diff options
| author | Kostya Serebryany <kcc@google.com> | 2015-07-31 01:33:06 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2015-07-31 01:33:06 +0000 |
| commit | fb7d8d9d06e3bd24eb830fb7d3f3fb675043ec8a (patch) | |
| tree | 47488bdce4d0d69f169373820da79d4496d37da9 /llvm/lib/Fuzzer/test | |
| parent | 66d86b7cadddb7bab2481a36bb3d0d5c7ccdec5e (diff) | |
| download | bcm5719-llvm-fb7d8d9d06e3bd24eb830fb7d3f3fb675043ec8a.tar.gz bcm5719-llvm-fb7d8d9d06e3bd24eb830fb7d3f3fb675043ec8a.zip | |
[libFuzzer] trace switch statements and apply mutations based on the expected case values
llvm-svn: 243726
Diffstat (limited to 'llvm/lib/Fuzzer/test')
| -rw-r--r-- | llvm/lib/Fuzzer/test/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/SwitchTest.cpp | 35 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/fuzzer.test | 3 |
3 files changed, 39 insertions, 0 deletions
diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt index 4cff70c1111..ac21b460944 100644 --- a/llvm/lib/Fuzzer/test/CMakeLists.txt +++ b/llvm/lib/Fuzzer/test/CMakeLists.txt @@ -21,6 +21,7 @@ set(Tests SimpleCmpTest SimpleTest StrncmpTest + SwitchTest TimeoutTest ) diff --git a/llvm/lib/Fuzzer/test/SwitchTest.cpp b/llvm/lib/Fuzzer/test/SwitchTest.cpp new file mode 100644 index 00000000000..6e300aa44e1 --- /dev/null +++ b/llvm/lib/Fuzzer/test/SwitchTest.cpp @@ -0,0 +1,35 @@ +// Simple test for a fuzzer. The fuzzer must find the interesting switch value. +#include <cstdint> +#include <cstdlib> +#include <cstring> +#include <cstddef> +#include <iostream> + +static volatile int Sink; + +template<class T> +bool Switch(const uint8_t *Data, size_t Size) { + T X; + if (Size < sizeof(X)) return false; + memcpy(&X, Data, sizeof(X)); + switch (X) { + case 1: Sink = __LINE__; break; + case 101: Sink = __LINE__; break; + case 1001: Sink = __LINE__; break; + case 10001: Sink = __LINE__; break; + case 100001: Sink = __LINE__; break; + case 1000001: Sink = __LINE__; break; + case 10000001: Sink = __LINE__; break; + case 100000001: return true; + } + return false; +} + +extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + if (Switch<int>(Data, Size) && Size >= 12 && + Switch<uint64_t>(Data + 4, Size - 4)) { + std::cout << "BINGO; Found the target, exiting\n"; + exit(1); + } +} + diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test index d6dd3ff7c95..63cb9573efa 100644 --- a/llvm/lib/Fuzzer/test/fuzzer.test +++ b/llvm/lib/Fuzzer/test/fuzzer.test @@ -31,3 +31,6 @@ Done1000000: Done 1000000 runs in RUN: not LLVMFuzzer-StrncmpTest -use_traces=1 -seed=1 -runs=10000 2>&1 | FileCheck %s RUN: LLVMFuzzer-StrncmpTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000 + +RUN: not LLVMFuzzer-SwitchTest -use_traces=1 -seed=1 -runs=100000 2>&1 | FileCheck %s +RUN: LLVMFuzzer-SwitchTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000 |
