Add fuzzing for standard compliance checks

danlark1 · danlark1 · commit ffede29bbd57 · 2020-11-22T13:11:38.000Z
diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
@@ -31,6 +31,7 @@ if(ENABLE_FUZZING)
   implement_fuzzer(fuzz_string_select)
   implement_fuzzer(fuzz_sort)
   implement_fuzzer(fuzz_string_sort)
+  implement_fuzzer(fuzz_standard_compliance)
 
   # to be able to get a list of all fuzzers from within a script
   add_custom_target(print_all_fuzzernames
diff --git a/fuzz/fuzz_select.cpp b/fuzz/fuzz_select.cpp
@@ -20,7 +20,6 @@ void ChooseImplementation(uint8_t byte, std::vector<U>& working,
       ...);
 }
 
-// Use the first element as a position into the data
 extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data,
                                       std::size_t size) {
   if (size <= 3) return 0;
diff --git a/fuzz/fuzz_sort.cpp b/fuzz/fuzz_sort.cpp
@@ -20,7 +20,6 @@ void ChooseImplementation(uint8_t byte, std::vector<U>& working,
       ...);
 }
 
-// Use the first element as a position into the data
 extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data,
                                       std::size_t size) {
   if (size <= 3) return 0;
diff --git a/fuzz/fuzz_standard_compliance.cpp b/fuzz/fuzz_standard_compliance.cpp
@@ -0,0 +1,68 @@
+#include <algorithm>
+#include <cstddef>
+#include <cstdint>
+#include <vector>
+
+#include "test_common.h"
+
+template <class Iter, class... T>
+void ChooseImplementation(uint8_t byte, Iter beg, Iter end, Iter partition_iter,
+                          const ::testing::Types<T...>&) {
+  static_assert(sizeof...(T) < 256);
+  int i = 0;
+  constexpr size_t size = sizeof...(T);
+  (
+      [&]() {
+        if (byte % size == i++) {
+          T::Select(beg, partition_iter, end);
+        }
+      }(),
+      ...);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data,
+                                      std::size_t size) {
+  if (size <= 3) return 0;
+  uint8_t impl = data[0];
+  uint8_t partition_point = data[1];
+  size = std::min(std::size_t{129}, size) - 2;
+  partition_point %= size;
+  std::vector<char> working(data + 2, data + size + 2);
+  miniselect::algorithms::IntegralCharIterator<char> beg(working.data());
+  miniselect::algorithms::IntegralCharIterator<char> ending(working.data() +
+                                                            working.size());
+  auto canonical = working;
+  const auto partition_iter = beg + partition_point;
+  ChooseImplementation(impl, beg, ending, partition_iter,
+                       miniselect::algorithms::All{});
+  if (partition_iter != ending) {
+    const auto& nth = *partition_iter;
+    bool is_error = false;
+    if (!std::all_of(beg, partition_iter,
+                     [&](const auto& v) { return v <= nth; })) {
+      is_error = true;
+    }
+    if (!std::all_of(partition_iter, ending,
+                     [&](const auto& v) { return v >= nth; })) {
+      is_error = true;
+    }
+    if (is_error) {
+    fail:
+      std::cerr << "FAILED!\nCanonical: ";
+      for (const auto& s : canonical) {
+        std::cerr << static_cast<int>(s) << ' ';
+      }
+      std::cerr << std::endl;
+      std::cerr << "Got: ";
+      for (const auto& s : working) {
+        std::cerr << static_cast<int>(s) << ' ';
+      }
+      std::cerr << std::endl;
+      std::cerr << "partition_iter = " << static_cast<int>(partition_iter - beg)
+                << std::endl;
+      std::abort();
+    }
+  }
+
+  return 0;
+}
diff --git a/fuzz/fuzz_string_select.cpp b/fuzz/fuzz_string_select.cpp
@@ -20,7 +20,6 @@ void ChooseImplementation(uint8_t byte, std::vector<U>& working,
       ...);
 }
 
-// Use the first element as a position into the data
 extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data,
                                       std::size_t size) {
   if (size <= 3) return 0;
diff --git a/fuzz/fuzz_string_sort.cpp b/fuzz/fuzz_string_sort.cpp
@@ -20,7 +20,6 @@ void ChooseImplementation(uint8_t byte, std::vector<U>& working,
       ...);
 }
 
-// Use the first element as a position into the data
 extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data,
                                       std::size_t size) {
   if (size <= 3) return 0;
diff --git a/testing/test_common.h b/testing/test_common.h
@@ -293,7 +293,7 @@ struct IntegralCharIterator {
     return pos >= other.pos;
   }
 
-  char* pos;
+  char* pos = nullptr;
 };
 
 template <class Integral>

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,6 @@ void ChooseImplementation(uint8_t byte, std::vector<U>& working,`
`20`	`20`	`...);`
`21`	`21`	`}`
`22`	`22`
`23`		`-// Use the first element as a position into the data`
`24`	`23`	`extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data,`
`25`	`24`	`std::size_t size) {`
`26`	`25`	`if (size <= 3) return 0;`
Original file line number	Diff line number	Diff line change
`@@ -293,7 +293,7 @@ struct IntegralCharIterator {`
`293`	`293`	`return pos >= other.pos;`
`294`	`294`	`}`
`295`	`295`
`296`		`- char* pos;`
	`296`	`+ char* pos = nullptr;`
`297`	`297`	`};`
`298`	`298`
`299`	`299`	`template <class Integral>`