[libFuzzer] experimental option -cleanse_crash: tries to replace all bytes in a crash reproducer with garbage, while still preserving the crash

llvm-svn: 300498

3 files changed, 20 insertions, 0 deletions

diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt
index f72bc3909a3..cd049d3f03d 100644
--- a/llvm/lib/Fuzzer/test/CMakeLists.txt
+++ b/llvm/lib/Fuzzer/test/CMakeLists.txt
@@ -80,6 +80,7 @@ set(Tests
   BogusInitializeTest
   BufferOverflowOnInput
   CallerCalleeTest
+  CleanseTest
   CounterTest
   CustomCrossOverAndMutateTest
   CustomCrossOverTest
diff --git a/llvm/lib/Fuzzer/test/CleanseTest.cpp b/llvm/lib/Fuzzer/test/CleanseTest.cpp
new file mode 100644
index 00000000000..faea8dcb3c3
--- /dev/null
+++ b/llvm/lib/Fuzzer/test/CleanseTest.cpp
@@ -0,0 +1,16 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Test the the fuzzer is able to 'cleanse' the reproducer
+// by replacing all irrelevant bytes with garbage.
+#include <cstdint>
+#include <cstdlib>
+#include <cstddef>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size >= 20 && Data[1] == '1' && Data[5] == '5' && Data[10] == 'A' &&
+      Data[19] == 'Z')
+    abort();
+  return 0;
+}
+
diff --git a/llvm/lib/Fuzzer/test/cleanse.test b/llvm/lib/Fuzzer/test/cleanse.test
new file mode 100644
index 00000000000..ad08591d2fa
--- /dev/null
+++ b/llvm/lib/Fuzzer/test/cleanse.test
@@ -0,0 +1,3 @@
+RUN: echo -n 0123456789ABCDEFGHIZ > %t-in
+RUN: LLVMFuzzer-CleanseTest -cleanse_crash=1 %t-in -exact_artifact_path=%t-out
+RUN: echo -n ' 1   5    A        Z' | diff - %t-out