer/test/CxxStringEqTest.cpp @@ -1,25 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. Must find a specific string -// used in std::string operator ==. -#include -#include -#include -#include -#include - -static volatile int Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - std::string Str((const char*)Data, Size); - bool Eq = Str == "FooBar"; - Sink = Str == "123456"; // Try to confuse the fuzzer - if (Eq) { - std::cout << "BINGO; Found the target, exiting\n"; - std::cout.flush(); - abort(); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/DSO1.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/DSO1.cpp +++ llvm/trunk/lib/Fuzzer/test/DSO1.cpp @@ -1,14 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Source code for a simple DSO. -#ifdef _WIN32 -__declspec( dllexport ) -#endif -int DSO1(int a) { - if (a < 123456) - return 0; - return 1; -} - -void Uncovered1() { } Index: llvm/trunk/lib/Fuzzer/test/DSO2.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/DSO2.cpp +++ llvm/trunk/lib/Fuzzer/test/DSO2.cpp @@ -1,14 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Source code for a simple DSO. -#ifdef _WIN32 -__declspec( dllexport ) -#endif -int DSO2(int a) { - if (a < 3598235) - return 0; - return 1; -} - -void Uncovered2() {} Index: llvm/trunk/lib/Fuzzer/test/DSOTestExtra.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/DSOTestExtra.cpp +++ llvm/trunk/lib/Fuzzer/test/DSOTestExtra.cpp @@ -1,11 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Source code for a simple DSO. - -int DSOTestExtra(int a) { - if (a < 452345) - return 0; - return 1; -} - Index: llvm/trunk/lib/Fuzzer/test/DSOTestMain.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/DSOTestMain.cpp +++ llvm/trunk/lib/Fuzzer/test/DSOTestMain.cpp @@ -1,31 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Source code for a simple DSO. - -#include -#include -#include -#include -extern int DSO1(int a); -extern int DSO2(int a); -extern int DSOTestExtra(int a); - -static volatile int *nil = 0; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - int x, y, z; - if (Size < sizeof(int) * 3) { - x = y = z = 0; - } else { - memcpy(&x, Data + 0 * sizeof(int), sizeof(int)); - memcpy(&y, Data + 1 * sizeof(int), sizeof(int)); - memcpy(&z, Data + 2 * sizeof(int), sizeof(int)); - } - int sum = DSO1(x) + DSO2(y) + (z ? DSOTestExtra(z) : 0); - if (sum == 3) { - fprintf(stderr, "BINGO %d %d %d\n", x, y, z); - *nil = 0; - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/DeepRecursionTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/DeepRecursionTest.cpp +++ llvm/trunk/lib/Fuzzer/test/DeepRecursionTest.cpp @@ -1,25 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find the deep recursion. -// To generate a crashy input: -// for((i=0;i<110;i++)); do echo -n ABCDEFGHIJ >> INPUT; done -#include -#include -#include - -static volatile int Sink; - -void Recursive(const uint8_t *Data, size_t Size, int Depth) { - if (Depth > 1000) abort(); - if (!Size) return; - if (*Data == ('A' + Depth % 10)) - Recursive(Data + 1, Size - 1, Depth + 1); - Sink++; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - Recursive(Data, Size, 0); - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/DivTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/DivTest.cpp +++ llvm/trunk/lib/Fuzzer/test/DivTest.cpp @@ -1,20 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer: find the interesting argument for div. -#include -#include -#include -#include -#include - -static volatile int Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 4) return 0; - int a; - memcpy(&a, Data, 4); - Sink = 12345678 / (987654 - a); - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/EmptyTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/EmptyTest.cpp +++ llvm/trunk/lib/Fuzzer/test/EmptyTest.cpp @@ -1,11 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. -// -// A fuzzer with empty target function. - -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/EquivalenceATest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/EquivalenceATest.cpp +++ llvm/trunk/lib/Fuzzer/test/EquivalenceATest.cpp @@ -1,17 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. -#include -#include -#include - -// Test for libFuzzer's "equivalence" fuzzing, part A. -extern "C" void LLVMFuzzerAnnounceOutput(const uint8_t *Data, size_t Size); -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - // fprintf(stderr, "A %zd\n", Size); - uint8_t Result[50]; - if (Size > 50) Size = 50; - for (size_t i = 0; i < Size; i++) - Result[Size - i - 1] = Data[i]; - LLVMFuzzerAnnounceOutput(Result, Size); - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/EquivalenceBTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/EquivalenceBTest.cpp +++ llvm/trunk/lib/Fuzzer/test/EquivalenceBTest.cpp @@ -1,27 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. -#include -#include -#include - -// Test for libFuzzer's "equivalence" fuzzing, part B. -extern "C" void LLVMFuzzerAnnounceOutput(const uint8_t *Data, size_t Size); -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - // fprintf(stderr, "B %zd\n", Size); - uint8_t Result[50]; - if (Size > 50) Size = 50; - for (size_t i = 0; i < Size; i++) - Result[Size - i - 1] = Data[i]; - - // Be a bit different from EquivalenceATest - if (Size > 10 && Data[5] == 'B' && Data[6] == 'C' && Data[7] == 'D') { - static int c; - if (!c) - fprintf(stderr, "ZZZZZZZ\n"); - c = 1; - Result[2]++; - } - - LLVMFuzzerAnnounceOutput(Result, Size); - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/FlagsTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/FlagsTest.cpp +++ llvm/trunk/lib/Fuzzer/test/FlagsTest.cpp @@ -1,32 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Parse some flags -#include -#include - -static std::vector Flags; - -extern "C" int LLVMFuzzerInitialize(int *Argc, char ***Argv) { - // Parse --flags and anything after -ignore_remaining_args=1 is passed. - int I = 1; - while (I < *Argc) { - std::string S((*Argv)[I++]); - if (S == "-ignore_remaining_args=1") - break; - if (S.substr(0, 2) == "--") - Flags.push_back(S); - } - while (I < *Argc) - Flags.push_back(std::string((*Argv)[I++])); - - return 0; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - fprintf(stderr, "BINGO "); - for (auto Flag : Flags) - fprintf(stderr, "%s ", Flag.c_str()); - fprintf(stderr, "\n"); - exit(0); -} Index: llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp +++ llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp @@ -1,22 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find the string "FUZZ". -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - int bits = 0; - if (Size > 0 && Data[0] == 'F') bits |= 1; - if (Size > 1 && Data[1] == 'U') bits |= 2; - if (Size > 2 && Data[2] == 'Z') bits |= 4; - if (Size > 3 && Data[3] == 'Z') bits |= 8; - if (bits == 15) { - std::cerr << "BINGO!\n"; - exit(1); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/FullCoverageSetTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/FullCoverageSetTest.cpp +++ llvm/trunk/lib/Fuzzer/test/FullCoverageSetTest.cpp @@ -1,24 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find the string "FUZZER". -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - int bits = 0; - if (Size > 0 && Data[0] == 'F') bits |= 1; - if (Size > 1 && Data[1] == 'U') bits |= 2; - if (Size > 2 && Data[2] == 'Z') bits |= 4; - if (Size > 3 && Data[3] == 'Z') bits |= 8; - if (Size > 4 && Data[4] == 'E') bits |= 16; - if (Size > 5 && Data[5] == 'R') bits |= 32; - if (bits == 63) { - std::cerr << "BINGO!\n"; - exit(1); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp +++ llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp @@ -1,763 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Avoid ODR violations (LibFuzzer is built without ASan and this test is built -// with ASan) involving C++ standard library types when using libcxx. -#define _LIBCPP_HAS_NO_ASAN - -// Do not attempt to use LLVM ostream from gtest. -#define GTEST_NO_LLVM_RAW_OSTREAM 1 - -#include "FuzzerCorpus.h" -#include "FuzzerDictionary.h" -#include "FuzzerInternal.h" -#include "FuzzerMerge.h" -#include "FuzzerMutate.h" -#include "FuzzerRandom.h" -#include "FuzzerTracePC.h" -#include "gtest/gtest.h" -#include -#include -#include - -using namespace fuzzer; - -// For now, have LLVMFuzzerTestOneInput just to make it link. -// Later we may want to make unittests that actually call LLVMFuzzerTestOneInput. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - abort(); -} - -TEST(Fuzzer, CrossOver) { - std::unique_ptr t(new ExternalFunctions()); - fuzzer::EF = t.get(); - Random Rand(0); - MutationDispatcher MD(Rand, {}); - Unit A({0, 1, 2}), B({5, 6, 7}); - Unit C; - Unit Expected[] = { - { 0 }, - { 0, 1 }, - { 0, 5 }, - { 0, 1, 2 }, - { 0, 1, 5 }, - { 0, 5, 1 }, - { 0, 5, 6 }, - { 0, 1, 2, 5 }, - { 0, 1, 5, 2 }, - { 0, 1, 5, 6 }, - { 0, 5, 1, 2 }, - { 0, 5, 1, 6 }, - { 0, 5, 6, 1 }, - { 0, 5, 6, 7 }, - { 0, 1, 2, 5, 6 }, - { 0, 1, 5, 2, 6 }, - { 0, 1, 5, 6, 2 }, - { 0, 1, 5, 6, 7 }, - { 0, 5, 1, 2, 6 }, - { 0, 5, 1, 6, 2 }, - { 0, 5, 1, 6, 7 }, - { 0, 5, 6, 1, 2 }, - { 0, 5, 6, 1, 7 }, - { 0, 5, 6, 7, 1 }, - { 0, 1, 2, 5, 6, 7 }, - { 0, 1, 5, 2, 6, 7 }, - { 0, 1, 5, 6, 2, 7 }, - { 0, 1, 5, 6, 7, 2 }, - { 0, 5, 1, 2, 6, 7 }, - { 0, 5, 1, 6, 2, 7 }, - { 0, 5, 1, 6, 7, 2 }, - { 0, 5, 6, 1, 2, 7 }, - { 0, 5, 6, 1, 7, 2 }, - { 0, 5, 6, 7, 1, 2 } - }; - for (size_t Len = 1; Len < 8; Len++) { - std::set FoundUnits, ExpectedUnitsWitThisLength; - for (int Iter = 0; Iter < 3000; Iter++) { - C.resize(Len); - size_t NewSize = MD.CrossOver(A.data(), A.size(), B.data(), B.size(), - C.data(), C.size()); - C.resize(NewSize); - FoundUnits.insert(C); - } - for (const Unit &U : Expected) - if (U.size() <= Len) - ExpectedUnitsWitThisLength.insert(U); - EXPECT_EQ(ExpectedUnitsWitThisLength, FoundUnits); - } -} - -TEST(Fuzzer, Hash) { - uint8_t A[] = {'a', 'b', 'c'}; - fuzzer::Unit U(A, A + sizeof(A)); - EXPECT_EQ("a9993e364706816aba3e25717850c26c9cd0d89d", fuzzer::Hash(U)); - U.push_back('d'); - EXPECT_EQ("81fe8bfe87576c3ecb22426f8e57847382917acf", fuzzer::Hash(U)); -} - -typedef size_t (MutationDispatcher::*Mutator)(uint8_t *Data, size_t Size, - size_t MaxSize); - -void TestEraseBytes(Mutator M, int NumIter) { - std::unique_ptr t(new ExternalFunctions()); - fuzzer::EF = t.get(); - uint8_t REM0[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t REM1[8] = {0x00, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t REM2[8] = {0x00, 0x11, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t REM3[8] = {0x00, 0x11, 0x22, 0x44, 0x55, 0x66, 0x77}; - uint8_t REM4[8] = {0x00, 0x11, 0x22, 0x33, 0x55, 0x66, 0x77}; - uint8_t REM5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x66, 0x77}; - uint8_t REM6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x77}; - uint8_t REM7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66}; - - uint8_t REM8[6] = {0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t REM9[6] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55}; - uint8_t REM10[6] = {0x00, 0x11, 0x22, 0x55, 0x66, 0x77}; - - uint8_t REM11[5] = {0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t REM12[5] = {0x00, 0x11, 0x22, 0x33, 0x44}; - uint8_t REM13[5] = {0x00, 0x44, 0x55, 0x66, 0x77}; - - - Random Rand(0); - MutationDispatcher MD(Rand, {}); - int FoundMask = 0; - for (int i = 0; i < NumIter; i++) { - uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - size_t NewSize = (MD.*M)(T, sizeof(T), sizeof(T)); - if (NewSize == 7 && !memcmp(REM0, T, 7)) FoundMask |= 1 << 0; - if (NewSize == 7 && !memcmp(REM1, T, 7)) FoundMask |= 1 << 1; - if (NewSize == 7 && !memcmp(REM2, T, 7)) FoundMask |= 1 << 2; - if (NewSize == 7 && !memcmp(REM3, T, 7)) FoundMask |= 1 << 3; - if (NewSize == 7 && !memcmp(REM4, T, 7)) FoundMask |= 1 << 4; - if (NewSize == 7 && !memcmp(REM5, T, 7)) FoundMask |= 1 << 5; - if (NewSize == 7 && !memcmp(REM6, T, 7)) FoundMask |= 1 << 6; - if (NewSize == 7 && !memcmp(REM7, T, 7)) FoundMask |= 1 << 7; - - if (NewSize == 6 && !memcmp(REM8, T, 6)) FoundMask |= 1 << 8; - if (NewSize == 6 && !memcmp(REM9, T, 6)) FoundMask |= 1 << 9; - if (NewSize == 6 && !memcmp(REM10, T, 6)) FoundMask |= 1 << 10; - - if (NewSize == 5 && !memcmp(REM11, T, 5)) FoundMask |= 1 << 11; - if (NewSize == 5 && !memcmp(REM12, T, 5)) FoundMask |= 1 << 12; - if (NewSize == 5 && !memcmp(REM13, T, 5)) FoundMask |= 1 << 13; - } - EXPECT_EQ(FoundMask, (1 << 14) - 1); -} - -TEST(FuzzerMutate, EraseBytes1) { - TestEraseBytes(&MutationDispatcher::Mutate_EraseBytes, 200); -} -TEST(FuzzerMutate, EraseBytes2) { - TestEraseBytes(&MutationDispatcher::Mutate, 2000); -} - -void TestInsertByte(Mutator M, int NumIter) { - std::unique_ptr t(new ExternalFunctions()); - fuzzer::EF = t.get(); - Random Rand(0); - MutationDispatcher MD(Rand, {}); - int FoundMask = 0; - uint8_t INS0[8] = {0xF1, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66}; - uint8_t INS1[8] = {0x00, 0xF2, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66}; - uint8_t INS2[8] = {0x00, 0x11, 0xF3, 0x22, 0x33, 0x44, 0x55, 0x66}; - uint8_t INS3[8] = {0x00, 0x11, 0x22, 0xF4, 0x33, 0x44, 0x55, 0x66}; - uint8_t INS4[8] = {0x00, 0x11, 0x22, 0x33, 0xF5, 0x44, 0x55, 0x66}; - uint8_t INS5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0xF6, 0x55, 0x66}; - uint8_t INS6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0xF7, 0x66}; - uint8_t INS7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF8}; - for (int i = 0; i < NumIter; i++) { - uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66}; - size_t NewSize = (MD.*M)(T, 7, 8); - if (NewSize == 8 && !memcmp(INS0, T, 8)) FoundMask |= 1 << 0; - if (NewSize == 8 && !memcmp(INS1, T, 8)) FoundMask |= 1 << 1; - if (NewSize == 8 && !memcmp(INS2, T, 8)) FoundMask |= 1 << 2; - if (NewSize == 8 && !memcmp(INS3, T, 8)) FoundMask |= 1 << 3; - if (NewSize == 8 && !memcmp(INS4, T, 8)) FoundMask |= 1 << 4; - if (NewSize == 8 && !memcmp(INS5, T, 8)) FoundMask |= 1 << 5; - if (NewSize == 8 && !memcmp(INS6, T, 8)) FoundMask |= 1 << 6; - if (NewSize == 8 && !memcmp(INS7, T, 8)) FoundMask |= 1 << 7; - } - EXPECT_EQ(FoundMask, 255); -} - -TEST(FuzzerMutate, InsertByte1) { - TestInsertByte(&MutationDispatcher::Mutate_InsertByte, 1 << 15); -} -TEST(FuzzerMutate, InsertByte2) { - TestInsertByte(&MutationDispatcher::Mutate, 1 << 17); -} - -void TestInsertRepeatedBytes(Mutator M, int NumIter) { - std::unique_ptr t(new ExternalFunctions()); - fuzzer::EF = t.get(); - Random Rand(0); - MutationDispatcher MD(Rand, {}); - int FoundMask = 0; - uint8_t INS0[7] = {0x00, 0x11, 0x22, 0x33, 'a', 'a', 'a'}; - uint8_t INS1[7] = {0x00, 0x11, 0x22, 'a', 'a', 'a', 0x33}; - uint8_t INS2[7] = {0x00, 0x11, 'a', 'a', 'a', 0x22, 0x33}; - uint8_t INS3[7] = {0x00, 'a', 'a', 'a', 0x11, 0x22, 0x33}; - uint8_t INS4[7] = {'a', 'a', 'a', 0x00, 0x11, 0x22, 0x33}; - - uint8_t INS5[8] = {0x00, 0x11, 0x22, 0x33, 'b', 'b', 'b', 'b'}; - uint8_t INS6[8] = {0x00, 0x11, 0x22, 'b', 'b', 'b', 'b', 0x33}; - uint8_t INS7[8] = {0x00, 0x11, 'b', 'b', 'b', 'b', 0x22, 0x33}; - uint8_t INS8[8] = {0x00, 'b', 'b', 'b', 'b', 0x11, 0x22, 0x33}; - uint8_t INS9[8] = {'b', 'b', 'b', 'b', 0x00, 0x11, 0x22, 0x33}; - - for (int i = 0; i < NumIter; i++) { - uint8_t T[8] = {0x00, 0x11, 0x22, 0x33}; - size_t NewSize = (MD.*M)(T, 4, 8); - if (NewSize == 7 && !memcmp(INS0, T, 7)) FoundMask |= 1 << 0; - if (NewSize == 7 && !memcmp(INS1, T, 7)) FoundMask |= 1 << 1; - if (NewSize == 7 && !memcmp(INS2, T, 7)) FoundMask |= 1 << 2; - if (NewSize == 7 && !memcmp(INS3, T, 7)) FoundMask |= 1 << 3; - if (NewSize == 7 && !memcmp(INS4, T, 7)) FoundMask |= 1 << 4; - - if (NewSize == 8 && !memcmp(INS5, T, 8)) FoundMask |= 1 << 5; - if (NewSize == 8 && !memcmp(INS6, T, 8)) FoundMask |= 1 << 6; - if (NewSize == 8 && !memcmp(INS7, T, 8)) FoundMask |= 1 << 7; - if (NewSize == 8 && !memcmp(INS8, T, 8)) FoundMask |= 1 << 8; - if (NewSize == 8 && !memcmp(INS9, T, 8)) FoundMask |= 1 << 9; - - } - EXPECT_EQ(FoundMask, (1 << 10) - 1); -} - -TEST(FuzzerMutate, InsertRepeatedBytes1) { - TestInsertRepeatedBytes(&MutationDispatcher::Mutate_InsertRepeatedBytes, 10000); -} -TEST(FuzzerMutate, InsertRepeatedBytes2) { - TestInsertRepeatedBytes(&MutationDispatcher::Mutate, 300000); -} - -void TestChangeByte(Mutator M, int NumIter) { - std::unique_ptr t(new ExternalFunctions()); - fuzzer::EF = t.get(); - Random Rand(0); - MutationDispatcher MD(Rand, {}); - int FoundMask = 0; - uint8_t CH0[8] = {0xF0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t CH1[8] = {0x00, 0xF1, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t CH2[8] = {0x00, 0x11, 0xF2, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t CH3[8] = {0x00, 0x11, 0x22, 0xF3, 0x44, 0x55, 0x66, 0x77}; - uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0xF4, 0x55, 0x66, 0x77}; - uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0xF5, 0x66, 0x77}; - uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0xF5, 0x77}; - uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF7}; - for (int i = 0; i < NumIter; i++) { - uint8_t T[9] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - size_t NewSize = (MD.*M)(T, 8, 9); - if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0; - if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1; - if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2; - if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3; - if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4; - if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5; - if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6; - if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7; - } - EXPECT_EQ(FoundMask, 255); -} - -TEST(FuzzerMutate, ChangeByte1) { - TestChangeByte(&MutationDispatcher::Mutate_ChangeByte, 1 << 15); -} -TEST(FuzzerMutate, ChangeByte2) { - TestChangeByte(&MutationDispatcher::Mutate, 1 << 17); -} - -void TestChangeBit(Mutator M, int NumIter) { - std::unique_ptr t(new ExternalFunctions()); - fuzzer::EF = t.get(); - Random Rand(0); - MutationDispatcher MD(Rand, {}); - int FoundMask = 0; - uint8_t CH0[8] = {0x01, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t CH1[8] = {0x00, 0x13, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t CH2[8] = {0x00, 0x11, 0x02, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t CH3[8] = {0x00, 0x11, 0x22, 0x37, 0x44, 0x55, 0x66, 0x77}; - uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0x54, 0x55, 0x66, 0x77}; - uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x54, 0x66, 0x77}; - uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x76, 0x77}; - uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF7}; - for (int i = 0; i < NumIter; i++) { - uint8_t T[9] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - size_t NewSize = (MD.*M)(T, 8, 9); - if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0; - if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1; - if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2; - if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3; - if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4; - if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5; - if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6; - if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7; - } - EXPECT_EQ(FoundMask, 255); -} - -TEST(FuzzerMutate, ChangeBit1) { - TestChangeBit(&MutationDispatcher::Mutate_ChangeBit, 1 << 16); -} -TEST(FuzzerMutate, ChangeBit2) { - TestChangeBit(&MutationDispatcher::Mutate, 1 << 18); -} - -void TestShuffleBytes(Mutator M, int NumIter) { - std::unique_ptr t(new ExternalFunctions()); - fuzzer::EF = t.get(); - Random Rand(0); - MutationDispatcher MD(Rand, {}); - int FoundMask = 0; - uint8_t CH0[7] = {0x00, 0x22, 0x11, 0x33, 0x44, 0x55, 0x66}; - uint8_t CH1[7] = {0x11, 0x00, 0x33, 0x22, 0x44, 0x55, 0x66}; - uint8_t CH2[7] = {0x00, 0x33, 0x11, 0x22, 0x44, 0x55, 0x66}; - uint8_t CH3[7] = {0x00, 0x11, 0x22, 0x44, 0x55, 0x66, 0x33}; - uint8_t CH4[7] = {0x00, 0x11, 0x22, 0x33, 0x55, 0x44, 0x66}; - for (int i = 0; i < NumIter; i++) { - uint8_t T[7] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66}; - size_t NewSize = (MD.*M)(T, 7, 7); - if (NewSize == 7 && !memcmp(CH0, T, 7)) FoundMask |= 1 << 0; - if (NewSize == 7 && !memcmp(CH1, T, 7)) FoundMask |= 1 << 1; - if (NewSize == 7 && !memcmp(CH2, T, 7)) FoundMask |= 1 << 2; - if (NewSize == 7 && !memcmp(CH3, T, 7)) FoundMask |= 1 << 3; - if (NewSize == 7 && !memcmp(CH4, T, 7)) FoundMask |= 1 << 4; - } - EXPECT_EQ(FoundMask, 31); -} - -TEST(FuzzerMutate, ShuffleBytes1) { - TestShuffleBytes(&MutationDispatcher::Mutate_ShuffleBytes, 1 << 16); -} -TEST(FuzzerMutate, ShuffleBytes2) { - TestShuffleBytes(&MutationDispatcher::Mutate, 1 << 20); -} - -void TestCopyPart(Mutator M, int NumIter) { - std::unique_ptr t(new ExternalFunctions()); - fuzzer::EF = t.get(); - Random Rand(0); - MutationDispatcher MD(Rand, {}); - int FoundMask = 0; - uint8_t CH0[7] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x00, 0x11}; - uint8_t CH1[7] = {0x55, 0x66, 0x22, 0x33, 0x44, 0x55, 0x66}; - uint8_t CH2[7] = {0x00, 0x55, 0x66, 0x33, 0x44, 0x55, 0x66}; - uint8_t CH3[7] = {0x00, 0x11, 0x22, 0x00, 0x11, 0x22, 0x66}; - uint8_t CH4[7] = {0x00, 0x11, 0x11, 0x22, 0x33, 0x55, 0x66}; - - for (int i = 0; i < NumIter; i++) { - uint8_t T[7] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66}; - size_t NewSize = (MD.*M)(T, 7, 7); - if (NewSize == 7 && !memcmp(CH0, T, 7)) FoundMask |= 1 << 0; - if (NewSize == 7 && !memcmp(CH1, T, 7)) FoundMask |= 1 << 1; - if (NewSize == 7 && !memcmp(CH2, T, 7)) FoundMask |= 1 << 2; - if (NewSize == 7 && !memcmp(CH3, T, 7)) FoundMask |= 1 << 3; - if (NewSize == 7 && !memcmp(CH4, T, 7)) FoundMask |= 1 << 4; - } - - uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x00, 0x11, 0x22}; - uint8_t CH6[8] = {0x22, 0x33, 0x44, 0x00, 0x11, 0x22, 0x33, 0x44}; - uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x00, 0x11, 0x22, 0x33, 0x44}; - uint8_t CH8[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x22, 0x33, 0x44}; - uint8_t CH9[8] = {0x00, 0x11, 0x22, 0x22, 0x33, 0x44, 0x33, 0x44}; - - for (int i = 0; i < NumIter; i++) { - uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - size_t NewSize = (MD.*M)(T, 5, 8); - if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5; - if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6; - if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7; - if (NewSize == 8 && !memcmp(CH8, T, 8)) FoundMask |= 1 << 8; - if (NewSize == 8 && !memcmp(CH9, T, 8)) FoundMask |= 1 << 9; - } - - EXPECT_EQ(FoundMask, 1023); -} - -TEST(FuzzerMutate, CopyPart1) { - TestCopyPart(&MutationDispatcher::Mutate_CopyPart, 1 << 10); -} -TEST(FuzzerMutate, CopyPart2) { - TestCopyPart(&MutationDispatcher::Mutate, 1 << 13); -} - -void TestAddWordFromDictionary(Mutator M, int NumIter) { - std::unique_ptr t(new ExternalFunctions()); - fuzzer::EF = t.get(); - Random Rand(0); - MutationDispatcher MD(Rand, {}); - uint8_t Word1[4] = {0xAA, 0xBB, 0xCC, 0xDD}; - uint8_t Word2[3] = {0xFF, 0xEE, 0xEF}; - MD.AddWordToManualDictionary(Word(Word1, sizeof(Word1))); - MD.AddWordToManualDictionary(Word(Word2, sizeof(Word2))); - int FoundMask = 0; - uint8_t CH0[7] = {0x00, 0x11, 0x22, 0xAA, 0xBB, 0xCC, 0xDD}; - uint8_t CH1[7] = {0x00, 0x11, 0xAA, 0xBB, 0xCC, 0xDD, 0x22}; - uint8_t CH2[7] = {0x00, 0xAA, 0xBB, 0xCC, 0xDD, 0x11, 0x22}; - uint8_t CH3[7] = {0xAA, 0xBB, 0xCC, 0xDD, 0x00, 0x11, 0x22}; - uint8_t CH4[6] = {0x00, 0x11, 0x22, 0xFF, 0xEE, 0xEF}; - uint8_t CH5[6] = {0x00, 0x11, 0xFF, 0xEE, 0xEF, 0x22}; - uint8_t CH6[6] = {0x00, 0xFF, 0xEE, 0xEF, 0x11, 0x22}; - uint8_t CH7[6] = {0xFF, 0xEE, 0xEF, 0x00, 0x11, 0x22}; - for (int i = 0; i < NumIter; i++) { - uint8_t T[7] = {0x00, 0x11, 0x22}; - size_t NewSize = (MD.*M)(T, 3, 7); - if (NewSize == 7 && !memcmp(CH0, T, 7)) FoundMask |= 1 << 0; - if (NewSize == 7 && !memcmp(CH1, T, 7)) FoundMask |= 1 << 1; - if (NewSize == 7 && !memcmp(CH2, T, 7)) FoundMask |= 1 << 2; - if (NewSize == 7 && !memcmp(CH3, T, 7)) FoundMask |= 1 << 3; - if (NewSize == 6 && !memcmp(CH4, T, 6)) FoundMask |= 1 << 4; - if (NewSize == 6 && !memcmp(CH5, T, 6)) FoundMask |= 1 << 5; - if (NewSize == 6 && !memcmp(CH6, T, 6)) FoundMask |= 1 << 6; - if (NewSize == 6 && !memcmp(CH7, T, 6)) FoundMask |= 1 << 7; - } - EXPECT_EQ(FoundMask, 255); -} - -TEST(FuzzerMutate, AddWordFromDictionary1) { - TestAddWordFromDictionary( - &MutationDispatcher::Mutate_AddWordFromManualDictionary, 1 << 15); -} - -TEST(FuzzerMutate, AddWordFromDictionary2) { - TestAddWordFromDictionary(&MutationDispatcher::Mutate, 1 << 15); -} - -void TestChangeASCIIInteger(Mutator M, int NumIter) { - std::unique_ptr t(new ExternalFunctions()); - fuzzer::EF = t.get(); - Random Rand(0); - MutationDispatcher MD(Rand, {}); - - uint8_t CH0[8] = {'1', '2', '3', '4', '5', '6', '7', '7'}; - uint8_t CH1[8] = {'1', '2', '3', '4', '5', '6', '7', '9'}; - uint8_t CH2[8] = {'2', '4', '6', '9', '1', '3', '5', '6'}; - uint8_t CH3[8] = {'0', '6', '1', '7', '2', '8', '3', '9'}; - int FoundMask = 0; - for (int i = 0; i < NumIter; i++) { - uint8_t T[8] = {'1', '2', '3', '4', '5', '6', '7', '8'}; - size_t NewSize = (MD.*M)(T, 8, 8); - /**/ if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0; - else if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1; - else if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2; - else if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3; - else if (NewSize == 8) FoundMask |= 1 << 4; - } - EXPECT_EQ(FoundMask, 31); -} - -TEST(FuzzerMutate, ChangeASCIIInteger1) { - TestChangeASCIIInteger(&MutationDispatcher::Mutate_ChangeASCIIInteger, - 1 << 15); -} - -TEST(FuzzerMutate, ChangeASCIIInteger2) { - TestChangeASCIIInteger(&MutationDispatcher::Mutate, 1 << 15); -} - -void TestChangeBinaryInteger(Mutator M, int NumIter) { - std::unique_ptr t(new ExternalFunctions()); - fuzzer::EF = t.get(); - Random Rand(0); - MutationDispatcher MD(Rand, {}); - - uint8_t CH0[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x79}; - uint8_t CH1[8] = {0x00, 0x11, 0x22, 0x31, 0x44, 0x55, 0x66, 0x77}; - uint8_t CH2[8] = {0xff, 0x10, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t CH3[8] = {0x00, 0x11, 0x2a, 0x33, 0x44, 0x55, 0x66, 0x77}; - uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x4f, 0x66, 0x77}; - uint8_t CH5[8] = {0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88}; - uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x00, 0x00, 0x00, 0x08, 0x77}; // Size - uint8_t CH7[8] = {0x00, 0x08, 0x00, 0x33, 0x44, 0x55, 0x66, 0x77}; // Sw(Size) - - int FoundMask = 0; - for (int i = 0; i < NumIter; i++) { - uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; - size_t NewSize = (MD.*M)(T, 8, 8); - /**/ if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0; - else if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1; - else if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2; - else if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3; - else if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4; - else if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5; - else if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6; - else if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7; - } - EXPECT_EQ(FoundMask, 255); -} - -TEST(FuzzerMutate, ChangeBinaryInteger1) { - TestChangeBinaryInteger(&MutationDispatcher::Mutate_ChangeBinaryInteger, - 1 << 12); -} - -TEST(FuzzerMutate, ChangeBinaryInteger2) { - TestChangeBinaryInteger(&MutationDispatcher::Mutate, 1 << 15); -} - - -TEST(FuzzerDictionary, ParseOneDictionaryEntry) { - Unit U; - EXPECT_FALSE(ParseOneDictionaryEntry("", &U)); - EXPECT_FALSE(ParseOneDictionaryEntry(" ", &U)); - EXPECT_FALSE(ParseOneDictionaryEntry("\t ", &U)); - EXPECT_FALSE(ParseOneDictionaryEntry(" \" ", &U)); - EXPECT_FALSE(ParseOneDictionaryEntry(" zz\" ", &U)); - EXPECT_FALSE(ParseOneDictionaryEntry(" \"zz ", &U)); - EXPECT_FALSE(ParseOneDictionaryEntry(" \"\" ", &U)); - EXPECT_TRUE(ParseOneDictionaryEntry("\"a\"", &U)); - EXPECT_EQ(U, Unit({'a'})); - EXPECT_TRUE(ParseOneDictionaryEntry("\"abc\"", &U)); - EXPECT_EQ(U, Unit({'a', 'b', 'c'})); - EXPECT_TRUE(ParseOneDictionaryEntry("abc=\"abc\"", &U)); - EXPECT_EQ(U, Unit({'a', 'b', 'c'})); - EXPECT_FALSE(ParseOneDictionaryEntry("\"\\\"", &U)); - EXPECT_TRUE(ParseOneDictionaryEntry("\"\\\\\"", &U)); - EXPECT_EQ(U, Unit({'\\'})); - EXPECT_TRUE(ParseOneDictionaryEntry("\"\\xAB\"", &U)); - EXPECT_EQ(U, Unit({0xAB})); - EXPECT_TRUE(ParseOneDictionaryEntry("\"\\xABz\\xDE\"", &U)); - EXPECT_EQ(U, Unit({0xAB, 'z', 0xDE})); - EXPECT_TRUE(ParseOneDictionaryEntry("\"#\"", &U)); - EXPECT_EQ(U, Unit({'#'})); - EXPECT_TRUE(ParseOneDictionaryEntry("\"\\\"\"", &U)); - EXPECT_EQ(U, Unit({'"'})); -} - -TEST(FuzzerDictionary, ParseDictionaryFile) { - std::vector Units; - EXPECT_FALSE(ParseDictionaryFile("zzz\n", &Units)); - EXPECT_FALSE(ParseDictionaryFile("", &Units)); - EXPECT_TRUE(ParseDictionaryFile("\n", &Units)); - EXPECT_EQ(Units.size(), 0U); - EXPECT_TRUE(ParseDictionaryFile("#zzzz a b c d\n", &Units)); - EXPECT_EQ(Units.size(), 0U); - EXPECT_TRUE(ParseDictionaryFile(" #zzzz\n", &Units)); - EXPECT_EQ(Units.size(), 0U); - EXPECT_TRUE(ParseDictionaryFile(" #zzzz\n", &Units)); - EXPECT_EQ(Units.size(), 0U); - EXPECT_TRUE(ParseDictionaryFile(" #zzzz\naaa=\"aa\"", &Units)); - EXPECT_EQ(Units, std::vector({Unit({'a', 'a'})})); - EXPECT_TRUE( - ParseDictionaryFile(" #zzzz\naaa=\"aa\"\n\nabc=\"abc\"", &Units)); - EXPECT_EQ(Units, - std::vector({Unit({'a', 'a'}), Unit({'a', 'b', 'c'})})); -} - -TEST(FuzzerUtil, Base64) { - EXPECT_EQ("", Base64({})); - EXPECT_EQ("YQ==", Base64({'a'})); - EXPECT_EQ("eA==", Base64({'x'})); - EXPECT_EQ("YWI=", Base64({'a', 'b'})); - EXPECT_EQ("eHk=", Base64({'x', 'y'})); - EXPECT_EQ("YWJj", Base64({'a', 'b', 'c'})); - EXPECT_EQ("eHl6", Base64({'x', 'y', 'z'})); - EXPECT_EQ("YWJjeA==", Base64({'a', 'b', 'c', 'x'})); - EXPECT_EQ("YWJjeHk=", Base64({'a', 'b', 'c', 'x', 'y'})); - EXPECT_EQ("YWJjeHl6", Base64({'a', 'b', 'c', 'x', 'y', 'z'})); -} - -TEST(Corpus, Distribution) { - Random Rand(0); - std::unique_ptr C(new InputCorpus("")); - size_t N = 10; - size_t TriesPerUnit = 1<<16; - for (size_t i = 0; i < N; i++) - C->AddToCorpus(Unit{ static_cast(i) }, 1, false, {}); - - std::vector Hist(N); - for (size_t i = 0; i < N * TriesPerUnit; i++) { - Hist[C->ChooseUnitIdxToMutate(Rand)]++; - } - for (size_t i = 0; i < N; i++) { - // A weak sanity check that every unit gets invoked. - EXPECT_GT(Hist[i], TriesPerUnit / N / 3); - } -} - -TEST(Merge, Bad) { - const char *kInvalidInputs[] = { - "", - "x", - "3\nx", - "2\n3", - "2\n2", - "2\n2\nA\n", - "2\n2\nA\nB\nC\n", - "0\n0\n", - "1\n1\nA\nDONE 0", - "1\n1\nA\nSTARTED 1", - }; - Merger M; - for (auto S : kInvalidInputs) { - // fprintf(stderr, "TESTING:\n%s\n", S); - EXPECT_FALSE(M.Parse(S, false)); - } -} - -void EQ(const std::vector &A, const std::vector &B) { - EXPECT_EQ(A, B); -} - -void EQ(const std::vector &A, const std::vector &B) { - std::set a(A.begin(), A.end()); - std::set b(B.begin(), B.end()); - EXPECT_EQ(a, b); -} - -static void Merge(const std::string &Input, - const std::vector Result, - size_t NumNewFeatures) { - Merger M; - std::vector NewFiles; - EXPECT_TRUE(M.Parse(Input, true)); - std::stringstream SS; - M.PrintSummary(SS); - EXPECT_EQ(NumNewFeatures, M.Merge(&NewFiles)); - EXPECT_EQ(M.AllFeatures(), M.ParseSummary(SS)); - EQ(NewFiles, Result); -} - -TEST(Merge, Good) { - Merger M; - - EXPECT_TRUE(M.Parse("1\n0\nAA\n", false)); - EXPECT_EQ(M.Files.size(), 1U); - EXPECT_EQ(M.NumFilesInFirstCorpus, 0U); - EXPECT_EQ(M.Files[0].Name, "AA"); - EXPECT_TRUE(M.LastFailure.empty()); - EXPECT_EQ(M.FirstNotProcessedFile, 0U); - - EXPECT_TRUE(M.Parse("2\n1\nAA\nBB\nSTARTED 0 42\n", false)); - EXPECT_EQ(M.Files.size(), 2U); - EXPECT_EQ(M.NumFilesInFirstCorpus, 1U); - EXPECT_EQ(M.Files[0].Name, "AA"); - EXPECT_EQ(M.Files[1].Name, "BB"); - EXPECT_EQ(M.LastFailure, "AA"); - EXPECT_EQ(M.FirstNotProcessedFile, 1U); - - EXPECT_TRUE(M.Parse("3\n1\nAA\nBB\nC\n" - "STARTED 0 1000\n" - "DONE 0 1 2 3\n" - "STARTED 1 1001\n" - "DONE 1 4 5 6 \n" - "STARTED 2 1002\n" - "", true)); - EXPECT_EQ(M.Files.size(), 3U); - EXPECT_EQ(M.NumFilesInFirstCorpus, 1U); - EXPECT_EQ(M.Files[0].Name, "AA"); - EXPECT_EQ(M.Files[0].Size, 1000U); - EXPECT_EQ(M.Files[1].Name, "BB"); - EXPECT_EQ(M.Files[1].Size, 1001U); - EXPECT_EQ(M.Files[2].Name, "C"); - EXPECT_EQ(M.Files[2].Size, 1002U); - EXPECT_EQ(M.LastFailure, "C"); - EXPECT_EQ(M.FirstNotProcessedFile, 3U); - EQ(M.Files[0].Features, {1, 2, 3}); - EQ(M.Files[1].Features, {4, 5, 6}); - - - std::vector NewFiles; - - EXPECT_TRUE(M.Parse("3\n2\nAA\nBB\nC\n" - "STARTED 0 1000\nDONE 0 1 2 3\n" - "STARTED 1 1001\nDONE 1 4 5 6 \n" - "STARTED 2 1002\nDONE 2 6 1 3 \n" - "", true)); - EXPECT_EQ(M.Files.size(), 3U); - EXPECT_EQ(M.NumFilesInFirstCorpus, 2U); - EXPECT_TRUE(M.LastFailure.empty()); - EXPECT_EQ(M.FirstNotProcessedFile, 3U); - EQ(M.Files[0].Features, {1, 2, 3}); - EQ(M.Files[1].Features, {4, 5, 6}); - EQ(M.Files[2].Features, {1, 3, 6}); - EXPECT_EQ(0U, M.Merge(&NewFiles)); - EQ(NewFiles, {}); - - EXPECT_TRUE(M.Parse("3\n1\nA\nB\nC\n" - "STARTED 0 1000\nDONE 0 1 2 3\n" - "STARTED 1 1001\nDONE 1 4 5 6 \n" - "STARTED 2 1002\nDONE 2 6 1 3\n" - "", true)); - EQ(M.Files[0].Features, {1, 2, 3}); - EQ(M.Files[1].Features, {4, 5, 6}); - EQ(M.Files[2].Features, {1, 3, 6}); - EXPECT_EQ(3U, M.Merge(&NewFiles)); - EQ(NewFiles, {"B"}); - - // Same as the above, but with InitialFeatures. - EXPECT_TRUE(M.Parse("2\n0\nB\nC\n" - "STARTED 0 1001\nDONE 0 4 5 6 \n" - "STARTED 1 1002\nDONE 1 6 1 3\n" - "", true)); - EQ(M.Files[0].Features, {4, 5, 6}); - EQ(M.Files[1].Features, {1, 3, 6}); - EXPECT_EQ(3U, M.Merge({1, 2, 3}, &NewFiles)); - EQ(NewFiles, {"B"}); -} - -TEST(Merge, Merge) { - - Merge("3\n1\nA\nB\nC\n" - "STARTED 0 1000\nDONE 0 1 2 3\n" - "STARTED 1 1001\nDONE 1 4 5 6 \n" - "STARTED 2 1002\nDONE 2 6 1 3 \n", - {"B"}, 3); - - Merge("3\n0\nA\nB\nC\n" - "STARTED 0 2000\nDONE 0 1 2 3\n" - "STARTED 1 1001\nDONE 1 4 5 6 \n" - "STARTED 2 1002\nDONE 2 6 1 3 \n", - {"A", "B", "C"}, 6); - - Merge("4\n0\nA\nB\nC\nD\n" - "STARTED 0 2000\nDONE 0 1 2 3\n" - "STARTED 1 1101\nDONE 1 4 5 6 \n" - "STARTED 2 1102\nDONE 2 6 1 3 100 \n" - "STARTED 3 1000\nDONE 3 1 \n", - {"A", "B", "C", "D"}, 7); - - Merge("4\n1\nA\nB\nC\nD\n" - "STARTED 0 2000\nDONE 0 4 5 6 7 8\n" - "STARTED 1 1100\nDONE 1 1 2 3 \n" - "STARTED 2 1100\nDONE 2 2 3 \n" - "STARTED 3 1000\nDONE 3 1 \n", - {"B", "D"}, 3); -} - -TEST(Fuzzer, ForEachNonZeroByte) { - const size_t N = 64; - alignas(64) uint8_t Ar[N + 8] = { - 0, 0, 0, 0, 0, 0, 0, 0, - 1, 2, 0, 0, 0, 0, 0, 0, - 0, 0, 3, 0, 4, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 5, 0, 6, 0, 0, - 0, 0, 0, 0, 0, 0, 7, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 8, - 9, 9, 9, 9, 9, 9, 9, 9, - }; - typedef std::vector > Vec; - Vec Res, Expected; - auto CB = [&](size_t FirstFeature, size_t Idx, uint8_t V) { - Res.push_back({FirstFeature + Idx, V}); - }; - ForEachNonZeroByte(Ar, Ar + N, 100, CB); - Expected = {{108, 1}, {109, 2}, {118, 3}, {120, 4}, - {135, 5}, {137, 6}, {146, 7}, {163, 8}}; - EXPECT_EQ(Res, Expected); - - Res.clear(); - ForEachNonZeroByte(Ar + 9, Ar + N, 109, CB); - Expected = { {109, 2}, {118, 3}, {120, 4}, - {135, 5}, {137, 6}, {146, 7}, {163, 8}}; - EXPECT_EQ(Res, Expected); - - Res.clear(); - ForEachNonZeroByte(Ar + 9, Ar + N - 9, 109, CB); - Expected = { {109, 2}, {118, 3}, {120, 4}, - {135, 5}, {137, 6}, {146, 7}}; - EXPECT_EQ(Res, Expected); -} Index: llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp +++ llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp @@ -1,28 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Make sure LLVMFuzzerInitialize is called. -#include -#include -#include -#include -#include -#include - -static char *argv0; - -extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { - assert(*argc > 0); - argv0 = **argv; - fprintf(stderr, "LLVMFuzzerInitialize: %s\n", argv0); - return 0; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size == strlen(argv0) && - !memmem(Data, Size, argv0, Size)) { - fprintf(stderr, "BINGO %s\n", argv0); - exit(1); - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/LargeTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/LargeTest.cpp +++ llvm/trunk/lib/Fuzzer/test/LargeTest.cpp @@ -1,37 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// A fuzz target with lots of edges. -#include -#include - -static inline void break_optimization(const void *arg) { - __asm__ __volatile__("" : : "r" (arg) : "memory"); -} - -#define A \ - do { \ - i++; \ - c++; \ - if (Data[(i + __LINE__) % Size] == (c % 256)) \ - break_optimization(Data); \ - else \ - break_optimization(0); \ - } while (0) - -// for (int i = 0, n = Data[(__LINE__ - 1) % Size] % 16; i < n; i++) - -#define B do{A; A; A; A; A; A; A; A; A; A; A; A; A; A; A; A; A; A; }while(0) -#define C do{B; B; B; B; B; B; B; B; B; B; B; B; B; B; B; B; B; B; }while(0) -#define D do{C; C; C; C; C; C; C; C; C; C; C; C; C; C; C; C; C; C; }while(0) -#define E do{D; D; D; D; D; D; D; D; D; D; D; D; D; D; D; D; D; D; }while(0) - -volatile int sink; -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (!Size) return 0; - int c = 0; - int i = 0; - D; - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/LeakTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/LeakTest.cpp +++ llvm/trunk/lib/Fuzzer/test/LeakTest.cpp @@ -1,17 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test with a leak. -#include -#include - -static volatile void *Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size > 0 && *Data == 'H') { - Sink = new int; - Sink = nullptr; - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/LeakTimeoutTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/LeakTimeoutTest.cpp +++ llvm/trunk/lib/Fuzzer/test/LeakTimeoutTest.cpp @@ -1,17 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test with a leak. -#include -#include - -static volatile int *Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (!Size) return 0; - Sink = new int; - Sink = new int; - while (Sink) *Sink = 0; // Infinite loop. - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/LoadTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/LoadTest.cpp +++ llvm/trunk/lib/Fuzzer/test/LoadTest.cpp @@ -1,22 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer: find interesting value of array index. -#include -#include -#include -#include -#include - -static volatile int Sink; -const int kArraySize = 1234567; -int array[kArraySize]; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 8) return 0; - uint64_t a = 0; - memcpy(&a, Data, 8); - Sink = array[a % (kArraySize + 1)]; - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/Memcmp64BytesTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/Memcmp64BytesTest.cpp +++ llvm/trunk/lib/Fuzzer/test/Memcmp64BytesTest.cpp @@ -1,20 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find a particular string. -#include -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - const char kString64Bytes[] = - "123456789 123456789 123456789 123456789 123456789 123456789 1234"; - assert(sizeof(kString64Bytes) == 65); - if (Size >= 64 && memcmp(Data, kString64Bytes, 64) == 0) { - fprintf(stderr, "BINGO\n"); - exit(1); - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/MemcmpTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/MemcmpTest.cpp +++ llvm/trunk/lib/Fuzzer/test/MemcmpTest.cpp @@ -1,31 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find a particular string. -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - // TODO: check other sizes. - if (Size >= 8 && memcmp(Data, "01234567", 8) == 0) { - if (Size >= 12 && memcmp(Data + 8, "ABCD", 4) == 0) { - if (Size >= 14 && memcmp(Data + 12, "XY", 2) == 0) { - if (Size >= 17 && memcmp(Data + 14, "KLM", 3) == 0) { - if (Size >= 27 && memcmp(Data + 17, "ABCDE-GHIJ", 10) == 0){ - fprintf(stderr, "BINGO %zd\n", Size); - for (size_t i = 0; i < Size; i++) { - uint8_t C = Data[i]; - if (C >= 32 && C < 127) - fprintf(stderr, "%c", C); - } - fprintf(stderr, "\n"); - exit(1); - } - } - } - } - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/NotinstrumentedTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/NotinstrumentedTest.cpp +++ llvm/trunk/lib/Fuzzer/test/NotinstrumentedTest.cpp @@ -1,11 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// This test should not be instrumented. -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/NthRunCrashTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/NthRunCrashTest.cpp +++ llvm/trunk/lib/Fuzzer/test/NthRunCrashTest.cpp @@ -1,19 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Crash on the N-th execution. -#include -#include -#include -#include - -static int Counter; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Counter++ == 1000) { - std::cout << "BINGO; Found the target, exiting\n" << std::flush; - exit(1); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp +++ llvm/trunk/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp @@ -1,19 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find the empty string. -#include -#include -#include -#include - -static volatile int *Null = 0; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size == 0) { - std::cout << "Found the target, dereferencing NULL\n"; - *Null = 1; - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/NullDerefTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/NullDerefTest.cpp +++ llvm/trunk/lib/Fuzzer/test/NullDerefTest.cpp @@ -1,26 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find the string "Hi!". -#include -#include -#include -#include - -static volatile int Sink; -static volatile int *Null = 0; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size > 0 && Data[0] == 'H') { - Sink = 1; - if (Size > 1 && Data[1] == 'i') { - Sink = 2; - if (Size > 2 && Data[2] == '!') { - std::cout << "Found the target, dereferencing NULL\n"; - *Null = 1; - } - } - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/OneHugeAllocTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/OneHugeAllocTest.cpp +++ llvm/trunk/lib/Fuzzer/test/OneHugeAllocTest.cpp @@ -1,28 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Tests OOM handling when there is a single large allocation. -#include -#include -#include -#include -#include -#include - -static volatile char *SinkPtr; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size > 0 && Data[0] == 'H') { - if (Size > 1 && Data[1] == 'i') { - if (Size > 2 && Data[2] == '!') { - size_t kSize = (size_t)1 << 31; - char *p = new char[kSize]; - memset(p, 0, kSize); - SinkPtr = p; - delete [] p; - } - } - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/OutOfMemorySingleLargeMallocTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/OutOfMemorySingleLargeMallocTest.cpp +++ llvm/trunk/lib/Fuzzer/test/OutOfMemorySingleLargeMallocTest.cpp @@ -1,27 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Tests OOM handling. -#include -#include -#include -#include -#include -#include - -static volatile char *SinkPtr; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size > 0 && Data[0] == 'H') { - if (Size > 1 && Data[1] == 'i') { - if (Size > 2 && Data[2] == '!') { - size_t kSize = 0x20000000U; - char *p = new char[kSize]; - SinkPtr = p; - delete [] p; - } - } - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/OutOfMemoryTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/OutOfMemoryTest.cpp +++ llvm/trunk/lib/Fuzzer/test/OutOfMemoryTest.cpp @@ -1,31 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Tests OOM handling. -#include -#include -#include -#include -#include -#include -#include - -static volatile char *SinkPtr; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size > 0 && Data[0] == 'H') { - if (Size > 1 && Data[1] == 'i') { - if (Size > 2 && Data[2] == '!') { - while (true) { - size_t kSize = 1 << 28; - char *p = new char[kSize]; - memset(p, 0, kSize); - SinkPtr = p; - std::this_thread::sleep_for(std::chrono::seconds(1)); - } - } - } - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/OverwriteInputTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/OverwriteInputTest.cpp +++ llvm/trunk/lib/Fuzzer/test/OverwriteInputTest.cpp @@ -1,13 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. Make sure we abort if Data is overwritten. -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size) - *const_cast(Data) = 1; - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/RepeatedBytesTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/RepeatedBytesTest.cpp +++ llvm/trunk/lib/Fuzzer/test/RepeatedBytesTest.cpp @@ -1,31 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find repeated bytes. -#include -#include -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - assert(Data); - // Looking for AAAAAAAAAAAAAAAAAAAAAA or some such. - size_t CurA = 0, MaxA = 0; - for (size_t i = 0; i < Size; i++) { - // Make sure there are no conditionals in the loop so that - // coverage can't help the fuzzer. - int EQ = Data[i] == 'A'; - CurA = EQ * (CurA + 1); - int GT = CurA > MaxA; - MaxA = GT * CurA + (!GT) * MaxA; - } - if (MaxA >= 20) { - std::cout << "BINGO; Found the target (Max: " << MaxA << "), exiting\n" - << std::flush; - exit(0); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/RepeatedMemcmp.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/RepeatedMemcmp.cpp +++ llvm/trunk/lib/Fuzzer/test/RepeatedMemcmp.cpp @@ -1,24 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - int Matches1 = 0; - for (size_t i = 0; i + 2 < Size; i += 3) - if (!memcmp(Data + i, "foo", 3)) - Matches1++; - int Matches2 = 0; - for (size_t i = 0; i + 2 < Size; i += 3) - if (!memcmp(Data + i, "bar", 3)) - Matches2++; - - if (Matches1 > 10 && Matches2 > 10) { - fprintf(stderr, "BINGO!\n"); - exit(1); - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowSimpleTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowSimpleTest.cpp +++ llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowSimpleTest.cpp @@ -1,19 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test that we can find the minimal item in the corpus (3 bytes: "FUZ"). -#include -#include -#include -#include -#include - -static volatile int Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 2) return 0; - if (Data[0] == 'F' && Data[Size / 2] == 'U' && Data[Size - 1] == 'Z') - Sink++; - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp +++ llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp @@ -1,31 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test that we can find the minimal item in the corpus (3 bytes: "FUZ"). -#include -#include -#include -#include -#include - -static volatile int Sink; - -void Foo() { - Sink++; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - int8_t Ids[256]; - memset(Ids, -1, sizeof(Ids)); - for (size_t i = 0; i < Size; i++) - if (Ids[Data[i]] == -1) - Ids[Data[i]] = i; - int F = Ids[(unsigned char)'F']; - int U = Ids[(unsigned char)'U']; - int Z = Ids[(unsigned char)'Z']; - if (F >= 0 && U > F && Z > U) { - Foo(); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/ShrinkValueProfileTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/ShrinkValueProfileTest.cpp +++ llvm/trunk/lib/Fuzzer/test/ShrinkValueProfileTest.cpp @@ -1,22 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test that we can find the minimal item in the corpus (3 bytes: "FUZ"). -#include -#include -#include -#include -#include - -static volatile uint32_t Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < sizeof(uint32_t)) return 0; - uint32_t X, Y; - size_t Offset = Size < 8 ? 0 : Size / 2; - memcpy(&X, Data + Offset, sizeof(uint32_t)); - memcpy(&Y, "FUZZ", sizeof(uint32_t)); - Sink = X == Y; - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/SignedIntOverflowTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SignedIntOverflowTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SignedIntOverflowTest.cpp @@ -1,28 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test for signed-integer-overflow. -#include -#include -#include -#include -#include -#include - -static volatile int Sink; -static int Large = INT_MAX; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - assert(Data); - if (Size > 0 && Data[0] == 'H') { - Sink = 1; - if (Size > 1 && Data[1] == 'i') { - Sink = 2; - if (Size > 2 && Data[2] == '!') { - Large++; // int overflow. - } - } - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/SimpleCmpTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SimpleCmpTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SimpleCmpTest.cpp @@ -1,47 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find several narrow ranges. -#include -#include -#include -#include - -extern int AllLines[]; - -bool PrintOnce(int Line) { - if (!AllLines[Line]) - fprintf(stderr, "Seen line %d\n", Line); - AllLines[Line] = 1; - return true; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size != 22) return 0; - uint64_t x = 0; - int64_t y = 0; - int32_t z = 0; - uint16_t a = 0; - memcpy(&x, Data, 8); // 8 - memcpy(&y, Data + 8, 8); // 16 - memcpy(&z, Data + 16, sizeof(z)); // 20 - memcpy(&a, Data + 20, sizeof(a)); // 22 - const bool k32bit = sizeof(void*) == 4; - - if ((k32bit || x > 1234567890) && PrintOnce(__LINE__) && - (k32bit || x < 1234567895) && PrintOnce(__LINE__) && - a == 0x4242 && PrintOnce(__LINE__) && - (k32bit || y >= 987654321) && PrintOnce(__LINE__) && - (k32bit || y <= 987654325) && PrintOnce(__LINE__) && - z < -10000 && PrintOnce(__LINE__) && - z >= -10005 && PrintOnce(__LINE__) && - z != -10003 && PrintOnce(__LINE__) && - true) { - fprintf(stderr, "BINGO; Found the target: size %zd (%zd, %zd, %d, %d), exiting.\n", - Size, x, y, z, a); - exit(1); - } - return 0; -} - -int AllLines[__LINE__ + 1]; // Must be the last line. Index: llvm/trunk/lib/Fuzzer/test/SimpleDictionaryTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SimpleDictionaryTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SimpleDictionaryTest.cpp @@ -1,30 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. -// The fuzzer must find a string based on dictionary words: -// "Elvis" -// "Presley" -#include -#include -#include -#include -#include -#include - -static volatile int Zero = 0; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - const char *Expected = "ElvisPresley"; - if (Size < strlen(Expected)) return 0; - size_t Match = 0; - for (size_t i = 0; Expected[i]; i++) - if (Expected[i] + Zero == Data[i]) - Match++; - if (Match == strlen(Expected)) { - std::cout << "BINGO; Found the target, exiting\n" << std::flush; - exit(1); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp @@ -1,40 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// This test computes a checksum of the data (all but the last 4 bytes), -// and then compares the last 4 bytes with the computed value. -// A fuzzer with cmp traces is expected to defeat this check. -#include -#include -#include -#include - -// A modified jenkins_one_at_a_time_hash initialized by non-zero, -// so that simple_hash(0) != 0. See also -// https://en.wikipedia.org/wiki/Jenkins_hash_function -static uint32_t simple_hash(const uint8_t *Data, size_t Size) { - uint32_t Hash = 0x12039854; - for (uint32_t i = 0; i < Size; i++) { - Hash += Data[i]; - Hash += (Hash << 10); - Hash ^= (Hash >> 6); - } - Hash += (Hash << 3); - Hash ^= (Hash >> 11); - Hash += (Hash << 15); - return Hash; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 14) - return 0; - - uint32_t Hash = simple_hash(&Data[0], Size - 4); - uint32_t Want = reinterpret_cast(&Data[Size - 4])[0]; - if (Hash != Want) - return 0; - fprintf(stderr, "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash, - (unsigned int)Want); - exit(1); - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp @@ -1,28 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find the string "Hi!". -#include -#include -#include -#include -#include -#include - -static volatile int Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - assert(Data); - if (Size > 0 && Data[0] == 'H') { - Sink = 1; - if (Size > 1 && Data[1] == 'i') { - Sink = 2; - if (Size > 2 && Data[2] == '!') { - std::cout << "BINGO; Found the target, exiting\n" << std::flush; - exit(0); - } - } - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/SimpleThreadedTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SimpleThreadedTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SimpleThreadedTest.cpp @@ -1,26 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Threaded test for a fuzzer. The fuzzer should find "H" -#include -#include -#include -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - auto C = [&] { - if (Size >= 2 && Data[0] == 'H') { - std::cout << "BINGO; Found the target, exiting\n" << std::flush; - abort(); - } - }; - std::thread T[] = {std::thread(C), std::thread(C), std::thread(C), - std::thread(C), std::thread(C), std::thread(C)}; - for (auto &X : T) - X.join(); - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/SingleByteInputTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SingleByteInputTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SingleByteInputTest.cpp @@ -1,17 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer, need just one byte to crash. -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size > 0 && Data[Size/2] == 42) { - fprintf(stderr, "BINGO\n"); - abort(); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/SingleMemcmpTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SingleMemcmpTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SingleMemcmpTest.cpp @@ -1,17 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find a particular string. -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - const char *S = (const char*)Data; - if (Size >= 6 && !memcmp(S, "qwerty", 6)) { - fprintf(stderr, "BINGO\n"); - exit(1); - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/SingleStrcmpTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SingleStrcmpTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SingleStrcmpTest.cpp @@ -1,21 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find a particular string. -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size >= 7) { - char Copy[7]; - memcpy(Copy, Data, 6); - Copy[6] = 0; - if (!strcmp(Copy, "qwerty")) { - fprintf(stderr, "BINGO\n"); - exit(1); - } - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/SingleStrncmpTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SingleStrncmpTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SingleStrncmpTest.cpp @@ -1,18 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find a particular string. -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - const char *S = (const char*)Data; - volatile auto Strncmp = &(strncmp); // Make sure strncmp is not inlined. - if (Size >= 6 && !Strncmp(S, "qwerty", 6)) { - fprintf(stderr, "BINGO\n"); - exit(1); - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/SpamyTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SpamyTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SpamyTest.cpp @@ -1,21 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// The test spams to stderr and stdout. -#include -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - assert(Data); - printf("PRINTF_STDOUT\n"); - fflush(stdout); - fprintf(stderr, "PRINTF_STDERR\n"); - std::cout << "STREAM_COUT\n"; - std::cout.flush(); - std::cerr << "STREAM_CERR\n"; - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/StrcmpTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/StrcmpTest.cpp +++ llvm/trunk/lib/Fuzzer/test/StrcmpTest.cpp @@ -1,32 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Break through a series of strcmp. -#include -#include -#include -#include -#include - -bool Eq(const uint8_t *Data, size_t Size, const char *Str) { - char Buff[1024]; - size_t Len = strlen(Str); - if (Size < Len) return false; - if (Len >= sizeof(Buff)) return false; - memcpy(Buff, (const char*)Data, Len); - Buff[Len] = 0; - int res = strcmp(Buff, Str); - return res == 0; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Eq(Data, Size, "ABC") && - Size >= 3 && Eq(Data + 3, Size - 3, "QWER") && - Size >= 7 && Eq(Data + 7, Size - 7, "ZXCVN") && - Size >= 14 && Data[13] == 42 - ) { - fprintf(stderr, "BINGO\n"); - exit(1); - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/StrncmpOOBTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/StrncmpOOBTest.cpp +++ llvm/trunk/lib/Fuzzer/test/StrncmpOOBTest.cpp @@ -1,21 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test that libFuzzer itself does not read out of bounds. -#include -#include -#include -#include -#include -#include - -static volatile int Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 5) return 0; - const char *Ch = reinterpret_cast(Data); - if (Ch[Size - 3] == 'a') - Sink = strncmp(Ch + Size - 3, "abcdefg", 6); - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/StrncmpTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/StrncmpTest.cpp +++ llvm/trunk/lib/Fuzzer/test/StrncmpTest.cpp @@ -1,28 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find a particular string. -#include -#include -#include -#include - -static volatile int sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - // TODO: check other sizes. - const char *S = (const char*)Data; - if (Size >= 8 && strncmp(S, "123", 8)) - sink = 1; - if (Size >= 8 && strncmp(S, "01234567", 8) == 0) { - if (Size >= 12 && strncmp(S + 8, "ABCD", 4) == 0) { - if (Size >= 14 && strncmp(S + 12, "XY", 2) == 0) { - if (Size >= 17 && strncmp(S + 14, "KLM", 3) == 0) { - fprintf(stderr, "BINGO\n"); - exit(1); - } - } - } - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/StrstrTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/StrstrTest.cpp +++ llvm/trunk/lib/Fuzzer/test/StrstrTest.cpp @@ -1,28 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Test strstr and strcasestr hooks. -#include -#include -#include -#include -#include - -// Windows does not have strcasestr and memmem, so we are not testing them. -#ifdef _WIN32 -#define strcasestr strstr -#define memmem(a, b, c, d) true -#endif - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 4) return 0; - std::string s(reinterpret_cast(Data), Size); - if (strstr(s.c_str(), "FUZZ") && - strcasestr(s.c_str(), "aBcD") && - memmem(s.data(), s.size(), "kuku", 4) - ) { - fprintf(stderr, "BINGO\n"); - exit(1); - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/SwapCmpTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SwapCmpTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SwapCmpTest.cpp @@ -1,35 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// The fuzzer must find several constants with swapped bytes. -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 14) return 0; - uint64_t x = 0; - uint32_t y = 0; - uint16_t z = 0; - memcpy(&x, Data, sizeof(x)); - memcpy(&y, Data + Size / 2, sizeof(y)); - memcpy(&z, Data + Size - sizeof(z), sizeof(z)); - - x = __builtin_bswap64(x); - y = __builtin_bswap32(y); - z = __builtin_bswap16(z); - const bool k32bit = sizeof(void*) == 4; - - if ((k32bit || x == 0x46555A5A5A5A5546ULL) && - z == 0x4F4B && - y == 0x66757A7A && - true - ) { - if (Data[Size - 3] == 'z') { - fprintf(stderr, "BINGO; Found the target\n"); - exit(1); - } - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/Switch2Test.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/Switch2Test.cpp +++ llvm/trunk/lib/Fuzzer/test/Switch2Test.cpp @@ -1,35 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find the interesting switch value. -#include -#include -#include -#include -#include - -int Switch(int a) { - switch(a) { - case 100001: return 1; - case 100002: return 2; - case 100003: return 4; - } - return 0; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - const int N = 3; - if (Size < N * sizeof(int)) return 0; - int Res = 0; - for (int i = 0; i < N; i++) { - int X; - memcpy(&X, Data + i * sizeof(int), sizeof(int)); - Res += Switch(X); - } - if (Res == 5 || Res == 3 || Res == 6 || Res == 7) { - fprintf(stderr, "BINGO; Found the target, exiting; Res=%d\n", Res); - exit(1); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/SwitchTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/SwitchTest.cpp +++ llvm/trunk/lib/Fuzzer/test/SwitchTest.cpp @@ -1,58 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find the interesting switch value. -#include -#include -#include -#include -#include - -static volatile int Sink; - -template -bool Switch(const uint8_t *Data, size_t Size) { - T X; - if (Size < sizeof(X)) return false; - memcpy(&X, Data, sizeof(X)); - switch (X) { - case 1: Sink = __LINE__; break; - case 101: Sink = __LINE__; break; - case 1001: Sink = __LINE__; break; - case 10001: Sink = __LINE__; break; - case 100001: Sink = __LINE__; break; - case 1000001: Sink = __LINE__; break; - case 10000001: Sink = __LINE__; break; - case 100000001: return true; - } - return false; -} - -bool ShortSwitch(const uint8_t *Data, size_t Size) { - short X; - if (Size < sizeof(short)) return false; - memcpy(&X, Data, sizeof(short)); - switch(X) { - case 42: Sink = __LINE__; break; - case 402: Sink = __LINE__; break; - case 4002: Sink = __LINE__; break; - case 5002: Sink = __LINE__; break; - case 7002: Sink = __LINE__; break; - case 9002: Sink = __LINE__; break; - case 14002: Sink = __LINE__; break; - case 21402: return true; - } - return false; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size >= 4 && Switch(Data, Size) && - Size >= 12 && Switch(Data + 4, Size - 4) && - Size >= 14 && ShortSwitch(Data + 12, 2) - ) { - fprintf(stderr, "BINGO; Found the target, exiting\n"); - exit(1); - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/TableLookupTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/TableLookupTest.cpp +++ llvm/trunk/lib/Fuzzer/test/TableLookupTest.cpp @@ -1,44 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Make sure the fuzzer eventually finds all possible values of a variable -// within a range. -#include -#include -#include -#include -#include -#include - -const size_t N = 1 << 12; - -// Define an array of counters that will be understood by libFuzzer -// as extra coverage signal. The array must be: -// * uint8_t -// * in the section named __libfuzzer_extra_counters. -// The target code may declare more than one such array. -// -// Use either `Counters[Idx] = 1` or `Counters[Idx]++;` -// depending on whether multiple occurrences of the event 'Idx' -// is important to distinguish from one occurrence. -#ifdef __linux__ -__attribute__((section("__libfuzzer_extra_counters"))) -#endif -static uint8_t Counters[N]; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - static std::set SeenIdx; - if (Size != 4) return 0; - uint32_t Idx; - memcpy(&Idx, Data, 4); - Idx %= N; - assert(Counters[Idx] == 0); // libFuzzer should reset these between the runs. - // Or Counters[Idx]=1 if we don't care how many times this happened. - Counters[Idx]++; - SeenIdx.insert(Idx); - if (SeenIdx.size() == N) { - fprintf(stderr, "BINGO: found all values\n"); - abort(); - } - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/ThreadedLeakTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/ThreadedLeakTest.cpp +++ llvm/trunk/lib/Fuzzer/test/ThreadedLeakTest.cpp @@ -1,18 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// The fuzzer should find a leak in a non-main thread. -#include -#include -#include - -static volatile int *Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size == 0) return 0; - if (Data[0] != 'F') return 0; - std::thread T([&] { Sink = new int; }); - T.join(); - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/ThreadedTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/ThreadedTest.cpp +++ llvm/trunk/lib/Fuzzer/test/ThreadedTest.cpp @@ -1,26 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Threaded test for a fuzzer. The fuzzer should not crash. -#include -#include -#include -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 8) return 0; - assert(Data); - auto C = [&] { - size_t Res = 0; - for (size_t i = 0; i < Size / 2; i++) - Res += memcmp(Data, Data + Size / 2, 4); - return Res; - }; - std::thread T[] = {std::thread(C), std::thread(C), std::thread(C), - std::thread(C), std::thread(C), std::thread(C)}; - for (auto &X : T) - X.join(); - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/TimeoutEmptyTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/TimeoutEmptyTest.cpp +++ llvm/trunk/lib/Fuzzer/test/TimeoutEmptyTest.cpp @@ -1,14 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find the empty string. -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - static volatile int Zero = 0; - if (!Size) - while(!Zero) - ; - return 0; -} Index: llvm/trunk/lib/Fuzzer/test/TimeoutTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/TimeoutTest.cpp +++ llvm/trunk/lib/Fuzzer/test/TimeoutTest.cpp @@ -1,26 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. The fuzzer must find the string "Hi!". -#include -#include -#include -#include - -static volatile int Sink; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size > 0 && Data[0] == 'H') { - Sink = 1; - if (Size > 1 && Data[1] == 'i') { - Sink = 2; - if (Size > 2 && Data[2] == '!') { - Sink = 2; - while (Sink) - ; - } - } - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/TraceMallocTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/TraceMallocTest.cpp +++ llvm/trunk/lib/Fuzzer/test/TraceMallocTest.cpp @@ -1,27 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Tests -trace_malloc -#include -#include -#include -#include -#include - -int *Ptr; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (!Size) return 0; - if (*Data == 1) { - delete Ptr; - Ptr = nullptr; - } else if (*Data == 2) { - delete Ptr; - Ptr = new int; - } else if (*Data == 3) { - if (!Ptr) - Ptr = new int; - } - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/TwoDifferentBugsTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/TwoDifferentBugsTest.cpp +++ llvm/trunk/lib/Fuzzer/test/TwoDifferentBugsTest.cpp @@ -1,22 +0,0 @@ -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. - -// Simple test for a fuzzer. This test may trigger two different bugs. -#include -#include -#include -#include - -static volatile int *Null = 0; - -void Foo() { Null[1] = 0; } -void Bar() { Null[2] = 0; } - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size < 10 && Data[0] == 'H') - Foo(); - if (Size >= 10 && Data[0] == 'H') - Bar(); - return 0; -} - Index: llvm/trunk/lib/Fuzzer/test/afl-driver-extra-stats.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/afl-driver-extra-stats.test +++ llvm/trunk/lib/Fuzzer/test/afl-driver-extra-stats.test @@ -1,31 +0,0 @@ -RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %S/../afl/afl_driver.cpp -o %t-AFLDriverTest - -; Test that not specifying an extra stats file isn't broken. -RUN: unset AFL_DRIVER_EXTRA_STATS_FILENAME -RUN: %t-AFLDriverTest - -; Test that specifying an invalid extra stats file causes a crash. -RUN: rm -rf %t-dir && mkdir -p %t-dir -RUN: ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%t-dir not --crash %t-AFLDriverTest - -; Test that specifying a corrupted stats file causes a crash. -echo "peak_rss_mb :0" > %t -ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%t not --crash %t-AFLDriverTest - -; Test that specifying a valid nonexistent stats file works. -RUN: rm -f %t -RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest -RUN: [[ $(grep "peak_rss_mb\|slowest_unit_time_sec" %t | wc -l) -eq 2 ]] - -; Test that specifying a valid preexisting stats file works. -RUN: printf "peak_rss_mb : 0\nslowest_unit_time_sec: 0\n" > %t -RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest -; Check that both lines were printed. -RUN: [[ $(grep "peak_rss_mb\|slowest_unit_time_sec" %t | wc -l) -eq 2 ]] - -; Test that peak_rss_mb and slowest_unit_time_in_secs are only updated when necessary. -; Check that both lines have 9999 since there's no way we have exceeded that -; amount of time or virtual memory. -RUN: printf "peak_rss_mb : 9999\nslowest_unit_time_sec: 9999\n" > %t -RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest -RUN: [[ $(grep "9999" %t | wc -l) -eq 2 ]] Index: llvm/trunk/lib/Fuzzer/test/afl-driver-stderr.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/afl-driver-stderr.test +++ llvm/trunk/lib/Fuzzer/test/afl-driver-stderr.test @@ -1,13 +0,0 @@ -RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %S/../afl/afl_driver.cpp -o %t-AFLDriverTest - -; Test that not specifying a stderr file isn't broken. -RUN: unset AFL_DRIVER_STDERR_DUPLICATE_FILENAME -RUN: %t-AFLDriverTest - -; Test that specifying an invalid file causes a crash. -RUN: rm -rf %t-dir && mkdir -p %t-dir -RUN: ASAN_OPTIONS= AFL_DRIVER_STDERR_DUPLICATE_FILENAME="%t-dir" not --crash %t-AFLDriverTest - -; Test that a file is created when specified as the duplicate stderr. -RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=%t %t-AFLDriverTest -RUN: stat %t Index: llvm/trunk/lib/Fuzzer/test/afl-driver.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/afl-driver.test +++ llvm/trunk/lib/Fuzzer/test/afl-driver.test @@ -1,29 +0,0 @@ -REQUIRES: linux - -RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %S/../afl/afl_driver.cpp -o %t-AFLDriverTest - -RUN: echo -n "abc" > %t.file3 -RUN: echo -n "abcd" > %t.file4 - -RUN: %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK1 -CHECK1: __afl_persistent_loop calle, Count = 1000 -CHECK1: LLVMFuzzerTestOneInput called; Size = 3 - - -RUN: %t-AFLDriverTest < %t.file3 -42 2>&1 | FileCheck %s --check-prefix=CHECK2 -CHECK2: __afl_persistent_loop calle, Count = 42 -CHECK2: LLVMFuzzerTestOneInput called; Size = 3 - - -RUN: %t-AFLDriverTest < %t.file3 666 2>&1 | FileCheck %s --check-prefix=CHECK3 -CHECK3: WARNING: using the deprecated call style -CHECK3: __afl_persistent_loop calle, Count = 666 -CHECK3: LLVMFuzzerTestOneInput called; Size = 3 - - -RUN: %t-AFLDriverTest %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK4 -CHECK4: LLVMFuzzerTestOneInput called; Size = 3 - -RUN: %t-AFLDriverTest %t.file3 %t.file4 2>&1 | FileCheck %s --check-prefix=CHECK5 -CHECK5: LLVMFuzzerTestOneInput called; Size = 3 -CHECK5: LLVMFuzzerTestOneInput called; Size = 4 Index: llvm/trunk/lib/Fuzzer/test/bad-strcmp.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/bad-strcmp.test +++ llvm/trunk/lib/Fuzzer/test/bad-strcmp.test @@ -1,2 +0,0 @@ -RUN: %cpp_compiler %S/BadStrcmpTest.cpp -o %t-BadStrcmpTest -RUN: %t-BadStrcmpTest -runs=100000 Index: llvm/trunk/lib/Fuzzer/test/caller-callee.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/caller-callee.test +++ llvm/trunk/lib/Fuzzer/test/caller-callee.test @@ -1,3 +0,0 @@ -RUN: %cpp_compiler %S/CallerCalleeTest.cpp -o %t-CallerCalleeTest -CHECK: BINGO -RUN: not %t-CallerCalleeTest -use_value_profile=1 -cross_over=0 -seed=1 -runs=10000000 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/cleanse.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/cleanse.test +++ llvm/trunk/lib/Fuzzer/test/cleanse.test @@ -1,4 +0,0 @@ -RUN: %cpp_compiler %S/CleanseTest.cpp -o %t-CleanseTest -RUN: echo -n 0123456789ABCDEFGHIZ > %t-in -RUN: %t-CleanseTest -cleanse_crash=1 %t-in -exact_artifact_path=%t-out -RUN: echo -n ' 1 5 A Z' | diff - %t-out Index: llvm/trunk/lib/Fuzzer/test/coverage.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/coverage.test +++ llvm/trunk/lib/Fuzzer/test/coverage.test @@ -1,21 +0,0 @@ -RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/NullDerefTest.cpp -o %t-NullDerefTest -RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO1.cpp -fPIC -shared -o %t-DSO1.so -RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO2.cpp -fPIC -shared -o %t-DSO2.so -RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-DSO1.so %t-DSO2.so -o %t-DSOTest - -CHECK: COVERAGE: -CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:13 -CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:14 -CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:16 -RUN: not %t-NullDerefTest -print_coverage=1 2>&1 | FileCheck %s - -RUN: %t-DSOTest -print_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO -DSO: COVERAGE: -DSO-DAG: COVERED:{{.*}}DSO1{{.*}}DSO1.cpp -DSO-DAG: COVERED:{{.*}}DSO2{{.*}}DSO2.cpp -DSO-DAG: COVERED:{{.*}}LLVMFuzzerTestOneInput{{.*}}DSOTestMain -DSO-DAG: UNCOVERED_LINE:{{.*}}DSO1{{.*}}DSO1.cpp -DSO-DAG: UNCOVERED_LINE:{{.*}}DSO2{{.*}}DSO2.cpp -DSO-DAG: UNCOVERED_FUNC: in Uncovered1 -DSO-DAG: UNCOVERED_FUNC: in Uncovered2 -DSO-DAG: UNCOVERED_LINE: in LLVMFuzzerTestOneInput Index: llvm/trunk/lib/Fuzzer/test/cxxstring.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/cxxstring.test +++ llvm/trunk/lib/Fuzzer/test/cxxstring.test @@ -1,6 +0,0 @@ -UNSUPPORTED: windows - -RUN: %cpp_compiler %S/CxxStringEqTest.cpp -o %t-CxxStringEqTest - -RUN: not %t-CxxStringEqTest -seed=1 -runs=1000000 2>&1 | FileCheck %s -CHECK: BINGO Index: llvm/trunk/lib/Fuzzer/test/dict1.txt =================================================================== --- llvm/trunk/lib/Fuzzer/test/dict1.txt +++ llvm/trunk/lib/Fuzzer/test/dict1.txt @@ -1,4 +0,0 @@ -# Dictionary for SimpleDictionaryTest - -a="Elvis" -b="Presley" Index: llvm/trunk/lib/Fuzzer/test/disable-leaks.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/disable-leaks.test +++ llvm/trunk/lib/Fuzzer/test/disable-leaks.test @@ -1,5 +0,0 @@ -REQUIRES: lsan -RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-AccumulateAllocationsTest -RUN: %t-AccumulateAllocationsTest -detect_leaks=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=ACCUMULATE_ALLOCS -ACCUMULATE_ALLOCS: INFO: libFuzzer disabled leak detection after every mutation - Index: llvm/trunk/lib/Fuzzer/test/dump_coverage.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/dump_coverage.test +++ llvm/trunk/lib/Fuzzer/test/dump_coverage.test @@ -1,20 +0,0 @@ -RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSO1.cpp -fPIC -shared -o %t-DSO1.so -RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSO2.cpp -fPIC -shared -o %t-DSO2.so -RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-DSO1.so %t-DSO2.so -o %t-DSOTest - -RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/NullDerefTest.cpp -o %t-NullDerefTest - -RUN: rm -rf %t_workdir && mkdir -p %t_workdir -RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %t-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s -RUN: sancov -covered-functions %t-NullDerefTest* %t_workdir/*.sancov | FileCheck %s --check-prefix=SANCOV -RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' %t-DSOTest -dump_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO -RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %t-NullDerefTest -dump_coverage=0 2>&1 | FileCheck %s --check-prefix=NOCOV - -CHECK: SanitizerCoverage: {{.*}}NullDerefTest.{{.*}}.sancov: {{.*}} PCs written -SANCOV: LLVMFuzzerTestOneInput - -DSO: SanitizerCoverage: {{.*}}DSOTest.{{.*}}.sancov: {{.*}} PCs written -DSO-DAG: SanitizerCoverage: {{.*}}DSO1.{{.*}}.sancov: {{.*}} PCs written -DSO-DAG: SanitizerCoverage: {{.*}}DSO2.{{.*}}.sancov: {{.*}} PCs written - -NOCOV-NOT: SanitizerCoverage: {{.*}} PCs written Index: llvm/trunk/lib/Fuzzer/test/equivalence-signals.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/equivalence-signals.test +++ llvm/trunk/lib/Fuzzer/test/equivalence-signals.test @@ -1,9 +0,0 @@ -# Run EquivalenceATest against itself with a small timeout -# to stress the signal handling and ensure that shmem doesn't mind -# the signals. - -RUN: %cpp_compiler %S/EquivalenceATest.cpp -o %t-EquivalenceATest -RUN: %t-EquivalenceATest -timeout=1 -run_equivalence_server=EQUIV_SIG_TEST & export APID=$! -RUN: sleep 3 -RUN: %t-EquivalenceATest -timeout=1 -use_equivalence_server=EQUIV_SIG_TEST -runs=500000 2>&1 -RUN: kill -9 $APID Index: llvm/trunk/lib/Fuzzer/test/equivalence.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/equivalence.test +++ llvm/trunk/lib/Fuzzer/test/equivalence.test @@ -1,9 +0,0 @@ -RUN: %cpp_compiler %S/EquivalenceATest.cpp -o %t-EquivalenceATest -RUN: %cpp_compiler %S/EquivalenceBTest.cpp -o %t-EquivalenceBTest - -RUN: %t-EquivalenceATest -run_equivalence_server=EQUIV_TEST & export APID=$! -RUN: sleep 3 -RUN: not %t-EquivalenceBTest -use_equivalence_server=EQUIV_TEST -max_len=4096 2>&1 | FileCheck %s -CHECK: ERROR: libFuzzer: equivalence-mismatch. Sizes: {{.*}}; offset 2 -CHECK: SUMMARY: libFuzzer: equivalence-mismatch -RUN: kill -9 $APID Index: llvm/trunk/lib/Fuzzer/test/exit-report.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/exit-report.test +++ llvm/trunk/lib/Fuzzer/test/exit-report.test @@ -1,6 +0,0 @@ -RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest -RUN: not %t-SimpleTest 2>&1 | FileCheck %s - -CHECK: ERROR: libFuzzer: fuzz target exited -CHECK: SUMMARY: libFuzzer: fuzz target exited -CHECK: Test unit written to Index: llvm/trunk/lib/Fuzzer/test/exit_on_src_pos.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/exit_on_src_pos.test +++ llvm/trunk/lib/Fuzzer/test/exit_on_src_pos.test @@ -1,8 +0,0 @@ -# Temporary use -mllvm -use-unknown-locations=Disable so that -# all instructions have debug info (file line numbers) attached. -RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest -mllvm -use-unknown-locations=Disable -RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest - -RUN: %t-SimpleTest -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS -RUN: %t-ShrinkControlFlowTest -exit_on_src_pos=Foo 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS -EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting. Index: llvm/trunk/lib/Fuzzer/test/extra-counters.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/extra-counters.test +++ llvm/trunk/lib/Fuzzer/test/extra-counters.test @@ -1,7 +0,0 @@ -REQUIRES: linux - -RUN: %cpp_compiler %S/TableLookupTest.cpp -o %t-TableLookupTest -RUN: not %t-TableLookupTest -print_final_stats=1 2>&1 | FileCheck %s -CHECK: BINGO -// Expecting >= 4096 new_units_added -CHECK: stat::new_units_added:{{.*[4][0-9][0-9][0-9]}} Index: llvm/trunk/lib/Fuzzer/test/fprofile-instr-generate.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fprofile-instr-generate.test +++ llvm/trunk/lib/Fuzzer/test/fprofile-instr-generate.test @@ -1,7 +0,0 @@ -# Test libFuzzer + -fprofile-instr-generate -REQUIRES: linux -RUN: %cpp_compiler %S/SimpleTest.cpp -fsanitize-coverage=0 -fprofile-instr-generate -o %t-SimpleTest-fprofile-instr-generate -CHECK-NOT: INFO: Loaded 1 modules -CHECK: INFO: {{.*}} Clang Coverage Counters -CHECK: BINGO -RUN: not %t-SimpleTest-fprofile-instr-generate -runs=1000000 -seed=1 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/fuzzer-customcrossover.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-customcrossover.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-customcrossover.test @@ -1,12 +0,0 @@ -RUN: %cpp_compiler %S/CustomCrossOverTest.cpp -o %t-CustomCrossOverTest - -RUN: rm -rf %t/CustomCrossover -RUN: mkdir -p %t/CustomCrossover -RUN: echo "0123456789" > %t/CustomCrossover/digits -RUN: echo "abcdefghij" > %t/CustomCrossover/chars -RUN: not %t-CustomCrossOverTest -seed=1 -runs=100000 %t/CustomCrossover 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomCrossover -RUN: rm -rf %t/CustomCrossover - -LLVMFuzzerCustomCrossover: In LLVMFuzzerCustomCrossover -LLVMFuzzerCustomCrossover: BINGO - Index: llvm/trunk/lib/Fuzzer/test/fuzzer-customcrossoverandmutate.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-customcrossoverandmutate.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-customcrossoverandmutate.test @@ -1,2 +0,0 @@ -RUN: %cpp_compiler %S/CustomCrossOverAndMutateTest.cpp -o %t-CustomCrossOverAndMutateTest -RUN: %t-CustomCrossOverAndMutateTest -seed=1 -runs=100000 Index: llvm/trunk/lib/Fuzzer/test/fuzzer-custommutator.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-custommutator.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-custommutator.test @@ -1,5 +0,0 @@ -RUN: %cpp_compiler %S/CustomMutatorTest.cpp -o %t-CustomMutatorTest -RUN: not %t-CustomMutatorTest 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomMutator -LLVMFuzzerCustomMutator: In LLVMFuzzerCustomMutator -LLVMFuzzerCustomMutator: BINGO - Index: llvm/trunk/lib/Fuzzer/test/fuzzer-dict.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-dict.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-dict.test @@ -1,8 +0,0 @@ -RUN: %cpp_compiler %S/SimpleDictionaryTest.cpp -o %t-SimpleDictionaryTest - -CHECK: BINGO -Done1000000: Done 1000000 runs in - -RUN: not %t-SimpleDictionaryTest -dict=%S/dict1.txt -seed=1 -runs=1000003 2>&1 | FileCheck %s -RUN: %t-SimpleDictionaryTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000 - Index: llvm/trunk/lib/Fuzzer/test/fuzzer-dirs.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-dirs.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-dirs.test @@ -1,21 +0,0 @@ -RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest - -RUN: rm -rf %t/SUB1 -RUN: mkdir -p %t/SUB1/SUB2/SUB3 -RUN: echo a > %t/SUB1/a -RUN: echo b > %t/SUB1/SUB2/b -RUN: echo c > %t/SUB1/SUB2/SUB3/c -RUN: %t-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=SUBDIRS -SUBDIRS: READ units: 3 -RUN: echo -n zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz > %t/SUB1/f64 -RUN: cat %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 > %t/SUB1/f256 -RUN: cat %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 > %t/SUB1/f1024 -RUN: cat %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 > %t/SUB1/f4096 -RUN: cat %t/SUB1/f4096 %t/SUB1/f4096 > %t/SUB1/f8192 -RUN: %t-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=LONG -LONG: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 8192 bytes -RUN: rm -rf %t/SUB1 - -RUN: not %t-SimpleTest NONEXISTENT_DIR 2>&1 | FileCheck %s --check-prefix=NONEXISTENT_DIR -NONEXISTENT_DIR: No such directory: NONEXISTENT_DIR; exiting - Index: llvm/trunk/lib/Fuzzer/test/fuzzer-fdmask.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-fdmask.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-fdmask.test @@ -1,32 +0,0 @@ -RUN: %cpp_compiler %S/SpamyTest.cpp -o %t-SpamyTest - -RUN: %t-SpamyTest -runs=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_0 -RUN: %t-SpamyTest -runs=1 -close_fd_mask=0 2>&1 | FileCheck %s --check-prefix=FD_MASK_0 -RUN: %t-SpamyTest -runs=1 -close_fd_mask=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_1 -RUN: %t-SpamyTest -runs=1 -close_fd_mask=2 2>&1 | FileCheck %s --check-prefix=FD_MASK_2 -RUN: %t-SpamyTest -runs=1 -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=FD_MASK_3 - -FD_MASK_0: PRINTF_STDOUT -FD_MASK_0: PRINTF_STDERR -FD_MASK_0: STREAM_COUT -FD_MASK_0: STREAM_CERR -FD_MASK_0: INITED - -FD_MASK_1-NOT: PRINTF_STDOUT -FD_MASK_1: PRINTF_STDERR -FD_MASK_1-NOT: STREAM_COUT -FD_MASK_1: STREAM_CERR -FD_MASK_1: INITED - -FD_MASK_2: PRINTF_STDOUT -FD_MASK_2-NOT: PRINTF_STDERR -FD_MASK_2: STREAM_COUT -FD_MASK_2-NOTE: STREAM_CERR -FD_MASK_2: INITED - -FD_MASK_3-NOT: PRINTF_STDOUT -FD_MASK_3-NOT: PRINTF_STDERR -FD_MASK_3-NOT: STREAM_COUT -FD_MASK_3-NOT: STREAM_CERR -FD_MASK_3: INITED - Index: llvm/trunk/lib/Fuzzer/test/fuzzer-finalstats.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-finalstats.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-finalstats.test @@ -1,12 +0,0 @@ -RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest -RUN: %t-SimpleTest -seed=1 -runs=77 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS -FINAL_STATS: stat::number_of_executed_units: 77 -FINAL_STATS: stat::average_exec_per_sec: 0 -FINAL_STATS: stat::new_units_added: -FINAL_STATS: stat::slowest_unit_time_sec: 0 -FINAL_STATS: stat::peak_rss_mb: - -RUN: %t-SimpleTest %S/dict1.txt -runs=33 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS1 -FINAL_STATS1: stat::number_of_executed_units: 33 -FINAL_STATS1: stat::peak_rss_mb: - Index: llvm/trunk/lib/Fuzzer/test/fuzzer-flags.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-flags.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-flags.test @@ -1,19 +0,0 @@ -RUN: %cpp_compiler %S/FlagsTest.cpp -o %t-FlagsTest -RUN: not %t-FlagsTest -foo_bar=1 2>&1 | FileCheck %s --check-prefix=FOO_BAR -FOO_BAR: WARNING: unrecognized flag '-foo_bar=1'; use -help=1 to list all flags -FOO_BAR: BINGO - -RUN: not %t-FlagsTest -runs=10 --max_len=100 2>&1 | FileCheck %s --check-prefix=DASH_DASH -DASH_DASH: WARNING: did you mean '-max_len=100' (single dash)? -DASH_DASH: INFO: A corpus is not provided, starting from an empty corpus - -RUN: %t-FlagsTest -help=1 2>&1 | FileCheck %s --check-prefix=NO_INTERNAL -NO_INTERNAL-NOT: internal flag - -RUN: not %t-FlagsTest --foo-bar -runs=10 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU -PASSTHRU: BINGO --foo-bar --baz -help=1 test - -RUN: mkdir -p %t/T0 %t/T1 -RUN: touch %t/T1/empty -RUN: not %t-FlagsTest --foo-bar -merge=1 %t/T0 %t/T1 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU-MERGE -PASSTHRU-MERGE: BINGO --foo-bar --baz -help=1 test Index: llvm/trunk/lib/Fuzzer/test/fuzzer-leak.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-leak.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-leak.test @@ -1,37 +0,0 @@ -REQUIRES: lsan -RUN: %cpp_compiler %S/LeakTest.cpp -o %t-LeakTest -RUN: %cpp_compiler %S/ThreadedLeakTest.cpp -o %t-ThreadedLeakTest -RUN: %cpp_compiler %S/LeakTimeoutTest.cpp -o %t-LeakTimeoutTest - -RUN: not %t-LeakTest -runs=100000 -detect_leaks=1 2>&1 | FileCheck %s --check-prefix=LEAK_DURING -LEAK_DURING: ERROR: LeakSanitizer: detected memory leaks -LEAK_DURING: Direct leak of 4 byte(s) in 1 object(s) allocated from: -LEAK_DURING: INFO: to ignore leaks on libFuzzer side use -detect_leaks=0 -LEAK_DURING: Test unit written to ./leak- -LEAK_DURING-NOT: DONE -LEAK_DURING-NOT: Done - -RUN: not %t-LeakTest -runs=0 -detect_leaks=1 %S 2>&1 | FileCheck %s --check-prefix=LEAK_IN_CORPUS -LEAK_IN_CORPUS: ERROR: LeakSanitizer: detected memory leaks -LEAK_IN_CORPUS: INFO: a leak has been found in the initial corpus. - -RUN: not %t-LeakTest -runs=100000000 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=MULTI_RUN_LEAK -MULTI_RUN_LEAK-NOT: pulse -MULTI_RUN_LEAK: LeakSanitizer: detected memory leaks - -RUN: not %t-LeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER -RUN: not %t-LeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING -RUN: not %t-ThreadedLeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER -RUN: not %t-ThreadedLeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING -LEAK_AFTER: Done 100000 runs in -LEAK_AFTER: ERROR: LeakSanitizer: detected memory leaks - -RUN: not %t-LeakTest -runs=100000 -max_len=1 2>&1 | FileCheck %s --check-prefix=MAX_LEN_1 -MAX_LEN_1: Test unit written to ./leak-7cf184f4c67ad58283ecb19349720b0cae756829 - -RUN: not %t-LeakTimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=LEAK_TIMEOUT -LEAK_TIMEOUT: ERROR: libFuzzer: timeout after -LEAK_TIMEOUT-NOT: LeakSanitizer - - -RUN: %t-LeakTest -error_exitcode=0 Index: llvm/trunk/lib/Fuzzer/test/fuzzer-oom-with-profile.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-oom-with-profile.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-oom-with-profile.test @@ -1,7 +0,0 @@ -REQUIRES: linux -RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-OutOfMemoryTest -RUN: not %t-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s -CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 300Mb) -CHECK: Live Heap Allocations -CHECK: Test unit written to ./oom- -SUMMARY: libFuzzer: out-of-memory Index: llvm/trunk/lib/Fuzzer/test/fuzzer-oom.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-oom.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-oom.test @@ -1,20 +0,0 @@ -RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-OutOfMemoryTest -RUN: %cpp_compiler %S/OutOfMemorySingleLargeMallocTest.cpp -o %t-OutOfMemorySingleLargeMallocTest -RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-AccumulateAllocationsTest - -RUN: not %t-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s - -CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 300Mb) -CHECK: Test unit written to ./oom- -SUMMARY: libFuzzer: out-of-memory - -RUN: not %t-OutOfMemorySingleLargeMallocTest -rss_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC - -We used to check for "out-of-memory (malloc(53{{.*}}))", but that would fail -sometimes, so now we accept any OOM message. - -SINGLE_LARGE_MALLOC: libFuzzer: out-of-memory -SINGLE_LARGE_MALLOC: in LLVMFuzzerTestOneInput - -# Check that -rss_limit_mb=0 means no limit. -RUN: %t-AccumulateAllocationsTest -runs=1000 -rss_limit_mb=0 Index: llvm/trunk/lib/Fuzzer/test/fuzzer-printcovpcs.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-printcovpcs.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-printcovpcs.test @@ -1,9 +0,0 @@ -RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest -RUN: not %t-SimpleTest -print_pcs=1 -seed=1 2>&1 | FileCheck %s --check-prefix=PCS -PCS-NOT: NEW_PC -PCS:INITED -PCS:NEW_PC: {{0x[a-f0-9]+}} -PCS:NEW_PC: {{0x[a-f0-9]+}} -PCS:NEW -PCS:BINGO - Index: llvm/trunk/lib/Fuzzer/test/fuzzer-runs.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-runs.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-runs.test @@ -1,9 +0,0 @@ -RUN: mkdir -p %t -RUN: %cpp_compiler %S/NthRunCrashTest.cpp -o %t-NthRunCrashTest -RUN: echo abcd > %t/NthRunCrashTest.in -RUN: %t-NthRunCrashTest %t/NthRunCrashTest.in -RUN: %t-NthRunCrashTest %t/NthRunCrashTest.in -runs=10 -RUN: not %t-NthRunCrashTest %t/NthRunCrashTest.in -runs=10000 2>&1 | FileCheck %s -RUN: rm %t/NthRunCrashTest.in -CHECK: BINGO - Index: llvm/trunk/lib/Fuzzer/test/fuzzer-seed.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-seed.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-seed.test @@ -1,4 +0,0 @@ -RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-SimpleCmpTest -RUN: %t-SimpleCmpTest -seed=-1 -runs=0 2>&1 | FileCheck %s --check-prefix=CHECK_SEED_MINUS_ONE -CHECK_SEED_MINUS_ONE: Seed: 4294967295 - Index: llvm/trunk/lib/Fuzzer/test/fuzzer-segv.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-segv.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-segv.test @@ -1,8 +0,0 @@ -RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest -RUN: env ASAN_OPTIONS=handle_segv=0 not %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_OWN_SEGV_HANDLER -LIBFUZZER_OWN_SEGV_HANDLER: == ERROR: libFuzzer: deadly signal -LIBFUZZER_OWN_SEGV_HANDLER: SUMMARY: libFuzzer: deadly signal -LIBFUZZER_OWN_SEGV_HANDLER: Test unit written to ./crash- - -RUN: env ASAN_OPTIONS=handle_segv=1 not %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_ASAN_SEGV_HANDLER -LIBFUZZER_ASAN_SEGV_HANDLER: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address Index: llvm/trunk/lib/Fuzzer/test/fuzzer-singleinputs.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-singleinputs.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-singleinputs.test @@ -1,19 +0,0 @@ -RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest -RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest - -RUN: not %t-NullDerefTest %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInput -SingleInput-NOT: Test unit written to ./crash- - -RUN: rm -rf %tmp/SINGLE_INPUTS -RUN: mkdir -p %tmp/SINGLE_INPUTS -RUN: echo aaa > %tmp/SINGLE_INPUTS/aaa -RUN: echo bbb > %tmp/SINGLE_INPUTS/bbb -RUN: %t-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS -RUN: %t-SimpleTest -max_len=2 %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS -RUN: rm -rf %tmp/SINGLE_INPUTS -SINGLE_INPUTS: SimpleTest{{.*}}: Running 2 inputs 1 time(s) each. -SINGLE_INPUTS: aaa in -SINGLE_INPUTS: bbb in -SINGLE_INPUTS: NOTE: fuzzing was not performed, you have only -SINGLE_INPUTS: executed the target code on a fixed set of inputs. - Index: llvm/trunk/lib/Fuzzer/test/fuzzer-threaded.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-threaded.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-threaded.test @@ -1,8 +0,0 @@ -CHECK: Done 1000 runs in -RUN: %cpp_compiler %S/ThreadedTest.cpp -o %t-ThreadedTest - -RUN: %t-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s -RUN: %t-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s -RUN: %t-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s -RUN: %t-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s - Index: llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test @@ -1,21 +0,0 @@ -RUN: %cpp_compiler %S/TimeoutTest.cpp -o %t-TimeoutTest -RUN: %cpp_compiler %S/TimeoutEmptyTest.cpp -o %t-TimeoutEmptyTest -RUN: not %t-TimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutTest -TimeoutTest: ALARM: working on the last Unit for -TimeoutTest: Test unit written to ./timeout- -TimeoutTest: == ERROR: libFuzzer: timeout after -TimeoutTest: #0 -TimeoutTest: #1 -TimeoutTest: #2 -TimeoutTest: SUMMARY: libFuzzer: timeout - -RUN: not %t-TimeoutTest -timeout=1 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInputTimeoutTest -SingleInputTimeoutTest: ALARM: working on the last Unit for {{[1-3]}} seconds -SingleInputTimeoutTest-NOT: Test unit written to ./timeout- - -RUN: %t-TimeoutTest -timeout=1 -timeout_exitcode=0 - -RUN: not %t-TimeoutEmptyTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutEmptyTest -TimeoutEmptyTest: ALARM: working on the last Unit for -TimeoutEmptyTest: == ERROR: libFuzzer: timeout after -TimeoutEmptyTest: SUMMARY: libFuzzer: timeout Index: llvm/trunk/lib/Fuzzer/test/fuzzer-ubsan.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-ubsan.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-ubsan.test @@ -1,5 +0,0 @@ -RUN: %cpp_compiler -fsanitize=undefined -fno-sanitize-recover=all %S/SignedIntOverflowTest.cpp -o %t-SignedIntOverflowTest-Ubsan -RUN: not %t-SignedIntOverflowTest-Ubsan 2>&1 | FileCheck %s -CHECK: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' -CHECK: Test unit written to ./crash- - Index: llvm/trunk/lib/Fuzzer/test/fuzzer.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer.test @@ -1,70 +0,0 @@ -CHECK: BINGO -Done1000000: Done 1000000 runs in -RUN: %cpp_compiler %S/BogusInitializeTest.cpp -o %t-BogusInitializeTest -RUN: %cpp_compiler %S/BufferOverflowOnInput.cpp -o %t-BufferOverflowOnInput -RUN: %cpp_compiler %S/CounterTest.cpp -o %t-CounterTest -RUN: %cpp_compiler %S/DSO1.cpp -fPIC -shared -o %t-DSO1.so -RUN: %cpp_compiler %S/DSO2.cpp -fPIC -shared -o %t-DSO2.so -RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-DSO1.so %t-DSO2.so -o %t-DSOTest -RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest -RUN: %cpp_compiler %S/InitializeTest.cpp -o %t-InitializeTest -RUN: %cpp_compiler %S/NotinstrumentedTest.cpp -fsanitize-coverage=0 -o %t-NotinstrumentedTest-NoCoverage -RUN: %cpp_compiler %S/NullDerefOnEmptyTest.cpp -o %t-NullDerefOnEmptyTest -RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest -RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest -RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest -RUN: %cpp_compiler %S/StrncmpOOBTest.cpp -o %t-StrncmpOOBTest - -RUN: not %t-SimpleTest 2>&1 | FileCheck %s - -# only_ascii mode. Will perform some minimal self-validation. -RUN: not %t-SimpleTest -only_ascii=1 2>&1 - -RUN: %t-SimpleCmpTest -max_total_time=1 -use_cmp=0 2>&1 | FileCheck %s --check-prefix=MaxTotalTime -MaxTotalTime: Done {{.*}} runs in {{.}} second(s) - -RUN: not %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest -RUN: not %t-NullDerefTest -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=NullDerefTest -NullDerefTest: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address -NullDerefTest: Test unit written to ./crash- -RUN: not %t-NullDerefTest -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix -NullDerefTestPrefix: Test unit written to ZZZcrash- -RUN: not %t-NullDerefTest -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=NullDerefTestExactPath -NullDerefTestExactPath: Test unit written to FOOBAR - -RUN: not %t-NullDerefOnEmptyTest -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=NULL_DEREF_ON_EMPTY -NULL_DEREF_ON_EMPTY: stat::number_of_executed_units: - -#not %t-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s - -RUN: not %t-CounterTest -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=COUNTERS - -COUNTERS: INITED {{.*}} {{bits:|ft:}} -COUNTERS: NEW {{.*}} {{bits:|ft:}} {{[1-9]*}} -COUNTERS: NEW {{.*}} {{bits:|ft:}} {{[1-9]*}} -COUNTERS: BINGO - -# Don't run UninstrumentedTest for now since we build libFuzzer itself with asan. -DISABLED: not %t-UninstrumentedTest-Uninstrumented 2>&1 | FileCheck %s --check-prefix=UNINSTRUMENTED -UNINSTRUMENTED: ERROR: __sanitizer_set_death_callback is not defined. Exiting. - -RUN: not %t-NotinstrumentedTest-NoCoverage 2>&1 | FileCheck %s --check-prefix=NO_COVERAGE -NO_COVERAGE: ERROR: no interesting inputs were found. Is the code instrumented for coverage? Exiting - -RUN: not %t-BufferOverflowOnInput 2>&1 | FileCheck %s --check-prefix=OOB -OOB: AddressSanitizer: heap-buffer-overflow -OOB: is located 0 bytes to the right of 3-byte region - -RUN: not %t-InitializeTest -use_value_profile=1 2>&1 | FileCheck %s - -RUN: not %t-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO -DSO: INFO: Loaded 3 modules -DSO: BINGO - -RUN: env ASAN_OPTIONS=strict_string_checks=1 not %t-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP -STRNCMP: AddressSanitizer: heap-buffer-overflow -STRNCMP-NOT: __sanitizer_weak_hook_strncmp -STRNCMP: in LLVMFuzzerTestOneInput - -RUN: not %t-BogusInitializeTest 2>&1 | FileCheck %s --check-prefix=BOGUS_INITIALIZE -BOGUS_INITIALIZE: argv[0] has been modified in LLVMFuzzerInitialize Index: llvm/trunk/lib/Fuzzer/test/hi.txt =================================================================== --- llvm/trunk/lib/Fuzzer/test/hi.txt +++ llvm/trunk/lib/Fuzzer/test/hi.txt @@ -1 +0,0 @@ -Hi! \ No newline at end of file Index: llvm/trunk/lib/Fuzzer/test/inline-8bit-counters.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/inline-8bit-counters.test +++ llvm/trunk/lib/Fuzzer/test/inline-8bit-counters.test @@ -1,5 +0,0 @@ -REQUIRES: linux -RUN: %cpp_compiler %S/SimpleTest.cpp -fno-sanitize-coverage=trace-pc-guard -fsanitize-coverage=inline-8bit-counters -o %t-SimpleTest-Inline8bitCounters -CHECK: INFO: Loaded 1 modules ({{.*}} inline 8-bit counters) -CHECK: BINGO -RUN: not %t-SimpleTest-Inline8bitCounters -runs=1000000 -seed=1 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/lit.cfg =================================================================== --- llvm/trunk/lib/Fuzzer/test/lit.cfg +++ llvm/trunk/lib/Fuzzer/test/lit.cfg @@ -1,83 +0,0 @@ -import lit.formats -import sys - -config.name = "LLVMFuzzer" -config.test_format = lit.formats.ShTest(True) -config.suffixes = ['.test'] -config.test_source_root = os.path.dirname(__file__) - -# Choose between lit's internal shell pipeline runner and a real shell. If -# LIT_USE_INTERNAL_SHELL is in the environment, we use that as an override. -use_lit_shell = os.environ.get("LIT_USE_INTERNAL_SHELL") -if use_lit_shell: - # 0 is external, "" is default, and everything else is internal. - execute_external = (use_lit_shell == "0") -else: - # Otherwise we default to internal on Windows and external elsewhere, as - # bash on Windows is usually very slow. - execute_external = (not sys.platform in ['win32']) - -# testFormat: The test format to use to interpret tests. -# -# For now we require '&&' between commands, until they get globally killed and -# the test runner updated. -config.test_format = lit.formats.ShTest(execute_external) - -# Tweak PATH to include llvm tools dir and current exec dir. -llvm_tools_dir = getattr(config, 'llvm_tools_dir', None) -if (not llvm_tools_dir) or (not os.path.exists(llvm_tools_dir)): - lit_config.fatal("Invalid llvm_tools_dir config attribute: %r" % llvm_tools_dir) -path = os.path.pathsep.join((llvm_tools_dir, config.test_exec_root, - config.environment['PATH'])) -config.environment['PATH'] = path - -if config.has_lsan: - lit_config.note('lsan feature available') - config.available_features.add('lsan') -else: - lit_config.note('lsan feature unavailable') - -if sys.platform.startswith('win') or sys.platform.startswith('cygwin'): - config.available_features.add('windows') - -if sys.platform.startswith('darwin'): - config.available_features.add('darwin') - -if sys.platform.startswith('linux'): - # Note the value of ``sys.platform`` is not consistent - # between python 2 and 3, hence the use of ``.startswith()``. - lit_config.note('linux feature available') - config.available_features.add('linux') -else: - lit_config.note('linux feature unavailable') - -config.substitutions.append(('%build_dir', config.cmake_binary_dir)) - -def generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True): - compiler_cmd = config.cpp_compiler if is_cpp else config.c_compiler - std_cmd = '-std=c++11' if is_cpp else '' - sanitizers = ['address'] - if fuzzer_enabled: - sanitizers.append('fuzzer') - sanitizers_cmd = ('-fsanitize=%s' % ','.join(sanitizers)) - isysroot_cmd = ('-isysroot %s' % config.osx_sysroot - ) if 'darwin' in config.target_triple else '' - include_cmd = '-I%s/../.' % config.test_source_root - return '%s %s -gline-tables-only %s %s %s' % ( - compiler_cmd, std_cmd, isysroot_cmd, sanitizers_cmd, include_cmd) - -config.substitutions.append(('%cpp_compiler', - generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True) - )) - -config.substitutions.append(('%c_compiler', - generate_compiler_cmd(is_cpp=False, fuzzer_enabled=True) - )) - -config.substitutions.append(('%no_fuzzer_cpp_compiler', - generate_compiler_cmd(is_cpp=True, fuzzer_enabled=False) - )) - -config.substitutions.append(('%no_fuzzer_c_compiler', - generate_compiler_cmd(is_cpp=False, fuzzer_enabled=False) - )) Index: llvm/trunk/lib/Fuzzer/test/lit.site.cfg.in =================================================================== --- llvm/trunk/lib/Fuzzer/test/lit.site.cfg.in +++ llvm/trunk/lib/Fuzzer/test/lit.site.cfg.in @@ -1,9 +0,0 @@ -config.test_exec_root = "@CMAKE_CURRENT_BINARY_DIR@" -config.llvm_tools_dir = "@LLVM_TOOLS_DIR@" -config.has_lsan = True if @HAS_LSAN@ == 1 else False -config.cpp_compiler = "@LIBFUZZER_TEST_CXX_COMPILER@" -config.c_compiler = "@LIBFUZZER_TEST_COMPILER@" -config.osx_sysroot = "@CMAKE_OSX_SYSROOT@" -config.cmake_binary_dir = "@CMAKE_BINARY_DIR@" -config.target_triple = "@TARGET_TRIPLE@" -lit_config.load_config(config, "@CMAKE_CURRENT_SOURCE_DIR@/lit.cfg") Index: llvm/trunk/lib/Fuzzer/test/memcmp.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/memcmp.test +++ llvm/trunk/lib/Fuzzer/test/memcmp.test @@ -1,3 +0,0 @@ -RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest -RUN: not %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s -CHECK: BINGO Index: llvm/trunk/lib/Fuzzer/test/memcmp64.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/memcmp64.test +++ llvm/trunk/lib/Fuzzer/test/memcmp64.test @@ -1,3 +0,0 @@ -RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest -RUN: not %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s -CHECK: BINGO Index: llvm/trunk/lib/Fuzzer/test/merge-posix.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/merge-posix.test +++ llvm/trunk/lib/Fuzzer/test/merge-posix.test @@ -1,23 +0,0 @@ -RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest - -RUN: rm -rf %tmp/T1 %tmp/T2 -RUN: mkdir -p %tmp/T1 %tmp/T2 - -RUN: echo F..... > %tmp/T1/1 -RUN: echo .U.... > %tmp/T1/2 -RUN: echo ..Z... > %tmp/T1/3 - -RUN: echo .....F > %tmp/T2/1 -RUN: echo ....U. > %tmp/T2/2 -RUN: echo ...Z.. > %tmp/T2/3 -RUN: echo ...Z.. > %tmp/T2/4 -RUN: echo ....E. > %tmp/T2/5 -RUN: echo .....R > %tmp/T2/6 - -# Check that we can report an error if file size exceeded -RUN: (ulimit -f 1; not %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=SIGXFSZ) -SIGXFSZ: ERROR: libFuzzer: file size exceeded - -# Check that we honor TMPDIR -RUN: TMPDIR=DIR_DOES_NOT_EXIST not %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=TMPDIR -TMPDIR: MERGE-OUTER: failed to write to the control file: DIR_DOES_NOT_EXIST/libFuzzerTemp Index: llvm/trunk/lib/Fuzzer/test/merge-summary.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/merge-summary.test +++ llvm/trunk/lib/Fuzzer/test/merge-summary.test @@ -1,17 +0,0 @@ -RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest - -RUN: rm -rf %t/T1 %t/T2 -RUN: mkdir -p %t/T0 %t/T1 %t/T2 -RUN: echo ...Z.. > %t/T2/1 -RUN: echo ....E. > %t/T2/2 -RUN: echo .....R > %t/T2/3 -RUN: echo F..... > %t/T2/a -RUN: echo .U.... > %t/T2/b -RUN: echo ..Z... > %t/T2/c - -RUN: %t-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -save_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=SAVE_SUMMARY -SAVE_SUMMARY: MERGE-OUTER: writing coverage summary for 6 files to {{.*}}SUMMARY -RUN: rm %t/T1/* -RUN: %t-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -load_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=LOAD_SUMMARY -LOAD_SUMMARY: MERGE-OUTER: coverage summary loaded from {{.*}}SUMMAR -LOAD_SUMMARY: MERGE-OUTER: 0 new files with 0 new features added Index: llvm/trunk/lib/Fuzzer/test/merge.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/merge.test +++ llvm/trunk/lib/Fuzzer/test/merge.test @@ -1,55 +0,0 @@ -CHECK: BINGO - -RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest - -RUN: rm -rf %tmp/T0 %tmp/T1 %tmp/T2 -RUN: mkdir -p %tmp/T0 %tmp/T1 %tmp/T2 -RUN: echo F..... > %tmp/T0/1 -RUN: echo .U.... > %tmp/T0/2 -RUN: echo ..Z... > %tmp/T0/3 - -# T1 has 3 elements, T2 is empty. -RUN: cp %tmp/T0/* %tmp/T1/ -RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK1 -CHECK1: MERGE-OUTER: 3 files, 3 in the initial corpus -CHECK1: MERGE-OUTER: 0 new files with 0 new features added - -RUN: echo ...Z.. > %tmp/T2/1 -RUN: echo ....E. > %tmp/T2/2 -RUN: echo .....R > %tmp/T2/3 -RUN: echo F..... > %tmp/T2/a -RUN: echo .U.... > %tmp/T2/b -RUN: echo ..Z... > %tmp/T2/c - -# T1 has 3 elements, T2 has 6 elements, only 3 are new. -RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK2 -CHECK2: MERGE-OUTER: 9 files, 3 in the initial corpus -CHECK2: MERGE-OUTER: 3 new files with 3 new features added - -# Now, T1 has 6 units and T2 has no new interesting units. -RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK3 -CHECK3: MERGE-OUTER: 12 files, 6 in the initial corpus -CHECK3: MERGE-OUTER: 0 new files with 0 new features added - -# Check that we respect max_len during the merge and don't crash. -RUN: rm %tmp/T1/* -RUN: cp %tmp/T0/* %tmp/T1/ -RUN: echo looooooooong > %tmp/T2/looooooooong -RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=6 2>&1 | FileCheck %s --check-prefix=MAX_LEN -MAX_LEN: MERGE-OUTER: 3 new files - -# Check that merge tolerates failures. -RUN: rm %tmp/T1/* -RUN: cp %tmp/T0/* %tmp/T1/ -RUN: echo 'FUZZER' > %tmp/T2/FUZZER -RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=MERGE_WITH_CRASH -MERGE_WITH_CRASH: MERGE-OUTER: succesfull in 2 attempt(s) -MERGE_WITH_CRASH: MERGE-OUTER: 3 new files - -# Check that we actually limit the size with max_len -RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=5 2>&1 | FileCheck %s --check-prefix=MERGE_LEN5 -MERGE_LEN5: MERGE-OUTER: succesfull in 1 attempt(s) - -RUN: rm -rf %tmp/T1/* %tmp/T2/* -RUN: not %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=EMPTY -EMPTY: MERGE-OUTER: zero succesfull attempts, exiting Index: llvm/trunk/lib/Fuzzer/test/minimize_crash.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/minimize_crash.test +++ llvm/trunk/lib/Fuzzer/test/minimize_crash.test @@ -1,16 +0,0 @@ -RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest -RUN: %cpp_compiler %S/SingleByteInputTest.cpp -o %t-SingleByteInputTest - -RUN: echo 'Hi!rv349f34t3gg' > not_minimal_crash -RUN: %t-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 2>&1 | FileCheck %s -CHECK: CRASH_MIN: failed to minimize beyond ./minimized-from-{{.*}} (3 bytes), exiting -RUN: %t-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=CHECK_EXACT -CHECK_EXACT: CRASH_MIN: failed to minimize beyond exact_minimized_path (3 bytes), exiting -RUN: rm not_minimal_crash minimized-from-* exact_minimized_path - -RUN: echo -n 'abcd*xyz' > not_minimal_crash -RUN: %t-SingleByteInputTest -minimize_crash=1 not_minimal_crash -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=MIN1 -MIN1: Test unit written to exact_minimized_path -MIN1: Test unit written to exact_minimized_path -MIN1: INFO: The input is small enough, exiting -MIN1: CRASH_MIN: failed to minimize beyond exact_minimized_path (1 bytes), exiting Index: llvm/trunk/lib/Fuzzer/test/minimize_two_crashes.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/minimize_two_crashes.test +++ llvm/trunk/lib/Fuzzer/test/minimize_two_crashes.test @@ -1,18 +0,0 @@ -# Test that the minimizer stops when it sees a differe bug. - -RUN: %cpp_compiler %S/TwoDifferentBugsTest.cpp -o %t-TwoDifferentBugsTest - -RUN: rm -rf %t && mkdir %t -RUN: echo H12345678901234667888090 > %t/long_crash -RUN: env ASAN_OPTIONS=dedup_token_length=3 %t-TwoDifferentBugsTest -seed=1 -minimize_crash=1 %t/long_crash -exact_artifact_path=%t/result 2>&1 | FileCheck %s - -CHECK: DedupToken1: DEDUP_TOKEN: Bar -CHECK: DedupToken2: DEDUP_TOKEN: Bar -CHECK: DedupToken1: DEDUP_TOKEN: Bar -CHECK: DedupToken2: DEDUP_TOKEN: Foo -CHECK: CRASH_MIN: mismatch in dedup tokens - -RUN: not %t-TwoDifferentBugsTest %t/result 2>&1 | FileCheck %s --check-prefix=VERIFY - -VERIFY: ERROR: AddressSanitizer: -VERIFY: in Bar Index: llvm/trunk/lib/Fuzzer/test/overwrite-input.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/overwrite-input.test +++ llvm/trunk/lib/Fuzzer/test/overwrite-input.test @@ -1,3 +0,0 @@ -RUN: %cpp_compiler %S/OverwriteInputTest.cpp -o %t-OverwriteInputTest -RUN: not %t-OverwriteInputTest 2>&1 | FileCheck %s -CHECK: ERROR: libFuzzer: fuzz target overwrites it's const input Index: llvm/trunk/lib/Fuzzer/test/recommended-dictionary.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/recommended-dictionary.test +++ llvm/trunk/lib/Fuzzer/test/recommended-dictionary.test @@ -1,6 +0,0 @@ -RUN: %cpp_compiler %S/RepeatedMemcmp.cpp -o %t-RepeatedMemcmp -RUN: %t-RepeatedMemcmp -seed=11 -runs=100000 -max_len=20 2>&1 | FileCheck %s --check-prefix=RECOMMENDED_DICT -RECOMMENDED_DICT:###### Recommended dictionary. ###### -RECOMMENDED_DICT-DAG: "foo" -RECOMMENDED_DICT-DAG: "bar" -RECOMMENDED_DICT:###### End of recommended dictionary. ###### Index: llvm/trunk/lib/Fuzzer/test/reduce_inputs.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/reduce_inputs.test +++ llvm/trunk/lib/Fuzzer/test/reduce_inputs.test @@ -1,16 +0,0 @@ -# Test -reduce_inputs=1 - -RUN: rm -rf %t/C -RUN: mkdir -p %t/C -RUN: %cpp_compiler %S/ShrinkControlFlowSimpleTest.cpp -o %t-ShrinkControlFlowSimpleTest -RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest -RUN: %t-ShrinkControlFlowSimpleTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 %t/C 2>&1 | FileCheck %s -CHECK: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60' - -# Test that reduce_inputs deletes redundant files in the corpus. -RUN: %t-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT -COUNT: READ units: 4 - -# a bit longer test -RUN: %t-ShrinkControlFlowTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -seed=1 -runs=1000000 2>&1 | FileCheck %s - Index: llvm/trunk/lib/Fuzzer/test/repeated-bytes.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/repeated-bytes.test +++ llvm/trunk/lib/Fuzzer/test/repeated-bytes.test @@ -1,3 +0,0 @@ -RUN: %cpp_compiler %S/RepeatedBytesTest.cpp -o %t-RepeatedBytesTest -CHECK: BINGO -RUN: not %t-RepeatedBytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/shrink.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/shrink.test +++ llvm/trunk/lib/Fuzzer/test/shrink.test @@ -1,10 +0,0 @@ -RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest -RUN: %cpp_compiler %S/ShrinkValueProfileTest.cpp -o %t-ShrinkValueProfileTest -RUN: %t-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=1 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK1 -# Limit max_len to run this negative test faster. -RUN: %t-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=0 -reduce_inputs=0 -max_len=64 2>&1 | FileCheck %s --check-prefix=SHRINK0 -RUN: %t-ShrinkValueProfileTest -seed=1 -exit_on_item=aea2e3923af219a8956f626558ef32f30a914ebc -runs=100000 -shrink=1 -reduce_inputs=0 -use_value_profile=1 2>&1 | FileCheck %s --check-prefix=SHRINK1_VP - -SHRINK0: Done 1000000 runs in -SHRINK1: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60', exiting. -SHRINK1_VP: INFO: found item with checksum 'aea2e3923af219a8956f626558ef32f30a914ebc', exiting Index: llvm/trunk/lib/Fuzzer/test/simple-cmp.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/simple-cmp.test +++ llvm/trunk/lib/Fuzzer/test/simple-cmp.test @@ -1,3 +0,0 @@ -RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest -CHECK: BINGO -RUN: not %t-SimpleCmpTest -seed=1 -runs=100000000 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/standalone.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/standalone.test +++ llvm/trunk/lib/Fuzzer/test/standalone.test @@ -1,8 +0,0 @@ -RUN: %no_fuzzer_c_compiler %S/../standalone/StandaloneFuzzTargetMain.c -c -o %t_1.o -RUN: %no_fuzzer_cpp_compiler %S/InitializeTest.cpp -c -o %t_2.o - -RUN: %no_fuzzer_cpp_compiler %t_1.o %t_2.o %build_dir/lib/libLLVMFuzzerNoMain.a -o %t-StandaloneInitializeTest -RUN: %t-StandaloneInitializeTest %S/hi.txt %S/dict1.txt 2>&1 | FileCheck %s -CHECK: StandaloneFuzzTargetMain: running 2 inputs -CHECK: Done: {{.*}}hi.txt: (3 bytes) -CHECK: Done: {{.*}}dict1.txt: (61 bytes) Index: llvm/trunk/lib/Fuzzer/test/strcmp.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/strcmp.test +++ llvm/trunk/lib/Fuzzer/test/strcmp.test @@ -1,4 +0,0 @@ -RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest -RUN: not %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s -CHECK: BINGO - Index: llvm/trunk/lib/Fuzzer/test/strncmp.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/strncmp.test +++ llvm/trunk/lib/Fuzzer/test/strncmp.test @@ -1,4 +0,0 @@ -RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest -RUN: not %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s -CHECK: BINGO - Index: llvm/trunk/lib/Fuzzer/test/strstr.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/strstr.test +++ llvm/trunk/lib/Fuzzer/test/strstr.test @@ -1,4 +0,0 @@ -RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest -RUN: not %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s -CHECK: BINGO - Index: llvm/trunk/lib/Fuzzer/test/swap-cmp.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/swap-cmp.test +++ llvm/trunk/lib/Fuzzer/test/swap-cmp.test @@ -1,3 +0,0 @@ -RUN: %cpp_compiler %S/SwapCmpTest.cpp -o %t-SwapCmpTest -CHECK: BINGO -RUN: not %t-SwapCmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/trace-malloc-2.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/trace-malloc-2.test +++ llvm/trunk/lib/Fuzzer/test/trace-malloc-2.test @@ -1,10 +0,0 @@ -// FIXME: This test infinite loops on darwin because it crashes -// printing a stack trace repeatedly -UNSUPPORTED: darwin - -RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-TraceMallocTest - -RUN: %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=1000 2>&1 | FileCheck %s --check-prefix=TRACE2 -TRACE2-DAG: FREE[0] -TRACE2-DAG: MALLOC[0] -TRACE2-DAG: in LLVMFuzzerTestOneInput Index: llvm/trunk/lib/Fuzzer/test/trace-malloc.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/trace-malloc.test +++ llvm/trunk/lib/Fuzzer/test/trace-malloc.test @@ -1,7 +0,0 @@ -RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-TraceMallocTest - -RUN: %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=10000 2>&1 | FileCheck %s -CHECK-DAG: MallocFreeTracer: STOP 0 0 (same) -CHECK-DAG: MallocFreeTracer: STOP 0 1 (DIFFERENT) -CHECK-DAG: MallocFreeTracer: STOP 1 0 (DIFFERENT) -CHECK-DAG: MallocFreeTracer: STOP 1 1 (same) Index: llvm/trunk/lib/Fuzzer/test/trace-pc.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/trace-pc.test +++ llvm/trunk/lib/Fuzzer/test/trace-pc.test @@ -1,3 +0,0 @@ -RUN: %cpp_compiler %S/SimpleTest.cpp -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -fsanitize-coverage=trace-pc -o %t-SimpleTest-TracePC -CHECK: BINGO -RUN: not %t-SimpleTest-TracePC -runs=1000000 -seed=1 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/ulimit.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/ulimit.test +++ llvm/trunk/lib/Fuzzer/test/ulimit.test @@ -1,3 +0,0 @@ -RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest -RUN: ulimit -s 1000 -RUN: not %t-SimpleTest Index: llvm/trunk/lib/Fuzzer/test/unit/lit.cfg =================================================================== --- llvm/trunk/lib/Fuzzer/test/unit/lit.cfg +++ llvm/trunk/lib/Fuzzer/test/unit/lit.cfg @@ -1,7 +0,0 @@ -import lit.formats - -config.name = "LLVMFuzzer-Unittest" -print config.test_exec_root -config.test_format = lit.formats.GoogleTest(".", "Unittest") -config.suffixes = [] -config.test_source_root = config.test_exec_root Index: llvm/trunk/lib/Fuzzer/test/unit/lit.site.cfg.in =================================================================== --- llvm/trunk/lib/Fuzzer/test/unit/lit.site.cfg.in +++ llvm/trunk/lib/Fuzzer/test/unit/lit.site.cfg.in @@ -1,2 +0,0 @@ -config.test_exec_root = "@CMAKE_CURRENT_BINARY_DIR@" -lit_config.load_config(config, "@CMAKE_CURRENT_SOURCE_DIR@/unit/lit.cfg") Index: llvm/trunk/lib/Fuzzer/test/value-profile-cmp.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/value-profile-cmp.test +++ llvm/trunk/lib/Fuzzer/test/value-profile-cmp.test @@ -1,3 +0,0 @@ -CHECK: BINGO -RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest -RUN: not %t-SimpleCmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/value-profile-cmp2.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/value-profile-cmp2.test +++ llvm/trunk/lib/Fuzzer/test/value-profile-cmp2.test @@ -1,3 +0,0 @@ -CHECK: BINGO -RUN: %cpp_compiler %S/SimpleHashTest.cpp -o %t-SimpleHashTest -RUN: not %t-SimpleHashTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 -max_len=64 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/value-profile-cmp3.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/value-profile-cmp3.test +++ llvm/trunk/lib/Fuzzer/test/value-profile-cmp3.test @@ -1,3 +0,0 @@ -CHECK: BINGO -RUN: %cpp_compiler %S/AbsNegAndConstantTest.cpp -o %t-AbsNegAndConstantTest -RUN: not %t-AbsNegAndConstantTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/value-profile-cmp4.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/value-profile-cmp4.test +++ llvm/trunk/lib/Fuzzer/test/value-profile-cmp4.test @@ -1,3 +0,0 @@ -CHECK: BINGO -RUN: %cpp_compiler %S/AbsNegAndConstant64Test.cpp -o %t-AbsNegAndConstant64Test -RUN: not %t-AbsNegAndConstant64Test -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/value-profile-div.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/value-profile-div.test +++ llvm/trunk/lib/Fuzzer/test/value-profile-div.test @@ -1,4 +0,0 @@ -CHECK: AddressSanitizer: {{FPE|int-divide-by-zero}} -RUN: %cpp_compiler %S/DivTest.cpp -fsanitize-coverage=trace-div -o %t-DivTest -RUN: not %t-DivTest -seed=1 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s - Index: llvm/trunk/lib/Fuzzer/test/value-profile-load.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/value-profile-load.test +++ llvm/trunk/lib/Fuzzer/test/value-profile-load.test @@ -1,3 +0,0 @@ -CHECK: AddressSanitizer: global-buffer-overflow -RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-gep,trace-div,trace-cmp -o %t-LoadTest -RUN: not %t-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/value-profile-mem.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/value-profile-mem.test +++ llvm/trunk/lib/Fuzzer/test/value-profile-mem.test @@ -1,3 +0,0 @@ -CHECK: BINGO -RUN: %cpp_compiler %S/SingleMemcmpTest.cpp -o %t-SingleMemcmpTest -RUN: not %t-SingleMemcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/value-profile-set.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/value-profile-set.test +++ llvm/trunk/lib/Fuzzer/test/value-profile-set.test @@ -1,4 +0,0 @@ -CHECK: BINGO -RUN: %cpp_compiler %S/FourIndependentBranchesTest.cpp -o %t-FourIndependentBranchesTest -RUN: not %t-FourIndependentBranchesTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s - Index: llvm/trunk/lib/Fuzzer/test/value-profile-strcmp.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/value-profile-strcmp.test +++ llvm/trunk/lib/Fuzzer/test/value-profile-strcmp.test @@ -1,3 +0,0 @@ -CHECK: BINGO -RUN: %cpp_compiler %S/SingleStrcmpTest.cpp -o %t-SingleStrcmpTest -RUN: not %t-SingleStrcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/value-profile-strncmp.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/value-profile-strncmp.test +++ llvm/trunk/lib/Fuzzer/test/value-profile-strncmp.test @@ -1,3 +0,0 @@ -CHECK: BINGO -RUN: %cpp_compiler %S/SingleStrncmpTest.cpp -o %t-SingleStrncmpTest -RUN: not %t-SingleStrncmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s Index: llvm/trunk/lib/Fuzzer/test/value-profile-switch.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/value-profile-switch.test +++ llvm/trunk/lib/Fuzzer/test/value-profile-switch.test @@ -1,5 +0,0 @@ -CHECK: BINGO -RUN: %cpp_compiler %S/SwitchTest.cpp -o %t-SwitchTest -RUN: %cpp_compiler %S/Switch2Test.cpp -o %t-Switch2Test -RUN: not %t-SwitchTest -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s -RUN: not %t-Switch2Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s