aboutsummaryrefslogtreecommitdiffstats
path: root/lib/fuzzer
diff options
context:
space:
mode:
authorDimitry Andric <dim@FreeBSD.org>2019-08-20 18:00:15 +0000
committerDimitry Andric <dim@FreeBSD.org>2019-08-20 18:00:15 +0000
commit63714eb5809e39666dec2454c354195e76f916ba (patch)
treee3714cd783c265396c2ef3c117047e7c0ea41619 /lib/fuzzer
parent0646903fc1f75f6e605754621119473ee083f4a4 (diff)
downloadsrc-63714eb5809e39666dec2454c354195e76f916ba.tar.gz
src-63714eb5809e39666dec2454c354195e76f916ba.zip
Remove upstream files and directories from vendor/compiler-rt/dist that
we do not use. This saves on repository space, and reduces the number of tree conflicts when merging.
Notes
Notes: svn path=/vendor/compiler-rt/dist/; revision=351268
Diffstat (limited to 'lib/fuzzer')
-rw-r--r--lib/fuzzer/CMakeLists.txt147
-rw-r--r--lib/fuzzer/afl/afl_driver.cpp378
-rwxr-xr-xlib/fuzzer/build.sh11
-rw-r--r--lib/fuzzer/dataflow/DataFlow.cpp217
-rwxr-xr-xlib/fuzzer/scripts/collect_data_flow.py79
-rwxr-xr-xlib/fuzzer/scripts/merge_data_flow.py36
-rwxr-xr-xlib/fuzzer/scripts/unbalanced_allocs.py93
-rw-r--r--lib/fuzzer/standalone/StandaloneFuzzTargetMain.c41
-rw-r--r--lib/fuzzer/tests/CMakeLists.txt64
-rw-r--r--lib/fuzzer/tests/FuzzerUnittest.cpp964
10 files changed, 0 insertions, 2030 deletions
diff --git a/lib/fuzzer/CMakeLists.txt b/lib/fuzzer/CMakeLists.txt
deleted file mode 100644
index caea9734fe53..000000000000
--- a/lib/fuzzer/CMakeLists.txt
+++ /dev/null
@@ -1,147 +0,0 @@
-set(LIBFUZZER_SOURCES
- FuzzerCrossOver.cpp
- FuzzerDataFlowTrace.cpp
- FuzzerDriver.cpp
- FuzzerExtFunctionsDlsym.cpp
- FuzzerExtFunctionsWeak.cpp
- FuzzerExtFunctionsWindows.cpp
- FuzzerExtraCounters.cpp
- FuzzerIO.cpp
- FuzzerIOPosix.cpp
- FuzzerIOWindows.cpp
- FuzzerLoop.cpp
- FuzzerMerge.cpp
- FuzzerMutate.cpp
- FuzzerSHA1.cpp
- FuzzerShmemFuchsia.cpp
- FuzzerShmemPosix.cpp
- FuzzerShmemWindows.cpp
- FuzzerTracePC.cpp
- FuzzerUtil.cpp
- FuzzerUtilDarwin.cpp
- FuzzerUtilFuchsia.cpp
- FuzzerUtilLinux.cpp
- FuzzerUtilPosix.cpp
- FuzzerUtilWindows.cpp)
-
-set(LIBFUZZER_HEADERS
- FuzzerBuiltins.h
- FuzzerBuiltinsMsvc.h
- FuzzerCommand.h
- FuzzerCorpus.h
- FuzzerDataFlowTrace.h
- FuzzerDefs.h
- FuzzerDictionary.h
- FuzzerExtFunctions.def
- FuzzerExtFunctions.h
- FuzzerFlags.def
- FuzzerIO.h
- FuzzerInterface.h
- FuzzerInternal.h
- FuzzerMerge.h
- FuzzerMutate.h
- FuzzerOptions.h
- FuzzerRandom.h
- FuzzerSHA1.h
- FuzzerShmem.h
- FuzzerTracePC.h
- FuzzerUtil.h
- FuzzerValueBitMap.h)
-
-CHECK_CXX_SOURCE_COMPILES("
- static thread_local int blah;
- int main() {
- return 0;
- }
- " HAS_THREAD_LOCAL)
-
-set(LIBFUZZER_CFLAGS ${SANITIZER_COMMON_CFLAGS})
-
-if(OS_NAME MATCHES "Linux|Fuchsia" AND COMPILER_RT_LIBCXX_PATH)
- list(APPEND LIBFUZZER_CFLAGS -nostdinc++ -D_LIBCPP_ABI_VERSION=Fuzzer)
- # Remove -stdlib= which is unused when passing -nostdinc++.
- string(REGEX REPLACE "-stdlib=[a-zA-Z+]*" "" CMAKE_CXX_FLAGS ${CMAKE_CXX_FLAGS})
-elseif(TARGET cxx-headers OR HAVE_LIBCXX)
- set(LIBFUZZER_DEPS cxx-headers)
-endif()
-
-append_list_if(COMPILER_RT_HAS_OMIT_FRAME_POINTER_FLAG -fno-omit-frame-pointer LIBFUZZER_CFLAGS)
-
-if (CMAKE_CXX_FLAGS MATCHES "fsanitize-coverage")
- list(APPEND LIBFUZZER_CFLAGS -fno-sanitize-coverage=trace-pc-guard,edge,trace-cmp,indirect-calls,8bit-counters)
-endif()
-
-if(NOT HAS_THREAD_LOCAL)
- list(APPEND LIBFUZZER_CFLAGS -Dthread_local=__thread)
-endif()
-
-set(FUZZER_SUPPORTED_OS ${SANITIZER_COMMON_SUPPORTED_OS})
-
-add_compiler_rt_object_libraries(RTfuzzer
- OS ${FUZZER_SUPPORTED_OS}
- ARCHS ${FUZZER_SUPPORTED_ARCH}
- SOURCES ${LIBFUZZER_SOURCES}
- ADDITIONAL_HEADERS ${LIBFUZZER_HEADERS}
- CFLAGS ${LIBFUZZER_CFLAGS}
- DEPS ${LIBFUZZER_DEPS})
-
-add_compiler_rt_object_libraries(RTfuzzer_main
- OS ${FUZZER_SUPPORTED_OS}
- ARCHS ${FUZZER_SUPPORTED_ARCH}
- SOURCES FuzzerMain.cpp
- CFLAGS ${LIBFUZZER_CFLAGS}
- DEPS ${LIBFUZZER_DEPS})
-
-add_compiler_rt_runtime(clang_rt.fuzzer
- STATIC
- OS ${FUZZER_SUPPORTED_OS}
- ARCHS ${FUZZER_SUPPORTED_ARCH}
- OBJECT_LIBS RTfuzzer RTfuzzer_main
- CFLAGS ${LIBFUZZER_CFLAGS}
- PARENT_TARGET fuzzer)
-
-add_compiler_rt_runtime(clang_rt.fuzzer_no_main
- STATIC
- OS ${FUZZER_SUPPORTED_OS}
- ARCHS ${FUZZER_SUPPORTED_ARCH}
- OBJECT_LIBS RTfuzzer
- CFLAGS ${LIBFUZZER_CFLAGS}
- PARENT_TARGET fuzzer)
-
-if(OS_NAME MATCHES "Linux|Fuchsia" AND COMPILER_RT_LIBCXX_PATH)
- macro(partially_link_libcxx name dir arch)
- set(cxx_${arch}_merge_dir "${CMAKE_CURRENT_BINARY_DIR}/cxx_${arch}_merge.dir")
- file(MAKE_DIRECTORY ${cxx_${arch}_merge_dir})
- add_custom_command(TARGET clang_rt.${name}-${arch} POST_BUILD
- COMMAND ${CMAKE_LINKER} --whole-archive "$<TARGET_LINKER_FILE:clang_rt.${name}-${arch}>" --no-whole-archive ${dir}/lib/libc++.a -r -o ${name}.o
- COMMAND ${CMAKE_OBJCOPY} --localize-hidden ${name}.o
- COMMAND ${CMAKE_COMMAND} -E remove "$<TARGET_LINKER_FILE:clang_rt.${name}-${arch}>"
- COMMAND ${CMAKE_AR} qcs "$<TARGET_LINKER_FILE:clang_rt.${name}-${arch}>" ${name}.o
- WORKING_DIRECTORY ${cxx_${arch}_merge_dir}
- )
- endmacro()
-
- foreach(arch ${FUZZER_SUPPORTED_ARCH})
- get_target_flags_for_arch(${arch} TARGET_CFLAGS)
- set(LIBCXX_${arch}_PREFIX ${CMAKE_CURRENT_BINARY_DIR}/libcxx_fuzzer_${arch})
- add_custom_libcxx(libcxx_fuzzer_${arch} ${LIBCXX_${arch}_PREFIX}
- CFLAGS ${TARGET_CFLAGS}
- -D_LIBCPP_DISABLE_VISIBILITY_ANNOTATIONS=1
- -fvisibility=hidden
- CMAKE_ARGS -DCMAKE_CXX_COMPILER_WORKS=ON
- -DLIBCXX_ENABLE_EXCEPTIONS=OFF
- -DLIBCXX_ENABLE_SHARED=OFF
- -DLIBCXX_ABI_NAMESPACE=Fuzzer
- -DLIBCXX_CXX_ABI=none)
- target_compile_options(RTfuzzer.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)
- add_dependencies(RTfuzzer.${arch} libcxx_fuzzer_${arch}-build)
- target_compile_options(RTfuzzer_main.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)
- add_dependencies(RTfuzzer_main.${arch} libcxx_fuzzer_${arch}-build)
- partially_link_libcxx(fuzzer_no_main ${LIBCXX_${arch}_PREFIX} ${arch})
- partially_link_libcxx(fuzzer ${LIBCXX_${arch}_PREFIX} ${arch})
- endforeach()
-endif()
-
-if(COMPILER_RT_INCLUDE_TESTS)
- add_subdirectory(tests)
-endif()
diff --git a/lib/fuzzer/afl/afl_driver.cpp b/lib/fuzzer/afl/afl_driver.cpp
deleted file mode 100644
index 5a10c0d27f3a..000000000000
--- a/lib/fuzzer/afl/afl_driver.cpp
+++ /dev/null
@@ -1,378 +0,0 @@
-//===- afl_driver.cpp - a glue between AFL and libFuzzer --------*- C++ -* ===//
-//
-// The LLVM Compiler Infrastructure
-//
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
-//===----------------------------------------------------------------------===//
-
-/* This file allows to fuzz libFuzzer-style target functions
- (LLVMFuzzerTestOneInput) with AFL using AFL's persistent (in-process) mode.
-
-Usage:
-################################################################################
-cat << EOF > test_fuzzer.cc
-#include <stddef.h>
-#include <stdint.h>
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
- if (size > 0 && data[0] == 'H')
- if (size > 1 && data[1] == 'I')
- if (size > 2 && data[2] == '!')
- __builtin_trap();
- return 0;
-}
-EOF
-# Build your target with -fsanitize-coverage=trace-pc-guard using fresh clang.
-clang -g -fsanitize-coverage=trace-pc-guard test_fuzzer.cc -c
-# Build afl-llvm-rt.o.c from the AFL distribution.
-clang -c -w $AFL_HOME/llvm_mode/afl-llvm-rt.o.c
-# Build this file, link it with afl-llvm-rt.o.o and the target code.
-clang++ afl_driver.cpp test_fuzzer.o afl-llvm-rt.o.o
-# Run AFL:
-rm -rf IN OUT; mkdir IN OUT; echo z > IN/z;
-$AFL_HOME/afl-fuzz -i IN -o OUT ./a.out
-################################################################################
-Environment Variables:
-There are a few environment variables that can be set to use features that
-afl-fuzz doesn't have.
-
-AFL_DRIVER_STDERR_DUPLICATE_FILENAME: Setting this *appends* stderr to the file
-specified. If the file does not exist, it is created. This is useful for getting
-stack traces (when using ASAN for example) or original error messages on hard to
-reproduce bugs.
-
-AFL_DRIVER_EXTRA_STATS_FILENAME: Setting this causes afl_driver to write extra
-statistics to the file specified. Currently these are peak_rss_mb
-(the peak amount of virtual memory used in MB) and slowest_unit_time_secs. If
-the file does not exist it is created. If the file does exist then
-afl_driver assumes it was restarted by afl-fuzz and will try to read old
-statistics from the file. If that fails then the process will quit.
-
-*/
-#include <assert.h>
-#include <errno.h>
-#include <signal.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/resource.h>
-#include <sys/time.h>
-#include <unistd.h>
-
-#include <fstream>
-#include <iostream>
-#include <vector>
-
-// Platform detection. Copied from FuzzerInternal.h
-#ifdef __linux__
-#define LIBFUZZER_LINUX 1
-#define LIBFUZZER_APPLE 0
-#define LIBFUZZER_NETBSD 0
-#define LIBFUZZER_FREEBSD 0
-#define LIBFUZZER_OPENBSD 0
-#elif __APPLE__
-#define LIBFUZZER_LINUX 0
-#define LIBFUZZER_APPLE 1
-#define LIBFUZZER_NETBSD 0
-#define LIBFUZZER_FREEBSD 0
-#define LIBFUZZER_OPENBSD 0
-#elif __NetBSD__
-#define LIBFUZZER_LINUX 0
-#define LIBFUZZER_APPLE 0
-#define LIBFUZZER_NETBSD 1
-#define LIBFUZZER_FREEBSD 0
-#define LIBFUZZER_OPENBSD 0
-#elif __FreeBSD__
-#define LIBFUZZER_LINUX 0
-#define LIBFUZZER_APPLE 0
-#define LIBFUZZER_NETBSD 0
-#define LIBFUZZER_FREEBSD 1
-#define LIBFUZZER_OPENBSD 0
-#elif __OpenBSD__
-#define LIBFUZZER_LINUX 0
-#define LIBFUZZER_APPLE 0
-#define LIBFUZZER_NETBSD 0
-#define LIBFUZZER_FREEBSD 0
-#define LIBFUZZER_OPENBSD 1
-#else
-#error "Support for your platform has not been implemented"
-#endif
-
-// Used to avoid repeating error checking boilerplate. If cond is false, a
-// fatal error has occurred in the program. In this event print error_message
-// to stderr and abort(). Otherwise do nothing. Note that setting
-// AFL_DRIVER_STDERR_DUPLICATE_FILENAME may cause error_message to be appended
-// to the file as well, if the error occurs after the duplication is performed.
-#define CHECK_ERROR(cond, error_message) \
- if (!(cond)) { \
- fprintf(stderr, "%s\n", (error_message)); \
- abort(); \
- }
-
-// libFuzzer interface is thin, so we don't include any libFuzzer headers.
-extern "C" {
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
-__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
-}
-
-// Notify AFL about persistent mode.
-static volatile char AFL_PERSISTENT[] = "##SIG_AFL_PERSISTENT##";
-extern "C" int __afl_persistent_loop(unsigned int);
-static volatile char suppress_warning2 = AFL_PERSISTENT[0];
-
-// Notify AFL about deferred forkserver.
-static volatile char AFL_DEFER_FORKSVR[] = "##SIG_AFL_DEFER_FORKSRV##";
-extern "C" void __afl_manual_init();
-static volatile char suppress_warning1 = AFL_DEFER_FORKSVR[0];
-
-// Input buffer.
-static const size_t kMaxAflInputSize = 1 << 20;
-static uint8_t AflInputBuf[kMaxAflInputSize];
-
-// Variables we need for writing to the extra stats file.
-static FILE *extra_stats_file = NULL;
-static uint32_t previous_peak_rss = 0;
-static time_t slowest_unit_time_secs = 0;
-static const int kNumExtraStats = 2;
-static const char *kExtraStatsFormatString = "peak_rss_mb : %u\n"
- "slowest_unit_time_sec : %u\n";
-
-// Experimental feature to use afl_driver without AFL's deferred mode.
-// Needs to run before __afl_auto_init.
-__attribute__((constructor(0))) void __decide_deferred_forkserver(void) {
- if (getenv("AFL_DRIVER_DONT_DEFER")) {
- if (unsetenv("__AFL_DEFER_FORKSRV")) {
- perror("Failed to unset __AFL_DEFER_FORKSRV");
- abort();
- }
- }
-}
-
-// Copied from FuzzerUtil.cpp.
-size_t GetPeakRSSMb() {
- struct rusage usage;
- if (getrusage(RUSAGE_SELF, &usage))
- return 0;
- if (LIBFUZZER_LINUX || LIBFUZZER_NETBSD || LIBFUZZER_FREEBSD ||
- LIBFUZZER_OPENBSD) {
- // ru_maxrss is in KiB
- return usage.ru_maxrss >> 10;
- } else if (LIBFUZZER_APPLE) {
- // ru_maxrss is in bytes
- return usage.ru_maxrss >> 20;
- }
- assert(0 && "GetPeakRSSMb() is not implemented for your platform");
- return 0;
-}
-
-// Based on SetSigaction in FuzzerUtil.cpp
-static void SetSigaction(int signum,
- void (*callback)(int, siginfo_t *, void *)) {
- struct sigaction sigact;
- memset(&sigact, 0, sizeof(sigact));
- sigact.sa_sigaction = callback;
- if (sigaction(signum, &sigact, 0)) {
- fprintf(stderr, "libFuzzer: sigaction failed with %d\n", errno);
- exit(1);
- }
-}
-
-// Write extra stats to the file specified by the user. If none is specified
-// this function will never be called.
-static void write_extra_stats() {
- uint32_t peak_rss = GetPeakRSSMb();
-
- if (peak_rss < previous_peak_rss)
- peak_rss = previous_peak_rss;
-
- int chars_printed = fprintf(extra_stats_file, kExtraStatsFormatString,
- peak_rss, slowest_unit_time_secs);
-
- CHECK_ERROR(chars_printed != 0, "Failed to write extra_stats_file");
-
- CHECK_ERROR(fclose(extra_stats_file) == 0,
- "Failed to close extra_stats_file");
-}
-
-// Call write_extra_stats before we exit.
-static void crash_handler(int, siginfo_t *, void *) {
- // Make sure we don't try calling write_extra_stats again if we crashed while
- // trying to call it.
- static bool first_crash = true;
- CHECK_ERROR(first_crash,
- "Crashed in crash signal handler. This is a bug in the fuzzer.");
-
- first_crash = false;
- write_extra_stats();
-}
-
-// If the user has specified an extra_stats_file through the environment
-// variable AFL_DRIVER_EXTRA_STATS_FILENAME, then perform necessary set up
-// to write stats to it on exit. If no file is specified, do nothing. Otherwise
-// install signal and exit handlers to write to the file when the process exits.
-// Then if the file doesn't exist create it and set extra stats to 0. But if it
-// does exist then read the initial values of the extra stats from the file
-// and check that the file is writable.
-static void maybe_initialize_extra_stats() {
- // If AFL_DRIVER_EXTRA_STATS_FILENAME isn't set then we have nothing to do.
- char *extra_stats_filename = getenv("AFL_DRIVER_EXTRA_STATS_FILENAME");
- if (!extra_stats_filename)
- return;
-
- // Open the file and find the previous peak_rss_mb value.
- // This is necessary because the fuzzing process is restarted after N
- // iterations are completed. So we may need to get this value from a previous
- // process to be accurate.
- extra_stats_file = fopen(extra_stats_filename, "r");
-
- // If extra_stats_file already exists: read old stats from it.
- if (extra_stats_file) {
- int matches = fscanf(extra_stats_file, kExtraStatsFormatString,
- &previous_peak_rss, &slowest_unit_time_secs);
-
- // Make sure we have read a real extra stats file and that we have used it
- // to set slowest_unit_time_secs and previous_peak_rss.
- CHECK_ERROR(matches == kNumExtraStats, "Extra stats file is corrupt");
-
- CHECK_ERROR(fclose(extra_stats_file) == 0, "Failed to close file");
-
- // Now open the file for writing.
- extra_stats_file = fopen(extra_stats_filename, "w");
- CHECK_ERROR(extra_stats_file,
- "Failed to open extra stats file for writing");
- } else {
- // Looks like this is the first time in a fuzzing job this is being called.
- extra_stats_file = fopen(extra_stats_filename, "w+");
- CHECK_ERROR(extra_stats_file, "failed to create extra stats file");
- }
-
- // Make sure that crash_handler gets called on any kind of fatal error.
- int crash_signals[] = {SIGSEGV, SIGBUS, SIGABRT, SIGILL, SIGFPE, SIGINT,
- SIGTERM};
-
- const size_t num_signals = sizeof(crash_signals) / sizeof(crash_signals[0]);
-
- for (size_t idx = 0; idx < num_signals; idx++)
- SetSigaction(crash_signals[idx], crash_handler);
-
- // Make sure it gets called on other kinds of exits.
- atexit(write_extra_stats);
-}
-
-// If the user asks us to duplicate stderr, then do it.
-static void maybe_duplicate_stderr() {
- char* stderr_duplicate_filename =
- getenv("AFL_DRIVER_STDERR_DUPLICATE_FILENAME");
-
- if (!stderr_duplicate_filename)
- return;
-
- FILE* stderr_duplicate_stream =
- freopen(stderr_duplicate_filename, "a+", stderr);
-
- if (!stderr_duplicate_stream) {
- fprintf(
- stderr,
- "Failed to duplicate stderr to AFL_DRIVER_STDERR_DUPLICATE_FILENAME");
- abort();
- }
-}
-
-// Define LLVMFuzzerMutate to avoid link failures for targets that use it
-// with libFuzzer's LLVMFuzzerCustomMutator.
-extern "C" size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) {
- assert(false && "LLVMFuzzerMutate should not be called from afl_driver");
- return 0;
-}
-
-// Execute any files provided as parameters.
-int ExecuteFilesOnyByOne(int argc, char **argv) {
- for (int i = 1; i < argc; i++) {
- std::ifstream in(argv[i], std::ios::binary);
- in.seekg(0, in.end);
- size_t length = in.tellg();
- in.seekg (0, in.beg);
- std::cout << "Reading " << length << " bytes from " << argv[i] << std::endl;
- // Allocate exactly length bytes so that we reliably catch buffer overflows.
- std::vector<char> bytes(length);
- in.read(bytes.data(), bytes.size());
- assert(in);
- LLVMFuzzerTestOneInput(reinterpret_cast<const uint8_t *>(bytes.data()),
- bytes.size());
- std::cout << "Execution successful" << std::endl;
- }
- return 0;
-}
-
-int main(int argc, char **argv) {
- fprintf(stderr,
- "======================= INFO =========================\n"
- "This binary is built for AFL-fuzz.\n"
- "To run the target function on individual input(s) execute this:\n"
- " %s < INPUT_FILE\n"
- "or\n"
- " %s INPUT_FILE1 [INPUT_FILE2 ... ]\n"
- "To fuzz with afl-fuzz execute this:\n"
- " afl-fuzz [afl-flags] %s [-N]\n"
- "afl-fuzz will run N iterations before "
- "re-spawning the process (default: 1000)\n"
- "======================================================\n",
- argv[0], argv[0], argv[0]);
- if (LLVMFuzzerInitialize)
- LLVMFuzzerInitialize(&argc, &argv);
- // Do any other expensive one-time initialization here.
-
- maybe_duplicate_stderr();
- maybe_initialize_extra_stats();
-
- if (!getenv("AFL_DRIVER_DONT_DEFER"))
- __afl_manual_init();
-
- int N = 1000;
- if (argc == 2 && argv[1][0] == '-')
- N = atoi(argv[1] + 1);
- else if(argc == 2 && (N = atoi(argv[1])) > 0)
- fprintf(stderr, "WARNING: using the deprecated call style `%s %d`\n",
- argv[0], N);
- else if (argc > 1)
- return ExecuteFilesOnyByOne(argc, argv);
-
- assert(N > 0);
-
- // Call LLVMFuzzerTestOneInput here so that coverage caused by initialization
- // on the first execution of LLVMFuzzerTestOneInput is ignored.
- uint8_t dummy_input[1] = {0};
- LLVMFuzzerTestOneInput(dummy_input, 1);
-
- time_t unit_time_secs;
- int num_runs = 0;
- while (__afl_persistent_loop(N)) {
- ssize_t n_read = read(0, AflInputBuf, kMaxAflInputSize);
- if (n_read > 0) {
- // Copy AflInputBuf into a separate buffer to let asan find buffer
- // overflows. Don't use unique_ptr/etc to avoid extra dependencies.
- uint8_t *copy = new uint8_t[n_read];
- memcpy(copy, AflInputBuf, n_read);
-
- struct timeval unit_start_time;
- CHECK_ERROR(gettimeofday(&unit_start_time, NULL) == 0,
- "Calling gettimeofday failed");
-
- num_runs++;
- LLVMFuzzerTestOneInput(copy, n_read);
-
- struct timeval unit_stop_time;
- CHECK_ERROR(gettimeofday(&unit_stop_time, NULL) == 0,
- "Calling gettimeofday failed");
-
- // Update slowest_unit_time_secs if we see a new max.
- unit_time_secs = unit_stop_time.tv_sec - unit_start_time.tv_sec;
- if (slowest_unit_time_secs < unit_time_secs)
- slowest_unit_time_secs = unit_time_secs;
-
- delete[] copy;
- }
- }
- fprintf(stderr, "%s: successfully executed %d input(s)\n", argv[0], num_runs);
-}
diff --git a/lib/fuzzer/build.sh b/lib/fuzzer/build.sh
deleted file mode 100755
index 504e54e3a819..000000000000
--- a/lib/fuzzer/build.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-LIBFUZZER_SRC_DIR=$(dirname $0)
-CXX="${CXX:-clang}"
-for f in $LIBFUZZER_SRC_DIR/*.cpp; do
- $CXX -g -O2 -fno-omit-frame-pointer -std=c++11 $f -c &
-done
-wait
-rm -f libFuzzer.a
-ar ru libFuzzer.a Fuzzer*.o
-rm -f Fuzzer*.o
-
diff --git a/lib/fuzzer/dataflow/DataFlow.cpp b/lib/fuzzer/dataflow/DataFlow.cpp
deleted file mode 100644
index a79c796ac456..000000000000
--- a/lib/fuzzer/dataflow/DataFlow.cpp
+++ /dev/null
@@ -1,217 +0,0 @@
-/*===- DataFlow.cpp - a standalone DataFlow tracer -------===//
-//
-// The LLVM Compiler Infrastructure
-//
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
-//
-//===----------------------------------------------------------------------===//
-// An experimental data-flow tracer for fuzz targets.
-// It is based on DFSan and SanitizerCoverage.
-// https://clang.llvm.org/docs/DataFlowSanitizer.html
-// https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-data-flow
-//
-// It executes the fuzz target on the given input while monitoring the
-// data flow for every instrumented comparison instruction.
-//
-// The output shows which functions depend on which bytes of the input.
-//
-// Build:
-// 1. Compile this file with -fsanitize=dataflow
-// 2. Build the fuzz target with -g -fsanitize=dataflow
-// -fsanitize-coverage=trace-pc-guard,pc-table,func,trace-cmp
-// 3. Link those together with -fsanitize=dataflow
-//
-// -fsanitize-coverage=trace-cmp inserts callbacks around every comparison
-// instruction, DFSan modifies the calls to pass the data flow labels.
-// The callbacks update the data flow label for the current function.
-// See e.g. __dfsw___sanitizer_cov_trace_cmp1 below.
-//
-// -fsanitize-coverage=trace-pc-guard,pc-table,func instruments function
-// entries so that the comparison callback knows that current function.
-//
-//
-// Run:
-// # Collect data flow for INPUT_FILE, write to OUTPUT_FILE (default: stdout)
-// ./a.out INPUT_FILE [OUTPUT_FILE]
-//
-// # Print all instrumented functions. llvm-symbolizer must be present in PATH
-// ./a.out
-//
-// Example output:
-// ===============
-// F0 11111111111111
-// F1 10000000000000
-// ===============
-// "FN xxxxxxxxxx": tells what bytes of the input does the function N depend on.
-// The byte string is LEN+1 bytes. The last byte is set if the function
-// depends on the input length.
-//===----------------------------------------------------------------------===*/
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-
-#include <execinfo.h> // backtrace_symbols_fd
-
-#include <sanitizer/dfsan_interface.h>
-
-extern "C" {
-extern int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size);
-__attribute__((weak)) extern int LLVMFuzzerInitialize(int *argc, char ***argv);
-} // extern "C"
-
-static size_t InputLen;
-static size_t NumFuncs;
-static const uintptr_t *FuncsBeg;
-static __thread size_t CurrentFunc;
-static dfsan_label *FuncLabels; // Array of NumFuncs elements.
-static char *PrintableStringForLabel; // InputLen + 2 bytes.
-static bool LabelSeen[1 << 8 * sizeof(dfsan_label)];
-
-// Prints all instrumented functions.
-static int PrintFunctions() {
- // We don't have the symbolizer integrated with dfsan yet.
- // So use backtrace_symbols_fd and pipe it through llvm-symbolizer.
- // TODO(kcc): this is pretty ugly and may break in lots of ways.
- // We'll need to make a proper in-process symbolizer work with DFSan.
- FILE *Pipe = popen("sed 's/(+/ /g; s/).*//g' "
- "| llvm-symbolizer "
- "| grep 'dfs\\$' "
- "| sed 's/dfs\\$//g'", "w");
- for (size_t I = 0; I < NumFuncs; I++) {
- uintptr_t PC = FuncsBeg[I * 2];
- void *const Buf[1] = {(void*)PC};
- backtrace_symbols_fd(Buf, 1, fileno(Pipe));
- }
- pclose(Pipe);
- return 0;
-}
-
-extern "C"
-void SetBytesForLabel(dfsan_label L, char *Bytes) {
- if (LabelSeen[L])
- return;
- LabelSeen[L] = true;
- assert(L);
- if (L <= InputLen + 1) {
- Bytes[L - 1] = '1';
- } else {
- auto *DLI = dfsan_get_label_info(L);
- SetBytesForLabel(DLI->l1, Bytes);
- SetBytesForLabel(DLI->l2, Bytes);
- }
-}
-
-static char *GetPrintableStringForLabel(dfsan_label L) {
- memset(PrintableStringForLabel, '0', InputLen + 1);
- PrintableStringForLabel[InputLen + 1] = 0;
- memset(LabelSeen, 0, sizeof(LabelSeen));
- SetBytesForLabel(L, PrintableStringForLabel);
- return PrintableStringForLabel;
-}
-
-static void PrintDataFlow(FILE *Out) {
- for (size_t I = 0; I < NumFuncs; I++)
- if (FuncLabels[I])
- fprintf(Out, "F%zd %s\n", I, GetPrintableStringForLabel(FuncLabels[I]));
-}
-
-int main(int argc, char **argv) {
- if (LLVMFuzzerInitialize)
- LLVMFuzzerInitialize(&argc, &argv);
- if (argc == 1)
- return PrintFunctions();
- assert(argc == 4 || argc == 5);
- size_t Beg = atoi(argv[1]);
- size_t End = atoi(argv[2]);
- assert(Beg < End);
-
- const char *Input = argv[3];
- fprintf(stderr, "INFO: reading '%s'\n", Input);
- FILE *In = fopen(Input, "r");
- assert(In);
- fseek(In, 0, SEEK_END);
- InputLen = ftell(In);
- fseek(In, 0, SEEK_SET);
- unsigned char *Buf = (unsigned char*)malloc(InputLen);
- size_t NumBytesRead = fread(Buf, 1, InputLen, In);
- assert(NumBytesRead == InputLen);
- PrintableStringForLabel = (char*)malloc(InputLen + 2);
- fclose(In);
-
- fprintf(stderr, "INFO: running '%s'\n", Input);
- for (size_t I = 1; I <= InputLen; I++) {
- dfsan_label L = dfsan_create_label("", nullptr);
- assert(L == I);
- size_t Idx = I - 1;
- if (Idx >= Beg && Idx < End)
- dfsan_set_label(L, Buf + Idx, 1);
- }
- dfsan_label SizeL = dfsan_create_label("", nullptr);
- assert(SizeL == InputLen + 1);
- dfsan_set_label(SizeL, &InputLen, sizeof(InputLen));
-
- LLVMFuzzerTestOneInput(Buf, InputLen);
- free(Buf);
-
- bool OutIsStdout = argc == 4;
- fprintf(stderr, "INFO: writing dataflow to %s\n",
- OutIsStdout ? "<stdout>" : argv[4]);
- FILE *Out = OutIsStdout ? stdout : fopen(argv[4], "w");
- PrintDataFlow(Out);
- if (!OutIsStdout) fclose(Out);
-}
-
-extern "C" {
-
-void __sanitizer_cov_trace_pc_guard_init(uint32_t *start,
- uint32_t *stop) {
- assert(NumFuncs == 0 && "This tool does not support DSOs");
- assert(start < stop && "The code is not instrumented for coverage");
- if (start == stop || *start) return; // Initialize only once.
- for (uint32_t *x = start; x < stop; x++)
- *x = ++NumFuncs; // The first index is 1.
- FuncLabels = (dfsan_label*)calloc(NumFuncs, sizeof(dfsan_label));
- fprintf(stderr, "INFO: %zd instrumented function(s) observed\n", NumFuncs);
-}
-
-void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg,
- const uintptr_t *pcs_end) {
- assert(NumFuncs == (pcs_end - pcs_beg) / 2);
- FuncsBeg = pcs_beg;
-}
-
-void __sanitizer_cov_trace_pc_indir(uint64_t x){} // unused.
-
-void __sanitizer_cov_trace_pc_guard(uint32_t *guard){
- uint32_t FuncNum = *guard - 1; // Guards start from 1.
- assert(FuncNum < NumFuncs);
- CurrentFunc = FuncNum;
-}
-
-void __dfsw___sanitizer_cov_trace_switch(uint64_t Val, uint64_t *Cases,
- dfsan_label L1, dfsan_label UnusedL) {
- assert(CurrentFunc < NumFuncs);
- FuncLabels[CurrentFunc] = dfsan_union(FuncLabels[CurrentFunc], L1);
-}
-
-#define HOOK(Name, Type) \
- void Name(Type Arg1, Type Arg2, dfsan_label L1, dfsan_label L2) { \
- assert(CurrentFunc < NumFuncs); \
- FuncLabels[CurrentFunc] = \
- dfsan_union(FuncLabels[CurrentFunc], dfsan_union(L1, L2)); \
- }
-
-HOOK(__dfsw___sanitizer_cov_trace_const_cmp1, uint8_t)
-HOOK(__dfsw___sanitizer_cov_trace_const_cmp2, uint16_t)
-HOOK(__dfsw___sanitizer_cov_trace_const_cmp4, uint32_t)
-HOOK(__dfsw___sanitizer_cov_trace_const_cmp8, uint64_t)
-HOOK(__dfsw___sanitizer_cov_trace_cmp1, uint8_t)
-HOOK(__dfsw___sanitizer_cov_trace_cmp2, uint16_t)
-HOOK(__dfsw___sanitizer_cov_trace_cmp4, uint32_t)
-HOOK(__dfsw___sanitizer_cov_trace_cmp8, uint64_t)
-
-} // extern "C"
diff --git a/lib/fuzzer/scripts/collect_data_flow.py b/lib/fuzzer/scripts/collect_data_flow.py
deleted file mode 100755
index 3edff66bb9d1..000000000000
--- a/lib/fuzzer/scripts/collect_data_flow.py
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/usr/bin/env python
-#===- lib/fuzzer/scripts/collect_data_flow.py ------------------------------===#
-#
-# The LLVM Compiler Infrastructure
-#
-# This file is distributed under the University of Illinois Open Source
-# License. See LICENSE.TXT for details.
-#
-#===------------------------------------------------------------------------===#
-# Runs the data-flow tracer several times on the same input in order to collect
-# the complete trace for all input bytes (running it on all bytes at once
-# may fail if DFSan runs out of labels).
-# Usage:
-#
-# # Collect dataflow for one input, store it in OUTPUT (default is stdout)
-# collect_data_flow.py BINARY INPUT [OUTPUT]
-#
-# # Collect dataflow for all inputs in CORPUS_DIR, store them in OUTPUT_DIR
-# collect_data_flow.py BINARY CORPUS_DIR OUTPUT_DIR
-#===------------------------------------------------------------------------===#
-import atexit
-import hashlib
-import sys
-import os
-import subprocess
-import tempfile
-import shutil
-
-tmpdir = ""
-
-def cleanup(d):
- print("removing: %s" % d)
- shutil.rmtree(d)
-
-def collect_dataflow_for_corpus(self, exe, corpus_dir, output_dir):
- print("Collecting dataflow for corpus: %s output_dir: %s" % (corpus_dir,
- output_dir))
- assert not os.path.exists(output_dir)
- os.mkdir(output_dir)
- for root, dirs, files in os.walk(corpus_dir):
- for f in files:
- path = os.path.join(root, f)
- sha1 = hashlib.sha1(open(path).read()).hexdigest()
- output = os.path.join(output_dir, sha1)
- subprocess.call([self, exe, path, output])
- functions_txt = open(os.path.join(output_dir, "functions.txt"), "w")
- subprocess.call([exe], stdout=functions_txt)
-
-
-def main(argv):
- exe = argv[1]
- inp = argv[2]
- if os.path.isdir(inp):
- return collect_dataflow_for_corpus(argv[0], exe, inp, argv[3])
- size = os.path.getsize(inp)
- q = [[0, size]]
- tmpdir = tempfile.mkdtemp(prefix="libfuzzer-tmp-")
- atexit.register(cleanup, tmpdir)
- print "tmpdir: ", tmpdir
- outputs = []
- while len(q):
- r = q.pop()
- print "******* Trying: ", r
- tmpfile = os.path.join(tmpdir, str(r[0]) + "-" + str(r[1]))
- ret = subprocess.call([exe, str(r[0]), str(r[1]), inp, tmpfile])
- if ret and r[1] - r[0] >= 2:
- q.append([r[0], (r[1] + r[0]) / 2])
- q.append([(r[1] + r[0]) / 2, r[1]])
- else:
- outputs.append(tmpfile)
- print "******* Success: ", r
- f = sys.stdout
- if len(argv) >= 4:
- f = open(argv[3], "w")
- merge = os.path.join(os.path.dirname(argv[0]), "merge_data_flow.py")
- subprocess.call([merge] + outputs, stdout=f)
-
-if __name__ == '__main__':
- main(sys.argv)
diff --git a/lib/fuzzer/scripts/merge_data_flow.py b/lib/fuzzer/scripts/merge_data_flow.py
deleted file mode 100755
index d2f5081e7b8c..000000000000
--- a/lib/fuzzer/scripts/merge_data_flow.py
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env python
-#===- lib/fuzzer/scripts/merge_data_flow.py ------------------------------===#
-#
-# The LLVM Compiler Infrastructure
-#
-# This file is distributed under the University of Illinois Open Source
-# License. See LICENSE.TXT for details.
-#
-#===------------------------------------------------------------------------===#
-# Merge several data flow traces into one.
-# Usage:
-# merge_data_flow.py trace1 trace2 ... > result
-#===------------------------------------------------------------------------===#
-import sys
-import fileinput
-from array import array
-
-def Merge(a, b):
- res = array('b')
- for i in range(0, len(a)):
- res.append(ord('1' if a[i] == '1' or b[i] == '1' else '0'))
- return res.tostring()
-
-def main(argv):
- D = {}
- for line in fileinput.input():
- [F,BV] = line.strip().split(' ')
- if F in D:
- D[F] = Merge(D[F], BV)
- else:
- D[F] = BV;
- for F in D.keys():
- print("%s %s" % (F, D[F]))
-
-if __name__ == '__main__':
- main(sys.argv)
diff --git a/lib/fuzzer/scripts/unbalanced_allocs.py b/lib/fuzzer/scripts/unbalanced_allocs.py
deleted file mode 100755
index 74478ad55af0..000000000000
--- a/lib/fuzzer/scripts/unbalanced_allocs.py
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/usr/bin/env python
-#===- lib/fuzzer/scripts/unbalanced_allocs.py ------------------------------===#
-#
-# The LLVM Compiler Infrastructure
-#
-# This file is distributed under the University of Illinois Open Source
-# License. See LICENSE.TXT for details.
-#
-#===------------------------------------------------------------------------===#
-#
-# Post-process -trace_malloc=2 output and printout only allocations and frees
-# unbalanced inside of fuzzer runs.
-# Usage:
-# my_fuzzer -trace_malloc=2 -runs=10 2>&1 | unbalanced_allocs.py -skip=5
-#
-#===------------------------------------------------------------------------===#
-
-import argparse
-import sys
-
-_skip = 0
-
-def PrintStack(line, stack):
- global _skip
- if _skip > 0:
- return
- print('Unbalanced ' + line.rstrip());
- for l in stack:
- print(l.rstrip())
-
-def ProcessStack(line, f):
- stack = []
- while line and line.startswith(' #'):
- stack += [line]
- line = f.readline()
- return line, stack
-
-def ProcessFree(line, f, allocs):
- if not line.startswith('FREE['):
- return f.readline()
-
- addr = int(line.split()[1], 16)
- next_line, stack = ProcessStack(f.readline(), f)
- if addr in allocs:
- del allocs[addr]
- else:
- PrintStack(line, stack)
- return next_line
-
-def ProcessMalloc(line, f, allocs):
- if not line.startswith('MALLOC['):
- return ProcessFree(line, f, allocs)
-
- addr = int(line.split()[1], 16)
- assert not addr in allocs
-
- next_line, stack = ProcessStack(f.readline(), f)
- allocs[addr] = (line, stack)
- return next_line
-
-def ProcessRun(line, f):
- if not line.startswith('MallocFreeTracer: START'):
- return ProcessMalloc(line, f, {})
-
- allocs = {}
- print(line.rstrip())
- line = f.readline()
- while line:
- if line.startswith('MallocFreeTracer: STOP'):
- global _skip
- _skip = _skip - 1
- for _, (l, s) in allocs.items():
- PrintStack(l, s)
- print(line.rstrip())
- return f.readline()
- line = ProcessMalloc(line, f, allocs)
- return line
-
-def ProcessFile(f):
- line = f.readline()
- while line:
- line = ProcessRun(line, f);
-
-def main(argv):
- parser = argparse.ArgumentParser()
- parser.add_argument('--skip', default=0, help='number of runs to ignore')
- args = parser.parse_args()
- global _skip
- _skip = int(args.skip) + 1
- ProcessFile(sys.stdin)
-
-if __name__ == '__main__':
- main(sys.argv)
diff --git a/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c b/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c
deleted file mode 100644
index 0d76ea49e796..000000000000
--- a/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*===- StandaloneFuzzTargetMain.c - standalone main() for fuzz targets. ---===//
-//
-// The LLVM Compiler Infrastructure
-//
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
-//
-//===----------------------------------------------------------------------===//
-// This main() function can be linked to a fuzz target (i.e. a library
-// that exports LLVMFuzzerTestOneInput() and possibly LLVMFuzzerInitialize())
-// instead of libFuzzer. This main() function will not perform any fuzzing
-// but will simply feed all input files one by one to the fuzz target.
-//
-// Use this file to provide reproducers for bugs when linking against libFuzzer
-// or other fuzzing engine is undesirable.
-//===----------------------------------------------------------------------===*/
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
-__attribute__((weak)) extern int LLVMFuzzerInitialize(int *argc, char ***argv);
-int main(int argc, char **argv) {
- fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1);
- if (LLVMFuzzerInitialize)
- LLVMFuzzerInitialize(&argc, &argv);
- for (int i = 1; i < argc; i++) {
- fprintf(stderr, "Running: %s\n", argv[i]);
- FILE *f = fopen(argv[i], "r");
- assert(f);
- fseek(f, 0, SEEK_END);
- size_t len = ftell(f);
- fseek(f, 0, SEEK_SET);
- unsigned char *buf = (unsigned char*)malloc(len);
- size_t n_read = fread(buf, 1, len, f);
- assert(n_read == len);
- LLVMFuzzerTestOneInput(buf, len);
- free(buf);
- fprintf(stderr, "Done: %s: (%zd bytes)\n", argv[i], n_read);
- }
-}
diff --git a/lib/fuzzer/tests/CMakeLists.txt b/lib/fuzzer/tests/CMakeLists.txt
deleted file mode 100644
index 6abb72def3e1..000000000000
--- a/lib/fuzzer/tests/CMakeLists.txt
+++ /dev/null
@@ -1,64 +0,0 @@
-include(CompilerRTCompile)
-
-set(LIBFUZZER_UNITTEST_CFLAGS
- ${COMPILER_RT_UNITTEST_CFLAGS}
- ${COMPILER_RT_GTEST_CFLAGS}
- -I${COMPILER_RT_SOURCE_DIR}/lib/fuzzer
- -fno-rtti
- -O2)
-
-if (APPLE)
- set(FUZZER_SUPPORTED_OS osx)
-endif()
-
-add_custom_target(FuzzerUnitTests)
-set_target_properties(FuzzerUnitTests PROPERTIES FOLDER "Compiler-RT Tests")
-
-set(LIBFUZZER_UNITTEST_LINK_FLAGS ${COMPILER_RT_UNITTEST_LINK_FLAGS})
-list(APPEND LIBFUZZER_UNITTEST_LINK_FLAGS --driver-mode=g++)
-
-if(APPLE OR CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
- list(APPEND LIBFUZZER_UNITTEST_LINK_FLAGS -lc++ -lpthread)
-elseif(NOT WIN32)
- list(APPEND LIBFUZZER_UNITTEST_LINK_FLAGS -lstdc++ -lpthread)
-endif()
-
-if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux" AND COMPILER_RT_LIBCXX_PATH)
- list(APPEND LIBFUZZER_UNITTEST_CFLAGS -nostdinc++)
-endif()
-
-if(COMPILER_RT_DEFAULT_TARGET_ARCH IN_LIST FUZZER_SUPPORTED_ARCH)
- # libFuzzer unit tests are only run on the host machine.
- set(arch ${COMPILER_RT_DEFAULT_TARGET_ARCH})
-
- set(LIBFUZZER_TEST_RUNTIME RTFuzzerTest.${arch})
- if(APPLE)
- set(LIBFUZZER_TEST_RUNTIME_OBJECTS
- $<TARGET_OBJECTS:RTfuzzer.osx>)
- else()
- set(LIBFUZZER_TEST_RUNTIME_OBJECTS
- $<TARGET_OBJECTS:RTfuzzer.${arch}>)
- endif()
- add_library(${LIBFUZZER_TEST_RUNTIME} STATIC
- ${LIBFUZZER_TEST_RUNTIME_OBJECTS})
- set_target_properties(${LIBFUZZER_TEST_RUNTIME} PROPERTIES
- ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
- FOLDER "Compiler-RT Runtime tests")
-
- if("${CMAKE_SYSTEM_NAME}" STREQUAL "Linux" AND COMPILER_RT_LIBCXX_PATH)
- set(LIBFUZZER_TEST_RUNTIME_DEPS libcxx_fuzzer_${arch}-build)
- set(LIBFUZZER_TEST_RUNTIME_CFLAGS -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)
- set(LIBFUZZER_TEST_RUNTIME_LINK_FLAGS ${LIBCXX_${arch}_PREFIX}/lib/libc++.a)
- endif()
-
- set(FuzzerTestObjects)
- generate_compiler_rt_tests(FuzzerTestObjects
- FuzzerUnitTests "Fuzzer-${arch}-Test" ${arch}
- SOURCES FuzzerUnittest.cpp ${COMPILER_RT_GTEST_SOURCE}
- RUNTIME ${LIBFUZZER_TEST_RUNTIME}
- DEPS gtest ${LIBFUZZER_TEST_RUNTIME_DEPS}
- CFLAGS ${LIBFUZZER_UNITTEST_CFLAGS} ${LIBFUZZER_TEST_RUNTIME_CFLAGS}
- LINK_FLAGS ${LIBFUZZER_UNITTEST_LINK_FLAGS} ${LIBFUZZER_TEST_RUNTIME_LINK_FLAGS})
- set_target_properties(FuzzerUnitTests PROPERTIES
- RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})
-endif()
diff --git a/lib/fuzzer/tests/FuzzerUnittest.cpp b/lib/fuzzer/tests/FuzzerUnittest.cpp
deleted file mode 100644
index 7cdd44582329..000000000000
--- a/lib/fuzzer/tests/FuzzerUnittest.cpp
+++ /dev/null
@@ -1,964 +0,0 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
-
-// Avoid ODR violations (LibFuzzer is built without ASan and this test is built
-// with ASan) involving C++ standard library types when using libcxx.
-#define _LIBCPP_HAS_NO_ASAN
-
-// Do not attempt to use LLVM ostream from gtest.
-#define GTEST_NO_LLVM_RAW_OSTREAM 1
-
-#include "FuzzerCorpus.h"
-#include "FuzzerDictionary.h"
-#include "FuzzerInternal.h"
-#include "FuzzerMerge.h"
-#include "FuzzerMutate.h"
-#include "FuzzerRandom.h"
-#include "FuzzerTracePC.h"
-#include "gtest/gtest.h"
-#include <memory>
-#include <set>
-#include <sstream>
-
-using namespace fuzzer;
-
-// For now, have LLVMFuzzerTestOneInput just to make it link.
-// Later we may want to make unittests that actually call LLVMFuzzerTestOneInput.
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
- abort();
-}
-
-TEST(Fuzzer, Basename) {
- EXPECT_EQ(Basename("foo/bar"), "bar");
- EXPECT_EQ(Basename("bar"), "bar");
- EXPECT_EQ(Basename("/bar"), "bar");
- EXPECT_EQ(Basename("foo/x"), "x");
- EXPECT_EQ(Basename("foo/"), "");
-#if LIBFUZZER_WINDOWS
- EXPECT_EQ(Basename("foo\\bar"), "bar");
- EXPECT_EQ(Basename("foo\\bar/baz"), "baz");
- EXPECT_EQ(Basename("\\bar"), "bar");
- EXPECT_EQ(Basename("foo\\x"), "x");
- EXPECT_EQ(Basename("foo\\"), "");
-#endif
-}
-
-TEST(Fuzzer, CrossOver) {
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
- Unit A({0, 1, 2}), B({5, 6, 7});
- Unit C;
- Unit Expected[] = {
- { 0 },
- { 0, 1 },
- { 0, 5 },
- { 0, 1, 2 },
- { 0, 1, 5 },
- { 0, 5, 1 },
- { 0, 5, 6 },
- { 0, 1, 2, 5 },
- { 0, 1, 5, 2 },
- { 0, 1, 5, 6 },
- { 0, 5, 1, 2 },
- { 0, 5, 1, 6 },
- { 0, 5, 6, 1 },
- { 0, 5, 6, 7 },
- { 0, 1, 2, 5, 6 },
- { 0, 1, 5, 2, 6 },
- { 0, 1, 5, 6, 2 },
- { 0, 1, 5, 6, 7 },
- { 0, 5, 1, 2, 6 },
- { 0, 5, 1, 6, 2 },
- { 0, 5, 1, 6, 7 },
- { 0, 5, 6, 1, 2 },
- { 0, 5, 6, 1, 7 },
- { 0, 5, 6, 7, 1 },
- { 0, 1, 2, 5, 6, 7 },
- { 0, 1, 5, 2, 6, 7 },
- { 0, 1, 5, 6, 2, 7 },
- { 0, 1, 5, 6, 7, 2 },
- { 0, 5, 1, 2, 6, 7 },
- { 0, 5, 1, 6, 2, 7 },
- { 0, 5, 1, 6, 7, 2 },
- { 0, 5, 6, 1, 2, 7 },
- { 0, 5, 6, 1, 7, 2 },
- { 0, 5, 6, 7, 1, 2 }
- };
- for (size_t Len = 1; Len < 8; Len++) {
- Set<Unit> FoundUnits, ExpectedUnitsWitThisLength;
- for (int Iter = 0; Iter < 3000; Iter++) {
- C.resize(Len);
- size_t NewSize = MD->CrossOver(A.data(), A.size(), B.data(), B.size(),
- C.data(), C.size());
- C.resize(NewSize);
- FoundUnits.insert(C);
- }
- for (const Unit &U : Expected)
- if (U.size() <= Len)
- ExpectedUnitsWitThisLength.insert(U);
- EXPECT_EQ(ExpectedUnitsWitThisLength, FoundUnits);
- }
-}
-
-TEST(Fuzzer, Hash) {
- uint8_t A[] = {'a', 'b', 'c'};
- fuzzer::Unit U(A, A + sizeof(A));
- EXPECT_EQ("a9993e364706816aba3e25717850c26c9cd0d89d", fuzzer::Hash(U));
- U.push_back('d');
- EXPECT_EQ("81fe8bfe87576c3ecb22426f8e57847382917acf", fuzzer::Hash(U));
-}
-
-typedef size_t (MutationDispatcher::*Mutator)(uint8_t *Data, size_t Size,
- size_t MaxSize);
-
-void TestEraseBytes(Mutator M, int NumIter) {
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- uint8_t REM0[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t REM1[8] = {0x00, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t REM2[8] = {0x00, 0x11, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t REM3[8] = {0x00, 0x11, 0x22, 0x44, 0x55, 0x66, 0x77};
- uint8_t REM4[8] = {0x00, 0x11, 0x22, 0x33, 0x55, 0x66, 0x77};
- uint8_t REM5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x66, 0x77};
- uint8_t REM6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x77};
- uint8_t REM7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
-
- uint8_t REM8[6] = {0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t REM9[6] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55};
- uint8_t REM10[6] = {0x00, 0x11, 0x22, 0x55, 0x66, 0x77};
-
- uint8_t REM11[5] = {0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t REM12[5] = {0x00, 0x11, 0x22, 0x33, 0x44};
- uint8_t REM13[5] = {0x00, 0x44, 0x55, 0x66, 0x77};
-
-
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
- int FoundMask = 0;
- for (int i = 0; i < NumIter; i++) {
- uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- size_t NewSize = (*MD.*M)(T, sizeof(T), sizeof(T));
- if (NewSize == 7 && !memcmp(REM0, T, 7)) FoundMask |= 1 << 0;
- if (NewSize == 7 && !memcmp(REM1, T, 7)) FoundMask |= 1 << 1;
- if (NewSize == 7 && !memcmp(REM2, T, 7)) FoundMask |= 1 << 2;
- if (NewSize == 7 && !memcmp(REM3, T, 7)) FoundMask |= 1 << 3;
- if (NewSize == 7 && !memcmp(REM4, T, 7)) FoundMask |= 1 << 4;
- if (NewSize == 7 && !memcmp(REM5, T, 7)) FoundMask |= 1 << 5;
- if (NewSize == 7 && !memcmp(REM6, T, 7)) FoundMask |= 1 << 6;
- if (NewSize == 7 && !memcmp(REM7, T, 7)) FoundMask |= 1 << 7;
-
- if (NewSize == 6 && !memcmp(REM8, T, 6)) FoundMask |= 1 << 8;
- if (NewSize == 6 && !memcmp(REM9, T, 6)) FoundMask |= 1 << 9;
- if (NewSize == 6 && !memcmp(REM10, T, 6)) FoundMask |= 1 << 10;
-
- if (NewSize == 5 && !memcmp(REM11, T, 5)) FoundMask |= 1 << 11;
- if (NewSize == 5 && !memcmp(REM12, T, 5)) FoundMask |= 1 << 12;
- if (NewSize == 5 && !memcmp(REM13, T, 5)) FoundMask |= 1 << 13;
- }
- EXPECT_EQ(FoundMask, (1 << 14) - 1);
-}
-
-TEST(FuzzerMutate, EraseBytes1) {
- TestEraseBytes(&MutationDispatcher::Mutate_EraseBytes, 200);
-}
-TEST(FuzzerMutate, EraseBytes2) {
- TestEraseBytes(&MutationDispatcher::Mutate, 2000);
-}
-
-void TestInsertByte(Mutator M, int NumIter) {
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
- int FoundMask = 0;
- uint8_t INS0[8] = {0xF1, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
- uint8_t INS1[8] = {0x00, 0xF2, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
- uint8_t INS2[8] = {0x00, 0x11, 0xF3, 0x22, 0x33, 0x44, 0x55, 0x66};
- uint8_t INS3[8] = {0x00, 0x11, 0x22, 0xF4, 0x33, 0x44, 0x55, 0x66};
- uint8_t INS4[8] = {0x00, 0x11, 0x22, 0x33, 0xF5, 0x44, 0x55, 0x66};
- uint8_t INS5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0xF6, 0x55, 0x66};
- uint8_t INS6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0xF7, 0x66};
- uint8_t INS7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF8};
- for (int i = 0; i < NumIter; i++) {
- uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
- size_t NewSize = (*MD.*M)(T, 7, 8);
- if (NewSize == 8 && !memcmp(INS0, T, 8)) FoundMask |= 1 << 0;
- if (NewSize == 8 && !memcmp(INS1, T, 8)) FoundMask |= 1 << 1;
- if (NewSize == 8 && !memcmp(INS2, T, 8)) FoundMask |= 1 << 2;
- if (NewSize == 8 && !memcmp(INS3, T, 8)) FoundMask |= 1 << 3;
- if (NewSize == 8 && !memcmp(INS4, T, 8)) FoundMask |= 1 << 4;
- if (NewSize == 8 && !memcmp(INS5, T, 8)) FoundMask |= 1 << 5;
- if (NewSize == 8 && !memcmp(INS6, T, 8)) FoundMask |= 1 << 6;
- if (NewSize == 8 && !memcmp(INS7, T, 8)) FoundMask |= 1 << 7;
- }
- EXPECT_EQ(FoundMask, 255);
-}
-
-TEST(FuzzerMutate, InsertByte1) {
- TestInsertByte(&MutationDispatcher::Mutate_InsertByte, 1 << 15);
-}
-TEST(FuzzerMutate, InsertByte2) {
- TestInsertByte(&MutationDispatcher::Mutate, 1 << 17);
-}
-
-void TestInsertRepeatedBytes(Mutator M, int NumIter) {
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
- int FoundMask = 0;
- uint8_t INS0[7] = {0x00, 0x11, 0x22, 0x33, 'a', 'a', 'a'};
- uint8_t INS1[7] = {0x00, 0x11, 0x22, 'a', 'a', 'a', 0x33};
- uint8_t INS2[7] = {0x00, 0x11, 'a', 'a', 'a', 0x22, 0x33};
- uint8_t INS3[7] = {0x00, 'a', 'a', 'a', 0x11, 0x22, 0x33};
- uint8_t INS4[7] = {'a', 'a', 'a', 0x00, 0x11, 0x22, 0x33};
-
- uint8_t INS5[8] = {0x00, 0x11, 0x22, 0x33, 'b', 'b', 'b', 'b'};
- uint8_t INS6[8] = {0x00, 0x11, 0x22, 'b', 'b', 'b', 'b', 0x33};
- uint8_t INS7[8] = {0x00, 0x11, 'b', 'b', 'b', 'b', 0x22, 0x33};
- uint8_t INS8[8] = {0x00, 'b', 'b', 'b', 'b', 0x11, 0x22, 0x33};
- uint8_t INS9[8] = {'b', 'b', 'b', 'b', 0x00, 0x11, 0x22, 0x33};
-
- for (int i = 0; i < NumIter; i++) {
- uint8_t T[8] = {0x00, 0x11, 0x22, 0x33};
- size_t NewSize = (*MD.*M)(T, 4, 8);
- if (NewSize == 7 && !memcmp(INS0, T, 7)) FoundMask |= 1 << 0;
- if (NewSize == 7 && !memcmp(INS1, T, 7)) FoundMask |= 1 << 1;
- if (NewSize == 7 && !memcmp(INS2, T, 7)) FoundMask |= 1 << 2;
- if (NewSize == 7 && !memcmp(INS3, T, 7)) FoundMask |= 1 << 3;
- if (NewSize == 7 && !memcmp(INS4, T, 7)) FoundMask |= 1 << 4;
-
- if (NewSize == 8 && !memcmp(INS5, T, 8)) FoundMask |= 1 << 5;
- if (NewSize == 8 && !memcmp(INS6, T, 8)) FoundMask |= 1 << 6;
- if (NewSize == 8 && !memcmp(INS7, T, 8)) FoundMask |= 1 << 7;
- if (NewSize == 8 && !memcmp(INS8, T, 8)) FoundMask |= 1 << 8;
- if (NewSize == 8 && !memcmp(INS9, T, 8)) FoundMask |= 1 << 9;
-
- }
- EXPECT_EQ(FoundMask, (1 << 10) - 1);
-}
-
-TEST(FuzzerMutate, InsertRepeatedBytes1) {
- TestInsertRepeatedBytes(&MutationDispatcher::Mutate_InsertRepeatedBytes, 10000);
-}
-TEST(FuzzerMutate, InsertRepeatedBytes2) {
- TestInsertRepeatedBytes(&MutationDispatcher::Mutate, 300000);
-}
-
-void TestChangeByte(Mutator M, int NumIter) {
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
- int FoundMask = 0;
- uint8_t CH0[8] = {0xF0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t CH1[8] = {0x00, 0xF1, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t CH2[8] = {0x00, 0x11, 0xF2, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t CH3[8] = {0x00, 0x11, 0x22, 0xF3, 0x44, 0x55, 0x66, 0x77};
- uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0xF4, 0x55, 0x66, 0x77};
- uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0xF5, 0x66, 0x77};
- uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0xF5, 0x77};
- uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF7};
- for (int i = 0; i < NumIter; i++) {
- uint8_t T[9] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- size_t NewSize = (*MD.*M)(T, 8, 9);
- if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0;
- if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1;
- if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2;
- if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3;
- if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4;
- if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5;
- if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6;
- if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7;
- }
- EXPECT_EQ(FoundMask, 255);
-}
-
-TEST(FuzzerMutate, ChangeByte1) {
- TestChangeByte(&MutationDispatcher::Mutate_ChangeByte, 1 << 15);
-}
-TEST(FuzzerMutate, ChangeByte2) {
- TestChangeByte(&MutationDispatcher::Mutate, 1 << 17);
-}
-
-void TestChangeBit(Mutator M, int NumIter) {
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
- int FoundMask = 0;
- uint8_t CH0[8] = {0x01, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t CH1[8] = {0x00, 0x13, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t CH2[8] = {0x00, 0x11, 0x02, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t CH3[8] = {0x00, 0x11, 0x22, 0x37, 0x44, 0x55, 0x66, 0x77};
- uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0x54, 0x55, 0x66, 0x77};
- uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x54, 0x66, 0x77};
- uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x76, 0x77};
- uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF7};
- for (int i = 0; i < NumIter; i++) {
- uint8_t T[9] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- size_t NewSize = (*MD.*M)(T, 8, 9);
- if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0;
- if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1;
- if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2;
- if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3;
- if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4;
- if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5;
- if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6;
- if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7;
- }
- EXPECT_EQ(FoundMask, 255);
-}
-
-TEST(FuzzerMutate, ChangeBit1) {
- TestChangeBit(&MutationDispatcher::Mutate_ChangeBit, 1 << 16);
-}
-TEST(FuzzerMutate, ChangeBit2) {
- TestChangeBit(&MutationDispatcher::Mutate, 1 << 18);
-}
-
-void TestShuffleBytes(Mutator M, int NumIter) {
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
- int FoundMask = 0;
- uint8_t CH0[7] = {0x00, 0x22, 0x11, 0x33, 0x44, 0x55, 0x66};
- uint8_t CH1[7] = {0x11, 0x00, 0x33, 0x22, 0x44, 0x55, 0x66};
- uint8_t CH2[7] = {0x00, 0x33, 0x11, 0x22, 0x44, 0x55, 0x66};
- uint8_t CH3[7] = {0x00, 0x11, 0x22, 0x44, 0x55, 0x66, 0x33};
- uint8_t CH4[7] = {0x00, 0x11, 0x22, 0x33, 0x55, 0x44, 0x66};
- for (int i = 0; i < NumIter; i++) {
- uint8_t T[7] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
- size_t NewSize = (*MD.*M)(T, 7, 7);
- if (NewSize == 7 && !memcmp(CH0, T, 7)) FoundMask |= 1 << 0;
- if (NewSize == 7 && !memcmp(CH1, T, 7)) FoundMask |= 1 << 1;
- if (NewSize == 7 && !memcmp(CH2, T, 7)) FoundMask |= 1 << 2;
- if (NewSize == 7 && !memcmp(CH3, T, 7)) FoundMask |= 1 << 3;
- if (NewSize == 7 && !memcmp(CH4, T, 7)) FoundMask |= 1 << 4;
- }
- EXPECT_EQ(FoundMask, 31);
-}
-
-TEST(FuzzerMutate, ShuffleBytes1) {
- TestShuffleBytes(&MutationDispatcher::Mutate_ShuffleBytes, 1 << 17);
-}
-TEST(FuzzerMutate, ShuffleBytes2) {
- TestShuffleBytes(&MutationDispatcher::Mutate, 1 << 20);
-}
-
-void TestCopyPart(Mutator M, int NumIter) {
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
- int FoundMask = 0;
- uint8_t CH0[7] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x00, 0x11};
- uint8_t CH1[7] = {0x55, 0x66, 0x22, 0x33, 0x44, 0x55, 0x66};
- uint8_t CH2[7] = {0x00, 0x55, 0x66, 0x33, 0x44, 0x55, 0x66};
- uint8_t CH3[7] = {0x00, 0x11, 0x22, 0x00, 0x11, 0x22, 0x66};
- uint8_t CH4[7] = {0x00, 0x11, 0x11, 0x22, 0x33, 0x55, 0x66};
-
- for (int i = 0; i < NumIter; i++) {
- uint8_t T[7] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
- size_t NewSize = (*MD.*M)(T, 7, 7);
- if (NewSize == 7 && !memcmp(CH0, T, 7)) FoundMask |= 1 << 0;
- if (NewSize == 7 && !memcmp(CH1, T, 7)) FoundMask |= 1 << 1;
- if (NewSize == 7 && !memcmp(CH2, T, 7)) FoundMask |= 1 << 2;
- if (NewSize == 7 && !memcmp(CH3, T, 7)) FoundMask |= 1 << 3;
- if (NewSize == 7 && !memcmp(CH4, T, 7)) FoundMask |= 1 << 4;
- }
-
- uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x00, 0x11, 0x22};
- uint8_t CH6[8] = {0x22, 0x33, 0x44, 0x00, 0x11, 0x22, 0x33, 0x44};
- uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x00, 0x11, 0x22, 0x33, 0x44};
- uint8_t CH8[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x22, 0x33, 0x44};
- uint8_t CH9[8] = {0x00, 0x11, 0x22, 0x22, 0x33, 0x44, 0x33, 0x44};
-
- for (int i = 0; i < NumIter; i++) {
- uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- size_t NewSize = (*MD.*M)(T, 5, 8);
- if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5;
- if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6;
- if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7;
- if (NewSize == 8 && !memcmp(CH8, T, 8)) FoundMask |= 1 << 8;
- if (NewSize == 8 && !memcmp(CH9, T, 8)) FoundMask |= 1 << 9;
- }
-
- EXPECT_EQ(FoundMask, 1023);
-}
-
-TEST(FuzzerMutate, CopyPart1) {
- TestCopyPart(&MutationDispatcher::Mutate_CopyPart, 1 << 10);
-}
-TEST(FuzzerMutate, CopyPart2) {
- TestCopyPart(&MutationDispatcher::Mutate, 1 << 13);
-}
-TEST(FuzzerMutate, CopyPartNoInsertAtMaxSize) {
- // This (non exhaustively) tests if `Mutate_CopyPart` tries to perform an
- // insert on an input of size `MaxSize`. Performing an insert in this case
- // will lead to the mutation failing.
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
- uint8_t Data[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x00, 0x11, 0x22};
- size_t MaxSize = sizeof(Data);
- for (int count = 0; count < (1 << 18); ++count) {
- size_t NewSize = MD->Mutate_CopyPart(Data, MaxSize, MaxSize);
- ASSERT_EQ(NewSize, MaxSize);
- }
-}
-
-void TestAddWordFromDictionary(Mutator M, int NumIter) {
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
- uint8_t Word1[4] = {0xAA, 0xBB, 0xCC, 0xDD};
- uint8_t Word2[3] = {0xFF, 0xEE, 0xEF};
- MD->AddWordToManualDictionary(Word(Word1, sizeof(Word1)));
- MD->AddWordToManualDictionary(Word(Word2, sizeof(Word2)));
- int FoundMask = 0;
- uint8_t CH0[7] = {0x00, 0x11, 0x22, 0xAA, 0xBB, 0xCC, 0xDD};
- uint8_t CH1[7] = {0x00, 0x11, 0xAA, 0xBB, 0xCC, 0xDD, 0x22};
- uint8_t CH2[7] = {0x00, 0xAA, 0xBB, 0xCC, 0xDD, 0x11, 0x22};
- uint8_t CH3[7] = {0xAA, 0xBB, 0xCC, 0xDD, 0x00, 0x11, 0x22};
- uint8_t CH4[6] = {0x00, 0x11, 0x22, 0xFF, 0xEE, 0xEF};
- uint8_t CH5[6] = {0x00, 0x11, 0xFF, 0xEE, 0xEF, 0x22};
- uint8_t CH6[6] = {0x00, 0xFF, 0xEE, 0xEF, 0x11, 0x22};
- uint8_t CH7[6] = {0xFF, 0xEE, 0xEF, 0x00, 0x11, 0x22};
- for (int i = 0; i < NumIter; i++) {
- uint8_t T[7] = {0x00, 0x11, 0x22};
- size_t NewSize = (*MD.*M)(T, 3, 7);
- if (NewSize == 7 && !memcmp(CH0, T, 7)) FoundMask |= 1 << 0;
- if (NewSize == 7 && !memcmp(CH1, T, 7)) FoundMask |= 1 << 1;
- if (NewSize == 7 && !memcmp(CH2, T, 7)) FoundMask |= 1 << 2;
- if (NewSize == 7 && !memcmp(CH3, T, 7)) FoundMask |= 1 << 3;
- if (NewSize == 6 && !memcmp(CH4, T, 6)) FoundMask |= 1 << 4;
- if (NewSize == 6 && !memcmp(CH5, T, 6)) FoundMask |= 1 << 5;
- if (NewSize == 6 && !memcmp(CH6, T, 6)) FoundMask |= 1 << 6;
- if (NewSize == 6 && !memcmp(CH7, T, 6)) FoundMask |= 1 << 7;
- }
- EXPECT_EQ(FoundMask, 255);
-}
-
-TEST(FuzzerMutate, AddWordFromDictionary1) {
- TestAddWordFromDictionary(
- &MutationDispatcher::Mutate_AddWordFromManualDictionary, 1 << 15);
-}
-
-TEST(FuzzerMutate, AddWordFromDictionary2) {
- TestAddWordFromDictionary(&MutationDispatcher::Mutate, 1 << 15);
-}
-
-void TestChangeASCIIInteger(Mutator M, int NumIter) {
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
-
- uint8_t CH0[8] = {'1', '2', '3', '4', '5', '6', '7', '7'};
- uint8_t CH1[8] = {'1', '2', '3', '4', '5', '6', '7', '9'};
- uint8_t CH2[8] = {'2', '4', '6', '9', '1', '3', '5', '6'};
- uint8_t CH3[8] = {'0', '6', '1', '7', '2', '8', '3', '9'};
- int FoundMask = 0;
- for (int i = 0; i < NumIter; i++) {
- uint8_t T[8] = {'1', '2', '3', '4', '5', '6', '7', '8'};
- size_t NewSize = (*MD.*M)(T, 8, 8);
- /**/ if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0;
- else if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1;
- else if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2;
- else if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3;
- else if (NewSize == 8) FoundMask |= 1 << 4;
- }
- EXPECT_EQ(FoundMask, 31);
-}
-
-TEST(FuzzerMutate, ChangeASCIIInteger1) {
- TestChangeASCIIInteger(&MutationDispatcher::Mutate_ChangeASCIIInteger,
- 1 << 15);
-}
-
-TEST(FuzzerMutate, ChangeASCIIInteger2) {
- TestChangeASCIIInteger(&MutationDispatcher::Mutate, 1 << 15);
-}
-
-void TestChangeBinaryInteger(Mutator M, int NumIter) {
- std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
- fuzzer::EF = t.get();
- Random Rand(0);
- std::unique_ptr<MutationDispatcher> MD(new MutationDispatcher(Rand, {}));
-
- uint8_t CH0[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x79};
- uint8_t CH1[8] = {0x00, 0x11, 0x22, 0x31, 0x44, 0x55, 0x66, 0x77};
- uint8_t CH2[8] = {0xff, 0x10, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t CH3[8] = {0x00, 0x11, 0x2a, 0x33, 0x44, 0x55, 0x66, 0x77};
- uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x4f, 0x66, 0x77};
- uint8_t CH5[8] = {0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88};
- uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x00, 0x00, 0x00, 0x08, 0x77}; // Size
- uint8_t CH7[8] = {0x00, 0x08, 0x00, 0x33, 0x44, 0x55, 0x66, 0x77}; // Sw(Size)
-
- int FoundMask = 0;
- for (int i = 0; i < NumIter; i++) {
- uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
- size_t NewSize = (*MD.*M)(T, 8, 8);
- /**/ if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0;
- else if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1;
- else if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2;
- else if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3;
- else if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4;
- else if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5;
- else if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6;
- else if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7;
- }
- EXPECT_EQ(FoundMask, 255);
-}
-
-TEST(FuzzerMutate, ChangeBinaryInteger1) {
- TestChangeBinaryInteger(&MutationDispatcher::Mutate_ChangeBinaryInteger,
- 1 << 12);
-}
-
-TEST(FuzzerMutate, ChangeBinaryInteger2) {
- TestChangeBinaryInteger(&MutationDispatcher::Mutate, 1 << 15);
-}
-
-
-TEST(FuzzerDictionary, ParseOneDictionaryEntry) {
- Unit U;
- EXPECT_FALSE(ParseOneDictionaryEntry("", &U));
- EXPECT_FALSE(ParseOneDictionaryEntry(" ", &U));
- EXPECT_FALSE(ParseOneDictionaryEntry("\t ", &U));
- EXPECT_FALSE(ParseOneDictionaryEntry(" \" ", &U));
- EXPECT_FALSE(ParseOneDictionaryEntry(" zz\" ", &U));
- EXPECT_FALSE(ParseOneDictionaryEntry(" \"zz ", &U));
- EXPECT_FALSE(ParseOneDictionaryEntry(" \"\" ", &U));
- EXPECT_TRUE(ParseOneDictionaryEntry("\"a\"", &U));
- EXPECT_EQ(U, Unit({'a'}));
- EXPECT_TRUE(ParseOneDictionaryEntry("\"abc\"", &U));
- EXPECT_EQ(U, Unit({'a', 'b', 'c'}));
- EXPECT_TRUE(ParseOneDictionaryEntry("abc=\"abc\"", &U));
- EXPECT_EQ(U, Unit({'a', 'b', 'c'}));
- EXPECT_FALSE(ParseOneDictionaryEntry("\"\\\"", &U));
- EXPECT_TRUE(ParseOneDictionaryEntry("\"\\\\\"", &U));
- EXPECT_EQ(U, Unit({'\\'}));
- EXPECT_TRUE(ParseOneDictionaryEntry("\"\\xAB\"", &U));
- EXPECT_EQ(U, Unit({0xAB}));
- EXPECT_TRUE(ParseOneDictionaryEntry("\"\\xABz\\xDE\"", &U));
- EXPECT_EQ(U, Unit({0xAB, 'z', 0xDE}));
- EXPECT_TRUE(ParseOneDictionaryEntry("\"#\"", &U));
- EXPECT_EQ(U, Unit({'#'}));
- EXPECT_TRUE(ParseOneDictionaryEntry("\"\\\"\"", &U));
- EXPECT_EQ(U, Unit({'"'}));
-}
-
-TEST(FuzzerDictionary, ParseDictionaryFile) {
- Vector<Unit> Units;
- EXPECT_FALSE(ParseDictionaryFile("zzz\n", &Units));
- EXPECT_FALSE(ParseDictionaryFile("", &Units));
- EXPECT_TRUE(ParseDictionaryFile("\n", &Units));
- EXPECT_EQ(Units.size(), 0U);
- EXPECT_TRUE(ParseDictionaryFile("#zzzz a b c d\n", &Units));
- EXPECT_EQ(Units.size(), 0U);
- EXPECT_TRUE(ParseDictionaryFile(" #zzzz\n", &Units));
- EXPECT_EQ(Units.size(), 0U);
- EXPECT_TRUE(ParseDictionaryFile(" #zzzz\n", &Units));
- EXPECT_EQ(Units.size(), 0U);
- EXPECT_TRUE(ParseDictionaryFile(" #zzzz\naaa=\"aa\"", &Units));
- EXPECT_EQ(Units, Vector<Unit>({Unit({'a', 'a'})}));
- EXPECT_TRUE(
- ParseDictionaryFile(" #zzzz\naaa=\"aa\"\n\nabc=\"abc\"", &Units));
- EXPECT_EQ(Units,
- Vector<Unit>({Unit({'a', 'a'}), Unit({'a', 'b', 'c'})}));
-}
-
-TEST(FuzzerUtil, Base64) {
- EXPECT_EQ("", Base64({}));
- EXPECT_EQ("YQ==", Base64({'a'}));
- EXPECT_EQ("eA==", Base64({'x'}));
- EXPECT_EQ("YWI=", Base64({'a', 'b'}));
- EXPECT_EQ("eHk=", Base64({'x', 'y'}));
- EXPECT_EQ("YWJj", Base64({'a', 'b', 'c'}));
- EXPECT_EQ("eHl6", Base64({'x', 'y', 'z'}));
- EXPECT_EQ("YWJjeA==", Base64({'a', 'b', 'c', 'x'}));
- EXPECT_EQ("YWJjeHk=", Base64({'a', 'b', 'c', 'x', 'y'}));
- EXPECT_EQ("YWJjeHl6", Base64({'a', 'b', 'c', 'x', 'y', 'z'}));
-}
-
-TEST(Corpus, Distribution) {
- DataFlowTrace DFT;
- Random Rand(0);
- std::unique_ptr<InputCorpus> C(new InputCorpus(""));
- size_t N = 10;
- size_t TriesPerUnit = 1<<16;
- for (size_t i = 0; i < N; i++)
- C->AddToCorpus(Unit{static_cast<uint8_t>(i)}, 1, false, false, {}, DFT,
- nullptr);
-
- Vector<size_t> Hist(N);
- for (size_t i = 0; i < N * TriesPerUnit; i++) {
- Hist[C->ChooseUnitIdxToMutate(Rand)]++;
- }
- for (size_t i = 0; i < N; i++) {
- // A weak sanity check that every unit gets invoked.
- EXPECT_GT(Hist[i], TriesPerUnit / N / 3);
- }
-}
-
-TEST(Merge, Bad) {
- const char *kInvalidInputs[] = {
- "",
- "x",
- "3\nx",
- "2\n3",
- "2\n2",
- "2\n2\nA\n",
- "2\n2\nA\nB\nC\n",
- "0\n0\n",
- "1\n1\nA\nDONE 0",
- "1\n1\nA\nSTARTED 1",
- };
- Merger M;
- for (auto S : kInvalidInputs) {
- // fprintf(stderr, "TESTING:\n%s\n", S);
- EXPECT_FALSE(M.Parse(S, false));
- }
-}
-
-void EQ(const Vector<uint32_t> &A, const Vector<uint32_t> &B) {
- EXPECT_EQ(A, B);
-}
-
-void EQ(const Vector<std::string> &A, const Vector<std::string> &B) {
- Set<std::string> a(A.begin(), A.end());
- Set<std::string> b(B.begin(), B.end());
- EXPECT_EQ(a, b);
-}
-
-static void Merge(const std::string &Input,
- const Vector<std::string> Result,
- size_t NumNewFeatures) {
- Merger M;
- Vector<std::string> NewFiles;
- EXPECT_TRUE(M.Parse(Input, true));
- std::stringstream SS;
- M.PrintSummary(SS);
- EXPECT_EQ(NumNewFeatures, M.Merge(&NewFiles));
- EXPECT_EQ(M.AllFeatures(), M.ParseSummary(SS));
- EQ(NewFiles, Result);
-}
-
-TEST(Merge, Good) {
- Merger M;
-
- EXPECT_TRUE(M.Parse("1\n0\nAA\n", false));
- EXPECT_EQ(M.Files.size(), 1U);
- EXPECT_EQ(M.NumFilesInFirstCorpus, 0U);
- EXPECT_EQ(M.Files[0].Name, "AA");
- EXPECT_TRUE(M.LastFailure.empty());
- EXPECT_EQ(M.FirstNotProcessedFile, 0U);
-
- EXPECT_TRUE(M.Parse("2\n1\nAA\nBB\nSTARTED 0 42\n", false));
- EXPECT_EQ(M.Files.size(), 2U);
- EXPECT_EQ(M.NumFilesInFirstCorpus, 1U);
- EXPECT_EQ(M.Files[0].Name, "AA");
- EXPECT_EQ(M.Files[1].Name, "BB");
- EXPECT_EQ(M.LastFailure, "AA");
- EXPECT_EQ(M.FirstNotProcessedFile, 1U);
-
- EXPECT_TRUE(M.Parse("3\n1\nAA\nBB\nC\n"
- "STARTED 0 1000\n"
- "DONE 0 1 2 3\n"
- "STARTED 1 1001\n"
- "DONE 1 4 5 6 \n"
- "STARTED 2 1002\n"
- "", true));
- EXPECT_EQ(M.Files.size(), 3U);
- EXPECT_EQ(M.NumFilesInFirstCorpus, 1U);
- EXPECT_EQ(M.Files[0].Name, "AA");
- EXPECT_EQ(M.Files[0].Size, 1000U);
- EXPECT_EQ(M.Files[1].Name, "BB");
- EXPECT_EQ(M.Files[1].Size, 1001U);
- EXPECT_EQ(M.Files[2].Name, "C");
- EXPECT_EQ(M.Files[2].Size, 1002U);
- EXPECT_EQ(M.LastFailure, "C");
- EXPECT_EQ(M.FirstNotProcessedFile, 3U);
- EQ(M.Files[0].Features, {1, 2, 3});
- EQ(M.Files[1].Features, {4, 5, 6});
-
-
- Vector<std::string> NewFiles;
-
- EXPECT_TRUE(M.Parse("3\n2\nAA\nBB\nC\n"
- "STARTED 0 1000\nDONE 0 1 2 3\n"
- "STARTED 1 1001\nDONE 1 4 5 6 \n"
- "STARTED 2 1002\nDONE 2 6 1 3 \n"
- "", true));
- EXPECT_EQ(M.Files.size(), 3U);
- EXPECT_EQ(M.NumFilesInFirstCorpus, 2U);
- EXPECT_TRUE(M.LastFailure.empty());
- EXPECT_EQ(M.FirstNotProcessedFile, 3U);
- EQ(M.Files[0].Features, {1, 2, 3});
- EQ(M.Files[1].Features, {4, 5, 6});
- EQ(M.Files[2].Features, {1, 3, 6});
- EXPECT_EQ(0U, M.Merge(&NewFiles));
- EQ(NewFiles, {});
-
- EXPECT_TRUE(M.Parse("3\n1\nA\nB\nC\n"
- "STARTED 0 1000\nDONE 0 1 2 3\n"
- "STARTED 1 1001\nDONE 1 4 5 6 \n"
- "STARTED 2 1002\nDONE 2 6 1 3\n"
- "", true));
- EQ(M.Files[0].Features, {1, 2, 3});
- EQ(M.Files[1].Features, {4, 5, 6});
- EQ(M.Files[2].Features, {1, 3, 6});
- EXPECT_EQ(3U, M.Merge(&NewFiles));
- EQ(NewFiles, {"B"});
-
- // Same as the above, but with InitialFeatures.
- EXPECT_TRUE(M.Parse("2\n0\nB\nC\n"
- "STARTED 0 1001\nDONE 0 4 5 6 \n"
- "STARTED 1 1002\nDONE 1 6 1 3\n"
- "", true));
- EQ(M.Files[0].Features, {4, 5, 6});
- EQ(M.Files[1].Features, {1, 3, 6});
- Set<uint32_t> InitialFeatures;
- InitialFeatures.insert(1);
- InitialFeatures.insert(2);
- InitialFeatures.insert(3);
- EXPECT_EQ(3U, M.Merge(InitialFeatures, &NewFiles));
- EQ(NewFiles, {"B"});
-}
-
-TEST(Merge, Merge) {
-
- Merge("3\n1\nA\nB\nC\n"
- "STARTED 0 1000\nDONE 0 1 2 3\n"
- "STARTED 1 1001\nDONE 1 4 5 6 \n"
- "STARTED 2 1002\nDONE 2 6 1 3 \n",
- {"B"}, 3);
-
- Merge("3\n0\nA\nB\nC\n"
- "STARTED 0 2000\nDONE 0 1 2 3\n"
- "STARTED 1 1001\nDONE 1 4 5 6 \n"
- "STARTED 2 1002\nDONE 2 6 1 3 \n",
- {"A", "B", "C"}, 6);
-
- Merge("4\n0\nA\nB\nC\nD\n"
- "STARTED 0 2000\nDONE 0 1 2 3\n"
- "STARTED 1 1101\nDONE 1 4 5 6 \n"
- "STARTED 2 1102\nDONE 2 6 1 3 100 \n"
- "STARTED 3 1000\nDONE 3 1 \n",
- {"A", "B", "C", "D"}, 7);
-
- Merge("4\n1\nA\nB\nC\nD\n"
- "STARTED 0 2000\nDONE 0 4 5 6 7 8\n"
- "STARTED 1 1100\nDONE 1 1 2 3 \n"
- "STARTED 2 1100\nDONE 2 2 3 \n"
- "STARTED 3 1000\nDONE 3 1 \n",
- {"B", "D"}, 3);
-}
-
-TEST(Fuzzer, ForEachNonZeroByte) {
- const size_t N = 64;
- alignas(64) uint8_t Ar[N + 8] = {
- 0, 0, 0, 0, 0, 0, 0, 0,
- 1, 2, 0, 0, 0, 0, 0, 0,
- 0, 0, 3, 0, 4, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 5, 0, 6, 0, 0,
- 0, 0, 0, 0, 0, 0, 7, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 8,
- 9, 9, 9, 9, 9, 9, 9, 9,
- };
- typedef Vector<std::pair<size_t, uint8_t> > Vec;
- Vec Res, Expected;
- auto CB = [&](size_t FirstFeature, size_t Idx, uint8_t V) {
- Res.push_back({FirstFeature + Idx, V});
- };
- ForEachNonZeroByte(Ar, Ar + N, 100, CB);
- Expected = {{108, 1}, {109, 2}, {118, 3}, {120, 4},
- {135, 5}, {137, 6}, {146, 7}, {163, 8}};
- EXPECT_EQ(Res, Expected);
-
- Res.clear();
- ForEachNonZeroByte(Ar + 9, Ar + N, 109, CB);
- Expected = { {109, 2}, {118, 3}, {120, 4},
- {135, 5}, {137, 6}, {146, 7}, {163, 8}};
- EXPECT_EQ(Res, Expected);
-
- Res.clear();
- ForEachNonZeroByte(Ar + 9, Ar + N - 9, 109, CB);
- Expected = { {109, 2}, {118, 3}, {120, 4},
- {135, 5}, {137, 6}, {146, 7}};
- EXPECT_EQ(Res, Expected);
-}
-
-// FuzzerCommand unit tests. The arguments in the two helper methods below must
-// match.
-static void makeCommandArgs(Vector<std::string> *ArgsToAdd) {
- assert(ArgsToAdd);
- ArgsToAdd->clear();
- ArgsToAdd->push_back("foo");
- ArgsToAdd->push_back("-bar=baz");
- ArgsToAdd->push_back("qux");
- ArgsToAdd->push_back(Command::ignoreRemainingArgs());
- ArgsToAdd->push_back("quux");
- ArgsToAdd->push_back("-grault=garply");
-}
-
-static std::string makeCmdLine(const char *separator, const char *suffix) {
- std::string CmdLine("foo -bar=baz qux ");
- if (strlen(separator) != 0) {
- CmdLine += separator;
- CmdLine += " ";
- }
- CmdLine += Command::ignoreRemainingArgs();
- CmdLine += " quux -grault=garply";
- if (strlen(suffix) != 0) {
- CmdLine += " ";
- CmdLine += suffix;
- }
- return CmdLine;
-}
-
-TEST(FuzzerCommand, Create) {
- std::string CmdLine;
-
- // Default constructor
- Command DefaultCmd;
-
- CmdLine = DefaultCmd.toString();
- EXPECT_EQ(CmdLine, "");
-
- // Explicit constructor
- Vector<std::string> ArgsToAdd;
- makeCommandArgs(&ArgsToAdd);
- Command InitializedCmd(ArgsToAdd);
-
- CmdLine = InitializedCmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("", ""));
-
- // Compare each argument
- auto InitializedArgs = InitializedCmd.getArguments();
- auto i = ArgsToAdd.begin();
- auto j = InitializedArgs.begin();
- while (i != ArgsToAdd.end() && j != InitializedArgs.end()) {
- EXPECT_EQ(*i++, *j++);
- }
- EXPECT_EQ(i, ArgsToAdd.end());
- EXPECT_EQ(j, InitializedArgs.end());
-
- // Copy constructor
- Command CopiedCmd(InitializedCmd);
-
- CmdLine = CopiedCmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("", ""));
-
- // Assignment operator
- Command AssignedCmd;
- AssignedCmd = CopiedCmd;
-
- CmdLine = AssignedCmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("", ""));
-}
-
-TEST(FuzzerCommand, ModifyArguments) {
- Vector<std::string> ArgsToAdd;
- makeCommandArgs(&ArgsToAdd);
- Command Cmd;
- std::string CmdLine;
-
- Cmd.addArguments(ArgsToAdd);
- CmdLine = Cmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("", ""));
-
- Cmd.addArgument("waldo");
- EXPECT_TRUE(Cmd.hasArgument("waldo"));
-
- CmdLine = Cmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("waldo", ""));
-
- Cmd.removeArgument("waldo");
- EXPECT_FALSE(Cmd.hasArgument("waldo"));
-
- CmdLine = Cmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("", ""));
-}
-
-TEST(FuzzerCommand, ModifyFlags) {
- Vector<std::string> ArgsToAdd;
- makeCommandArgs(&ArgsToAdd);
- Command Cmd(ArgsToAdd);
- std::string Value, CmdLine;
- ASSERT_FALSE(Cmd.hasFlag("fred"));
-
- Value = Cmd.getFlagValue("fred");
- EXPECT_EQ(Value, "");
-
- CmdLine = Cmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("", ""));
-
- Cmd.addFlag("fred", "plugh");
- EXPECT_TRUE(Cmd.hasFlag("fred"));
-
- Value = Cmd.getFlagValue("fred");
- EXPECT_EQ(Value, "plugh");
-
- CmdLine = Cmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("-fred=plugh", ""));
-
- Cmd.removeFlag("fred");
- EXPECT_FALSE(Cmd.hasFlag("fred"));
-
- Value = Cmd.getFlagValue("fred");
- EXPECT_EQ(Value, "");
-
- CmdLine = Cmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("", ""));
-}
-
-TEST(FuzzerCommand, SetOutput) {
- Vector<std::string> ArgsToAdd;
- makeCommandArgs(&ArgsToAdd);
- Command Cmd(ArgsToAdd);
- std::string CmdLine;
- ASSERT_FALSE(Cmd.hasOutputFile());
- ASSERT_FALSE(Cmd.isOutAndErrCombined());
-
- Cmd.combineOutAndErr(true);
- EXPECT_TRUE(Cmd.isOutAndErrCombined());
-
- CmdLine = Cmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("", "2>&1"));
-
- Cmd.combineOutAndErr(false);
- EXPECT_FALSE(Cmd.isOutAndErrCombined());
-
- Cmd.setOutputFile("xyzzy");
- EXPECT_TRUE(Cmd.hasOutputFile());
-
- CmdLine = Cmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("", ">xyzzy"));
-
- Cmd.setOutputFile("thud");
- EXPECT_TRUE(Cmd.hasOutputFile());
-
- CmdLine = Cmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("", ">thud"));
-
- Cmd.combineOutAndErr();
- EXPECT_TRUE(Cmd.isOutAndErrCombined());
-
- CmdLine = Cmd.toString();
- EXPECT_EQ(CmdLine, makeCmdLine("", ">thud 2>&1"));
-}
-
-int main(int argc, char **argv) {
- testing::InitGoogleTest(&argc, argv);
- return RUN_ALL_TESTS();
-}