diff options
| author | Kostya Serebryany <kcc@google.com> | 2017-01-20 20:57:07 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2017-01-20 20:57:07 +0000 |
| commit | 98d592cc91728694defd32ec30b90004fcaeacd1 (patch) | |
| tree | 293547cc65d11570a62c8b5fc6fc2031040837f8 /llvm/lib/Fuzzer/test | |
| parent | a99b717f527fe7e37bf7a0b3fb612b7312d5c656 (diff) | |
| download | bcm5719-llvm-98d592cc91728694defd32ec30b90004fcaeacd1.tar.gz bcm5719-llvm-98d592cc91728694defd32ec30b90004fcaeacd1.zip | |
[libFuzzer] experimental support for 'equivalance fuzzing'
llvm-svn: 292646
Diffstat (limited to 'llvm/lib/Fuzzer/test')
| -rw-r--r-- | llvm/lib/Fuzzer/test/EquivalenceATest.cpp | 6 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/EquivalenceBTest.cpp | 9 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/equivalence.test | 5 |
3 files changed, 14 insertions, 6 deletions
diff --git a/llvm/lib/Fuzzer/test/EquivalenceATest.cpp b/llvm/lib/Fuzzer/test/EquivalenceATest.cpp index 101fe127f5d..7d1ebb0f6a4 100644 --- a/llvm/lib/Fuzzer/test/EquivalenceATest.cpp +++ b/llvm/lib/Fuzzer/test/EquivalenceATest.cpp @@ -2,12 +2,14 @@ // License. See LICENSE.TXT for details. #include <stddef.h> #include <stdint.h> +#include <stdio.h> // Test for libFuzzer's "equivalence" fuzzing, part A. extern "C" void LLVMFuzzerAnnounceOutput(const uint8_t *Data, size_t Size); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size > 100) return 0; - uint8_t Result[100]; + // fprintf(stderr, "A %zd\n", Size); + uint8_t Result[50]; + if (Size > 50) Size = 50; for (size_t i = 0; i < Size; i++) Result[Size - i - 1] = Data[i]; LLVMFuzzerAnnounceOutput(Result, Size); diff --git a/llvm/lib/Fuzzer/test/EquivalenceBTest.cpp b/llvm/lib/Fuzzer/test/EquivalenceBTest.cpp index 175eed1394f..b1de208b57f 100644 --- a/llvm/lib/Fuzzer/test/EquivalenceBTest.cpp +++ b/llvm/lib/Fuzzer/test/EquivalenceBTest.cpp @@ -7,18 +7,19 @@ // Test for libFuzzer's "equivalence" fuzzing, part B. extern "C" void LLVMFuzzerAnnounceOutput(const uint8_t *Data, size_t Size); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size > 100) return 0; - uint8_t Result[100]; + // fprintf(stderr, "B %zd\n", Size); + uint8_t Result[50]; + if (Size > 50) Size = 50; for (size_t i = 0; i < Size; i++) Result[Size - i - 1] = Data[i]; // Be a bit different from EquivalenceATest - if (Size > 42 && Data[10] == 'B') { + if (Size > 10 && Data[5] == 'B' && Data[6] == 'C' && Data[7] == 'D') { static int c; if (!c) fprintf(stderr, "ZZZZZZZ\n"); c = 1; - Result[42]++; + Result[2]++; } LLVMFuzzerAnnounceOutput(Result, Size); diff --git a/llvm/lib/Fuzzer/test/equivalence.test b/llvm/lib/Fuzzer/test/equivalence.test new file mode 100644 index 00000000000..26d75a35ae0 --- /dev/null +++ b/llvm/lib/Fuzzer/test/equivalence.test @@ -0,0 +1,5 @@ +RUN: LLVMFuzzer-EquivalenceATest -run_equivalence_server=EQUIV_TEST & export APID=$! +RUN: not LLVMFuzzer-EquivalenceBTest -use_equivalence_server=EQUIV_TEST 2>&1 | FileCheck %s +CHECK: ERROR: libFuzzer: equivalence-mismatch. Sizes: {{.*}}; offset 2 +CHECK: SUMMARY: libFuzzer: equivalence-mismatch +RUN: kill -9 $APID |
