[llvm] r268968 - [libFuzzer] add a test for libFuzzer+ubsan, extend the docs on using libFuzzer+ubsan

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Mon May 9 14:02:36 PDT 2016 

Author: kcc
Date: Mon May  9 16:02:36 2016
New Revision: 268968

URL: http://llvm.org/viewvc/llvm-project?rev=268968&view=rev
Log:
[libFuzzer] add a test for libFuzzer+ubsan, extend the docs on using libFuzzer+ubsan

Added:
    llvm/trunk/lib/Fuzzer/test/SignedIntOverflowTest.cpp
    llvm/trunk/lib/Fuzzer/test/fuzzer-ubsan.test
    llvm/trunk/lib/Fuzzer/test/ubsan/
    llvm/trunk/lib/Fuzzer/test/ubsan/CMakeLists.txt
Modified:
    llvm/trunk/docs/LibFuzzer.rst
    llvm/trunk/lib/Fuzzer/test/CMakeLists.txt

Modified: llvm/trunk/docs/LibFuzzer.rst
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/docs/LibFuzzer.rst?rev=268968&r1=268967&r2=268968&view=diff
==============================================================================
--- llvm/trunk/docs/LibFuzzer.rst (original)
+++ llvm/trunk/docs/LibFuzzer.rst Mon May  9 16:02:36 2016
@@ -93,11 +93,14 @@ the libFuzzer code then gives an fuzzer
 You should also enable one or more of the *sanitizers*, which help to expose
 latent bugs by making incorrect behavior generate errors at runtime:
 
- - AddressSanitizer_ detects memory access errors.
- - MemorySanitizer_ detects uninitialized reads: code whose behavior relies on memory
-   contents that have not been initialized to a specific value.
- - UndefinedBehaviorSanitizer_ detects the use of various features of C/C++ that are explicitly
-   listed as resulting in undefined behavior.
+ - AddressSanitizer_ (ASAN) detects memory access errors. Use `-fsanitize=address`.
+ - UndefinedBehaviorSanitizer_ (UBSAN) detects the use of various features of C/C++ that are explicitly
+   listed as resulting in undefined behavior.  Use `-fsanitize=undefined -fno-sanitize-recover=undefined`
+   or any individual UBSAN check, e.g.  `-fsanitize=signed-integer-overflow -fno-sanitize-recover=undefined`.
+   You may combine ASAN and UBSAN in one build.
+ - MemorySanitizer_ (MSAN) detects uninitialized reads: code whose behavior relies on memory
+   contents that have not been initialized to a specific value. Use `-fsanitize=memory`.
+   MSAN can not be combined with other sanirizers and should be used as a seprate build.
 
 Finally, link with ``libFuzzer.a``::
 

Modified: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CMakeLists.txt?rev=268968&r1=268967&r2=268968&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt (original)
+++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt Mon May  9 16:02:36 2016
@@ -57,6 +57,10 @@ set(TracePCTests
   FullCoverageSetTest
   )
 
+set(UbsanTests
+  SignedIntOverflowTest
+  )
+
 set(TestBinaries)
 
 foreach(Test ${Tests})
@@ -118,6 +122,12 @@ foreach(Test ${UninstrumentedTests})
   set(TestBinaries ${TestBinaries} LLVMFuzzer-${Test}-Uninstrumented)
 endforeach()
 
+add_subdirectory(ubsan)
+
+foreach(Test ${UbsanTests})
+  set(TestBinaries ${TestBinaries} LLVMFuzzer-${Test}-Ubsan)
+endforeach()
+
 add_subdirectory(trace-bb)
 
 foreach(Test ${TraceBBTests})

Added: llvm/trunk/lib/Fuzzer/test/SignedIntOverflowTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/SignedIntOverflowTest.cpp?rev=268968&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/SignedIntOverflowTest.cpp (added)
+++ llvm/trunk/lib/Fuzzer/test/SignedIntOverflowTest.cpp Mon May  9 16:02:36 2016
@@ -0,0 +1,28 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Test for signed-integer-overflow.
+#include <assert.h>
+#include <cstdint>
+#include <cstdlib>
+#include <cstddef>
+#include <iostream>
+#include <climits>
+
+static volatile int Sink;
+static int Large = INT_MAX;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  assert(Data);
+  if (Size > 0 && Data[0] == 'H') {
+    Sink = 1;
+    if (Size > 1 && Data[1] == 'i') {
+      Sink = 2;
+      if (Size > 2 && Data[2] == '!') {
+        Large++;  // int overflow.
+      }
+    }
+  }
+  return 0;
+}
+

Added: llvm/trunk/lib/Fuzzer/test/fuzzer-ubsan.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer-ubsan.test?rev=268968&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer-ubsan.test (added)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer-ubsan.test Mon May  9 16:02:36 2016
@@ -0,0 +1,4 @@
+RUN: not LLVMFuzzer-SignedIntOverflowTest-Ubsan 2>&1 | FileCheck %s
+CHECK: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
+CHECK: Test unit written to ./crash-
+

Added: llvm/trunk/lib/Fuzzer/test/ubsan/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/ubsan/CMakeLists.txt?rev=268968&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/ubsan/CMakeLists.txt (added)
+++ llvm/trunk/lib/Fuzzer/test/ubsan/CMakeLists.txt Mon May  9 16:02:36 2016
@@ -0,0 +1,14 @@
+# These tests are instrumented with ubsan in non-recovery mode.
+
+set(CMAKE_CXX_FLAGS_RELEASE
+  "${LIBFUZZER_FLAGS_BASE} -O0 -fsanitize=undefined -fno-sanitize-recover=all")
+
+foreach(Test ${UbsanTests})
+  add_executable(LLVMFuzzer-${Test}-Ubsan
+    ../${Test}.cpp
+    )
+  target_link_libraries(LLVMFuzzer-${Test}-Ubsan
+    LLVMFuzzer
+    )
+endforeach()
+

More information about the llvm-commits mailing list