diff options
author | Kostya Serebryany <kcc@google.com> | 2018-05-23 20:23:33 +0000 |
---|---|---|
committer | Kostya Serebryany <kcc@google.com> | 2018-05-23 20:23:33 +0000 |
commit | 7dffc3fb2fc42aa2283ee95f7ce3f5a725d38fb6 (patch) | |
tree | a69697c4fca4c1a478960c751e7742a17fa4a391 /test | |
parent | 8b089472c7978928d4c85464bbd72f6c6772a4e9 (diff) |
[libFuzzer] add a stress test for the DataFlow tracer
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@333119 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test')
-rw-r--r-- | test/fuzzer/ExplodeDFSanLabelsTest.cpp | 23 | ||||
-rw-r--r-- | test/fuzzer/dataflow.test | 12 |
2 files changed, 33 insertions, 2 deletions
diff --git a/test/fuzzer/ExplodeDFSanLabelsTest.cpp b/test/fuzzer/ExplodeDFSanLabelsTest.cpp new file mode 100644 index 000000000..0decff8ff --- /dev/null +++ b/test/fuzzer/ExplodeDFSanLabelsTest.cpp @@ -0,0 +1,23 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// When tracing data flow, explode the number of DFSan labels. +#include <cstddef> +#include <cstdint> + +static volatile int sink; + +__attribute__((noinline)) +void f(uint8_t a, uint8_t b, uint8_t c, uint8_t d) { + if (a == b + 1 && c == d + 2) + sink++; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + for (size_t a = 0; a < Size; a++) + for (size_t b = 0; b < Size; b++) + for (size_t c = 0; c < Size; c++) + for (size_t d = 0; d < Size; d++) + f(Data[a], Data[b], Data[c], Data[d]); + return 0; +} diff --git a/test/fuzzer/dataflow.test b/test/fuzzer/dataflow.test index ba2d6e561..1f081f4be 100644 --- a/test/fuzzer/dataflow.test +++ b/test/fuzzer/dataflow.test @@ -2,8 +2,9 @@ REQUIRES: linux # Build the tracer and the test. -RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow -fsanitize-coverage=trace-pc-guard,pc-table,func,trace-cmp %S/ThreeFunctionsTest.cpp -o %t-ThreeFunctionsTest.o -RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow %t-ThreeFunctionsTest.o %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o %t-ThreeFunctionsTestDF +RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o %t-DataFlow.o +RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -fsanitize-coverage=trace-pc-guard,pc-table,func,trace-cmp %S/ThreeFunctionsTest.cpp %t-DataFlow.o -o %t-ThreeFunctionsTestDF +RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -fsanitize-coverage=trace-pc-guard,pc-table,func,trace-cmp %S/ExplodeDFSanLabelsTest.cpp %t-DataFlow.o -o %t-ExplodeDFSanLabelsTestDF # Dump the function list. RUN: %t-ThreeFunctionsTestDF 2>&1 | FileCheck %s --check-prefix=FUNC_LIST @@ -19,6 +20,7 @@ RUN: echo -n FUABC > %t/IN/FUABC RUN: echo -n FUZZR > %t/IN/FUZZR RUN: echo -n FUZZM > %t/IN/FUZZM RUN: echo -n FUZZMU > %t/IN/FUZZMU +RUN: echo -n 1234567890123456 > %t/IN/1234567890123456 # ABC: No data is used, the only used label is 4 (corresponds to the size) RUN:%t-ThreeFunctionsTestDF %t/IN/ABC | FileCheck %s --check-prefix=IN_ABC @@ -74,3 +76,9 @@ IN_FUZZMU: L[[L2:[0-9]*]] 6 7 IN_FUZZMU-DAG: F{{[012]}} 5 IN_FUZZMU-DAG: F{{[012]}} [[L2]] IN_FUZZMU-DAG: F + +# Today a very simple test will cause DFSan to die with "out of labels" +RUN: not %t-ExplodeDFSanLabelsTestDF %t/IN/1234567890123456 2>&1 | FileCheck %s --check-prefix=OUT_OF_LABELS +OUT_OF_LABELS: ==FATAL: DataFlowSanitizer: out of labels + + |