From 2c1b33b8976ca473c90fb1848ae0dc5d72597a96 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Thu, 29 Jan 2015 23:01:07 +0000 Subject: [fuzzer] add -use_full_coverage_set=1 which solves FullCoverageSetTest. This does not scale very well yet, but might be a good start. llvm-svn: 227507 --- llvm/lib/Fuzzer/test/CMakeLists.txt | 8 +++++++- llvm/lib/Fuzzer/test/ExactTest.cpp | 20 -------------------- llvm/lib/Fuzzer/test/FullCoverageSetTest.cpp | 20 ++++++++++++++++++++ llvm/lib/Fuzzer/test/fuzzer.test | 3 +++ 4 files changed, 30 insertions(+), 21 deletions(-) delete mode 100644 llvm/lib/Fuzzer/test/ExactTest.cpp create mode 100644 llvm/lib/Fuzzer/test/FullCoverageSetTest.cpp (limited to 'llvm/lib/Fuzzer/test') diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt index 0c2118f31b0..17afd92c3b4 100644 --- a/llvm/lib/Fuzzer/test/CMakeLists.txt +++ b/llvm/lib/Fuzzer/test/CMakeLists.txt @@ -1,5 +1,11 @@ +# Build all these tests with -O0, otherwise optimizations may merge some +# basic blocks and we'll fail to discover the targets. +# Also enable the coverage instrumentation back (it is disabled +# for the Fuzzer lib) +set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} -O0 -fsanitize-coverage=4") + set(Tests - ExactTest + FullCoverageSetTest InfiniteTest NullDerefTest SimpleTest diff --git a/llvm/lib/Fuzzer/test/ExactTest.cpp b/llvm/lib/Fuzzer/test/ExactTest.cpp deleted file mode 100644 index bbfed3c1eb0..00000000000 --- a/llvm/lib/Fuzzer/test/ExactTest.cpp +++ /dev/null @@ -1,20 +0,0 @@ -// Simple test for a fuzzer. The fuzzer must find the string "FUZZER". -#include -#include -#include -#include - -extern "C" void TestOneInput(const uint8_t *Data, size_t Size) { - int bits = 0; - if (Size > 0 && Data[0] == 'F') bits |= 1; - if (Size > 1 && Data[1] == 'U') bits |= 2; - if (Size > 2 && Data[2] == 'Z') bits |= 4; - if (Size > 3 && Data[3] == 'Z') bits |= 8; - if (Size > 4 && Data[4] == 'E') bits |= 16; - if (Size > 5 && Data[5] == 'R') bits |= 32; - if (bits == 63) { - std::cerr << "BINGO!\n"; - abort(); - } -} - diff --git a/llvm/lib/Fuzzer/test/FullCoverageSetTest.cpp b/llvm/lib/Fuzzer/test/FullCoverageSetTest.cpp new file mode 100644 index 00000000000..d4f8c115abc --- /dev/null +++ b/llvm/lib/Fuzzer/test/FullCoverageSetTest.cpp @@ -0,0 +1,20 @@ +// Simple test for a fuzzer. The fuzzer must find the string "FUZZER". +#include +#include +#include +#include + +extern "C" void TestOneInput(const uint8_t *Data, size_t Size) { + int bits = 0; + if (Size > 0 && Data[0] == 'F') bits |= 1; + if (Size > 1 && Data[1] == 'U') bits |= 2; + if (Size > 2 && Data[2] == 'Z') bits |= 4; + if (Size > 3 && Data[3] == 'Z') bits |= 8; + if (Size > 4 && Data[4] == 'E') bits |= 16; + if (Size > 5 && Data[5] == 'R') bits |= 32; + if (bits == 63) { + std::cerr << "BINGO!\n"; + exit(1); + } +} + diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test index 5f013109f62..51b42d67824 100644 --- a/llvm/lib/Fuzzer/test/fuzzer.test +++ b/llvm/lib/Fuzzer/test/fuzzer.test @@ -11,3 +11,6 @@ TimeoutTest: CRASHED; file written to timeout RUN: not ./LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest NullDerefTest: CRASHED; file written to crash- + +RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s --check-prefix=FullCoverageSetTest +FullCoverageSetTest: BINGO -- cgit v1.2.3