[libFuzzer] add two tests for experimenting with equivalence fuzzing

author Kostya Serebryany <kcc@google.com>

Thu, 19 Jan 2017 19:07:26 +0000 (19:07 +0000)

committer Kostya Serebryany <kcc@google.com>

Thu, 19 Jan 2017 19:07:26 +0000 (19:07 +0000)
author Kostya Serebryany <kcc@google.com>
Thu, 19 Jan 2017 19:07:26 +0000 (19:07 +0000)
committer Kostya Serebryany <kcc@google.com>
Thu, 19 Jan 2017 19:07:26 +0000 (19:07 +0000)
diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp

index 9f49d1557990476188ea89ef641328066820d358..02cbcc76e1355fc421ca8b5f4eef6dc6f8d0b6bf 100644 (file)
--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@@ -814,4 +814,7 @@ size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) {
    assert(fuzzer::F);
    return fuzzer::F->GetMD().DefaultMutate(Data, Size, MaxSize);
  }
+
+// Experimental
+void LLVMFuzzerAnnounceOutput(const uint8_t *Data, size_t Size) {}
  }  // extern "C"
diff --git a/lib/Fuzzer/test/CMakeLists.txt b/lib/Fuzzer/test/CMakeLists.txt

index a95b5e7fc55f82828c6de59679c72ab5e1c50d98..2359c208ab09795c29ead5e2c5a681e3ca8a9f4a 100644 (file)
--- a/lib/Fuzzer/test/CMakeLists.txt
+++ b/lib/Fuzzer/test/CMakeLists.txt
@@ -72,6 +72,8 @@ set(Tests
    CustomMutatorTest
    DivTest
    EmptyTest
+  EquivalenceATest
+  EquivalenceBTest
    FourIndependentBranchesTest
    FullCoverageSetTest
    InitializeTest
diff --git a/lib/Fuzzer/test/EquivalenceATest.cpp b/lib/Fuzzer/test/EquivalenceATest.cpp

new file mode 100644 (file)

index 0000000..101fe12
--- /dev/null
+++ b/lib/Fuzzer/test/EquivalenceATest.cpp
@@ -0,0 +1,15 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+#include <stddef.h>
+#include <stdint.h>
+
+// Test for libFuzzer's "equivalence" fuzzing, part A.
+extern "C" void LLVMFuzzerAnnounceOutput(const uint8_t *Data, size_t Size);
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size > 100) return 0;
+  uint8_t Result[100];
+  for (size_t i = 0; i < Size; i++)
+    Result[Size - i - 1] = Data[i];
+  LLVMFuzzerAnnounceOutput(Result, Size);
+  return 0;
+}
diff --git a/lib/Fuzzer/test/EquivalenceBTest.cpp b/lib/Fuzzer/test/EquivalenceBTest.cpp

new file mode 100644 (file)

index 0000000..175eed1
--- /dev/null
+++ b/lib/Fuzzer/test/EquivalenceBTest.cpp
@@ -0,0 +1,26 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+#include <stddef.h>
+#include <stdint.h>
+#include <stdio.h>
+
+// Test for libFuzzer's "equivalence" fuzzing, part B.
+extern "C" void LLVMFuzzerAnnounceOutput(const uint8_t *Data, size_t Size);
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size > 100) return 0;
+  uint8_t Result[100];
+  for (size_t i = 0; i < Size; i++)
+    Result[Size - i - 1] = Data[i];
+
+  // Be a bit different from EquivalenceATest
+  if (Size > 42 && Data[10] == 'B') {
+    static int c;
+    if (!c)
+      fprintf(stderr, "ZZZZZZZ\n");
+    c = 1;
+    Result[42]++;
+  }
+
+  LLVMFuzzerAnnounceOutput(Result, Size);
+  return 0;
+}
author	Kostya Serebryany <kcc@google.com>
	Thu, 19 Jan 2017 19:07:26 +0000 (19:07 +0000)
committer	Kostya Serebryany <kcc@google.com>
	Thu, 19 Jan 2017 19:07:26 +0000 (19:07 +0000)
lib/Fuzzer/FuzzerLoop.cpp		patch \| blob \| history
lib/Fuzzer/test/CMakeLists.txt		patch \| blob \| history
lib/Fuzzer/test/EquivalenceATest.cpp	[new file with mode: 0644]	patch \| blob
lib/Fuzzer/test/EquivalenceBTest.cpp	[new file with mode: 0644]	patch \| blob