[libFuzzer] add DeepRecursionTest, inspired by https://guidovranken.wordpress.com/2017/07/08/libfuzzer-gv-new-techniques-for-dramatically-faster-fuzzing/ (Stack-depth-guided fuzzing). libFuzzer does not solve it yet.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@308571 91177308-0d34-0410-b5e6-96231b3b80d8

2 files changed, 26 insertions, 0 deletions

diff --git a/lib/Fuzzer/test/CMakeLists.txt b/lib/Fuzzer/test/CMakeLists.txt
index 28de8dc725d..99ca926a51e 100644
--- a/lib/Fuzzer/test/CMakeLists.txt
+++ b/lib/Fuzzer/test/CMakeLists.txt
@@ -86,6 +86,7 @@ set(Tests
   CustomCrossOverTest
   CustomMutatorTest
   CxxStringEqTest
+  DeepRecursionTest
   DivTest
   EmptyTest
   EquivalenceATest
diff --git a/lib/Fuzzer/test/DeepRecursionTest.cpp b/lib/Fuzzer/test/DeepRecursionTest.cpp
new file mode 100644
index 00000000000..39a1602d7ac
--- /dev/null
+++ b/lib/Fuzzer/test/DeepRecursionTest.cpp
@@ -0,0 +1,25 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Simple test for a fuzzer. The fuzzer must find the deep recursion.
+// To generate a crashy input:
+// for((i=0;i<100;i++)); do echo -n ABCDEFGHIJKLMNOPQRSTUVWXYZ  >> INPUT; done
+#include <cstddef>
+#include <cstdint>
+#include <cstdlib>
+
+static volatile int Sink;
+
+void Recursive(const uint8_t *Data, size_t Size, int Depth) {
+  if (Depth > 1000) abort();
+  if (!Size) return;
+  if (*Data == ('A' + Depth % 26))
+    Recursive(Data + 1, Size - 1, Depth + 1);
+  Sink++;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  Recursive(Data, Size, 0);
+  return 0;
+}
+