Google Git
Sign in
go / go / 417100ec1b08bb1046e207fd08de105944668d27 / . / src / cmd / go / testdata / script / test_fuzz_minimize_interesting.txt
blob: fc66201eb3fac361298a365f84dd15dc04cd751e [file] [log] [blame]
# TODO(jayconrod): support shared memory on more platforms.
[!darwin] [!linux] [!windows] skip
# Instrumentation only supported on 64-bit architectures.
[!amd64] [!arm64] skip
# Test that when an interesting value is discovered (one that expands coverage),
# the fuzzing engine minimizes it before writing it to the cache.
#
# The program below starts with a seed value of length 100, but more coverage
# will be found for any value other than the seed. We should end with a value
# in the cache of length 1 (the minimizer currently does not produce empty
# strings). check_cache.go confirms that.
#
# We would like to verify that ALL values in the cache were minimized to a
# length of 1, but this isn't always possible when new coverage is found in
# functions called by testing or internal/fuzz in the background.
go test -c -fuzz=. # Build using shared build cache for speed.
env GOCACHE=$WORK/gocache
exec ./fuzz.test$GOEXE -test.fuzzcachedir=$GOCACHE/fuzz -test.fuzz=FuzzMinCache -test.fuzztime=1000x
go run check_cache.go $GOCACHE/fuzz/FuzzMinCache
# Test that minimization occurs for a crash that appears while minimizing a
# newly found interesting input. There must be only one worker for this test to
# be flaky like we want.
go test -c -fuzz=. # Build using shared build cache for speed.
env GOCACHE=$WORK/gocache
! exec ./fuzz.test$GOEXE -test.fuzzcachedir=$GOCACHE/fuzz -test.fuzz=FuzzMinimizerCrashInMinimization -test.fuzztime=10000x -test.parallel=1
! stdout '^ok'
stdout 'got the minimum size!'
stdout 'flaky failure'
stdout FAIL
# Make sure the crash that was written will fail when run with go test
! go test -run=FuzzMinimizerCrashInMinimization .
-- go.mod --
module fuzz
go 1.17
-- y.go --
package fuzz
import (
"bytes"
"io"
)
func Y(w io.Writer, b []byte) {
if !bytes.Equal(b, []byte("y")) {
w.Write([]byte("not equal"))
}
}
-- fuzz_test.go --
package fuzz
import (
"bytes"
"io"
"testing"
)
func FuzzMinimizerCrashInMinimization(f *testing.F) {
seed := make([]byte, 1000)
f.Add(seed)
f.Fuzz(func(t *testing.T, b []byte) {
if len(b) < 50 || len(b) > 1100 {
// Make sure that b is large enough that it can be minimized
return
}
if !bytes.Equal(b, seed) {
// This should have hit a new edge, and the interesting input
// should be attempting minimization
Y(io.Discard, b)
}
if len(b) < 350 {
t.Error("flaky failure")
}
if len(b) == 50 {
t.Log("got the minimum size!")
}
})
}
func FuzzMinCache(f *testing.F) {
seed := bytes.Repeat([]byte("a"), 20)
f.Add(seed)
f.Fuzz(func(t *testing.T, buf []byte) {
if bytes.Equal(buf, seed) {
return
}
if n := sum(buf); n < 0 {
t.Error("sum cannot be negative")
}
})
}
func sum(buf []byte) int {
n := 0
for _, b := range buf {
n += int(b)
}
return n
}
-- check_cache.go --
//go:build ignore
// +build ignore
// check_cache.go checks that each file in the cached corpus has a []byte
// of length at most 1. This verifies that at least one cached input is minimized.
package main
import (
"bytes"
"fmt"
"os"
"path/filepath"
"regexp"
"strconv"
)
func main() {
dir := os.Args[1]
ents, err := os.ReadDir(dir)
if err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}
for _, ent := range ents {
name := filepath.Join(dir, ent.Name())
if good, err := checkCacheFile(name); err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
} else if good {
os.Exit(0)
}
}
fmt.Fprintln(os.Stderr, "no cached inputs were minimized")
os.Exit(1)
}
func checkCacheFile(name string) (good bool, err error) {
data, err := os.ReadFile(name)
if err != nil {
return false, err
}
for _, line := range bytes.Split(data, []byte("\n")) {
m := valRe.FindSubmatch(line)
if m == nil {
continue
}
if s, err := strconv.Unquote(string(m[1])); err != nil {
return false, err
} else if len(s) <= 1 {
return true, nil
}
}
return false, nil
}
var valRe = regexp.MustCompile(`^\[\]byte\(([^)]+)\)$`)