[libFuzzer] use trace-div and trace-gep for guided fuzzing, add tests

llvm-svn: 280046

3 files changed, 45 insertions, 1 deletions

diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt
index 340c5b90a1e..dcafb1a795c 100644
--- a/llvm/lib/Fuzzer/test/CMakeLists.txt
+++ b/llvm/lib/Fuzzer/test/CMakeLists.txt
@@ -25,7 +25,7 @@ foreach (VARNAME ${variables_to_filter})
 endforeach()
 
 # Enable the coverage instrumentation (it is disabled for the Fuzzer lib).
-set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fsanitize-coverage=edge,indirect-calls -g")
+set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fsanitize-coverage=edge,indirect-calls,trace-cmp,trace-div,trace-gep -g")
 
 # add_libfuzzer_test(<name>
 #   SOURCES source0.cpp [source1.cpp ...]
@@ -68,6 +68,7 @@ set(Tests
   CounterTest
   CustomCrossOverTest
   CustomMutatorTest
+  DivTest
   EmptyTest
   FourIndependentBranchesTest
   FullCoverageSetTest
@@ -75,6 +76,7 @@ set(Tests
   MemcmpTest
   LeakTest
   LeakTimeoutTest
+  LoadTest
   NullDerefTest
   NullDerefOnEmptyTest
   NthRunCrashTest
diff --git a/llvm/lib/Fuzzer/test/DivTest.cpp b/llvm/lib/Fuzzer/test/DivTest.cpp
new file mode 100644
index 00000000000..63f6960f4e9
--- /dev/null
+++ b/llvm/lib/Fuzzer/test/DivTest.cpp
@@ -0,0 +1,20 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Simple test for a fuzzer: find the interesting argument for div.
+#include <assert.h>
+#include <cstdint>
+#include <cstring>
+#include <cstddef>
+#include <iostream>
+
+static volatile int Sink;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size < 4) return 0;
+  int a;
+  memcpy(&a, Data, 4);
+  Sink = 12345678 / (987654 - a);
+  return 0;
+}
+
diff --git a/llvm/lib/Fuzzer/test/LoadTest.cpp b/llvm/lib/Fuzzer/test/LoadTest.cpp
new file mode 100644
index 00000000000..c1780d5c7bd
--- /dev/null
+++ b/llvm/lib/Fuzzer/test/LoadTest.cpp
@@ -0,0 +1,22 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Simple test for a fuzzer: find interesting value of array index.
+#include <assert.h>
+#include <cstdint>
+#include <cstring>
+#include <cstddef>
+#include <iostream>
+
+static volatile int Sink;
+const int kArraySize = 1234567;
+int array[kArraySize];
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size < 8) return 0;
+  size_t a = 0;
+  memcpy(&a, Data, 8);
+  Sink = array[a % (kArraySize + 1)];
+  return 0;
+}
+