diff options
Diffstat (limited to 'tests/fuzz')
| -rw-r--r-- | tests/fuzz/1.c | 117 | ||||
| -rw-r--r-- | tests/fuzz/1.c.txt | 1 | ||||
| -rwxr-xr-x | tests/fuzz/creduce_tester.py | 53 | ||||
| -rw-r--r-- | tests/fuzz/csmith.h | 130 | ||||
| -rwxr-xr-x | tests/fuzz/csmith_driver.py | 100 | ||||
| -rw-r--r-- | tests/fuzz/platform_generic.h | 132 | ||||
| -rw-r--r-- | tests/fuzz/random_inc.h | 129 | ||||
| -rw-r--r-- | tests/fuzz/safe_math.h | 947 |
8 files changed, 1609 insertions, 0 deletions
diff --git a/tests/fuzz/1.c b/tests/fuzz/1.c new file mode 100644 index 00000000..2017fb76 --- /dev/null +++ b/tests/fuzz/1.c @@ -0,0 +1,117 @@ +/* + * This is a RANDOMLY GENERATED PROGRAM. + * + * Generator: csmith 2.2.0 + * Git version: a8697aa + * Options: --no-volatiles --no-math64 --max-block-depth 2 --max-block-size 2 --max-expr-complexity 2 --max-funcs 2 + * Seed: 1880513882 + */ + +#include "csmith.h" + + +static long __undefined; + +/* --- Struct/Union Declarations --- */ +union U0 { + int32_t f0; + int8_t f1; + const int8_t f2; +}; + +/* --- GLOBAL VARIABLES --- */ +static uint32_t g_4 = 9UL; +static int32_t g_6 = 0xB9DD952EL; +static const int32_t *g_5 = &g_6; +static union U0 g_7[3][9][6] = {{{{-8L},{5L},{0x901516EAL},{7L},{7L},{0x901516EAL}},{{0x520EA0C8L},{0x520EA0C8L},{0x0920A6FFL},{0x0021FBB9L},{0x888C5540L},{-8L}},{{0xDC87A9B6L},{0x42B48371L},{8L},{7L},{-8L},{0x0920A6FFL}},{{-1L},{0xDC87A9B6L},{8L},{5L},{0x520EA0C8L},{-8L}},{{-3L},{5L},{0x0920A6FFL},{0x865B49D5L},{0xDC87A9B6L},{0x901516EAL}},{{0x865B49D5L},{0xDC87A9B6L},{0x901516EAL},{0x0021FBB9L},{-1L},{-1L}},{{0x865B49D5L},{0x42B48371L},{0x42B48371L},{0x865B49D5L},{-3L},{0x0920A6FFL}},{{-3L},{0x520EA0C8L},{0x0021FBB9L},{5L},{0x865B49D5L},{-1L}},{{-1L},{5L},{0L},{7L},{0x865B49D5L},{0x901516EAL}}},{{{0xDC87A9B6L},{0x520EA0C8L},{7L},{0x0021FBB9L},{-3L},{-8L}},{{0x520EA0C8L},{0x42B48371L},{5L},{7L},{-1L},{0x0920A6FFL}},{{-8L},{0xDC87A9B6L},{5L},{5L},{0xDC87A9B6L},{-8L}},{{0x888C5540L},{5L},{7L},{0x865B49D5L},{0x520EA0C8L},{0x901516EAL}},{{7L},{0xDC87A9B6L},{0L},{0x0021FBB9L},{-8L},{-1L}},{{7L},{0x42B48371L},{0x0021FBB9L},{0x865B49D5L},{0x888C5540L},{0x0920A6FFL}},{{0x888C5540L},{0x520EA0C8L},{0x42B48371L},{5L},{7L},{-1L}},{{-8L},{5L},{0x901516EAL},{7L},{7L},{0x901516EAL}},{{0x520EA0C8L},{0x520EA0C8L},{0x0920A6FFL},{0x0021FBB9L},{0x888C5540L},{-8L}}},{{{0xDC87A9B6L},{0x42B48371L},{8L},{7L},{-8L},{0x0920A6FFL}},{{-1L},{0xDC87A9B6L},{8L},{5L},{0x520EA0C8L},{-8L}},{{-3L},{5L},{0x0920A6FFL},{0x865B49D5L},{0xDC87A9B6L},{0x901516EAL}},{{0x865B49D5L},{0xDC87A9B6L},{0x901516EAL},{0x0021FBB9L},{-1L},{-1L}},{{0x865B49D5L},{0x42B48371L},{0x42B48371L},{0x865B49D5L},{-3L},{0x0920A6FFL}},{{-3L},{0x520EA0C8L},{0x0021FBB9L},{5L},{0x865B49D5L},{-1L}},{{-1L},{5L},{0L},{7L},{0x865B49D5L},{0x901516EAL}},{{0xDC87A9B6L},{0x520EA0C8L},{7L},{0x0021FBB9L},{-3L},{-8L}},{{0x520EA0C8L},{0x42B48371L},{5L},{7L},{-1L},{0x0920A6FFL}}}}; +static int32_t g_31 = 1L; +static uint32_t g_32 = 4294967289UL; + + +/* --- FORWARD DECLARATIONS --- */ +static uint16_t func_1(void); +static int32_t * func_9(int32_t * p_10, uint16_t p_11); + + +/* --- FUNCTIONS --- */ +/* ------------------------------------------ */ +/* + * reads : g_4 g_5 g_7 g_32 + * writes: g_5 g_32 + */ +static uint16_t func_1(void) +{ /* block id: 0 */ + int32_t l_3 = (-1L); + if (((safe_unary_minus_func_int16_t_s(l_3)) >= g_4)) + { /* block id: 1 */ + int32_t *l_8 = &l_3; + g_5 = g_5; + (*l_8) ^= (g_7[1][3][2] , 0x44688D23L); + } + else + { /* block id: 4 */ + int32_t *l_12 = &l_3; + int32_t **l_13 = &l_12; + (*l_13) = func_9(((*l_13) = l_12), l_3); + } + return l_3; +} + + +/* ------------------------------------------ */ +/* + * reads : g_32 + * writes: g_32 + */ +static int32_t * func_9(int32_t * p_10, uint16_t p_11) +{ /* block id: 6 */ + int32_t *l_14 = &g_6; + int32_t *l_15 = &g_7[1][3][2].f0; + int32_t *l_16 = &g_6; + int32_t *l_17 = &g_6; + int32_t *l_18 = &g_6; + int32_t *l_19 = &g_6; + int32_t *l_20 = &g_6; + int32_t *l_21 = &g_6; + int32_t *l_22 = &g_6; + int32_t *l_23 = &g_7[1][3][2].f0; + int32_t l_24[8] = {0xF9F11119L,0xF9F11119L,0xF9F11119L,0xF9F11119L,0xF9F11119L,0xF9F11119L,0xF9F11119L,0xF9F11119L}; + int32_t *l_25 = &l_24[7]; + int32_t *l_26 = &l_24[2]; + int32_t *l_27 = &l_24[2]; + int32_t *l_28 = &l_24[0]; + int32_t *l_29 = &g_7[1][3][2].f0; + int32_t *l_30[10] = {(void*)0,(void*)0,(void*)0,(void*)0,(void*)0,(void*)0,(void*)0,(void*)0,(void*)0,(void*)0}; + int i; + ++g_32; + return p_10; +} + + + + +/* ---------------------------------------- */ +int main (int argc, char* argv[]) +{ + int i, j, k; + int print_hash_value = 0; + if (argc == 2 && strcmp(argv[1], "1") == 0) print_hash_value = 1; + platform_main_begin(); + crc32_gentab(); + func_1(); + for (i = 0; i < 3; i++) + { + for (j = 0; j < 1; j++) + { + for (k = 0; k < 1; k++) + { + transparent_crc(g_7[i][j][k].f0, "g_7[i][j][k].f0", print_hash_value); + transparent_crc(g_7[i][j][k].f1, "g_7[i][j][k].f1", print_hash_value); + if (print_hash_value) printf("index = [%d][%d][%d]\n", i, j, k); + } + } + } + platform_main_end(crc32_context ^ 0xFFFFFFFFUL, print_hash_value); + return 0; +} + diff --git a/tests/fuzz/1.c.txt b/tests/fuzz/1.c.txt new file mode 100644 index 00000000..701369f3 --- /dev/null +++ b/tests/fuzz/1.c.txt @@ -0,0 +1 @@ +checksum = 504CCDC diff --git a/tests/fuzz/creduce_tester.py b/tests/fuzz/creduce_tester.py new file mode 100755 index 00000000..c3460e9d --- /dev/null +++ b/tests/fuzz/creduce_tester.py @@ -0,0 +1,53 @@ +#!/usr/bin/python + +''' +Runs csmith, a C fuzzer, and looks for bugs +''' + +import os, sys, difflib +from subprocess import Popen, PIPE, STDOUT + +sys.path += [os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(__file__))), 'tools')] +import shared + +filename = sys.argv[1] +print 'testing file', filename + +print '2) Compile natively' +shared.try_delete(filename) +shared.execute([shared.CLANG_CC, '-O2', filename + '.c', '-o', filename] + CSMITH_CFLAGS, stderr=PIPE) +assert os.path.exists(filename) +print '3) Run natively' +try: + correct = shared.timeout_run(Popen([filename], stdout=PIPE, stderr=PIPE), 3) +except Exception, e: + print 'Failed or infinite looping in native, skipping', e + notes['invalid'] += 1 + os.exit(0) # boring + +print '4) Compile JS-ly and compare' + +def try_js(args): + shared.try_delete(filename + '.js') + shared.execute([shared.EMCC, '-O2', '-s', 'ASM_JS=1', '-s', 'PRECISE_I64_MATH=1', '-s', 'PRECISE_I32_MUL=1', filename + '.c', '-o', filename + '.js'] + CSMITH_CFLAGS + args, stderr=PIPE) + assert os.path.exists(filename + '.js') + js = shared.run_js(filename + '.js', stderr=PIPE, engine=engine1) + assert correct == js, ''.join([a.rstrip()+'\n' for a in difflib.unified_diff(correct.split('\n'), js.split('\n'), fromfile='expected', tofile='actual')]) + +# Try normally, then try unaligned because csmith does generate nonportable code that requires x86 alignment +ok = False +normal = True +for args, note in [([], None), (['-s', 'UNALIGNED_MEMORY=1'], 'unaligned')]: + try: + try_js(args) + ok = True + if note: + notes[note] += 1 + break + except Exception, e: + print e + normal = False +if not ok: sys.exit(1) + +sys.exit(0) # boring + diff --git a/tests/fuzz/csmith.h b/tests/fuzz/csmith.h new file mode 100644 index 00000000..f1334a37 --- /dev/null +++ b/tests/fuzz/csmith.h @@ -0,0 +1,130 @@ +/* -*- mode: C -*- + * + * Copyright (c) 2007-2010 The University of Utah + * All rights reserved. + * + * This file is part of `csmith', a random generator of C programs. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef RANDOM_RUNTIME_H +#define RANDOM_RUNTIME_H + +#ifdef CSMITH_MINIMAL +#include "csmith_minimal.h" +#else + +/*****************************************************************************/ + +#include <string.h> + +#define __STDC_LIMIT_MACROS +#include "random_inc.h" + +static uint32_t crc32_tab[256]; +static uint32_t crc32_context = 0xFFFFFFFFUL; + +static void +crc32_gentab (void) +{ + uint32_t crc; + const uint32_t poly = 0xEDB88320UL; + int i, j; + + for (i = 0; i < 256; i++) { + crc = i; + for (j = 8; j > 0; j--) { + if (crc & 1) { + crc = (crc >> 1) ^ poly; + } else { + crc >>= 1; + } + } + crc32_tab[i] = crc; + } +} + +static void +crc32_byte (uint8_t b) { + crc32_context = + ((crc32_context >> 8) & 0x00FFFFFF) ^ + crc32_tab[(crc32_context ^ b) & 0xFF]; +} + +#if defined(__SPLAT__) || defined (__COMPCERT__) || defined(NO_LONGLONG) +static void +crc32_8bytes (uint32_t val) +{ + crc32_byte ((val>>0) & 0xff); + crc32_byte ((val>>8) & 0xff); + crc32_byte ((val>>16) & 0xff); + crc32_byte ((val>>24) & 0xff); +} + +static void +transparent_crc (uint32_t val, char* vname, int flag) +{ + crc32_8bytes(val); + if (flag) { + printf("...checksum after hashing %s : %X\n", vname, crc32_context ^ 0xFFFFFFFFU); + } +} +#else +static void +crc32_8bytes (uint64_t val) +{ + crc32_byte ((val>>0) & 0xff); + crc32_byte ((val>>8) & 0xff); + crc32_byte ((val>>16) & 0xff); + crc32_byte ((val>>24) & 0xff); + crc32_byte ((val>>32) & 0xff); + crc32_byte ((val>>40) & 0xff); + crc32_byte ((val>>48) & 0xff); + crc32_byte ((val>>56) & 0xff); +} + +static void +transparent_crc (uint64_t val, char* vname, int flag) +{ + crc32_8bytes(val); + if (flag) { + printf("...checksum after hashing %s : %lX\n", vname, crc32_context ^ 0xFFFFFFFFUL); + } +} +#endif + +/*****************************************************************************/ + +#endif + +#endif /* RANDOM_RUNTIME_H */ + +/* + * Local Variables: + * c-basic-offset: 4 + * tab-width: 4 + * End: + */ + +/* End of file. */ diff --git a/tests/fuzz/csmith_driver.py b/tests/fuzz/csmith_driver.py new file mode 100755 index 00000000..1cb85451 --- /dev/null +++ b/tests/fuzz/csmith_driver.py @@ -0,0 +1,100 @@ +#!/usr/bin/python + +''' +Runs csmith, a C fuzzer, and looks for bugs +''' + +import os, sys, difflib +from subprocess import Popen, PIPE, STDOUT + +sys.path += [os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(__file__))), 'tools')] +import shared + +engine1 = eval('shared.' + sys.argv[1]) if len(sys.argv) > 1 else shared.JS_ENGINES[0] +engine2 = eval('shared.' + sys.argv[2]) if len(sys.argv) > 2 else None + +print 'testing js engines', engine1, engine2 + +CSMITH = os.path.expanduser('~/Dev/csmith/src/csmith') +CSMITH_CFLAGS = ['-I' + os.path.expanduser('~/Dev/csmith/runtime/')] + +filename = os.path.join(shared.CANONICAL_TEMP_DIR, 'fuzzcode') + +shared.DEFAULT_TIMEOUT = 1 + +tried = 0 + +notes = { 'invalid': 0, 'unaligned': 0, 'embug': 0 } + +while 1: + print 'Tried %d, notes: %s' % (tried, notes) + tried += 1 + print '1) Generate C' + shared.execute([CSMITH, '--no-volatiles', '--no-math64'], stdout=open(filename + '.c', 'w')) + + print '2) Compile natively' + shared.try_delete(filename) + shared.execute([shared.CLANG_CC, '-O2', filename + '.c', '-o', filename] + CSMITH_CFLAGS, stderr=PIPE) + assert os.path.exists(filename) + print '3) Run natively' + try: + correct = shared.timeout_run(Popen([filename], stdout=PIPE, stderr=PIPE), 3) + except Exception, e: + print 'Failed or infinite looping in native, skipping', e + notes['invalid'] += 1 + continue + + print '4) Compile JS-ly and compare' + + def try_js(args): + shared.try_delete(filename + '.js') + shared.execute([shared.EMCC, '-O2', '-s', 'ASM_JS=1', '-s', 'PRECISE_I64_MATH=1', '-s', 'PRECISE_I32_MUL=1', filename + '.c', '-o', filename + '.js'] + CSMITH_CFLAGS + args, stderr=PIPE) + assert os.path.exists(filename + '.js') + js = shared.run_js(filename + '.js', stderr=PIPE, engine=engine1, check_timeout=True) + assert correct == js, ''.join([a.rstrip()+'\n' for a in difflib.unified_diff(correct.split('\n'), js.split('\n'), fromfile='expected', tofile='actual')]) + + # Try normally, then try unaligned because csmith does generate nonportable code that requires x86 alignment + ok = False + normal = True + for args, note in [([], None), (['-s', 'UNALIGNED_MEMORY=1'], 'unaligned')]: + try: + try_js(args) + ok = True + if note: + notes[note] += 1 + break + except Exception, e: + print e + normal = False + if not ok: + print "EMSCRIPTEN BUG" + notes['embug'] += 1 + continue #break + #if not ok: + # try: # finally, try with safe heap. if that is triggered, this is nonportable code almost certainly + # try_js(['-s', 'SAFE_HEAP=1']) + # except Exception, e: + # print e + # js = shared.run_js(filename + '.js', stderr=PIPE, full_output=True) + # print js + # if 'SAFE_HEAP' in js: + # notes['safeheap'] += 1 + # else: + # break + + # This is ok. Try in secondary JS engine too + if engine2 and normal: + try: + js2 = shared.run_js(filename + '.js', stderr=PIPE, engine=engine2, full_output=True, check_timeout=True) + except: + print 'failed to run in secondary', js2 + break + + # asm.js testing + assert 'warning: Successfully compiled asm.js code' in js2, 'must validate' + js2 = js2.replace('\nwarning: Successfully compiled asm.js code\n', '') + + assert js2 == correct, ''.join([a.rstrip()+'\n' for a in difflib.unified_diff(correct.split('\n'), js2.split('\n'), fromfile='expected', tofile='actual')]) + 'ODIN FAIL' + print 'odin ok' + + diff --git a/tests/fuzz/platform_generic.h b/tests/fuzz/platform_generic.h new file mode 100644 index 00000000..b2ef33a3 --- /dev/null +++ b/tests/fuzz/platform_generic.h @@ -0,0 +1,132 @@ +/* -*- mode: C -*- + * + * + * Copyright (c) 2007, 2008 The University of Utah + * All rights reserved. + * + * This file is part of `csmith', a random generator of C programs. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef PLATFORM_GENERIC_H +#define PLATFORM_GENERIC_H + +/*****************************************************************************/ + +#ifdef STANDALONE +extern int printf (const char *, ...); +#else +#include <stdio.h> +#endif + +static void +platform_main_begin(void) +{ + /* Nothing to do. */ +} + +static void +platform_main_end(uint32_t crc, int flag) +{ +#if defined (__FRAMAC) + Frama_C_dump_assert_each(); +#endif + printf ("checksum = %X\n", crc); +#if defined (LOG_WRAPPERS) + { + int i, first; + + printf ("executed wrappers: "); + first = 1; + for (i=1; i<N_WRAP+1; i++) { + if (__executed_checks[i]) { + if (!first) { + printf (","); + } else { + first = 0; + } + printf ("%d", i); + } + } + printf ("\n"); + + printf ("dead wrappers: "); + first = 1; + for (i=1; i<N_WRAP+1; i++) { + if (!__executed_checks[i]) { + if (!first) { + printf (","); + } else { + first = 0; + } + printf ("%d", i); + } + } + printf ("\n"); + + printf ("wrappers that failed at least once: "); + first = 1; + for (i=1; i<N_WRAP+1; i++) { + if (__failed_checks[i]) { + if (!first) { + printf (","); + } else { + first = 0; + } + printf ("%d", i); + } + } + printf ("\n"); + + printf ("wrappers that never failed (or never executed): "); + first = 1; + for (i=1; i<N_WRAP+1; i++) { + if (!__failed_checks[i]) { + if (!first) { + printf (","); + } else { + first = 0; + } + printf ("%d", i); + } + } + printf ("\n"); + } +#endif +} + +#define MB (1<<20) + +/*****************************************************************************/ + +#endif /* PLATFORM_GENERIC_H */ + +/* + * Local Variables: + * c-basic-offset: 4 + * tab-width: 4 + * End: + */ + +/* End of file. */ diff --git a/tests/fuzz/random_inc.h b/tests/fuzz/random_inc.h new file mode 100644 index 00000000..7559cbd7 --- /dev/null +++ b/tests/fuzz/random_inc.h @@ -0,0 +1,129 @@ +/* -*- mode: C -*- + * + * Copyright (c) 2007-2010 The University of Utah + * All rights reserved. + * + * This file is part of `csmith', a random generator of C programs. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef RANDOM_INC_H +#define RANDOM_INC_H + + +#if defined(STANDALONE) + #if defined(_MSC_VER) + #include <limits.h> + #include "windows/stdint.h" + #elif defined (IA32_ARCH) + #include "stdint_ia32.h" + #elif defined (IA64_ARCH) + #include "stdint_ia64.h" + #elif defined (MSP430) + #include "stdint_msp430.h" + #elif defined (AVR_ARCH) + #include "stdint_avr.h" + #else + #include "stdint_ia32.h" + #endif +#else + #include <limits.h> + #if defined(_MSC_VER) + #include "windows/stdint.h" + #else + #include <stdint.h> + #endif +#endif + +#include <assert.h> + +/*****************************************************************************/ + +#ifndef DEPUTY +#define COUNT(n) +#define TC +#define SAFE +#endif + +/*****************************************************************************/ + +#ifdef LOG_WRAPPERS +#include "wrapper.h" +char __failed_checks[N_WRAP+1]; +char __executed_checks[N_WRAP+1]; +#define UNDEFINED(__val) (__failed_checks[index]=1,(__val)) +#define LOG_INDEX , int index +#define LOG_EXEC __executed_checks[index]=1; +#else +#define UNDEFINED(__val) (__val) +#define LOG_INDEX +#define LOG_EXEC +#endif + +#if defined(AVR_ARCH) +#include "platform_avr.h" +#elif defined (MSP430) +#include "platform_msp430.h" +#else +#include "platform_generic.h" +#endif + +#define STATIC static + +#if defined (USE_MATH_MACROS_NOTMP) +#include "safe_math_macros_notmp.h" +#elif defined (USE_MATH_MACROS) +#include "safe_math_macros.h" +#else +#define FUNC_NAME(x) (safe_##x) +#include "safe_math.h" +#undef FUNC_NAME +#endif + +#define INT_BIT (sizeof(int)*CHAR_BIT) +#define _CSMITH_BITFIELD(x) (((x)>INT_BIT)?((x)%INT_BIT):(x)) + +#ifdef TCC + +void* memcpy(void* dest, const void* src, size_t count) { + char* dst8 = (char*)dest; + char* src8 = (char*)src; + + while (count--) { + *dst8++ = *src8++; + } + return dest; +} + +void *memset(void *s, int c, size_t n) +{ + unsigned char* p=s; + while(n--) + *p++ = (unsigned char)c; + return s; +} + +#endif + +#endif // RANDOM_INC_H diff --git a/tests/fuzz/safe_math.h b/tests/fuzz/safe_math.h new file mode 100644 index 00000000..393ebba1 --- /dev/null +++ b/tests/fuzz/safe_math.h @@ -0,0 +1,947 @@ + +#ifndef SAFE_MATH_H +#define SAFE_MATH_H + + + + + + + + + +STATIC int8_t +FUNC_NAME(unary_minus_func_int8_t_s)(int8_t si LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT8_MAX>=INT_MAX) + (si==INT8_MIN) ? + (UNDEFINED(si)) : +#endif +#endif + -si; +} + +STATIC int8_t +FUNC_NAME(add_func_int8_t_s_s)(int8_t si1, int8_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT8_MAX>=INT_MAX) + (((si1>0) && (si2>0) && (si1 > (INT8_MAX-si2))) || ((si1<0) && (si2<0) && (si1 < (INT8_MIN-si2)))) ? + (UNDEFINED(si1)) : +#endif +#endif + (si1 + si2); +} + +STATIC int8_t +FUNC_NAME(sub_func_int8_t_s_s)(int8_t si1, int8_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT8_MAX>=INT_MAX) + (((si1^si2) & (((si1 ^ ((si1^si2) & (~INT8_MAX)))-si2)^si2)) < 0) ? + (UNDEFINED(si1)) : +#endif +#endif + (si1 - si2); +} + +STATIC int8_t +FUNC_NAME(mul_func_int8_t_s_s)(int8_t si1, int8_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT8_MAX>=INT_MAX) + (((si1 > 0) && (si2 > 0) && (si1 > (INT8_MAX / si2))) || ((si1 > 0) && (si2 <= 0) && (si2 < (INT8_MIN / si1))) || ((si1 <= 0) && (si2 > 0) && (si1 < (INT8_MIN / si2))) || ((si1 <= 0) && (si2 <= 0) && (si1 != 0) && (si2 < (INT8_MAX / si1)))) ? + (UNDEFINED(si1)) : +#endif +#endif + si1 * si2; +} + +STATIC int8_t +FUNC_NAME(mod_func_int8_t_s_s)(int8_t si1, int8_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((si2 == 0) || ((si1 == INT8_MIN) && (si2 == (-1)))) ? + (UNDEFINED(si1)) : +#endif + (si1 % si2); +} + +STATIC int8_t +FUNC_NAME(div_func_int8_t_s_s)(int8_t si1, int8_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((si2 == 0) || ((si1 == INT8_MIN) && (si2 == (-1)))) ? + (UNDEFINED(si1)) : +#endif + (si1 / si2); +} + +STATIC int8_t +FUNC_NAME(lshift_func_int8_t_s_s)(int8_t left, int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((int)right) < 0) || (((int)right) >= 32) || (left > (INT8_MAX >> ((int)right)))) ? + (UNDEFINED(left)) : +#endif + (left << ((int)right)); +} + +STATIC int8_t +FUNC_NAME(lshift_func_int8_t_s_u)(int8_t left, unsigned int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((unsigned int)right) >= 32) || (left > (INT8_MAX >> ((unsigned int)right)))) ? + (UNDEFINED(left)) : +#endif + (left << ((unsigned int)right)); +} + +STATIC int8_t +FUNC_NAME(rshift_func_int8_t_s_s)(int8_t left, int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((int)right) < 0) || (((int)right) >= 32))? + (UNDEFINED(left)) : +#endif + (left >> ((int)right)); +} + +STATIC int8_t +FUNC_NAME(rshift_func_int8_t_s_u)(int8_t left, unsigned int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((unsigned int)right) >= 32)) ? + (UNDEFINED(left)) : +#endif + (left >> ((unsigned int)right)); +} + + + +STATIC int16_t +FUNC_NAME(unary_minus_func_int16_t_s)(int16_t si LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT16_MAX>=INT_MAX) + (si==INT16_MIN) ? + (UNDEFINED(si)) : +#endif +#endif + -si; +} + +STATIC int16_t +FUNC_NAME(add_func_int16_t_s_s)(int16_t si1, int16_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT16_MAX>=INT_MAX) + (((si1>0) && (si2>0) && (si1 > (INT16_MAX-si2))) || ((si1<0) && (si2<0) && (si1 < (INT16_MIN-si2)))) ? + (UNDEFINED(si1)) : +#endif +#endif + (si1 + si2); +} + +STATIC int16_t +FUNC_NAME(sub_func_int16_t_s_s)(int16_t si1, int16_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT16_MAX>=INT_MAX) + (((si1^si2) & (((si1 ^ ((si1^si2) & (~INT16_MAX)))-si2)^si2)) < 0) ? + (UNDEFINED(si1)) : +#endif +#endif + (si1 - si2); +} + +STATIC int16_t +FUNC_NAME(mul_func_int16_t_s_s)(int16_t si1, int16_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT16_MAX>=INT_MAX) + (((si1 > 0) && (si2 > 0) && (si1 > (INT16_MAX / si2))) || ((si1 > 0) && (si2 <= 0) && (si2 < (INT16_MIN / si1))) || ((si1 <= 0) && (si2 > 0) && (si1 < (INT16_MIN / si2))) || ((si1 <= 0) && (si2 <= 0) && (si1 != 0) && (si2 < (INT16_MAX / si1)))) ? + (UNDEFINED(si1)) : +#endif +#endif + si1 * si2; +} + +STATIC int16_t +FUNC_NAME(mod_func_int16_t_s_s)(int16_t si1, int16_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((si2 == 0) || ((si1 == INT16_MIN) && (si2 == (-1)))) ? + (UNDEFINED(si1)) : +#endif + (si1 % si2); +} + +STATIC int16_t +FUNC_NAME(div_func_int16_t_s_s)(int16_t si1, int16_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((si2 == 0) || ((si1 == INT16_MIN) && (si2 == (-1)))) ? + (UNDEFINED(si1)) : +#endif + (si1 / si2); +} + +STATIC int16_t +FUNC_NAME(lshift_func_int16_t_s_s)(int16_t left, int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((int)right) < 0) || (((int)right) >= 32) || (left > (INT16_MAX >> ((int)right)))) ? + (UNDEFINED(left)) : +#endif + (left << ((int)right)); +} + +STATIC int16_t +FUNC_NAME(lshift_func_int16_t_s_u)(int16_t left, unsigned int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((unsigned int)right) >= 32) || (left > (INT16_MAX >> ((unsigned int)right)))) ? + (UNDEFINED(left)) : +#endif + (left << ((unsigned int)right)); +} + +STATIC int16_t +FUNC_NAME(rshift_func_int16_t_s_s)(int16_t left, int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((int)right) < 0) || (((int)right) >= 32))? + (UNDEFINED(left)) : +#endif + (left >> ((int)right)); +} + +STATIC int16_t +FUNC_NAME(rshift_func_int16_t_s_u)(int16_t left, unsigned int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((unsigned int)right) >= 32)) ? + (UNDEFINED(left)) : +#endif + (left >> ((unsigned int)right)); +} + + + +STATIC int32_t +FUNC_NAME(unary_minus_func_int32_t_s)(int32_t si LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT32_MAX>=INT_MAX) + (si==INT32_MIN) ? + (UNDEFINED(si)) : +#endif +#endif + -si; +} + +STATIC int32_t +FUNC_NAME(add_func_int32_t_s_s)(int32_t si1, int32_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT32_MAX>=INT_MAX) + (((si1>0) && (si2>0) && (si1 > (INT32_MAX-si2))) || ((si1<0) && (si2<0) && (si1 < (INT32_MIN-si2)))) ? + (UNDEFINED(si1)) : +#endif +#endif + (si1 + si2); +} + +STATIC int32_t +FUNC_NAME(sub_func_int32_t_s_s)(int32_t si1, int32_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT32_MAX>=INT_MAX) + (((si1^si2) & (((si1 ^ ((si1^si2) & (~INT32_MAX)))-si2)^si2)) < 0) ? + (UNDEFINED(si1)) : +#endif +#endif + (si1 - si2); +} + +STATIC int32_t +FUNC_NAME(mul_func_int32_t_s_s)(int32_t si1, int32_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE +#if (INT32_MAX>=INT_MAX) + (((si1 > 0) && (si2 > 0) && (si1 > (INT32_MAX / si2))) || ((si1 > 0) && (si2 <= 0) && (si2 < (INT32_MIN / si1))) || ((si1 <= 0) && (si2 > 0) && (si1 < (INT32_MIN / si2))) || ((si1 <= 0) && (si2 <= 0) && (si1 != 0) && (si2 < (INT32_MAX / si1)))) ? + (UNDEFINED(si1)) : +#endif +#endif + si1 * si2; +} + +STATIC int32_t +FUNC_NAME(mod_func_int32_t_s_s)(int32_t si1, int32_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((si2 == 0) || ((si1 == INT32_MIN) && (si2 == (-1)))) ? + (UNDEFINED(si1)) : +#endif + (si1 % si2); +} + +STATIC int32_t +FUNC_NAME(div_func_int32_t_s_s)(int32_t si1, int32_t si2 LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((si2 == 0) || ((si1 == INT32_MIN) && (si2 == (-1)))) ? + (UNDEFINED(si1)) : +#endif + (si1 / si2); +} + +STATIC int32_t +FUNC_NAME(lshift_func_int32_t_s_s)(int32_t left, int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((int)right) < 0) || (((int)right) >= 32) || (left > (INT32_MAX >> ((int)right)))) ? + (UNDEFINED(left)) : +#endif + (left << ((int)right)); +} + +STATIC int32_t +FUNC_NAME(lshift_func_int32_t_s_u)(int32_t left, unsigned int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((unsigned int)right) >= 32) || (left > (INT32_MAX >> ((unsigned int)right)))) ? + (UNDEFINED(left)) : +#endif + (left << ((unsigned int)right)); +} + +STATIC int32_t +FUNC_NAME(rshift_func_int32_t_s_s)(int32_t left, int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((int)right) < 0) || (((int)right) >= 32))? + (UNDEFINED(left)) : +#endif + (left >> ((int)right)); +} + +STATIC int32_t +FUNC_NAME(rshift_func_int32_t_s_u)(int32_t left, unsigned int right LOG_INDEX) +{ + LOG_EXEC + return +#ifndef UNSAFE + ((left < 0) || (((unsigned int)right) >= 32)) ? |