diff options
Diffstat (limited to 'test/fuzzer')
55 files changed, 297 insertions, 176 deletions
diff --git a/test/fuzzer/AlignmentAssumptionTest.cpp b/test/fuzzer/AlignmentAssumptionTest.cpp new file mode 100644 index 000000000000..be51d37e8fe2 --- /dev/null +++ b/test/fuzzer/AlignmentAssumptionTest.cpp @@ -0,0 +1,27 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Test for alignment assumption failure. + +#include <assert.h> +#include <climits> +#include <cstddef> +#include <cstdint> +#include <cstdlib> +#include <iostream> + +static volatile int32_t Sink; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + assert(Data); + if (Size > 0 && Data[0] == 'H') { + Sink = 1; + if (Size > 1 && Data[1] == 'i') { + Sink = 2; + if (Size > 2 && Data[2] == '!') { + __builtin_assume_aligned(Data + 1, 0x8000); + } + } + } + return 0; +} diff --git a/test/fuzzer/ImplicitIntegerSignChangeTest.cpp b/test/fuzzer/ImplicitIntegerSignChangeTest.cpp new file mode 100644 index 000000000000..0fd7df0e2d2e --- /dev/null +++ b/test/fuzzer/ImplicitIntegerSignChangeTest.cpp @@ -0,0 +1,27 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Test for implicit-integer-sign-change. +#include <assert.h> +#include <climits> +#include <cstddef> +#include <cstdint> +#include <cstdlib> +#include <iostream> + +static volatile uint32_t Sink; +static volatile int32_t Storage = -1; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + assert(Data); + if (Size > 0 && Data[0] == 'H') { + Sink = 1; + if (Size > 1 && Data[1] == 'i') { + Sink = 2; + if (Size > 2 && Data[2] == '!') { + Sink = Storage; // 'sign change'. + } + } + } + return 0; +} diff --git a/test/fuzzer/ImplicitSignedIntegerTruncationOrSignChangeTest.cpp b/test/fuzzer/ImplicitSignedIntegerTruncationOrSignChangeTest.cpp new file mode 100644 index 000000000000..6e65f5442dcf --- /dev/null +++ b/test/fuzzer/ImplicitSignedIntegerTruncationOrSignChangeTest.cpp @@ -0,0 +1,27 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Test for implicit-signed-integer-truncation-or-sign-change. +#include <assert.h> +#include <climits> +#include <cstddef> +#include <cstdint> +#include <cstdlib> +#include <iostream> + +static volatile int8_t Sink; +static volatile uint32_t Storage = (uint32_t)-1; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + assert(Data); + if (Size > 0 && Data[0] == 'H') { + Sink = 1; + if (Size > 1 && Data[1] == 'i') { + Sink = 2; + if (Size > 2 && Data[2] == '!') { + Sink = Storage; // 'conversion'. + } + } + } + return 0; +} diff --git a/test/fuzzer/ImplicitIntegerTruncationTest.cpp b/test/fuzzer/ImplicitSignedIntegerTruncationTest.cpp index cb935da0c13e..9a17802e2a5f 100644 --- a/test/fuzzer/ImplicitIntegerTruncationTest.cpp +++ b/test/fuzzer/ImplicitSignedIntegerTruncationTest.cpp @@ -9,8 +9,8 @@ #include <cstdlib> #include <iostream> -static volatile int Sink; -static unsigned char Large = UINT8_MAX; +static volatile int32_t Sink; +static uint8_t Large = UINT8_MAX; extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { assert(Data); diff --git a/test/fuzzer/ImplicitUnsignedIntegerTruncationTest.cpp b/test/fuzzer/ImplicitUnsignedIntegerTruncationTest.cpp new file mode 100644 index 000000000000..c0bf40ab08f9 --- /dev/null +++ b/test/fuzzer/ImplicitUnsignedIntegerTruncationTest.cpp @@ -0,0 +1,27 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Test for unsigned-integer-overflow. +#include <assert.h> +#include <climits> +#include <cstddef> +#include <cstdint> +#include <cstdlib> +#include <iostream> + +static volatile int32_t Sink; +static uint8_t Large = UINT8_MAX; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + assert(Data); + if (Size > 0 && Data[0] == 'H') { + Sink = 1; + if (Size > 1 && Data[1] == 'i') { + Sink = 2; + if (Size > 2 && Data[2] == '!') { + Large = (unsigned int)Large + 1U; // 'char overflow'. + } + } + } + return 0; +} diff --git a/test/fuzzer/InitializeTest.cpp b/test/fuzzer/InitializeTest.cpp index a93c2a525088..5022c9efa640 100644 --- a/test/fuzzer/InitializeTest.cpp +++ b/test/fuzzer/InitializeTest.cpp @@ -9,7 +9,7 @@ #include <stdlib.h> #include <string.h> -static char *argv0; +static char *argv0 = NULL; extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { assert(*argc > 0); @@ -20,8 +20,7 @@ extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { assert(argv0); - if (Size == strlen(argv0) && - !memmem(Data, Size, argv0, Size)) { + if (argv0 && Size >= 4 && !memcmp(Data, "fuzz", 4)) { fprintf(stderr, "BINGO %s\n", argv0); exit(1); } diff --git a/test/fuzzer/PrintUnstableStatsTest.cpp b/test/fuzzer/PrintUnstableStatsTest.cpp deleted file mode 100644 index 078eb4c3d971..000000000000 --- a/test/fuzzer/PrintUnstableStatsTest.cpp +++ /dev/null @@ -1,69 +0,0 @@ -#include <assert.h> -#include <cstdint> -#include <cstdio> -#include <cstdlib> - -int x = 0; -bool skip0 = false; -bool skip1 = false; -bool skip2 = false; - -__attribute__((noinline)) void det0() { x++; } -__attribute__((noinline)) void det1() { x++; } -__attribute__((noinline)) void det2() { x++; } -__attribute__((noinline)) void det3() { x++; } -__attribute__((noinline)) void det4() { x++; } - -__attribute__((noinline)) void ini0() { x++; } -__attribute__((noinline)) void ini1() { x++; } -__attribute__((noinline)) void ini2() { x++; } - -__attribute__((noinline)) void t0() { x++; } -__attribute__((noinline)) void t1() { x++; } -__attribute__((noinline)) void t2() { x++; } -__attribute__((noinline)) void t3() { x++; } -__attribute__((noinline)) void t4() { x++; } - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size == 1 && Data[0] == 'A' && !skip0) { - skip0 = true; - ini0(); - } - if (Size == 1 && Data[0] == 'B' && !skip1) { - skip1 = true; - ini1(); - } - if (Size == 1 && Data[0] == 'C' && !skip2) { - skip2 = true; - ini2(); - } - - det0(); - det1(); - int a = rand(); - det2(); - - switch (a % 5) { - case 0: - t0(); - break; - case 1: - t1(); - break; - case 2: - t2(); - break; - case 3: - t3(); - break; - case 4: - t4(); - break; - default: - assert(false); - } - - det3(); - det4(); - return 0; -} diff --git a/test/fuzzer/ReadBinaryTest.cpp b/test/fuzzer/ReadBinaryTest.cpp new file mode 100644 index 000000000000..de7a40036981 --- /dev/null +++ b/test/fuzzer/ReadBinaryTest.cpp @@ -0,0 +1,18 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Simple test for a fuzzer. Tests that fuzzer can read a file containing +// carriage returns. +#include <cstddef> +#include <cstdint> +#include <iostream> +#include <string> + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) { + std::string InputStr(reinterpret_cast<const char*>(Data), Size); + std::string MagicStr("Hello\r\nWorld\r\n"); + if (InputStr == MagicStr) { + std::cout << "BINGO!"; + } + return 0; +} diff --git a/test/fuzzer/SymbolizeDeadlock.cpp b/test/fuzzer/SymbolizeDeadlock.cpp index 5be1be804bce..b9ece38b2303 100644 --- a/test/fuzzer/SymbolizeDeadlock.cpp +++ b/test/fuzzer/SymbolizeDeadlock.cpp @@ -8,7 +8,6 @@ #include <cstdio> #include <cstdlib> #include <cstring> -#include <unistd.h> #include "Bingo.h" diff --git a/test/fuzzer/afl-driver-extra-stats.test b/test/fuzzer/afl-driver-extra-stats.test index cddb683e6dec..2f5641daf724 100644 --- a/test/fuzzer/afl-driver-extra-stats.test +++ b/test/fuzzer/afl-driver-extra-stats.test @@ -1,3 +1,5 @@ +# AFL doesn't work on Windows. No reason to test the driver. +UNSUPPORTED: windows XFAIL: ios RUN: %no_fuzzer_cpp_compiler %S/AFLDriverTest.cpp %libfuzzer_src/afl/afl_driver.cpp -o %t-AFLDriverTest diff --git a/test/fuzzer/afl-driver-stderr.test b/test/fuzzer/afl-driver-stderr.test index d3d739d3b977..5e3007e5427e 100644 --- a/test/fuzzer/afl-driver-stderr.test +++ b/test/fuzzer/afl-driver-stderr.test @@ -1,5 +1,6 @@ +# AFL doesn't work on Windows. No reason to test the driver. +UNSUPPORTED: freebsd, windows XFAIL: ios -UNSUPPORTED: freebsd RUN: %no_fuzzer_cpp_compiler %S/AFLDriverTest.cpp %libfuzzer_src/afl/afl_driver.cpp -o %t-AFLDriverTest ; Test that not specifying a stderr file isn't broken. diff --git a/test/fuzzer/counters.test b/test/fuzzer/counters.test index f75d3a03783f..8f461c6e1bb3 100644 --- a/test/fuzzer/counters.test +++ b/test/fuzzer/counters.test @@ -1,5 +1,4 @@ -XFAIL: ios -UNSUPPORTED: aarch64 +UNSUPPORTED: aarch64, ios RUN: %cpp_compiler %S/CounterTest.cpp -o %t-CounterTest RUN: not %run %t-CounterTest -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=COUNTERS diff --git a/test/fuzzer/coverage.test b/test/fuzzer/coverage.test index 3b2341f21f69..ff7a436e3213 100644 --- a/test/fuzzer/coverage.test +++ b/test/fuzzer/coverage.test @@ -1,4 +1,5 @@ -UNSUPPORTED: aarch64 +# FIXME: Disabled on Windows because -fPIC cannot be used to compile for Windows. +UNSUPPORTED: windows RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/NullDerefTest.cpp -o %t-NullDerefTest RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO1.cpp -fPIC %ld_flags_rpath_so1 -shared -o %dynamiclib1 RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO2.cpp -fPIC %ld_flags_rpath_so2 -shared -o %dynamiclib2 diff --git a/test/fuzzer/dead-stripping.test b/test/fuzzer/dead-stripping.test new file mode 100644 index 000000000000..85445ea9f21b --- /dev/null +++ b/test/fuzzer/dead-stripping.test @@ -0,0 +1,23 @@ +REQUIRES: darwin + +No dead_strip. Unused code is not removed. +RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t +RUN: nm %t | grep UnusedFunctionShouldBeRemovedByLinker | count 1 +RUN: %run %t -runs=0 2>&1 | FileCheck %s + +With dead_strip. Unused code is not removed. +RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -ffunction-sections -Wl,-dead_strip +RUN: nm %t | grep UnusedFunctionShouldBeRemovedByLinker | count 1 +RUN: %run %t -runs=0 2>&1 | FileCheck %s + +With dead_strip, with trace-pc. Unused code is removed. +RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -ffunction-sections -fsanitize-coverage=0 -fsanitize-coverage=trace-pc -Wl,-dead_strip +RUN: nm %t | not grep UnusedFunctionShouldBeRemovedByLinker +RUN: %run %t -runs=0 2>&1 | FileCheck %s + +With dead_strip, with pc-table. Unused code is not removed. +RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -ffunction-sections -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard,pc-table -Wl,-dead_strip +RUN: nm %t | grep UnusedFunctionShouldBeRemovedByLinker | count 1 +RUN: %run %t -runs=0 2>&1 | FileCheck %s + +CHECK-NOT: ERROR: The size of coverage PC tables does not match diff --git a/test/fuzzer/dso.test b/test/fuzzer/dso.test index fc1fe23818f0..60ef8a6ac832 100644 --- a/test/fuzzer/dso.test +++ b/test/fuzzer/dso.test @@ -1,3 +1,5 @@ +# FIXME: Disabled on Windows because -fPIC cannot be used to compile for Windows. +UNSUPPORTED: windows RUN: %cpp_compiler %S/DSO1.cpp -fPIC %ld_flags_rpath_so1 -shared -o %dynamiclib1 RUN: %cpp_compiler %S/DSO2.cpp -fPIC %ld_flags_rpath_so2 -shared -o %dynamiclib2 RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp %ld_flags_rpath_exe1 %ld_flags_rpath_exe2 -o %t-DSOTest diff --git a/test/fuzzer/dump_coverage.test b/test/fuzzer/dump_coverage.test index 41e193824de6..803a4fbb8a05 100644 --- a/test/fuzzer/dump_coverage.test +++ b/test/fuzzer/dump_coverage.test @@ -1,4 +1,5 @@ -UNSUPPORTED: freebsd +# FIXME: Disabled on Windows because -fPIC cannot be used to compile for Windows. +UNSUPPORTED: freebsd, windows RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSO1.cpp -fPIC -shared -o %dynamiclib1 %ld_flags_rpath_so1 RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSO2.cpp -fPIC -shared -o %dynamiclib2 %ld_flags_rpath_so2 RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSOTestMain.cpp %S/DSOTestExtra.cpp %ld_flags_rpath_exe1 %ld_flags_rpath_exe2 -o %t-DSOTest @@ -7,7 +8,7 @@ RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/N RUN: rm -rf %t_workdir && mkdir -p %t_workdir RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %run %t-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s -RUN: sancov -covered-functions %t-NullDerefTest* %t_workdir/*.sancov | FileCheck %s --check-prefix=SANCOV +RUN: sancov -covered-functions %t-NullDerefTest %t_workdir/*.sancov | FileCheck %s --check-prefix=SANCOV RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' %run %t-DSOTest -dump_coverage=1 -runs=0 2>&1 | FileCheck -allow-deprecated-dag-overlap %s --check-prefix=DSO RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %run %t-NullDerefTest -dump_coverage=0 2>&1 | FileCheck %s --check-prefix=NOCOV diff --git a/test/fuzzer/exit_on_src_pos.test b/test/fuzzer/exit_on_src_pos.test index ad0fa0a7ce4e..c08c01410e28 100644 --- a/test/fuzzer/exit_on_src_pos.test +++ b/test/fuzzer/exit_on_src_pos.test @@ -1,9 +1,11 @@ # Temporary use -mllvm -use-unknown-locations=Disable so that # all instructions have debug info (file line numbers) attached. # TODO: Find out why test fails on Darwin with -O2. -RUN: %cpp_compiler -O0 %S/SimpleTest.cpp -o %t-SimpleTest -mllvm -use-unknown-locations=Disable -RUN: %cpp_compiler -O0 %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest +# Binaries must end in .exe or else symbolization will break on Windows because of how periods +# in expansion of %t cause the compiler to overwrite .lib and .exp files. +RUN: %cpp_compiler -O0 %S/SimpleTest.cpp -o %t-SimpleTest.exe -mllvm -use-unknown-locations=Disable +RUN: %cpp_compiler -O0 %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest.exe -RUN: %run %t-SimpleTest -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS -RUN: %run %t-ShrinkControlFlowTest -exit_on_src_pos=Foo 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS +RUN: %run %t-SimpleTest.exe -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS +RUN: %run %t-ShrinkControlFlowTest.exe -exit_on_src_pos=Foo 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting. diff --git a/test/fuzzer/fuzzer-alignment-assumption.test b/test/fuzzer/fuzzer-alignment-assumption.test new file mode 100644 index 000000000000..6db77e19ccc8 --- /dev/null +++ b/test/fuzzer/fuzzer-alignment-assumption.test @@ -0,0 +1,7 @@ +RUN: rm -f %t-AlignmentAssumptionTest-Ubsan +RUN: %cpp_compiler -fsanitize=alignment -fno-sanitize-recover=all %S/AlignmentAssumptionTest.cpp -o %t-AlignmentAssumptionTest-Ubsan +RUN: not %run %t-AlignmentAssumptionTest-Ubsan 2>&1 | FileCheck %s +CHECK: AlignmentAssumptionTest.cpp:22:39: runtime error: assumption of 32768 byte alignment for pointer of type 'const {{.*}} *' (aka 'const unsigned char *') failed +CHECK: 0x{{.*}}: note: address is {{.*}} aligned, misalignment offset is {{.*}} byte + +CHECK: Test unit written to ./crash- diff --git a/test/fuzzer/fuzzer-implicit-integer-sign-change.test b/test/fuzzer/fuzzer-implicit-integer-sign-change.test new file mode 100644 index 000000000000..7524f6cc4e5e --- /dev/null +++ b/test/fuzzer/fuzzer-implicit-integer-sign-change.test @@ -0,0 +1,5 @@ +RUN: rm -f %t-ImplicitIntegerSignChangeTest-Ubsan +RUN: %cpp_compiler -fsanitize=implicit-integer-sign-change -fno-sanitize-recover=all %S/ImplicitIntegerSignChangeTest.cpp -o %t-ImplicitIntegerSignChangeTest-Ubsan +RUN: not %run %t-ImplicitIntegerSignChangeTest-Ubsan 2>&1 | FileCheck %s +CHECK: ImplicitIntegerSignChangeTest.cpp:22:16: runtime error: implicit conversion from type 'int32_t' (aka 'int') of value -1 (32-bit, signed) to type 'uint32_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit, unsigned) +CHECK: Test unit written to ./crash- diff --git a/test/fuzzer/fuzzer-implicit-integer-truncation.test b/test/fuzzer/fuzzer-implicit-integer-truncation.test deleted file mode 100644 index 212559bdca3c..000000000000 --- a/test/fuzzer/fuzzer-implicit-integer-truncation.test +++ /dev/null @@ -1,5 +0,0 @@ -RUN: rm -f %t-ImplicitIntegerTruncationTest-Ubsan -RUN: %cpp_compiler -fsanitize=implicit-integer-truncation -fno-sanitize-recover=all %S/ImplicitIntegerTruncationTest.cpp -o %t-ImplicitIntegerTruncationTest-Ubsan -RUN: not %run %t-ImplicitIntegerTruncationTest-Ubsan 2>&1 | FileCheck %s -CHECK: runtime error: implicit conversion from type 'int' of value 256 (32-bit, signed) to type 'unsigned char' changed the value to 0 (8-bit, unsigned) -CHECK: Test unit written to ./crash- diff --git a/test/fuzzer/fuzzer-implicit-signed-integer-truncation-or-sign-change.test b/test/fuzzer/fuzzer-implicit-signed-integer-truncation-or-sign-change.test new file mode 100644 index 000000000000..532b36a03508 --- /dev/null +++ b/test/fuzzer/fuzzer-implicit-signed-integer-truncation-or-sign-change.test @@ -0,0 +1,5 @@ +RUN: rm -f %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan +RUN: %cpp_compiler -fsanitize=implicit-signed-integer-truncation,implicit-integer-sign-change -fno-sanitize-recover=all %S/ImplicitSignedIntegerTruncationOrSignChangeTest.cpp -o %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan +RUN: not %run %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan 2>&1 | FileCheck %s +CHECK: ImplicitSignedIntegerTruncationOrSignChangeTest.cpp:22:16: runtime error: implicit conversion from type 'uint32_t' (aka 'unsigned int') of value 4294967295 (32-bit, unsigned) to type 'int8_t' (aka 'signed char') changed the value to -1 (8-bit, signed) +CHECK: Test unit written to ./crash- diff --git a/test/fuzzer/fuzzer-implicit-signed-integer-truncation.test b/test/fuzzer/fuzzer-implicit-signed-integer-truncation.test new file mode 100644 index 000000000000..d41625d3aede --- /dev/null +++ b/test/fuzzer/fuzzer-implicit-signed-integer-truncation.test @@ -0,0 +1,5 @@ +RUN: rm -f %t-ImplicitSignedIntegerTruncationTest-Ubsan +RUN: %cpp_compiler -fsanitize=implicit-signed-integer-truncation -fno-sanitize-recover=all %S/ImplicitSignedIntegerTruncationTest.cpp -o %t-ImplicitSignedIntegerTruncationTest-Ubsan +RUN: not %run %t-ImplicitSignedIntegerTruncationTest-Ubsan 2>&1 | FileCheck %s +CHECK: ImplicitSignedIntegerTruncationTest.cpp:22:17: runtime error: implicit conversion from type 'int' of value 256 (32-bit, signed) to type 'uint8_t' (aka 'unsigned char') changed the value to 0 (8-bit, unsigned) +CHECK: Test unit written to ./crash- diff --git a/test/fuzzer/fuzzer-implicit-unsigned-integer-truncation.test b/test/fuzzer/fuzzer-implicit-unsigned-integer-truncation.test new file mode 100644 index 000000000000..e62a01e9eb24 --- /dev/null +++ b/test/fuzzer/fuzzer-implicit-unsigned-integer-truncation.test @@ -0,0 +1,5 @@ +RUN: rm -f %t-ImplicitUnsignedIntegerTruncationTest-Ubsan +RUN: %cpp_compiler -fsanitize=implicit-unsigned-integer-truncation -fno-sanitize-recover=all %S/ImplicitUnsignedIntegerTruncationTest.cpp -o %t-ImplicitUnsignedIntegerTruncationTest-Ubsan +RUN: not %run %t-ImplicitUnsignedIntegerTruncationTest-Ubsan 2>&1 | FileCheck %s +CHECK: ImplicitUnsignedIntegerTruncationTest.cpp:22:17: runtime error: implicit conversion from type 'unsigned int' of value 256 (32-bit, unsigned) to type 'uint8_t' (aka 'unsigned char') changed the value to 0 (8-bit, unsigned) +CHECK: Test unit written to ./crash- diff --git a/test/fuzzer/fuzzer-mutationstats.test b/test/fuzzer/fuzzer-mutationstats.test deleted file mode 100644 index 95743a818d1f..000000000000 --- a/test/fuzzer/fuzzer-mutationstats.test +++ /dev/null @@ -1,5 +0,0 @@ -RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-MutationStatsTest -RUN: not %run %t-MutationStatsTest -print_mutation_stats=1 2>&1 | FileCheck %s - -# Ensures there are some non-zero values in the usefulness percentages printed. -CHECK: stat::mutation_usefulness: {{[0-9]+\.[0-9]+}} diff --git a/test/fuzzer/fuzzer-oom.test b/test/fuzzer/fuzzer-oom.test index e82fb47c5bed..9bc451c50ee9 100644 --- a/test/fuzzer/fuzzer-oom.test +++ b/test/fuzzer/fuzzer-oom.test @@ -1,17 +1,21 @@ -UNSUPPORTED: aarch64 -RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-OutOfMemoryTest -RUN: %cpp_compiler %S/OutOfMemorySingleLargeMallocTest.cpp -o %t-OutOfMemorySingleLargeMallocTest -RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-AccumulateAllocationsTest +UNSUPPORTED: aarch64, ios +# Tests break on windows unless exe extension is used (because there are periods +# in expansion of %t, the string after the period is interpreted as the file +# extension, so each compilation will clobber the previous one's lib and exp +# files causing symbolization to break). +RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-OutOfMemoryTest.exe +RUN: %cpp_compiler %S/OutOfMemorySingleLargeMallocTest.cpp -o %t-OutOfMemorySingleLargeMallocTest.exe +RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-AccumulateAllocationsTest.exe -RUN: not %run %t-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s +RUN: not %run %t-OutOfMemoryTest.exe -rss_limit_mb=300 2>&1 | FileCheck %s CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 300Mb) CHECK: Test unit written to ./oom- SUMMARY: libFuzzer: out-of-memory -RUN: not %run %t-OutOfMemorySingleLargeMallocTest -rss_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC -RUN: not %run %t-OutOfMemorySingleLargeMallocTest -malloc_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC -RUN: not %run %t-OutOfMemorySingleLargeMallocTest -rss_limit_mb=1000 -malloc_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC +RUN: not %run %t-OutOfMemorySingleLargeMallocTest.exe -rss_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC +RUN: not %run %t-OutOfMemorySingleLargeMallocTest.exe -malloc_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC +RUN: not %run %t-OutOfMemorySingleLargeMallocTest.exe -rss_limit_mb=1000 -malloc_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC We used to check for "out-of-memory (malloc(53{{.*}}))", but that would fail sometimes, so now we accept any OOM message. @@ -20,4 +24,4 @@ SINGLE_LARGE_MALLOC: libFuzzer: out-of-memory SINGLE_LARGE_MALLOC: in LLVMFuzzerTestOneInput # Check that -rss_limit_mb=0 means no limit. -RUN: %run %t-AccumulateAllocationsTest -runs=1000 -rss_limit_mb=0 +RUN: %run %t-AccumulateAllocationsTest.exe -runs=1000 -rss_limit_mb=0 diff --git a/test/fuzzer/gc-sections.test b/test/fuzzer/gc-sections.test index b8abfbbdf17b..e915c4cc9eb0 100644 --- a/test/fuzzer/gc-sections.test +++ b/test/fuzzer/gc-sections.test @@ -8,8 +8,13 @@ With gc-sections. Currently, we can't remove unused code except with LLD. RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -fuse-ld=lld -ffunction-sections -Wl,-gc-sections RUN: nm %t | not grep UnusedFunctionShouldBeRemovedByLinker RUN: %run %t -runs=0 2>&1 | FileCheck %s -CHECK-NOT: ERROR: The size of coverage PC tables does not match With gc sections, with trace-pc. Unused code is removed. RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -fsanitize-coverage=0 -fsanitize-coverage=trace-pc -ffunction-sections -Wl,-gc-sections RUN: nm %t | not grep UnusedFunctionShouldBeRemovedByLinker + +RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard,pc-table -fuse-ld=lld -ffunction-sections -Wl,-gc-sections +RUN: nm %t | not grep UnusedFunctionShouldBeRemovedByLinker +RUN: %run %t -runs=0 2>&1 | FileCheck %s + +CHECK-NOT: ERROR: The size of coverage PC tables does not match diff --git a/test/fuzzer/handle-unstable.test b/test/fuzzer/handle-unstable.test deleted file mode 100644 index 798ee2dc042f..000000000000 --- a/test/fuzzer/handle-unstable.test +++ /dev/null @@ -1,42 +0,0 @@ -# Tests -handle_unstable -UNSUPPORTED: aarch64 - -RUN: %cpp_compiler %S/PrintUnstableStatsTest.cpp -o %t-HandleUnstableTest - -; Normal -RUN: %run %t-HandleUnstableTest -print_coverage=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=NORMAL -NORMAL-DAG: det0() -NORMAL-DAG: det1() -NORMAL-DAG: det2() -NORMAL-DAG: det3() -NORMAL-DAG: det4() -NORMAL-DAG: ini0() -NORMAL-DAG: ini1() -NORMAL-DAG: ini2() -NORMAL-DAG: t0() -NORMAL-DAG: t1() -NORMAL-DAG: t2() -NORMAL-DAG: t3() -NORMAL-DAG: t4() - -; MinUnstable -RUN: %run %t-HandleUnstableTest -print_coverage=1 -handle_unstable=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=MIN -MIN-NOT: ini0() -MIN-NOT: ini1() -MIN-NOT: ini2() -MIN: det0() -MIN: det1() -MIN: det2() -MIN: det3() -MIN: det4() - -; ZeroUnstable -RUN: %run %t-HandleUnstableTest -print_coverage=1 -handle_unstable=2 -runs=1 2>&1 | FileCheck %s --check-prefix=ZERO -ZERO-NOT: ini0() -ZERO-NOT: ini1() -ZERO-NOT: ini2() -ZERO: det0() -ZERO: det1() -ZERO: det2() -ZERO: det3() -ZERO: det4() diff --git a/test/fuzzer/lit.cfg b/test/fuzzer/lit.cfg index 8a44860d4a5d..608991c0764f 100644 --- a/test/fuzzer/lit.cfg +++ b/test/fuzzer/lit.cfg @@ -24,15 +24,18 @@ else: # the test runner updated. config.test_format = lit.formats.ShTest(execute_external) -# LeakSanitizer is not supported on OSX right now. -if sys.platform.startswith('darwin') or sys.platform.startswith('freebsd'): +# LeakSanitizer is not supported on OSX or Windows right now. +if (sys.platform.startswith('darwin') or + sys.platform.startswith('freebsd') or + sys.platform.startswith('netbsd') or + sys.platform.startswith('win')): lit_config.note('lsan feature unavailable') else: lit_config.note('lsan feature available') config.available_features.add('lsan') -# MemorySanitizer is not supported on OSX right now -if sys.platform.startswith('darwin'): +# MemorySanitizer is not supported on OSX or Windows right now +if sys.platform.startswith('darwin') or sys.platform.startswith('win'): lit_config.note('msan feature unavailable') assert 'msan' not in config.available_features else: @@ -67,10 +70,18 @@ def generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True, msan_enabled=False): config.runtime_library_dir) elif any(x in config.target_triple for x in ('darwin', 'freebsd')): link_cmd = '-lc++' + elif 'windows-msvc' in config.target_triple: + link_cmd = '' else: link_cmd = '-lstdc++' - std_cmd = '--driver-mode=g++ -std=c++11' if is_cpp else '' + if is_cpp and 'windows-msvc' in config.target_triple: + std_cmd = '--driver-mode=cl' + elif is_cpp: + std_cmd = '--driver-mode=g++ -std=c++11' + else: + std_cmd = '' + if msan_enabled: sanitizers = ['memory'] else: diff --git a/test/fuzzer/merge-control-file.test b/test/fuzzer/merge-control-file.test index 64b747116a9f..60b2a6a627ca 100644 --- a/test/fuzzer/merge-control-file.test +++ b/test/fuzzer/merge-control-file.test @@ -1,6 +1,8 @@ XFAIL: ios RUN: mkdir -p %t -RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t/T +# Use a ".exe" extension because it is needed on Windows to call system() +# to execute itself again. +RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t/T.exe RUN: rm -rf %t/T0 %t/T1 %t/T2 RUN: mkdir -p %t/T0 %t/T1 %t/T2 @@ -11,9 +13,9 @@ RUN: echo ..Z... > %t/T0/3 # Test what happens if the control file is junk. RUN: echo JUNK > %t/MCF -RUN: not %run %t/T -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=JUNK +RUN: not %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=JUNK RUN: echo 3 > %t/MCF; echo 0 >> %t/MCF; echo %t/T1/1 >> %t/MCF -RUN: not %run %t/T -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=JUNK +RUN: not %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=JUNK JUNK: MERGE-OUTER: non-empty control file provided: {{.*}}MCF JUNK: MERGE-OUTER: bad control file, will overwrite it @@ -22,18 +24,18 @@ JUNK: MERGE-OUTER: bad control file, will overwrite it RUN: rm -f %t/T1/*; cp %t/T0/* %t/T1 RUN: echo 3 > %t/MCF; echo 0 >> %t/MCF; echo %t/T1/1 >> %t/MCF; echo %t/T1/2 >> %t/MCF; echo %t/T1/3 >> %t/MCF -RUN: %run %t/T -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=OK_0 +RUN: %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=OK_0 OK_0: MERGE-OUTER: control file ok, 3 files total, first not processed file 0 OK_0: MERGE-OUTER: 3 new files with {{.*}} new features added RUN: rm -f %t/T1/*; cp %t/T0/* %t/T1 RUN: echo 3 > %t/MCF; echo 0 >> %t/MCF; echo %t/T1/1 >> %t/MCF; echo %t/T1/2 >> %t/MCF; echo %t/T1/3 >> %t/MCF -RUN: %run %t/T -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF -save_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=SAVE_SUMMARY +RUN: %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF -save_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=SAVE_SUMMARY SAVE_SUMMARY: MERGE-OUTER: writing coverage summary for 3 files to {{.*}}/SUMMARY RUN: rm -f %t/T1/*; cp %t/T0/* %t/T1 RUN: echo 3 > %t/MCF; echo 0 >> %t/MCF; echo %t/T1/1 >> %t/MCF; echo %t/T1/2 >> %t/MCF; echo %t/T1/3 >> %t/MCF -RUN: %run %t/T -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF -load_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=LOAD_SUMMARY +RUN: %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF -load_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=LOAD_SUMMARY LOAD_SUMMARY: MERGE-OUTER: coverage summary loaded from RUN: rm -f %t/T1/*; cp %t/T0/* %t/T1 @@ -42,7 +44,7 @@ RUN: echo STARTED 0 1 >> %t/MCF RUN: echo DONE 0 11 >> %t/MCF RUN: echo STARTED 1 2 >> %t/MCF RUN: echo DONE 1 12 >> %t/MCF -RUN: %run %t/T -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=OK_2 +RUN: %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=OK_2 OK_2: MERGE-OUTER: control file ok, 3 files total, first not processed file 2 OK_2: MERGE-OUTER: 3 new files with {{.*}} new features added @@ -54,5 +56,5 @@ RUN: echo STARTED 1 2 >> %t/MCF RUN: echo DONE 1 12 >> %t/MCF RUN: echo STARTED 2 2 >> %t/MCF RUN: echo DONE 2 13 >> %t/MCF -RUN: %run %t/T -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=OK_3 +RUN: %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=OK_3 OK_3: MERGE-OUTER: nothing to do, merge has been completed before diff --git a/test/fuzzer/merge-posix.test b/test/fuzzer/merge-posix.test index db0a48b5481e..883b7b6be97b 100644 --- a/test/fuzzer/merge-posix.test +++ b/test/fuzzer/merge-posix.test @@ -1,4 +1,5 @@ XFAIL: ios +UNSUPPORTED: windows RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest RUN: rm -rf %tmp/T1 %tmp/T2 diff --git a/test/fuzzer/merge-sigusr.test b/test/fuzzer/merge-sigusr.test index a03e5440a8b8..44448ca29e63 100644 --- a/test/fuzzer/merge-sigusr.test +++ b/test/fuzzer/merge-sigusr.test @@ -1,5 +1,7 @@ # Check that libFuzzer honors SIGUSR1/SIGUSR2 -UNSUPPORTED: darwin +# FIXME: Disabled on Windows for now because of reliance on posix only features +# (eg: export, "&", pkill). +UNSUPPORTED: darwin, windows RUN: rm -rf %t RUN: mkdir -p %t RUN: %cpp_compiler %S/SleepOneSecondTest.cpp -o %t/LFSIGUSR diff --git a/test/fuzzer/minimize_crash.test b/test/fuzzer/minimize_crash.test index de44b8747e04..dcab67bfde32 100644 --- a/test/fuzzer/minimize_crash.test +++ b/test/fuzzer/minimize_crash.test @@ -1,3 +1,4 @@ +UNSUPPORTED: windows RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest RUN: %cpp_compiler %S/SingleByteInputTest.cpp -o %t-SingleByteInputTest RUN: mkdir -p %t.dir diff --git a/test/fuzzer/minimize_two_crashes.test b/test/fuzzer/minimize_two_crashes.test index 3c528f707666..cba88eed12e4 100644 --- a/test/fuzzer/minimize_two_crashes.test +++ b/test/fuzzer/minimize_two_crashes.test @@ -1,5 +1,5 @@ -# Test that the minimizer stops when it sees a differe bug. -UNSUPPORTED: freebsd +# Test that the minimizer stops when it sees a different bug. +UNSUPPORTED: freebsd,windows # TODO: Find out why test fails on Darwin with -O2. RUN: %cpp_compiler -O0 %S/TwoDifferentBugsTest.cpp -o %t-TwoDifferentBugsTest diff --git a/test/fuzzer/null-deref-on-empty.test b/test/fuzzer/null-deref-on-empty.test index f159a79f4838..d576cc12b131 100644 --- a/test/fuzzer/null-deref-on-empty.test +++ b/test/fuzzer/null-deref-on-empty.test @@ -1,3 +1,4 @@ +UNSUPPORTED: windows RUN: %cpp_compiler %S/NullDerefOnEmptyTest.cpp -o %t-NullDerefOnEmptyTest RUN: not %run %t-NullDerefOnEmptyTest -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=NULL_DEREF_ON_EMPTY diff --git a/test/fuzzer/null-deref.test b/test/fuzzer/null-deref.test index 31eb5990da33..e9926cab48e8 100644 --- a/test/fuzzer/null-deref.test +++ b/test/fuzzer/null-deref.test @@ -1,3 +1,4 @@ +UNSUPPORTED: windows RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest RUN: not %run %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest diff --git a/test/fuzzer/only-some-bytes.test b/test/fuzzer/only-some-bytes.test index fbfef14c7850..861718384080 100644 --- a/test/fuzzer/only-some-bytes.test +++ b/test/fuzzer/only-some-bytes.test @@ -34,5 +34,5 @@ HAVE_DFT: INFO: 1/{{.*}} inputs have the Data Flow Trace # Collect DFT, then use it. RUN: rm -rf %t/C && mkdir %t/C && cp %t/IN/* %t/C RUN: rm -rf %t/C_DFT && %libfuzzer_src/scripts/collect_data_flow.py %t-DFT %t/C %t/C_DFT > /dev/null 2>&1 -RUN: not %t-Fuzz -focus_function=f0 -data_flow_trace=%t/C_DFT -seed=1 -runs=1000000 -use_value_profile=3 %t/C 2> %t/log +RUN: not %t-Fuzz -focus_function=f0 -data_flow_trace=%t/C_DFT -seed=1 -runs=1000000 -use_value_profile=1 %t/C 2> %t/log RUN: grep BINGO %t/log diff --git a/test/fuzzer/print_unstable_stats.test b/test/fuzzer/print_unstable_stats.test deleted file mode 100644 index bba99aecc838..000000000000 --- a/test/fuzzer/print_unstable_stats.test +++ /dev/null @@ -1,3 +0,0 @@ -RUN: %cpp_compiler %S/PrintUnstableStatsTest.cpp -o %t-PrintUnstableStatsTest -RUN: %run %t-PrintUnstableStatsTest -print_unstable_stats=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=LONG -LONG: stat::stability_rate: 27.59 diff --git a/test/fuzzer/read-binary.test b/test/fuzzer/read-binary.test new file mode 100644 index 000000000000..c80858e81134 --- /dev/null +++ b/test/fuzzer/read-binary.test @@ -0,0 +1,7 @@ +# Test that libFuzzer reads files properly. + +# Account for the fact that echo will add a trailing newline. +RUN: echo -e "Hello\r\nWorld\r" > %t-testcase +RUN: %cpp_compiler %S/ReadBinaryTest.cpp -o %t-fuzzer +RUN: %run %t-fuzzer %t-testcase | FileCheck %s +CHECK: BINGO! diff --git a/test/fuzzer/shrink.test b/test/fuzzer/shrink.test index 5abbcc90b8c0..78386ffaf092 100644 --- a/test/fuzzer/shrink.test +++ b/test/fuzzer/shrink.test @@ -1,6 +1,6 @@ RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest RUN: %cpp_compiler %S/ShrinkValueProfileTest.cpp -o %t-ShrinkValueProfileTest -RUN: %run %t-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=1 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK1 +RUN: %run %t-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=2000000 -shrink=1 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK1 # Limit max_len to run this negative test faster. RUN: %run %t-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=0 -reduce_inputs=0 -max_len=64 2>&1 | FileCheck %s --check-prefix=SHRINK0 RUN: %run %t-ShrinkValueProfileTest -seed=1 -exit_on_item=aea2e3923af219a8956f626558ef32f30a914ebc -runs=100000 -shrink=1 -reduce_inputs=0 -use_value_profile=1 2>&1 | FileCheck %s --check-prefix=SHRINK1_VP diff --git a/test/fuzzer/sigusr.test b/test/fuzzer/sigusr.test index 0b3ddc72832d..fa477a76eea1 100644 --- a/test/fuzzer/sigusr.test +++ b/test/fuzzer/sigusr.test @@ -1,4 +1,6 @@ -UNSUPPORTED: darwin +# FIXME: Disabled on Windows for now because of reliance on posix only features +# (eg: export, "&", pkill). +UNSUPPORTED: darwin, windows # Check that libFuzzer honors SIGUSR1/SIGUSR2 RUN: rm -rf %t RUN: mkdir -p %t diff --git a/test/fuzzer/trace-malloc-threaded.test b/test/fuzzer/trace-malloc-threaded.test index 8f972d61f5c6..f38005c1d2f6 100644 --- a/test/fuzzer/trace-malloc-threaded.test +++ b/test/fuzzer/trace-malloc-threaded.test @@ -1,6 +1,7 @@ // FIXME: This test infinite loops on darwin because it crashes // printing a stack trace repeatedly -UNSUPPORTED: darwin, aarch64 +// FIXME: Disabled on Windows because of a crash (possibly related to above). +UNSUPPORTED: darwin, aarch64, windows RUN: %cpp_compiler %S/TraceMallocThreadedTest.cpp -o \ RUN: %t-TraceMallocThreadedTest diff --git a/test/fuzzer/trace-malloc-unbalanced.test b/test/fuzzer/trace-malloc-unbalanced.test index 193df01ddeff..c7b4632140cb 100644 --- a/test/fuzzer/trace-malloc-unbalanced.test +++ b/test/fuzzer/trace-malloc-unbalanced.test @@ -6,14 +6,17 @@ UNSUPPORTED: darwin RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-TraceMallocTest +# Specify python because we can't use the shebang line on Windows. RUN: %run %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=200 2>&1 | \ -RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s +RUN: python %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s RUN: %run %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=200 2>&1 | \ -RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s --check-prefixes=CHECK,CHECK2 +RUN: python %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s --check-prefixes=CHECK,CHECK2 CHECK: MallocFreeTracer: START -CHECK: Unbalanced MALLOC[{{[0-9]+}}] [[PTR:0x[0-9a-f]+]] 4 +# Behavior of the format string "%p" is implementation defined. Account for the +# implementation on Windows and Linux. +CHECK: Unbalanced MALLOC[{{[0-9]+}}] [[PTR:(:?0x)?[0-9a-fA-F]+]] 4 CHECK2-NEXT: {{ #0 0x[0-9a-f]+ in }} CHECK2-NEXT: {{ #1 0x[0-9a-f]+ in }} CHECK2-NEXT: {{ #2 0x[0-9a-f]+ in }} diff --git a/test/fuzzer/ulimit.test b/test/fuzzer/ulimit.test index 076866c50940..7cf4c0a68866 100644 --- a/test/fuzzer/ulimit.test +++ b/test/fuzzer/ulimit.test @@ -1,3 +1,5 @@ +# FIXME: Disabled on Windows for now because Windows has no ulimit command. +UNSUPPORTED: windows RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest RUN: ulimit -s 1000 RUN: not %run %t-SimpleTest diff --git a/test/fuzzer/value-profile-cmp.test b/test/fuzzer/value-profile-cmp.test index b927422d10ff..8f6ffe99cd65 100644 --- a/test/fuzzer/value-profile-cmp.test +++ b/test/fuzzer/value-profile-cmp.test @@ -1,3 +1,5 @@ +# FIXME: Disabled on Windows because of hangs. +UNSUPPORTED: windows, ios CHECK: BINGO RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest RUN: not %run %t-SimpleCmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s diff --git a/test/fuzzer/value-profile-cmp2.test b/test/fuzzer/value-profile-cmp2.test index 4bf119fcb3df..5935ed6d1325 100644 --- a/test/fuzzer/value-profile-cmp2.test +++ b/test/fuzzer/value-profile-cmp2.test @@ -1,3 +1,4 @@ +UNSUPPORTED: ios CHECK: BINGO RUN: %cpp_compiler -fno-sanitize=address %S/SimpleHashTest.cpp -o %t-SimpleHashTest RUN: not %run %t-SimpleHashTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 -max_len=64 2>&1 | FileCheck %s diff --git a/test/fuzzer/value-profile-cmp3.test b/test/fuzzer/value-profile-cmp3.test index 58ba18b9001e..fe715925f801 100644 --- a/test/fuzzer/value-profile-cmp3.test +++ b/test/fuzzer/value-profile-cmp3.test @@ -1,3 +1,4 @@ +UNSUPPORTED: ios CHECK: BINGO RUN: %cpp_compiler %S/AbsNegAndConstantTest.cpp -o %t-AbsNegAndConstantTest RUN: not %run %t-AbsNegAndConstantTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s diff --git a/test/fuzzer/value-profile-cmp4.test b/test/fuzzer/value-profile-cmp4.test index 05bc3f435912..e5ac29f81c43 100644 --- a/test/fuzzer/value-profile-cmp4.test +++ b/test/fuzzer/value-profile-cmp4.test @@ -1,3 +1,5 @@ +# FIXME: Disabled on Windows because of hangs. +UNSUPPORTED: windows CHECK: BINGO RUN: %cpp_compiler %S/AbsNegAndConstant64Test.cpp -o %t-AbsNegAndConstant64Test RUN: not %run %t-AbsNegAndConstant64Test -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s diff --git a/test/fuzzer/value-profile-div.test b/test/fuzzer/value-profile-div.test index 59cc7c2f9552..38f211241b0f 100644 --- a/test/fuzzer/value-profile-div.test +++ b/test/fuzzer/value-profile-div.test @@ -1,4 +1,4 @@ -XFAIL: ios +UNSUPPORTED: ios UNSUPPORTED: aarch64 CHECK: AddressSanitizer: {{FPE|int-divide-by-zero}} RUN: %cpp_compiler %S/DivTest.cpp -fsanitize-coverage=trace-div -o %t-DivTest diff --git a/test/fuzzer/value-profile-load.test b/test/fuzzer/value-profile-load.test index 607b81cd527f..b6baf13200d4 100644 --- a/test/fuzzer/value-profile-load.test +++ b/test/fuzzer/value-profile-load.test @@ -1,3 +1,5 @@ +# FIXME: Disabled on Windows because of hangs. +UNSUPPORTED: windows CHECK: AddressSanitizer: global-buffer-overflow RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-gep -o %t-LoadTest RUN: not %run %t-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s diff --git a/test/fuzzer/value-profile-mem.test b/test/fuzzer/value-profile-mem.test index 57c844e92261..7d68b8811cf0 100644 --- a/test/fuzzer/value-profile-mem.test +++ b/test/fuzzer/value-profile-mem.test @@ -1,3 +1,4 @@ +UNSUPPORTED: ios UNSUPPORTED: freebsd CHECK: BINGO RUN: %cpp_compiler %S/SingleMemcmpTest.cpp -o %t-SingleMemcmpTest diff --git a/test/fuzzer/value-profile-set.test b/test/fuzzer/value-profile-set.test index e55f1e4a853a..7515e3651f01 100644 --- a/test/fuzzer/value-profile-set.test +++ b/test/fuzzer/value-profile-set.test @@ -1,3 +1,4 @@ +UNSUPPORTED: ios CHECK: BINGO RUN: %cpp_compiler %S/FourIndependentBranchesTest.cpp -o %t-FourIndependentBranchesTest RUN: not %run %t-FourIndependentBranchesTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s diff --git a/test/fuzzer/value-profile-strcmp.test b/test/fuzzer/value-profile-strcmp.test index 647121f22820..9b7a244d73c2 100644 --- a/test/fuzzer/value-profile-strcmp.test +++ b/test/fuzzer/value-profile-strcmp.test @@ -1,3 +1,4 @@ +UNSUPPORTED: ios UNSUPPORTED: freebsd CHECK: BINGO RUN: %cpp_compiler %S/SingleStrcmpTest.cpp -o %t-SingleStrcmpTest diff --git a/test/fuzzer/value-profile-strncmp.test b/test/fuzzer/value-profile-strncmp.test index b60b97f86f3e..98488df0a552 100644 --- a/test/fuzzer/value-profile-strncmp.test +++ b/test/fuzzer/value-profile-strncmp.test @@ -1,4 +1,4 @@ -UNSUPPORTED: freebsd +UNSUPPORTED: freebsd, aarch64 CHECK: BINGO RUN: %cpp_compiler %S/SingleStrncmpTest.cpp -o %t-SingleStrncmpTest RUN: not %run %t-SingleStrncmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s diff --git a/test/fuzzer/value-profile-switch.test b/test/fuzzer/value-profile-switch.test index cc3d4944c0bf..a71682d79404 100644 --- a/test/fuzzer/value-profile-switch.test +++ b/test/fuzzer/value-profile-switch.test @@ -1,4 +1,4 @@ -XFAIL: ios +UNSUPPORTED: ios CHECK: BINGO RUN: %cpp_compiler %S/SwitchTest.cpp -o %t-SwitchTest RUN: %cpp_compiler %S/Switch2Test.cpp -o %t-Switch2Test diff --git a/test/fuzzer/windows-opt-ref.test b/test/fuzzer/windows-opt-ref.test new file mode 100644 index 000000000000..1f3386d13478 --- /dev/null +++ b/test/fuzzer/windows-opt-ref.test @@ -0,0 +1,9 @@ +REQUIRES: windows +// Verify that the linker eliminating unreferenced functions (/OPT:REF) does not +// strip sancov module constructor. +RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest /link /OPT:REF + +RUN: not %run %t-SimpleCmpTest -seed=1 -runs=100000000 2>&1 | FileCheck %s + +CHECK-NOT: ERROR: no interesting inputs were found. Is the code instrumented for coverage? Exiting. +CHECK: BINGO |