[libc-commits] [libc] [libc] fuzz test for heap_sort (PR #100826)
via libc-commits
libc-commits at lists.llvm.org
Tue Jul 30 10:56:42 PDT 2024
https://github.com/RoseZhang03 updated https://github.com/llvm/llvm-project/pull/100826
>From 5dbd17fe11774aa706a59ee345d2576540e4538f Mon Sep 17 00:00:00 2001
From: Rose Zhang <rosezhang at google.com>
Date: Fri, 26 Jul 2024 22:45:50 +0000
Subject: [PATCH 1/5] [libc] fuzz test for heap_sort
Made a fuzz test for heap_sort based off of qsort_fuzz implementation
---
libc/fuzzing/stdlib/CMakeLists.txt | 8 ++++
libc/fuzzing/stdlib/heap_sort_fuzz.cpp | 53 ++++++++++++++++++++++++++
2 files changed, 61 insertions(+)
create mode 100644 libc/fuzzing/stdlib/heap_sort_fuzz.cpp
diff --git a/libc/fuzzing/stdlib/CMakeLists.txt b/libc/fuzzing/stdlib/CMakeLists.txt
index 204bc619318da..3f954a6fe2a79 100644
--- a/libc/fuzzing/stdlib/CMakeLists.txt
+++ b/libc/fuzzing/stdlib/CMakeLists.txt
@@ -6,6 +6,14 @@ add_libc_fuzzer(
libc.src.stdlib.qsort
)
+add_libc_fuzzer(
+ heap_sort_fuzz
+ SRCS
+ heap_sort_fuzz.cpp
+ DEPENDS
+ libc.src.stlib.heap_sort
+)
+
add_libc_fuzzer(
atof_differential_fuzz
SRCS
diff --git a/libc/fuzzing/stdlib/heap_sort_fuzz.cpp b/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
new file mode 100644
index 0000000000000..70daa7e623e1c
--- /dev/null
+++ b/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
@@ -0,0 +1,53 @@
+//===-- heap_sort_fuzz.cpp ----------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+///
+/// Fuzzing test for llvm-libc heap_sort implementation.
+///
+//===----------------------------------------------------------------------===//
+
+#include "src/stdlib/heap_sort.h"
+#include <stdint.h>
+
+static int int_compare(const void *l, const void *r) {
+ int li = *reinterpret_cast<const int *>(l);
+ int ri = *reinterpret_cast<const int *>(r);
+ if (li == ri)
+ return 0;
+ else if (li > ri)
+ return 1;
+ else
+ return -1;
+}
+
+namespace LIBC_NAMESPACE_DECL {
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+
+ const size_t array_size = size / sizeof(int);
+ if (array_size == 0)
+ return 0;
+
+ int *array = new int[array_size];
+ const int *data_as_int = reinterpret_cast<const int *>(data);
+ for (size_t i = 0; i < array_size; ++i)
+ array[i] = data_as_int[i];
+
+ auto arr = internal::Array(reinterpret_cast<uint8_t *>(array), array_size, sizeof(int), int_compare);
+
+ internal::heap_sort(arr);
+
+ for (size_t i = 0; i < array_size - 1; ++i) {
+ if (arr.get(i) > arr.get(i + 1))
+ __builtin_trap();
+ }
+
+ delete[] array;
+ return 0;
+}
+
+} // namespace LIBC_NAMESPACE_DECL
\ No newline at end of file
>From 2c39053430e84559886f56993f765e1ee1d5426c Mon Sep 17 00:00:00 2001
From: Rose Zhang <rosezhang at google.com>
Date: Sat, 27 Jul 2024 00:05:52 +0000
Subject: [PATCH 2/5] added line at end
---
libc/fuzzing/stdlib/heap_sort_fuzz.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libc/fuzzing/stdlib/heap_sort_fuzz.cpp b/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
index 70daa7e623e1c..28950f7a6171f 100644
--- a/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
+++ b/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
@@ -50,4 +50,4 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
return 0;
}
-} // namespace LIBC_NAMESPACE_DECL
\ No newline at end of file
+} // namespace LIBC_NAMESPACE_DECL
>From 9b9257f111aa426e5d8b1f7fe4fc3181d7be84aa Mon Sep 17 00:00:00 2001
From: Rose Zhang <rosezhang at google.com>
Date: Mon, 29 Jul 2024 22:03:19 +0000
Subject: [PATCH 3/5] added correct dependency and fixed nits
---
libc/fuzzing/stdlib/CMakeLists.txt | 2 +-
libc/fuzzing/stdlib/heap_sort_fuzz.cpp | 14 +++++++-------
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/libc/fuzzing/stdlib/CMakeLists.txt b/libc/fuzzing/stdlib/CMakeLists.txt
index 3f954a6fe2a79..9b3298cfc55a7 100644
--- a/libc/fuzzing/stdlib/CMakeLists.txt
+++ b/libc/fuzzing/stdlib/CMakeLists.txt
@@ -11,7 +11,7 @@ add_libc_fuzzer(
SRCS
heap_sort_fuzz.cpp
DEPENDS
- libc.src.stlib.heap_sort
+ libc.src.stdlib.qsort_util
)
add_libc_fuzzer(
diff --git a/libc/fuzzing/stdlib/heap_sort_fuzz.cpp b/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
index 28950f7a6171f..9b4600062e925 100644
--- a/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
+++ b/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
@@ -1,4 +1,4 @@
-//===-- heap_sort_fuzz.cpp ----------------------------------------------------===//
+//===-- heap_sort_fuzz.cpp ------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
@@ -10,6 +10,7 @@
///
//===----------------------------------------------------------------------===//
+#include "src/__support/macros/config.h"
#include "src/stdlib/heap_sort.h"
#include <stdint.h>
@@ -18,10 +19,9 @@ static int int_compare(const void *l, const void *r) {
int ri = *reinterpret_cast<const int *>(r);
if (li == ri)
return 0;
- else if (li > ri)
+ if (li > ri)
return 1;
- else
- return -1;
+ return -1;
}
namespace LIBC_NAMESPACE_DECL {
@@ -37,14 +37,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
for (size_t i = 0; i < array_size; ++i)
array[i] = data_as_int[i];
- auto arr = internal::Array(reinterpret_cast<uint8_t *>(array), array_size, sizeof(int), int_compare);
+ auto arr = internal::Array(reinterpret_cast<uint8_t *>(array), array_size,
+ sizeof(int), int_compare);
internal::heap_sort(arr);
- for (size_t i = 0; i < array_size - 1; ++i) {
+ for (size_t i = 0; i < array_size - 1; ++i)
if (arr.get(i) > arr.get(i + 1))
__builtin_trap();
- }
delete[] array;
return 0;
>From c51d32d72c649d4f1b95fc67124a02b0c9e6ea99 Mon Sep 17 00:00:00 2001
From: Rose Zhang <rosezhang at google.com>
Date: Mon, 29 Jul 2024 23:29:11 +0000
Subject: [PATCH 4/5] removed namespace, fixed formatting
---
libc/fuzzing/stdlib/heap_sort_fuzz.cpp | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/libc/fuzzing/stdlib/heap_sort_fuzz.cpp b/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
index 9b4600062e925..2473a1f838613 100644
--- a/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
+++ b/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
@@ -24,8 +24,6 @@ static int int_compare(const void *l, const void *r) {
return -1;
}
-namespace LIBC_NAMESPACE_DECL {
-
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
const size_t array_size = size / sizeof(int);
@@ -37,10 +35,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
for (size_t i = 0; i < array_size; ++i)
array[i] = data_as_int[i];
- auto arr = internal::Array(reinterpret_cast<uint8_t *>(array), array_size,
- sizeof(int), int_compare);
+ auto arr = LIBC_NAMESPACE::internal::Array(
+ reinterpret_cast<uint8_t *>(array), array_size, sizeof(int), int_compare);
- internal::heap_sort(arr);
+ LIBC_NAMESPACE::internal::heap_sort(arr);
for (size_t i = 0; i < array_size - 1; ++i)
if (arr.get(i) > arr.get(i + 1))
@@ -49,5 +47,3 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
delete[] array;
return 0;
}
-
-} // namespace LIBC_NAMESPACE_DECL
>From 453d3b21443f73b9e4135cec2c0953b9a2bbed50 Mon Sep 17 00:00:00 2001
From: Rose Zhang <rosezhang at google.com>
Date: Tue, 30 Jul 2024 17:56:23 +0000
Subject: [PATCH 5/5] fixed compare statement
---
libc/fuzzing/stdlib/heap_sort_fuzz.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libc/fuzzing/stdlib/heap_sort_fuzz.cpp b/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
index 2473a1f838613..dc21d15a0f83c 100644
--- a/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
+++ b/libc/fuzzing/stdlib/heap_sort_fuzz.cpp
@@ -41,7 +41,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
LIBC_NAMESPACE::internal::heap_sort(arr);
for (size_t i = 0; i < array_size - 1; ++i)
- if (arr.get(i) > arr.get(i + 1))
+ if (*arr.get(i) < *arr.get(i+1))
__builtin_trap();
delete[] array;
More information about the libc-commits
mailing list