llvm.org GIT mirror llvm / 32fab33
Port libFuzzer tests to LIT. Do not require two-stage build for check-fuzzer. This revision ports all libFuzzer tests apart from the unittest to LIT. The advantages of doing so include: - Tests being self-contained - Much easier debugging of a single test - No need for using a two-stage compilation The unit-test is still compiled using CMake, but it does not need a freshly built compiler. NOTE: The previous two-stage bot configuration will NOT work, as in the second stage build LLVM_USE_SANITIZER is set, which disables ASAN from being built. Thus bots will be reconfigured in the next few commits. Differential Revision: https://reviews.llvm.org/D36295 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@310075 91177308-0d34-0410-b5e6-96231b3b80d8 George Karpenkov 2 years ago
73 changed file(s) with 349 addition(s) and 447 deletion(s). Raw diff Collapse all Expand all
623623 Developing libFuzzer
624624 ====================
625625
626 Building libFuzzer as a part of LLVM project and running its test requires
627 fresh clang as the host compiler and special CMake configuration:
628
629 .. code-block:: console
630
631 cmake -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DLLVM_USE_SANITIZER=Address -DLLVM_USE_SANITIZE_COVERAGE=YES -DCMAKE_BUILD_TYPE=Release -DLLVM_ENABLE_ASSERTIONS=ON /path/to/llvm
626 LibFuzzer is built as a part of LLVM project by default on macos and Linux.
627 Users of other operating systems can explicitly request compilation using
628 ``-DLIBFUZZER_ENABLE=YES`` flag.
629 Tests are run using ``check-fuzzer`` target from the build directory
630 (note that tests will take a long time to run if the compiler was compiled
631 without optimizations):
632
633 .. code-block:: console
634
632635 ninja check-fuzzer
633636
634637
1212 endif()
1313 endif()
1414
15 set(LIBFUZZER_FLAGS_BASE "${CMAKE_CXX_FLAGS}")
16 if( LLVM_USE_SANITIZE_COVERAGE )
17 if(NOT "${LLVM_USE_SANITIZER}" STREQUAL "Address")
18 message(FATAL_ERROR
19 "LibFuzzer and its tests require LLVM_USE_SANITIZER=Address and "
20 "LLVM_USE_SANITIZE_COVERAGE=YES to be set."
21 )
22 endif()
23
24 # Disable the coverage and sanitizer instrumentation for the fuzzer itself.
25 set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=trace-pc-guard,edge,trace-cmp,indirect-calls,8bit-counters -Werror")
15 if (CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux")
16 set(LIBFUZZER_ENABLED_CHECK ON)
17 else()
18 set(LIBFUZZER_ENABLED_CHECK OFF)
2619 endif()
2720
2821 # Compile libFuzzer if the compilation is specifically requested, OR
2922 # if the platform is known to be working.
30 if ( LLVM_USE_SANITIZE_COVERAGE OR CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux" )
23 set(LIBFUZZER_ENABLE ${LIBFUZZER_ENABLED_CHECK} CACHE BOOL "Build libFuzzer and its tests")
24
25 if (LIBFUZZER_ENABLE)
3126 add_library(LLVMFuzzerNoMainObjects OBJECT
3227 FuzzerCrossOver.cpp
3328 FuzzerDriver.cpp
6964 add_custom_command(TARGET check-fuzzer
7065 COMMAND cmake -E echo "check-fuzzer is disalbed on Windows")
7166 else()
72 if( LLVM_USE_SANITIZE_COVERAGE AND LLVM_INCLUDE_TESTS )
67 if (LLVM_INCLUDE_TESTS AND LIBFUZZER_ENABLE)
7368 add_subdirectory(test)
7469 endif()
7570 endif()
None # Build all these tests with -O0, otherwise optimizations may merge some
1 # basic blocks and we'll fail to discover the targets.
2 # We change the flags for every build type because we might be doing
3 # a multi-configuration build (e.g. Xcode) where CMAKE_BUILD_TYPE doesn't
4 # mean anything.
5 set(variables_to_filter
6 CMAKE_CXX_FLAGS_RELEASE
7 CMAKE_CXX_FLAGS_DEBUG
8 CMAKE_CXX_FLAGS_RELWITHDEBINFO
9 CMAKE_CXX_FLAGS_MINSIZEREL
10 LIBFUZZER_FLAGS_BASE
11 )
12 foreach (VARNAME ${variables_to_filter})
13 string(REGEX REPLACE "([-/]O)[123s]" "\\10" ${VARNAME} "${${VARNAME}}")
14 endforeach()
15
16 # Enable the coverage instrumentation (it is disabled for the Fuzzer lib).
17 set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp,trace-div,trace-gep -gline-tables-only")
18
19 if(MSVC)
201 # For tests use the CRT specified for release build
212 # (asan doesn't support MDd and MTd)
3819 set(CMAKE_CXX_CREATE_SHARED_LIBRARY " ${CMAKE_CXX_FLAGS} ${CRT_FLAG} /LD -o /link ")
3920 endif()
4021
41 add_custom_target(TestBinaries)
42
43 # add_libfuzzer_test(
44 # SOURCES source0.cpp [source1.cpp ...]
45 # )
46 #
47 # Declares a LibFuzzer test executable with target name LLVMFuzzer-.
48 #
49 # One or more source files to be compiled into the binary must be declared
50 # after the SOURCES keyword.
51 function(add_libfuzzer_test name)
52 set(multi_arg_options "SOURCES")
53 cmake_parse_arguments(
54 "add_libfuzzer_test" "" "" "${multi_arg_options}" ${ARGN})
55 if ("${add_libfuzzer_test_SOURCES}" STREQUAL "")
56 message(FATAL_ERROR "Source files must be specified")
57 endif()
58 add_executable(LLVMFuzzer-${name}
59 ${add_libfuzzer_test_SOURCES}
60 )
61 target_link_libraries(LLVMFuzzer-${name} LLVMFuzzer)
62 # Place binary where llvm-lit expects to find it
63 set_target_properties(LLVMFuzzer-${name}
64 PROPERTIES RUNTIME_OUTPUT_DIRECTORY
65 "${CMAKE_BINARY_DIR}/lib/Fuzzer/test"
66 )
67 add_dependencies(TestBinaries LLVMFuzzer-${name})
68 endfunction()
69
70 ###############################################################################
71 # Basic tests
72 ###############################################################################
73
74 set(Tests
75 AbsNegAndConstantTest
76 AbsNegAndConstant64Test
77 AccumulateAllocationsTest
78 BadStrcmpTest
79 BogusInitializeTest
80 BufferOverflowOnInput
81 CallerCalleeTest
82 CleanseTest
83 CounterTest
84 CustomCrossOverAndMutateTest
85 CustomCrossOverTest
86 CustomMutatorTest
87 CxxStringEqTest
88 DeepRecursionTest
89 DivTest
90 EmptyTest
91 EquivalenceATest
92 EquivalenceBTest
93 FlagsTest
94 FourIndependentBranchesTest
95 FullCoverageSetTest
96 InitializeTest
97 Memcmp64BytesTest
98 MemcmpTest
99 LeakTest
100 LeakTimeoutTest
101 LoadTest
102 NullDerefTest
103 NullDerefOnEmptyTest
104 NthRunCrashTest
105 OneHugeAllocTest
106 OutOfMemoryTest
107 OutOfMemorySingleLargeMallocTest
108 OverwriteInputTest
109 RepeatedMemcmp
110 RepeatedBytesTest
111 SimpleCmpTest
112 SimpleDictionaryTest
113 SimpleHashTest
114 SimpleTest
115 SimpleThreadedTest
116 SingleByteInputTest
117 SingleMemcmpTest
118 SingleStrcmpTest
119 SingleStrncmpTest
120 SpamyTest
121 ShrinkControlFlowTest
122 ShrinkControlFlowSimpleTest
123 ShrinkValueProfileTest
124 StrcmpTest
125 StrncmpOOBTest
126 StrncmpTest
127 StrstrTest
128 SwapCmpTest
129 SwitchTest
130 Switch2Test
131 TableLookupTest
132 ThreadedLeakTest
133 ThreadedTest
134 TimeoutTest
135 TimeoutEmptyTest
136 TraceMallocTest
137 TwoDifferentBugsTest
138 )
139
14022 if(APPLE OR MSVC)
14123 # LeakSanitizer is not supported on OSX and Windows right now
14224 set(HAS_LSAN 0)
14729 set(HAS_LSAN 1)
14830 endif()
14931
150 foreach(Test ${Tests})
151 add_libfuzzer_test(${Test} SOURCES ${Test}.cpp)
152 endforeach()
153
154 function(test_export_symbol target symbol)
155 if(MSVC)
156 set_target_properties(LLVMFuzzer-${target} PROPERTIES LINK_FLAGS
157 "-export:${symbol}")
158 endif()
159 endfunction()
160
161 test_export_symbol(FlagsTest "LLVMFuzzerInitialize")
162 test_export_symbol(InitializeTest "LLVMFuzzerInitialize")
163 test_export_symbol(BogusInitializeTest "LLVMFuzzerInitialize")
164 test_export_symbol(CustomCrossOverTest "LLVMFuzzerCustomCrossOver")
165 test_export_symbol(CustomMutatorTest "LLVMFuzzerCustomMutator")
166
16732 ###############################################################################
16833 # Unit tests
16934 ###############################################################################
17035
171 add_executable(LLVMFuzzer-Unittest
172 FuzzerUnittest.cpp
173 )
36 add_custom_target(FuzzerUnitTests)
37 set_target_properties(FuzzerUnitTests PROPERTIES FOLDER "libFuzzer tests")
17438
175 add_executable(LLVMFuzzer-StandaloneInitializeTest
176 InitializeTest.cpp
177 ../standalone/StandaloneFuzzTargetMain.c
178 )
39 add_executable(LLVMFuzzer-Unittest FuzzerUnittest.cpp)
17940
18041 target_link_libraries(LLVMFuzzer-Unittest
18142 gtest
18748 "${LLVM_MAIN_SRC_DIR}/utils/unittest/googletest/include"
18849 )
18950
190 add_dependencies(TestBinaries LLVMFuzzer-Unittest)
19151 set_target_properties(LLVMFuzzer-Unittest
19252 PROPERTIES RUNTIME_OUTPUT_DIRECTORY
19353 "${CMAKE_CURRENT_BINARY_DIR}"
19454 )
19555
196 add_dependencies(TestBinaries LLVMFuzzer-StandaloneInitializeTest)
197 set_target_properties(LLVMFuzzer-StandaloneInitializeTest
198 PROPERTIES RUNTIME_OUTPUT_DIRECTORY
199 "${CMAKE_CURRENT_BINARY_DIR}"
200 )
201
202 ###############################################################################
203 # Additional tests
204 ###############################################################################
205
20656 include_directories(..)
207
208 # add_subdirectory(uninstrumented)
209 add_subdirectory(no-coverage)
210 add_subdirectory(trace-pc)
211 add_subdirectory(ubsan)
212 if (NOT MSVC)
213 add_subdirectory(inline-8bit-counters)
214 endif()
215
216 add_library(LLVMFuzzer-DSO1 SHARED DSO1.cpp)
217 add_library(LLVMFuzzer-DSO2 SHARED DSO2.cpp)
218
219 add_executable(LLVMFuzzer-DSOTest
220 DSOTestMain.cpp
221 DSOTestExtra.cpp)
222
223 target_link_libraries(LLVMFuzzer-DSOTest
224 LLVMFuzzer-DSO1
225 LLVMFuzzer-DSO2
226 LLVMFuzzer
227 )
228
229 set_target_properties(LLVMFuzzer-DSOTest PROPERTIES RUNTIME_OUTPUT_DIRECTORY
230 "${CMAKE_BINARY_DIR}/lib/Fuzzer/test")
231
232 if(MSVC)
233 set_output_directory(LLVMFuzzer-DSO1
234 BINARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test"
235 LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test")
236 set_output_directory(LLVMFuzzer-DSO2
237 BINARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test"
238 LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test")
239 else(MSVC)
240 set_output_directory(LLVMFuzzer-DSO1
241 LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/lib")
242 set_output_directory(LLVMFuzzer-DSO2
243 LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/lib")
244 endif()
245
246 add_dependencies(TestBinaries LLVMFuzzer-DSOTest)
24757
24858 ###############################################################################
24959 # Configure lit to run the tests
25666 set(LIBFUZZER_POSIX 0)
25767 endif()
25868
69 # Use just-built Clang to compile/link tests on all platforms, except for
70 # Windows where we need to use clang-cl instead.
71 if(NOT MSVC)
72 set(LIBFUZZER_TEST_COMPILER ${LLVM_RUNTIME_OUTPUT_INTDIR}/clang)
73 set(LIBFUZZER_TEST_CXX_COMPILER ${LLVM_RUNTIME_OUTPUT_INTDIR}/clang++)
74 else()
75 set(LIBFUZZER_TEST_COMPILER ${LLVM_RUNTIME_OUTPUT_INTDIR}/clang.exe)
76 set(LIBFUZZER_TEST_CXX_COMPILER ${LLVM_RUNTIME_OUTPUT_INTDIR}/clang++.exe)
77 endif()
78
79 # LIT-based libFuzzer tests.
25980 configure_lit_site_cfg(
26081 ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in
26182 ${CMAKE_CURRENT_BINARY_DIR}/lit.site.cfg
26283 )
26384
85 # libFuzzer unit tests.
26486 configure_lit_site_cfg(
26587 ${CMAKE_CURRENT_SOURCE_DIR}/unit/lit.site.cfg.in
26688 ${CMAKE_CURRENT_BINARY_DIR}/unit/lit.site.cfg
26890
26991 add_lit_testsuite(check-fuzzer "Running Fuzzer tests"
27092 ${CMAKE_CURRENT_BINARY_DIR}
271 DEPENDS TestBinaries
93 DEPENDS LLVMFuzzer-Unittest
27294 )
95
27396
27497 # Don't add dependencies on Windows. The linker step would fail on Windows,
27598 # since cmake will use link.exe for linking and won't include compiler-rt libs.
27699 if(NOT MSVC)
277 add_dependencies(check-fuzzer FileCheck sancov not llvm-symbolizer)
100 add_dependencies(check-fuzzer LLVMFuzzer asan clang llvm-symbolizer FileCheck sancov not)
278101 endif()
0 REQUIRES: posix
1
2 RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %S/../afl/afl_driver.cpp -o %t-AFLDriverTest
13
24 ; Test that not specifying an extra stats file isn't broken.
35 RUN: unset AFL_DRIVER_EXTRA_STATS_FILENAME
4 RUN: AFLDriverTest
6 RUN: %t-AFLDriverTest
57
68 ; Test that specifying an invalid extra stats file causes a crash.
7 RUN: ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%T not --crash AFLDriverTest
9 RUN: ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%T not --crash %t-AFLDriverTest
810
911 ; Test that specifying a corrupted stats file causes a crash.
1012 echo "peak_rss_mb :0" > %t
11 ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%t not --crash AFLDriverTest
13 ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%t not --crash %t-AFLDriverTest
1214
1315 ; Test that specifying a valid nonexistent stats file works.
1416 RUN: rm -f %t
15 RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t AFLDriverTest
17 RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest
1618 RUN: [[ $(grep "peak_rss_mb\|slowest_unit_time_sec" %t | wc -l) -eq 2 ]]
1719
1820 ; Test that specifying a valid preexisting stats file works.
1921 RUN: printf "peak_rss_mb : 0\nslowest_unit_time_sec: 0\n" > %t
20 RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t AFLDriverTest
22 RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest
2123 ; Check that both lines were printed.
2224 RUN: [[ $(grep "peak_rss_mb\|slowest_unit_time_sec" %t | wc -l) -eq 2 ]]
2325
2527 ; Check that both lines have 9999 since there's no way we have exceeded that
2628 ; amount of time or virtual memory.
2729 RUN: printf "peak_rss_mb : 9999\nslowest_unit_time_sec: 9999\n" > %t
28 RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t AFLDriverTest
30 RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest
2931 RUN: [[ $(grep "9999" %t | wc -l) -eq 2 ]]
0 REQUIRES: posix
1
2 RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %S/../afl/afl_driver.cpp -o %t-AFLDriverTest
13
24 ; Test that not specifying a stderr file isn't broken.
35 RUN: unset AFL_DRIVER_STDERR_DUPLICATE_FILENAME
4 RUN: AFLDriverTest
6 RUN: %t-AFLDriverTest
57
68 ; Test that specifying an invalid file causes a crash.
7 RUN: ASAN_OPTIONS= AFL_DRIVER_STDERR_DUPLICATE_FILENAME="%T" not --crash AFLDriverTest
9 RUN: ASAN_OPTIONS= AFL_DRIVER_STDERR_DUPLICATE_FILENAME="%T" not --crash %t-AFLDriverTest
810
911 ; Test that a file is created when specified as the duplicate stderr.
10 RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=%t AFLDriverTest
12 RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=%t %t-AFLDriverTest
1113 RUN: stat %t
0 REQUIRES: linux
1
2 RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %S/../afl/afl_driver.cpp -o %t-AFLDriverTest
3
14 RUN: echo -n "abc" > %t.file3
25 RUN: echo -n "abcd" > %t.file4
36
4 RUN: AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK1
7 RUN: %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK1
58 CHECK1: __afl_persistent_loop calle, Count = 1000
69 CHECK1: LLVMFuzzerTestOneInput called; Size = 3
710
811
9 RUN: AFLDriverTest < %t.file3 -42 2>&1 | FileCheck %s --check-prefix=CHECK2
12 RUN: %t-AFLDriverTest < %t.file3 -42 2>&1 | FileCheck %s --check-prefix=CHECK2
1013 CHECK2: __afl_persistent_loop calle, Count = 42
1114 CHECK2: LLVMFuzzerTestOneInput called; Size = 3
1215
1316
14 RUN: AFLDriverTest < %t.file3 666 2>&1 | FileCheck %s --check-prefix=CHECK3
17 RUN: %t-AFLDriverTest < %t.file3 666 2>&1 | FileCheck %s --check-prefix=CHECK3
1518 CHECK3: WARNING: using the deprecated call style
1619 CHECK3: __afl_persistent_loop calle, Count = 666
1720 CHECK3: LLVMFuzzerTestOneInput called; Size = 3
1821
1922
20 RUN: AFLDriverTest %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK4
23 RUN: %t-AFLDriverTest %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK4
2124 CHECK4: LLVMFuzzerTestOneInput called; Size = 3
2225
23 RUN: AFLDriverTest %t.file3 %t.file4 2>&1 | FileCheck %s --check-prefix=CHECK5
26 RUN: %t-AFLDriverTest %t.file3 %t.file4 2>&1 | FileCheck %s --check-prefix=CHECK5
2427 CHECK5: LLVMFuzzerTestOneInput called; Size = 3
2528 CHECK5: LLVMFuzzerTestOneInput called; Size = 4
None RUN: LLVMFuzzer-BadStrcmpTest -runs=100000
0 RUN: %cpp_compiler %S/BadStrcmpTest.cpp -o %t-LLVMFuzzer-BadStrcmpTest
1 RUN: %t-LLVMFuzzer-BadStrcmpTest -runs=100000
0 RUN: %cpp_compiler %S/CallerCalleeTest.cpp -o %t-LLVMFuzzer-CallerCalleeTest
1 CHECK: BINGO
1 RUN: not LLVMFuzzer-CallerCalleeTest -use_value_profile=1 -cross_over=0 -seed=1 -runs=10000000 2>&1 | FileCheck %s
2 RUN: not %t-LLVMFuzzer-CallerCalleeTest -use_value_profile=1 -cross_over=0 -seed=1 -runs=10000000 2>&1 | FileCheck %s
0 RUN: %cpp_compiler %S/CleanseTest.cpp -o %t-LLVMFuzzer-CleanseTest
1 RUN: echo -n 0123456789ABCDEFGHIZ > %t-in
1 RUN: LLVMFuzzer-CleanseTest -cleanse_crash=1 %t-in -exact_artifact_path=%t-out
2 RUN: %t-LLVMFuzzer-CleanseTest -cleanse_crash=1 %t-in -exact_artifact_path=%t-out
23 RUN: echo -n ' 1 5 A Z' | diff - %t-out
0 XFAIL: darwin
1
2 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest
3 RUN: %cpp_compiler %S/DSO1.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO1.so
4 RUN: %cpp_compiler %S/DSO2.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO2.so
5 RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-LLVMFuzzer-DSO1.so %t-LLVMFuzzer-DSO2.so -o %t-LLVMFuzzer-DSOTest
16
27 CHECK: COVERAGE:
38 CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:13
510 CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:16
611 CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:19
712 CHECK: COVERED_DIRS: {{.*}}lib{{[/\\]}}Fuzzer{{[/\\]}}test
8 RUN: not LLVMFuzzer-NullDerefTest -print_coverage=1 2>&1 | FileCheck %s
13 RUN: not %t-LLVMFuzzer-NullDerefTest -print_coverage=1 2>&1 | FileCheck %s
914
10 RUN: LLVMFuzzer-DSOTest -print_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO
15 RUN: %t-LLVMFuzzer-DSOTest -print_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO
1116 DSO: COVERAGE:
1217 DSO-DAG: COVERED:{{.*}}DSO1{{.*}}DSO1.cpp
1318 DSO-DAG: COVERED:{{.*}}DSO2{{.*}}DSO2.cpp
0 UNSUPPORTED: windows
11
2 RUN: not LLVMFuzzer-CxxStringEqTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
2 RUN: %cpp_compiler %S/CxxStringEqTest.cpp -o %t-LLVMFuzzer-CxxStringEqTest
3
4 RUN: not %t-LLVMFuzzer-CxxStringEqTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
35 CHECK: BINGO
0 REQUIRES: lsan
1 RUN: LLVMFuzzer-AccumulateAllocationsTest -detect_leaks=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=ACCUMULATE_ALLOCS
1 RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-LLVMFuzzer-AccumulateAllocationsTest
2 RUN: %t-LLVMFuzzer-AccumulateAllocationsTest -detect_leaks=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=ACCUMULATE_ALLOCS
23 ACCUMULATE_ALLOCS: INFO: libFuzzer disabled leak detection after every mutation
34
0 RUN: %cpp_compiler %S/DSO1.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO1.so
1 RUN: %cpp_compiler %S/DSO2.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO2.so
2 RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-LLVMFuzzer-DSO1.so %t-LLVMFuzzer-DSO2.so -o %t-LLVMFuzzer-DSOTest
3
4 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest
5
6 RUN: rm -rf %t_workdir && mkdir -p %t_workdir
1 RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not LLVMFuzzer-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s
2 RUN: sancov -covered-functions LLVMFuzzer-NullDerefTest* %t_workdir/*.sancov | FileCheck %s --check-prefix=SANCOV
3 RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' LLVMFuzzer-DSOTest -dump_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO
4 RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not LLVMFuzzer-NullDerefTest -dump_coverage=0 2>&1 | FileCheck %s --check-prefix=NOCOV
7 RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %t-LLVMFuzzer-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s
8 RUN: sancov -covered-functions %t-LLVMFuzzer-NullDerefTest* %t_workdir/*.sancov | FileCheck %s --check-prefix=SANCOV
9 RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' %t-LLVMFuzzer-DSOTest -dump_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO
10 RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %t-LLVMFuzzer-NullDerefTest -dump_coverage=0 2>&1 | FileCheck %s --check-prefix=NOCOV
511
612 CHECK: SanitizerCoverage: {{.*}}LLVMFuzzer-NullDerefTest.{{.*}}.sancov: {{.*}} PCs written
713 SANCOV: LLVMFuzzerTestOneInput
22 # to stress the signal handling and ensure that shmem doesn't mind
33 # the signals.
44
5 RUN: LLVMFuzzer-EquivalenceATest -timeout=1 -run_equivalence_server=EQUIV_SIG_TEST & export APID=$!
5 RUN: %cpp_compiler %S/EquivalenceATest.cpp -o %t-LLVMFuzzer-EquivalenceATest
6 RUN: %t-LLVMFuzzer-EquivalenceATest -timeout=1 -run_equivalence_server=EQUIV_SIG_TEST & export APID=$!
67 RUN: sleep 3
7 RUN: LLVMFuzzer-EquivalenceATest -timeout=1 -use_equivalence_server=EQUIV_SIG_TEST -runs=500000 2>&1
8 RUN: %t-LLVMFuzzer-EquivalenceATest -timeout=1 -use_equivalence_server=EQUIV_SIG_TEST -runs=500000 2>&1
89 RUN: kill -9 $APID
0 REQUIRES: posix
1 RUN: %cpp_compiler %S/EquivalenceATest.cpp -o %t-LLVMFuzzer-EquivalenceATest
2 RUN: %cpp_compiler %S/EquivalenceBTest.cpp -o %t-LLVMFuzzer-EquivalenceBTest
13
2 RUN: LLVMFuzzer-EquivalenceATest -run_equivalence_server=EQUIV_TEST & export APID=$!
4 RUN: %t-LLVMFuzzer-EquivalenceATest -run_equivalence_server=EQUIV_TEST & export APID=$!
35 RUN: sleep 3
4 RUN: not LLVMFuzzer-EquivalenceBTest -use_equivalence_server=EQUIV_TEST -max_len=4096 2>&1 | FileCheck %s
6 RUN: not %t-LLVMFuzzer-EquivalenceBTest -use_equivalence_server=EQUIV_TEST -max_len=4096 2>&1 | FileCheck %s
57 CHECK: ERROR: libFuzzer: equivalence-mismatch. Sizes: {{.*}}; offset 2
68 CHECK: SUMMARY: libFuzzer: equivalence-mismatch
79 RUN: kill -9 $APID
None RUN: not LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s
0 RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest
1 RUN: not %t-LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s
12
23 CHECK: ERROR: libFuzzer: fuzz target exited
34 CHECK: SUMMARY: libFuzzer: fuzz target exited
0 REQUIRES: linux
11
2 RUN: not LLVMFuzzer-TableLookupTest -print_final_stats=1 2>&1 | FileCheck %s
2 RUN: %cpp_compiler %S/TableLookupTest.cpp -o %t-LLVMFuzzer-TableLookupTest
3 RUN: not %t-LLVMFuzzer-TableLookupTest -print_final_stats=1 2>&1 | FileCheck %s
34 CHECK: BINGO
45 // Expecting >= 4096 new_units_added
56 CHECK: stat::new_units_added:{{.*[4][0-9][0-9][0-9]}}
0 RUN: %cpp_compiler %S/CustomCrossOverTest.cpp -o %t-LLVMFuzzer-CustomCrossOverTest
1
2 RUN: rm -rf %t/CustomCrossover
13 RUN: mkdir -p %t/CustomCrossover
24 RUN: echo "0123456789" > %t/CustomCrossover/digits
35 RUN: echo "abcdefghij" > %t/CustomCrossover/chars
4 RUN: not LLVMFuzzer-CustomCrossOverTest -seed=1 -runs=100000 %t/CustomCrossover 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomCrossover
6 RUN: not %t-LLVMFuzzer-CustomCrossOverTest -seed=1 -runs=100000 %t/CustomCrossover 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomCrossover
57 RUN: rm -rf %t/CustomCrossover
68
79 LLVMFuzzerCustomCrossover: In LLVMFuzzerCustomCrossover
None RUN: LLVMFuzzer-CustomCrossOverAndMutateTest -seed=1 -runs=100000
0 RUN: %cpp_compiler %S/CustomCrossOverAndMutateTest.cpp -o %t-LLVMFuzzer-CustomCrossOverAndMutateTest
1 RUN: %t-LLVMFuzzer-CustomCrossOverAndMutateTest -seed=1 -runs=100000
None RUN: not LLVMFuzzer-CustomMutatorTest 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomMutator
0 RUN: %cpp_compiler %S/CustomMutatorTest.cpp -o %t-LLVMFuzzer-CustomMutatorTest
1 RUN: not %t-LLVMFuzzer-CustomMutatorTest 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomMutator
12 LLVMFuzzerCustomMutator: In LLVMFuzzerCustomMutator
23 LLVMFuzzerCustomMutator: BINGO
34
0 RUN: %cpp_compiler %S/SimpleDictionaryTest.cpp -o %t-LLVMFuzzer-SimpleDictionaryTest
1
2 CHECK: BINGO
13 Done1000000: Done 1000000 runs in
24
3 RUN: not LLVMFuzzer-SimpleDictionaryTest -dict=%S/dict1.txt -seed=1 -runs=1000003 2>&1 | FileCheck %s
4 RUN: LLVMFuzzer-SimpleDictionaryTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000
5 RUN: not %t-LLVMFuzzer-SimpleDictionaryTest -dict=%S/dict1.txt -seed=1 -runs=1000003 2>&1 | FileCheck %s
6 RUN: %t-LLVMFuzzer-SimpleDictionaryTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000
57
0 RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest
1
2 RUN: rm -rf %t/SUB1
13 RUN: mkdir -p %t/SUB1/SUB2/SUB3
24 RUN: echo a > %t/SUB1/a
35 RUN: echo b > %t/SUB1/SUB2/b
46 RUN: echo c > %t/SUB1/SUB2/SUB3/c
5 RUN: LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=SUBDIRS
7 RUN: %t-LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=SUBDIRS
68 SUBDIRS: READ units: 3
79 RUN: echo -n zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz > %t/SUB1/f64
810 RUN: cat %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 > %t/SUB1/f256
911 RUN: cat %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 > %t/SUB1/f1024
1012 RUN: cat %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 > %t/SUB1/f4096
1113 RUN: cat %t/SUB1/f4096 %t/SUB1/f4096 > %t/SUB1/f8192
12 RUN: LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=LONG
14 RUN: %t-LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=LONG
1315 LONG: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 8192 bytes
1416 RUN: rm -rf %t/SUB1
1517
16 RUN: not LLVMFuzzer-SimpleTest NONEXISTENT_DIR 2>&1 | FileCheck %s --check-prefix=NONEXISTENT_DIR
18 RUN: not %t-LLVMFuzzer-SimpleTest NONEXISTENT_DIR 2>&1 | FileCheck %s --check-prefix=NONEXISTENT_DIR
1719 NONEXISTENT_DIR: No such directory: NONEXISTENT_DIR; exiting
1820
None RUN: LLVMFuzzer-SpamyTest -runs=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_0
1 RUN: LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=0 2>&1 | FileCheck %s --check-prefix=FD_MASK_0
2 RUN: LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_1
3 RUN: LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=2 2>&1 | FileCheck %s --check-prefix=FD_MASK_2
4 RUN: LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=FD_MASK_3
0 RUN: %cpp_compiler %S/SpamyTest.cpp -o %t-LLVMFuzzer-SpamyTest
1
2 RUN: %t-LLVMFuzzer-SpamyTest -runs=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_0
3 RUN: %t-LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=0 2>&1 | FileCheck %s --check-prefix=FD_MASK_0
4 RUN: %t-LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_1
5 RUN: %t-LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=2 2>&1 | FileCheck %s --check-prefix=FD_MASK_2
6 RUN: %t-LLVMFuzzer-SpamyTest -runs=1 -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=FD_MASK_3
57
68 FD_MASK_0: PRINTF_STDOUT
79 FD_MASK_0: PRINTF_STDERR
None RUN: LLVMFuzzer-SimpleTest -seed=1 -runs=77 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS
0 RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest
1 RUN: %t-LLVMFuzzer-SimpleTest -seed=1 -runs=77 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS
12 FINAL_STATS: stat::number_of_executed_units: 77
23 FINAL_STATS: stat::average_exec_per_sec: 0
34 FINAL_STATS: stat::new_units_added:
45 FINAL_STATS: stat::slowest_unit_time_sec: 0
56 FINAL_STATS: stat::peak_rss_mb:
67
7 RUN: LLVMFuzzer-SimpleTest %S/dict1.txt -runs=33 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS1
8 RUN: %t-LLVMFuzzer-SimpleTest %S/dict1.txt -runs=33 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS1
89 FINAL_STATS1: stat::number_of_executed_units: 33
910 FINAL_STATS1: stat::peak_rss_mb:
1011
None RUN: not LLVMFuzzer-FlagsTest -foo_bar=1 2>&1 | FileCheck %s --check-prefix=FOO_BAR
0 RUN: %cpp_compiler %S/FlagsTest.cpp -o %t-LLVMFuzzer-FlagsTest
1 RUN: not %t-LLVMFuzzer-FlagsTest -foo_bar=1 2>&1 | FileCheck %s --check-prefix=FOO_BAR
12 FOO_BAR: WARNING: unrecognized flag '-foo_bar=1'; use -help=1 to list all flags
23 FOO_BAR: BINGO
34
4 RUN: not LLVMFuzzer-FlagsTest -runs=10 --max_len=100 2>&1 | FileCheck %s --check-prefix=DASH_DASH
5 RUN: not %t-LLVMFuzzer-FlagsTest -runs=10 --max_len=100 2>&1 | FileCheck %s --check-prefix=DASH_DASH
56 DASH_DASH: WARNING: did you mean '-max_len=100' (single dash)?
67 DASH_DASH: INFO: A corpus is not provided, starting from an empty corpus
78
8 RUN: LLVMFuzzer-FlagsTest -help=1 2>&1 | FileCheck %s --check-prefix=NO_INTERNAL
9 RUN: %t-LLVMFuzzer-FlagsTest -help=1 2>&1 | FileCheck %s --check-prefix=NO_INTERNAL
910 NO_INTERNAL-NOT: internal flag
1011
11 RUN: not LLVMFuzzer-FlagsTest --foo-bar -runs=10 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU
12 RUN: not %t-LLVMFuzzer-FlagsTest --foo-bar -runs=10 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU
1213 PASSTHRU: BINGO --foo-bar --baz -help=1 test
1314
1415 RUN: mkdir -p %t/T0 %t/T1
1516 RUN: touch %t/T1/empty
16 RUN: not LLVMFuzzer-FlagsTest --foo-bar -merge=1 %t/T0 %t/T1 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU-MERGE
17 RUN: not %t-LLVMFuzzer-FlagsTest --foo-bar -merge=1 %t/T0 %t/T1 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU-MERGE
1718 PASSTHRU-MERGE: BINGO --foo-bar --baz -help=1 test
0 REQUIRES: lsan
1 RUN: not LLVMFuzzer-LeakTest -runs=100000 -detect_leaks=1 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
1 RUN: %cpp_compiler %S/LeakTest.cpp -o %t-LLVMFuzzer-LeakTest
2 RUN: %cpp_compiler %S/ThreadedLeakTest.cpp -o %t-LLVMFuzzer-ThreadedLeakTest
3 RUN: %cpp_compiler %S/LeakTimeoutTest.cpp -o %t-LLVMFuzzer-LeakTimeoutTest
4
5 RUN: not %t-LLVMFuzzer-LeakTest -runs=100000 -detect_leaks=1 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
26 LEAK_DURING: ERROR: LeakSanitizer: detected memory leaks
37 LEAK_DURING: Direct leak of 4 byte(s) in 1 object(s) allocated from:
48 LEAK_DURING: INFO: to ignore leaks on libFuzzer side use -detect_leaks=0
610 LEAK_DURING-NOT: DONE
711 LEAK_DURING-NOT: Done
812
9 RUN: not LLVMFuzzer-LeakTest -runs=0 -detect_leaks=1 %S 2>&1 | FileCheck %s --check-prefix=LEAK_IN_CORPUS
13 RUN: not %t-LLVMFuzzer-LeakTest -runs=0 -detect_leaks=1 %S 2>&1 | FileCheck %s --check-prefix=LEAK_IN_CORPUS
1014 LEAK_IN_CORPUS: ERROR: LeakSanitizer: detected memory leaks
1115 LEAK_IN_CORPUS: INFO: a leak has been found in the initial corpus.
1216
13 RUN: not LLVMFuzzer-LeakTest -runs=100000000 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=MULTI_RUN_LEAK
17 RUN: not %t-LLVMFuzzer-LeakTest -runs=100000000 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=MULTI_RUN_LEAK
1418 MULTI_RUN_LEAK-NOT: pulse
1519 MULTI_RUN_LEAK: LeakSanitizer: detected memory leaks
1620
17 RUN: not LLVMFuzzer-LeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER
18 RUN: not LLVMFuzzer-LeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
19 RUN: not LLVMFuzzer-ThreadedLeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER
20 RUN: not LLVMFuzzer-ThreadedLeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
21 RUN: not %t-LLVMFuzzer-LeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER
22 RUN: not %t-LLVMFuzzer-LeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
23 RUN: not %t-LLVMFuzzer-ThreadedLeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER
24 RUN: not %t-LLVMFuzzer-ThreadedLeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
2125 LEAK_AFTER: Done 100000 runs in
2226 LEAK_AFTER: ERROR: LeakSanitizer: detected memory leaks
2327
24 RUN: not LLVMFuzzer-LeakTest -runs=100000 -max_len=1 2>&1 | FileCheck %s --check-prefix=MAX_LEN_1
28 RUN: not %t-LLVMFuzzer-LeakTest -runs=100000 -max_len=1 2>&1 | FileCheck %s --check-prefix=MAX_LEN_1
2529 MAX_LEN_1: Test unit written to ./leak-7cf184f4c67ad58283ecb19349720b0cae756829
2630
27 RUN: not LLVMFuzzer-LeakTimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=LEAK_TIMEOUT
31 RUN: not %t-LLVMFuzzer-LeakTimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=LEAK_TIMEOUT
2832 LEAK_TIMEOUT: ERROR: libFuzzer: timeout after
2933 LEAK_TIMEOUT-NOT: LeakSanitizer
3034
3135
32 RUN: LLVMFuzzer-LeakTest -error_exitcode=0
36 RUN: %t-LLVMFuzzer-LeakTest -error_exitcode=0
0 REQUIRES: linux
1 RUN: not LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s
1 RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-LLVMFuzzer-OutOfMemoryTest
2 RUN: not %t-LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s
23 CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 300Mb)
34 CHECK: Live Heap Allocations
45 CHECK: Test unit written to ./oom-
None RUN: not LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s
0 RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-LLVMFuzzer-OutOfMemoryTest
1 RUN: %cpp_compiler %S/OutOfMemorySingleLargeMallocTest.cpp -o %t-LLVMFuzzer-OutOfMemorySingleLargeMallocTest
2 RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-LLVMFuzzer-AccumulateAllocationsTest
3
4 RUN: not %t-LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s
15
26 CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 300Mb)
37 CHECK: Test unit written to ./oom-
48 SUMMARY: libFuzzer: out-of-memory
59
6 RUN: not LLVMFuzzer-OutOfMemorySingleLargeMallocTest -rss_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC
10 RUN: not %t-LLVMFuzzer-OutOfMemorySingleLargeMallocTest -rss_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC
711
812 We used to check for "out-of-memory (malloc(53{{.*}}))", but that would fail
913 sometimes, so now we accept any OOM message.
1216 SINGLE_LARGE_MALLOC: in LLVMFuzzerTestOneInput
1317
1418 # Check that -rss_limit_mb=0 means no limit.
15 RUN: LLVMFuzzer-AccumulateAllocationsTest -runs=1000 -rss_limit_mb=0
19 RUN: %t-LLVMFuzzer-AccumulateAllocationsTest -runs=1000 -rss_limit_mb=0
None RUN: echo
1 DISABLED: not LLVMFuzzer-SimpleTest -print_pcs=1 -seed=1 2>&1 | FileCheck %s --check-prefix=PCS
0 RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest
1 DISABLED: not %t-LLVMFuzzer-SimpleTest -print_pcs=1 -seed=1 2>&1 | FileCheck %s --check-prefix=PCS
22 PCS-NOT: NEW_PC
33 PCS:INITED
44 PCS:NEW_PC: {{0x[a-f0-9]+}}
0 RUN: mkdir -p %t
1 RUN: %cpp_compiler %S/NthRunCrashTest.cpp -o %t-LLVMFuzzer-NthRunCrashTest
12 RUN: echo abcd > %t/NthRunCrashTest.in
2 RUN: LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in
3 RUN: LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in -runs=10
4 RUN: not LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in -runs=10000 2>&1 | FileCheck %s
3 RUN: %t-LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in
4 RUN: %t-LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in -runs=10
5 RUN: not %t-LLVMFuzzer-NthRunCrashTest %t/NthRunCrashTest.in -runs=10000 2>&1 | FileCheck %s
56 RUN: rm %t/NthRunCrashTest.in
67 CHECK: BINGO
78
None RUN: LLVMFuzzer-SimpleCmpTest -seed=-1 -runs=0 2>&1 | FileCheck %s --check-prefix=CHECK_SEED_MINUS_ONE
0 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-SimpleCmpTest
1 RUN: %t-LLVMFuzzer-SimpleCmpTest -seed=-1 -runs=0 2>&1 | FileCheck %s --check-prefix=CHECK_SEED_MINUS_ONE
12 CHECK_SEED_MINUS_ONE: Seed: 4294967295
23
None RUN: env ASAN_OPTIONS=handle_segv=0 not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_OWN_SEGV_HANDLER
0 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest
1 RUN: env ASAN_OPTIONS=handle_segv=0 not %t-LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_OWN_SEGV_HANDLER
12 LIBFUZZER_OWN_SEGV_HANDLER: == ERROR: libFuzzer: deadly signal
23 LIBFUZZER_OWN_SEGV_HANDLER: SUMMARY: libFuzzer: deadly signal
34 LIBFUZZER_OWN_SEGV_HANDLER: Test unit written to ./crash-
45
5 RUN: env ASAN_OPTIONS=handle_segv=1 not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_ASAN_SEGV_HANDLER
6 RUN: env ASAN_OPTIONS=handle_segv=1 not %t-LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_ASAN_SEGV_HANDLER
67 LIBFUZZER_ASAN_SEGV_HANDLER: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address
None RUN: not LLVMFuzzer-NullDerefTest %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInput
0 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest
1 RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest
2
3 RUN: not %t-LLVMFuzzer-NullDerefTest %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInput
14 SingleInput-NOT: Test unit written to ./crash-
25
36 RUN: rm -rf %tmp/SINGLE_INPUTS
47 RUN: mkdir -p %tmp/SINGLE_INPUTS
58 RUN: echo aaa > %tmp/SINGLE_INPUTS/aaa
69 RUN: echo bbb > %tmp/SINGLE_INPUTS/bbb
7 RUN: LLVMFuzzer-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
8 RUN: LLVMFuzzer-SimpleTest -max_len=2 %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
10 RUN: %t-LLVMFuzzer-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
11 RUN: %t-LLVMFuzzer-SimpleTest -max_len=2 %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
912 RUN: rm -rf %tmp/SINGLE_INPUTS
1013 SINGLE_INPUTS: LLVMFuzzer-SimpleTest{{.*}}: Running 2 inputs 1 time(s) each.
1114 SINGLE_INPUTS: aaa in
0 CHECK: Done 1000 runs in
1 RUN: %cpp_compiler %S/ThreadedTest.cpp -o %t-LLVMFuzzer-ThreadedTest
12
2 RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
3 RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
4 RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
5 RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
3 RUN: %t-LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
4 RUN: %t-LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
5 RUN: %t-LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
6 RUN: %t-LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
67
None RUN: not LLVMFuzzer-TimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutTest
0 RUN: %cpp_compiler %S/TimeoutTest.cpp -o %t-LLVMFuzzer-TimeoutTest
1 RUN: %cpp_compiler %S/TimeoutEmptyTest.cpp -o %t-LLVMFuzzer-TimeoutEmptyTest
2 RUN: not %t-LLVMFuzzer-TimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutTest
13 TimeoutTest: ALARM: working on the last Unit for
24 TimeoutTest: Test unit written to ./timeout-
35 TimeoutTest: == ERROR: libFuzzer: timeout after
68 TimeoutTest: #2
79 TimeoutTest: SUMMARY: libFuzzer: timeout
810
9 RUN: not LLVMFuzzer-TimeoutTest -timeout=1 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInputTimeoutTest
11 RUN: not %t-LLVMFuzzer-TimeoutTest -timeout=1 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInputTimeoutTest
1012 SingleInputTimeoutTest: ALARM: working on the last Unit for {{[1-3]}} seconds
1113 SingleInputTimeoutTest-NOT: Test unit written to ./timeout-
1214
13 RUN: LLVMFuzzer-TimeoutTest -timeout=1 -timeout_exitcode=0
15 RUN: %t-LLVMFuzzer-TimeoutTest -timeout=1 -timeout_exitcode=0
1416
15 RUN: not LLVMFuzzer-TimeoutEmptyTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutEmptyTest
17 RUN: not %t-LLVMFuzzer-TimeoutEmptyTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutEmptyTest
1618 TimeoutEmptyTest: ALARM: working on the last Unit for
1719 TimeoutEmptyTest: == ERROR: libFuzzer: timeout after
1820 TimeoutEmptyTest: SUMMARY: libFuzzer: timeout
0 // FIXME: Support for sanitizer hooks for memcmp and strcmp needs to
11 // be implemented in the sanitizer runtime for this test
22 UNSUPPORTED: windows
3 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-LLVMFuzzer-MemcmpTest
4 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-LLVMFuzzer-StrncmpTest
5 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-LLVMFuzzer-StrcmpTest
6 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-LLVMFuzzer-StrstrTest
7 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-LLVMFuzzer-Memcmp64BytesTest
8 RUN: %cpp_compiler %S/RepeatedMemcmp.cpp -o %t-LLVMFuzzer-RepeatedMemcmp
9
310 CHECK: BINGO
411
5 RUN: not LLVMFuzzer-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
6 RUN: not LLVMFuzzer-StrncmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
7 RUN: not LLVMFuzzer-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
8 RUN: not LLVMFuzzer-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
12 RUN: not %t-LLVMFuzzer-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
13 RUN: not %t-LLVMFuzzer-StrncmpTest -seed=2 -runs=2000000 2>&1 | FileCheck %s
14 RUN: not %t-LLVMFuzzer-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
15 RUN: not %t-LLVMFuzzer-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
916
10 RUN: not LLVMFuzzer-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
17 RUN: not %t-LLVMFuzzer-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
1118
12 RUN: LLVMFuzzer-RepeatedMemcmp -seed=11 -runs=100000 -max_len=20 2>&1 | FileCheck %s --check-prefix=RECOMMENDED_DICT
19 RUN: %t-LLVMFuzzer-RepeatedMemcmp -seed=11 -runs=100000 -max_len=20 2>&1 | FileCheck %s --check-prefix=RECOMMENDED_DICT
1320 RECOMMENDED_DICT:###### Recommended dictionary. ######
1421 RECOMMENDED_DICT-DAG: "foo"
1522 RECOMMENDED_DICT-DAG: "bar"
None RUN: not LLVMFuzzer-SignedIntOverflowTest-Ubsan 2>&1 | FileCheck %s
0 RUN: %cpp_compiler -fsanitize=undefined -fno-sanitize-recover=all %S/SignedIntOverflowTest.cpp -o %t-LLVMFuzzer-SignedIntOverflowTest-Ubsan
1 RUN: not %t-LLVMFuzzer-SignedIntOverflowTest-Ubsan 2>&1 | FileCheck %s
12 CHECK: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
23 CHECK: Test unit written to ./crash-
34
0 CHECK: BINGO
11 Done1000000: Done 1000000 runs in
2 RUN: %cpp_compiler %S/BogusInitializeTest.cpp -o %t-LLVMFuzzer-BogusInitializeTest
3 RUN: %cpp_compiler %S/BufferOverflowOnInput.cpp -o %t-LLVMFuzzer-BufferOverflowOnInput
4 RUN: %cpp_compiler %S/CounterTest.cpp -o %t-LLVMFuzzer-CounterTest
5 RUN: %cpp_compiler %S/DSO1.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO1.so
6 RUN: %cpp_compiler %S/DSO2.cpp -fPIC -shared -o %t-LLVMFuzzer-DSO2.so
7 RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-LLVMFuzzer-DSO1.so %t-LLVMFuzzer-DSO2.so -o %t-LLVMFuzzer-DSOTest
8 RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-LLVMFuzzer-FullCoverageSetTest
9 RUN: %cpp_compiler %S/InitializeTest.cpp -o %t-LLVMFuzzer-InitializeTest
10 RUN: %cpp_compiler %S/NotinstrumentedTest.cpp -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -o %t-LLVMFuzzer-NotinstrumentedTest-NoCoverage
11 RUN: %cpp_compiler %S/NullDerefOnEmptyTest.cpp -o %t-LLVMFuzzer-NullDerefOnEmptyTest
12 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest
13 RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-LLVMFuzzer-ShrinkControlFlowTest
14 RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-LLVMFuzzer-SimpleCmpTest
15 RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest
16 RUN: %cpp_compiler %S/StrncmpOOBTest.cpp -o %t-LLVMFuzzer-StrncmpOOBTest
217
3 RUN: not LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s
18 RUN: not %t-LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s
419
520 # only_ascii mode. Will perform some minimal self-validation.
6 RUN: not LLVMFuzzer-SimpleTest -only_ascii=1 2>&1
21 RUN: not %t-LLVMFuzzer-SimpleTest -only_ascii=1 2>&1
722
8 RUN: LLVMFuzzer-SimpleCmpTest -max_total_time=1 -use_cmp=0 2>&1 | FileCheck %s --check-prefix=MaxTotalTime
23 RUN: %t-LLVMFuzzer-SimpleCmpTest -max_total_time=1 -use_cmp=0 2>&1 | FileCheck %s --check-prefix=MaxTotalTime
924 MaxTotalTime: Done {{.*}} runs in {{.}} second(s)
1025
11 RUN: not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest
12 RUN: not LLVMFuzzer-NullDerefTest -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=NullDerefTest
26 RUN: not %t-LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest
27 RUN: not %t-LLVMFuzzer-NullDerefTest -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=NullDerefTest
1328 NullDerefTest: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address
1429 NullDerefTest: Test unit written to ./crash-
15 RUN: not LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix
30 RUN: not %t-LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix
1631 NullDerefTestPrefix: Test unit written to ZZZcrash-
17 RUN: not LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=NullDerefTestExactPath
32 RUN: not %t-LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=NullDerefTestExactPath
1833 NullDerefTestExactPath: Test unit written to FOOBAR
1934
20 RUN: not LLVMFuzzer-NullDerefOnEmptyTest -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=NULL_DEREF_ON_EMPTY
35 RUN: not %t-LLVMFuzzer-NullDerefOnEmptyTest -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=NULL_DEREF_ON_EMPTY
2136 NULL_DEREF_ON_EMPTY: stat::number_of_executed_units:
2237
23 #not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
38 #not %t-LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
2439
25 RUN: not LLVMFuzzer-CounterTest -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=COUNTERS
40 RUN: not %t-LLVMFuzzer-CounterTest -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=COUNTERS
2641
2742 COUNTERS: INITED {{.*}} {{bits:|ft:}}
2843 COUNTERS: NEW {{.*}} {{bits:|ft:}} {{[1-9]*}}
3045 COUNTERS: BINGO
3146
3247 # Don't run UninstrumentedTest for now since we build libFuzzer itself with asan.
33 DISABLED: not LLVMFuzzer-UninstrumentedTest-Uninstrumented 2>&1 | FileCheck %s --check-prefix=UNINSTRUMENTED
48 DISABLED: not %t-LLVMFuzzer-UninstrumentedTest-Uninstrumented 2>&1 | FileCheck %s --check-prefix=UNINSTRUMENTED
3449 UNINSTRUMENTED: ERROR: __sanitizer_set_death_callback is not defined. Exiting.
3550
36 RUN: not LLVMFuzzer-NotinstrumentedTest-NoCoverage 2>&1 | FileCheck %s --check-prefix=NO_COVERAGE
51 RUN: not %t-LLVMFuzzer-NotinstrumentedTest-NoCoverage 2>&1 | FileCheck %s --check-prefix=NO_COVERAGE
3752 NO_COVERAGE: ERROR: no interesting inputs were found. Is the code instrumented for coverage? Exiting
3853
39 RUN: not LLVMFuzzer-BufferOverflowOnInput 2>&1 | FileCheck %s --check-prefix=OOB
54 RUN: not %t-LLVMFuzzer-BufferOverflowOnInput 2>&1 | FileCheck %s --check-prefix=OOB
4055 OOB: AddressSanitizer: heap-buffer-overflow
4156 OOB: is located 0 bytes to the right of 3-byte region
4257
43 RUN: not LLVMFuzzer-InitializeTest -use_value_profile=1 2>&1 | FileCheck %s
58 RUN: not %t-LLVMFuzzer-InitializeTest -use_value_profile=1 2>&1 | FileCheck %s
4459
45 RUN: not LLVMFuzzer-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO
60 RUN: not %t-LLVMFuzzer-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO
4661 DSO: INFO: Loaded 3 modules
4762 DSO: BINGO
4863
49 RUN: LLVMFuzzer-SimpleTest -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
50 RUN: LLVMFuzzer-ShrinkControlFlowTest -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
64 RUN: %t-LLVMFuzzer-SimpleTest -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
65 RUN: %t-LLVMFuzzer-ShrinkControlFlowTest -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
5166 EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.
5267
53 RUN: env ASAN_OPTIONS=strict_string_checks=1 not LLVMFuzzer-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
68 RUN: env ASAN_OPTIONS=strict_string_checks=1 not %t-LLVMFuzzer-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
5469 STRNCMP: AddressSanitizer: heap-buffer-overflow
5570 STRNCMP-NOT: __sanitizer_weak_hook_strncmp
5671 STRNCMP: in LLVMFuzzerTestOneInput
5772
58 RUN: not LLVMFuzzer-BogusInitializeTest 2>&1 | FileCheck %s --check-prefix=BOGUS_INITIALIZE
73 RUN: not %t-LLVMFuzzer-BogusInitializeTest 2>&1 | FileCheck %s --check-prefix=BOGUS_INITIALIZE
5974 BOGUS_INITIALIZE: argv[0] has been modified in LLVMFuzzerInitialize
+0
-12
lib/Fuzzer/test/inline-8bit-counters/CMakeLists.txt less more
None # These tests are instrumented with -fsanitize-coverage=inline-8bit-counters
1
2 set(CMAKE_CXX_FLAGS
3 "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=trace-pc-guard -fsanitize-coverage=inline-8bit-counters,pc-table")
4
5 set(Inline8bitCounterTests
6 SimpleTest
7 )
8
9 foreach(Test ${Inline8bitCounterTests})
10 add_libfuzzer_test(${Test}-Inline8bitCounters SOURCES ../${Test}.cpp)
11 endforeach()
0 REQUIRES: linux
1 RUN: %cpp_compiler %S/SimpleTest.cpp -fno-sanitize-coverage=trace-pc-guard -fsanitize-coverage=inline-8bit-counters -o %t-LLVMFuzzer-SimpleTest-Inline8bitCounters
12 CHECK: INFO: Loaded 1 modules ({{.*}} inline 8-bit counters)
23 CHECK: BINGO
3 RUN: not LLVMFuzzer-SimpleTest-Inline8bitCounters -runs=1000000 -seed=1 2>&1 | FileCheck %s
4 RUN: not %t-LLVMFuzzer-SimpleTest-Inline8bitCounters -runs=1000000 -seed=1 2>&1 | FileCheck %s
5252 config.available_features.add('linux')
5353 else:
5454 lit_config.note('linux feature unavailable')
55
56 config.substitutions.append(('%build_dir', config.cmake_binary_dir))
57
58 def generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True):
59 compiler_cmd = config.cpp_compiler if is_cpp else config.c_compiler
60 std_cmd = '-std=c++11' if is_cpp else ''
61 sanitizers = ['address']
62 if fuzzer_enabled:
63 sanitizers.append('fuzzer')
64 sanitizers_cmd = ('-fsanitize=%s' % ','.join(sanitizers))
65 isysroot_cmd = ('-isysroot %s' % config.osx_sysroot
66 ) if 'darwin' in config.target_triple else ''
67 include_cmd = '-I%s/../.' % config.test_source_root
68 return '%s %s -gline-tables-only %s %s %s' % (
69 compiler_cmd, std_cmd, isysroot_cmd, sanitizers_cmd, include_cmd)
70
71 config.substitutions.append(('%cpp_compiler',
72 generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True)
73 ))
74
75 config.substitutions.append(('%c_compiler',
76 generate_compiler_cmd(is_cpp=False, fuzzer_enabled=True)
77 ))
78
79 config.substitutions.append(('%no_fuzzer_cpp_compiler',
80 generate_compiler_cmd(is_cpp=True, fuzzer_enabled=False)
81 ))
82
83 config.substitutions.append(('%no_fuzzer_c_compiler',
84 generate_compiler_cmd(is_cpp=False, fuzzer_enabled=False)
85 ))
11 config.llvm_tools_dir = "@LLVM_TOOLS_DIR@"
22 config.has_lsan = True if @HAS_LSAN@ == 1 else False
33 config.is_posix = @LIBFUZZER_POSIX@
4 config.cpp_compiler = "@LIBFUZZER_TEST_CXX_COMPILER@"
5 config.c_compiler = "@LIBFUZZER_TEST_COMPILER@"
6 config.osx_sysroot = "@CMAKE_OSX_SYSROOT@"
7 config.cmake_binary_dir = "@CMAKE_BINARY_DIR@"
8 config.target_triple = "@TARGET_TRIPLE@"
49 lit_config.load_config(config, "@CMAKE_CURRENT_SOURCE_DIR@/lit.cfg")
0 REQUIRES: posix
1
2 RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-LLVMFuzzer-FullCoverageSetTest
13
24 RUN: rm -rf %tmp/T1 %tmp/T2
35 RUN: mkdir -p %tmp/T1 %tmp/T2
1416 RUN: echo .....R > %tmp/T2/6
1517
1618 # Check that we can report an error if file size exceeded
17 RUN: (ulimit -f 1; not LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=SIGXFSZ)
19 RUN: (ulimit -f 1; not %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=SIGXFSZ)
1820 SIGXFSZ: ERROR: libFuzzer: file size exceeded
1921
2022 # Check that we honor TMPDIR
21 RUN: TMPDIR=DIR_DOES_NOT_EXIST not LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=TMPDIR
23 RUN: TMPDIR=DIR_DOES_NOT_EXIST not %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=TMPDIR
2224 TMPDIR: MERGE-OUTER: failed to write to the control file: DIR_DOES_NOT_EXIST/libFuzzerTemp
0 RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-LLVMFuzzer-FullCoverageSetTest
1
2 RUN: rm -rf %t/T1 %t/T2
13 RUN: mkdir -p %t/T0 %t/T1 %t/T2
24 RUN: echo ...Z.. > %t/T2/1
68 RUN: echo .U.... > %t/T2/b
79 RUN: echo ..Z... > %t/T2/c
810
9 RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -save_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=SAVE_SUMMARY
11 RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -save_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=SAVE_SUMMARY
1012 SAVE_SUMMARY: MERGE-OUTER: writing coverage summary for 6 files to {{.*}}SUMMARY
1113 RUN: rm %t/T1/*
12 RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -load_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=LOAD_SUMMARY
14 RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -load_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=LOAD_SUMMARY
1315 LOAD_SUMMARY: MERGE-OUTER: coverage summary loaded from {{.*}}SUMMAR
1416 LOAD_SUMMARY: MERGE-OUTER: 0 new files with 0 new features added
0 CHECK: BINGO
1
2 RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-LLVMFuzzer-FullCoverageSetTest
13
24 RUN: rm -rf %tmp/T0 %tmp/T1 %tmp/T2
35 RUN: mkdir -p %tmp/T0 %tmp/T1 %tmp/T2
79
810 # T1 has 3 elements, T2 is empty.
911 RUN: cp %tmp/T0/* %tmp/T1/
10 RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK1
12 RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK1
1113 CHECK1: MERGE-OUTER: 3 files, 3 in the initial corpus
1214 CHECK1: MERGE-OUTER: 0 new files with 0 new features added
1315
1921 RUN: echo ..Z... > %tmp/T2/c
2022
2123 # T1 has 3 elements, T2 has 6 elements, only 3 are new.
22 RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK2
24 RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK2
2325 CHECK2: MERGE-OUTER: 9 files, 3 in the initial corpus
2426 CHECK2: MERGE-OUTER: 3 new files with 3 new features added
2527
2628 # Now, T1 has 6 units and T2 has no new interesting units.
27 RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK3
29 RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK3
2830 CHECK3: MERGE-OUTER: 12 files, 6 in the initial corpus
2931 CHECK3: MERGE-OUTER: 0 new files with 0 new features added
3032
3234 RUN: rm %tmp/T1/*
3335 RUN: cp %tmp/T0/* %tmp/T1/
3436 RUN: echo looooooooong > %tmp/T2/looooooooong
35 RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=6 2>&1 | FileCheck %s --check-prefix=MAX_LEN
37 RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=6 2>&1 | FileCheck %s --check-prefix=MAX_LEN
3638 MAX_LEN: MERGE-OUTER: 3 new files
3739
3840 # Check that merge tolerates failures.
3941 RUN: rm %tmp/T1/*
4042 RUN: cp %tmp/T0/* %tmp/T1/
4143 RUN: echo 'FUZZER' > %tmp/T2/FUZZER
42 RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=MERGE_WITH_CRASH
44 RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=MERGE_WITH_CRASH
4345 MERGE_WITH_CRASH: MERGE-OUTER: succesfull in 2 attempt(s)
4446 MERGE_WITH_CRASH: MERGE-OUTER: 3 new files
4547
4648 # Check that we actually limit the size with max_len
47 RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=5 2>&1 | FileCheck %s --check-prefix=MERGE_LEN5
49 RUN: %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=5 2>&1 | FileCheck %s --check-prefix=MERGE_LEN5
4850 MERGE_LEN5: MERGE-OUTER: succesfull in 1 attempt(s)
4951
5052 RUN: rm -rf %tmp/T1/* %tmp/T2/*
51 RUN: not LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=EMPTY
53 RUN: not %t-LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=EMPTY
5254 EMPTY: MERGE-OUTER: zero succesfull attempts, exiting
0 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-LLVMFuzzer-NullDerefTest
1 RUN: %cpp_compiler %S/SingleByteInputTest.cpp -o %t-LLVMFuzzer-SingleByteInputTest
2
3 RUN: echo 'Hi!rv349f34t3gg' > not_minimal_crash
1 RUN: LLVMFuzzer-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 2>&1 | FileCheck %s
4 RUN: %t-LLVMFuzzer-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 2>&1 | FileCheck %s
25 CHECK: CRASH_MIN: failed to minimize beyond ./minimized-from-{{.*}} (3 bytes), exiting
3 RUN: LLVMFuzzer-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=CHECK_EXACT
6 RUN: %t-LLVMFuzzer-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=CHECK_EXACT
47 CHECK_EXACT: CRASH_MIN: failed to minimize beyond exact_minimized_path (3 bytes), exiting
58 RUN: rm not_minimal_crash minimized-from-* exact_minimized_path
69
710 RUN: echo -n 'abcd*xyz' > not_minimal_crash
8 RUN: LLVMFuzzer-SingleByteInputTest -minimize_crash=1 not_minimal_crash -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=MIN1
11 RUN: %t-LLVMFuzzer-SingleByteInputTest -minimize_crash=1 not_minimal_crash -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=MIN1
912 MIN1: Test unit written to exact_minimized_path
1013 MIN1: Test unit written to exact_minimized_path
1114 MIN1: INFO: The input is small enough, exiting
0 # Test that the minimizer stops when it sees a differe bug.
1
2 RUN: %cpp_compiler %S/TwoDifferentBugsTest.cpp -o %t-LLVMFuzzer-TwoDifferentBugsTest
13
24 RUN: rm -rf %t && mkdir %t
35 RUN: echo H12345678901234667888090 > %t/long_crash
4 RUN: env ASAN_OPTIONS=dedup_token_length=3 LLVMFuzzer-TwoDifferentBugsTest -seed=1 -minimize_crash=1 %t/long_crash -exact_artifact_path=%t/result 2>&1 | FileCheck %s
6 RUN: env ASAN_OPTIONS=dedup_token_length=3 %t-LLVMFuzzer-TwoDifferentBugsTest -seed=1 -minimize_crash=1 %t/long_crash -exact_artifact_path=%t/result 2>&1 | FileCheck %s
57
68 CHECK: DedupToken1: DEDUP_TOKEN: Bar
79 CHECK: DedupToken2: DEDUP_TOKEN: Bar
911 CHECK: DedupToken2: DEDUP_TOKEN: Foo
1012 CHECK: CRASH_MIN: mismatch in dedup tokens
1113
12 RUN: not LLVMFuzzer-TwoDifferentBugsTest %t/result 2>&1 | FileCheck %s --check-prefix=VERIFY
14 RUN: not %t-LLVMFuzzer-TwoDifferentBugsTest %t/result 2>&1 | FileCheck %s --check-prefix=VERIFY
1315
1416 VERIFY: ERROR: AddressSanitizer:
1517 VERIFY: in Bar
+0
-29
lib/Fuzzer/test/no-coverage/CMakeLists.txt less more
None # These tests are not instrumented with coverage,
1 # but have coverage rt in the binary.
2
3 set(CMAKE_CXX_FLAGS
4 "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard")
5
6 set(NoCoverageTests
7 NotinstrumentedTest
8 )
9
10 foreach(Test ${NoCoverageTests})
11 add_libfuzzer_test(${Test}-NoCoverage SOURCES ../${Test}.cpp)
12 endforeach()
13
14
15 ###############################################################################
16 # AFL Driver test
17 ###############################################################################
18 if(NOT MSVC)
19 add_executable(AFLDriverTest
20 ../AFLDriverTest.cpp ../../afl/afl_driver.cpp)
21
22 set_target_properties(AFLDriverTest
23 PROPERTIES RUNTIME_OUTPUT_DIRECTORY
24 "${CMAKE_BINARY_DIR}/lib/Fuzzer/test"
25 )
26
27 add_dependencies(TestBinaries AFLDriverTest)
28 endif()
None RUN: not LLVMFuzzer-OverwriteInputTest 2>&1 | FileCheck %s
0 RUN: %cpp_compiler %S/OverwriteInputTest.cpp -o %t-LLVMFuzzer-OverwriteInputTest
1 RUN: not %t-LLVMFuzzer-OverwriteInputTest 2>&1 | FileCheck %s
12 CHECK: ERROR: libFuzzer: fuzz target overwrites it's const input
11
22 RUN: rm -rf %t/C
33 RUN: mkdir -p %t/C
4 RUN: LLVMFuzzer-ShrinkControlFlowSimpleTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 %t/C 2>&1 | FileCheck %s
4 RUN: %cpp_compiler %S/ShrinkControlFlowSimpleTest.cpp -o %t-LLVMFuzzer-ShrinkControlFlowSimpleTest
5 RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-LLVMFuzzer-ShrinkControlFlowTest
6 RUN: %t-LLVMFuzzer-ShrinkControlFlowSimpleTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 %t/C 2>&1 | FileCheck %s
57 CHECK: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60'
68
79 # Test that reduce_inputs deletes redundant files in the corpus.
8 RUN: LLVMFuzzer-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT
10 RUN: %t-LLVMFuzzer-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT
911 COUNT: READ units: 4
1012
1113 # a bit longer test
12 RUN: LLVMFuzzer-ShrinkControlFlowTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -seed=1 -runs=1000000 2>&1 | FileCheck %s
14 RUN: %t-LLVMFuzzer-ShrinkControlFlowTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -seed=1 -runs=1000000 2>&1 | FileCheck %s
1315
0 RUN: %cpp_compiler %S/RepeatedBytesTest.cpp -o %t-LLVMFuzzer-RepeatedBytesTest
1 CHECK: BINGO
1 RUN: not LLVMFuzzer-RepeatedBytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
2 RUN: not %t-LLVMFuzzer-RepeatedBytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
None RUN: LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=1 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK1
0 RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-LLVMFuzzer-ShrinkControlFlowTest
1 RUN: %cpp_compiler %S/ShrinkValueProfileTest.cpp -o %t-LLVMFuzzer-ShrinkValueProfileTest
2 RUN: %t-LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=1 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK1
13 # Limit max_len to run this negative test faster.
2 RUN: LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=0 -reduce_inputs=0 -max_len=64 2>&1 | FileCheck %s --check-prefix=SHRINK0
3 RUN: LLVMFuzzer-ShrinkValueProfileTest -seed=1 -exit_on_item=aea2e3923af219a8956f626558ef32f30a914ebc -runs=100000 -shrink=1 -reduce_inputs=0 -use_value_profile=1 2>&1 | FileCheck %s --check-prefix=SHRINK1_VP
4 RUN: %t-LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=0 -reduce_inputs=0 -max_len=64 2>&1 | FileCheck %s --check-prefix=SHRINK0
5 RUN: %t-LLVMFuzzer-ShrinkValueProfileTest -seed=1 -exit_on_item=aea2e3923af219a8956f626558ef32f30a914ebc -runs=100000 -shrink=1 -reduce_inputs=0 -use_value_profile=1 2>&1 | FileCheck %s --check-prefix=SHRINK1_VP
46
57 SHRINK0: Done 1000000 runs in
68 SHRINK1: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60', exiting.
0 RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-LLVMFuzzer-SimpleCmpTest
1 CHECK: BINGO
1 RUN: not LLVMFuzzer-SimpleCmpTest -seed=1 -runs=100000000 2>&1 | FileCheck %s
2 RUN: not %t-LLVMFuzzer-SimpleCmpTest -seed=1 -runs=100000000 2>&1 | FileCheck %s
None RUN: LLVMFuzzer-StandaloneInitializeTest %S/hi.txt %S/dict1.txt 2>&1 | FileCheck %s
0 RUN: %no_fuzzer_c_compiler %S/../standalone/StandaloneFuzzTargetMain.c -c -o %t_1.o
1 RUN: %no_fuzzer_cpp_compiler %S/InitializeTest.cpp -c -o %t_2.o
2
3 RUN: %no_fuzzer_cpp_compiler %t_1.o %t_2.o %build_dir/lib/libLLVMFuzzerNoMain.a -o %t-LLVMFuzzer-StandaloneInitializeTest
4 RUN: %t-LLVMFuzzer-StandaloneInitializeTest %S/hi.txt %S/dict1.txt 2>&1 | FileCheck %s
15 CHECK: StandaloneFuzzTargetMain: running 2 inputs
26 CHECK: Done: {{.*}}hi.txt: (3 bytes)
37 CHECK: Done: {{.*}}dict1.txt: (61 bytes)
0 RUN: %cpp_compiler %S/SwapCmpTest.cpp -o %t-LLVMFuzzer-SwapCmpTest
1 CHECK: BINGO
1 RUN: not LLVMFuzzer-SwapCmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
2 RUN: not %t-LLVMFuzzer-SwapCmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
11 // printing a stack trace repeatedly
22 UNSUPPORTED: darwin
33
4 RUN: LLVMFuzzer-TraceMallocTest -seed=1 -trace_malloc=2 -runs=1000 2>&1 | FileCheck %s --check-prefix=TRACE2
4 RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-LLVMFuzzer-TraceMallocTest
5
6 RUN: %t-LLVMFuzzer-TraceMallocTest -seed=1 -trace_malloc=2 -runs=1000 2>&1 | FileCheck %s --check-prefix=TRACE2
57 TRACE2-DAG: FREE[0]
68 TRACE2-DAG: MALLOC[0]
79 TRACE2-DAG: in LLVMFuzzerTestOneInput
None RUN: LLVMFuzzer-TraceMallocTest -seed=1 -trace_malloc=1 -runs=10000 2>&1 | FileCheck %s
0 RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-LLVMFuzzer-TraceMallocTest
1
2 RUN: %t-LLVMFuzzer-TraceMallocTest -seed=1 -trace_malloc=1 -runs=10000 2>&1 | FileCheck %s
13 CHECK-DAG: MallocFreeTracer: STOP 0 0 (same)
24 CHECK-DAG: MallocFreeTracer: STOP 0 1 (DIFFERENT)
35 CHECK-DAG: MallocFreeTracer: STOP 1 0 (DIFFERENT)
+0
-12
lib/Fuzzer/test/trace-pc/CMakeLists.txt less more
None # These tests are instrumented with -fsanitize-coverage=trace-pc
1
2 set(CMAKE_CXX_FLAGS
3 "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -fsanitize-coverage=trace-pc")
4
5 set(TracePCTests
6 SimpleTest
7 )
8
9 foreach(Test ${TracePCTests})
10 add_libfuzzer_test(${Test}-TracePC SOURCES ../${Test}.cpp)
11 endforeach()
0 RUN: %cpp_compiler %S/SimpleTest.cpp -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -fsanitize-coverage=trace-pc -o %t-LLVMFuzzer-SimpleTest-TracePC
1 CHECK: BINGO
1 RUN: not LLVMFuzzer-SimpleTest-TracePC -runs=100000 -seed=1 2>&1 | FileCheck %s
2 RUN: not %t-LLVMFuzzer-SimpleTest-TracePC -runs=100000 -seed=1 2>&1 | FileCheck %s
+0
-12
lib/Fuzzer/test/ubsan/CMakeLists.txt less more
None # These tests are instrumented with ubsan in non-recovery mode.
1
2 set(CMAKE_CXX_FLAGS
3 "${LIBFUZZER_FLAGS_BASE} -fsanitize=undefined -fno-sanitize-recover=all")
4
5 set(UbsanTests
6 SignedIntOverflowTest
7 )
8
9 foreach(Test ${UbsanTests})
10 add_libfuzzer_test(${Test}-Ubsan SOURCES ../${Test}.cpp)
11 endforeach()
0 REQUIRES: posix
11
2 RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-LLVMFuzzer-SimpleTest
23 RUN: ulimit -s 1000
3 RUN: not LLVMFuzzer-SimpleTest
4 RUN: not %t-LLVMFuzzer-SimpleTest
+0
-13
lib/Fuzzer/test/uninstrumented/CMakeLists.txt less more
None # These tests are not instrumented with coverage and don't
1 # have coverage rt in the binary.
2
3 set(CMAKE_CXX_FLAGS
4 "${LIBFUZZER_FLAGS_BASE} -fno-sanitize=all -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard")
5
6 set(UninstrumentedTests
7 UninstrumentedTest
8 )
9
10 foreach(Test ${UninstrumentedTests})
11 add_libfuzzer_test(${Test}-Uninstrumented SOURCES ../${Test}.cpp)
12 endforeach()
0 CHECK: BINGO
1 RUN: not LLVMFuzzer-SimpleCmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
1 RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-LLVMFuzzer-SimpleCmpTest
2 RUN: not %t-LLVMFuzzer-SimpleCmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
0 CHECK: BINGO
1 RUN: not LLVMFuzzer-SimpleHashTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 -max_len=64 2>&1 | FileCheck %s
1 RUN: %cpp_compiler %S/SimpleHashTest.cpp -o %t-LLVMFuzzer-SimpleHashTest
2 RUN: not %t-LLVMFuzzer-SimpleHashTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 -max_len=64 2>&1 | FileCheck %s
0 CHECK: BINGO
1 RUN: not LLVMFuzzer-AbsNegAndConstantTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
1 RUN: %cpp_compiler %S/AbsNegAndConstantTest.cpp -o %t-LLVMFuzzer-AbsNegAndConstantTest
2 RUN: not %t-LLVMFuzzer-AbsNegAndConstantTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
0 CHECK: BINGO
1 RUN: not LLVMFuzzer-AbsNegAndConstant64Test -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
1 RUN: %cpp_compiler %S/AbsNegAndConstant64Test.cpp -o %t-LLVMFuzzer-AbsNegAndConstant64Test
2 RUN: not %t-LLVMFuzzer-AbsNegAndConstant64Test -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
0 CHECK: AddressSanitizer: {{FPE|int-divide-by-zero}}
1 RUN: not LLVMFuzzer-DivTest -seed=1 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
1 RUN: %cpp_compiler %S/DivTest.cpp -fsanitize-coverage=trace-div -o %t-LLVMFuzzer-DivTest
2 RUN: not %t-LLVMFuzzer-DivTest -seed=1 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
23
0 CHECK: AddressSanitizer: global-buffer-overflow
1 RUN: not LLVMFuzzer-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s
2
1 RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-gep,trace-div,trace-cmp -o %t-LLVMFuzzer-LoadTest
2 RUN: not %t-LLVMFuzzer-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s
0 CHECK: BINGO
1 RUN: not LLVMFuzzer-SingleMemcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
1 RUN: %cpp_compiler %S/SingleMemcmpTest.cpp -o %t-LLVMFuzzer-SingleMemcmpTest
2 RUN: not %t-LLVMFuzzer-SingleMemcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
0 CHECK: BINGO
1 RUN: not LLVMFuzzer-FourIndependentBranchesTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
1 RUN: %cpp_compiler %S/FourIndependentBranchesTest.cpp -o %t-LLVMFuzzer-FourIndependentBranchesTest
2 RUN: not %t-LLVMFuzzer-FourIndependentBranchesTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
23
0 CHECK: BINGO
1 RUN: not LLVMFuzzer-SingleStrcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
1 RUN: %cpp_compiler %S/SingleStrcmpTest.cpp -o %t-LLVMFuzzer-SingleStrcmpTest
2 RUN: not %t-LLVMFuzzer-SingleStrcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
0 CHECK: BINGO
1 RUN: not LLVMFuzzer-SingleStrncmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
1 RUN: %cpp_compiler %S/SingleStrncmpTest.cpp -o %t-LLVMFuzzer-SingleStrncmpTest
2 RUN: not %t-LLVMFuzzer-SingleStrncmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
0 CHECK: BINGO
1 RUN: not LLVMFuzzer-SwitchTest -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s
2 RUN: not LLVMFuzzer-Switch2Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s
1 RUN: %cpp_compiler %S/SwitchTest.cpp -o %t-LLVMFuzzer-SwitchTest
2 RUN: %cpp_compiler %S/Switch2Test.cpp -o %t-LLVMFuzzer-Switch2Test
3 RUN: not %t-LLVMFuzzer-SwitchTest -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s
4 RUN: not %t-LLVMFuzzer-Switch2Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s