diff options
| author | Kostya Serebryany <kcc@google.com> | 2018-05-16 23:26:37 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2018-05-16 23:26:37 +0000 |
| commit | e7a38f86feb619a9bcd31871559f6455e21748bf (patch) | |
| tree | 585603398b256d9374e0c55eadd8100f7067a585 /test | |
| parent | 851bfbce9fffe4a357445f9780331c7590b9f0aa (diff) | |
[libFuzzer] add an experimental flag -focus_function: libFuzzer will try to focus on inputs that trigger that function
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332554 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test')
| -rw-r--r-- | test/fuzzer/OnlySomeBytesTest.cpp | 3 | ||||
| -rw-r--r-- | test/fuzzer/target-function.test | 29 |
2 files changed, 32 insertions, 0 deletions
diff --git a/test/fuzzer/OnlySomeBytesTest.cpp b/test/fuzzer/OnlySomeBytesTest.cpp index 05793f0ab..3873b710b 100644 --- a/test/fuzzer/OnlySomeBytesTest.cpp +++ b/test/fuzzer/OnlySomeBytesTest.cpp @@ -12,6 +12,7 @@ const size_t N = 2048; typedef const uint8_t *IN; +extern "C" { __attribute__((noinline)) void bad() { fprintf(stderr, "BINGO\n"); abort(); @@ -27,6 +28,8 @@ __attribute__((noinline)) void fC(IN in) { if (in[2] == 'C') f0(in); } __attribute__((noinline)) void fB(IN in) { if (in[1] == 'B') fC(in); } __attribute__((noinline)) void fA(IN in) { if (in[0] == 'A') fB(in); } +} // extern "C" + extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { if (Size < N) return 0; fA((IN)Data); diff --git a/test/fuzzer/target-function.test b/test/fuzzer/target-function.test new file mode 100644 index 000000000..f39e1ac1b --- /dev/null +++ b/test/fuzzer/target-function.test @@ -0,0 +1,29 @@ +# Tests -focus_function +# +# TODO: don't require linux. +# REQUIRES: linux +# +RUN: %cpp_compiler %S/OnlySomeBytesTest.cpp -o %t-exe + +RUN: %t-exe -runs=100 2>&1 | FileCheck %s --check-prefix=FOCUS_NONE +FOCUS_NONE-NOT: INFO: Focus function is set to +FOCUS_NONE-NOT: INFO: {{.*}} inputs touch the focus function + +RUN: %t-exe -runs=100 -focus_function=WRONG 2>&1 | FileCheck %s --check-prefix=FOCUS_WRONG +FOCUS_WRONG-NOT: INFO: Focus function is set to +FOCUS_WRONG: INFO: 0/1 inputs touch the focus function + +RUN: %t-exe -runs=100 -focus_function=f0 2>&1 | FileCheck %s --check-prefix=FOCUS_F0 +FOCUS_F0: INFO: Focus function is set to 'f0' +FOCUS_F0: INFO: 0/1 inputs touch the focus function + +RUN: rm -rf %t-corpus +RUN: mkdir %t-corpus +# ABC triggers the focus function, others don't. +RUN: echo ABC$(for((i=0;i<2048;i++)); do echo -n x; done) > %t-corpus/ABC +RUN: echo AXY$(for((i=0;i<2048;i++)); do echo -n x; done) > %t-corpus/AXY +RUN: echo ABX$(for((i=0;i<2048;i++)); do echo -n x; done) > %t-corpus/ABX + +RUN: %t-exe -runs=10000 -focus_function=f0 %t-corpus 2>&1 | FileCheck %s --check-prefix=CORPUS_1_3 +CORPUS_1_3: INFO: 1/3 inputs touch the focus function +CORPUS_1_3: DONE {{.*}} focus: |