Merge pull request #477 from AFLplusplus/dev

Push to stable

4 files changed, 318 insertions, 4 deletions

diff --git a/test/test-cmplog.c b/test/test-cmplog.c
new file mode 100644
index 00000000..b077e3ab
--- /dev/null
+++ b/test/test-cmplog.c
@@ -0,0 +1,23 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+int main(int argc, char *argv[]) {
+
+  char    buf[1024];
+  ssize_t i;
+  if ((i = read(0, buf, sizeof(buf) - 1)) < 24) return 0;
+  buf[i] = 0;
+  if (buf[0] != 'A') return 0;
+  if (buf[1] != 'B') return 0;
+  if (buf[2] != 'C') return 0;
+  if (buf[3] != 'D') return 0;
+  if (memcmp(buf + 4, "1234", 4) || memcmp(buf + 8, "EFGH", 4)) return 0;
+  if (strncmp(buf + 12, "IJKL", 4) == 0 && strcmp(buf + 16, "DEADBEEF") == 0)
+    abort();
+  return 0;
+
+}
+
diff --git a/test/test-floatingpoint.c b/test/test-floatingpoint.c
new file mode 100644
index 00000000..febfae05
--- /dev/null
+++ b/test/test-floatingpoint.c
@@ -0,0 +1,33 @@
+#include <stdlib.h>
+#include <unistd.h>
+#include <limits.h>
+#include <stdint.h>
+
+__AFL_FUZZ_INIT();
+
+int main(void) {
+
+  ssize_t bytes_read;
+
+  __AFL_INIT();
+  float *magic = (float *)__AFL_FUZZ_TESTCASE_BUF;
+
+  while (__AFL_LOOP(INT_MAX)) {
+
+    int len = __AFL_FUZZ_TESTCASE_LEN;
+    if (len < sizeof(float)) return 1;
+
+    /* 15 + 1/2                      = 15.5  */
+    /* 15 + 1/2 + 1/8                = 15.625  */
+    /* 15 + 1/2 + 1/8 + 1/32         = 15.65625  */
+    /* 15 + 1/2 + 1/8 + 1/32 + 1/128 = 15.6640625  */
+    if ((*magic >= 15.0 + 0.5 + 0.125 + 0.03125) &&
+        (*magic <= 15.0 + 0.5 + 0.125 + 0.03125 + 0.0078125))
+      abort();
+
+  }
+
+  return 0;
+
+}
+
diff --git a/test/test-fp_cases.c b/test/test-fp_cases.c
new file mode 100644
index 00000000..b0f792bc
--- /dev/null
+++ b/test/test-fp_cases.c
@@ -0,0 +1,213 @@
+/* test cases for floating point comparison transformations
+ * compile with -DFLOAT_TYPE=float
+ *          or  -DFLOAT_TYPE=double
+ *          or  -DFLOAT_TYPE="long double"
+ */
+
+#include <assert.h>
+
+int main() {
+
+  volatile FLOAT_TYPE a, b;
+  /* different values */
+  a = -2.1;
+  b = -2;                             /* signs equal, exp equal, mantissa > */
+  assert((a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert(!(a >= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = 1.8;
+  b = 2.1;                           /* signs equal, exp differ, mantissa > */
+  assert((a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert(!(a >= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = 2;
+  b = 2.1;                            /* signs equal, exp equal, mantissa < */
+  assert((a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert(!(a >= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = -2;
+  b = -1.8;                          /* signs equal, exp differ, mantissa < */
+  assert((a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert(!(a >= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = -1;
+  b = 1;                         /* signs differ, exp equal, mantissa equal */
+  assert((a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert(!(a >= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = -1;
+  b = 0;                        /* signs differ, exp differ, mantissa equal */
+  assert((a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert(!(a >= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = -2;
+  b = 2.8;                           /* signs differ, exp equal, mantissa < */
+  assert((a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert(!(a >= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = -2;
+  b = 1.8;                          /* signs differ, exp differ, mantissa < */
+  assert((a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert(!(a >= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = -2;
+  b = -2.1;                           /* signs equal, exp equal, mantissa > */
+  assert((a > b));
+  assert((a >= b));
+  assert(!(a < b));
+  assert(!(a <= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = 2.1;
+  b = 1.8;                           /* signs equal, exp differ, mantissa > */
+  assert((a > b));
+  assert((a >= b));
+  assert(!(a < b));
+  assert(!(a <= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = 2.1;
+  b = 2;                              /* signs equal, exp equal, mantissa < */
+  assert((a > b));
+  assert((a >= b));
+  assert(!(a < b));
+  assert(!(a <= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = -1.8;
+  b = -2;                            /* signs equal, exp differ, mantissa < */
+  assert((a > b));
+  assert((a >= b));
+  assert(!(a < b));
+  assert(!(a <= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = 1;
+  b = -1;                        /* signs differ, exp equal, mantissa equal */
+  assert((a > b));
+  assert((a >= b));
+  assert(!(a < b));
+  assert(!(a <= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = 0;
+  b = -1;                       /* signs differ, exp differ, mantissa equal */
+  assert((a > b));
+  assert((a >= b));
+  assert(!(a < b));
+  assert(!(a <= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = 2.8;
+  b = -2;                            /* signs differ, exp equal, mantissa < */
+  assert((a > b));
+  assert((a >= b));
+  assert(!(a < b));
+  assert(!(a <= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  a = 1.8;
+  b = -2;                           /* signs differ, exp differ, mantissa < */
+  assert((a > b));
+  assert((a >= b));
+  assert(!(a < b));
+  assert(!(a <= b));
+  assert((a != b));
+  assert(!(a == b));
+
+  /* equal values */
+  a = 0;
+  b = 0;
+  assert(!(a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert((a >= b));
+  assert(!(a != b));
+  assert((a == b));
+
+  a = -0;
+  b = 0;
+  assert(!(a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert((a >= b));
+  assert(!(a != b));
+  assert((a == b));
+
+  a = 1;
+  b = 1;
+  assert(!(a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert((a >= b));
+  assert(!(a != b));
+  assert((a == b));
+
+  a = 0.5;
+  b = 0.5;
+  assert(!(a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert((a >= b));
+  assert(!(a != b));
+  assert((a == b));
+
+  a = -1;
+  b = -1;
+  assert(!(a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert((a >= b));
+  assert(!(a != b));
+  assert((a == b));
+
+  a = -0.5;
+  b = -0.5;
+  assert(!(a < b));
+  assert((a <= b));
+  assert(!(a > b));
+  assert((a >= b));
+  assert(!(a != b));
+  assert((a == b));
+
+}
+
diff --git a/test/test.sh b/test/test.sh
index 90920215..46843d4a 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -7,6 +7,10 @@ test -z "" 2>/dev/null || { echo Error: test command not found ; exit 1 ; }
 GREP=`type grep > /dev/null 2>&1 && echo OK`
 test "$GREP" = OK || { echo Error: grep command not found ; exit 1 ; }
 echo foobar | grep -qE 'asd|oob' 2>/dev/null || { echo Error: grep command does not support -q and/or -E option ; exit 1 ; }
+test -e ./test.sh || cd $(dirname $0) || exit 1
+test -e ./test.sh || { echo Error: you must be in the test/ directory ; exit 1 ; }
+export AFL_PATH=`pwd`/..
+
 echo 1 > test.1
 echo 1 > test.2
 OK=OK
@@ -202,7 +206,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc
     rm -f in2/in*
     export AFL_QUIET=1
     if command -v bash >/dev/null ; then {
-      AFL_PATH=`pwd`/.. ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null
+      ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null
       CNT=`ls in2/* 2>/dev/null | wc -l`
       case "$CNT" in
         *2) $ECHO "$GREEN[+] afl-cmin.bash correctly minimized the number of testcases" ;;
@@ -326,7 +330,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && {
       rm -f in2/in*
       export AFL_QUIET=1
       if type bash >/dev/null ; then {
-        AFL_PATH=`pwd`/.. ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null
+        ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null
         CNT=`ls in2/* 2>/dev/null | wc -l`
         case "$CNT" in
           *2) $ECHO "$GREEN[+] afl-cmin.bash correctly minimized the number of testcases" ;;
@@ -372,8 +376,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && {
     $ECHO "$YELLOW[-] llvm_mode InsTrim not compiled, cannot test"
     INCOMPLETE=1
   }
-  AFL_LLVM_INSTRUMENT=AFL
-  AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_SWITCHES=1 AFL_LLVM_LAF_TRANSFORM_COMPARES=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -o test-compcov.compcov test-compcov.c > test.out 2>&1
+  AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_SWITCHES=1 AFL_LLVM_LAF_TRANSFORM_COMPARES=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -o test-compcov.compcov test-compcov.c > test.out 2>&1
   test -e test-compcov.compcov && test_compcov_binary_functionality ./test-compcov.compcov && {
     grep --binary-files=text -Eq " [ 123][0-9][0-9] location| [3-9][0-9] location" test.out && {
       $ECHO "$GREEN[+] llvm_mode laf-intel/compcov feature works correctly"
@@ -386,6 +389,26 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && {
     CODE=1
   }
   rm -f test-compcov.compcov test.out
+  AFL_LLVM_INSTRUMENT=AFL AFL_LLVM_LAF_SPLIT_FLOATS=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c >errors 2>&1
+  test -e test-floatingpoint && {
+    mkdir -p in
+    echo ZZZZ > in/in
+    $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 30 seconds"
+    {
+      AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -s 1 -V30 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1
+    } >>errors 2>&1
+    test -n "$( ls out/crashes/id:* 2>/dev/null )" && {
+      $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly"
+    } || {
+      cat errors
+      $ECHO "$RED[!] llvm_mode laf-intel floatingpoint splitting feature failed"
+      CODE=1
+    }
+  } || {
+    $ECHO "$RED[!] llvm_mode laf-intel floatingpoint splitting feature compilation failed"
+    CODE=1
+  }
+  rm -f test-floatingpoint test.out in/in
   echo foobar.c > instrumentlist.txt
   AFL_DEBUG=1 AFL_LLVM_INSTRUMENT_FILE=instrumentlist.txt ../afl-clang-fast -o test-compcov test-compcov.c > test.out 2>&1
   test -e test-compcov && test_compcov_binary_functionality ./test-compcov && {
@@ -400,6 +423,28 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && {
     CODE=1
   }
   rm -f test-compcov test.out instrumentlist.txt
+  AFL_LLVM_CMPLOG=1 ../afl-clang-fast -o test-cmplog test-cmplog.c > /dev/null 2>&1
+  test -e test-cmplog && {
+    $ECHO "$GREY[*] running afl-fuzz for llvm_mode cmplog, this will take approx 10 seconds"
+    {
+      mkdir -p in
+      echo 0000000000000000000000000 > in/in
+      ../afl-fuzz -m none -V10 -i in -o out -c./test-cmplog -- ./test-cmplog >>errors 2>&1
+    } >>errors 2>&1
+    test -n "$( ls out/crashes/id:000000* 2>/dev/null )" && {
+      $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode cmplog"
+    } || {
+      echo CUT------------------------------------------------------------------CUT
+      cat errors
+      echo CUT------------------------------------------------------------------CUT
+      $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode cmplog"
+      CODE=1
+    }
+  } || {
+    $ECHO "$YELLOW[-] we cannot test llvm_mode cmplog because it is not present"
+    INCOMPLETE=1
+  }
+  rm -rf errors test-cmplog in
   ../afl-clang-fast -o test-persistent ../examples/persistent_demo/persistent_demo.c > /dev/null 2>&1
   test -e test-persistent && {
     echo foo | ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -q -r ./test-persistent && {