src - FreeBSD source tree

diff options


context:
space:
mode:

author	Dimitry Andric <dim@FreeBSD.org>	2019-08-20 18:00:15 +0000
committer	Dimitry Andric <dim@FreeBSD.org>	2019-08-20 18:00:15 +0000
commit	63714eb5809e39666dec2454c354195e76f916ba (patch)
tree	e3714cd783c265396c2ef3c117047e7c0ea41619 /lib/fuzzer
parent	0646903fc1f75f6e605754621119473ee083f4a4 (diff)
download	src-63714eb5809e39666dec2454c354195e76f916ba.tar.gz src-63714eb5809e39666dec2454c354195e76f916ba.zip

Remove upstream files and directories from vendor/compiler-rt/dist that

we do not use. This saves on repository space, and reduces the number of tree conflicts when merging.

Notes

Notes: svn path=/vendor/compiler-rt/dist/; revision=351268

Diffstat (limited to 'lib/fuzzer')

-rw-r--r--

lib/fuzzer/CMakeLists.txt

147

-rw-r--r--

lib/fuzzer/afl/afl_driver.cpp

378

-rwxr-xr-x

lib/fuzzer/build.sh

-rw-r--r--

lib/fuzzer/dataflow/DataFlow.cpp

217

-rwxr-xr-x

lib/fuzzer/scripts/collect_data_flow.py

-rwxr-xr-x

lib/fuzzer/scripts/merge_data_flow.py

-rwxr-xr-x

lib/fuzzer/scripts/unbalanced_allocs.py

-rw-r--r--

lib/fuzzer/standalone/StandaloneFuzzTargetMain.c

-rw-r--r--

lib/fuzzer/tests/CMakeLists.txt

-rw-r--r--

lib/fuzzer/tests/FuzzerUnittest.cpp

964

10 files changed, 0 insertions, 2030 deletions

diff --git a/lib/fuzzer/CMakeLists.txt b/lib/fuzzer/CMakeLists.txt
deleted file mode 100644
index caea9734fe53..000000000000
--- a/lib/fuzzer/CMakeLists.txt
+++ /dev/null

@@ -1,147 +0,0 @@

-set(LIBFUZZER_SOURCES

- FuzzerCrossOver.cpp

- FuzzerDataFlowTrace.cpp

- FuzzerDriver.cpp

- FuzzerExtFunctionsDlsym.cpp

- FuzzerExtFunctionsWeak.cpp

- FuzzerExtFunctionsWindows.cpp

- FuzzerExtraCounters.cpp

- FuzzerIO.cpp

- FuzzerIOPosix.cpp

- FuzzerIOWindows.cpp

- FuzzerLoop.cpp

- FuzzerMerge.cpp

- FuzzerMutate.cpp

- FuzzerSHA1.cpp

- FuzzerShmemFuchsia.cpp

- FuzzerShmemPosix.cpp

- FuzzerShmemWindows.cpp

- FuzzerTracePC.cpp

- FuzzerUtil.cpp

- FuzzerUtilDarwin.cpp

- FuzzerUtilFuchsia.cpp

- FuzzerUtilLinux.cpp

- FuzzerUtilPosix.cpp

- FuzzerUtilWindows.cpp)

-set(LIBFUZZER_HEADERS

- FuzzerBuiltins.h

- FuzzerBuiltinsMsvc.h

- FuzzerCommand.h

- FuzzerCorpus.h

- FuzzerDataFlowTrace.h

- FuzzerDefs.h

- FuzzerDictionary.h

- FuzzerExtFunctions.def

- FuzzerExtFunctions.h

- FuzzerFlags.def

- FuzzerIO.h

- FuzzerInterface.h

- FuzzerInternal.h

- FuzzerMerge.h

- FuzzerMutate.h

- FuzzerOptions.h

- FuzzerRandom.h

- FuzzerSHA1.h

- FuzzerShmem.h

- FuzzerTracePC.h

- FuzzerUtil.h

- FuzzerValueBitMap.h)

-CHECK_CXX_SOURCE_COMPILES("

- static thread_local int blah;

- int main() {

- return 0;

- }

- " HAS_THREAD_LOCAL)

-set(LIBFUZZER_CFLAGS ${SANITIZER_COMMON_CFLAGS})

-if(OS_NAME MATCHES "Linux|Fuchsia" AND COMPILER_RT_LIBCXX_PATH)

- list(APPEND LIBFUZZER_CFLAGS -nostdinc++ -D_LIBCPP_ABI_VERSION=Fuzzer)

- # Remove -stdlib= which is unused when passing -nostdinc++.

- string(REGEX REPLACE "-stdlib=[a-zA-Z+]*" "" CMAKE_CXX_FLAGS ${CMAKE_CXX_FLAGS})

-elseif(TARGET cxx-headers OR HAVE_LIBCXX)

- set(LIBFUZZER_DEPS cxx-headers)

-endif()

-append_list_if(COMPILER_RT_HAS_OMIT_FRAME_POINTER_FLAG -fno-omit-frame-pointer LIBFUZZER_CFLAGS)

-if (CMAKE_CXX_FLAGS MATCHES "fsanitize-coverage")

- list(APPEND LIBFUZZER_CFLAGS -fno-sanitize-coverage=trace-pc-guard,edge,trace-cmp,indirect-calls,8bit-counters)

-endif()

-if(NOT HAS_THREAD_LOCAL)

- list(APPEND LIBFUZZER_CFLAGS -Dthread_local=__thread)

-endif()

-set(FUZZER_SUPPORTED_OS ${SANITIZER_COMMON_SUPPORTED_OS})

-add_compiler_rt_object_libraries(RTfuzzer

- OS ${FUZZER_SUPPORTED_OS}

- ARCHS ${FUZZER_SUPPORTED_ARCH}

- SOURCES ${LIBFUZZER_SOURCES}

- ADDITIONAL_HEADERS ${LIBFUZZER_HEADERS}

- CFLAGS ${LIBFUZZER_CFLAGS}

- DEPS ${LIBFUZZER_DEPS})

-add_compiler_rt_object_libraries(RTfuzzer_main

- OS ${FUZZER_SUPPORTED_OS}

- ARCHS ${FUZZER_SUPPORTED_ARCH}

- SOURCES FuzzerMain.cpp

- CFLAGS ${LIBFUZZER_CFLAGS}

- DEPS ${LIBFUZZER_DEPS})

-add_compiler_rt_runtime(clang_rt.fuzzer

- STATIC

- OS ${FUZZER_SUPPORTED_OS}

- ARCHS ${FUZZER_SUPPORTED_ARCH}

- OBJECT_LIBS RTfuzzer RTfuzzer_main

- CFLAGS ${LIBFUZZER_CFLAGS}

- PARENT_TARGET fuzzer)

-add_compiler_rt_runtime(clang_rt.fuzzer_no_main

- STATIC

- OS ${FUZZER_SUPPORTED_OS}

- ARCHS ${FUZZER_SUPPORTED_ARCH}

- OBJECT_LIBS RTfuzzer

- CFLAGS ${LIBFUZZER_CFLAGS}

- PARENT_TARGET fuzzer)

-if(OS_NAME MATCHES "Linux|Fuchsia" AND COMPILER_RT_LIBCXX_PATH)

- macro(partially_link_libcxx name dir arch)

- set(cxx_${arch}_merge_dir "${CMAKE_CURRENT_BINARY_DIR}/cxx_${arch}_merge.dir")

- file(MAKE_DIRECTORY ${cxx_${arch}_merge_dir})

- add_custom_command(TARGET clang_rt.${name}-${arch} POST_BUILD

- COMMAND ${CMAKE_LINKER} --whole-archive "$<TARGET_LINKER_FILE:clang_rt.${name}-${arch}>" --no-whole-archive ${dir}/lib/libc++.a -r -o ${name}.o

- COMMAND ${CMAKE_OBJCOPY} --localize-hidden ${name}.o

- COMMAND ${CMAKE_COMMAND} -E remove "$<TARGET_LINKER_FILE:clang_rt.${name}-${arch}>"

- COMMAND ${CMAKE_AR} qcs "$<TARGET_LINKER_FILE:clang_rt.${name}-${arch}>" ${name}.o

- WORKING_DIRECTORY ${cxx_${arch}_merge_dir}

- )

- endmacro()

- foreach(arch ${FUZZER_SUPPORTED_ARCH})

- get_target_flags_for_arch(${arch} TARGET_CFLAGS)

- set(LIBCXX_${arch}_PREFIX ${CMAKE_CURRENT_BINARY_DIR}/libcxx_fuzzer_${arch})

- add_custom_libcxx(libcxx_fuzzer_${arch} ${LIBCXX_${arch}_PREFIX}

- CFLAGS ${TARGET_CFLAGS}

- -D_LIBCPP_DISABLE_VISIBILITY_ANNOTATIONS=1

- -fvisibility=hidden

- CMAKE_ARGS -DCMAKE_CXX_COMPILER_WORKS=ON

- -DLIBCXX_ENABLE_EXCEPTIONS=OFF

- -DLIBCXX_ENABLE_SHARED=OFF

- -DLIBCXX_ABI_NAMESPACE=Fuzzer

- -DLIBCXX_CXX_ABI=none)

- target_compile_options(RTfuzzer.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)

- add_dependencies(RTfuzzer.${arch} libcxx_fuzzer_${arch}-build)

- target_compile_options(RTfuzzer_main.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)

- add_dependencies(RTfuzzer_main.${arch} libcxx_fuzzer_${arch}-build)

- partially_link_libcxx(fuzzer_no_main ${LIBCXX_${arch}_PREFIX} ${arch})

- partially_link_libcxx(fuzzer ${LIBCXX_${arch}_PREFIX} ${arch})

- endforeach()

-endif()

-if(COMPILER_RT_INCLUDE_TESTS)

- add_subdirectory(tests)

-endif()

diff --git a/lib/fuzzer/afl/afl_driver.cpp b/lib/fuzzer/afl/afl_driver.cpp
deleted file mode 100644
index 5a10c0d27f3a..000000000000
--- a/lib/fuzzer/afl/afl_driver.cpp
+++ /dev/null

@@ -1,378 +0,0 @@

-//===- afl_driver.cpp - a glue between AFL and libFuzzer --------*- C++ -* ===//

-//

-// The LLVM Compiler Infrastructure

-//

-// This file is distributed under the University of Illinois Open Source

-// License. See LICENSE.TXT for details.

-//===----------------------------------------------------------------------===//

-/* This file allows to fuzz libFuzzer-style target functions

- (LLVMFuzzerTestOneInput) with AFL using AFL's persistent (in-process) mode.

-Usage:

-################################################################################

-cat << EOF > test_fuzzer.cc

-#include <stddef.h>

-#include <stdint.h>

-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

- if (size > 0 && data[0] == 'H')

- if (size > 1 && data[1] == 'I')

- if (size > 2 && data[2] == '!')

- __builtin_trap();

- return 0;

-EOF

-# Build your target with -fsanitize-coverage=trace-pc-guard using fresh clang.

-clang -g -fsanitize-coverage=trace-pc-guard test_fuzzer.cc -c

-# Build afl-llvm-rt.o.c from the AFL distribution.

-clang -c -w $AFL_HOME/llvm_mode/afl-llvm-rt.o.c

-# Build this file, link it with afl-llvm-rt.o.o and the target code.

-clang++ afl_driver.cpp test_fuzzer.o afl-llvm-rt.o.o

-# Run AFL:

-rm -rf IN OUT; mkdir IN OUT; echo z > IN/z;

-$AFL_HOME/afl-fuzz -i IN -o OUT ./a.out

-################################################################################

-Environment Variables:

-There are a few environment variables that can be set to use features that

-afl-fuzz doesn't have.

-AFL_DRIVER_STDERR_DUPLICATE_FILENAME: Setting this *appends* stderr to the file

-specified. If the file does not exist, it is created. This is useful for getting

-stack traces (when using ASAN for example) or original error messages on hard to

-reproduce bugs.

-AFL_DRIVER_EXTRA_STATS_FILENAME: Setting this causes afl_driver to write extra

-statistics to the file specified. Currently these are peak_rss_mb

-(the peak amount of virtual memory used in MB) and slowest_unit_time_secs. If

-the file does not exist it is created. If the file does exist then

-afl_driver assumes it was restarted by afl-fuzz and will try to read old

-statistics from the file. If that fails then the process will quit.

-*/

-#include <assert.h>

-#include <errno.h>

-#include <signal.h>

-#include <stdint.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <sys/resource.h>

-#include <sys/time.h>

-#include <unistd.h>

-#include <fstream>

-#include <iostream>

-#include <vector>

-// Platform detection. Copied from FuzzerInternal.h

-#ifdef __linux__

-#define LIBFUZZER_LINUX 1

-#define LIBFUZZER_APPLE 0

-#define LIBFUZZER_NETBSD 0

-#define LIBFUZZER_FREEBSD 0

-#define LIBFUZZER_OPENBSD 0

-#elif __APPLE__

-#define LIBFUZZER_LINUX 0

-#define LIBFUZZER_APPLE 1

-#define LIBFUZZER_NETBSD 0

-#define LIBFUZZER_FREEBSD 0

-#define LIBFUZZER_OPENBSD 0

-#elif __NetBSD__

-#define LIBFUZZER_LINUX 0

-#define LIBFUZZER_APPLE 0

-#define LIBFUZZER_NETBSD 1

-#define LIBFUZZER_FREEBSD 0

-#define LIBFUZZER_OPENBSD 0

-#elif __FreeBSD__

-#define LIBFUZZER_LINUX 0

-#define LIBFUZZER_APPLE 0

-#define LIBFUZZER_NETBSD 0

-#define LIBFUZZER_FREEBSD 1

-#define LIBFUZZER_OPENBSD 0

-#elif __OpenBSD__

-#define LIBFUZZER_LINUX 0

-#define LIBFUZZER_APPLE 0

-#define LIBFUZZER_NETBSD 0

-#define LIBFUZZER_FREEBSD 0

-#define LIBFUZZER_OPENBSD 1

-#else

-#error "Support for your platform has not been implemented"

-#endif

-// Used to avoid repeating error checking boilerplate. If cond is false, a

-// fatal error has occurred in the program. In this event print error_message

-// to stderr and abort(). Otherwise do nothing. Note that setting

-// AFL_DRIVER_STDERR_DUPLICATE_FILENAME may cause error_message to be appended

-// to the file as well, if the error occurs after the duplication is performed.

-#define CHECK_ERROR(cond, error_message) \

- if (!(cond)) { \

- fprintf(stderr, "%s\n", (error_message)); \

- abort(); \

- }

-// libFuzzer interface is thin, so we don't include any libFuzzer headers.

-extern "C" {

-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);

-__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);

-// Notify AFL about persistent mode.

-static volatile char AFL_PERSISTENT[] = "##SIG_AFL_PERSISTENT##";

-extern "C" int __afl_persistent_loop(unsigned int);

-static volatile char suppress_warning2 = AFL_PERSISTENT[0];

-// Notify AFL about deferred forkserver.

-static volatile char AFL_DEFER_FORKSVR[] = "##SIG_AFL_DEFER_FORKSRV##";

-extern "C" void __afl_manual_init();

-static volatile char suppress_warning1 = AFL_DEFER_FORKSVR[0];

-// Input buffer.

-static const size_t kMaxAflInputSize = 1 << 20;

-static uint8_t AflInputBuf[kMaxAflInputSize];

-// Variables we need for writing to the extra stats file.

-static FILE *extra_stats_file = NULL;

-static uint32_t previous_peak_rss = 0;

-static time_t slowest_unit_time_secs = 0;

-static const int kNumExtraStats = 2;

-static const char *kExtraStatsFormatString = "peak_rss_mb : %u\n"

- "slowest_unit_time_sec : %u\n";

-// Experimental feature to use afl_driver without AFL's deferred mode.

-// Needs to run before __afl_auto_init.

-__attribute__((constructor(0))) void __decide_deferred_forkserver(void) {

- if (getenv("AFL_DRIVER_DONT_DEFER")) {

- if (unsetenv("__AFL_DEFER_FORKSRV")) {

- perror("Failed to unset __AFL_DEFER_FORKSRV");

- abort();

- }

-// Copied from FuzzerUtil.cpp.

-size_t GetPeakRSSMb() {

- struct rusage usage;

- if (getrusage(RUSAGE_SELF, &usage))

- return 0;

- if (LIBFUZZER_LINUX || LIBFUZZER_NETBSD || LIBFUZZER_FREEBSD ||

- LIBFUZZER_OPENBSD) {

- // ru_maxrss is in KiB

- return usage.ru_maxrss >> 10;

- } else if (LIBFUZZER_APPLE) {

- // ru_maxrss is in bytes

- return usage.ru_maxrss >> 20;

- }

- assert(0 && "GetPeakRSSMb() is not implemented for your platform");

- return 0;

-// Based on SetSigaction in FuzzerUtil.cpp

-static void SetSigaction(int signum,

- void (*callback)(int, siginfo_t *, void *)) {

- struct sigaction sigact;

- memset(&sigact, 0, sizeof(sigact));

- sigact.sa_sigaction = callback;

- if (sigaction(signum, &sigact, 0)) {

- fprintf(stderr, "libFuzzer: sigaction failed with %d\n", errno);

- exit(1);

- }

-// Write extra stats to the file specified by the user. If none is specified

-// this function will never be called.

-static void write_extra_stats() {

- uint32_t peak_rss = GetPeakRSSMb();

- if (peak_rss < previous_peak_rss)

- peak_rss = previous_peak_rss;

- int chars_printed = fprintf(extra_stats_file, kExtraStatsFormatString,

- peak_rss, slowest_unit_time_secs);

- CHECK_ERROR(chars_printed != 0, "Failed to write extra_stats_file");

- CHECK_ERROR(fclose(extra_stats_file) == 0,

- "Failed to close extra_stats_file");

-// Call write_extra_stats before we exit.

-static void crash_handler(int, siginfo_t *, void *) {

- // Make sure we don't try calling write_extra_stats again if we crashed while

- // trying to call it.

- static bool first_crash = true;

- CHECK_ERROR(first_crash,

- "Crashed in crash signal handler. This is a bug in the fuzzer.");

- first_crash = false;

- write_extra_stats();

-// If the user has specified an extra_stats_file through the environment

-// variable AFL_DRIVER_EXTRA_STATS_FILENAME, then perform necessary set up

-// to write stats to it on exit. If no file is specified, do nothing. Otherwise

-// install signal and exit handlers to write to the file when the process exits.

-// Then if the file doesn't exist create it and set extra stats to 0. But if it

-// does exist then read the initial values of the extra stats from the file

-// and check that the file is writable.

-static void maybe_initialize_extra_stats() {

- // If AFL_DRIVER_EXTRA_STATS_FILENAME isn't set then we have nothing to do.

- char *extra_stats_filename = getenv("AFL_DRIVER_EXTRA_STATS_FILENAME");

- if (!extra_stats_filename)

- return;

- // Open the file and find the previous peak_rss_mb value.

- // This is necessary because the fuzzing process is restarted after N

- // iterations are completed. So we may need to get this value from a previous

- // process to be accurate.

- extra_stats_file = fopen(extra_stats_filename, "r");

- // If extra_stats_file already exists: read old stats from it.

- if (extra_stats_file) {

- int matches = fscanf(extra_stats_file, kExtraStatsFormatString,

- &previous_peak_rss, &slowest_unit_time_secs);

- // Make sure we have read a real extra stats file and that we have used it

- // to set slowest_unit_time_secs and previous_peak_rss.

- CHECK_ERROR(matches == kNumExtraStats, "Extra stats file is corrupt");

- CHECK_ERROR(fclose(extra_stats_file) == 0, "Failed to close file");

- // Now open the file for writing.

- extra_stats_file = fopen(extra_stats_filename, "w");

- CHECK_ERROR(extra_stats_file,

- "Failed to open extra stats file for writing");

- } else {

- // Looks like this is the first time in a fuzzing job this is being called.

- extra_stats_file = fopen(extra_stats_filename, "w+");

- CHECK_ERROR(extra_stats_file, "failed to create extra stats file");

- }

- // Make sure that crash_handler gets called on any kind of fatal error.

- int crash_signals[] = {SIGSEGV, SIGBUS, SIGABRT, SIGILL, SIGFPE, SIGINT,

- SIGTERM};

- const size_t num_signals = sizeof(crash_signals) / sizeof(crash_signals[0]);

- for (size_t idx = 0; idx < num_signals; idx++)

- SetSigaction(crash_signals[idx], crash_handler);

- // Make sure it gets called on other kinds of exits.

- atexit(write_extra_stats);

-// If the user asks us to duplicate stderr, then do it.

-static void maybe_duplicate_stderr() {

- char* stderr_duplicate_filename =

- getenv("AFL_DRIVER_STDERR_DUPLICATE_FILENAME");

- if (!stderr_duplicate_filename)

- return;

- FILE* stderr_duplicate_stream =

- freopen(stderr_duplicate_filename, "a+", stderr);

- if (!stderr_duplicate_stream) {

- fprintf(

- stderr,

- "Failed to duplicate stderr to AFL_DRIVER_STDERR_DUPLICATE_FILENAME");

- abort();

- }

-// Define LLVMFuzzerMutate to avoid link failures for targets that use it

-// with libFuzzer's LLVMFuzzerCustomMutator.

-extern "C" size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) {

- assert(false && "LLVMFuzzerMutate should not be called from afl_driver");

- return 0;

-// Execute any files provided as parameters.

-int ExecuteFilesOnyByOne(int argc, char **argv) {

- for (int i = 1; i < argc; i++) {

- std::ifstream in(argv[i], std::ios::binary);

- in.seekg(0, in.end);

- size_t length = in.tellg();

- in.seekg (0, in.beg);

- std::cout << "Reading " << length << " bytes from " << argv[i] << std::endl;

- // Allocate exactly length bytes so that we reliably catch buffer overflows.

- std::vector<char> bytes(length);

- in.read(bytes.data(), bytes.size());

- assert(in);

- LLVMFuzzerTestOneInput(reinterpret_cast<const uint8_t *>(bytes.data()),

- bytes.size());

- std::cout << "Execution successful" << std::endl;

- }

- return 0;

-int main(int argc, char **argv) {

- fprintf(stderr,

- "======================= INFO =========================\n"

- "This binary is built for AFL-fuzz.\n"

- "To run the target function on individual input(s) execute this:\n"

- " %s < INPUT_FILE\n"

- "or\n"

- " %s INPUT_FILE1 [INPUT_FILE2 ... ]\n"

- "To fuzz with afl-fuzz execute this:\n"

- " afl-fuzz [afl-flags] %s [-N]\n"

- "afl-fuzz will run N iterations before "

- "re-spawning the process (default: 1000)\n"

- "======================================================\n",

- argv[0], argv[0], argv[0]);

- if (LLVMFuzzerInitialize)

- LLVMFuzzerInitialize(&argc, &argv);

- // Do any other expensive one-time initialization here.

- maybe_duplicate_stderr();

- maybe_initialize_extra_stats();

- if (!getenv("AFL_DRIVER_DONT_DEFER"))

- __afl_manual_init();

- int N = 1000;

- if (argc == 2 && argv[1][0] == '-')

- N = atoi(argv[1] + 1);

- else if(argc == 2 && (N = atoi(argv[1])) > 0)

- fprintf(stderr, "WARNING: using the deprecated call style `%s %d`\n",

- argv[0], N);

- else if (argc > 1)

- return ExecuteFilesOnyByOne(argc, argv);

- assert(N > 0);

- // Call LLVMFuzzerTestOneInput here so that coverage caused by initialization

- // on the first execution of LLVMFuzzerTestOneInput is ignored.

- uint8_t dummy_input[1] = {0};

- LLVMFuzzerTestOneInput(dummy_input, 1);

- time_t unit_time_secs;

- int num_runs = 0;

- while (__afl_persistent_loop(N)) {

- ssize_t n_read = read(0, AflInputBuf, kMaxAflInputSize);

- if (n_read > 0) {

- // Copy AflInputBuf into a separate buffer to let asan find buffer

- // overflows. Don't use unique_ptr/etc to avoid extra dependencies.

- uint8_t *copy = new uint8_t[n_read];

- memcpy(copy, AflInputBuf, n_read);

- struct timeval unit_start_time;

- CHECK_ERROR(gettimeofday(&unit_start_time, NULL) == 0,

- "Calling gettimeofday failed");

- num_runs++;

- LLVMFuzzerTestOneInput(copy, n_read);

- struct timeval unit_stop_time;

- CHECK_ERROR(gettimeofday(&unit_stop_time, NULL) == 0,

- "Calling gettimeofday failed");

- // Update slowest_unit_time_secs if we see a new max.

- unit_time_secs = unit_stop_time.tv_sec - unit_start_time.tv_sec;

- if (slowest_unit_time_secs < unit_time_secs)

- slowest_unit_time_secs = unit_time_secs;

- delete[] copy;

- }

- fprintf(stderr, "%s: successfully executed %d input(s)\n", argv[0], num_runs);

diff --git a/lib/fuzzer/build.sh b/lib/fuzzer/build.sh
deleted file mode 100755
index 504e54e3a819..000000000000
--- a/lib/fuzzer/build.sh
+++ /dev/null

@@ -1,11 +0,0 @@

-#!/bin/sh

-LIBFUZZER_SRC_DIR=$(dirname $0)

-CXX="${CXX:-clang}"

-for f in $LIBFUZZER_SRC_DIR/*.cpp; do

- $CXX -g -O2 -fno-omit-frame-pointer -std=c++11 $f -c &

-done

-wait

-rm -f libFuzzer.a

-ar ru libFuzzer.a Fuzzer*.o

-rm -f Fuzzer*.o

diff --git a/lib/fuzzer/dataflow/DataFlow.cpp b/lib/fuzzer/dataflow/DataFlow.cpp
deleted file mode 100644
index a79c796ac456..000000000000
--- a/lib/fuzzer/dataflow/DataFlow.cpp
+++ /dev/null

@@ -1,217 +0,0 @@

-/*===- DataFlow.cpp - a standalone DataFlow tracer -------===//

-//

-// The LLVM Compiler Infrastructure

-//

-// This file is distributed under the University of Illinois Open Source

-// License. See LICENSE.TXT for details.

-//

-//===----------------------------------------------------------------------===//

-// An experimental data-flow tracer for fuzz targets.

-// It is based on DFSan and SanitizerCoverage.

-// https://clang.llvm.org/docs/DataFlowSanitizer.html

-// https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-data-flow

-//

-// It executes the fuzz target on the given input while monitoring the

-// data flow for every instrumented comparison instruction.

-//

-// The output shows which functions depend on which bytes of the input.

-//

-// Build:

-// 1. Compile this file with -fsanitize=dataflow

-// 2. Build the fuzz target with -g -fsanitize=dataflow

-// -fsanitize-coverage=trace-pc-guard,pc-table,func,trace-cmp

-// 3. Link those together with -fsanitize=dataflow

-//

-// -fsanitize-coverage=trace-cmp inserts callbacks around every comparison

-// instruction, DFSan modifies the calls to pass the data flow labels.

-// The callbacks update the data flow label for the current function.

-// See e.g. __dfsw___sanitizer_cov_trace_cmp1 below.

-//

-// -fsanitize-coverage=trace-pc-guard,pc-table,func instruments function

-// entries so that the comparison callback knows that current function.

-//

-// Run:

-// # Collect data flow for INPUT_FILE, write to OUTPUT_FILE (default: stdout)

-// ./a.out INPUT_FILE [OUTPUT_FILE]

-//

-// # Print all instrumented functions. llvm-symbolizer must be present in PATH

-// ./a.out

-//

-// Example output:

-// ===============

-// F0 11111111111111

-// F1 10000000000000

-// ===============

-// "FN xxxxxxxxxx": tells what bytes of the input does the function N depend on.

-// The byte string is LEN+1 bytes. The last byte is set if the function

-// depends on the input length.

-//===----------------------------------------------------------------------===*/

-#include <assert.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <stdint.h>

-#include <string.h>

-#include <execinfo.h> // backtrace_symbols_fd

-#include <sanitizer/dfsan_interface.h>

-extern "C" {

-extern int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size);

-__attribute__((weak)) extern int LLVMFuzzerInitialize(int *argc, char ***argv);

-} // extern "C"

-static size_t InputLen;

-static size_t NumFuncs;

-static const uintptr_t *FuncsBeg;

-static __thread size_t CurrentFunc;

-static dfsan_label *FuncLabels; // Array of NumFuncs elements.

-static char *PrintableStringForLabel; // InputLen + 2 bytes.

-static bool LabelSeen[1 << 8 * sizeof(dfsan_label)];

-// Prints all instrumented functions.

-static int PrintFunctions() {

- // We don't have the symbolizer integrated with dfsan yet.

- // So use backtrace_symbols_fd and pipe it through llvm-symbolizer.

- // TODO(kcc): this is pretty ugly and may break in lots of ways.

- // We'll need to make a proper in-process symbolizer work with DFSan.

- FILE *Pipe = popen("sed 's/(+/ /g; s/).*//g' "

- "| llvm-symbolizer "

- "| grep 'dfs\\$' "

- "| sed 's/dfs\\$//g'", "w");

- for (size_t I = 0; I < NumFuncs; I++) {

- uintptr_t PC = FuncsBeg[I * 2];

- void *const Buf[1] = {(void*)PC};

- backtrace_symbols_fd(Buf, 1, fileno(Pipe));

- }

- pclose(Pipe);

- return 0;

-extern "C"

-void SetBytesForLabel(dfsan_label L, char *Bytes) {

- if (LabelSeen[L])

- return;

- LabelSeen[L] = true;

- assert(L);

- if (L <= InputLen + 1) {

- Bytes[L - 1] = '1';

- } else {

- auto *DLI = dfsan_get_label_info(L);

- SetBytesForLabel(DLI->l1, Bytes);

- SetBytesForLabel(DLI->l2, Bytes);

- }

-static char *GetPrintableStringForLabel(dfsan_label L) {

- memset(PrintableStringForLabel, '0', InputLen + 1);

- PrintableStringForLabel[InputLen + 1] = 0;

- memset(LabelSeen, 0, sizeof(LabelSeen));

- SetBytesForLabel(L, PrintableStringForLabel);

- return PrintableStringForLabel;

-static void PrintDataFlow(FILE *Out) {

- for (size_t I = 0; I < NumFuncs; I++)

- if (FuncLabels[I])

- fprintf(Out, "F%zd %s\n", I, GetPrintableStringForLabel(FuncLabels[I]));

-int main(int argc, char **argv) {

- if (LLVMFuzzerInitialize)

- LLVMFuzzerInitialize(&argc, &argv);

- if (argc == 1)

- return PrintFunctions();

- assert(argc == 4 || argc == 5);

- size_t Beg = atoi(argv[1]);

- size_t End = atoi(argv[2]);

- assert(Beg < End);

- const char *Input = argv[3];

- fprintf(stderr, "INFO: reading '%s'\n", Input);

- FILE *In = fopen(Input, "r");

- assert(In);

- fseek(In, 0, SEEK_END);

- InputLen = ftell(In);

- fseek(In, 0, SEEK_SET);

- unsigned char *Buf = (unsigned char*)malloc(InputLen);

- size_t NumBytesRead = fread(Buf, 1, InputLen, In);

- assert(NumBytesRead == InputLen);

- PrintableStringForLabel = (char*)malloc(InputLen + 2);

- fclose(In);

- fprintf(stderr, "INFO: running '%s'\n", Input);

- for (size_t I = 1; I <= InputLen; I++) {

- dfsan_label L = dfsan_create_label("", nullptr);

- assert(L == I);

- size_t Idx = I - 1;

- if (Idx >= Beg && Idx < End)

- dfsan_set_label(L, Buf + Idx, 1);

- }

- dfsan_label SizeL = dfsan_create_label("", nullptr);

- assert(SizeL == InputLen + 1);

- dfsan_set_label(SizeL, &InputLen, sizeof(InputLen));

- LLVMFuzzerTestOneInput(Buf, InputLen);

- free(Buf);

- bool OutIsStdout = argc == 4;

- fprintf(stderr, "INFO: writing dataflow to %s\n",

- OutIsStdout ? "<stdout>" : argv[4]);

- FILE *Out = OutIsStdout ? stdout : fopen(argv[4], "w");

- PrintDataFlow(Out);

- if (!OutIsStdout) fclose(Out);

-extern "C" {

-void __sanitizer_cov_trace_pc_guard_init(uint32_t *start,

- uint32_t *stop) {

- assert(NumFuncs == 0 && "This tool does not support DSOs");

- assert(start < stop && "The code is not instrumented for coverage");

- if (start == stop || *start) return; // Initialize only once.

- for (uint32_t *x = start; x < stop; x++)

- *x = ++NumFuncs; // The first index is 1.

- FuncLabels = (dfsan_label*)calloc(NumFuncs, sizeof(dfsan_label));

- fprintf(stderr, "INFO: %zd instrumented function(s) observed\n", NumFuncs);

-void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg,

- const uintptr_t *pcs_end) {

- assert(NumFuncs == (pcs_end - pcs_beg) / 2);

- FuncsBeg = pcs_beg;

-void __sanitizer_cov_trace_pc_indir(uint64_t x){} // unused.

-void __sanitizer_cov_trace_pc_guard(uint32_t *guard){

- uint32_t FuncNum = *guard - 1; // Guards start from 1.

- assert(FuncNum < NumFuncs);

- CurrentFunc = FuncNum;

-void __dfsw___sanitizer_cov_trace_switch(uint64_t Val, uint64_t *Cases,

- dfsan_label L1, dfsan_label UnusedL) {

- assert(CurrentFunc < NumFuncs);

- FuncLabels[CurrentFunc] = dfsan_union(FuncLabels[CurrentFunc], L1);

-#define HOOK(Name, Type) \

- void Name(Type Arg1, Type Arg2, dfsan_label L1, dfsan_label L2) { \

- assert(CurrentFunc < NumFuncs); \

- FuncLabels[CurrentFunc] = \

- dfsan_union(FuncLabels[CurrentFunc], dfsan_union(L1, L2)); \

- }

-HOOK(__dfsw___sanitizer_cov_trace_const_cmp1, uint8_t)

-HOOK(__dfsw___sanitizer_cov_trace_const_cmp2, uint16_t)

-HOOK(__dfsw___sanitizer_cov_trace_const_cmp4, uint32_t)

-HOOK(__dfsw___sanitizer_cov_trace_const_cmp8, uint64_t)

-HOOK(__dfsw___sanitizer_cov_trace_cmp1, uint8_t)

-HOOK(__dfsw___sanitizer_cov_trace_cmp2, uint16_t)

-HOOK(__dfsw___sanitizer_cov_trace_cmp4, uint32_t)

-HOOK(__dfsw___sanitizer_cov_trace_cmp8, uint64_t)

-} // extern "C"

diff --git a/lib/fuzzer/scripts/collect_data_flow.py b/lib/fuzzer/scripts/collect_data_flow.py
deleted file mode 100755
index 3edff66bb9d1..000000000000
--- a/lib/fuzzer/scripts/collect_data_flow.py
+++ /dev/null

@@ -1,79 +0,0 @@

-#!/usr/bin/env python

-#===- lib/fuzzer/scripts/collect_data_flow.py ------------------------------===#

-# The LLVM Compiler Infrastructure

-# This file is distributed under the University of Illinois Open Source

-# License. See LICENSE.TXT for details.

-#===------------------------------------------------------------------------===#

-# Runs the data-flow tracer several times on the same input in order to collect

-# the complete trace for all input bytes (running it on all bytes at once

-# may fail if DFSan runs out of labels).

-# Usage:

-# # Collect dataflow for one input, store it in OUTPUT (default is stdout)

-# collect_data_flow.py BINARY INPUT [OUTPUT]

-# # Collect dataflow for all inputs in CORPUS_DIR, store them in OUTPUT_DIR

-# collect_data_flow.py BINARY CORPUS_DIR OUTPUT_DIR

-#===------------------------------------------------------------------------===#

-import atexit

-import hashlib

-import sys

-import os

-import subprocess

-import tempfile

-import shutil

-tmpdir = ""

-def cleanup(d):

- print("removing: %s" % d)

- shutil.rmtree(d)

-def collect_dataflow_for_corpus(self, exe, corpus_dir, output_dir):

- print("Collecting dataflow for corpus: %s output_dir: %s" % (corpus_dir,

- output_dir))

- assert not os.path.exists(output_dir)

- os.mkdir(output_dir)

- for root, dirs, files in os.walk(corpus_dir):

- for f in files:

- path = os.path.join(root, f)

- sha1 = hashlib.sha1(open(path).read()).hexdigest()

- output = os.path.join(output_dir, sha1)

- subprocess.call([self, exe, path, output])

- functions_txt = open(os.path.join(output_dir, "functions.txt"), "w")

- subprocess.call([exe], stdout=functions_txt)

-def main(argv):

- exe = argv[1]

- inp = argv[2]

- if os.path.isdir(inp):

- return collect_dataflow_for_corpus(argv[0], exe, inp, argv[3])

- size = os.path.getsize(inp)

- q = [[0, size]]

- tmpdir = tempfile.mkdtemp(prefix="libfuzzer-tmp-")

- atexit.register(cleanup, tmpdir)

- print "tmpdir: ", tmpdir

- outputs = []

- while len(q):

- r = q.pop()

- print "******* Trying: ", r

- tmpfile = os.path.join(tmpdir, str(r[0]) + "-" + str(r[1]))

- ret = subprocess.call([exe, str(r[0]), str(r[1]), inp, tmpfile])

- if ret and r[1] - r[0] >= 2:

- q.append([r[0], (r[1] + r[0]) / 2])

- q.append([(r[1] + r[0]) / 2, r[1]])

- else:

- outputs.append(tmpfile)

- print "******* Success: ", r

- f = sys.stdout

- if len(argv) >= 4:

- f = open(argv[3], "w")

- merge = os.path.join(os.path.dirname(argv[0]), "merge_data_flow.py")

- subprocess.call([merge] + outputs, stdout=f)

-if __name__ == '__main__':

- main(sys.argv)

diff --git a/lib/fuzzer/scripts/merge_data_flow.py b/lib/fuzzer/scripts/merge_data_flow.py
deleted file mode 100755
index d2f5081e7b8c..000000000000
--- a/lib/fuzzer/scripts/merge_data_flow.py
+++ /dev/null

@@ -1,36 +0,0 @@

-#!/usr/bin/env python

-#===- lib/fuzzer/scripts/merge_data_flow.py ------------------------------===#

-# The LLVM Compiler Infrastructure

-# This file is distributed under the University of Illinois Open Source

-# License. See LICENSE.TXT for details.

-#===------------------------------------------------------------------------===#

-# Merge several data flow traces into one.

-# Usage:

-# merge_data_flow.py trace1 trace2 ... > result

-#===------------------------------------------------------------------------===#

-import sys

-import fileinput

-from array import array

-def Merge(a, b):

- res = array('b')

- for i in range(0, len(a)):

- res.append(ord('1' if a[i] == '1' or b[i] == '1' else '0'))

- return res.tostring()

-def main(argv):

- D = {}

- for line in fileinput.input():

- [F,BV] = line.strip().split(' ')

- if F in D:

- D[F] = Merge(D[F], BV)

- else:

- D[F] = BV;

- for F in D.keys():

- print("%s %s" % (F, D[F]))

-if __name__ == '__main__':

- main(sys.argv)

diff --git a/lib/fuzzer/scripts/unbalanced_allocs.py b/lib/fuzzer/scripts/unbalanced_allocs.py
deleted file mode 100755
index 74478ad55af0..000000000000
--- a/lib/fuzzer/scripts/unbalanced_allocs.py
+++ /dev/null

@@ -1,93 +0,0 @@

-#!/usr/bin/env python

-#===- lib/fuzzer/scripts/unbalanced_allocs.py ------------------------------===#

-# The LLVM Compiler Infrastructure

-# This file is distributed under the University of Illinois Open Source

-# License. See LICENSE.TXT for details.

-#===------------------------------------------------------------------------===#

-# Post-process -trace_malloc=2 output and printout only allocations and frees

-# unbalanced inside of fuzzer runs.

-# Usage:

-# my_fuzzer -trace_malloc=2 -runs=10 2>&1 | unbalanced_allocs.py -skip=5

-#===------------------------------------------------------------------------===#

-import argparse

-import sys

-_skip = 0

-def PrintStack(line, stack):

- global _skip

- if _skip > 0:

- return

- print('Unbalanced ' + line.rstrip());

- for l in stack:

- print(l.rstrip())

-def ProcessStack(line, f):

- stack = []

- while line and line.startswith(' #'):

- stack += [line]

- line = f.readline()

- return line, stack

-def ProcessFree(line, f, allocs):

- if not line.startswith('FREE['):

- return f.readline()

- addr = int(line.split()[1], 16)

- next_line, stack = ProcessStack(f.readline(), f)

- if addr in allocs:

- del allocs[addr]

- else:

- PrintStack(line, stack)

- return next_line

-def ProcessMalloc(line, f, allocs):

- if not line.startswith('MALLOC['):

- return ProcessFree(line, f, allocs)

- addr = int(line.split()[1], 16)

- assert not addr in allocs

- next_line, stack = ProcessStack(f.readline(), f)

- allocs[addr] = (line, stack)

- return next_line

-def ProcessRun(line, f):

- if not line.startswith('MallocFreeTracer: START'):

- return ProcessMalloc(line, f, {})

- allocs = {}

- print(line.rstrip())

- line = f.readline()

- while line:

- if line.startswith('MallocFreeTracer: STOP'):

- global _skip

- _skip = _skip - 1

- for _, (l, s) in allocs.items():

- PrintStack(l, s)

- print(line.rstrip())

- return f.readline()

- line = ProcessMalloc(line, f, allocs)

- return line

-def ProcessFile(f):

- line = f.readline()

- while line:

- line = ProcessRun(line, f);

-def main(argv):

- parser = argparse.ArgumentParser()

- parser.add_argument('--skip', default=0, help='number of runs to ignore')

- args = parser.parse_args()

- global _skip

- _skip = int(args.skip) + 1

- ProcessFile(sys.stdin)

-if __name__ == '__main__':

- main(sys.argv)

diff --git a/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c b/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c
deleted file mode 100644
index 0d76ea49e796..000000000000
--- a/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c
+++ /dev/null

@@ -1,41 +0,0 @@

-/*===- StandaloneFuzzTargetMain.c - standalone main() for fuzz targets. ---===//

-//

-// The LLVM Compiler Infrastructure

-//

-// This file is distributed under the University of Illinois Open Source

-// License. See LICENSE.TXT for details.

-//

-//===----------------------------------------------------------------------===//

-// This main() function can be linked to a fuzz target (i.e. a library

-// that exports LLVMFuzzerTestOneInput() and possibly LLVMFuzzerInitialize())

-// instead of libFuzzer. This main() function will not perform any fuzzing

-// but will simply feed all input files one by one to the fuzz target.

-//

-// Use this file to provide reproducers for bugs when linking against libFuzzer

-// or other fuzzing engine is undesirable.

-//===----------------------------------------------------------------------===*/

-#include <assert.h>

-#include <stdio.h>

-#include <stdlib.h>

-extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);

-__attribute__((weak)) extern int LLVMFuzzerInitialize(int *argc, char ***argv);

-int main(int argc, char **argv) {

- fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1);

- if (LLVMFuzzerInitialize)

- LLVMFuzzerInitialize(&argc, &argv);

- for (int i = 1; i < argc; i++) {

- fprintf(stderr, "Running: %s\n", argv[i]);

- FILE *f = fopen(argv[i], "r");

- assert(f);

- fseek(f, 0, SEEK_END);

- size_t len = ftell(f);

- fseek(f, 0, SEEK_SET);

- unsigned char *buf = (unsigned char*)malloc(len);

- size_t n_read = fread(buf, 1, len, f);

- assert(n_read == len);

- LLVMFuzzerTestOneInput(buf, len);

- free(buf);

- fprintf(stderr, "Done: %s: (%zd bytes)\n", argv[i], n_read);

- }

diff --git a/lib/fuzzer/tests/CMakeLists.txt b/lib/fuzzer/tests/CMakeLists.txt
deleted file mode 100644
index 6abb72def3e1..000000000000
--- a/lib/fuzzer/tests/CMakeLists.txt
+++ /dev/null

@@ -1,64 +0,0 @@

-include(CompilerRTCompile)

-set(LIBFUZZER_UNITTEST_CFLAGS

- ${COMPILER_RT_UNITTEST_CFLAGS}

- ${COMPILER_RT_GTEST_CFLAGS}

- -I${COMPILER_RT_SOURCE_DIR}/lib/fuzzer

- -fno-rtti

- -O2)

-if (APPLE)

- set(FUZZER_SUPPORTED_OS osx)

-endif()

-add_custom_target(FuzzerUnitTests)

-set_target_properties(FuzzerUnitTests PROPERTIES FOLDER "Compiler-RT Tests")

-set(LIBFUZZER_UNITTEST_LINK_FLAGS ${COMPILER_RT_UNITTEST_LINK_FLAGS})

-list(APPEND LIBFUZZER_UNITTEST_LINK_FLAGS --driver-mode=g++)

-if(APPLE OR CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")

- list(APPEND LIBFUZZER_UNITTEST_LINK_FLAGS -lc++ -lpthread)

-elseif(NOT WIN32)

- list(APPEND LIBFUZZER_UNITTEST_LINK_FLAGS -lstdc++ -lpthread)

-endif()

-if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux" AND COMPILER_RT_LIBCXX_PATH)

- list(APPEND LIBFUZZER_UNITTEST_CFLAGS -nostdinc++)

-endif()

-if(COMPILER_RT_DEFAULT_TARGET_ARCH IN_LIST FUZZER_SUPPORTED_ARCH)

- # libFuzzer unit tests are only run on the host machine.

- set(arch ${COMPILER_RT_DEFAULT_TARGET_ARCH})

- set(LIBFUZZER_TEST_RUNTIME RTFuzzerTest.${arch})

- if(APPLE)

- set(LIBFUZZER_TEST_RUNTIME_OBJECTS

- $<TARGET_OBJECTS:RTfuzzer.osx>)

- else()

- set(LIBFUZZER_TEST_RUNTIME_OBJECTS

- $<TARGET_OBJECTS:RTfuzzer.${arch}>)

- endif()

- add_library(${LIBFUZZER_TEST_RUNTIME} STATIC

- ${LIBFUZZER_TEST_RUNTIME_OBJECTS})

- set_target_properties(${LIBFUZZER_TEST_RUNTIME} PROPERTIES

- ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}

- FOLDER "Compiler-RT Runtime tests")

- if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux" AND COMPILER_RT_LIBCXX_PATH)

- set(LIBFUZZER_TEST_RUNTIME_DEPS libcxx_fuzzer_${arch}-build)

- set(LIBFUZZER_TEST_RUNTIME_CFLAGS -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)

- set(LIBFUZZER_TEST_RUNTIME_LINK_FLAGS ${LIBCXX_${arch}_PREFIX}/lib/libc++.a)

- endif()

- set(FuzzerTestObjects)

- generate_compiler_rt_tests(FuzzerTestObjects

- FuzzerUnitTests "Fuzzer-${arch}-Test" ${arch}

- SOURCES FuzzerUnittest.cpp ${COMPILER_RT_GTEST_SOURCE}

- RUNTIME ${LIBFUZZER_TEST_RUNTIME}

- DEPS gtest ${LIBFUZZER_TEST_RUNTIME_DEPS}

- CFLAGS ${LIBFUZZER_UNITTEST_CFLAGS} ${LIBFUZZER_TEST_RUNTIME_CFLAGS}

- LINK_FLAGS ${LIBFUZZER_UNITTEST_LINK_FLAGS} ${LIBFUZZER_TEST_RUNTIME_LINK_FLAGS})

- set_target_properties(FuzzerUnitTests PROPERTIES

- RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})

-endif()

diff --git a/lib/fuzzer/tests/FuzzerUnittest.cpp b/lib/fuzzer/tests/FuzzerUnittest.cpp
deleted file mode 100644
index 7cdd44582329..000000000000
--- a/lib/fuzzer/tests/FuzzerUnittest.cpp
+++ /dev/null

@@ -1,964 +0,0 @@

-// This file is distributed under the University of Illinois Open Source

-// License. See LICENSE.TXT for details.

-// Avoid ODR violations (LibFuzzer is built without ASan and this test is built

-// with ASan) involving C++ standard library types when using libcxx.

-#define _LIBCPP_HAS_NO_ASAN

-// Do not attempt to use LLVM ostream from gtest.

-#define GTEST_NO_LLVM_RAW_OSTREAM 1

-#include "FuzzerCorpus.h"

-#include "FuzzerDictionary.h"

-#include "FuzzerInternal.h"

-#include "FuzzerMerge.h"

-#include "FuzzerMutate.h"

-#include "FuzzerRandom.h"

-#include "FuzzerTracePC.h"

-#include "gtest/gtest.h"

-#include <memory>

-#include <set>

-#include <sstream>

-using namespace fuzzer;

-// For now, have LLVMFuzzerTestOneInput just to make it link.

-// Later we may want to make unittests that actually call LLVMFuzzerTestOneInput.

-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {

- abort();

-TEST(Fuzzer, Basename) {

- EXPECT_EQ(Basename("foo/bar"), "bar");

- EXPECT_EQ(Basename("bar"), "bar");

- EXPECT_EQ(Basename("/bar"), "bar");

- EXPECT_EQ(Basename("foo/x"), "x");

- EXPECT_EQ(Basename("foo/"), "");

-#if LIBFUZZER_WINDOWS

- EXPECT_EQ(Basename("foo\\bar"), "bar");

- EXPECT_EQ(Basename("foo\\bar/baz"), "baz");

- EXPECT_EQ(Basename("\\bar"), "bar");

- EXPECT_EQ(Basename("foo\\x"), "x");

- EXPECT_EQ(Basename("foo\\"), "");

-#endif

-TEST(Fuzzer, CrossOver) {

- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());

- fuzzer::EF = t.get();

- Random Rand(0);

- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));

- Unit A({0, 1, 2}), B({5, 6, 7});

- Unit C;

- Unit Expected[] = {

- { 0 },

- { 0, 1 },

- { 0, 5 },

- { 0, 1, 2 },

- { 0, 1, 5 },

- { 0, 5, 1 },

- { 0, 5, 6 },

- { 0, 1, 2, 5 },

- { 0, 1, 5, 2 },

- { 0, 1, 5, 6 },

- { 0, 5, 1, 2 },

- { 0, 5, 1, 6 },

- { 0, 5, 6, 1 },

- { 0, 5, 6, 7 },

- { 0, 1, 2, 5, 6 },

- { 0, 1, 5, 2, 6 },

- { 0, 1, 5, 6, 2 },

- { 0, 1, 5, 6, 7 },

- { 0, 5, 1, 2, 6 },

- { 0, 5, 1, 6, 2 },

- { 0, 5, 1, 6, 7 },

- { 0, 5, 6, 1, 2 },

- { 0, 5, 6, 1, 7 },

- { 0, 5, 6, 7, 1 },

- { 0, 1, 2, 5, 6, 7 },

- { 0, 1, 5, 2, 6, 7 },

- { 0, 1, 5, 6, 2, 7 },

- { 0, 1, 5, 6, 7, 2 },

- { 0, 5, 1, 2, 6, 7 },

- { 0, 5, 1, 6, 2, 7 },

- { 0, 5, 1, 6, 7, 2 },

- { 0, 5, 6, 1, 2, 7 },

- { 0, 5, 6, 1, 7, 2 },

- { 0, 5, 6, 7, 1, 2 }

- };

- for (size_t Len = 1; Len < 8; Len++) {

- Set<Unit> FoundUnits, ExpectedUnitsWitThisLength;

- for (int Iter = 0; Iter < 3000; Iter++) {

- C.resize(Len);

- size_t NewSize = MD->CrossOver(A.data(), A.size(), B.data(), B.size(),

- C.data(), C.size());

- C.resize(NewSize);

- FoundUnits.insert(C);

- }

- for (const Unit &U : Expected)

- if (U.size() <= Len)

- ExpectedUnitsWitThisLength.insert(U);

- EXPECT_EQ(ExpectedUnitsWitThisLength, FoundUnits);

- }

-TEST(Fuzzer, Hash) {

- uint8_t A[] = {'a', 'b', 'c'};

- fuzzer::Unit U(A, A + sizeof(A));

- EXPECT_EQ("a9993e364706816aba3e25717850c26c9cd0d89d", fuzzer::Hash(U));

- U.push_back('d');

- EXPECT_EQ("81fe8bfe87576c3ecb22426f8e57847382917acf", fuzzer::Hash(U));

-typedef size_t (MutationDispatcher::*Mutator)(uint8_t *Data, size_t Size,

- size_t MaxSize);

-void TestEraseBytes(Mutator M, int NumIter) {

- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());

- fuzzer::EF = t.get();

- uint8_t REM0[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};

- uint8_t REM1[8] = {0x00, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};

- uint8_t REM2[8] = {0x00, 0x11, 0x33, 0x44, 0x55, 0x66, 0x77};

- uint8_t REM3[8] = {0x00, 0x11, 0x22, 0x44, 0x55, 0x66, 0x77};

- uint8_t REM4[8] = {0x00, 0x11, 0x22, 0x33, 0x55, 0x66, 0x77};

- uint8_t REM5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x66, 0x77};

- uint8_t REM6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x77};

- uint8_t REM7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};

- uint8_t REM8[6] = {0x22, 0x33, 0x44, 0x55, 0x66, 0x77};

- uint8_t REM9[6] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55};

- uint8_t REM10[6] = {0x00, 0x11, 0x22, 0x55, 0x66, 0x77};

- uint8_t REM11[5] = {0x33, 0x44, 0x55, 0x66, 0x77};

- uint8_t REM12[5] = {0x00, 0x11, 0x22, 0x33, 0x44};

- uint8_t REM13[5] = {0x00, 0x44, 0x55, 0x66, 0x77};

- Random Rand(0);

- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));

- int FoundMask = 0;

- for (int i = 0; i < NumIter; i++) {

- uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};

- size_t NewSize = (*MD.*M)(T, sizeof(T), sizeof(T));

- if (NewSize == 7 && !memcmp(REM0, T, 7)) FoundMask |= 1 << 0;

- if (NewSize == 7 && !memcmp(REM1, T, 7)) FoundMask |= 1 << 1;

- if (NewSize == 7 && !memcmp(REM2, T, 7)) FoundMask |= 1 << 2;

- if (NewSize == 7 && !memcmp(REM3, T, 7)) FoundMask |= 1 << 3;

- if (NewSize == 7 && !memcmp(REM4, T, 7)) FoundMask |= 1 << 4;

- if (NewSize == 7 && !memcmp(REM5, T, 7)) FoundMask |= 1 << 5;

- if (NewSize == 7 && !memcmp(REM6, T, 7)) FoundMask |= 1 << 6;

- if (NewSize == 7 && !memcmp(REM7, T, 7)) FoundMask |= 1 << 7;

- if (NewSize == 6 && !memcmp(REM8, T, 6)) FoundMask |= 1 << 8;

- if (NewSize == 6 && !memcmp(REM9, T, 6)) FoundMask |= 1 << 9;

- if (NewSize == 6 && !memcmp(REM10, T, 6)) FoundMask |= 1 << 10;

- if (NewSize == 5 && !memcmp(REM11, T, 5)) FoundMask |= 1 << 11;

- if (NewSize == 5 && !memcmp(REM12, T, 5)) FoundMask |= 1 << 12;

- if (NewSize == 5 && !memcmp(REM13, T, 5)) FoundMask |= 1 << 13;

- }

- EXPECT_EQ(FoundMask, (1 << 14) - 1);

-TEST(FuzzerMutate, EraseBytes1) {

- TestEraseBytes(&MutationDispatcher::Mutate_EraseBytes, 200);

-TEST(FuzzerMutate, EraseBytes2) {

- TestEraseBytes(&MutationDispatcher::Mutate, 2000);

-void TestInsertByte(Mutator M, int NumIter) {

- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());

- fuzzer::EF = t.get();

- Random Rand(0);

- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));

- int FoundMask = 0;

- uint8_t INS0[8] = {0xF1, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};

- uint8_t INS1[8] = {0x00, 0xF2, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};

- uint8_t INS2[8] = {0x00, 0x11, 0xF3, 0x22, 0x33, 0x44, 0x55, 0x66};

- uint8_t INS3[8] = {0x00, 0x11, 0x22, 0xF4, 0x33, 0x44, 0x55, 0x66};

- uint8_t INS4[8] = {0x00, 0x11, 0x22, 0x33, 0xF5, 0x44, 0x55, 0x66};

- uint8_t INS5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0xF6, 0x55, 0x66};

- uint8_t INS6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0xF7, 0x66};

- uint8_t INS7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF8};

- for (int i = 0; i < NumIter; i++) {

- uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};

- size_t NewSize = (*MD.*M)(T, 7, 8);

- if (NewSize == 8 && !memcmp(INS0, T, 8)) FoundMask |= 1 << 0;

- if (NewSize == 8 && !memcmp(INS1, T, 8)) FoundMask |= 1 << 1;

- if (NewSize == 8 && !memcmp(INS2, T, 8)) FoundMask |= 1 << 2;

- if (NewSize == 8 && !memcmp(INS3, T, 8)) FoundMask |= 1 << 3;

- if (NewSize == 8 && !memcmp(INS4, T, 8)) FoundMask |= 1 << 4;

- if (NewSize == 8 && !memcmp(INS5, T, 8)) FoundMask |= 1 << 5;

- if (NewSize == 8 && !memcmp(INS6, T, 8)) FoundMask |= 1 << 6;

- if (NewSize == 8 && !memcmp(INS7, T, 8)) FoundMask |= 1 << 7;

- }

- EXPECT_EQ(FoundMask, 255);

-TEST(FuzzerMutate, InsertByte1) {

- TestInsertByte(&MutationDispatcher::Mutate_InsertByte, 1 << 15);

-TEST(FuzzerMutate, InsertByte2) {

- TestInsertByte(&MutationDispatcher::Mutate, 1 << 17);

-void TestInsertRepeatedBytes(Mutator M, int NumIter) {

- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());

- fuzzer::EF = t.get();

- Random Rand(0);

- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));

- int FoundMask = 0;

- uint8_t INS0[7] = {0x00, 0x11, 0x22, 0x33, 'a', 'a', 'a'};

- uint8_t INS1[7] = {0x00, 0x11, 0x22, 'a', 'a', 'a', 0x33};

- uint8_t INS2[7] = {0x00, 0x11, 'a', 'a', 'a', 0x22, 0x33};

- uint8_t INS3[7] = {0x00, 'a', 'a', 'a', 0x11, 0x22, 0x33};

- uint8_t INS4[7] = {'a', 'a', 'a', 0x00, 0x11, 0x22, 0x33};

- uint8_t INS5[8] = {0x00, 0x11, 0x22, 0x33, 'b', 'b', 'b', 'b'};

- uint8_t INS6[8] = {0x00, 0x11, 0x22, 'b', 'b', 'b', 'b', 0x33};

- uint8_t INS7[8] = {0x00, 0x11, 'b', 'b', 'b', 'b', 0x22, 0x33};

- uint8_t INS8[8] = {0x00, 'b', 'b', 'b', 'b', 0x11, 0x22, 0x33};

- uint8_t INS9[8] = {'b', 'b', 'b', 'b', 0x00, 0x11, 0x22, 0x33};

- for (int i = 0; i < NumIter; i++) {

- uint8_t T[8] = {0x00, 0x11, 0x22, 0x33};

- size_t NewSize = (*MD.*M)(T, 4, 8);

- if (NewSize == 7 && !memcmp(INS0, T, 7)) FoundMask |= 1 << 0;

- if (NewSize == 7 && !memcmp(INS1, T, 7)) FoundMask |= 1 << 1;

- if (NewSize == 7 && !memcmp(INS2, T, 7)) FoundMask |= 1 << 2;

- if (NewSize == 7 && !memcmp(INS3, T, 7)) FoundMask |= 1 << 3;

- if (NewSize == 7 && !memcmp(INS4, T, 7)) FoundMask |= 1 << 4;

- if (NewSize == 8 && !memcmp(INS5, T, 8)) FoundMask |= 1 << 5;

- if (NewSize == 8 && !memcmp(INS6, T, 8)) FoundMask |= 1 << 6;

- if (NewSize == 8 && !memcmp(INS7, T, 8)) FoundMask |= 1 << 7;

- if (NewSize == 8 && !memcmp(INS8, T, 8)) FoundMask |= 1 << 8;

- if (NewSize == 8 && !memcmp(INS9, T, 8)) FoundMask |= 1 << 9;

- }

- EXPECT_EQ(FoundMask, (1 << 10) - 1);

-TEST(FuzzerMutate, InsertRepeatedBytes1) {

- TestInsertRepeatedBytes(&MutationDispatcher::Mutate_InsertRepeatedBytes, 10000);

-TEST(FuzzerMutate, InsertRepeatedBytes2) {

- TestInsertRepeatedBytes(&MutationDispatcher::Mutate, 300000);

-void TestChangeByte(Mutator M, int NumIter) {

- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());

- fuzzer::EF = t.get();

- Random Rand(0);

- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));

- int FoundMask = 0;

- uint8_t CH0[8] = {0xF0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};

- uint8_t CH1[8] = {0x00, 0xF1, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};

- uint8_t CH2[8] = {0x00, 0x11, 0xF2, 0x33, 0x44, 0x55, 0x66, 0x77};

- uint8_t CH3[8] = {0x00, 0x11, 0x22, 0xF3, 0x44, 0x55, 0x66, 0x77};

- uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0xF4, 0x55, 0x66, 0x77};

- uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0xF5, 0x66, 0x77};

- uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0xF5, 0x77};

- uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF7};

- for (int i = 0; i < NumIter; i++) {

- uint8_t T[9] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};

- size_t NewSize = (*MD.*M)(T, 8, 9);

- if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0;

- if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1;

- if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2;

- if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3;

- if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4;

- if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5;

- if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6;

- if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7;

- }

- EXPECT_EQ(FoundMask, 255);

-TEST(FuzzerMutate, ChangeByte1) {

- TestChangeByte(&MutationDispatcher::Mutate_ChangeByte, 1 << 15);

-TEST(FuzzerMutate, ChangeByte2) {

- TestChangeByte(&MutationDispatcher::Mutate, 1 << 17);

-void TestChangeBit(Mutator M, int NumIter) {

- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());

- fuzzer::EF = t.get();

- Random Rand(0);

- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));

- int FoundMask = 0;

- uint8_t CH0[8] = {0x01, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};

- uint8_t CH1[8] = {0x00, 0x13, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};

- uint8_t CH2[8] = {0x00, 0x11, 0x02, 0x33, 0x44, 0x55, 0x66, 0x77};

- uint8_t CH3[8] = {0x00, 0x11, 0x22, 0x37, 0x44, 0x55, 0x66, 0x77};

- uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0x54, 0x55, 0x66, 0x77};

- uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x54, 0x66, 0x77};

- uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x76, 0x77};