From dfbe59b03db728a0cdfdf1bf763439a511c5ee09 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Mon, 15 Aug 2016 17:48:28 +0000 Subject: [libFuzzer] add InsertRepeatedBytes and EraseBytes. New mutation: InsertRepeatedBytes. Updated mutation: EraseByte => EraseBytes. This helps https://github.com/google/sanitizers/issues/710 where libFuzzer was not able to find a known bug. Now it finds it in minutes. Hopefully, the change is general enough to help other targets. llvm-svn: 278687 --- llvm/lib/Fuzzer/test/RepeatedBytesTest.cpp | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 llvm/lib/Fuzzer/test/RepeatedBytesTest.cpp (limited to 'llvm/lib/Fuzzer/test/RepeatedBytesTest.cpp') diff --git a/llvm/lib/Fuzzer/test/RepeatedBytesTest.cpp b/llvm/lib/Fuzzer/test/RepeatedBytesTest.cpp new file mode 100644 index 0000000..2fa6c78 --- /dev/null +++ b/llvm/lib/Fuzzer/test/RepeatedBytesTest.cpp @@ -0,0 +1,29 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Simple test for a fuzzer. The fuzzer must find repeated bytes. +#include +#include +#include +#include +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + assert(Data); + // Looking for AAAAAAAAAAAAAAAAAAAAAA or some such. + size_t CurA = 0, MaxA = 0; + for (size_t i = 0; i < Size; i++) { + // Make sure there are no conditionals in the loop so that + // coverage can't help the fuzzer. + int EQ = Data[i] == 'A'; + CurA = EQ * (CurA + 1); + int GT = CurA > MaxA; + MaxA = GT * CurA + (!GT) * MaxA; + } + if (MaxA >= 20) { + std::cout << "BINGO; Found the target (Max: " << MaxA << "), exiting\n"; + exit(0); + } + return 0; +} + -- cgit v1.1