[compiler-rt] 9a01527 - [compiler-rt] fuzzer: adjust tests to not expect that store to null traps and is not erase

Roman Lebedev via llvm-commits llvm-commits at lists.llvm.org
Fri Jul 9 05:03:39 PDT 2021 

Author: Roman Lebedev
Date: 2021-07-09T15:03:11+03:00
New Revision: 9a0152799f8e4a59e0483728c9f11c8a7805616f

URL: https://github.com/llvm/llvm-project/commit/9a0152799f8e4a59e0483728c9f11c8a7805616f
DIFF: https://github.com/llvm/llvm-project/commit/9a0152799f8e4a59e0483728c9f11c8a7805616f.diff

LOG: [compiler-rt] fuzzer: adjust tests to not expect that store to null traps and is not erase

Instead, mostly just trap directly.

Added: 
    compiler-rt/test/fuzzer/TrapTest.cpp
    compiler-rt/test/fuzzer/trap.test

Modified: 
    compiler-rt/test/fuzzer/ShallowOOMDeepCrash.cpp
    compiler-rt/test/fuzzer/coverage.test
    compiler-rt/test/fuzzer/fork.test
    compiler-rt/test/fuzzer/fuzzer-seed.test
    compiler-rt/test/fuzzer/fuzzer-segv.test
    compiler-rt/test/fuzzer/fuzzer-singleinputs.test
    compiler-rt/test/fuzzer/minimize_crash.test

Removed: 
    compiler-rt/test/fuzzer/NullDerefTest.cpp
    compiler-rt/test/fuzzer/null-deref.test


################################################################################
diff  --git a/compiler-rt/test/fuzzer/ShallowOOMDeepCrash.cpp b/compiler-rt/test/fuzzer/ShallowOOMDeepCrash.cpp
index 197fffa5e007c..680d940550d6c 100644
--- a/compiler-rt/test/fuzzer/ShallowOOMDeepCrash.cpp
+++ b/compiler-rt/test/fuzzer/ShallowOOMDeepCrash.cpp
@@ -16,7 +16,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     Sink = new int[1 << 28]; // instant OOM with -rss_limit_mb=128.
   if (Size >= 4 && Data[0] == 'F' && Data[1] == 'U' && Data[2] == 'Z' &&
       Data[3] == 'Z')  // a bit deeper crash.
-    *Zero = 42;
+    __builtin_trap();
   return 0;
 }
 

diff  --git a/compiler-rt/test/fuzzer/NullDerefTest.cpp b/compiler-rt/test/fuzzer/TrapTest.cpp
similarity index 85%
rename from compiler-rt/test/fuzzer/NullDerefTest.cpp
rename to compiler-rt/test/fuzzer/TrapTest.cpp
index 32a3661417234..d3e7c2b0d89af 100644
--- a/compiler-rt/test/fuzzer/NullDerefTest.cpp
+++ b/compiler-rt/test/fuzzer/TrapTest.cpp
@@ -5,11 +5,10 @@
 // Simple test for a fuzzer. The fuzzer must find the string "Hi!".
 #include <cstddef>
 #include <cstdint>
-#include <cstdlib>
 #include <cstdio>
+#include <cstdlib>
 
 static volatile int Sink;
-static volatile int *Null = 0;
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   if (Size > 0 && Data[0] == 'H') {
@@ -17,11 +16,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     if (Size > 1 && Data[1] == 'i') {
       Sink = 2;
       if (Size > 2 && Data[2] == '!') {
-        printf("Found the target, dereferencing NULL\n");
-        *Null = 1;
+        printf("Found the target, trapping\n");
+        __builtin_trap();
       }
     }
   }
   return 0;
 }
-

diff  --git a/compiler-rt/test/fuzzer/coverage.test b/compiler-rt/test/fuzzer/coverage.test
index 07a10ba169f01..cf6b4d8e8b4f3 100644
--- a/compiler-rt/test/fuzzer/coverage.test
+++ b/compiler-rt/test/fuzzer/coverage.test
@@ -2,14 +2,14 @@
 UNSUPPORTED: windows
 # FIXME: CreatePCArray() emits PLT stub addresses for entry blocks, which are ignored by TracePC::PrintCoverage().
 XFAIL: s390x
-RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable  %S/NullDerefTest.cpp -o %t-NullDerefTest
+RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable  %S/TrapTest.cpp -o %t-TrapTest
 RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO1.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
 RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO2.cpp -fPIC %ld_flags_rpath_so2 -O0 -shared -o %dynamiclib2
 RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSOTestMain.cpp %S/DSOTestExtra.cpp %ld_flags_rpath_exe1 %ld_flags_rpath_exe2 -o %t-DSOTest
 
 CHECK: COVERAGE:
-CHECK: COVERED_FUNC: {{.*}}LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:14
-RUN: not %run %t-NullDerefTest -print_coverage=1 2>&1 | FileCheck %s
+CHECK: COVERED_FUNC: {{.*}}LLVMFuzzerTestOneInput {{.*}}TrapTest.cpp:13
+RUN: not %run %t-TrapTest -print_coverage=1 2>&1 | FileCheck %s
 
 RUN: %run %t-DSOTest -print_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO
 DSO: COVERAGE:

diff  --git a/compiler-rt/test/fuzzer/fork.test b/compiler-rt/test/fuzzer/fork.test
index 6e76fe7f2b06a..e78541b0e8ca0 100644
--- a/compiler-rt/test/fuzzer/fork.test
+++ b/compiler-rt/test/fuzzer/fork.test
@@ -12,7 +12,7 @@ RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-OutOfMemoryTest
 RUN: not %run %t-OutOfMemoryTest -fork=1 -ignore_ooms=0  -rss_limit_mb=128 2>&1 | FileCheck %s --check-prefix=OOM
 
 # access-violation is the error thrown on Windows. Address will be smaller on i386.
-CRASH: {{SEGV|access-violation}} on unknown address 0x00000000
+CRASH: == ERROR: libFuzzer: deadly signal
 RUN: %cpp_compiler %S/ShallowOOMDeepCrash.cpp -o %t-ShallowOOMDeepCrash
 RUN: not %run %t-ShallowOOMDeepCrash -fork=1 -rss_limit_mb=128 2>&1 | FileCheck %s --check-prefix=CRASH
 

diff  --git a/compiler-rt/test/fuzzer/fuzzer-seed.test b/compiler-rt/test/fuzzer/fuzzer-seed.test
index b6343ffa3dd73..6ca24c91f075a 100644
--- a/compiler-rt/test/fuzzer/fuzzer-seed.test
+++ b/compiler-rt/test/fuzzer/fuzzer-seed.test
@@ -1,4 +1,4 @@
-RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-SimpleCmpTest
+RUN: %cpp_compiler %S/TrapTest.cpp -o %t-SimpleCmpTest
 RUN: %run %t-SimpleCmpTest -seed=-1 -runs=0 2>&1 | FileCheck %s --check-prefix=CHECK_SEED_MINUS_ONE
 CHECK_SEED_MINUS_ONE: Seed: 4294967295
 

diff  --git a/compiler-rt/test/fuzzer/fuzzer-segv.test b/compiler-rt/test/fuzzer/fuzzer-segv.test
index 7ae9049e15a6a..a658b28f68ca7 100644
--- a/compiler-rt/test/fuzzer/fuzzer-segv.test
+++ b/compiler-rt/test/fuzzer/fuzzer-segv.test
@@ -1,8 +1,6 @@
-RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
-RUN: %env_asan_opts=handle_segv=0 not %run %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_OWN_SEGV_HANDLER
+RUN: %cpp_compiler %S/TrapTest.cpp -o %t-TrapTest
+RUN: %env_asan_opts=handle_segv=0 not %run %t-TrapTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_OWN_SEGV_HANDLER
+RUN: %env_asan_opts=handle_segv=1 not %run %t-TrapTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_OWN_SEGV_HANDLER
 LIBFUZZER_OWN_SEGV_HANDLER: == ERROR: libFuzzer: deadly signal
 LIBFUZZER_OWN_SEGV_HANDLER: SUMMARY: libFuzzer: deadly signal
 LIBFUZZER_OWN_SEGV_HANDLER: Test unit written to ./crash-
-
-RUN: %env_asan_opts=handle_segv=1 not %run %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_ASAN_SEGV_HANDLER
-LIBFUZZER_ASAN_SEGV_HANDLER: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address

diff  --git a/compiler-rt/test/fuzzer/fuzzer-singleinputs.test b/compiler-rt/test/fuzzer/fuzzer-singleinputs.test
index 704f9caa57f94..67b3ba9dd922a 100644
--- a/compiler-rt/test/fuzzer/fuzzer-singleinputs.test
+++ b/compiler-rt/test/fuzzer/fuzzer-singleinputs.test
@@ -1,7 +1,7 @@
-RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
+RUN: %cpp_compiler %S/TrapTest.cpp -o %t-TrapTest
 RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
 
-RUN: not %run %t-NullDerefTest %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInput
+RUN: not %run %t-TrapTest %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInput
 SingleInput-NOT: Test unit written to ./crash-
 
 RUN: rm -rf  %tmp/SINGLE_INPUTS

diff  --git a/compiler-rt/test/fuzzer/minimize_crash.test b/compiler-rt/test/fuzzer/minimize_crash.test
index de44b8747e04c..33c9174920e93 100644
--- a/compiler-rt/test/fuzzer/minimize_crash.test
+++ b/compiler-rt/test/fuzzer/minimize_crash.test
@@ -1,11 +1,11 @@
-RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
+RUN: %cpp_compiler %S/TrapTest.cpp -o %t-TrapTest
 RUN: %cpp_compiler %S/SingleByteInputTest.cpp -o %t-SingleByteInputTest
 RUN: mkdir -p %t.dir
 
 RUN: echo 'Hi!rv349f34t3gg' > %t.dir/not_minimal_crash
-RUN: %run %t-NullDerefTest -minimize_crash=1 %t.dir/not_minimal_crash -max_total_time=2 2>&1 | FileCheck %s
+RUN: %run %t-TrapTest -minimize_crash=1 %t.dir/not_minimal_crash -max_total_time=2 2>&1 | FileCheck %s
 CHECK: CRASH_MIN: failed to minimize beyond {{.*}}minimized-from{{.*}} (3 bytes), exiting
-RUN: %run %t-NullDerefTest -minimize_crash=1 %t.dir/not_minimal_crash -max_total_time=2 -exact_artifact_path=%t.exact_minimized_path 2>&1 | FileCheck %s --check-prefix=CHECK_EXACT
+RUN: %run %t-TrapTest -minimize_crash=1 %t.dir/not_minimal_crash -max_total_time=2 -exact_artifact_path=%t.exact_minimized_path 2>&1 | FileCheck %s --check-prefix=CHECK_EXACT
 CHECK_EXACT: CRASH_MIN: failed to minimize beyond {{.*}}exact_minimized_path{{.*}} (3 bytes), exiting
 RUN: rm %t.dir/not_minimal_crash %t.exact_minimized_path
 

diff  --git a/compiler-rt/test/fuzzer/null-deref.test b/compiler-rt/test/fuzzer/null-deref.test
deleted file mode 100644
index 31eb5990da33d..0000000000000
--- a/compiler-rt/test/fuzzer/null-deref.test
+++ /dev/null
@@ -1,10 +0,0 @@
-RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
-
-RUN: not %run %t-NullDerefTest                  2>&1 | FileCheck %s --check-prefix=NullDerefTest
-RUN: not %run %t-NullDerefTest -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=NullDerefTest
-NullDerefTest: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address
-NullDerefTest: Test unit written to ./crash-
-RUN: not %run %t-NullDerefTest  -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix
-NullDerefTestPrefix: Test unit written to ZZZcrash-
-RUN: not %run %t-NullDerefTest  -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=NullDerefTestExactPath
-NullDerefTestExactPath: Test unit written to FOOBAR

diff  --git a/compiler-rt/test/fuzzer/trap.test b/compiler-rt/test/fuzzer/trap.test
new file mode 100644
index 0000000000000..c5944aeddbe5e
--- /dev/null
+++ b/compiler-rt/test/fuzzer/trap.test
@@ -0,0 +1,10 @@
+RUN: %cpp_compiler %S/TrapTest.cpp -o %t-TrapTest
+
+RUN: not %run %t-TrapTest                  2>&1 | FileCheck %s --check-prefix=TrapTest
+RUN: not %run %t-TrapTest -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=TrapTest
+TrapTest: SUMMARY: libFuzzer: deadly signal
+TrapTest: Test unit written to ./crash-
+RUN: not %run %t-TrapTest  -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=TrapTestPrefix
+TrapTestPrefix: Test unit written to ZZZcrash-
+RUN: not %run %t-TrapTest  -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=TrapTestExactPath
+TrapTestExactPath: Test unit written to FOOBAR

More information about the llvm-commits mailing list