[compiler-rt] r333119 - [libFuzzer] add a stress test for the DataFlow tracer
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Wed May 23 13:23:33 PDT 2018
Author: kcc
Date: Wed May 23 13:23:33 2018
New Revision: 333119
URL: http://llvm.org/viewvc/llvm-project?rev=333119&view=rev
Log:
[libFuzzer] add a stress test for the DataFlow tracer
Added:
compiler-rt/trunk/test/fuzzer/ExplodeDFSanLabelsTest.cpp
Modified:
compiler-rt/trunk/test/fuzzer/dataflow.test
Added: compiler-rt/trunk/test/fuzzer/ExplodeDFSanLabelsTest.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/ExplodeDFSanLabelsTest.cpp?rev=333119&view=auto
==============================================================================
--- compiler-rt/trunk/test/fuzzer/ExplodeDFSanLabelsTest.cpp (added)
+++ compiler-rt/trunk/test/fuzzer/ExplodeDFSanLabelsTest.cpp Wed May 23 13:23:33 2018
@@ -0,0 +1,23 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// When tracing data flow, explode the number of DFSan labels.
+#include <cstddef>
+#include <cstdint>
+
+static volatile int sink;
+
+__attribute__((noinline))
+void f(uint8_t a, uint8_t b, uint8_t c, uint8_t d) {
+ if (a == b + 1 && c == d + 2)
+ sink++;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ for (size_t a = 0; a < Size; a++)
+ for (size_t b = 0; b < Size; b++)
+ for (size_t c = 0; c < Size; c++)
+ for (size_t d = 0; d < Size; d++)
+ f(Data[a], Data[b], Data[c], Data[d]);
+ return 0;
+}
Modified: compiler-rt/trunk/test/fuzzer/dataflow.test
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/dataflow.test?rev=333119&r1=333118&r2=333119&view=diff
==============================================================================
--- compiler-rt/trunk/test/fuzzer/dataflow.test (original)
+++ compiler-rt/trunk/test/fuzzer/dataflow.test Wed May 23 13:23:33 2018
@@ -2,8 +2,9 @@
REQUIRES: linux
# Build the tracer and the test.
-RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow -fsanitize-coverage=trace-pc-guard,pc-table,func,trace-cmp %S/ThreeFunctionsTest.cpp -o %t-ThreeFunctionsTest.o
-RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow %t-ThreeFunctionsTest.o %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o %t-ThreeFunctionsTestDF
+RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o %t-DataFlow.o
+RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -fsanitize-coverage=trace-pc-guard,pc-table,func,trace-cmp %S/ThreeFunctionsTest.cpp %t-DataFlow.o -o %t-ThreeFunctionsTestDF
+RUN: %no_fuzzer_cpp_compiler -fno-sanitize=all -fsanitize=dataflow -fsanitize-coverage=trace-pc-guard,pc-table,func,trace-cmp %S/ExplodeDFSanLabelsTest.cpp %t-DataFlow.o -o %t-ExplodeDFSanLabelsTestDF
# Dump the function list.
RUN: %t-ThreeFunctionsTestDF 2>&1 | FileCheck %s --check-prefix=FUNC_LIST
@@ -19,6 +20,7 @@ RUN: echo -n FUABC > %t/IN/FUABC
RUN: echo -n FUZZR > %t/IN/FUZZR
RUN: echo -n FUZZM > %t/IN/FUZZM
RUN: echo -n FUZZMU > %t/IN/FUZZMU
+RUN: echo -n 1234567890123456 > %t/IN/1234567890123456
# ABC: No data is used, the only used label is 4 (corresponds to the size)
RUN:%t-ThreeFunctionsTestDF %t/IN/ABC | FileCheck %s --check-prefix=IN_ABC
@@ -74,3 +76,9 @@ IN_FUZZMU: L[[L2:[0-9]*]] 6 7
IN_FUZZMU-DAG: F{{[012]}} 5
IN_FUZZMU-DAG: F{{[012]}} [[L2]]
IN_FUZZMU-DAG: F
+
+# Today a very simple test will cause DFSan to die with "out of labels"
+RUN: not %t-ExplodeDFSanLabelsTestDF %t/IN/1234567890123456 2>&1 | FileCheck %s --check-prefix=OUT_OF_LABELS
+OUT_OF_LABELS: ==FATAL: DataFlowSanitizer: out of labels
+
+
More information about the llvm-commits
mailing list