This is an archive of the discontinued LLVM Phabricator instance.

Differential D96148

Add remote fuzzing integration tests
AbandonedPublic

Authored by aarongreen on Feb 5 2021, 8:52 AM.

Details

Reviewers
kcc
charco
morehouse
Summary

This change attempts to leverage as many of the existing tests under compiler-rt/test/fuzzer as possible for testing remote fuzzing. It introduces a new set of "check" targets, "check-fuzzer-remote-${arch}", that signal to the llvm-lit configuration to modify the 'compiler' and 'run commands. It builds two binaries for each test instead of one: a remote fuzzer that receives its test inputs via IPC, and a fuzzer engine proxy that starts the remote fuzzer, sends it inputs, and collects coverage from it.

This is the 20 change in a chain to enable remote fuzzing support.

Diff Detail

Event Timeline

aarongreen created this revision.Feb 5 2021, 8:52 AM
Herald added subscribers: krytarowski, mgorny. · View Herald TranscriptFeb 5 2021, 8:52 AM
aarongreen requested review of this revision.Feb 5 2021, 8:52 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 5 2021, 8:52 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B88094: Diff 321786.Feb 5 2021, 8:53 AM
aarongreen added a comment.Feb 5 2021, 8:53 AM

Note to reviewers: this still has a lot of test disabled as FIXMEs. While the preceding changes are in review, I hope to investigate and rectify some of these. Others require additional features to be added that I won't try to land ahead of this change, e.g. value-profile support.

aarongreen added a parent revision: D94527: Add IPC for FuzzerRemote on Linux.Feb 5 2021, 8:59 AM
aarongreen abandoned this revision.Sep 1 2021, 9:05 AM

Multiprocess fuzzing will not be supported by the libFuzzer maintainers. Fuchsia has implemented a new approach with their Component Fuzzing Framework (RFC-117).

Revision Contents

PathSize
compiler-rt/
lib/
fuzzer/
tests/
1 line
test/
fuzzer/
8 lines
70 lines
6 lines
2 lines
4 lines
7 lines
4 lines
4 lines
74 lines
173 lines
25 lines
97 lines
4 lines
4 lines
6 lines
2 lines
1 line
3 lines
12 lines
1 line
4 lines
2 lines
3 lines
3 lines
3 lines
4 lines
2 lines
9 lines
2 lines
2 lines
4 lines
4 lines
3 lines
3 lines
3 lines
5 lines
5 lines
3 lines
8 lines
3 lines
3 lines
2 lines
19 lines
2 lines
3 lines
3 lines
3 lines
3 lines
3 lines
40 lines
1 line
1 line
2 lines
16 lines
3 lines
2 lines
3 lines
5 lines
136 lines
3 lines
3 lines
4 lines
4 lines
4 lines
4 lines
3 lines
3 lines
3 lines
3 lines
3 lines
4 lines
4 lines
4 lines
3 lines
3 lines
3 lines
3 lines
3 lines
2 lines
3 lines
3 lines
3 lines
2 lines
4 lines
3 lines
3 lines
18 lines
2 lines
3 lines
3 lines
3 lines
1 line
4 lines
2 lines
4 lines
3 lines
4 lines
4 lines
3 lines
4 lines
4 lines
4 lines
4 lines
3 lines
4 lines
3 lines
6 lines
4 lines
4 lines
4 lines
4 lines

Diff 321786

compiler-rt/lib/fuzzer/tests/FuzzerTestUtil.h

Show All 36 Lines void SetUp() override {
EF->FuzzerRemoteFinishExecution = [](unsigned long PID) {}; EF->FuzzerRemoteFinishExecution = [](unsigned long PID) {};
EF->FuzzerRemotePrintPC = [](unsigned long PID, const char *SymbolizedFMT, EF->FuzzerRemotePrintPC = [](unsigned long PID, const char *SymbolizedFMT,
const char *FallbackFMT, uintptr_t PC) {}; const char *FallbackFMT, uintptr_t PC) {};
EF->FuzzerRemoteDescribePC = [](unsigned long PID, EF->FuzzerRemoteDescribePC = [](unsigned long PID,
const char *SymbolizedFMT, uintptr_t PC, const char *SymbolizedFMT, uintptr_t PC,
char *Out, size_t OutLen) {}; char *Out, size_t OutLen) {};
EF->FuzzerRemotePrintStackTrace = [](unsigned long PID) {}; EF->FuzzerRemotePrintStackTrace = [](unsigned long PID) {};
EF->FuzzerRemotePrintMemoryProfile = [](unsigned long PID) {}; EF->FuzzerRemotePrintMemoryProfile = [](unsigned long PID) {};
EF->FuzzerRemoteDetectLeaksAtExit = [](unsigned long PID) {};
} }
void TearDown() override { EF = nullptr; } void TearDown() override { EF = nullptr; }
private: private:
std::unique_ptr<ExternalFunctions> ExtFuncs; std::unique_ptr<ExternalFunctions> ExtFuncs;
}; };
▲ Show 20 LinesShow All 45 LinesShow Last 20 Lines

compiler-rt/test/fuzzer/BogusInitializeTest.cpp

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// Make sure LLVMFuzzerInitialize does not change argv[0]. // Make sure LLVMFuzzerInitialize does not change argv[0].
#include <stddef.h> #include <stddef.h>
#include <stdint.h> #include <stdint.h>
extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
***argv = 'X'; ***argv = 'X';
#ifdef FUZZER_IPC_PROXY
return fuzzer::ipc::ConfigureRemoteProcess(argc, argv);
#else
return 0; return 0;
#endif // FUZZER_IPC_PROXY
} }
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
#ifdef FUZZER_IPC_REMOTE
return fuzzer::ipc::ProxyAdapter::TestOneInput(Data, Size);
#else
return 0; return 0;
#endif // FUZZER_IPC_REMOTE
} }

compiler-rt/test/fuzzer/CMakeLists.txt

Show All 11 Linesif (NOT COMPILER_RT_STANDALONE_BUILD)
endif() endif()
endif() endif()
set(FUZZER_TEST_ARCH ${FUZZER_SUPPORTED_ARCH}) set(FUZZER_TEST_ARCH ${FUZZER_SUPPORTED_ARCH})
if (APPLE) if (APPLE)
darwin_filter_host_archs(FUZZER_SUPPORTED_ARCH FUZZER_TEST_ARCH) darwin_filter_host_archs(FUZZER_SUPPORTED_ARCH FUZZER_TEST_ARCH)
endif() endif()
add_custom_target(check-fuzzer)
if(COMPILER_RT_INCLUDE_TESTS) if(COMPILER_RT_INCLUDE_TESTS)
# libFuzzer unit tests.
list(APPEND LIBFUZZER_TEST_DEPS FuzzerUnitTests) list(APPEND LIBFUZZER_TEST_DEPS FuzzerUnitTests)
list(APPEND LIBFUZZER_TEST_DEPS FuzzedDataProviderUnitTests) list(APPEND LIBFUZZER_TEST_DEPS FuzzedDataProviderUnitTests)
list(APPEND LIBFUZZER_TEST_DEPS FuzzerRemoteUnitTests) list(APPEND LIBFUZZER_TEST_DEPS FuzzerRemoteUnitTests)
list(APPEND LIBFUZZER_TEST_DEPS FuzzerIPCUnitTests) list(APPEND LIBFUZZER_TEST_DEPS FuzzerIPCUnitTests)
list(APPEND LIBFUZZER_TEST_DEPS FuzzerIPCProxyUnitTests) list(APPEND LIBFUZZER_TEST_DEPS FuzzerIPCProxyUnitTests)
list(APPEND LIBFUZZER_TEST_DEPS FuzzerIPCRemoteUnitTests) list(APPEND LIBFUZZER_TEST_DEPS FuzzerIPCRemoteUnitTests)
endif()
add_custom_target(check-fuzzer)
if(COMPILER_RT_INCLUDE_TESTS)
# libFuzzer unit tests.
configure_lit_site_cfg( configure_lit_site_cfg(
${CMAKE_CURRENT_SOURCE_DIR}/unit/lit.site.cfg.py.in ${CMAKE_CURRENT_SOURCE_DIR}/unit/lit.site.cfg.py.in
${CMAKE_CURRENT_BINARY_DIR}/unit/lit.site.cfg.py) ${CMAKE_CURRENT_BINARY_DIR}/unit/lit.site.cfg.py)
add_lit_testsuite(check-fuzzer-unit "Running Fuzzer unit tests" add_lit_testsuite(check-fuzzer-unit "Running Fuzzer unit tests"
${CMAKE_CURRENT_BINARY_DIR}/unit ${CMAKE_CURRENT_BINARY_DIR}/unit
DEPENDS ${LIBFUZZER_TEST_DEPS}) DEPENDS ${LIBFUZZER_TEST_DEPS})
set_target_properties(check-fuzzer-unit PROPERTIES FOLDER "Compiler-RT Tests") set_target_properties(check-fuzzer-unit PROPERTIES FOLDER "Compiler-RT Tests")
add_dependencies(check-fuzzer check-fuzzer-unit) add_dependencies(check-fuzzer check-fuzzer-unit)
endif() endif()
macro(test_fuzzer stdlib) macro(test_fuzzer config)
cmake_parse_arguments(TEST "" "" "DEPS" ${ARGN}) cmake_parse_arguments(TEST "" "REMOTE" "DEPS" ${ARGN})
string(REPLACE "+" "x" stdlib_name ${stdlib}) string(REPLACE "+" "x" config_name ${config})
string(REPLACE "-" ";" stdlib_list ${stdlib_name}) string(REPLACE "-" ";" config_list ${config_name})
set(STDLIB_CAPITALIZED "") set(CONFIG_CAPITALIZED "")
foreach(part IN LISTS stdlib_list) foreach(part IN LISTS config_list)
string(SUBSTRING ${part} 0 1 first_letter) string(SUBSTRING ${part} 0 1 first_letter)
string(TOUPPER ${first_letter} first_letter) string(TOUPPER ${first_letter} first_letter)
string(REGEX REPLACE "^.(.*)" "${first_letter}\\1" part "${part}") string(REGEX REPLACE "^.(.*)" "${first_letter}\\1" part "${part}")
set(STDLIB_CAPITALIZED "${STDLIB_CAPITALIZED}${part}") set(CONFIG_CAPITALIZED "${CONFIG_CAPITALIZED}${part}")
endforeach() endforeach()
foreach(arch ${FUZZER_TEST_ARCH}) foreach(arch ${FUZZER_TEST_ARCH})
set(LIBFUZZER_TEST_COMPILER ${COMPILER_RT_TEST_COMPILER}) set(LIBFUZZER_TEST_COMPILER ${COMPILER_RT_TEST_COMPILER})
get_test_cc_for_arch(${arch} LIBFUZZER_TEST_COMPILER LIBFUZZER_TEST_FLAGS) get_test_cc_for_arch(${arch} LIBFUZZER_TEST_COMPILER LIBFUZZER_TEST_FLAGS)
set(LIBFUZZER_TEST_TARGET_ARCH ${arch}) set(LIBFUZZER_TEST_TARGET_ARCH ${arch})
set(LIBFUZZER_TEST_APPLE_PLATFORM "osx") set(LIBFUZZER_TEST_APPLE_PLATFORM "osx")
set(LIBFUZZER_TEST_MIN_DEPLOYMENT_TARGET_FLAG "${DARWIN_osx_MIN_VER_FLAG}") set(LIBFUZZER_TEST_MIN_DEPLOYMENT_TARGET_FLAG "${DARWIN_osx_MIN_VER_FLAG}")
set(LIBFUZZER_TEST_STDLIB ${stdlib}) set(LIBFUZZER_TEST_STDLIB ${stdlib})
string(TOUPPER ${arch} ARCH_UPPER_CASE) string(TOUPPER ${arch} ARCH_UPPER_CASE)
set(CONFIG_NAME ${ARCH_UPPER_CASE}${STDLIB_CAPITALIZED}${OS_NAME}Config) set(CONFIG_NAME ${ARCH_UPPER_CASE}${CONFIG_CAPITALIZED}${OS_NAME}Config)
# LIT-based libFuzzer tests. # LIT-based libFuzzer tests.
if(NOT DEFINED TEST_REMOTE)
set(TEST_REMOTE 0)
endif()
set(LIBFUZZER_TEST_USE_REMOTE ${TEST_REMOTE})
configure_lit_site_cfg( configure_lit_site_cfg(
${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.py.in ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.py.in
${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME}/lit.site.cfg.py ${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME}/lit.site.cfg.py)
)
add_lit_testsuite(check-fuzzer-${stdlib_name}-${arch} add_lit_testsuite(check-fuzzer-${config_name}-${arch}
"Running libFuzzer ${stdlib} tests for arch ${arch}" "Running libFuzzer ${stdlib} tests for arch ${arch}"
${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME}/ ${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME}/
DEPENDS ${LIBFUZZER_TEST_DEPS}) DEPENDS ${LIBFUZZER_TEST_DEPS})
if(TEST_DEPS) if(TEST_DEPS)
add_dependencies(check-fuzzer-${stdlib_name}-${arch} ${TEST_DEPS}) add_dependencies(check-fuzzer-${config_name}-${arch} ${TEST_DEPS})
endif() endif()
set_target_properties(check-fuzzer-${stdlib_name}-${arch} set_target_properties(check-fuzzer-${config_name}-${arch}
PROPERTIES FOLDER "Compiler-RT Tests") PROPERTIES FOLDER "Compiler-RT Tests")
add_dependencies(check-fuzzer check-fuzzer-${stdlib_name}-${arch}) add_dependencies(check-fuzzer check-fuzzer-${config_name}-${arch})
endforeach() endforeach()
endmacro() endmacro()
test_fuzzer("default") test_fuzzer("default")
if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux") if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux")
if(TARGET cxx_shared) if(TARGET cxx_shared)
test_fuzzer("libc++" DEPS cxx_shared) test_fuzzer("libc++" DEPS cxx_shared)
endif() endif()
if(TARGET cxx_static) if(TARGET cxx_static)
test_fuzzer("static-libc++" DEPS cxx_static) test_fuzzer("static-libc++" DEPS cxx_static)
endif() endif()
test_fuzzer("remote" REMOTE 1)
foreach(arch ${FUZZER_TEST_ARCH})
# Most remote fuzzer tests use the default fuzzer proxy. Build it once here
# rather than in every test that uses it.
set(output_bin ${CMAKE_CURRENT_BINARY_DIR}/FuzzerProxy-${arch})
add_custom_command(
OUTPUT "${output_bin}"
COMMAND ${COMPILER_RT_TEST_COMPILER}
--driver-mode=g++
-fsanitize-coverage=inline-8bit-counters,pc-table
"${CMAKE_CURRENT_SOURCE_DIR}/IPCProxy.cpp"
"${COMPILER_RT_BINARY_DIR}/lib/fuzzer/ipc/libRTFuzzerIPCProxy-${arch}.a"
-lpthread
"${CMAKE_CURRENT_SOURCE_DIR}/IPCProxyDefault.cpp"
-o "${output_bin}"
DEPENDS IPCProxy.cpp
RTFuzzerIPCProxy-${arch}
IPCProxyDefault.cpp
clang)
add_custom_target(DefaultFuzzerProxy-${arch} DEPENDS "${output_bin}")
add_dependencies(check-fuzzer-remote-${arch}
DefaultFuzzerProxy-${arch}
RTFuzzerIPCProxy-${arch}
RTFuzzerIPCRemote-${arch})
endforeach(arch)
endif() endif()
if (APPLE) if (APPLE)
set(LIBFUZZER_TEST_COMPILER ${COMPILER_RT_TEST_COMPILER}) set(LIBFUZZER_TEST_COMPILER ${COMPILER_RT_TEST_COMPILER})
set(FUZZER_APPLE_PLATFORMS ${FUZZER_SUPPORTED_OS}) set(FUZZER_APPLE_PLATFORMS ${FUZZER_SUPPORTED_OS})
foreach(platform ${FUZZER_APPLE_PLATFORMS}) foreach(platform ${FUZZER_APPLE_PLATFORMS})
if ("${platform}" STREQUAL "osx") if ("${platform}" STREQUAL "osx")
# Skip macOS because it's handled by the code above that builds tests for the host machine. # Skip macOS because it's handled by the code above that builds tests for the host machine.
Show All 14 Lines foreach(arch ${FUZZER_TEST_${platform}_ARCHS})
get_capitalized_apple_platform("${platform}" PLATFORM_CAPITALIZED) get_capitalized_apple_platform("${platform}" PLATFORM_CAPITALIZED)
set(CONFIG_NAME "${PLATFORM_CAPITALIZED}${ARCH_UPPER_CASE}Config") set(CONFIG_NAME "${PLATFORM_CAPITALIZED}${ARCH_UPPER_CASE}Config")
set(LIBFUZZER_TEST_CONFIG_SUFFIX "-${arch}-${platform}") set(LIBFUZZER_TEST_CONFIG_SUFFIX "-${arch}-${platform}")
set(LIBFUZZER_TEST_APPLE_PLATFORM "${platform}") set(LIBFUZZER_TEST_APPLE_PLATFORM "${platform}")
set(LIBFUZZER_TEST_TARGET_ARCH "${arch}") set(LIBFUZZER_TEST_TARGET_ARCH "${arch}")
set(LIBFUZZER_TEST_MIN_DEPLOYMENT_TARGET_FLAG "${DARWIN_${platform}_MIN_VER_FLAG}") set(LIBFUZZER_TEST_MIN_DEPLOYMENT_TARGET_FLAG "${DARWIN_${platform}_MIN_VER_FLAG}")
configure_lit_site_cfg( configure_lit_site_cfg(
${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.py.in ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.py.in
${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME}/lit.site.cfg.py ${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME}/lit.site.cfg.py)
)
add_lit_testsuite(check-fuzzer-${platform}-${arch} "libFuzzer ${platform} ${arch} tests" add_lit_testsuite(check-fuzzer-${platform}-${arch} "libFuzzer ${platform} ${arch} tests"
EXCLUDE_FROM_CHECK_ALL EXCLUDE_FROM_CHECK_ALL
${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME}/ ${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME}/
DEPENDS ${LIBFUZZER_TEST_DEPS}) DEPENDS ${LIBFUZZER_TEST_DEPS})
endforeach() endforeach()
endforeach() endforeach()
endif() endif()

compiler-rt/test/fuzzer/CompressedTest.cpp

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// A fuzz target that consumes a Zlib-compressed input. // A fuzz target that consumes a Zlib-compressed input.
// This test verifies that we can find this bug with a custom mutator. // This test verifies that we can find this bug with a custom mutator.
#include <cstddef> #include <cstddef>
#include <cstdint> #include <cstdint>
#include <cstdio> #include <cstdio>
#include <cstdlib> #include <cstdlib>
#include <zlib.h> #include <zlib.h>
#ifndef FUZZER_IPC_PROXY
// The fuzz target. // The fuzz target.
// Uncompress the data, crash on input starting with "FU". // Uncompress the data, crash on input starting with "FU".
// Good luck finding this w/o a custom mutator. :) // Good luck finding this w/o a custom mutator. :)
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
uint8_t Uncompressed[100]; uint8_t Uncompressed[100];
size_t UncompressedLen = sizeof(Uncompressed); size_t UncompressedLen = sizeof(Uncompressed);
if (Z_OK != uncompress(Uncompressed, &UncompressedLen, Data, Size)) if (Z_OK != uncompress(Uncompressed, &UncompressedLen, Data, Size))
return 0; return 0;
if (UncompressedLen < 2) return 0; if (UncompressedLen < 2) return 0;
if (Uncompressed[0] == 'F' && Uncompressed[1] == 'U') if (Uncompressed[0] == 'F' && Uncompressed[1] == 'U')
abort(); // Boom abort(); // Boom
return 0; return 0;
} }
#endif // !FUZZER_IPC_PROXY
#ifndef FUZZER_IPC_REMOTE
#ifdef CUSTOM_MUTATOR #ifdef CUSTOM_MUTATOR
// Forward-declare the libFuzzer's mutator callback. // Forward-declare the libFuzzer's mutator callback.
extern "C" size_t extern "C" size_t
LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize); LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
// The custom mutator: // The custom mutator:
// * deserialize the data (in this case, uncompress). // * deserialize the data (in this case, uncompress).
Show All 19 Linesextern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
UncompressedLen = UncompressedLen =
LLVMFuzzerMutate(Uncompressed, UncompressedLen, sizeof(Uncompressed)); LLVMFuzzerMutate(Uncompressed, UncompressedLen, sizeof(Uncompressed));
if (Z_OK != compress(Data, &CompressedLen, Uncompressed, UncompressedLen)) if (Z_OK != compress(Data, &CompressedLen, Uncompressed, UncompressedLen))
return 0; return 0;
return CompressedLen; return CompressedLen;
} }
#endif // CUSTOM_MUTATOR #endif // CUSTOM_MUTATOR
#endif // !FUZZER_IPC_REMOTE

compiler-rt/test/fuzzer/CrossOverTest.cpp

Show All 39 Lines
// const char *ABC = "ABCDEFGHIJ"; // const char *ABC = "ABCDEFGHIJ";
// static uint32_t ExpectedHash = simple_hash((const uint8_t *)ABC, 10); // static uint32_t ExpectedHash = simple_hash((const uint8_t *)ABC, 10);
static const uint32_t ExpectedHash = 0xe1677acb; static const uint32_t ExpectedHash = 0xe1677acb;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
// fprintf(stderr, "ExpectedHash: %x\n", ExpectedHash); // fprintf(stderr, "ExpectedHash: %x\n", ExpectedHash);
if (Size == 10 && ExpectedHash == simple_hash(Data, Size)) if (Size == 10 && ExpectedHash == simple_hash(Data, Size))
*NullPtr = 0; *NullPtr = 0;
if (Size == 0)
return 0;
if (*Data == 'A') if (*Data == 'A')
Sink++; Sink++;
if (*Data == 'Z') if (*Data == 'Z')
Sink--; Sink--;
return 0; return 0;
} }

compiler-rt/test/fuzzer/CustomCrossOverAndMutateTest.cpp

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// Test that libFuzzer does not crash when LLVMFuzzerMutate called from // Test that libFuzzer does not crash when LLVMFuzzerMutate called from
// LLVMFuzzerCustomCrossOver. // LLVMFuzzerCustomCrossOver.
#include <algorithm> #include <algorithm>
#include <cstddef> #include <cstddef>
#include <cstdint> #include <cstdint>
#include <cstdlib> #include <cstdlib>
#include <string.h> #include <string.h>
#include <string> #include <string>
#include <vector> #include <vector>
#include "FuzzerInterface.h" #include "FuzzerInterface.h"
#ifndef FUZZER_IPC_PROXY
static volatile int sink; static volatile int sink;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
std::string Str(reinterpret_cast<const char *>(Data), Size); std::string Str(reinterpret_cast<const char *>(Data), Size);
if (Size && Data[0] == '0') if (Size && Data[0] == '0')
sink++; sink++;
return 0; return 0;
} }
#endif // !FUZZER_IPC_PROXY
#ifndef FUZZER_IPC_REMOTE
extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1, extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
const uint8_t *Data2, size_t Size2, const uint8_t *Data2, size_t Size2,
uint8_t *Out, size_t MaxOutSize, uint8_t *Out, size_t MaxOutSize,
unsigned int Seed) { unsigned int Seed) {
std::vector<uint8_t> Buffer(MaxOutSize * 10); std::vector<uint8_t> Buffer(MaxOutSize * 10);
LLVMFuzzerMutate(Buffer.data(), Buffer.size(), Buffer.size()); LLVMFuzzerMutate(Buffer.data(), Buffer.size(), Buffer.size());
size_t Size = std::min(Size1, MaxOutSize); size_t Size = std::min(Size1, MaxOutSize);
memcpy(Out, Data1, Size); memcpy(Out, Data1, Size);
return Size; return Size;
} }
#endif // !FUZZER_IPC_REMOTE

compiler-rt/test/fuzzer/CustomCrossOverTest.cpp

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// Simple test for a cutom crossover. // Simple test for a cutom crossover.
#include <assert.h> #include <assert.h>
#include <cstddef> #include <cstddef>
#include <cstdint> #include <cstdint>
#include <cstdlib> #include <cstdlib>
#include <iostream> #include <iostream>
#include <ostream> #include <ostream>
#include <random> #include <random>
#include <string.h> #include <string.h>
#include <functional> #include <functional>
static const char *Separator = "-########-"; #ifndef FUZZER_IPC_PROXY
static const char *Target = "A-########-B"; static const char *Target = "A-########-B";
static volatile int sink; static volatile int sink;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
assert(Data); assert(Data);
std::string Str(reinterpret_cast<const char *>(Data), Size); std::string Str(reinterpret_cast<const char *>(Data), Size);
static const size_t TargetHash = std::hash<std::string>{}(std::string(Target)); static const size_t TargetHash = std::hash<std::string>{}(std::string(Target));
size_t StrHash = std::hash<std::string>{}(Str); size_t StrHash = std::hash<std::string>{}(Str);
// Ensure we have 'A' and 'B' in the corpus. // Ensure we have 'A' and 'B' in the corpus.
if (Size == 1 && *Data == 'A') if (Size == 1 && *Data == 'A')
sink++; sink++;
if (Size == 1 && *Data == 'B') if (Size == 1 && *Data == 'B')
sink--; sink--;
if (TargetHash == StrHash) { if (TargetHash == StrHash) {
std::cout << "BINGO; Found the target, exiting\n" << std::flush; std::cout << "BINGO; Found the target, exiting\n" << std::flush;
exit(1); exit(1);
} }
return 0; return 0;
} }
#endif // !FUZZER_IPC_PROXY
#ifndef FUZZER_IPC_REMOTE
static const char *Separator = "-########-";
extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1, extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
const uint8_t *Data2, size_t Size2, const uint8_t *Data2, size_t Size2,
uint8_t *Out, size_t MaxOutSize, uint8_t *Out, size_t MaxOutSize,
unsigned int Seed) { unsigned int Seed) {
static size_t Printed; static size_t Printed;
static size_t SeparatorLen = strlen(Separator); static size_t SeparatorLen = strlen(Separator);
if (Printed++ < 32) if (Printed++ < 32)
std::cerr << "In LLVMFuzzerCustomCrossover " << Size1 << " " << Size2 << "\n"; std::cerr << "In LLVMFuzzerCustomCrossover " << Size1 << " " << Size2 << "\n";
size_t Size = Size1 + Size2 + SeparatorLen; size_t Size = Size1 + Size2 + SeparatorLen;
if (Size > MaxOutSize) if (Size > MaxOutSize)
return 0; return 0;
memcpy(Out, Data1, Size1); memcpy(Out, Data1, Size1);
memcpy(Out + Size1, Separator, SeparatorLen); memcpy(Out + Size1, Separator, SeparatorLen);
memcpy(Out + Size1 + SeparatorLen, Data2, Size2); memcpy(Out + Size1 + SeparatorLen, Data2, Size2);
return Size; return Size;
} }
#endif // !FUZZER_IPC_REMOTE

compiler-rt/test/fuzzer/CustomMutatorTest.cpp

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// Simple test for a cutom mutator. // Simple test for a cutom mutator.
#include <assert.h> #include <assert.h>
#include <cstddef> #include <cstddef>
#include <cstdint> #include <cstdint>
#include <cstdlib> #include <cstdlib>
#include <iostream> #include <iostream>
#include <ostream> #include <ostream>
#include "FuzzerInterface.h" #include "FuzzerInterface.h"
#ifndef FUZZER_IPC_PROXY
static volatile int Sink; static volatile int Sink;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
assert(Data); assert(Data);
if (Size > 0 && Data[0] == 'H') { if (Size > 0 && Data[0] == 'H') {
Sink = 1; Sink = 1;
if (Size > 1 && Data[1] == 'i') { if (Size > 1 && Data[1] == 'i') {
Sink = 2; Sink = 2;
if (Size > 2 && Data[2] == '!') { if (Size > 2 && Data[2] == '!') {
std::cout << "BINGO; Found the target, exiting\n" << std::flush; std::cout << "BINGO; Found the target, exiting\n" << std::flush;
exit(1); exit(1);
} }
} }
} }
return 0; return 0;
} }
#endif // !FUZZER_IPC_PROXY
#ifndef FUZZER_IPC_REMOTE
extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
size_t MaxSize, unsigned int Seed) { size_t MaxSize, unsigned int Seed) {
static bool Printed; static bool Printed;
if (!Printed) { if (!Printed) {
std::cerr << "In LLVMFuzzerCustomMutator\n"; std::cerr << "In LLVMFuzzerCustomMutator\n";
Printed = true; Printed = true;
} }
return LLVMFuzzerMutate(Data, Size, MaxSize); return LLVMFuzzerMutate(Data, Size, MaxSize);
} }
#endif // !FUZZER_IPC_REMOTE

compiler-rt/test/fuzzer/CustomMutatorWithLongSequencesTest.cpp

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// Simple test for a cutom mutator that results in long sequences of mutations. // Simple test for a cutom mutator that results in long sequences of mutations.
#include <assert.h> #include <assert.h>
#include <cstddef> #include <cstddef>
#include <cstdint> #include <cstdint>
#include <cstdlib> #include <cstdlib>
#include <iostream> #include <iostream>
#include <ostream> #include <ostream>
#include "FuzzerInterface.h" #include "FuzzerInterface.h"
#ifndef FUZZER_IPC_PROXY
static volatile int Sink; static volatile int Sink;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
assert(Data); assert(Data);
if (Size > 0 && Data[0] == 'H') { if (Size > 0 && Data[0] == 'H') {
Sink = 1; Sink = 1;
if (Size > 1 && Data[1] == 'i') { if (Size > 1 && Data[1] == 'i') {
Sink = 2; Sink = 2;
if (Size > 2 && Data[2] == '!') { if (Size > 2 && Data[2] == '!') {
std::cout << "BINGO; Found the target, exiting\n" std::cout << "BINGO; Found the target, exiting\n"
<< std::flush; << std::flush;
exit(1); exit(1);
} }
} }
} }
return 0; return 0;
} }
#endif // !FUZZER_IPC_PROXY
#ifndef FUZZER_IPC_REMOTE
extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
size_t MaxSize, unsigned int Seed) { size_t MaxSize, unsigned int Seed) {
// Run this 25 times to generate a large mutation sequence. // Run this 25 times to generate a large mutation sequence.
for (size_t i = 0; i < 25; i++) { for (size_t i = 0; i < 25; i++) {
LLVMFuzzerMutate(Data, Size, MaxSize); LLVMFuzzerMutate(Data, Size, MaxSize);
} }
return LLVMFuzzerMutate(Data, Size, MaxSize); return LLVMFuzzerMutate(Data, Size, MaxSize);
} }
#endif // !FUZZER_IPC_REMOTE

compiler-rt/test/fuzzer/IPCProxy.h

  • This file was added.
//===- IPCTestProxyLinux.h ------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// Proxies test inputs to fuzzer tests implemented as remote fuzzers.
//
// See also IPCTestRemoteLinux.cpp.
//===----------------------------------------------------------------------===//
#ifndef COMPILER_RT_TEST_FUZZER_IPC_PROXY_H
#define COMPILER_RT_TEST_FUZZER_IPC_PROXY_H
#ifdef __linux__
#include <cerrno>
#include <cstdarg>
#include <cstddef>
#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <linux/limits.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <vector>
#define RETRY_ON_EINTR(R, X) \
do { \
R = (X); \
} while (R == -1 && errno == EINTR)
namespace fuzzer {
namespace ipc {
// Modify command line arguments. this should be called by
// LLVMFuzzerInitialize in the FuzzerProxy process.
int ConfigureRemoteProcess(int *pArgc, char ***pArgv, bool IgnoreRemoteExits = false);
// The ProxyAdapter can be used to convert conventional fuzz targets into remote
// fuzzers, e.g. for integration testing.
class ProxyAdapter final {
public:
// These indicate pipes to/from the child process started as a remote fuzzer.
static constexpr int kTestInputReader = STDERR_FILENO + 1;
static constexpr int kResultWriter = kTestInputReader + 1;
// On the first invocation of this method, the process configured by
// ConfigureRemoteProcess will be started, with the pipes indicated by the
// kTestInputReader and kResultWriter file descriptors attached.
static int TestOneInput(const uint8_t *Data, size_t Size);
private:
ProxyAdapter();
~ProxyAdapter();
int TestOneInputImpl(const uint8_t *Data, size_t Size);
int PID = -1;
int TestInputWriter = -1;
;
int ResultReader = -1;
};
} // namespace ipc
} // namespace fuzzer
#endif // __linux__
#endif // COMPILER_RT_TEST_FUZZER_IPC_PROXY_H

compiler-rt/test/fuzzer/IPCProxy.cpp

  • This file was added.
//===- IPCTestProxyLinux.cpp ----------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// Proxies test inputs to fuzzer tests implemented as remote fuzzers.
//
// See also IPCTestRemoteLinux.cpp.
//===----------------------------------------------------------------------===//
#ifdef __linux__
#include <cerrno>
#include <cstdarg>
#include <cstddef>
#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <linux/limits.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <vector>
#include "IPCProxy.h"
namespace fuzzer {
namespace ipc {
namespace {
const char *gRemoteTest = nullptr;
const char *kRemoteFlag = "-remote=1";
const char *kIgnoreRemoteExitsFlag = "-ignore-remote-exits=1";
const char *kRemoteTestEnvVar = "FUZZER_REMOTE_TEST";
bool StartsWith(const char *S, const char *T) {
if (!S || !T)
return false;
auto SLen = strlen(S);
auto TLen = strlen(T);
return SLen >= TLen && strncmp(S, T, TLen) == 0;
}
} // namespace
// Public methods
int ConfigureRemoteProcess(int *pArgc, char ***pArgv, bool IgnoreRemoteExits) {
char **Argv = *pArgv;
int Argc = *pArgc;
static std::vector<const char *> Args;
Args.push_back(Argv[0]);
Args.push_back(kRemoteFlag);
if (IgnoreRemoteExits)
Args.push_back(kIgnoreRemoteExitsFlag);
for (int i = 1; i < Argc; ++i) {
const char *Arg = Argv[i];
if (Arg[0] == '-' || gRemoteTest)
Args.push_back(Arg);
else
gRemoteTest = Arg;
}
if (!gRemoteTest)
gRemoteTest = getenv(kRemoteTestEnvVar);
if (!gRemoteTest) {
fprintf(stderr, "ERROR: Missing remote executable name.\n");
exit(1);
}
if (setenv(kRemoteTestEnvVar, gRemoteTest, /* override */ 1) == -1) {
perror("setenv");
exit(1);
}
*pArgc = Args.size();
*pArgv = const_cast<char **>(&Args[0]);
return 0;
}
int ProxyAdapter::TestOneInput(const uint8_t *Data, size_t Size) {
static ProxyAdapter Singleton;
return Singleton.TestOneInputImpl(Data, Size);
}
// Private methods
ProxyAdapter::ProxyAdapter() {
int TestInputPipe[2];
int ResultPipe[2];
if (pipe(TestInputPipe) == -1 || pipe(ResultPipe) == -1) {
perror("pipe");
exit(1);
}
if (sigignore(SIGCHLD) == -1) {
perror("sigignore");
exit(1);
}
auto PID = fork();
if (PID == -1) {
perror("fork");
}
// Child
if (PID == 0) {
if (dup2(TestInputPipe[0], kTestInputReader) == -1 || dup2(ResultPipe[1], kResultWriter) == -1) {
perror("dup2");
exit(1);
}
close(TestInputPipe[0]);
close(TestInputPipe[1]);
close(ResultPipe[0]);
close(ResultPipe[1]);
execl(gRemoteTest, gRemoteTest, (char *)nullptr);
perror("execl");
exit(1);
}
// Parent
close(TestInputPipe[0]);
TestInputWriter = TestInputPipe[1];
ResultReader = ResultPipe[0];
close(ResultPipe[1]);
}
ProxyAdapter::~ProxyAdapter() {
close(TestInputWriter);
close(ResultReader);
if (PID > 0)
kill(PID, SIGKILL);
}
int ProxyAdapter::TestOneInputImpl(const uint8_t *Data, size_t Size) {
int N = 0;
RETRY_ON_EINTR(N, write(TestInputWriter, &Size, sizeof(Size)));
if (N < 0) {
perror("write");
exit(1);
}
if (N != sizeof(Size)) {
fprintf(stderr, "==%d== ERROR: incomplete write of test input size: %d of %zu bytes.\n", getpid(), N, sizeof(Size));
exit(1);
}
if (Size) {
RETRY_ON_EINTR(N, write(TestInputWriter, Data, Size));
if (N < 0) {
perror("write");
exit(1);
}
if (size_t(N) != Size) {
fprintf(stderr, "==%d== ERROR: incomplete write of test input data: %d of %zu bytes.\n", getpid(), N, Size);
exit(1);
}
}
int Result;
RETRY_ON_EINTR(N, read(ResultReader, &Result, sizeof(Result)));
if (N < 0) {
perror("read");
exit(1);
}
if (N == 0)
exit(0);
if (N != sizeof(Result)) {
fprintf(stderr, "==%d== ERROR: incomplete read of test result: %d of %zu bytes.\n", getpid(), N, sizeof(Result));
exit(1);
}
return Result;
}
} // namespace ipc
} // namespace fuzzer
#endif // __linux__

compiler-rt/test/fuzzer/IPCProxyDefault.cpp

  • This file was added.
//===- IPCTestProxyLinuxDefault.cpp ---------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// Default IPC test proxy implementation.
//===----------------------------------------------------------------------===//
#include "IPCProxy.h"
#include <cstddef>
#include <cstdint>
extern "C" {
int LLVMFuzzerInitialize(int *pArgc, char ***pArgv) {
return fuzzer::ipc::ConfigureRemoteProcess(pArgc, pArgv);
}
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
return fuzzer::ipc::ProxyAdapter::TestOneInput(Data, Size);
}
} // extern "C"

compiler-rt/test/fuzzer/IPCRemote.cpp

  • This file was added.
//===- IPCTestRemoteLinux.cpp ---------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// Transforms fuzzer test implementations into remote fuzzers.
//
// See also IPCTestProxyLinux.cpp.
//===----------------------------------------------------------------------===//
#ifdef __linux__
#include <cerrno>
#include <cstddef>
#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <sanitizer/asan_interface.h>
#include <unistd.h>
#include <vector>
#include "IPCProxy.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
namespace fuzzer {
namespace ipc {
class RemoteAdapter final {
public:
RemoteAdapter() : TestInput(Available) {}
~RemoteAdapter() = default;
void TestOneInput() {
size_t Size;
int N;
RETRY_ON_EINTR(N, read(ProxyAdapter::kTestInputReader, &Size, sizeof(Size)));
if (N < 0) {
perror("read");
exit(1);
}
if (N == 0)
exit(0);
if (static_cast<size_t>(N) != sizeof(Size)) {
fprintf(stderr, "==%d== ERROR: incomplete read of test input size: %d of %zu bytes.\n", getpid(), N, sizeof(Size));
exit(1);
}
while (Available < Size)
Available *= 2;
if (TestInput.size() < Available)
TestInput.resize(Available);
uint8_t *Data = &TestInput[0];
if (Size) {
RETRY_ON_EINTR(N, read(ProxyAdapter::kTestInputReader, Data, Size));
if (N < 0) {
perror("read");
exit(1);
}
if (size_t(N) != Size) {
fprintf(stderr, "==%d== ERROR: incomplete read of test input data: %d of %zu bytes.\n", getpid(), N, Size);
exit(1);
}
}
if (Size < Available)
ASAN_POISON_MEMORY_REGION(Data + Size, Available - Size);
int Result = LLVMFuzzerTestOneInput(Data, Size);
if (Size < Available)
ASAN_UNPOISON_MEMORY_REGION(Data + Size, Available - Size);
RETRY_ON_EINTR(N, write(ProxyAdapter::kResultWriter, &Result, sizeof(Result)));
if (N < 0) {
perror("write");
exit(1);
}
if (N != sizeof(Result)) {
fprintf(stderr, "==%d== ERROR: incomplete write of test result: %d of %zu bytes.\n", getpid(), N, sizeof(Result));
exit(1);
}
}
private:
size_t Available = 1024;
std::vector<uint8_t> TestInput;
};
} // namespace ipc
} // namespace fuzzer
int main(int argc, char **argv) {
fuzzer::ipc::RemoteAdapter Remote;
while (true)
Remote.TestOneInput();
}
#endif // __linux__

compiler-rt/test/fuzzer/ReloadTest.cpp

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// Test that fuzzer we can reload artifacts with any bytes inside. // Test that fuzzer we can reload artifacts with any bytes inside.
#include <algorithm> #include <algorithm>
#include <cstdint> #include <cstdint>
#include <cstdlib> #include <cstdlib>
#include <numeric> #include <numeric>
#include <set> #include <set>
#ifndef FUZZER_IPC_REMOTE
extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
size_t MaxSize, unsigned int Seed) { size_t MaxSize, unsigned int Seed) {
std::srand(Seed); std::srand(Seed);
std::generate(Data, Data + MaxSize, std::rand); std::generate(Data, Data + MaxSize, std::rand);
return MaxSize; return MaxSize;
} }
#endif // !FUZZER_IPC_REMOTE
#ifndef FUZZER_IPC_PROXY
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size > 5000 && std::set<uint8_t>(Data, Data + Size).size() > 255 && if (Size > 5000 && std::set<uint8_t>(Data, Data + Size).size() > 255 &&
(uint8_t)std::accumulate(Data, Data + Size, uint8_t(Size)) == 0) (uint8_t)std::accumulate(Data, Data + Size, uint8_t(Size)) == 0)
abort(); abort();
return 0; return 0;
} }
#endif // !FUZZER_IPC_PROXY

compiler-rt/test/fuzzer/bcmp.test

UNSUPPORTED: darwin, freebsd, windows UNSUPPORTED: darwin, freebsd, windows
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler -DMEMCMP=bcmp %S/MemcmpTest.cpp -o %t RUN: %cpp_compiler -DMEMCMP=bcmp %S/MemcmpTest.cpp -o %t
RUN: not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/bogus-initialize-remote.test

  • This file was added.
REQUIRES: remote
RUN: %proxy_compiler %S/BogusInitializeTest.cpp -o %t-Proxy
RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-BogusInitializeTest
RUN: not %run_no_proxy %t-Proxy %t-BogusInitializeTest 2>&1 | FileCheck %S/bogus-initialize.test --check-prefix=BOGUS_INITIALIZE

compiler-rt/test/fuzzer/bogus-initialize.test

UNSUPPORTED: remote
RUN: %cpp_compiler %S/BogusInitializeTest.cpp -o %t-BogusInitializeTest RUN: %cpp_compiler %S/BogusInitializeTest.cpp -o %t-BogusInitializeTest
RUN: not %run %t-BogusInitializeTest 2>&1 | FileCheck %s --check-prefix=BOGUS_INITIALIZE RUN: not %run %t-BogusInitializeTest 2>&1 | FileCheck %s --check-prefix=BOGUS_INITIALIZE
BOGUS_INITIALIZE: argv[0] has been modified in LLVMFuzzerInitialize BOGUS_INITIALIZE: argv[0] has been modified in LLVMFuzzerInitialize

compiler-rt/test/fuzzer/buffer-overflow-on-input.test

UNSUPPORTED: remote
RUN: %cpp_compiler %S/BufferOverflowOnInput.cpp -o %t-BufferOverflowOnInput RUN: %cpp_compiler %S/BufferOverflowOnInput.cpp -o %t-BufferOverflowOnInput
RUN: not %run %t-BufferOverflowOnInput 2>&1 | FileCheck %s --check-prefix=OOB RUN: not %run %t-BufferOverflowOnInput 2>&1 | FileCheck %s --check-prefix=OOB
OOB: AddressSanitizer: heap-buffer-overflow OOB: AddressSanitizer: heap-buffer-overflow
OOB: is located 0 bytes to the right of 3-byte region OOB: is located 0 bytes to the right of 3-byte region

compiler-rt/test/fuzzer/cleanse.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/CleanseTest.cpp -o %t-CleanseTest RUN: %cpp_compiler %S/CleanseTest.cpp -o %t-CleanseTest
RUN: echo -n 0123456789ABCDEFGHIZ > %t-in RUN: echo -n 0123456789ABCDEFGHIZ > %t-in
RUN: %run %t-CleanseTest -cleanse_crash=1 %t-in -exact_artifact_path=%t-out RUN: %run %t-CleanseTest -cleanse_crash=1 %t-in -exact_artifact_path=%t-out
RUN: echo -n ' 1 5 A Z' | diff - %t-out RUN: echo -n ' 1 5 A Z' | diff - %t-out

compiler-rt/test/fuzzer/compressed-remote.test

  • This file was added.
REQUIRES: linux
REQUIRES: remote
REQUIRES: zlib
# zlib is "supported" on i386 even when only for x86_64, explicitly make i386
# unsupported by this test.
UNSUPPORTED: i386
# Custom mutator should find this bug, w/o custom -- no chance.
RUN: %proxy_compiler %S/IPCProxyDefault.cpp %S/CompressedTest.cpp -o %t-ProxyCustom -DCUSTOM_MUTATOR -lz
RUN: %proxy_compiler %S/IPCProxyDefault.cpp %S/CompressedTest.cpp -o %t-ProxyPlain -lz
RUN: %cpp_compiler %S/CompressedTest.cpp -o %t-CompressedTest -lz
RUN: not %no_proxy_run %t-ProxyCustom %t-CompressedTest -seed=1 -runs=1000000
RUN: %no_proxy_run %t-ProxyPlain %t-CompressedTest -seed=1 -runs=1000000

compiler-rt/test/fuzzer/compressed.test

REQUIRES: linux REQUIRES: linux
REQUIRES: zlib REQUIRES: zlib
# zlib is "supported" on i386 even when only for x86_64, explicitly make i386 # zlib is "supported" on i386 even when only for x86_64, explicitly make i386
# unsupported by this test. # unsupported by this test.
UNSUPPORTED: i386 UNSUPPORTED: i386
UNSUPPORTED: remote
# Custom mutator should find this bug, w/o custom -- no chance. # Custom mutator should find this bug, w/o custom -- no chance.
RUN: %cpp_compiler %S/CompressedTest.cpp -o %t-CompressedTestCustom -DCUSTOM_MUTATOR -lz RUN: %cpp_compiler %S/CompressedTest.cpp -o %t-CompressedTestCustom -DCUSTOM_MUTATOR -lz
RUN: %cpp_compiler %S/CompressedTest.cpp -o %t-CompressedTestPlain -lz RUN: %cpp_compiler %S/CompressedTest.cpp -o %t-CompressedTestPlain -lz
RUN: not %run %t-CompressedTestCustom -seed=1 -runs=1000000 RUN: not %run %t-CompressedTestCustom -seed=1 -runs=1000000
RUN: %run %t-CompressedTestPlain -seed=1 -runs=1000000 RUN: %run %t-CompressedTestPlain -seed=1 -runs=1000000

compiler-rt/test/fuzzer/counters.test

UNSUPPORTED: aarch64, ios UNSUPPORTED: aarch64, ios
# FIXME: Fix remote symbolization
UNSUPPORTED: remote
RUN: %cpp_compiler %S/CounterTest.cpp -o %t-CounterTest RUN: %cpp_compiler %S/CounterTest.cpp -o %t-CounterTest
RUN: not %run %t-CounterTest -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=COUNTERS RUN: not %run %t-CounterTest -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=COUNTERS
COUNTERS: INITED {{.*}} {{bits:|ft:}} COUNTERS: INITED {{.*}} {{bits:|ft:}}
COUNTERS: NEW {{.*}} {{bits:|ft:}} {{[1-9]*}} COUNTERS: NEW {{.*}} {{bits:|ft:}} {{[1-9]*}}
COUNTERS: NEW {{.*}} {{bits:|ft:}} {{[1-9]*}} COUNTERS: NEW {{.*}} {{bits:|ft:}} {{[1-9]*}}
COUNTERS: BINGO COUNTERS: BINGO

compiler-rt/test/fuzzer/coverage.test

# FIXME: Disabled on Windows because -fPIC cannot be used to compile for Windows. # FIXME: Disabled on Windows because -fPIC cannot be used to compile for Windows.
UNSUPPORTED: windows UNSUPPORTED: windows
# FIXME: CreatePCArray() emits PLT stub addresses for entry blocks, which are ignored by TracePC::PrintCoverage(). # FIXME: CreatePCArray() emits PLT stub addresses for entry blocks, which are ignored by TracePC::PrintCoverage().
XFAIL: s390x XFAIL: s390x
# FIXME: Fix remote symbolization
UNSUPPORTED: remote
RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/NullDerefTest.cpp -o %t-NullDerefTest RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/NullDerefTest.cpp -o %t-NullDerefTest
RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO1.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1 RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO1.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO2.cpp -fPIC %ld_flags_rpath_so2 -O0 -shared -o %dynamiclib2 RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO2.cpp -fPIC %ld_flags_rpath_so2 -O0 -shared -o %dynamiclib2
RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSOTestMain.cpp %S/DSOTestExtra.cpp %ld_flags_rpath_exe1 %ld_flags_rpath_exe2 -o %t-DSOTest RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSOTestMain.cpp %S/DSOTestExtra.cpp %ld_flags_rpath_exe1 %ld_flags_rpath_exe2 -o %t-DSOTest
CHECK: COVERAGE: CHECK: COVERAGE:
CHECK: COVERED_FUNC: {{.*}}LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:14 CHECK: COVERED_FUNC: {{.*}}LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:14
RUN: not %run %t-NullDerefTest -print_coverage=1 2>&1 | FileCheck %s RUN: not %run %t-NullDerefTest -print_coverage=1 2>&1 | FileCheck %s
Show All 10 Lines

compiler-rt/test/fuzzer/cross_over_uniform_dist.test

REQUIRES: linux, x86_64 REQUIRES: linux, x86_64
RUN: %cpp_compiler %S/KeepSeedTest.cpp -o %t-CrossOverUniformDistTest RUN: %cpp_compiler %S/KeepSeedTest.cpp -o %t-CrossOverUniformDistTest
# FIXME: Need value-profile support for remote fuzzing; otherwise too slow.
UNSUPPORTED: remote
RUN: rm -rf %t-corpus RUN: rm -rf %t-corpus
RUN: mkdir %t-corpus RUN: mkdir %t-corpus
RUN: echo -n "@SELECT" > %t-corpus/A RUN: echo -n "@SELECT" > %t-corpus/A
RUN: echo -n "@FROM WHERE" > %t-corpus/B RUN: echo -n "@FROM WHERE" > %t-corpus/B
RUN: not %run %t-CrossOverUniformDistTest -keep_seed=1 -cross_over_uniform_dist=1 -seed=1 -runs=5000000 %t-corpus 2>&1 | FileCheck %s RUN: not %run %t-CrossOverUniformDistTest -keep_seed=1 -cross_over_uniform_dist=1 -seed=1 -runs=5000000 %t-corpus 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO
RUN: rm -rf %t-corpus RUN: rm -rf %t-corpus
RUN: mkdir %t-corpus RUN: mkdir %t-corpus
RUN: echo -n "@SELECT" > %t-corpus/A RUN: echo -n "@SELECT" > %t-corpus/A
RUN: echo -n "@FROM WHERE" > %t-corpus/B RUN: echo -n "@FROM WHERE" > %t-corpus/B
RUN: %run %t-CrossOverUniformDistTest -keep_seed=1 -seed=1 -runs=5000000 %t-corpus 2>&1 RUN: %run %t-CrossOverUniformDistTest -keep_seed=1 -seed=1 -runs=5000000 %t-corpus 2>&1

compiler-rt/test/fuzzer/cxxstring.test

UNSUPPORTED: freebsd UNSUPPORTED: freebsd
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/CxxStringEqTest.cpp -o %t-CxxStringEqTest RUN: %cpp_compiler %S/CxxStringEqTest.cpp -o %t-CxxStringEqTest
RUN: not %run %t-CxxStringEqTest -seed=1 -runs=1000000 2>&1 | FileCheck %s RUN: not %run %t-CxxStringEqTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/dataflow.test

# Tests the data flow tracer. # Tests the data flow tracer.
REQUIRES: linux, x86_64 REQUIRES: linux, x86_64
# FIXME: Needs dataflow-tracing support for remote fuzzing.
UNSUPPORTED: remote
# Build the tracer and the test. # Build the tracer and the test.
RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o %t-DataFlow.o RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o %t-DataFlow.o
RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fPIC %S/../../lib/fuzzer/dataflow/DataFlowCallbacks.cpp -o %t-DataFlowCallbacks.o RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fPIC %S/../../lib/fuzzer/dataflow/DataFlowCallbacks.cpp -o %t-DataFlowCallbacks.o
RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels -fsanitize-coverage=trace-pc-guard,pc-table,bb,trace-cmp %S/ThreeFunctionsTest.cpp %t-DataFlow*.o -o %t-ThreeFunctionsTestDF RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels -fsanitize-coverage=trace-pc-guard,pc-table,bb,trace-cmp %S/ThreeFunctionsTest.cpp %t-DataFlow*.o -o %t-ThreeFunctionsTestDF
RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels -fsanitize-coverage=trace-pc-guard,pc-table,bb,trace-cmp %S/Labels20Test.cpp %t-DataFlow*.o -o %t-Labels20TestDF RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels -fsanitize-coverage=trace-pc-guard,pc-table,bb,trace-cmp %S/Labels20Test.cpp %t-DataFlow*.o -o %t-Labels20TestDF
RUN: %cpp_compiler %S/ThreeFunctionsTest.cpp -o %t-ThreeFunctionsTest RUN: %cpp_compiler %S/ThreeFunctionsTest.cpp -o %t-ThreeFunctionsTest
# Dump the function list. # Dump the function list.
▲ Show 20 LinesShow All 117 LinesShow Last 20 Lines

compiler-rt/test/fuzzer/deep-recursion.test

# Test that we can find a stack overflow # Test that we can find a stack overflow
REQUIRES: linux REQUIRES: linux
# FIXME: Needs stack-depth feature support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/DeepRecursionTest.cpp -o %t RUN: %cpp_compiler %S/DeepRecursionTest.cpp -o %t
RUN: not %run %t -seed=1 -runs=100000000 2>&1 | FileCheck %s RUN: not %run %t -seed=1 -runs=100000000 2>&1 | FileCheck %s
CHECK: ERROR: libFuzzer: deadly signal CHECK: ERROR: libFuzzer: deadly signal

compiler-rt/test/fuzzer/deprecated-instrumentation.test

CHECK: -fsanitize-coverage=trace-pc is no longer supported by libFuzzer CHECK: -fsanitize-coverage=trace-pc is no longer supported by libFuzzer
RUN: %cpp_compiler %S/SimpleTest.cpp -c -o %t-SimpleTest.o -fsanitize-coverage=trace-pc RUN: %no_remote_cpp_compiler %S/SimpleTest.cpp -c -o %t-SimpleTest.o -fsanitize-coverage=trace-pc
RUN: %cpp_compiler %t-SimpleTest.o -o %t-SimpleTest RUN: %cpp_compiler %t-SimpleTest.o -o %t-SimpleTest
RUN: not %run %t-SimpleTest 2>&1 | FileCheck %s RUN: not %run %t-SimpleTest 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/disable-leaks-remote.test

  • This file was added.
REQUIRES: lsan
REQUIRES: remote
UNSUPPORTED: aarch64
RUN: %proxy_compiler -fsanitize=address %S/IPCProxyDefault.cpp -o %t-Proxy
RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-AccumulateAllocationsTest
RUN: %no_proxy_run %t-Proxy %t-AccumulateAllocationsTest -detect_leaks=1 -runs=100000 2>&1 | \
FileCheck %S/disable-leaks.test --check-prefix=ACCUMULATE_ALLOCS

compiler-rt/test/fuzzer/disable-leaks.test

REQUIRES: lsan REQUIRES: lsan
UNSUPPORTED: aarch64 UNSUPPORTED: aarch64
UNSUPPORTED: remote
RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-AccumulateAllocationsTest RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-AccumulateAllocationsTest
RUN: %run %t-AccumulateAllocationsTest -detect_leaks=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=ACCUMULATE_ALLOCS RUN: %run %t-AccumulateAllocationsTest -detect_leaks=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=ACCUMULATE_ALLOCS
ACCUMULATE_ALLOCS: INFO: libFuzzer disabled leak detection after every mutation ACCUMULATE_ALLOCS: INFO: libFuzzer disabled leak detection after every mutation

compiler-rt/test/fuzzer/dso.test

# FIXME: Disabled on Windows because -fPIC cannot be used to compile for Windows. # FIXME: Disabled on Windows because -fPIC cannot be used to compile for Windows.
UNSUPPORTED: windows UNSUPPORTED: windows
#FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED:remote
RUN: %cpp_compiler %S/DSO1.cpp -fPIC %ld_flags_rpath_so1 -shared -o %dynamiclib1 RUN: %cpp_compiler %S/DSO1.cpp -fPIC %ld_flags_rpath_so1 -shared -o %dynamiclib1
RUN: %cpp_compiler %S/DSO2.cpp -fPIC %ld_flags_rpath_so2 -shared -o %dynamiclib2 RUN: %cpp_compiler %S/DSO2.cpp -fPIC %ld_flags_rpath_so2 -shared -o %dynamiclib2
RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp %ld_flags_rpath_exe1 %ld_flags_rpath_exe2 -o %t-DSOTest RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp %ld_flags_rpath_exe1 %ld_flags_rpath_exe2 -o %t-DSOTest
RUN: not %run %t-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO RUN: not %run %t-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO
DSO: INFO: Loaded 3 modules DSO: INFO: Loaded 3 modules
DSO: BINGO DSO: BINGO

compiler-rt/test/fuzzer/entropic-scale-per-exec-time.test

REQUIRES: linux, x86_64 REQUIRES: linux, x86_64
# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/EntropicScalePerExecTimeTest.cpp -o %t-EntropicScalePerExecTimeTest RUN: %cpp_compiler %S/EntropicScalePerExecTimeTest.cpp -o %t-EntropicScalePerExecTimeTest
RUN: not %run %t-EntropicScalePerExecTimeTest -entropic=1 -entropic_scale_per_exec_time=1 -seed=1 -runs=100000 -max_len=10 RUN: not %run %t-EntropicScalePerExecTimeTest -entropic=1 -entropic_scale_per_exec_time=1 -seed=1 -runs=100000 -max_len=10
# The following test is added as a comment here for reference, which should # The following test is added as a comment here for reference, which should
# take more runs than with -entropic_scale_per_exec_time=1 to find the crash. # take more runs than with -entropic_scale_per_exec_time=1 to find the crash.
# (it takes 126,633 runs) # (it takes 126,633 runs)
# RUN: not %run %t-EntropicScalePerExecTimeTest -entropic=1 -seed=1 -runs=200000 -max_len=10 # RUN: not %run %t-EntropicScalePerExecTimeTest -entropic=1 -seed=1 -runs=200000 -max_len=10

compiler-rt/test/fuzzer/exit_on_src_pos.test

# Temporary use -mllvm -use-unknown-locations=Disable so that # Temporary use -mllvm -use-unknown-locations=Disable so that
# all instructions have debug info (file line numbers) attached. # all instructions have debug info (file line numbers) attached.
# TODO: Find out why test fails on Darwin with -O2. # TODO: Find out why test fails on Darwin with -O2.
# Binaries must end in .exe or else symbolization will break on Windows because of how periods # Binaries must end in .exe or else symbolization will break on Windows because of how periods
# in expansion of %t cause the compiler to overwrite .lib and .exp files. # in expansion of %t cause the compiler to overwrite .lib and .exp files.
# FIXME: Fix remote symbolization
UNSUPPORTED: remote
RUN: %cpp_compiler -O0 %S/SimpleTest.cpp -o %t-SimpleTest.exe -mllvm -use-unknown-locations=Disable RUN: %cpp_compiler -O0 %S/SimpleTest.cpp -o %t-SimpleTest.exe -mllvm -use-unknown-locations=Disable
RUN: %cpp_compiler -O0 %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest.exe RUN: %cpp_compiler -O0 %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest.exe
RUN: %run %t-SimpleTest.exe -exit_on_src_pos=SimpleTest.cpp:19 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS RUN: %run %t-SimpleTest.exe -exit_on_src_pos=SimpleTest.cpp:19 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
RUN: %run %t-ShrinkControlFlowTest.exe -exit_on_src_pos=Foo 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS RUN: %run %t-ShrinkControlFlowTest.exe -exit_on_src_pos=Foo 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting. EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.

compiler-rt/test/fuzzer/extra-counters.test

REQUIRES: linux REQUIRES: linux
# FIXME: Add extra counter support for remote fuzzers
UNSUPPORTED: remote
RUN: %cpp_compiler %S/TableLookupTest.cpp -o %t-TableLookupTest RUN: %cpp_compiler %S/TableLookupTest.cpp -o %t-TableLookupTest
RUN: not %run %t-TableLookupTest -print_final_stats=1 2>&1 | FileCheck %s RUN: not %run %t-TableLookupTest -print_final_stats=1 2>&1 | FileCheck %s
CHECK: INFO: {{[0-9]+}} Extra Counters CHECK: INFO: {{[0-9]+}} Extra Counters
// Expecting >= 4096 new_units_added // Expecting >= 4096 new_units_added
CHECK: stat::new_units_added:{{.*[4][0-9][0-9][0-9]}} CHECK: stat::new_units_added:{{.*[4][0-9][0-9][0-9]}}

compiler-rt/test/fuzzer/focus-function.test

# Tests -focus_function # Tests -focus_function
# #
# TODO: don't require linux. # TODO: don't require linux.
# REQUIRES: linux # REQUIRES: linux
UNSUPPORTED: aarch64 UNSUPPORTED: aarch64
# FIXME: Fix remote symbolization
UNSUPPORTED: remote
RUN: %cpp_compiler %S/OnlySomeBytesTest.cpp -o %t-exe RUN: %cpp_compiler %S/OnlySomeBytesTest.cpp -o %t-exe
RUN: %t-exe -runs=100 2>&1 | FileCheck %s --check-prefix=FOCUS_NONE RUN: %t-exe -runs=100 2>&1 | FileCheck %s --check-prefix=FOCUS_NONE
FOCUS_NONE-NOT: INFO: Focus function is set to FOCUS_NONE-NOT: INFO: Focus function is set to
FOCUS_NONE-NOT: INFO: {{.*}} inputs touch the focus function FOCUS_NONE-NOT: INFO: {{.*}} inputs touch the focus function
RUN: not %t-exe -runs=100 -focus_function=WRONG 2>&1 | FileCheck %s --check-prefix=FOCUS_WRONG RUN: not %t-exe -runs=100 -focus_function=WRONG 2>&1 | FileCheck %s --check-prefix=FOCUS_WRONG
FOCUS_WRONG-NOT: INFO: Focus function is set to FOCUS_WRONG-NOT: INFO: Focus function is set to
Show All 16 Lines

compiler-rt/test/fuzzer/fork-ubsan.test

# FIXME: Investigate why this fails for remote fuzzers
UNSUPPORTED: remote
# UNSUPPORTED: darwin, freebsd, aarch64 # UNSUPPORTED: darwin, freebsd, aarch64
# Tests how the fork mode works together with ubsan. # Tests how the fork mode works together with ubsan.
RUN: %cpp_compiler %S/IntegerOverflowTest.cpp -o %t-IntegerOverflowTest -fsanitize=signed-integer-overflow -fno-sanitize-recover=signed-integer-overflow RUN: %cpp_compiler %S/IntegerOverflowTest.cpp -o %t-IntegerOverflowTest -fsanitize=signed-integer-overflow -fno-sanitize-recover=signed-integer-overflow
RUN: not %run %t-IntegerOverflowTest -fork=1 -ignore_crashes=1 -runs=10000 2>&1 | FileCheck %s --check-prefix=UBSAN_FORK RUN: not %run %t-IntegerOverflowTest -fork=1 -ignore_crashes=1 -runs=10000 2>&1 | FileCheck %s --check-prefix=UBSAN_FORK
UBSAN_FORK: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int' UBSAN_FORK: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'
UBSAN_FORK: INFO: fuzzed for {{.*}} iterations, wrapping up soon UBSAN_FORK: INFO: fuzzed for {{.*}} iterations, wrapping up soon

compiler-rt/test/fuzzer/fork.test

REQUIRES: expensive_checks
# TODO: haven't tested yet (expensive)
UNSUPPORTED: remote
# UNSUPPORTED: darwin, freebsd, aarch64 # UNSUPPORTED: darwin, freebsd, aarch64
BINGO: BINGO BINGO: BINGO
RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
RUN: not %run %t-SimpleTest -fork=1 2>&1 | FileCheck %s --check-prefix=BINGO RUN: not %run %t-SimpleTest -fork=1 2>&1 | FileCheck %s --check-prefix=BINGO
TIMEOUT: ERROR: libFuzzer: timeout TIMEOUT: ERROR: libFuzzer: timeout
RUN: %cpp_compiler %S/TimeoutTest.cpp -o %t-TimeoutTest RUN: %cpp_compiler %S/TimeoutTest.cpp -o %t-TimeoutTest
RUN: not %run %t-TimeoutTest -fork=1 -timeout=1 -ignore_timeouts=0 2>&1 | FileCheck %s --check-prefix=TIMEOUT RUN: not %run %t-TimeoutTest -fork=1 -timeout=1 -ignore_timeouts=0 2>&1 | FileCheck %s --check-prefix=TIMEOUT
Show All 13 Lines

compiler-rt/test/fuzzer/full-coverage.test

# FIXME: Disabled on Windows because -fPIC cannot be used to compile for Windows. # FIXME: Disabled on Windows because -fPIC cannot be used to compile for Windows.
UNSUPPORTED: windows UNSUPPORTED: windows
# FIXME: See coverage.test. Using UNSUPPORTED here due to random failures. # FIXME: See coverage.test. Using UNSUPPORTED here due to random failures.
UNSUPPORTED: s390x UNSUPPORTED: s390x
# FIXME: Fix remote symbolization
UNSUPPORTED: remote
RUN: %cpp_compiler %S/DSO1.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1 RUN: %cpp_compiler %S/DSO1.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
RUN: %cpp_compiler %S/DSO2.cpp -fPIC %ld_flags_rpath_so2 -O0 -shared -o %dynamiclib2 RUN: %cpp_compiler %S/DSO2.cpp -fPIC %ld_flags_rpath_so2 -O0 -shared -o %dynamiclib2
RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp %ld_flags_rpath_exe1 %ld_flags_rpath_exe2 -o %t-DSOTest RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp %ld_flags_rpath_exe1 %ld_flags_rpath_exe2 -o %t-DSOTest
RUN: %run %t-DSOTest -print_full_coverage=1 %S/dso-cov-input.txt 2>&1 | FileCheck %s RUN: %run %t-DSOTest -print_full_coverage=1 %S/dso-cov-input.txt 2>&1 | FileCheck %s
CHECK: FULL COVERAGE: CHECK: FULL COVERAGE:
CHECK-DAG: U{{( [0-9]+)*}} CHECK-DAG: U{{( [0-9]+)*}}
CHECK-DAG: C{{( [0-9]+)*}} CHECK-DAG: C{{( [0-9]+)*}}
CHECK-DAG: U{{( [0-9]+)*}} CHECK-DAG: U{{( [0-9]+)*}}
CHECK-DAG: U{{( [0-9]+)*}} CHECK-DAG: U{{( [0-9]+)*}}
CHECK-DAG: C{{( [0-9]+)*}} CHECK-DAG: C{{( [0-9]+)*}}
CHECK-DAG: U{{( [0-9]+)*}} CHECK-DAG: U{{( [0-9]+)*}}

compiler-rt/test/fuzzer/fuzzer-alignment-assumption.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: rm -f %t-AlignmentAssumptionTest-Ubsan RUN: rm -f %t-AlignmentAssumptionTest-Ubsan
RUN: %cpp_compiler -fsanitize=alignment -fno-sanitize-recover=all %S/AlignmentAssumptionTest.cpp -o %t-AlignmentAssumptionTest-Ubsan RUN: %cpp_compiler -fsanitize=alignment -fno-sanitize-recover=all %S/AlignmentAssumptionTest.cpp -o %t-AlignmentAssumptionTest-Ubsan
RUN: not %run %t-AlignmentAssumptionTest-Ubsan 2>&1 | FileCheck %s RUN: not %run %t-AlignmentAssumptionTest-Ubsan 2>&1 | FileCheck %s
CHECK: AlignmentAssumptionTest.cpp:23:48: runtime error: assumption of 32768 byte alignment for pointer of type 'const {{.*}} *' (aka 'const unsigned char *') failed CHECK: AlignmentAssumptionTest.cpp:23:48: runtime error: assumption of 32768 byte alignment for pointer of type 'const {{.*}} *' (aka 'const unsigned char *') failed
CHECK: 0x{{.*}}: note: address is {{.*}} aligned, misalignment offset is {{.*}} byte CHECK: 0x{{.*}}: note: address is {{.*}} aligned, misalignment offset is {{.*}} byte
CHECK: Test unit written to ./crash- CHECK: Test unit written to ./crash-

compiler-rt/test/fuzzer/fuzzer-customcrossover-remote.test

  • This file was added.
REQUIRES: remote
RUN: %proxy_compiler %S/IPCProxyDefault.cpp %S/CustomCrossOverTest.cpp -o %t-Proxy
RUN: %cpp_compiler %S/CustomCrossOverTest.cpp -o %t-CustomCrossOverTest
RUN: not %no_proxy_run %t-CustomCrossOverTest -seed=1 -runs=1000000 2>&1 | FileCheck %S/fuzzer-customcrossover.test --check-prefix=CHECK_CO
# Disable cross_over, verify that we can't find the target w/o it.
RUN: %no_proxy_run %t-CustomCrossOverTest -seed=1 -runs=1000000 -cross_over=0 2>&1 | FileCheck %S/fuzzer-customcrossover.test --check-prefix=CHECK_NO_CO

compiler-rt/test/fuzzer/fuzzer-customcrossover.test

UNSUPPORTED: remote
RUN: %cpp_compiler %S/CustomCrossOverTest.cpp -o %t-CustomCrossOverTest RUN: %cpp_compiler %S/CustomCrossOverTest.cpp -o %t-CustomCrossOverTest
RUN: not %run %t-CustomCrossOverTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=CHECK_CO RUN: not %run %t-CustomCrossOverTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=CHECK_CO
Disable cross_over, verify that we can't find the target w/o it. Disable cross_over, verify that we can't find the target w/o it.
RUN: %run %t-CustomCrossOverTest -seed=1 -runs=1000000 -cross_over=0 2>&1 | FileCheck %s --check-prefix=CHECK_NO_CO RUN: %run %t-CustomCrossOverTest -seed=1 -runs=1000000 -cross_over=0 2>&1 | FileCheck %s --check-prefix=CHECK_NO_CO
CHECK_CO: In LLVMFuzzerCustomCrossover CHECK_CO: In LLVMFuzzerCustomCrossover
CHECK_CO: BINGO CHECK_CO: BINGO
CHECK_NO_CO-NO: LLVMFuzzerCustomCrossover CHECK_NO_CO-NO: LLVMFuzzerCustomCrossover
CHECK_NO_CO: DONE CHECK_NO_CO: DONE

compiler-rt/test/fuzzer/fuzzer-customcrossoverandmutate-remote.test

  • This file was added.
RUN: %proxy_compiler %S/IPCProxyDefault.cpp %S/CustomCrossOverAndMutateTest.cpp -o %t-Proxy
RUN: %cpp_compiler %S/CustomCrossOverAndMutateTest.cpp -o %t-CustomCrossOverAndMutateTest
RUN: %no_proxy_run %t-Proxy %t-CustomCrossOverAndMutateTest -seed=1 -runs=100000

compiler-rt/test/fuzzer/fuzzer-customcrossoverandmutate.test

UNSUPPORTED: remote
RUN: %cpp_compiler %S/CustomCrossOverAndMutateTest.cpp -o %t-CustomCrossOverAndMutateTest RUN: %cpp_compiler %S/CustomCrossOverAndMutateTest.cpp -o %t-CustomCrossOverAndMutateTest
RUN: %run %t-CustomCrossOverAndMutateTest -seed=1 -runs=100000 RUN: %run %t-CustomCrossOverAndMutateTest -seed=1 -runs=100000

compiler-rt/test/fuzzer/fuzzer-custommutator-remote.test

  • This file was added.
RUN: %proxy_compiler %S/IPCProxyDefault.cpp %S/CustomMutatorTest.cpp -o %t-Proxy
RUN: %cpp_compiler %S/CustomMutatorTest.cpp -o %t-CustomMutatorTest
RUN: not %no_proxy_run %t-CustomMutatorTest 2>&1 | \
FileCheck %S/fuzzer-custommutator.test --check-prefix=LLVMFuzzerCustomMutator
# len_control is disabled for custom mutators by default, test that it can be enabled.
RUN: not %no_proxy_run %t-CustomMutatorTest -len_control=1000 2>&1 | \
FileCheck %S/fuzzer-custommutator.test --check-prefix=LLVMFuzzerCustomMutatorWithLenControl
# sanity check: verify that we do get long lines with verbose printing on
RUN: %proxy_compiler %S/IPCProxyDefault.cpp %S/CustomMutatorWithLongSequencesTest.cpp -o %t-LongProxy
RUN: %cpp_compiler %S/CustomMutatorWithLongSequencesTest.cpp -o %t-CustomMutatorWithLongSequencesTest
RUN: not %no_proxy_run %t-LongProxy %t-CustomMutatorWithLongSequencesTest -verbosity=2 2>&1 | \
FileCheck %S/fuzzer-custommutator.test --check-prefix=LLVMFuzzerCustomMutatorLongSequence
# check a target that prints long mutation sequences and verifies the printed
# output is capped at 10 entries
RUN: not %no_proxy_run %t-CustomMutatorWithLongSequencesTest 2>&1 | \
FileCheck %S/fuzzer-custommutator.test --check-prefix=LLVMFuzzerCustomMutatorLongSequenceTrimmed

compiler-rt/test/fuzzer/fuzzer-custommutator.test

UNSUPPORTED: remote
RUN: %cpp_compiler %S/CustomMutatorTest.cpp -o %t-CustomMutatorTest RUN: %cpp_compiler %S/CustomMutatorTest.cpp -o %t-CustomMutatorTest
RUN: not %run %t-CustomMutatorTest 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomMutator RUN: not %run %t-CustomMutatorTest 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomMutator
LLVMFuzzerCustomMutator: INFO: found LLVMFuzzerCustomMutator LLVMFuzzerCustomMutator: INFO: found LLVMFuzzerCustomMutator
LLVMFuzzerCustomMutator: In LLVMFuzzerCustomMutator LLVMFuzzerCustomMutator: In LLVMFuzzerCustomMutator
LLVMFuzzerCustomMutator: {{.*}} lim: 4096 {{.*}} LLVMFuzzerCustomMutator: {{.*}} lim: 4096 {{.*}}
LLVMFuzzerCustomMutator: BINGO LLVMFuzzerCustomMutator: BINGO
# len_control is disabled for custom mutators by default, test that it can be enabled. # len_control is disabled for custom mutators by default, test that it can be enabled.
Show All 19 Lines

compiler-rt/test/fuzzer/fuzzer-flags.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/FlagsTest.cpp -o %t-FlagsTest RUN: %cpp_compiler %S/FlagsTest.cpp -o %t-FlagsTest
RUN: %run %t-FlagsTest -runs=10 -foo_bar=1 2>&1 | FileCheck %s --check-prefix=FOO_BAR RUN: %run %t-FlagsTest -runs=10 -foo_bar=1 2>&1 | FileCheck %s --check-prefix=FOO_BAR
FOO_BAR: WARNING: unrecognized flag '-foo_bar=1'; use -help=1 to list all flags FOO_BAR: WARNING: unrecognized flag '-foo_bar=1'; use -help=1 to list all flags
FOO_BAR: BINGO FOO_BAR: BINGO
RUN: %run %t-FlagsTest -runs=10 --max_len=100 2>&1 | FileCheck %s --check-prefix=DASH_DASH RUN: %run %t-FlagsTest -runs=10 --max_len=100 2>&1 | FileCheck %s --check-prefix=DASH_DASH
DASH_DASH: WARNING: did you mean '-max_len=100' (single dash)? DASH_DASH: WARNING: did you mean '-max_len=100' (single dash)?
DASH_DASH: INFO: A corpus is not provided, starting from an empty corpus DASH_DASH: INFO: A corpus is not provided, starting from an empty corpus
Show All 11 Lines

compiler-rt/test/fuzzer/fuzzer-implicit-integer-sign-change.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: rm -f %t-ImplicitIntegerSignChangeTest-Ubsan RUN: rm -f %t-ImplicitIntegerSignChangeTest-Ubsan
RUN: %cpp_compiler -fsanitize=implicit-integer-sign-change -fno-sanitize-recover=all %S/ImplicitIntegerSignChangeTest.cpp -o %t-ImplicitIntegerSignChangeTest-Ubsan RUN: %cpp_compiler -fsanitize=implicit-integer-sign-change -fno-sanitize-recover=all %S/ImplicitIntegerSignChangeTest.cpp -o %t-ImplicitIntegerSignChangeTest-Ubsan
RUN: not %run %t-ImplicitIntegerSignChangeTest-Ubsan 2>&1 | FileCheck %s RUN: not %run %t-ImplicitIntegerSignChangeTest-Ubsan 2>&1 | FileCheck %s
CHECK: ImplicitIntegerSignChangeTest.cpp:23:16: runtime error: implicit conversion from type 'int32_t' (aka 'int') of value -1 (32-bit, signed) to type 'uint32_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit, unsigned) CHECK: ImplicitIntegerSignChangeTest.cpp:23:16: runtime error: implicit conversion from type 'int32_t' (aka 'int') of value -1 (32-bit, signed) to type 'uint32_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit, unsigned)
CHECK: Test unit written to ./crash- CHECK: Test unit written to ./crash-

compiler-rt/test/fuzzer/fuzzer-implicit-signed-integer-truncation-or-sign-change.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: rm -f %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan RUN: rm -f %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan
RUN: %cpp_compiler -fsanitize=implicit-signed-integer-truncation,implicit-integer-sign-change -fno-sanitize-recover=all %S/ImplicitSignedIntegerTruncationOrSignChangeTest.cpp -o %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan RUN: %cpp_compiler -fsanitize=implicit-signed-integer-truncation,implicit-integer-sign-change -fno-sanitize-recover=all %S/ImplicitSignedIntegerTruncationOrSignChangeTest.cpp -o %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan
RUN: not %run %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan 2>&1 | FileCheck %s RUN: not %run %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan 2>&1 | FileCheck %s
CHECK: ImplicitSignedIntegerTruncationOrSignChangeTest.cpp:23:16: runtime error: implicit conversion from type 'uint32_t' (aka 'unsigned int') of value 4294967295 (32-bit, unsigned) to type 'int8_t' (aka 'signed char') changed the value to -1 (8-bit, signed) CHECK: ImplicitSignedIntegerTruncationOrSignChangeTest.cpp:23:16: runtime error: implicit conversion from type 'uint32_t' (aka 'unsigned int') of value 4294967295 (32-bit, unsigned) to type 'int8_t' (aka 'signed char') changed the value to -1 (8-bit, signed)
CHECK: Test unit written to ./crash- CHECK: Test unit written to ./crash-

compiler-rt/test/fuzzer/fuzzer-implicit-signed-integer-truncation.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: rm -f %t-ImplicitSignedIntegerTruncationTest-Ubsan RUN: rm -f %t-ImplicitSignedIntegerTruncationTest-Ubsan
RUN: %cpp_compiler -fsanitize=implicit-signed-integer-truncation -fno-sanitize-recover=all %S/ImplicitSignedIntegerTruncationTest.cpp -o %t-ImplicitSignedIntegerTruncationTest-Ubsan RUN: %cpp_compiler -fsanitize=implicit-signed-integer-truncation -fno-sanitize-recover=all %S/ImplicitSignedIntegerTruncationTest.cpp -o %t-ImplicitSignedIntegerTruncationTest-Ubsan
RUN: not %run %t-ImplicitSignedIntegerTruncationTest-Ubsan 2>&1 | FileCheck %s RUN: not %run %t-ImplicitSignedIntegerTruncationTest-Ubsan 2>&1 | FileCheck %s
CHECK: ImplicitSignedIntegerTruncationTest.cpp:23:17: runtime error: implicit conversion from type 'int' of value 256 (32-bit, signed) to type 'uint8_t' (aka 'unsigned char') changed the value to 0 (8-bit, unsigned) CHECK: ImplicitSignedIntegerTruncationTest.cpp:23:17: runtime error: implicit conversion from type 'int' of value 256 (32-bit, signed) to type 'uint8_t' (aka 'unsigned char') changed the value to 0 (8-bit, unsigned)
CHECK: Test unit written to ./crash- CHECK: Test unit written to ./crash-

compiler-rt/test/fuzzer/fuzzer-implicit-unsigned-integer-truncation.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: rm -f %t-ImplicitUnsignedIntegerTruncationTest-Ubsan RUN: rm -f %t-ImplicitUnsignedIntegerTruncationTest-Ubsan
RUN: %cpp_compiler -fsanitize=implicit-unsigned-integer-truncation -fno-sanitize-recover=all %S/ImplicitUnsignedIntegerTruncationTest.cpp -o %t-ImplicitUnsignedIntegerTruncationTest-Ubsan RUN: %cpp_compiler -fsanitize=implicit-unsigned-integer-truncation -fno-sanitize-recover=all %S/ImplicitUnsignedIntegerTruncationTest.cpp -o %t-ImplicitUnsignedIntegerTruncationTest-Ubsan
RUN: not %run %t-ImplicitUnsignedIntegerTruncationTest-Ubsan 2>&1 | FileCheck %s RUN: not %run %t-ImplicitUnsignedIntegerTruncationTest-Ubsan 2>&1 | FileCheck %s
CHECK: ImplicitUnsignedIntegerTruncationTest.cpp:23:17: runtime error: implicit conversion from type 'unsigned int' of value 256 (32-bit, unsigned) to type 'uint8_t' (aka 'unsigned char') changed the value to 0 (8-bit, unsigned) CHECK: ImplicitUnsignedIntegerTruncationTest.cpp:23:17: runtime error: implicit conversion from type 'unsigned int' of value 256 (32-bit, unsigned) to type 'uint8_t' (aka 'unsigned char') changed the value to 0 (8-bit, unsigned)
CHECK: Test unit written to ./crash- CHECK: Test unit written to ./crash-

compiler-rt/test/fuzzer/fuzzer-leak-remote.test

  • This file was added.
REQUIRES: lsan
REQUIRES: remote
RUN: %proxy_compiler -fsanitize=address %S/IPCProxyDefault.cpp -o %t-Proxy
RUN: %cpp_compiler %S/LeakTest.cpp -o %t-LeakTest
RUN: %cpp_compiler %S/ThreadedLeakTest.cpp -o %t-ThreadedLeakTest
RUN: %cpp_compiler %S/LeakTimeoutTest.cpp -o %t-LeakTimeoutTest
RUN: rm -rf %t-corpus && mkdir -p %t-corpus
RUN: not %no_proxy_run %t-Proxy %t-LeakTest -runs=100000 -detect_leaks=1 %t-corpus 2>&1 | \
FileCheck %S/fuzzer-leak.test --check-prefix=LEAK_DURING
RUN: %no_proxy_run %t-Proxy %t-LeakTest -runs=0 %t-corpus
RUN: not %no_proxy_run %t-Proxy %t-LeakTest -runs=0 -detect_leaks=1 %S 2>&1 | \
FileCheck %S/fuzzer-leak.test --check-prefix=LEAK_IN_CORPUS
RUN: not %no_proxy_run %t-Proxy %t-LeakTest -runs=100000000 %S/hi.txt 2>&1 | \
FileCheck %S/fuzzer-leak.test --check-prefix=MULTI_RUN_LEAK
RUN: not %no_proxy_run %t-Proxy %t-LeakTest -runs=100000 -detect_leaks=0 2>&1 | \
FileCheck %S/fuzzer-leak.test --check-prefix=LEAK_AFTER
RUN: not %no_proxy_run %t-Proxy %t-LeakTest -runs=100000 2>&1 | \
FileCheck %S/fuzzer-leak.test --check-prefix=LEAK_DURING
RUN: not %no_proxy_run %t-Proxy %t-ThreadedLeakTest -runs=100000 -detect_leaks=0 2>&1 | \
FileCheck %S/fuzzer-leak.test --check-prefix=LEAK_AFTER
RUN: not %no_proxy_run %t-Proxy %t-ThreadedLeakTest -runs=100000 2>&1 | \
FileCheck %S/fuzzer-leak.test --check-prefix=LEAK_DURING
RUN: not %no_proxy_run %t-Proxy %t-LeakTest -runs=100000 -max_len=1 2>&1 | \
FileCheck %S/fuzzer-leak.test --check-prefix=MAX_LEN_1
RUN: not %no_proxy_run %t-Proxy %t-LeakTimeoutTest -timeout=1 2>&1 | \
FileCheck %S/fuzzer-leak.test --check-prefix=LEAK_TIMEOUT
RUN: %no_proxy_run %t-Proxy %t-LeakTest -error_exitcode=0

compiler-rt/test/fuzzer/fuzzer-leak.test

REQUIRES: lsan REQUIRES: lsan
UNSUPPORTED: remote
RUN: %cpp_compiler %S/LeakTest.cpp -o %t-LeakTest RUN: %cpp_compiler %S/LeakTest.cpp -o %t-LeakTest
RUN: %cpp_compiler %S/ThreadedLeakTest.cpp -o %t-ThreadedLeakTest RUN: %cpp_compiler %S/ThreadedLeakTest.cpp -o %t-ThreadedLeakTest
RUN: %cpp_compiler %S/LeakTimeoutTest.cpp -o %t-LeakTimeoutTest RUN: %cpp_compiler %S/LeakTimeoutTest.cpp -o %t-LeakTimeoutTest
RUN: rm -rf %t-corpus && mkdir -p %t-corpus RUN: rm -rf %t-corpus && mkdir -p %t-corpus
RUN: not %run %t-LeakTest -runs=100000 -detect_leaks=1 %t-corpus 2>&1 | FileCheck %s --check-prefix=LEAK_DURING RUN: not %run %t-LeakTest -runs=100000 -detect_leaks=1 %t-corpus 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
LEAK_DURING: ERROR: LeakSanitizer: detected memory leaks LEAK_DURING: ERROR: LeakSanitizer: detected memory leaks
Show All 33 Lines

compiler-rt/test/fuzzer/fuzzer-oom.test

UNSUPPORTED: aarch64, ios UNSUPPORTED: aarch64, ios
# Tests break on windows unless exe extension is used (because there are periods # Tests break on windows unless exe extension is used (because there are periods
# in expansion of %t, the string after the period is interpreted as the file # in expansion of %t, the string after the period is interpreted as the file
# extension, so each compilation will clobber the previous one's lib and exp # extension, so each compilation will clobber the previous one's lib and exp
# files causing symbolization to break). # files causing symbolization to break).
RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-OutOfMemoryTest.exe RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-OutOfMemoryTest.exe
RUN: %cpp_compiler %S/OutOfMemorySingleLargeMallocTest.cpp -o %t-OutOfMemorySingleLargeMallocTest.exe RUN: %cpp_compiler %S/OutOfMemorySingleLargeMallocTest.cpp -o %t-OutOfMemorySingleLargeMallocTest.exe
RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-AccumulateAllocationsTest.exe RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-AccumulateAllocationsTest.exe
Show All 18 Lines

compiler-rt/test/fuzzer/fuzzer-printcovpcs.test

UNSUPPORTED: aarch64 UNSUPPORTED: aarch64
RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
RUN: not %run %t-SimpleTest -print_pcs=1 -seed=1 2>&1 | FileCheck %s --check-prefix=PCS RUN: not %run %t-SimpleTest -print_pcs=1 -seed=1 2>&1 | FileCheck %s --check-prefix=PCS
PCS-NOT: NEW_PC PCS-NOT: NEW_PC
PCS:INITED PCS:INITED
PCS:NEW_PC: {{0x[a-f0-9]+}} PCS:NEW_PC: {{0x[a-f0-9]+}}
PCS:NEW_PC: {{0x[a-f0-9]+}} PCS:NEW_PC: {{0x[a-f0-9]+}}
PCS:NEW PCS:NEW
PCS:BINGO PCS:BINGO

compiler-rt/test/fuzzer/fuzzer-singleinputs.test

RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
RUN: not %run %t-NullDerefTest %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInput RUN: not %run %t-NullDerefTest %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInput
SingleInput-NOT: Test unit written to ./crash- SingleInput-NOT: Test unit written to ./crash-
RUN: rm -rf %tmp/SINGLE_INPUTS RUN: rm -rf %S/SINGLE_INPUTS
RUN: mkdir -p %tmp/SINGLE_INPUTS RUN: mkdir -p %S/SINGLE_INPUTS
RUN: echo aaa > %tmp/SINGLE_INPUTS/aaa RUN: echo aaa > %S/SINGLE_INPUTS/aaa
RUN: echo bbb > %tmp/SINGLE_INPUTS/bbb RUN: echo bbb > %S/SINGLE_INPUTS/bbb
RUN: %run %t-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS RUN: %run %t-SimpleTest %S/SINGLE_INPUTS/aaa %S/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
RUN: %run %t-SimpleTest -max_len=2 %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS RUN: %run %t-SimpleTest -max_len=2 %S/SINGLE_INPUTS/aaa %S/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
RUN: rm -rf %tmp/SINGLE_INPUTS RUN: rm -rf %S/SINGLE_INPUTS
SINGLE_INPUTS: SimpleTest{{.*}}: Running 2 inputs 1 time(s) each. SINGLE_INPUTS: Running 2 inputs 1 time(s) each.
SINGLE_INPUTS: aaa in SINGLE_INPUTS: aaa in
SINGLE_INPUTS: bbb in SINGLE_INPUTS: bbb in
SINGLE_INPUTS: NOTE: fuzzing was not performed, you have only SINGLE_INPUTS: NOTE: fuzzing was not performed, you have only
SINGLE_INPUTS: executed the target code on a fixed set of inputs. SINGLE_INPUTS: executed the target code on a fixed set of inputs.

compiler-rt/test/fuzzer/fuzzer-ubsan.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: %cpp_compiler -fsanitize=undefined -fno-sanitize-recover=all %S/SignedIntOverflowTest.cpp -o %t-SignedIntOverflowTest-Ubsan RUN: %cpp_compiler -fsanitize=undefined -fno-sanitize-recover=all %S/SignedIntOverflowTest.cpp -o %t-SignedIntOverflowTest-Ubsan
RUN: not %run %t-SignedIntOverflowTest-Ubsan 2>&1 | FileCheck %s RUN: not %run %t-SignedIntOverflowTest-Ubsan 2>&1 | FileCheck %s
CHECK: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' CHECK: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
CHECK: Test unit written to ./crash- CHECK: Test unit written to ./crash-

compiler-rt/test/fuzzer/initialize.test

UNSUPPORTED: remote
CHECK: BINGO CHECK: BINGO
RUN: %cpp_compiler %S/InitializeTest.cpp -o %t-InitializeTest RUN: %cpp_compiler %S/InitializeTest.cpp -o %t-InitializeTest
RUN: not %run %t-InitializeTest -use_value_profile=1 2>&1 | FileCheck %s RUN: not %run %t-InitializeTest -use_value_profile=1 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/keep-seed.test

# FIXME: Investigate why this fails for remote fuzzers. Too slow?
UNSUPPORTED: remote
REQUIRES: linux, x86_64 REQUIRES: linux, x86_64
RUN: %cpp_compiler %S/KeepSeedTest.cpp -o %t-KeepSeedTest RUN: %cpp_compiler %S/KeepSeedTest.cpp -o %t-KeepSeedTest
RUN: rm -rf %t-corpus RUN: rm -rf %t-corpus
RUN: mkdir %t-corpus RUN: mkdir %t-corpus
RUN: echo -n SELECTxFROMxWHERE > %t-corpus/valid-fragments RUN: echo -n SELECTxFROMxWHERE > %t-corpus/valid-fragments
RUN: not %run %t-KeepSeedTest -keep_seed=1 -seed=1 -runs=3000000 %t-corpus 2>&1 | FileCheck %s RUN: not %run %t-KeepSeedTest -keep_seed=1 -seed=1 -runs=3000000 %t-corpus 2>&1 | FileCheck %s
Show All 9 Lines

compiler-rt/test/fuzzer/large.test

UNSUPPORTED: expensive_checks REQUIRES: expensive_checks
# TODO: haven't tested yet (expensive)
UNSUPPORTED: remote
RUN: %cpp_compiler %S/LargeTest.cpp -o %t-LargeTest RUN: %cpp_compiler %S/LargeTest.cpp -o %t-LargeTest
RUN: %run %t-LargeTest -runs=10000 RUN: %run %t-LargeTest -runs=10000
CHECK: pages of counters where protected; libFuzzer's SEGV handler must be installed CHECK: pages of counters where protected; libFuzzer's SEGV handler must be installed

compiler-rt/test/fuzzer/lit.cfg.py

import lit.formats import lit.formats
import sys import sys
import os import os
config.name = "libFuzzer" + config.name_suffix config.name = "libFuzzer" + config.name_suffix
config.test_format = lit.formats.ShTest(True) config.test_format = lit.formats.ShTest(True)
config.suffixes = ['.test']
config.test_source_root = os.path.dirname(__file__) config.test_source_root = os.path.dirname(__file__)
config.available_features.add(config.target_arch) config.available_features.add(config.target_arch)
if config.use_remote:
config.suffixes = ['.remote_test']
else:
config.suffixes = ['.test']
# Comment out this line to disable expensive checks when debugging.
# config.available_features.add('expensive_checks')
# Choose between lit's internal shell pipeline runner and a real shell. If # Choose between lit's internal shell pipeline runner and a real shell. If
# LIT_USE_INTERNAL_SHELL is in the environment, we use that as an override. # LIT_USE_INTERNAL_SHELL is in the environment, we use that as an override.
use_lit_shell = os.environ.get("LIT_USE_INTERNAL_SHELL") use_lit_shell = os.environ.get("LIT_USE_INTERNAL_SHELL")
if use_lit_shell: if use_lit_shell:
# 0 is external, "" is default, and everything else is internal. # 0 is external, "" is default, and everything else is internal.
execute_external = (use_lit_shell == "0") execute_external = (use_lit_shell == "0")
else: else:
# Otherwise we default to internal on Windows and external elsewhere, as # Otherwise we default to internal on Windows and external elsewhere, as
# bash on Windows is usually very slow. # bash on Windows is usually very slow.
execute_external = (not sys.platform in ['win32']) execute_external = (not sys.platform in ['win32'])
# testFormat: The test format to use to interpret tests. # testFormat: The test format to use to interpret tests.
# #
# For now we require '&&' between commands, until they get globally killed and # For now we require '&&' between commands, until they get globally killed and
# the test runner updated. # the test runner updated.
config.test_format = lit.formats.ShTest(execute_external) config.test_format = lit.formats.ShTest(execute_external)
# Note the value of ``sys.platform`` is not consistent
# between python 2 and 3, hence the use of ``.startswith()``.
if sys.platform.startswith('win') or sys.platform.startswith('cygwin'):
config.available_features.add('windows')
if sys.platform.startswith('darwin'):
config.available_features.add('darwin')
if sys.platform.startswith('linux'):
config.available_features.add('linux')
# LeakSanitizer is not supported on OSX or Windows right now. # LeakSanitizer is not supported on OSX or Windows right now.
if (sys.platform.startswith('darwin') or if (sys.platform.startswith('darwin') or
sys.platform.startswith('freebsd') or sys.platform.startswith('freebsd') or
sys.platform.startswith('win')): sys.platform.startswith('win')):
lit_config.note('lsan feature unavailable') lit_config.note('lsan feature unavailable')
else: else:
lit_config.note('lsan feature available') lit_config.note('lsan feature available')
config.available_features.add('lsan') config.available_features.add('lsan')
# MemorySanitizer is not supported on OSX or Windows right now # MemorySanitizer is not supported on OSX or Windows right now.
if (sys.platform.startswith('darwin') or sys.platform.startswith('win') or if (sys.platform.startswith('darwin') or sys.platform.startswith('win') or
config.target_arch == 'i386'): config.target_arch == 'i386'):
lit_config.note('msan feature unavailable') lit_config.note('msan feature unavailable')
assert 'msan' not in config.available_features assert 'msan' not in config.available_features
else: else:
lit_config.note('msan feature available') lit_config.note('msan feature available')
config.available_features.add('msan') config.available_features.add('msan')
if sys.platform.startswith('win') or sys.platform.startswith('cygwin'): # Remote tests are only supported on Linux right now.
config.available_features.add('windows') if config.use_remote:
lit_config.note('remote feature requested')
if sys.platform.startswith('darwin'):
config.available_features.add('darwin')
if sys.platform.startswith('linux'): if sys.platform.startswith('linux'):
# Note the value of ``sys.platform`` is not consistent lit_config.note('remote feature available')
# between python 2 and 3, hence the use of ``.startswith()``. config.available_features.add('remote')
lit_config.note('linux feature available')
config.available_features.add('linux')
else: else:
lit_config.note('linux feature unavailable') lit_config.note('remote feature unavailable')
config.unsupported = True
libfuzzer_src_root = os.path.join(config.compiler_rt_src_root, 'lib', 'fuzzer')
config.substitutions.append(('%build_dir', config.cmake_binary_dir)) config.substitutions.append(('%build_dir', config.cmake_binary_dir))
libfuzzer_src_root = os.path.join(config.compiler_rt_src_root, "lib", "fuzzer")
config.substitutions.append(('%libfuzzer_src', libfuzzer_src_root)) config.substitutions.append(('%libfuzzer_src', libfuzzer_src_root))
def generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True, msan_enabled=False): def generate_compiler_cmd(sanitizers=None, is_cpp=True, remote_mode='Remote'):
compiler_cmd = config.clang compiler_cmd = [ config.clang ]
extra_cmd = config.target_flags
if is_cpp: if is_cpp:
std_cmd = '--driver-mode=g++' compiler_cmd.append('--driver-mode=g++')
else: compiler_cmd.append('-O2')
std_cmd = '' compiler_cmd.append('-gline-tables-only')
compiler_cmd.append('-I%s' % libfuzzer_src_root)
if config.use_remote and remote_mode and 'fuzzer' in sanitizers:
compiler_cmd.append('-fsanitize-coverage=inline-8bit-counters,pc-table')
sanitizers = [ s for s in sanitizers if s != 'fuzzer' ]
if sanitizers:
compiler_cmd.append('-fsanitize=%s' % ','.join(sanitizers))
if config.use_remote and remote_mode:
compiler_cmd.append('-L%s' %
os.path.join(config.compiler_rt_obj_root, 'lib', 'fuzzer', 'ipc'))
compiler_cmd.append('-Wl,--whole-archive')
compiler_cmd.append('-lRTFuzzerIPC%s-%s' % (remote_mode, config.target_arch))
compiler_cmd.append('-Wl,--no-whole-archive')
compiler_cmd.append('-lpthread')
compiler_cmd.append('-DFUZZER_IPC_%s' % remote_mode.upper())
compiler_cmd.append('%%S/IPC%s.cpp' % remote_mode)
if msan_enabled: return ' '.join(compiler_cmd)
sanitizers = ['memory']
else:
sanitizers = ['address']
if fuzzer_enabled:
sanitizers.append('fuzzer')
sanitizers_cmd = ('-fsanitize=%s' % ','.join(sanitizers))
return " ".join([
compiler_cmd,
std_cmd,
"-O2 -gline-tables-only",
sanitizers_cmd,
"-I%s" % libfuzzer_src_root,
extra_cmd
])
config.substitutions.append(('%cpp_compiler', config.substitutions.append(('%cpp_compiler',
generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True) generate_compiler_cmd(sanitizers=['address', 'fuzzer'])
)) ))
config.substitutions.append(('%c_compiler', config.substitutions.append(('%c_compiler',
generate_compiler_cmd(is_cpp=False, fuzzer_enabled=True) generate_compiler_cmd(sanitizers=['address', 'fuzzer'], is_cpp=False)
)) ))
config.substitutions.append(('%no_fuzzer_cpp_compiler', config.substitutions.append(('%no_fuzzer_cpp_compiler',
generate_compiler_cmd(is_cpp=True, fuzzer_enabled=False) generate_compiler_cmd(sanitizers=['address'], remote_mode=None)
)) ))
config.substitutions.append(('%no_fuzzer_c_compiler', config.substitutions.append(('%no_fuzzer_c_compiler',
generate_compiler_cmd(is_cpp=False, fuzzer_enabled=False) generate_compiler_cmd(sanitizers=['address'], is_cpp=False, remote_mode=None)
)) ))
config.substitutions.append(('%msan_compiler', config.substitutions.append(('%msan_compiler',
generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True, msan_enabled=True) generate_compiler_cmd(sanitizers=['memory', 'fuzzer'])
))
config.substitutions.append(('%no_remote_cpp_compiler',
generate_compiler_cmd(sanitizers=['address', 'fuzzer'], remote_mode=None)
))
config.substitutions.append(('%no_remote_c_compiler',
generate_compiler_cmd(sanitizers=['address', 'fuzzer'], is_cpp=False, remote_mode=None)
))
# Remote fuzzer tests can either use the prebuilt default fuzzer proxy, e.g.:
# RUN: %copy_default_proxy
# or build their own, e.g.:
# RUN: %proxy_compiler %S/MyProxy.cpp -o %fuzzer_proxy
# When NOT testing remote fuzzers, these subsitutions are no-ops.
config.substitutions.append(('%fuzzer_proxy', '%t.FuzzerProxy'))
if config.use_remote:
config.substitutions.append(('%copy_default_proxy',
'cp %s %%fuzzer_proxy' %
os.path.join(config.compiler_rt_obj_root,
'test', 'fuzzer', 'FuzzerProxy-%s' % config.target_arch)))
config.substitutions.append(('%proxy_compiler',
generate_compiler_cmd(sanitizers=['fuzzer'], remote_mode='Proxy')
)) ))
else:
config.substitutions.append(('%copy_default_proxy', 'true'))
config.substitutions.append(('%proxy_compiler', 'true'))
default_asan_opts_str = ':'.join(config.default_sanitizer_opts) default_asan_opts_str = ':'.join(config.default_sanitizer_opts)
if default_asan_opts_str: if default_asan_opts_str:
config.environment['ASAN_OPTIONS'] = default_asan_opts_str config.environment['ASAN_OPTIONS'] = default_asan_opts_str
default_asan_opts_str += ':' default_asan_opts_str += ':'
config.substitutions.append(('%env_asan_opts=', config.substitutions.append(('%env_asan_opts=',
'env ASAN_OPTIONS=' + default_asan_opts_str)) 'env ASAN_OPTIONS=' + default_asan_opts_str))
if not config.parallelism_group: if not config.parallelism_group:
config.parallelism_group = 'shadow-memory' config.parallelism_group = 'shadow-memory'
run_prefixes = []
if config.use_remote:
run_prefixes.append('%fuzzer_proxy')
if config.host_os == 'NetBSD': if config.host_os == 'NetBSD':
config.substitutions.insert(0, ('%run', config.netbsd_noaslr_prefix)) run_prefixes.append(config.netbsd_noaslr_prefix)
config.substitutions.insert(0, ('%run', ' '.join(run_prefixes)))

compiler-rt/test/fuzzer/lit.site.cfg.py.in

@LIT_SITE_CFG_IN_HEADER@ @LIT_SITE_CFG_IN_HEADER@
config.cpp_compiler = "@LIBFUZZER_TEST_COMPILER@" config.cpp_compiler = "@LIBFUZZER_TEST_COMPILER@"
config.target_flags = "@LIBFUZZER_TEST_FLAGS@" config.target_flags = "@LIBFUZZER_TEST_FLAGS@"
config.c_compiler = "@LIBFUZZER_TEST_COMPILER@" config.c_compiler = "@LIBFUZZER_TEST_COMPILER@"
config.stdlib = "@LIBFUZZER_TEST_STDLIB@" config.stdlib = "@LIBFUZZER_TEST_STDLIB@"
config.apple_platform = "@LIBFUZZER_TEST_APPLE_PLATFORM@" config.apple_platform = "@LIBFUZZER_TEST_APPLE_PLATFORM@"
config.apple_platform_min_deployment_target_flag = "@LIBFUZZER_TEST_MIN_DEPLOYMENT_TARGET_FLAG@" config.apple_platform_min_deployment_target_flag = "@LIBFUZZER_TEST_MIN_DEPLOYMENT_TARGET_FLAG@"
config.name_suffix = "@LIBFUZZER_TEST_CONFIG_SUFFIX@" config.name_suffix = "@LIBFUZZER_TEST_CONFIG_SUFFIX@"
config.osx_sysroot_flag = "@OSX_SYSROOT_FLAG@" config.osx_sysroot_flag = "@OSX_SYSROOT_FLAG@"
config.cmake_binary_dir = "@CMAKE_BINARY_DIR@" config.cmake_binary_dir = "@CMAKE_BINARY_DIR@"
config.llvm_library_dir = "@LLVM_LIBRARY_DIR@" config.llvm_library_dir = "@LLVM_LIBRARY_DIR@"
config.target_triple = "@TARGET_TRIPLE@" config.target_triple = "@TARGET_TRIPLE@"
config.target_arch = "@LIBFUZZER_TEST_TARGET_ARCH@" config.target_arch = "@LIBFUZZER_TEST_TARGET_ARCH@"
config.use_remote = @LIBFUZZER_TEST_USE_REMOTE@
config.libcxx_prefix = "@LIBFUZZER_TEST_LIBCXX_PREFIX@"
# Load common config for all compiler-rt lit tests. # Load common config for all compiler-rt lit tests.
lit_config.load_config(config, lit_config.load_config(config,
"@COMPILER_RT_BINARY_DIR@/test/lit.common.configured") "@COMPILER_RT_BINARY_DIR@/test/lit.common.configured")
if config.enable_per_target_runtime_dir: if config.enable_per_target_runtime_dir:
config.runtime_library_dir = config.compiler_rt_libdir config.runtime_library_dir = config.compiler_rt_libdir
else: else:
config.runtime_library_dir = "@LLVM_LIBRARY_DIR@" config.runtime_library_dir = "@LLVM_LIBRARY_DIR@"
lit_config.load_config(config, "@CMAKE_CURRENT_SOURCE_DIR@/lit.cfg.py") lit_config.load_config(config, "@CMAKE_CURRENT_SOURCE_DIR@/lit.cfg.py")

compiler-rt/test/fuzzer/magic-separator.test

# FIXME: Investigate why this fails for remote fuzzers. Too slow?
UNSUPPORTED: remote
# Temporary disable this test on non-linux: looks like there is no memmem on windows. # Temporary disable this test on non-linux: looks like there is no memmem on windows.
REQUIRES: linux, x86_64 REQUIRES: linux, x86_64
RUN: %cpp_compiler -O2 %S/MagicSeparatorTest.cpp -o %t-MagicSeparatorTest RUN: %cpp_compiler -O2 %S/MagicSeparatorTest.cpp -o %t-MagicSeparatorTest
RUN: not %run %t-MagicSeparatorTest -use_value_profile=1 -seed=1 -runs=100000000 -max_len=10 RUN: not %run %t-MagicSeparatorTest -use_value_profile=1 -seed=1 -runs=100000000 -max_len=10

compiler-rt/test/fuzzer/memcmp.test

UNSUPPORTED: freebsd UNSUPPORTED: freebsd
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
RUN: not %run %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/memcmp64.test

UNSUPPORTED: freebsd UNSUPPORTED: freebsd
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
RUN: not %run %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s RUN: not %run %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/merge-control-file.test

# FIXME: Investigate why this fails for remote fuzzers
UNSUPPORTED: remote
XFAIL: ios XFAIL: ios
RUN: mkdir -p %t RUN: mkdir -p %t
# Use a ".exe" extension because it is needed on Windows to call system() # Use a ".exe" extension because it is needed on Windows to call system()
# to execute itself again. # to execute itself again.
RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t/T.exe RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t/T.exe
RUN: rm -rf %t/T0 %t/T1 %t/T2 RUN: rm -rf %t/T0 %t/T1 %t/T2
RUN: mkdir -p %t/T0 %t/T1 %t/T2 RUN: mkdir -p %t/T0 %t/T1 %t/T2
RUN: echo F..... > %t/T0/1 RUN: echo F..... > %t/T0/1
RUN: echo .U.... > %t/T0/2 RUN: echo .U.... > %t/T0/2
▲ Show 20 LinesShow All 41 LinesShow Last 20 Lines

compiler-rt/test/fuzzer/merge-sigusr.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
# Check that libFuzzer honors SIGUSR1/SIGUSR2 # Check that libFuzzer honors SIGUSR1/SIGUSR2
# FIXME: Disabled on Windows for now because of reliance on posix only features # FIXME: Disabled on Windows for now because of reliance on posix only features
# (eg: export, "&", pkill). # (eg: export, "&", pkill).
UNSUPPORTED: darwin, windows UNSUPPORTED: darwin, windows
RUN: rm -rf %t RUN: rm -rf %t
RUN: mkdir -p %t RUN: mkdir -p %t
RUN: %cpp_compiler %S/SleepOneSecondTest.cpp -o %t/LFSIGUSR RUN: %cpp_compiler %S/SleepOneSecondTest.cpp -o %t/LFSIGUSR
RUN: mkdir -p %t/C1 %t/C2 RUN: mkdir -p %t/C1 %t/C2
RUN: echo a > %t/C2/a RUN: echo a > %t/C2/a
RUN: echo b > %t/C2/b RUN: echo b > %t/C2/b
RUN: echo c > %t/C2/c RUN: echo c > %t/C2/c
Show All 27 Lines

compiler-rt/test/fuzzer/merge.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest
RUN: rm -rf %t/T0 %t/T1 %t/T2 RUN: rm -rf %t/T0 %t/T1 %t/T2
RUN: mkdir -p %t/T0 %t/T1 %t/T2 RUN: mkdir -p %t/T0 %t/T1 %t/T2
RUN: echo F..... > %t/T0/1 RUN: echo F..... > %t/T0/1
RUN: echo .U.... > %t/T0/2 RUN: echo .U.... > %t/T0/2
RUN: echo ..Z... > %t/T0/3 RUN: echo ..Z... > %t/T0/3
▲ Show 20 LinesShow All 57 LinesShow Last 20 Lines

compiler-rt/test/fuzzer/merge_two_step.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest
RUN: rm -rf %t/T0 %t/T1 %t/T2 RUN: rm -rf %t/T0 %t/T1 %t/T2
RUN: mkdir -p %t/T0 %t/T1 %t/T2 RUN: mkdir -p %t/T0 %t/T1 %t/T2
RUN: echo F..... > %t/T1/1 RUN: echo F..... > %t/T1/1
RUN: echo .U.... > %t/T1/2 RUN: echo .U.... > %t/T1/2
RUN: echo ..Z... > %t/T1/3 RUN: echo ..Z... > %t/T1/3
Show All 23 Lines

compiler-rt/test/fuzzer/minimize_crash.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
RUN: %cpp_compiler %S/SingleByteInputTest.cpp -o %t-SingleByteInputTest RUN: %cpp_compiler %S/SingleByteInputTest.cpp -o %t-SingleByteInputTest
RUN: mkdir -p %t.dir RUN: mkdir -p %t.dir
RUN: echo 'Hi!rv349f34t3gg' > %t.dir/not_minimal_crash RUN: echo 'Hi!rv349f34t3gg' > %t.dir/not_minimal_crash
RUN: %run %t-NullDerefTest -minimize_crash=1 %t.dir/not_minimal_crash -max_total_time=2 2>&1 | FileCheck %s RUN: %run %t-NullDerefTest -minimize_crash=1 %t.dir/not_minimal_crash -max_total_time=2 2>&1 | FileCheck %s
CHECK: CRASH_MIN: failed to minimize beyond {{.*}}minimized-from{{.*}} (3 bytes), exiting CHECK: CRASH_MIN: failed to minimize beyond {{.*}}minimized-from{{.*}} (3 bytes), exiting
RUN: %run %t-NullDerefTest -minimize_crash=1 %t.dir/not_minimal_crash -max_total_time=2 -exact_artifact_path=%t.exact_minimized_path 2>&1 | FileCheck %s --check-prefix=CHECK_EXACT RUN: %run %t-NullDerefTest -minimize_crash=1 %t.dir/not_minimal_crash -max_total_time=2 -exact_artifact_path=%t.exact_minimized_path 2>&1 | FileCheck %s --check-prefix=CHECK_EXACT
Show All 9 Lines

compiler-rt/test/fuzzer/minimize_timeout.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/TimeoutTest.cpp -o %t-TimeoutTest RUN: %cpp_compiler %S/TimeoutTest.cpp -o %t-TimeoutTest
RUN: mkdir -p %t.dir RUN: mkdir -p %t.dir
RUN: echo 'Hi!?' > %t.dir/not_minimal_timeout RUN: echo 'Hi!?' > %t.dir/not_minimal_timeout
RUN: %run %t-TimeoutTest -minimize_crash=1 %t.dir/not_minimal_timeout -timeout=1 -max_total_time=3 2>&1 | FileCheck %s RUN: %run %t-TimeoutTest -minimize_crash=1 %t.dir/not_minimal_timeout -timeout=1 -max_total_time=3 2>&1 | FileCheck %s
CHECK: CRASH_MIN: failed to minimize beyond {{.*}}minimized-from{{.*}} (3 bytes), exiting CHECK: CRASH_MIN: failed to minimize beyond {{.*}}minimized-from{{.*}} (3 bytes), exiting

compiler-rt/test/fuzzer/minimize_two_crashes.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
# Test that the minimizer stops when it sees a different bug. # Test that the minimizer stops when it sees a different bug.
UNSUPPORTED: freebsd UNSUPPORTED: freebsd
# TODO: Find out why test fails on Darwin with -O2. # TODO: Find out why test fails on Darwin with -O2.
RUN: %cpp_compiler -O0 %S/TwoDifferentBugsTest.cpp -o %t-TwoDifferentBugsTest RUN: %cpp_compiler -O0 %S/TwoDifferentBugsTest.cpp -o %t-TwoDifferentBugsTest
RUN: rm -rf %t && mkdir %t RUN: rm -rf %t && mkdir %t
RUN: echo H12345678901234667888090 > %t/long_crash RUN: echo H12345678901234667888090 > %t/long_crash
Show All 12 Lines

compiler-rt/test/fuzzer/msan-param-unpoison.test

REQUIRES: msan REQUIRES: msan
# FIXME: msan triggers false-positives with the TestProxy as written.
UNSUPPORTED: remote
RUN: %msan_compiler %S/MsanParamUnpoison.cpp -o %t RUN: %msan_compiler %S/MsanParamUnpoison.cpp -o %t
RUN: %run %t -seed=1 -runs=1000 2>&1 | FileCheck %s RUN: %run %t -seed=1 -runs=1000 2>&1 | FileCheck %s
CHECK-NOT: MemorySanitizer: use-of-uninitialized-value CHECK-NOT: MemorySanitizer: use-of-uninitialized-value

compiler-rt/test/fuzzer/msan.test

REQUIRES: msan REQUIRES: msan
# FIXME: msan triggers false-positives with the TestProxy as written.
UNSUPPORTED: remote
RUN: %msan_compiler %S/SimpleTestStdio.cpp -o %t RUN: %msan_compiler %S/SimpleTestStdio.cpp -o %t
RUN: not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s --check-prefix=NO-REPORT RUN: not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s --check-prefix=NO-REPORT
RUN: %msan_compiler %S/SimpleCmpTest.cpp -o %t RUN: %msan_compiler %S/SimpleCmpTest.cpp -o %t
RUN: not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s --check-prefix=NO-REPORT RUN: not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s --check-prefix=NO-REPORT
RUN: %msan_compiler %S/MemcmpTest.cpp -o %t RUN: %msan_compiler %S/MemcmpTest.cpp -o %t
RUN: not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s --check-prefix=NO-REPORT RUN: not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s --check-prefix=NO-REPORT
Show All 15 Lines

compiler-rt/test/fuzzer/noasan-bcmp.test

UNSUPPORTED: darwin, freebsd, windows UNSUPPORTED: darwin, freebsd, windows
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler -fno-sanitize=address -DMEMCMP=bcmp %S/MemcmpTest.cpp -o %t RUN: %cpp_compiler -fno-sanitize=address -DMEMCMP=bcmp %S/MemcmpTest.cpp -o %t
RUN: not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/noasan-memcmp.test

UNSUPPORTED: darwin, freebsd, windows UNSUPPORTED: darwin, freebsd, windows
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler -fno-sanitize=address %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest RUN: %cpp_compiler -fno-sanitize=address %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
RUN: not %run %t-NoAsanMemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-NoAsanMemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc %S/CustomAllocator.cpp %S/MemcmpTest.cpp -o %t-NoAsanCustomAllocatorMemcmpTest RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc %S/CustomAllocator.cpp %S/MemcmpTest.cpp -o %t-NoAsanCustomAllocatorMemcmpTest
RUN: not %run %t-NoAsanCustomAllocatorMemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-NoAsanCustomAllocatorMemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/noasan-memcmp64.test

UNSUPPORTED: darwin, freebsd, windows UNSUPPORTED: darwin, freebsd, windows
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler -fno-sanitize=address %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest RUN: %cpp_compiler -fno-sanitize=address %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
RUN: not %run %t-NoAsanMemcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s RUN: not %run %t-NoAsanMemcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/noasan-strcmp.test

UNSUPPORTED: darwin, freebsd, windows UNSUPPORTED: darwin, freebsd, windows
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler -fno-sanitize=address %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest RUN: %cpp_compiler -fno-sanitize=address %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
RUN: not %run %t-NoAsanStrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s RUN: not %run %t-NoAsanStrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc %S/CustomAllocator.cpp %S/StrcmpTest.cpp -o %t-NoAsanCustomAllocatorStrcmpTest RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc %S/CustomAllocator.cpp %S/StrcmpTest.cpp -o %t-NoAsanCustomAllocatorStrcmpTest
RUN: not %run %t-NoAsanCustomAllocatorStrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s RUN: not %run %t-NoAsanCustomAllocatorStrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/noasan-strncmp.test

UNSUPPORTED: darwin, freebsd, windows UNSUPPORTED: darwin, freebsd, windows
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler -fno-sanitize=address %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest RUN: %cpp_compiler -fno-sanitize=address %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
RUN: not %run %t-NoAsanStrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-NoAsanStrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s
RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc %S/CustomAllocator.cpp %S/StrncmpTest.cpp -o %t-NoAsanCustomAllocatorStrncmpTest RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc %S/CustomAllocator.cpp %S/StrncmpTest.cpp -o %t-NoAsanCustomAllocatorStrncmpTest
RUN: not %run %t-NoAsanCustomAllocatorStrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-NoAsanCustomAllocatorStrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/noasan-strstr.test

UNSUPPORTED: darwin, freebsd, windows UNSUPPORTED: darwin, freebsd, windows
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler -fno-sanitize=address %S/StrstrTest.cpp -o %t-NoAsanStrstrTest RUN: %cpp_compiler -fno-sanitize=address %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
RUN: not %run %t-NoAsanStrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s RUN: not %run %t-NoAsanStrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc %S/CustomAllocator.cpp %S/StrstrTest.cpp -o %t-NoAsanCustomAllocatorStrstrTest RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc %S/CustomAllocator.cpp %S/StrstrTest.cpp -o %t-NoAsanCustomAllocatorStrstrTest
RUN: not %run %t-NoAsanCustomAllocatorStrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s RUN: not %run %t-NoAsanCustomAllocatorStrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/not-instrumented.test

RUN: %cpp_compiler %S/NotinstrumentedTest.cpp -fsanitize-coverage=0 -o %t-NotinstrumentedTest-NoCoverage RUN: %no_remote_cpp_compiler %S/NotinstrumentedTest.cpp -fsanitize-coverage=0 -o %t-NotinstrumentedTest-NoCoverage
RUN: not %run %t-NotinstrumentedTest-NoCoverage 2>&1 | FileCheck %s --check-prefix=NO_COVERAGE RUN: not %run %t-NotinstrumentedTest-NoCoverage 2>&1 | FileCheck %s --check-prefix=NO_COVERAGE
NO_COVERAGE: ERROR: no interesting inputs were found. Is the code instrumented for coverage? Exiting NO_COVERAGE: ERROR: no interesting inputs were found. Is the code instrumented for coverage? Exiting

compiler-rt/test/fuzzer/null-deref.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
RUN: not %run %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest RUN: not %run %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest
RUN: not %run %t-NullDerefTest -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=NullDerefTest RUN: not %run %t-NullDerefTest -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=NullDerefTest
NullDerefTest: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address NullDerefTest: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address
NullDerefTest: Test unit written to ./crash- NullDerefTest: Test unit written to ./crash-
RUN: not %run %t-NullDerefTest -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix RUN: not %run %t-NullDerefTest -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix
NullDerefTestPrefix: Test unit written to ZZZcrash- NullDerefTestPrefix: Test unit written to ZZZcrash-
RUN: not %run %t-NullDerefTest -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=NullDerefTestExactPath RUN: not %run %t-NullDerefTest -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=NullDerefTestExactPath
NullDerefTestExactPath: Test unit written to FOOBAR NullDerefTestExactPath: Test unit written to FOOBAR

compiler-rt/test/fuzzer/only-some-bytes-fork.test

# Tests the data flow tracer. # Tests the data flow tracer.
REQUIRES: linux, x86_64 REQUIRES: linux, x86_64
# FIXME: Needs dataflow-tracing support for remote fuzzing.
UNSUPPORTED: remote
# Build the tracer and the test. # Build the tracer and the test.
RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o %t-DataFlow.o RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o %t-DataFlow.o
RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fPIC %S/../../lib/fuzzer/dataflow/DataFlowCallbacks.cpp -o %t-DataFlowCallbacks.o RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fPIC %S/../../lib/fuzzer/dataflow/DataFlowCallbacks.cpp -o %t-DataFlowCallbacks.o
RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels -fsanitize-coverage=trace-pc-guard,pc-table,bb,trace-cmp %S/OnlySomeBytesTest.cpp %t-DataFlow*.o -o %t-DFT RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels -fsanitize-coverage=trace-pc-guard,pc-table,bb,trace-cmp %S/OnlySomeBytesTest.cpp %t-DataFlow*.o -o %t-DFT
RUN: %cpp_compiler %S/OnlySomeBytesTest.cpp -o %t-Fuzz RUN: %cpp_compiler %S/OnlySomeBytesTest.cpp -o %t-Fuzz
# Test that the fork mode can collect and use the DFT # Test that the fork mode can collect and use the DFT
RUN: rm -rf %t && mkdir %t RUN: rm -rf %t && mkdir %t
RUN: not %t-Fuzz -collect_data_flow=%t-DFT -use_value_profile=1 -runs=100000000 -fork=20 2> %t/log RUN: not %t-Fuzz -collect_data_flow=%t-DFT -use_value_profile=1 -runs=100000000 -fork=20 2> %t/log
RUN: grep BINGO %t/log RUN: grep BINGO %t/log

compiler-rt/test/fuzzer/only-some-bytes.test

# Tests the data flow tracer. # Tests the data flow tracer.
REQUIRES: linux, x86_64 REQUIRES: linux, x86_64
# FIXME: Needs dataflow-tracing support for remote fuzzing.
UNSUPPORTED: remote
# Build the tracer and the test. # Build the tracer and the test.
RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o %t-DataFlow.o RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o %t-DataFlow.o
RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fPIC %S/../../lib/fuzzer/dataflow/DataFlowCallbacks.cpp -o %t-DataFlowCallbacks.o RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fPIC %S/../../lib/fuzzer/dataflow/DataFlowCallbacks.cpp -o %t-DataFlowCallbacks.o
RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels -fsanitize-coverage=trace-pc-guard,pc-table,bb,trace-cmp %S/OnlySomeBytesTest.cpp %t-DataFlow*.o -o %t-DFT RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -mllvm -dfsan-fast-16-labels -fsanitize-coverage=trace-pc-guard,pc-table,bb,trace-cmp %S/OnlySomeBytesTest.cpp %t-DataFlow*.o -o %t-DFT
RUN: %cpp_compiler %S/OnlySomeBytesTest.cpp -o %t-Fuzz RUN: %cpp_compiler %S/OnlySomeBytesTest.cpp -o %t-Fuzz
# Prepare the inputs. # Prepare the inputs.
RUN: rm -rf %t/* RUN: rm -rf %t/*
▲ Show 20 LinesShow All 43 LinesShow Last 20 Lines

compiler-rt/test/fuzzer/overwrite-input.test

UNSUPPORTED: remote
RUN: %cpp_compiler %S/OverwriteInputTest.cpp -o %t-OverwriteInputTest RUN: %cpp_compiler %S/OverwriteInputTest.cpp -o %t-OverwriteInputTest
RUN: not %run %t-OverwriteInputTest 2>&1 | FileCheck %s RUN: not %run %t-OverwriteInputTest 2>&1 | FileCheck %s
CHECK: ERROR: libFuzzer: fuzz target overwrites its const input CHECK: ERROR: libFuzzer: fuzz target overwrites its const input

compiler-rt/test/fuzzer/print-func.test

UNSUPPORTED: darwin, aarch64 UNSUPPORTED: darwin, aarch64
# FIXME: Fix remote symbolization
UNSUPPORTED: remote
RUN: %cpp_compiler %S/PrintFuncTest.cpp -o %t RUN: %cpp_compiler %S/PrintFuncTest.cpp -o %t
RUN: %run %t -seed=1 -runs=100000 2>&1 | FileCheck %s RUN: %run %t -seed=1 -runs=100000 2>&1 | FileCheck %s
RUN: %run %t -seed=1 -runs=100000 -print_funcs=0 2>&1 | FileCheck %s --check-prefix=NO RUN: %run %t -seed=1 -runs=100000 -print_funcs=0 2>&1 | FileCheck %s --check-prefix=NO
CHECK: NEW_FUNC{{.*}} FunctionA CHECK: NEW_FUNC{{.*}} FunctionA
CHECK: NEW_FUNC{{.*}} FunctionB CHECK: NEW_FUNC{{.*}} FunctionB
CHECK: NEW_FUNC{{.*}} FunctionC CHECK: NEW_FUNC{{.*}} FunctionC
CHECK: BINGO CHECK: BINGO
NO-NOT: NEW_FUNC NO-NOT: NEW_FUNC
NO: BINGO NO: BINGO

compiler-rt/test/fuzzer/recommended-dictionary.test

# FIXME: Currently too slow without remote fuzzing value-profile support.
UNSUPPORTED: remote
UNSUPPORTED: freebsd UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/RepeatedMemcmp.cpp -o %t-RepeatedMemcmp RUN: %cpp_compiler %S/RepeatedMemcmp.cpp -o %t-RepeatedMemcmp
RUN: %run %t-RepeatedMemcmp -seed=11 -runs=100000 -max_len=20 2>&1 | FileCheck %s --check-prefix=RECOMMENDED_DICT RUN: %run %t-RepeatedMemcmp -seed=11 -runs=100000 -max_len=20 2>&1 | FileCheck %s --check-prefix=RECOMMENDED_DICT
RECOMMENDED_DICT:###### Recommended dictionary. ###### RECOMMENDED_DICT:###### Recommended dictionary. ######
RECOMMENDED_DICT-DAG: "foo" RECOMMENDED_DICT-DAG: "foo"
RECOMMENDED_DICT-DAG: "bar" RECOMMENDED_DICT-DAG: "bar"
RECOMMENDED_DICT:###### End of recommended dictionary. ###### RECOMMENDED_DICT:###### End of recommended dictionary. ######

compiler-rt/test/fuzzer/reduce_inputs.test

# Test -reduce_inputs=1 # Test -reduce_inputs=1
# FIXME: Add exit_on_item support for remote fuzzers.
UNSUPPORTED: remote
RUN: rm -rf %t/C RUN: rm -rf %t/C
RUN: mkdir -p %t/C RUN: mkdir -p %t/C
RUN: %cpp_compiler %S/ShrinkControlFlowSimpleTest.cpp -o %t-ShrinkControlFlowSimpleTest RUN: %cpp_compiler %S/ShrinkControlFlowSimpleTest.cpp -o %t-ShrinkControlFlowSimpleTest
RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest
RUN: %run %t-ShrinkControlFlowSimpleTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 %t/C 2>&1 | FileCheck %s RUN: %run %t-ShrinkControlFlowSimpleTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 %t/C 2>&1 | FileCheck %s
CHECK: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60' CHECK: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60'
# Test that reduce_inputs deletes redundant files in the corpus. # Test that reduce_inputs deletes redundant files in the corpus.
RUN: %run %t-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT RUN: %run %t-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT
COUNT: seed corpus: files: 4 COUNT: seed corpus: files: 4
# a bit longer test # a bit longer test
RUN: %run %t-ShrinkControlFlowTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -seed=42 -runs=1000000 2>&1 | FileCheck %s RUN: %run %t-ShrinkControlFlowTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -seed=42 -runs=1000000 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/reload-remote.test

  • This file was added.
REQUIRES: remote
RUN: %proxy_compiler %S/IPCProxyDefault.cpp %S/ReloadTest.cpp -o %t-Proxy
RUN: %cpp_compiler %S/ReloadTest.cpp -o %t-ReloadTest
RUN: not %no_proxy_run %t-Proxy %t-ReloadTest -max_len=10000 -seed=1 -timeout=15 -len_control=0 \
-exact_artifact_path=%t.crash 2>&1 | FileCheck %S/reload.test
CHECK: Test unit written to {{.*}}reload.test.tmp.crash
RUN: not %no_proxy_run %t-Proxy %t-ReloadTest %t.crash 2>&1 | \
FileCheck %S/reload.test --check-prefix=ARTIFACT
ARTIFACT: Running: {{.*}}reload.test.tmp.crash
ARTIFACT: ERROR: libFuzzer: deadly signal
# Sanity check that altered artifact is not going to crash
RUN: echo z >> %t.crash
RUN: %no_proxy_run %t-Proxy %t-ReloadTest %t.crash

compiler-rt/test/fuzzer/reload.test

UNSUPPORTED: remote
RUN: %cpp_compiler %S/ReloadTest.cpp -o %t-ReloadTest RUN: %cpp_compiler %S/ReloadTest.cpp -o %t-ReloadTest
RUN: not %run %t-ReloadTest -max_len=10000 -seed=1 -timeout=15 -len_control=0 -exact_artifact_path=%t.crash 2>&1 | FileCheck %s RUN: not %run %t-ReloadTest -max_len=10000 -seed=1 -timeout=15 -len_control=0 -exact_artifact_path=%t.crash 2>&1 | FileCheck %s
CHECK: Test unit written to {{.*}}reload.test.tmp.crash CHECK: Test unit written to {{.*}}reload.test.tmp.crash
RUN: not %run %t-ReloadTest %t.crash 2>&1 | FileCheck %s --check-prefix=ARTIFACT RUN: not %run %t-ReloadTest %t.crash 2>&1 | FileCheck %s --check-prefix=ARTIFACT
ARTIFACT: Running: {{.*}}reload.test.tmp.crash ARTIFACT: Running: {{.*}}reload.test.tmp.crash
ARTIFACT: ERROR: libFuzzer: deadly signal ARTIFACT: ERROR: libFuzzer: deadly signal
# Sanity check that altered artifact is not going to crash # Sanity check that altered artifact is not going to crash
RUN: echo z >> %t.crash RUN: echo z >> %t.crash
RUN: %run %t-ReloadTest %t.crash RUN: %run %t-ReloadTest %t.crash

compiler-rt/test/fuzzer/seed_inputs.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
# Uses echo in a way that is not supported by the iOS "run-on-device" script. # Uses echo in a way that is not supported by the iOS "run-on-device" script.
UNSUPPORTED: ios UNSUPPORTED: ios
RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
USE-1: INFO: seed corpus: files: 1 USE-1: INFO: seed corpus: files: 1
RUN: echo -n "%t-SimpleTest" > %t.seed-inputs RUN: echo -n "%t-SimpleTest" > %t.seed-inputs
# Test both formats of -seed_inputs argument. # Test both formats of -seed_inputs argument.
Show All 19 Lines

compiler-rt/test/fuzzer/shrink.test

# FIXME: Add exit_on_item support for remote fuzzers.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest
RUN: %cpp_compiler %S/ShrinkValueProfileTest.cpp -o %t-ShrinkValueProfileTest RUN: %cpp_compiler %S/ShrinkValueProfileTest.cpp -o %t-ShrinkValueProfileTest
RUN: %run %t-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=2000000 -shrink=1 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK1 RUN: %run %t-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=2000000 -shrink=1 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK1
# Limit max_len to run this negative test faster. # Limit max_len to run this negative test faster.
RUN: %run %t-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=0 -reduce_inputs=0 -max_len=64 2>&1 | FileCheck %s --check-prefix=SHRINK0 RUN: %run %t-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=0 -reduce_inputs=0 -max_len=64 2>&1 | FileCheck %s --check-prefix=SHRINK0
RUN: %run %t-ShrinkValueProfileTest -seed=1 -exit_on_item=aea2e3923af219a8956f626558ef32f30a914ebc -runs=100000 -shrink=1 -reduce_inputs=0 -use_value_profile=1 2>&1 | FileCheck %s --check-prefix=SHRINK1_VP RUN: %run %t-ShrinkValueProfileTest -seed=1 -exit_on_item=aea2e3923af219a8956f626558ef32f30a914ebc -runs=100000 -shrink=1 -reduce_inputs=0 -use_value_profile=1 2>&1 | FileCheck %s --check-prefix=SHRINK1_VP
SHRINK0: Done 1000000 runs in SHRINK0: Done 1000000 runs in
SHRINK1: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60', exiting. SHRINK1: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60', exiting.
SHRINK1_VP: INFO: found item with checksum 'aea2e3923af219a8956f626558ef32f30a914ebc', exiting SHRINK1_VP: INFO: found item with checksum 'aea2e3923af219a8956f626558ef32f30a914ebc', exiting

compiler-rt/test/fuzzer/sigint.test

REQUIRES: msan REQUIRES: msan
# FIXME: msan triggers false-positives with the TestProxy as written.
UNSUPPORTED: remote
# Check that libFuzzer exits gracefully under SIGINT with MSan. # Check that libFuzzer exits gracefully under SIGINT with MSan.
RUN: rm -rf %t RUN: rm -rf %t
RUN: mkdir -p %t RUN: mkdir -p %t
RUN: %msan_compiler %S/SleepOneSecondTest.cpp -o %t/LFSIGINT RUN: %msan_compiler %S/SleepOneSecondTest.cpp -o %t/LFSIGINT
RUN: %run %t/LFSIGINT 2> %t/log & export PID=$! RUN: %run %t/LFSIGINT 2> %t/log & export PID=$!
RUN: sleep 2 RUN: sleep 2
RUN: kill -SIGINT $PID RUN: kill -SIGINT $PID
RUN: sleep 3 RUN: sleep 3
RUN: cat %t/log | FileCheck %s RUN: cat %t/log | FileCheck %s
CHECK: libFuzzer: run interrupted; exiting CHECK: libFuzzer: run interrupted; exiting
CHECK-NOT: WARNING: MemorySanitizer CHECK-NOT: WARNING: MemorySanitizer

compiler-rt/test/fuzzer/sigusr.test

# FIXME: Disabled on Windows for now because of reliance on posix only features # FIXME: Disabled on Windows for now because of reliance on posix only features
# (eg: export, "&", pkill). # (eg: export, "&", pkill).
UNSUPPORTED: darwin, windows UNSUPPORTED: darwin, windows
# Check that libFuzzer honors SIGUSR1/SIGUSR2 # Check that libFuzzer honors SIGUSR1/SIGUSR2
RUN: rm -rf %t RUN: rm -rf %t
RUN: mkdir -p %t RUN: mkdir -p %t
RUN: %cpp_compiler %S/SleepOneSecondTest.cpp -o %t/LFSIGUSR RUN: %cpp_compiler %S/SleepOneSecondTest.cpp -o %t/LFSIGUSR
RUN: %run %t/LFSIGUSR 2> %t/log & export PID=$! RUN: %run %t/LFSIGUSR 2> %t/log & export PID=$!
RUN: sleep 2 RUN: sleep 2
RUN: kill -SIGUSR1 $PID RUN: kill -SIGUSR1 $PID
RUN: sleep 3 RUN: sleep 3
RUN: cat %t/log | FileCheck %s RUN: cat %t/log | FileCheck %s
CHECK: INFO: signal received, trying to exit gracefully CHECK: INFO: signal received, trying to exit gracefully
CHECK: INFO: libFuzzer: exiting as requested CHECK: INFO: libFuzzer: exiting as requested

compiler-rt/test/fuzzer/simple-cmp.test

REQUIRES: linux, x86_64 REQUIRES: linux, x86_64
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest
RUN: not %run %t-SimpleCmpTest -seed=1 -runs=100000000 2>&1 | FileCheck %s RUN: not %run %t-SimpleCmpTest -seed=1 -runs=100000000 2>&1 | FileCheck %s
RUN: %run %t-SimpleCmpTest -max_total_time=1 -use_cmp=0 2>&1 | FileCheck %s --check-prefix=MaxTotalTime RUN: %run %t-SimpleCmpTest -max_total_time=1 -use_cmp=0 2>&1 | FileCheck %s --check-prefix=MaxTotalTime
MaxTotalTime: Done {{.*}} runs in {{.}} second(s) MaxTotalTime: Done {{.*}} runs in {{.}} second(s)
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/standalone.test

UNSUPPORTED: remote
RUN: %no_fuzzer_c_compiler %libfuzzer_src/standalone/StandaloneFuzzTargetMain.c -c -o %t_1.o RUN: %no_fuzzer_c_compiler %libfuzzer_src/standalone/StandaloneFuzzTargetMain.c -c -o %t_1.o
RUN: %no_fuzzer_cpp_compiler %S/InitializeTest.cpp -c -o %t_2.o RUN: %no_fuzzer_cpp_compiler %S/InitializeTest.cpp -c -o %t_2.o
RUN: %no_fuzzer_cpp_compiler %t_1.o %t_2.o -o %t-StandaloneInitializeTest RUN: %no_fuzzer_cpp_compiler %t_1.o %t_2.o -o %t-StandaloneInitializeTest
RUN: %run %t-StandaloneInitializeTest %S/hi.txt %S/dict1.txt 2>&1 | FileCheck %s RUN: %run %t-StandaloneInitializeTest %S/hi.txt %S/dict1.txt 2>&1 | FileCheck %s
CHECK: StandaloneFuzzTargetMain: running 2 inputs CHECK: StandaloneFuzzTargetMain: running 2 inputs
CHECK: Done: {{.*}}hi.txt: (3 bytes) CHECK: Done: {{.*}}hi.txt: (3 bytes)
CHECK: Done: {{.*}}dict1.txt: (61 bytes) CHECK: Done: {{.*}}dict1.txt: (61 bytes)

compiler-rt/test/fuzzer/strcmp.test

UNSUPPORTED: freebsd UNSUPPORTED: freebsd
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
RUN: not %run %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s RUN: not %run %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/strncmp-oob.test

# FIXME: Investigate why this fails for remote fuzzers.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/StrncmpOOBTest.cpp -o %t-StrncmpOOBTest RUN: %cpp_compiler %S/StrncmpOOBTest.cpp -o %t-StrncmpOOBTest
RUN: %env_asan_opts=strict_string_checks=1 not %run %t-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP RUN: %env_asan_opts=strict_string_checks=1 not %run %t-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
STRNCMP: AddressSanitizer: heap-buffer-overflow STRNCMP: AddressSanitizer: heap-buffer-overflow
STRNCMP-NOT: __sanitizer_weak_hook_strncmp STRNCMP-NOT: __sanitizer_weak_hook_strncmp
STRNCMP: in LLVMFuzzerTestOneInput STRNCMP: in LLVMFuzzerTestOneInput

compiler-rt/test/fuzzer/strncmp.test

UNSUPPORTED: freebsd UNSUPPORTED: freebsd
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
RUN: not %run %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/strstr.test

UNSUPPORTED: freebsd UNSUPPORTED: freebsd
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
RUN: not %run %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s RUN: not %run %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
CHECK: BINGO CHECK: BINGO

compiler-rt/test/fuzzer/swap-cmp.test

# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/SwapCmpTest.cpp -o %t-SwapCmpTest RUN: %cpp_compiler %S/SwapCmpTest.cpp -o %t-SwapCmpTest
CHECK: BINGO CHECK: BINGO
RUN: not %run %t-SwapCmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-SwapCmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/three-bytes.test

Tests -use_value_profile=2 (alternative VP metric). Tests -use_value_profile=2 (alternative VP metric).
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
RUN: %cpp_compiler %S/ThreeBytes.cpp -o %t RUN: %cpp_compiler %S/ThreeBytes.cpp -o %t
RUN: %run %t -seed=1 -runs=30000 RUN: %run %t -seed=1 -runs=30000
RUN: not %run %t -seed=1 -runs=1000000 -use_value_profile=2 2>&1 | FileCheck %s RUN: not %run %t -seed=1 -runs=1000000 -use_value_profile=2 2>&1 | FileCheck %s
CHECK: Test unit written CHECK: Test unit written

compiler-rt/test/fuzzer/value-profile-cmp.test

UNSUPPORTED: ios UNSUPPORTED: ios
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
CHECK: BINGO CHECK: BINGO
RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest
RUN: not %run %t-SimpleCmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s RUN: not %run %t-SimpleCmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/value-profile-cmp2.test

UNSUPPORTED: ios UNSUPPORTED: ios
FIXME: Make libFuzzer handle exits without ASan properly on Windows. FIXME: Make libFuzzer handle exits without ASan properly on Windows.
UNSUPPORTED: windows UNSUPPORTED: windows
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
CHECK: BINGO CHECK: BINGO
RUN: %cpp_compiler -fno-sanitize=address %S/SimpleHashTest.cpp -o %t-SimpleHashTest RUN: %cpp_compiler -fno-sanitize=address %S/SimpleHashTest.cpp -o %t-SimpleHashTest
RUN: not %run %t-SimpleHashTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 -max_len=64 2>&1 | FileCheck %s RUN: not %run %t-SimpleHashTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 -max_len=64 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/value-profile-cmp3.test

UNSUPPORTED: ios UNSUPPORTED: ios
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
CHECK: BINGO CHECK: BINGO
RUN: %cpp_compiler %S/AbsNegAndConstantTest.cpp -o %t-AbsNegAndConstantTest RUN: %cpp_compiler %S/AbsNegAndConstantTest.cpp -o %t-AbsNegAndConstantTest
RUN: not %run %t-AbsNegAndConstantTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s RUN: not %run %t-AbsNegAndConstantTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/value-profile-cmp4.test

# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
CHECK: BINGO CHECK: BINGO
RUN: %cpp_compiler %S/AbsNegAndConstant64Test.cpp -o %t-AbsNegAndConstant64Test RUN: %cpp_compiler %S/AbsNegAndConstant64Test.cpp -o %t-AbsNegAndConstant64Test
RUN: not %run %t-AbsNegAndConstant64Test -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s RUN: not %run %t-AbsNegAndConstant64Test -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/value-profile-div.test

UNSUPPORTED: ios UNSUPPORTED: ios
UNSUPPORTED: aarch64 UNSUPPORTED: aarch64
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
CHECK: AddressSanitizer: {{FPE|int-divide-by-zero}} CHECK: AddressSanitizer: {{FPE|int-divide-by-zero}}
RUN: %cpp_compiler %S/DivTest.cpp -fsanitize-coverage=trace-div -o %t-DivTest RUN: %cpp_compiler %S/DivTest.cpp -fsanitize-coverage=trace-div -o %t-DivTest
RUN: not %run %t-DivTest -seed=1 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-DivTest -seed=1 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/value-profile-load.test

# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
CHECK: AddressSanitizer: global-buffer-overflow CHECK: AddressSanitizer: global-buffer-overflow
RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-gep -o %t-LoadTest RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-gep -o %t-LoadTest
RUN: not %run %t-LoadTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s RUN: not %run %t-LoadTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/value-profile-mem.test

UNSUPPORTED: ios UNSUPPORTED: ios
UNSUPPORTED: freebsd UNSUPPORTED: freebsd
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
CHECK: BINGO CHECK: BINGO
+# Disable trace-cmp so that we test just the memcmp interception Disable trace-cmp so that we test just the memcmp interception
RUN: %cpp_compiler %S/SingleMemcmpTest.cpp -o %t-SingleMemcmpTest -fno-sanitize-coverage=trace-cmp RUN: %cpp_compiler %S/SingleMemcmpTest.cpp -o %t-SingleMemcmpTest -fno-sanitize-coverage=trace-cmp
RUN: not %run %t-SingleMemcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-SingleMemcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/value-profile-set.test

UNSUPPORTED: ios UNSUPPORTED: ios
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
CHECK: BINGO CHECK: BINGO
RUN: %cpp_compiler %S/FourIndependentBranchesTest.cpp -o %t-FourIndependentBranchesTest RUN: %cpp_compiler %S/FourIndependentBranchesTest.cpp -o %t-FourIndependentBranchesTest
RUN: not %run %t-FourIndependentBranchesTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s RUN: not %run %t-FourIndependentBranchesTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/value-profile-strcmp.test

UNSUPPORTED: ios UNSUPPORTED: ios
UNSUPPORTED: freebsd UNSUPPORTED: freebsd
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
CHECK: BINGO CHECK: BINGO
RUN: %cpp_compiler %S/SingleStrcmpTest.cpp -o %t-SingleStrcmpTest RUN: %cpp_compiler %S/SingleStrcmpTest.cpp -o %t-SingleStrcmpTest
RUN: not %run %t-SingleStrcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-SingleStrcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/value-profile-strncmp.test

UNSUPPORTED: freebsd, aarch64 UNSUPPORTED: freebsd, aarch64
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
CHECK: BINGO CHECK: BINGO
RUN: %cpp_compiler %S/SingleStrncmpTest.cpp -o %t-SingleStrncmpTest RUN: %cpp_compiler %S/SingleStrncmpTest.cpp -o %t-SingleStrncmpTest
RUN: not %run %t-SingleStrncmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s RUN: not %run %t-SingleStrncmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s

compiler-rt/test/fuzzer/value-profile-switch.test

UNSUPPORTED: ios UNSUPPORTED: ios
# FIXME: Needs value-profile support for remote fuzzing.
UNSUPPORTED: remote
CHECK: BINGO CHECK: BINGO
RUN: %cpp_compiler %S/SwitchTest.cpp -o %t-SwitchTest RUN: %cpp_compiler %S/SwitchTest.cpp -o %t-SwitchTest
RUN: %cpp_compiler %S/Switch2Test.cpp -o %t-Switch2Test RUN: %cpp_compiler %S/Switch2Test.cpp -o %t-Switch2Test
RUN: %cpp_compiler %S/Switch3Test.cpp -o %t-Switch3Test RUN: %cpp_compiler %S/Switch3Test.cpp -o %t-Switch3Test
RUN: not %run %t-SwitchTest -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s RUN: not %run %t-SwitchTest -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s
RUN: not %run %t-Switch2Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s RUN: not %run %t-Switch2Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s
RUN: not %run %t-Switch3Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 RUN: not %run %t-Switch3Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1