From 8ee55b12b45806b044b98ade9388e623b36eee87 Mon Sep 17 00:00:00 2001 From: Antonis Geralis Date: Fri, 9 Sep 2022 15:45:31 +0300 Subject: [PATCH] minor --- README.md | 2 +- benchmarks/bench_graph.nim | 2 +- examples/fuzz_matrix.nim | 6 +++--- examples/fuzz_simple.nim | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 37 insertions(+), 5 deletions(-) create mode 100644 examples/fuzz_simple.nim diff --git a/README.md b/README.md index 190ce4f..f02c2d0 100644 --- a/README.md +++ b/README.md @@ -152,7 +152,7 @@ must also be defined. `drchaos/common` exports read/write procs that assist with ### Dos and don'ts - Don't `echo` in a fuzz target as it slows down execution speed. -- Prefer `-d:danger|release` for maximum performance. +- Prefer `-d:danger` for maximum performance. - Once you have a crash you can recompile with `-d:debug` and pass the crashing test case as parameter. - Use `debugEcho(x)` in a target to print the crashing input. - You could compile without sanitizers, AddressSanitizer slows down programs by ~2x, but it's not recommended. diff --git a/benchmarks/bench_graph.nim b/benchmarks/bench_graph.nim index 0c173bc..e001f82 100644 --- a/benchmarks/bench_graph.nim +++ b/benchmarks/bench_graph.nim @@ -1,6 +1,6 @@ # WARNING: This benchmark does not run a complete fuzzing iteration, just the mutator. # As such it doesn't account for LibFuzzer's overhead or the efficiency of the cache. -# Compile with: nim c --mm:arc -d:danger bench_graph.nim +# Compile with: nim c --mm:arc --threads:off -d:danger bench_graph.nim # Then run: perf record -e cycles:pp --call-graph dwarf ./bench_graph include examples/fuzz_graph diff --git a/examples/fuzz_matrix.nim b/examples/fuzz_matrix.nim index 0eebb6a..dd6f0fb 100644 --- a/examples/fuzz_matrix.nim +++ b/examples/fuzz_matrix.nim @@ -52,10 +52,10 @@ when isMainModule: proc default[M, N: static[int]](_: typedesc[Matrix32[M, N]]): Matrix32[M, N] = zeros(M, N, float32) - func fuzzTarget(x: Matrix32[2, 2]) = + func fuzzTarget(x: Matrix32[3, 3]) = when defined(dumpFuzzInput): debugEcho(x) # Here you could multiply `x` with the identity matrix and make sure it doesn't change. - #doAssert x * eye(2, float32) =~ x - doAssert x != eye(2, float32) + #doAssert x * eye(3, float32) =~ x + doAssert x != eye(3, float32) defaultMutator(fuzzTarget) diff --git a/examples/fuzz_simple.nim b/examples/fuzz_simple.nim new file mode 100644 index 0000000..3ebc30f --- /dev/null +++ b/examples/fuzz_simple.nim @@ -0,0 +1,32 @@ +import drchaos + +type + SampleStruct[T, U] = object + x: T + y: U + + SampleEnum = enum + A, B, C + + SampleCase = object + case kind: SampleEnum + of A: z: uint16 + of B: discard + of C: x, y: bool + +func `==`(a, b: SampleCase): bool = + if a.kind != b.kind: return false + case a.kind + of A: return a.z == b.z + of B: return true + of C: return a.x == b.x and a.y == b.y + +func fuzzTarget(xs: seq[SampleStruct[uint8, SampleCase]]) = + if xs.len > 3 and + xs[0].x == 100 and (xs[0].y.kind == C and xs[0].y.x == false and xs[0].y.y == true) and + xs[1].x == 55 and (xs[1].y.kind == C and xs[1].y.x == true and xs[1].y.y == false) and + xs[2].x == 87 and (xs[2].y.kind == C and xs[2].y.x == false and xs[2].y.y == false) and + xs[3].x == 24 and (xs[3].y.kind == C and xs[3].y.x == true and xs[3].y.y == true): + doAssert false + +defaultMutator(fuzzTarget)