Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / f11bc761d80a3586e155825ce4ee98e3ba553394 / . / llvm / lib / Fuzzer / test / FuzzerUnittest.cpp
blob: a06e0ac48318af7a2af984d26740d4746a90b25e [file] [log] [blame]
Kostya Serebryany71672552015-01-30 23:26:57 +0000[diff] [blame]1#include "FuzzerInternal.h"
2#include "gtest/gtest.h"
3#include <set>
4
Kostya Serebryany8ce74242015-08-01 01:42:51 +0000[diff] [blame]5using namespace fuzzer;
6
Kostya Serebryany566bc5a2015-05-06 22:19:00 +0000[diff] [blame]7// For now, have LLVMFuzzerTestOneInput just to make it link.
8// Later we may want to make unittests that actually call LLVMFuzzerTestOneInput.
9extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
Kostya Serebryany71672552015-01-30 23:26:57 +0000[diff] [blame]10 abort();
11}
12
13TEST(Fuzzer, CrossOver) {
Kostya Serebryany404c69f2015-07-24 01:06:40 +0000[diff] [blame]14 FuzzerRandomLibc Rand(0);
Kostya Serebryany71672552015-01-30 23:26:57 +0000[diff] [blame]15 Unit A({0, 1, 2}), B({5, 6, 7});
16 Unit C;
17 Unit Expected[] = {
18 { 0 },
19 { 0, 1 },
20 { 0, 5 },
21 { 0, 1, 2 },
22 { 0, 1, 5 },
23 { 0, 5, 1 },
24 { 0, 5, 6 },
25 { 0, 1, 2, 5 },
26 { 0, 1, 5, 2 },
27 { 0, 1, 5, 6 },
28 { 0, 5, 1, 2 },
29 { 0, 5, 1, 6 },
30 { 0, 5, 6, 1 },
31 { 0, 5, 6, 7 },
32 { 0, 1, 2, 5, 6 },
33 { 0, 1, 5, 2, 6 },
34 { 0, 1, 5, 6, 2 },
35 { 0, 1, 5, 6, 7 },
36 { 0, 5, 1, 2, 6 },
37 { 0, 5, 1, 6, 2 },
38 { 0, 5, 1, 6, 7 },
39 { 0, 5, 6, 1, 2 },
40 { 0, 5, 6, 1, 7 },
41 { 0, 5, 6, 7, 1 },
42 { 0, 1, 2, 5, 6, 7 },
43 { 0, 1, 5, 2, 6, 7 },
44 { 0, 1, 5, 6, 2, 7 },
45 { 0, 1, 5, 6, 7, 2 },
46 { 0, 5, 1, 2, 6, 7 },
47 { 0, 5, 1, 6, 2, 7 },
48 { 0, 5, 1, 6, 7, 2 },
49 { 0, 5, 6, 1, 2, 7 },
50 { 0, 5, 6, 1, 7, 2 },
51 { 0, 5, 6, 7, 1, 2 }
52 };
53 for (size_t Len = 1; Len < 8; Len++) {
54 std::set<Unit> FoundUnits, ExpectedUnitsWitThisLength;
55 for (int Iter = 0; Iter < 3000; Iter++) {
Kostya Serebryanyf3424592015-05-22 22:35:31 +0000[diff] [blame]56 C.resize(Len);
57 size_t NewSize = CrossOver(A.data(), A.size(), B.data(), B.size(),
Kostya Serebryany404c69f2015-07-24 01:06:40 +0000[diff] [blame]58 C.data(), C.size(), Rand);
Kostya Serebryanyf3424592015-05-22 22:35:31 +0000[diff] [blame]59 C.resize(NewSize);
Kostya Serebryany71672552015-01-30 23:26:57 +0000[diff] [blame]60 FoundUnits.insert(C);
61 }
62 for (const Unit &U : Expected)
63 if (U.size() <= Len)
64 ExpectedUnitsWitThisLength.insert(U);
65 EXPECT_EQ(ExpectedUnitsWitThisLength, FoundUnits);
66 }
67}
Kostya Serebryany96eab652015-05-14 22:41:49 +0000[diff] [blame]68
69TEST(Fuzzer, Hash) {
70 uint8_t A[] = {'a', 'b', 'c'};
71 fuzzer::Unit U(A, A + sizeof(A));
72 EXPECT_EQ("a9993e364706816aba3e25717850c26c9cd0d89d", fuzzer::Hash(U));
73 U.push_back('d');
74 EXPECT_EQ("81fe8bfe87576c3ecb22426f8e57847382917acf", fuzzer::Hash(U));
75}
Kostya Serebryany8ce74242015-08-01 01:42:51 +0000[diff] [blame]76
77typedef size_t (*Mutator)(uint8_t *Data, size_t Size, size_t MaxSize,
78 FuzzerRandomBase &Rand);
79
80void TestEraseByte(Mutator M, int NumIter) {
81 uint8_t REM0[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
82 uint8_t REM1[8] = {0x00, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
83 uint8_t REM2[8] = {0x00, 0x11, 0x33, 0x44, 0x55, 0x66, 0x77};
84 uint8_t REM3[8] = {0x00, 0x11, 0x22, 0x44, 0x55, 0x66, 0x77};
85 uint8_t REM4[8] = {0x00, 0x11, 0x22, 0x33, 0x55, 0x66, 0x77};
86 uint8_t REM5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x66, 0x77};
87 uint8_t REM6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x77};
88 uint8_t REM7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
89 FuzzerRandomLibc Rand(0);
90 int FoundMask = 0;
91 for (int i = 0; i < NumIter; i++) {
92 uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
Kostya Serebryany86a5fba2015-08-01 02:23:06 +0000[diff] [blame]93 size_t NewSize = M(T, sizeof(T), sizeof(T), Rand);
94 if (NewSize == 7 && !memcmp(REM0, T, 7)) FoundMask |= 1 << 0;
95 if (NewSize == 7 && !memcmp(REM1, T, 7)) FoundMask |= 1 << 1;
96 if (NewSize == 7 && !memcmp(REM2, T, 7)) FoundMask |= 1 << 2;
97 if (NewSize == 7 && !memcmp(REM3, T, 7)) FoundMask |= 1 << 3;
98 if (NewSize == 7 && !memcmp(REM4, T, 7)) FoundMask |= 1 << 4;
99 if (NewSize == 7 && !memcmp(REM5, T, 7)) FoundMask |= 1 << 5;
100 if (NewSize == 7 && !memcmp(REM6, T, 7)) FoundMask |= 1 << 6;
101 if (NewSize == 7 && !memcmp(REM7, T, 7)) FoundMask |= 1 << 7;
Kostya Serebryany8ce74242015-08-01 01:42:51 +0000[diff] [blame]102 }
103 EXPECT_EQ(FoundMask, 255);
104}
105
Kostya Serebryany86a5fba2015-08-01 02:23:06 +0000[diff] [blame]106TEST(FuzzerMutate, EraseByte1) { TestEraseByte(Mutate_EraseByte, 100); }
107TEST(FuzzerMutate, EraseByte2) { TestEraseByte(Mutate, 1000); }
108
109void TestInsertByte(Mutator M, int NumIter) {
110 FuzzerRandomLibc Rand(0);
111 int FoundMask = 0;
112 uint8_t INS0[8] = {0xF1, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
113 uint8_t INS1[8] = {0x00, 0xF2, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
114 uint8_t INS2[8] = {0x00, 0x11, 0xF3, 0x22, 0x33, 0x44, 0x55, 0x66};
115 uint8_t INS3[8] = {0x00, 0x11, 0x22, 0xF4, 0x33, 0x44, 0x55, 0x66};
116 uint8_t INS4[8] = {0x00, 0x11, 0x22, 0x33, 0xF5, 0x44, 0x55, 0x66};
117 uint8_t INS5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0xF6, 0x55, 0x66};
118 uint8_t INS6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0xF7, 0x66};
119 uint8_t INS7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF8};
120 for (int i = 0; i < NumIter; i++) {
121 uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
122 size_t NewSize = M(T, 7, 8, Rand);
123 if (NewSize == 8 && !memcmp(INS0, T, 8)) FoundMask |= 1 << 0;
124 if (NewSize == 8 && !memcmp(INS1, T, 8)) FoundMask |= 1 << 1;
125 if (NewSize == 8 && !memcmp(INS2, T, 8)) FoundMask |= 1 << 2;
126 if (NewSize == 8 && !memcmp(INS3, T, 8)) FoundMask |= 1 << 3;
127 if (NewSize == 8 && !memcmp(INS4, T, 8)) FoundMask |= 1 << 4;
128 if (NewSize == 8 && !memcmp(INS5, T, 8)) FoundMask |= 1 << 5;
129 if (NewSize == 8 && !memcmp(INS6, T, 8)) FoundMask |= 1 << 6;
130 if (NewSize == 8 && !memcmp(INS7, T, 8)) FoundMask |= 1 << 7;
131 }
132 EXPECT_EQ(FoundMask, 255);
133}
134
135TEST(FuzzerMutate, InsertByte1) { TestInsertByte(Mutate_InsertByte, 1 << 15); }
136TEST(FuzzerMutate, InsertByte2) { TestInsertByte(Mutate, 1 << 17); }
137
138void TestChangeByte(Mutator M, int NumIter) {
139 FuzzerRandomLibc Rand(0);
140 int FoundMask = 0;
141 uint8_t CH0[8] = {0xF0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
142 uint8_t CH1[8] = {0x00, 0xF1, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
143 uint8_t CH2[8] = {0x00, 0x11, 0xF2, 0x33, 0x44, 0x55, 0x66, 0x77};
144 uint8_t CH3[8] = {0x00, 0x11, 0x22, 0xF3, 0x44, 0x55, 0x66, 0x77};
145 uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0xF4, 0x55, 0x66, 0x77};
146 uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0xF5, 0x66, 0x77};
147 uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0xF5, 0x77};
148 uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF7};
149 for (int i = 0; i < NumIter; i++) {
150 uint8_t T[9] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
151 size_t NewSize = M(T, 8, 9, Rand);
152 if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0;
153 if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1;
154 if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2;
155 if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3;
156 if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4;
157 if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5;
158 if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6;
159 if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7;
160 }
161 EXPECT_EQ(FoundMask, 255);
162}
163
164TEST(FuzzerMutate, ChangeByte1) { TestChangeByte(Mutate_ChangeByte, 1 << 15); }
165TEST(FuzzerMutate, ChangeByte2) { TestChangeByte(Mutate, 1 << 17); }
166
167void TestChangeBit(Mutator M, int NumIter) {
168 FuzzerRandomLibc Rand(0);
169 int FoundMask = 0;
170 uint8_t CH0[8] = {0x01, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
171 uint8_t CH1[8] = {0x00, 0x13, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
172 uint8_t CH2[8] = {0x00, 0x11, 0x02, 0x33, 0x44, 0x55, 0x66, 0x77};
173 uint8_t CH3[8] = {0x00, 0x11, 0x22, 0x37, 0x44, 0x55, 0x66, 0x77};
174 uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0x54, 0x55, 0x66, 0x77};
175 uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x54, 0x66, 0x77};
176 uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x76, 0x77};
177 uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF7};
178 for (int i = 0; i < NumIter; i++) {
179 uint8_t T[9] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
180 size_t NewSize = M(T, 8, 9, Rand);
181 if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0;
182 if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1;
183 if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2;
184 if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3;
185 if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4;
186 if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5;
187 if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6;
188 if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7;
189 }
190 EXPECT_EQ(FoundMask, 255);
191}
192
193TEST(FuzzerMutate, ChangeBit1) { TestChangeBit(Mutate_ChangeBit, 1 << 16); }
194TEST(FuzzerMutate, ChangeBit2) { TestChangeBit(Mutate, 1 << 18); }
Kostya Serebryanybf29ff22015-08-06 01:29:13 +0000[diff] [blame]195
196void TestShuffleBytes(Mutator M, int NumIter) {
197 FuzzerRandomLibc Rand(0);
198 int FoundMask = 0;
199 uint8_t CH0[7] = {0x00, 0x22, 0x11, 0x33, 0x44, 0x55, 0x66};
200 uint8_t CH1[7] = {0x11, 0x00, 0x33, 0x22, 0x44, 0x55, 0x66};
201 uint8_t CH2[7] = {0x00, 0x33, 0x11, 0x22, 0x44, 0x55, 0x66};
202 uint8_t CH3[7] = {0x00, 0x11, 0x22, 0x44, 0x55, 0x66, 0x33};
203 uint8_t CH4[7] = {0x00, 0x11, 0x22, 0x33, 0x55, 0x44, 0x66};
204 for (int i = 0; i < NumIter; i++) {
205 uint8_t T[7] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
206 size_t NewSize = M(T, 7, 7, Rand);
207 if (NewSize == 7 && !memcmp(CH0, T, 7)) FoundMask |= 1 << 0;
208 if (NewSize == 7 && !memcmp(CH1, T, 7)) FoundMask |= 1 << 1;
209 if (NewSize == 7 && !memcmp(CH2, T, 7)) FoundMask |= 1 << 2;
210 if (NewSize == 7 && !memcmp(CH3, T, 7)) FoundMask |= 1 << 3;
211 if (NewSize == 7 && !memcmp(CH4, T, 7)) FoundMask |= 1 << 4;
212 }
213 EXPECT_EQ(FoundMask, 31);
214}
215
216TEST(FuzzerMutate, ShuffleBytes1) { TestShuffleBytes(Mutate_ShuffleBytes, 1 << 15); }
217TEST(FuzzerMutate, ShuffleBytes2) { TestShuffleBytes(Mutate, 1 << 16); }
Kostya Serebryany9838b2b2015-09-03 20:23:46 +0000[diff] [blame]218
219TEST(FuzzerDictionary, ParseOneDictionaryEntry) {
220 Unit U;
221 EXPECT_FALSE(ParseOneDictionaryEntry("", &U));
222 EXPECT_FALSE(ParseOneDictionaryEntry(" ", &U));
223 EXPECT_FALSE(ParseOneDictionaryEntry("\t ", &U));
224 EXPECT_FALSE(ParseOneDictionaryEntry(" \" ", &U));
225 EXPECT_FALSE(ParseOneDictionaryEntry(" zz\" ", &U));
226 EXPECT_FALSE(ParseOneDictionaryEntry(" \"zz ", &U));
227 EXPECT_FALSE(ParseOneDictionaryEntry(" \"\" ", &U));
228 EXPECT_TRUE(ParseOneDictionaryEntry("\"a\"", &U));
229 EXPECT_EQ(U, Unit({'a'}));
230 EXPECT_TRUE(ParseOneDictionaryEntry("\"abc\"", &U));
231 EXPECT_EQ(U, Unit({'a', 'b', 'c'}));
232 EXPECT_TRUE(ParseOneDictionaryEntry("abc=\"abc\"", &U));
233 EXPECT_EQ(U, Unit({'a', 'b', 'c'}));
234 EXPECT_FALSE(ParseOneDictionaryEntry("\"\\\"", &U));
235 EXPECT_TRUE(ParseOneDictionaryEntry("\"\\\\\"", &U));
236 EXPECT_EQ(U, Unit({'\\'}));
237 EXPECT_TRUE(ParseOneDictionaryEntry("\"\\xAB\"", &U));
238 EXPECT_EQ(U, Unit({0xAB}));
239 EXPECT_TRUE(ParseOneDictionaryEntry("\"\\xABz\\xDE\"", &U));
240 EXPECT_EQ(U, Unit({0xAB, 'z', 0xDE}));
241 EXPECT_TRUE(ParseOneDictionaryEntry("\"#\"", &U));
242 EXPECT_EQ(U, Unit({'#'}));
243 EXPECT_TRUE(ParseOneDictionaryEntry("\"\\\"\"", &U));
244 EXPECT_EQ(U, Unit({'"'}));
245}
246
247TEST(FuzzerDictionary, ParseDictionaryFile) {
248 std::vector<Unit> Units;
249 EXPECT_FALSE(ParseDictionaryFile("zzz\n", &Units));
250 EXPECT_FALSE(ParseDictionaryFile("", &Units));
251 EXPECT_TRUE(ParseDictionaryFile("\n", &Units));
252 EXPECT_EQ(Units.size(), 0U);
253 EXPECT_TRUE(ParseDictionaryFile("#zzzz a b c d\n", &Units));
254 EXPECT_EQ(Units.size(), 0U);
255 EXPECT_TRUE(ParseDictionaryFile(" #zzzz\n", &Units));
256 EXPECT_EQ(Units.size(), 0U);
257 EXPECT_TRUE(ParseDictionaryFile(" #zzzz\n", &Units));
258 EXPECT_EQ(Units.size(), 0U);
259 EXPECT_TRUE(ParseDictionaryFile(" #zzzz\naaa=\"aa\"", &Units));
260 EXPECT_EQ(Units, std::vector<Unit>({Unit({'a', 'a'})}));
261 EXPECT_TRUE(
262 ParseDictionaryFile(" #zzzz\naaa=\"aa\"\n\nabc=\"abc\"", &Units));
263 EXPECT_EQ(Units,
264 std::vector<Unit>({Unit({'a', 'a'}), Unit({'a', 'b', 'c'})}));
265}