[llvm] r272072 - [LibFuzzer] Declare and use sanitizer functions in ``fuzzer::ExternalFunctions``
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Tue Jun 7 21:59:39 PDT 2016
We still need attribute weak for malloc/free hooks.
This change broke one of our use cases apparently not covered by any test.
:(
I've added weak attributes for these two functions back in r272116,
hopefully it does not break Mac.
Please check.
The current solution with lsan is bad in many ways but we'll have
to live with it for some time until we figure out a better way.
--kcc
On Tue, Jun 7, 2016 at 4:32 PM, Dan Liew via llvm-commits <
llvm-commits at lists.llvm.org> wrote:
> Author: delcypher
> Date: Tue Jun 7 18:32:50 2016
> New Revision: 272072
>
> URL: http://llvm.org/viewvc/llvm-project?rev=272072&view=rev
> Log:
> [LibFuzzer] Declare and use sanitizer functions in
> ``fuzzer::ExternalFunctions``
>
> This fixes linking problems on OSX.
>
> Unfortunately it turns out we need to use an instance of the
> ``fuzzer::ExternalFunctions`` object in several places so this
> commit also replaces all instances with a single global instance.
>
> It also turns out initializing a global ``fuzzer::ExternalFunctions``
> before main is entered (i.e. letting the object be initialised by the
> global initializers) is not safe (on OSX the call to ``Printf()`` in the
> CTOR crashes if it is called from a global initializer) so we instead
> have a global ``fuzzer::ExternalFunctions*`` and initialize it inside
> ``FuzzerDriver()``.
>
> Multiple unit tests depend also depend on the
> ``fuzzer::ExternalFunctions*`` global so a ``main()`` function has been
> added that initializes it before running any tests.
>
> Differential Revision: http://reviews.llvm.org/D20943
>
> Modified:
> llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
> llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.def
> llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.h
> llvm/trunk/lib/Fuzzer/FuzzerIO.cpp
> llvm/trunk/lib/Fuzzer/FuzzerInternal.h
> llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
> llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp
> llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp
>
> Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=272072&r1=272071&r2=272072&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
> +++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Tue Jun 7 18:32:50 2016
> @@ -269,9 +269,9 @@ static bool AllInputsAreFiles() {
> int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
> using namespace fuzzer;
> assert(argc && argv && "Argument pointers cannot be nullptr");
> - fuzzer::ExternalFunctions EF;
> - if (EF.LLVMFuzzerInitialize)
> - EF.LLVMFuzzerInitialize(argc, argv);
> + EF = new ExternalFunctions();
> + if (EF->LLVMFuzzerInitialize)
> + EF->LLVMFuzzerInitialize(argc, argv);
> const std::vector<std::string> Args(*argv, *argv + *argc);
> assert(!Args.empty());
> ProgName = new std::string(Args[0]);
> @@ -422,4 +422,8 @@ int FuzzerDriver(int *argc, char ***argv
>
> exit(0); // Don't let F destroy itself.
> }
> +
> +// Storage for global ExternalFunctions object.
> +ExternalFunctions *EF = nullptr;
> +
> } // namespace fuzzer
>
> Modified: llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.def
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.def?rev=272072&r1=272071&r2=272072&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.def (original)
> +++ llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.def Tue Jun 7 18:32:50 2016
> @@ -25,4 +25,18 @@ EXT_FUNC(LLVMFuzzerCustomCrossOver, size
> uint8_t * Out, size_t MaxOutSize, unsigned int Seed),
> false);
>
> -// TODO: Sanitizer functions
> +// Sanitizer functions
> +EXT_FUNC(__lsan_enable, void, (), false);
> +EXT_FUNC(__lsan_disable, void, (), false);
> +EXT_FUNC(__lsan_do_recoverable_leak_check, int, (), false);
> +EXT_FUNC(__sanitizer_get_coverage_pc_buffer, uintptr_t, (uintptr_t**),
> true);
> +EXT_FUNC(__sanitizer_get_number_of_counters, size_t, (), false);
> +EXT_FUNC(__sanitizer_get_total_unique_caller_callee_pairs, size_t, (),
> false);
> +EXT_FUNC(__sanitizer_get_total_unique_coverage, size_t, (), true);
> +EXT_FUNC(__sanitizer_print_memory_profile, int, (size_t), false);
> +EXT_FUNC(__sanitizer_print_stack_trace, void, (), true);
> +EXT_FUNC(__sanitizer_reset_coverage, void, (), true);
> +EXT_FUNC(__sanitizer_set_death_callback, void, (void (*)(void)), true);
> +EXT_FUNC(__sanitizer_set_report_fd, void, (void*), false);
> +EXT_FUNC(__sanitizer_update_counter_bitset_and_clear_counters, uintptr_t,
> + (uint8_t*), false);
>
> Modified: llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.h
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.h?rev=272072&r1=272071&r2=272072&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.h (original)
> +++ llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.h Tue Jun 7 18:32:50 2016
> @@ -17,8 +17,9 @@
> namespace fuzzer {
>
> struct ExternalFunctions {
> - // Initialize function pointers. Functions that are not available
> - // will be set to nullptr.
> + // Initialize function pointers. Functions that are not available will
> be set
> + // to nullptr. Do not call this constructor before ``main()`` has been
> + // entered.
> ExternalFunctions();
>
> #define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN)
> \
>
> Modified: llvm/trunk/lib/Fuzzer/FuzzerIO.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerIO.cpp?rev=272072&r1=272071&r2=272072&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Fuzzer/FuzzerIO.cpp (original)
> +++ llvm/trunk/lib/Fuzzer/FuzzerIO.cpp Tue Jun 7 18:32:50 2016
> @@ -8,6 +8,7 @@
>
> //===----------------------------------------------------------------------===//
> // IO functions.
>
> //===----------------------------------------------------------------------===//
> +#include "FuzzerExtFunctions.h"
> #include "FuzzerInternal.h"
> #include <iterator>
> #include <fstream>
> @@ -18,10 +19,6 @@
> #include <cstdarg>
> #include <cstdio>
>
> -extern "C" {
> -__attribute__((weak)) void __sanitizer_set_report_fd(void *);
> -}
> -
> namespace fuzzer {
>
> static FILE *OutputFile = stderr;
> @@ -126,8 +123,8 @@ void DupAndCloseStderr() {
> FILE *NewOutputFile = fdopen(OutputFd, "w");
> if (NewOutputFile) {
> OutputFile = NewOutputFile;
> - if (__sanitizer_set_report_fd)
> - __sanitizer_set_report_fd(reinterpret_cast<void*>(OutputFd));
> + if (EF->__sanitizer_set_report_fd)
> + EF->__sanitizer_set_report_fd(reinterpret_cast<void *>(OutputFd));
> close(2);
> }
> }
>
> Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=272072&r1=272071&r2=272072&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
> +++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Tue Jun 7 18:32:50 2016
> @@ -279,9 +279,6 @@ private:
> size_t MutateImpl(uint8_t *Data, size_t Size, size_t MaxSize,
> const std::vector<Mutator> &Mutators);
>
> - // Interface to functions that may or may not be available.
> - const ExternalFunctions EF;
> -
> Random &Rand;
> // Dictionary provided by the user via -dict=DICT_FILE.
> Dictionary ManualDictionary;
> @@ -483,12 +480,11 @@ private:
>
> // Need to know our own thread.
> static thread_local bool IsMyThread;
> -
> - // Interface to functions that may or may not be available.
> - // For future use, currently not used.
> - const ExternalFunctions EF;
> };
>
> +// Global interface to functions that may or may not be available.
> +extern ExternalFunctions *EF;
> +
> }; // namespace fuzzer
>
> #endif // LLVM_FUZZER_INTERNAL_H
>
> Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=272072&r1=272071&r2=272072&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
> +++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Tue Jun 7 18:32:50 2016
> @@ -31,47 +31,23 @@
> #endif
> #endif
>
> -extern "C" {
> -// Re-declare some of the sanitizer functions as "weak" so that
> -// libFuzzer can be linked w/o the sanitizers and sanitizer-coverage
> -// (in which case it will complain at start-up time).
> -__attribute__((weak)) void __sanitizer_print_stack_trace();
> -__attribute__((weak)) void __sanitizer_reset_coverage();
> -__attribute__((weak)) size_t
> __sanitizer_get_total_unique_caller_callee_pairs();
> -__attribute__((weak)) size_t __sanitizer_get_total_unique_coverage();
> -__attribute__((weak)) void
> -__sanitizer_set_death_callback(void (*callback)(void));
> -__attribute__((weak)) size_t __sanitizer_get_number_of_counters();
> -__attribute__((weak)) uintptr_t
> -__sanitizer_update_counter_bitset_and_clear_counters(uint8_t *bitset);
> -__attribute__((weak)) uintptr_t
> -__sanitizer_get_coverage_pc_buffer(uintptr_t **data);
> -
> -__attribute__((weak)) void __sanitizer_malloc_hook(void *ptr, size_t
> size);
> -__attribute__((weak)) void __sanitizer_free_hook(void *ptr);
> -__attribute__((weak)) void __lsan_enable();
> -__attribute__((weak)) void __lsan_disable();
> -__attribute__((weak)) int __lsan_do_recoverable_leak_check();
> -__attribute__((weak)) int __sanitizer_print_memory_profile(size_t);
> -}
> -
> namespace fuzzer {
> static const size_t kMaxUnitSizeToPrint = 256;
> static const size_t TruncateMaxRuns = 1000;
>
> thread_local bool Fuzzer::IsMyThread;
>
> -static void MissingWeakApiFunction(const char *FnName) {
> +static void MissingExternalApiFunction(const char *FnName) {
> Printf("ERROR: %s is not defined. Exiting.\n"
> "Did you use -fsanitize-coverage=... to build your code?\n",
> FnName);
> exit(1);
> }
>
> -#define CHECK_WEAK_API_FUNCTION(fn)
> \
> +#define CHECK_EXTERNAL_FUNCTION(fn)
> \
> do {
> \
> - if (!fn)
> \
> - MissingWeakApiFunction(#fn);
> \
> + if (!(EF->fn))
> \
> + MissingExternalApiFunction(#fn);
> \
> } while (false)
>
> // Only one Fuzzer per process.
> @@ -79,21 +55,21 @@ static Fuzzer *F;
>
> struct CoverageController {
> static void Reset() {
> - CHECK_WEAK_API_FUNCTION(__sanitizer_reset_coverage);
> - __sanitizer_reset_coverage();
> + CHECK_EXTERNAL_FUNCTION(__sanitizer_reset_coverage);
> + EF->__sanitizer_reset_coverage();
> PcMapResetCurrent();
> }
>
> static void ResetCounters(const Fuzzer::FuzzingOptions &Options) {
> if (Options.UseCounters) {
> - __sanitizer_update_counter_bitset_and_clear_counters(0);
> + EF->__sanitizer_update_counter_bitset_and_clear_counters(0);
> }
> }
>
> static void Prepare(const Fuzzer::FuzzingOptions &Options,
> Fuzzer::Coverage *C) {
> if (Options.UseCounters) {
> - size_t NumCounters = __sanitizer_get_number_of_counters();
> + size_t NumCounters = EF->__sanitizer_get_number_of_counters();
> C->CounterBitmap.resize(NumCounters);
> }
> }
> @@ -104,16 +80,16 @@ struct CoverageController {
> Fuzzer::Coverage *C) {
> bool Res = false;
>
> - uint64_t NewBlockCoverage = __sanitizer_get_total_unique_coverage();
> + uint64_t NewBlockCoverage =
> EF->__sanitizer_get_total_unique_coverage();
> if (NewBlockCoverage > C->BlockCoverage) {
> Res = true;
> C->BlockCoverage = NewBlockCoverage;
> }
>
> if (Options.UseIndirCalls &&
> - __sanitizer_get_total_unique_caller_callee_pairs) {
> + EF->__sanitizer_get_total_unique_caller_callee_pairs) {
> uint64_t NewCallerCalleeCoverage =
> - __sanitizer_get_total_unique_caller_callee_pairs();
> + EF->__sanitizer_get_total_unique_caller_callee_pairs();
> if (NewCallerCalleeCoverage > C->CallerCalleeCoverage) {
> Res = true;
> C->CallerCalleeCoverage = NewCallerCalleeCoverage;
> @@ -122,7 +98,7 @@ struct CoverageController {
>
> if (Options.UseCounters) {
> uint64_t CounterDelta =
> - __sanitizer_update_counter_bitset_and_clear_counters(
> + EF->__sanitizer_update_counter_bitset_and_clear_counters(
> C->CounterBitmap.data());
> if (CounterDelta > 0) {
> Res = true;
> @@ -137,7 +113,8 @@ struct CoverageController {
> }
>
> uintptr_t *CoverageBuf;
> - uint64_t NewPcBufferLen =
> __sanitizer_get_coverage_pc_buffer(&CoverageBuf);
> + uint64_t NewPcBufferLen =
> + EF->__sanitizer_get_coverage_pc_buffer(&CoverageBuf);
> if (NewPcBufferLen > C->PcBufferLen) {
> Res = true;
> C->PcBufferLen = NewPcBufferLen;
> @@ -163,8 +140,8 @@ void Fuzzer::LazyAllocateCurrentUnitData
> }
>
> void Fuzzer::SetDeathCallback() {
> - CHECK_WEAK_API_FUNCTION(__sanitizer_set_death_callback);
> - __sanitizer_set_death_callback(StaticDeathCallback);
> + CHECK_EXTERNAL_FUNCTION(__sanitizer_set_death_callback);
> + EF->__sanitizer_set_death_callback(StaticDeathCallback);
> }
>
> void Fuzzer::StaticDeathCallback() {
> @@ -206,8 +183,8 @@ void Fuzzer::StaticInterruptCallback() {
>
> void Fuzzer::CrashCallback() {
> Printf("==%d== ERROR: libFuzzer: deadly signal\n", GetPid());
> - if (__sanitizer_print_stack_trace)
> - __sanitizer_print_stack_trace();
> + if (EF->__sanitizer_print_stack_trace)
> + EF->__sanitizer_print_stack_trace();
> Printf("NOTE: libFuzzer has rudimentary signal handlers.\n"
> " Combine libFuzzer with AddressSanitizer or similar for
> better "
> "crash reports.\n");
> @@ -242,8 +219,8 @@ void Fuzzer::AlarmCallback() {
> DumpCurrentUnit("timeout-");
> Printf("==%d== ERROR: libFuzzer: timeout after %d seconds\n",
> GetPid(),
> Seconds);
> - if (__sanitizer_print_stack_trace)
> - __sanitizer_print_stack_trace();
> + if (EF->__sanitizer_print_stack_trace)
> + EF->__sanitizer_print_stack_trace();
> Printf("SUMMARY: libFuzzer: timeout\n");
> PrintFinalStats();
> _Exit(Options.TimeoutExitCode); // Stop right now.
> @@ -255,8 +232,8 @@ void Fuzzer::RssLimitCallback() {
> "==%d== ERROR: libFuzzer: out-of-memory (used: %zdMb; limit:
> %zdMb)\n",
> GetPid(), GetPeakRSSMb(), Options.RssLimitMb);
> Printf(" To change the out-of-memory limit use
> -rss_limit_mb=<N>\n\n");
> - if (__sanitizer_print_memory_profile)
> - __sanitizer_print_memory_profile(50);
> + if (EF->__sanitizer_print_memory_profile)
> + EF->__sanitizer_print_memory_profile(50);
> DumpCurrentUnit("oom-");
> Printf("SUMMARY: libFuzzer: out-of-memory\n");
> PrintFinalStats();
> @@ -422,7 +399,7 @@ bool Fuzzer::UpdateMaxCoverage() {
>
> if (Options.PrintNewCovPcs && PrevBufferLen != MaxCoverage.PcBufferLen)
> {
> uintptr_t *CoverageBuf;
> - __sanitizer_get_coverage_pc_buffer(&CoverageBuf);
> + EF->__sanitizer_get_coverage_pc_buffer(&CoverageBuf);
> assert(CoverageBuf);
> for (size_t I = PrevBufferLen; I < MaxCoverage.PcBufferLen; ++I) {
> Printf("%p\n", CoverageBuf[I]);
> @@ -651,13 +628,14 @@ void Fuzzer::TryDetectingAMemoryLeak(con
> bool DuringInitialCorpusExecution) {
> if (!HasMoreMallocsThanFrees) return; // mallocs==frees, a leak is
> unlikely.
> if (!Options.DetectLeaks) return;
> - if (!&__lsan_enable || !&__lsan_disable ||
> !__lsan_do_recoverable_leak_check)
> + if (!&(EF->__lsan_enable) || !&(EF->__lsan_disable) ||
> + !(EF->__lsan_do_recoverable_leak_check))
> return; // No lsan.
> // Run the target once again, but with lsan disabled so that if there is
> // a real leak we do not report it twice.
> - __lsan_disable();
> + EF->__lsan_disable();
> RunOne(Data, Size);
> - __lsan_enable();
> + EF->__lsan_enable();
> if (!HasMoreMallocsThanFrees) return; // a leak is unlikely.
> if (NumberOfLeakDetectionAttempts++ > 1000) {
> Options.DetectLeaks = false;
> @@ -670,7 +648,7 @@ void Fuzzer::TryDetectingAMemoryLeak(con
> }
> // Now perform the actual lsan pass. This is expensive and we must
> ensure
> // we don't call it too often.
> - if (__lsan_do_recoverable_leak_check()) { // Leak is found, report it.
> + if (EF->__lsan_do_recoverable_leak_check()) { // Leak is found, report
> it.
> if (DuringInitialCorpusExecution)
> Printf("\nINFO: a leak has been found in the initial corpus.\n\n");
> Printf("INFO: to ignore leaks on libFuzzer side use
> -detect_leaks=0.\n\n");
>
> Modified: llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp?rev=272072&r1=272071&r2=272072&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp (original)
> +++ llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp Tue Jun 7 18:32:50 2016
> @@ -37,12 +37,12 @@ MutationDispatcher::MutationDispatcher(R
> "AddFromPersAutoDict"},
> });
>
> - if (EF.LLVMFuzzerCustomMutator)
> + if (EF->LLVMFuzzerCustomMutator)
> Mutators.push_back({&MutationDispatcher::Mutate_Custom, "Custom"});
> else
> Mutators = DefaultMutators;
>
> - if (EF.LLVMFuzzerCustomCrossOver)
> + if (EF->LLVMFuzzerCustomCrossOver)
> Mutators.push_back(
> {&MutationDispatcher::Mutate_CustomCrossOver, "CustomCrossOver"});
> }
> @@ -67,7 +67,7 @@ static char RandCh(Random &Rand) {
>
> size_t MutationDispatcher::Mutate_Custom(uint8_t *Data, size_t Size,
> size_t MaxSize) {
> - return EF.LLVMFuzzerCustomMutator(Data, Size, MaxSize, Rand.Rand());
> + return EF->LLVMFuzzerCustomMutator(Data, Size, MaxSize, Rand.Rand());
> }
>
> size_t MutationDispatcher::Mutate_CustomCrossOver(uint8_t *Data, size_t
> Size,
> @@ -80,7 +80,7 @@ size_t MutationDispatcher::Mutate_Custom
> return 0;
> MutateInPlaceHere.resize(MaxSize);
> auto &U = MutateInPlaceHere;
> - size_t NewSize = EF.LLVMFuzzerCustomCrossOver(
> + size_t NewSize = EF->LLVMFuzzerCustomCrossOver(
> Data, Size, Other.data(), Other.size(), U.data(), U.size(),
> Rand.Rand());
> if (!NewSize)
> return 0;
>
> Modified: llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp?rev=272072&r1=272071&r2=272072&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp (original)
> +++ llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp Tue Jun 7 18:32:50 2016
> @@ -3,6 +3,7 @@
>
> #include "FuzzerInternal.h"
> #include "gtest/gtest.h"
> +#include <memory>
> #include <set>
>
> using namespace fuzzer;
> @@ -14,6 +15,8 @@ extern "C" int LLVMFuzzerTestOneInput(co
> }
>
> TEST(Fuzzer, CrossOver) {
> + std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
> + fuzzer::EF = t.get();
> Random Rand(0);
> MutationDispatcher MD(Rand);
> Unit A({0, 1, 2}), B({5, 6, 7});
> @@ -82,6 +85,8 @@ typedef size_t (MutationDispatcher::*Mut
> size_t MaxSize);
>
> void TestEraseByte(Mutator M, int NumIter) {
> + std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
> + fuzzer::EF = t.get();
> uint8_t REM0[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
> uint8_t REM1[8] = {0x00, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
> uint8_t REM2[8] = {0x00, 0x11, 0x33, 0x44, 0x55, 0x66, 0x77};
> @@ -116,6 +121,8 @@ TEST(FuzzerMutate, EraseByte2) {
> }
>
> void TestInsertByte(Mutator M, int NumIter) {
> + std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
> + fuzzer::EF = t.get();
> Random Rand(0);
> MutationDispatcher MD(Rand);
> int FoundMask = 0;
> @@ -150,6 +157,8 @@ TEST(FuzzerMutate, InsertByte2) {
> }
>
> void TestChangeByte(Mutator M, int NumIter) {
> + std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
> + fuzzer::EF = t.get();
> Random Rand(0);
> MutationDispatcher MD(Rand);
> int FoundMask = 0;
> @@ -184,6 +193,8 @@ TEST(FuzzerMutate, ChangeByte2) {
> }
>
> void TestChangeBit(Mutator M, int NumIter) {
> + std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
> + fuzzer::EF = t.get();
> Random Rand(0);
> MutationDispatcher MD(Rand);
> int FoundMask = 0;
> @@ -218,6 +229,8 @@ TEST(FuzzerMutate, ChangeBit2) {
> }
>
> void TestShuffleBytes(Mutator M, int NumIter) {
> + std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
> + fuzzer::EF = t.get();
> Random Rand(0);
> MutationDispatcher MD(Rand);
> int FoundMask = 0;
> @@ -246,6 +259,8 @@ TEST(FuzzerMutate, ShuffleBytes2) {
> }
>
> void TestAddWordFromDictionary(Mutator M, int NumIter) {
> + std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
> + fuzzer::EF = t.get();
> Random Rand(0);
> MutationDispatcher MD(Rand);
> uint8_t Word1[4] = {0xAA, 0xBB, 0xCC, 0xDD};
> @@ -286,6 +301,8 @@ TEST(FuzzerMutate, AddWordFromDictionary
> }
>
> void TestAddWordFromDictionaryWithHint(Mutator M, int NumIter) {
> + std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
> + fuzzer::EF = t.get();
> Random Rand(0);
> MutationDispatcher MD(Rand);
> uint8_t W[] = {0xAA, 0xBB, 0xCC, 0xDD, 0xFF, 0xEE, 0xEF};
> @@ -313,6 +330,8 @@ TEST(FuzzerMutate, AddWordFromDictionary
> }
>
> void TestChangeASCIIInteger(Mutator M, int NumIter) {
> + std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
> + fuzzer::EF = t.get();
> Random Rand(0);
> MutationDispatcher MD(Rand);
>
> @@ -405,6 +424,8 @@ TEST(FuzzerUtil, Base64) {
> }
>
> TEST(Corpus, Distribution) {
> + std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
> + fuzzer::EF = t.get();
> Random Rand(0);
> MutationDispatcher MD(Rand);
> Fuzzer::FuzzingOptions Options;
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160607/f86280bf/attachment.html>
More information about the llvm-commits
mailing list