You should also enable one or more of the *sanitizers*, which help to expose
latent bugs by making incorrect behavior generate errors at runtime:
- - AddressSanitizer_ detects memory access errors.
- - MemorySanitizer_ detects uninitialized reads: code whose behavior relies on memory
- contents that have not been initialized to a specific value.
- - UndefinedBehaviorSanitizer_ detects the use of various features of C/C++ that are explicitly
- listed as resulting in undefined behavior.
+ - AddressSanitizer_ (ASAN) detects memory access errors. Use `-fsanitize=address`.
+ - UndefinedBehaviorSanitizer_ (UBSAN) detects the use of various features of C/C++ that are explicitly
+ listed as resulting in undefined behavior. Use `-fsanitize=undefined -fno-sanitize-recover=undefined`
+ or any individual UBSAN check, e.g. `-fsanitize=signed-integer-overflow -fno-sanitize-recover=undefined`.
+ You may combine ASAN and UBSAN in one build.
+ - MemorySanitizer_ (MSAN) detects uninitialized reads: code whose behavior relies on memory
+ contents that have not been initialized to a specific value. Use `-fsanitize=memory`.
+ MSAN can not be combined with other sanirizers and should be used as a seprate build.
Finally, link with ``libFuzzer.a``::
FullCoverageSetTest
)
+set(UbsanTests
+ SignedIntOverflowTest
+ )
+
set(TestBinaries)
foreach(Test ${Tests})
set(TestBinaries ${TestBinaries} LLVMFuzzer-${Test}-Uninstrumented)
endforeach()
+add_subdirectory(ubsan)
+
+foreach(Test ${UbsanTests})
+ set(TestBinaries ${TestBinaries} LLVMFuzzer-${Test}-Ubsan)
+endforeach()
+
add_subdirectory(trace-bb)
foreach(Test ${TraceBBTests})
--- /dev/null
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Test for signed-integer-overflow.
+#include <assert.h>
+#include <cstdint>
+#include <cstdlib>
+#include <cstddef>
+#include <iostream>
+#include <climits>
+
+static volatile int Sink;
+static int Large = INT_MAX;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ assert(Data);
+ if (Size > 0 && Data[0] == 'H') {
+ Sink = 1;
+ if (Size > 1 && Data[1] == 'i') {
+ Sink = 2;
+ if (Size > 2 && Data[2] == '!') {
+ Large++; // int overflow.
+ }
+ }
+ }
+ return 0;
+}
+
--- /dev/null
+RUN: not LLVMFuzzer-SignedIntOverflowTest-Ubsan 2>&1 | FileCheck %s
+CHECK: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
+CHECK: Test unit written to ./crash-
+
--- /dev/null
+# These tests are instrumented with ubsan in non-recovery mode.
+
+set(CMAKE_CXX_FLAGS_RELEASE
+ "${LIBFUZZER_FLAGS_BASE} -O0 -fsanitize=undefined -fno-sanitize-recover=all")
+
+foreach(Test ${UbsanTests})
+ add_executable(LLVMFuzzer-${Test}-Ubsan
+ ../${Test}.cpp
+ )
+ target_link_libraries(LLVMFuzzer-${Test}-Ubsan
+ LLVMFuzzer
+ )
+endforeach()
+
projects / llvm / commitdiff