From ebe69fe11e48d322045d5949c83283927a0d790b Mon Sep 17 00:00:00 2001 From: Stephen Hines Date: Mon, 23 Mar 2015 12:10:34 -0700 Subject: Update aosp/master LLVM for rebase to r230699. Change-Id: I2b5be30509658cb8266be782de0ab24f9099f9b9 --- lib/Fuzzer/test/CMakeLists.txt | 61 ++++++++++++++++++++++++ lib/Fuzzer/test/FourIndependentBranchesTest.cpp | 18 +++++++ lib/Fuzzer/test/FullCoverageSetTest.cpp | 20 ++++++++ lib/Fuzzer/test/FuzzerUnittest.cpp | 62 +++++++++++++++++++++++++ lib/Fuzzer/test/InfiniteTest.cpp | 20 ++++++++ lib/Fuzzer/test/NullDerefTest.cpp | 22 +++++++++ lib/Fuzzer/test/SimpleTest.cpp | 21 +++++++++ lib/Fuzzer/test/TimeoutTest.cpp | 22 +++++++++ lib/Fuzzer/test/fuzzer.test | 19 ++++++++ lib/Fuzzer/test/lit.cfg | 14 ++++++ lib/Fuzzer/test/lit.site.cfg.in | 3 ++ lib/Fuzzer/test/unit/lit.cfg | 7 +++ lib/Fuzzer/test/unit/lit.site.cfg.in | 2 + 13 files changed, 291 insertions(+) create mode 100644 lib/Fuzzer/test/CMakeLists.txt create mode 100644 lib/Fuzzer/test/FourIndependentBranchesTest.cpp create mode 100644 lib/Fuzzer/test/FullCoverageSetTest.cpp create mode 100644 lib/Fuzzer/test/FuzzerUnittest.cpp create mode 100644 lib/Fuzzer/test/InfiniteTest.cpp create mode 100644 lib/Fuzzer/test/NullDerefTest.cpp create mode 100644 lib/Fuzzer/test/SimpleTest.cpp create mode 100644 lib/Fuzzer/test/TimeoutTest.cpp create mode 100644 lib/Fuzzer/test/fuzzer.test create mode 100644 lib/Fuzzer/test/lit.cfg create mode 100644 lib/Fuzzer/test/lit.site.cfg.in create mode 100644 lib/Fuzzer/test/unit/lit.cfg create mode 100644 lib/Fuzzer/test/unit/lit.site.cfg.in (limited to 'lib/Fuzzer/test') diff --git a/lib/Fuzzer/test/CMakeLists.txt b/lib/Fuzzer/test/CMakeLists.txt new file mode 100644 index 0000000..bed9cd8 --- /dev/null +++ b/lib/Fuzzer/test/CMakeLists.txt @@ -0,0 +1,61 @@ +# Build all these tests with -O0, otherwise optimizations may merge some +# basic blocks and we'll fail to discover the targets. +# Also enable the coverage instrumentation back (it is disabled +# for the Fuzzer lib) +set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} -O0 -fsanitize-coverage=4") + +set(Tests + FourIndependentBranchesTest + FullCoverageSetTest + InfiniteTest + NullDerefTest + SimpleTest + TimeoutTest + ) + +set(TestBinaries) + +foreach(Test ${Tests}) + add_executable(LLVMFuzzer-${Test} + EXCLUDE_FROM_ALL + ${Test}.cpp + ) + target_link_libraries(LLVMFuzzer-${Test} + LLVMFuzzer + ) + set(TestBinaries ${TestBinaries} LLVMFuzzer-${Test}) +endforeach() + +configure_lit_site_cfg( + ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in + ${CMAKE_CURRENT_BINARY_DIR}/lit.site.cfg + ) + +configure_lit_site_cfg( + ${CMAKE_CURRENT_SOURCE_DIR}/unit/lit.site.cfg.in + ${CMAKE_CURRENT_BINARY_DIR}/unit/lit.site.cfg + ) + +include_directories(..) +include_directories(${LLVM_MAIN_SRC_DIR}/utils/unittest/googletest/include) + +add_executable(LLVMFuzzer-Unittest + FuzzerUnittest.cpp + $ + ) + +target_link_libraries(LLVMFuzzer-Unittest + gtest + gtest_main + ) + +set(TestBinaries ${TestBinaries} LLVMFuzzer-Unittest) + +set_target_properties(${TestBinaries} + PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + ) + +add_lit_testsuite(check-fuzzer "Running Fuzzer tests" + ${CMAKE_CURRENT_BINARY_DIR} + DEPENDS ${TestBinaries} FileCheck not + ) diff --git a/lib/Fuzzer/test/FourIndependentBranchesTest.cpp b/lib/Fuzzer/test/FourIndependentBranchesTest.cpp new file mode 100644 index 0000000..171668b --- /dev/null +++ b/lib/Fuzzer/test/FourIndependentBranchesTest.cpp @@ -0,0 +1,18 @@ +// Simple test for a fuzzer. The fuzzer must find the string "FUZZ". +#include +#include +#include +#include + +extern "C" void TestOneInput(const uint8_t *Data, size_t Size) { + int bits = 0; + if (Size > 0 && Data[0] == 'F') bits |= 1; + if (Size > 1 && Data[1] == 'U') bits |= 2; + if (Size > 2 && Data[2] == 'Z') bits |= 4; + if (Size > 3 && Data[3] == 'Z') bits |= 8; + if (bits == 15) { + std::cerr << "BINGO!\n"; + exit(1); + } +} + diff --git a/lib/Fuzzer/test/FullCoverageSetTest.cpp b/lib/Fuzzer/test/FullCoverageSetTest.cpp new file mode 100644 index 0000000..d4f8c11 --- /dev/null +++ b/lib/Fuzzer/test/FullCoverageSetTest.cpp @@ -0,0 +1,20 @@ +// Simple test for a fuzzer. The fuzzer must find the string "FUZZER". +#include +#include +#include +#include + +extern "C" void TestOneInput(const uint8_t *Data, size_t Size) { + int bits = 0; + if (Size > 0 && Data[0] == 'F') bits |= 1; + if (Size > 1 && Data[1] == 'U') bits |= 2; + if (Size > 2 && Data[2] == 'Z') bits |= 4; + if (Size > 3 && Data[3] == 'Z') bits |= 8; + if (Size > 4 && Data[4] == 'E') bits |= 16; + if (Size > 5 && Data[5] == 'R') bits |= 32; + if (bits == 63) { + std::cerr << "BINGO!\n"; + exit(1); + } +} + diff --git a/lib/Fuzzer/test/FuzzerUnittest.cpp b/lib/Fuzzer/test/FuzzerUnittest.cpp new file mode 100644 index 0000000..368a0f2 --- /dev/null +++ b/lib/Fuzzer/test/FuzzerUnittest.cpp @@ -0,0 +1,62 @@ +#include "FuzzerInternal.h" +#include "gtest/gtest.h" +#include + +// For now, have TestOneInput just to make it link. +// Later we may want to make unittests that actually call TestOneInput. +extern "C" void TestOneInput(const uint8_t *Data, size_t Size) { + abort(); +} + +TEST(Fuzzer, CrossOver) { + using namespace fuzzer; + Unit A({0, 1, 2}), B({5, 6, 7}); + Unit C; + Unit Expected[] = { + { 0 }, + { 0, 1 }, + { 0, 5 }, + { 0, 1, 2 }, + { 0, 1, 5 }, + { 0, 5, 1 }, + { 0, 5, 6 }, + { 0, 1, 2, 5 }, + { 0, 1, 5, 2 }, + { 0, 1, 5, 6 }, + { 0, 5, 1, 2 }, + { 0, 5, 1, 6 }, + { 0, 5, 6, 1 }, + { 0, 5, 6, 7 }, + { 0, 1, 2, 5, 6 }, + { 0, 1, 5, 2, 6 }, + { 0, 1, 5, 6, 2 }, + { 0, 1, 5, 6, 7 }, + { 0, 5, 1, 2, 6 }, + { 0, 5, 1, 6, 2 }, + { 0, 5, 1, 6, 7 }, + { 0, 5, 6, 1, 2 }, + { 0, 5, 6, 1, 7 }, + { 0, 5, 6, 7, 1 }, + { 0, 1, 2, 5, 6, 7 }, + { 0, 1, 5, 2, 6, 7 }, + { 0, 1, 5, 6, 2, 7 }, + { 0, 1, 5, 6, 7, 2 }, + { 0, 5, 1, 2, 6, 7 }, + { 0, 5, 1, 6, 2, 7 }, + { 0, 5, 1, 6, 7, 2 }, + { 0, 5, 6, 1, 2, 7 }, + { 0, 5, 6, 1, 7, 2 }, + { 0, 5, 6, 7, 1, 2 } + }; + for (size_t Len = 1; Len < 8; Len++) { + std::set FoundUnits, ExpectedUnitsWitThisLength; + for (int Iter = 0; Iter < 3000; Iter++) { + CrossOver(A, B, &C, Len); + FoundUnits.insert(C); + } + for (const Unit &U : Expected) + if (U.size() <= Len) + ExpectedUnitsWitThisLength.insert(U); + EXPECT_EQ(ExpectedUnitsWitThisLength, FoundUnits); + } +} diff --git a/lib/Fuzzer/test/InfiniteTest.cpp b/lib/Fuzzer/test/InfiniteTest.cpp new file mode 100644 index 0000000..dcb3030 --- /dev/null +++ b/lib/Fuzzer/test/InfiniteTest.cpp @@ -0,0 +1,20 @@ +// Simple test for a fuzzer. The fuzzer must find the string "Hi!". +#include +#include +#include +#include + +static volatile int Sink; + +extern "C" void TestOneInput(const uint8_t *Data, size_t Size) { + if (Size > 0 && Data[0] == 'H') { + Sink = 1; + if (Size > 1 && Data[1] == 'i') { + Sink = 2; + if (Size > 2 && Data[2] == '!') { + Sink = 2; + } + } + } +} + diff --git a/lib/Fuzzer/test/NullDerefTest.cpp b/lib/Fuzzer/test/NullDerefTest.cpp new file mode 100644 index 0000000..8811e38 --- /dev/null +++ b/lib/Fuzzer/test/NullDerefTest.cpp @@ -0,0 +1,22 @@ +// Simple test for a fuzzer. The fuzzer must find the string "Hi!". +#include +#include +#include +#include + +static volatile int Sink; +static volatile int *Null = 0; + +extern "C" void TestOneInput(const uint8_t *Data, size_t Size) { + if (Size > 0 && Data[0] == 'H') { + Sink = 1; + if (Size > 1 && Data[1] == 'i') { + Sink = 2; + if (Size > 2 && Data[2] == '!') { + std::cout << "Found the target, dereferencing NULL\n"; + *Null = 1; + } + } + } +} + diff --git a/lib/Fuzzer/test/SimpleTest.cpp b/lib/Fuzzer/test/SimpleTest.cpp new file mode 100644 index 0000000..adb90ce --- /dev/null +++ b/lib/Fuzzer/test/SimpleTest.cpp @@ -0,0 +1,21 @@ +// Simple test for a fuzzer. The fuzzer must find the string "Hi!". +#include +#include +#include +#include + +static volatile int Sink; + +extern "C" void TestOneInput(const uint8_t *Data, size_t Size) { + if (Size > 0 && Data[0] == 'H') { + Sink = 1; + if (Size > 1 && Data[1] == 'i') { + Sink = 2; + if (Size > 2 && Data[2] == '!') { + std::cout << "Found the target, exiting\n"; + exit(0); + } + } + } +} + diff --git a/lib/Fuzzer/test/TimeoutTest.cpp b/lib/Fuzzer/test/TimeoutTest.cpp new file mode 100644 index 0000000..23683ce --- /dev/null +++ b/lib/Fuzzer/test/TimeoutTest.cpp @@ -0,0 +1,22 @@ +// Simple test for a fuzzer. The fuzzer must find the string "Hi!". +#include +#include +#include +#include + +static volatile int Sink; + +extern "C" void TestOneInput(const uint8_t *Data, size_t Size) { + if (Size > 0 && Data[0] == 'H') { + Sink = 1; + if (Size > 1 && Data[1] == 'i') { + Sink = 2; + if (Size > 2 && Data[2] == '!') { + Sink = 2; + while (Sink) + ; + } + } + } +} + diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test new file mode 100644 index 0000000..1e42e72 --- /dev/null +++ b/lib/Fuzzer/test/fuzzer.test @@ -0,0 +1,19 @@ +RUN: ./LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s --check-prefix=SimpleTest +SimpleTest: Found the target, exiting + +RUN: not ./LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=InfiniteTest +InfiniteTest: ALARM: working on the last Unit for +InfiniteTest-NOT: CRASHED; file written to timeout + +RUN: not ./LLVMFuzzer-TimeoutTest -timeout=5 2>&1 | FileCheck %s --check-prefix=TimeoutTest +TimeoutTest: ALARM: working on the last Unit for +TimeoutTest: CRASHED; file written to timeout + +RUN: not ./LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest +NullDerefTest: CRASHED; file written to crash- + +RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s --check-prefix=FullCoverageSetTest +FullCoverageSetTest: BINGO + +RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_coverage_pairs=1 2>&1 | FileCheck %s --check-prefix=FourIndependentBranchesTest +FourIndependentBranchesTest: BINGO diff --git a/lib/Fuzzer/test/lit.cfg b/lib/Fuzzer/test/lit.cfg new file mode 100644 index 0000000..834a16ae --- /dev/null +++ b/lib/Fuzzer/test/lit.cfg @@ -0,0 +1,14 @@ +import lit.formats + +config.name = "LLVMFuzzer" +config.test_format = lit.formats.ShTest(True) +config.suffixes = ['.test'] +config.test_source_root = os.path.dirname(__file__) + +# Tweak PATH to include llvm tools dir. +llvm_tools_dir = getattr(config, 'llvm_tools_dir', None) +if (not llvm_tools_dir) or (not os.path.exists(llvm_tools_dir)): + lit_config.fatal("Invalid llvm_tools_dir config attribute: %r" % llvm_tools_dir) +path = os.path.pathsep.join((llvm_tools_dir, config.environment['PATH'])) +config.environment['PATH'] = path + diff --git a/lib/Fuzzer/test/lit.site.cfg.in b/lib/Fuzzer/test/lit.site.cfg.in new file mode 100644 index 0000000..e520db8 --- /dev/null +++ b/lib/Fuzzer/test/lit.site.cfg.in @@ -0,0 +1,3 @@ +config.test_exec_root = "@CMAKE_CURRENT_BINARY_DIR@" +config.llvm_tools_dir = "@LLVM_TOOLS_DIR@" +lit_config.load_config(config, "@CMAKE_CURRENT_SOURCE_DIR@/lit.cfg") diff --git a/lib/Fuzzer/test/unit/lit.cfg b/lib/Fuzzer/test/unit/lit.cfg new file mode 100644 index 0000000..0cc3193 --- /dev/null +++ b/lib/Fuzzer/test/unit/lit.cfg @@ -0,0 +1,7 @@ +import lit.formats + +config.name = "LLVMFuzzer-Unittest" +print config.test_exec_root +config.test_format = lit.formats.GoogleTest(".", "Unittest") +config.suffixes = [] +config.test_source_root = config.test_exec_root diff --git a/lib/Fuzzer/test/unit/lit.site.cfg.in b/lib/Fuzzer/test/unit/lit.site.cfg.in new file mode 100644 index 0000000..114daf4 --- /dev/null +++ b/lib/Fuzzer/test/unit/lit.site.cfg.in @@ -0,0 +1,2 @@ +config.test_exec_root = "@CMAKE_CURRENT_BINARY_DIR@" +lit_config.load_config(config, "@CMAKE_CURRENT_SOURCE_DIR@/unit/lit.cfg") -- cgit v1.1