diff options
author | Kostya Serebryany <kcc@google.com> | 2018-06-06 01:23:29 +0000 |
---|---|---|
committer | Kostya Serebryany <kcc@google.com> | 2018-06-06 01:23:29 +0000 |
commit | 9c4a366945d9fe7ed89e679c045f01bb311158ce (patch) | |
tree | ff1f3a69b540445b5cb900312f2144c102d2a8ae /test/fuzzer | |
parent | 7f47a0bea177db24ecfc75b9daf3874e39a869df (diff) |
[libFuzzer] initial implementation of -data_flow_trace. It parses the data flow trace and prints the summary, but doesn't use the information in any other way yet
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334058 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test/fuzzer')
-rw-r--r-- | test/fuzzer/ThreeFunctionsTest.cpp | 4 | ||||
-rw-r--r-- | test/fuzzer/dataflow.test | 11 |
2 files changed, 14 insertions, 1 deletions
diff --git a/test/fuzzer/ThreeFunctionsTest.cpp b/test/fuzzer/ThreeFunctionsTest.cpp index 0ff682abc..1278cb056 100644 --- a/test/fuzzer/ThreeFunctionsTest.cpp +++ b/test/fuzzer/ThreeFunctionsTest.cpp @@ -8,12 +8,14 @@ #include <cstdlib> #include <cstdio> +extern "C" __attribute__((noinline)) -static bool Func1(const uint8_t *Data, size_t Size) { +bool Func1(const uint8_t *Data, size_t Size) { // assumes Size >= 5, doesn't check it. return Data[4] == 'M'; } +extern "C" __attribute__((noinline)) bool Func2(const uint8_t *Data, size_t Size) { return Size >= 6 && Data[5] == 'E'; diff --git a/test/fuzzer/dataflow.test b/test/fuzzer/dataflow.test index 7162b06f6..7b85c6f9e 100644 --- a/test/fuzzer/dataflow.test +++ b/test/fuzzer/dataflow.test @@ -5,6 +5,7 @@ REQUIRES: linux RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o %t-DataFlow.o RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -fsanitize-coverage=trace-pc-guard,pc-table,func,trace-cmp %S/ThreeFunctionsTest.cpp %t-DataFlow.o -o %t-ThreeFunctionsTestDF RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -fsanitize-coverage=trace-pc-guard,pc-table,func,trace-cmp %S/ExplodeDFSanLabelsTest.cpp %t-DataFlow.o -o %t-ExplodeDFSanLabelsTestDF +RUN: %cpp_compiler %S/ThreeFunctionsTest.cpp -o %t-ThreeFunctionsTest # Dump the function list. RUN: %t-ThreeFunctionsTestDF 2>&1 | FileCheck %s --check-prefix=FUNC_LIST @@ -70,3 +71,13 @@ RUN: %t-ExplodeDFSanLabelsTestDF 2 4 %t/IN/1234567890123456 RUN: %t-ExplodeDFSanLabelsTestDF 4 6 %t/IN/1234567890123456 # Or we can use collect_data_flow RUN: %libfuzzer_src/scripts/collect_data_flow.py %t-ExplodeDFSanLabelsTestDF %t/IN/1234567890123456 + +# Test that we can run collect_data_flow on the entire corpus dir +RUN: rm -rf %t/OUT +RUN: %libfuzzer_src/scripts/collect_data_flow.py %t-ThreeFunctionsTestDF %t/IN %t/OUT +RUN: %t-ThreeFunctionsTest -data_flow_trace=%t/OUT -runs=0 -focus_function=Func2 2>&1 | FileCheck %s --check-prefix=USE_DATA_FLOW_TRACE +USE_DATA_FLOW_TRACE: INFO: Focus function is set to 'Func2' +USE_DATA_FLOW_TRACE: INFO: DataFlowTrace: reading from {{.*}}/OUT +USE_DATA_FLOW_TRACE-DAG: a8eefe2fd5d6b32028f355fafa3e739a6bf5edc => |000001| +USE_DATA_FLOW_TRACE-DGA: d28cb407e8e1a702c72d25473f0553d3ec172262 => |0000011| +USE_DATA_FLOW_TRACE: INFO: DataFlowTrace: 6 trace files, 3 functions, 2 traces with focus function |