From e7a38f86feb619a9bcd31871559f6455e21748bf Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Wed, 16 May 2018 23:26:37 +0000 Subject: [libFuzzer] add an experimental flag -focus_function: libFuzzer will try to focus on inputs that trigger that function git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@332554 91177308-0d34-0410-b5e6-96231b3b80d8 --- test/fuzzer/OnlySomeBytesTest.cpp | 3 +++ test/fuzzer/target-function.test | 29 +++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 test/fuzzer/target-function.test (limited to 'test') diff --git a/test/fuzzer/OnlySomeBytesTest.cpp b/test/fuzzer/OnlySomeBytesTest.cpp index 05793f0ab..3873b710b 100644 --- a/test/fuzzer/OnlySomeBytesTest.cpp +++ b/test/fuzzer/OnlySomeBytesTest.cpp @@ -12,6 +12,7 @@ const size_t N = 2048; typedef const uint8_t *IN; +extern "C" { __attribute__((noinline)) void bad() { fprintf(stderr, "BINGO\n"); abort(); @@ -27,6 +28,8 @@ __attribute__((noinline)) void fC(IN in) { if (in[2] == 'C') f0(in); } __attribute__((noinline)) void fB(IN in) { if (in[1] == 'B') fC(in); } __attribute__((noinline)) void fA(IN in) { if (in[0] == 'A') fB(in); } +} // extern "C" + extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { if (Size < N) return 0; fA((IN)Data); diff --git a/test/fuzzer/target-function.test b/test/fuzzer/target-function.test new file mode 100644 index 000000000..f39e1ac1b --- /dev/null +++ b/test/fuzzer/target-function.test @@ -0,0 +1,29 @@ +# Tests -focus_function +# +# TODO: don't require linux. +# REQUIRES: linux +# +RUN: %cpp_compiler %S/OnlySomeBytesTest.cpp -o %t-exe + +RUN: %t-exe -runs=100 2>&1 | FileCheck %s --check-prefix=FOCUS_NONE +FOCUS_NONE-NOT: INFO: Focus function is set to +FOCUS_NONE-NOT: INFO: {{.*}} inputs touch the focus function + +RUN: %t-exe -runs=100 -focus_function=WRONG 2>&1 | FileCheck %s --check-prefix=FOCUS_WRONG +FOCUS_WRONG-NOT: INFO: Focus function is set to +FOCUS_WRONG: INFO: 0/1 inputs touch the focus function + +RUN: %t-exe -runs=100 -focus_function=f0 2>&1 | FileCheck %s --check-prefix=FOCUS_F0 +FOCUS_F0: INFO: Focus function is set to 'f0' +FOCUS_F0: INFO: 0/1 inputs touch the focus function + +RUN: rm -rf %t-corpus +RUN: mkdir %t-corpus +# ABC triggers the focus function, others don't. +RUN: echo ABC$(for((i=0;i<2048;i++)); do echo -n x; done) > %t-corpus/ABC +RUN: echo AXY$(for((i=0;i<2048;i++)); do echo -n x; done) > %t-corpus/AXY +RUN: echo ABX$(for((i=0;i<2048;i++)); do echo -n x; done) > %t-corpus/ABX + +RUN: %t-exe -runs=10000 -focus_function=f0 %t-corpus 2>&1 | FileCheck %s --check-prefix=CORPUS_1_3 +CORPUS_1_3: INFO: 1/3 inputs touch the focus function +CORPUS_1_3: DONE {{.*}} focus: -- cgit v1.2.3