tvl-depot/third_party/immer/test/flex_vector/fuzzed-1.cpp

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

369 lines
16 KiB
C++
Raw Normal View History

//
// immer: immutable data structures for C++
// Copyright (C) 2016, 2017, 2018 Juan Pedro Bolivar Puente
//
// This software is distributed under the Boost Software License, Version 1.0.
// See accompanying file LICENSE or copy at http://boost.org/LICENSE_1_0.txt
//
#include "extra/fuzzer/fuzzer_input.hpp"
#include <array>
#include <catch.hpp>
#include <immer/flex_vector.hpp>
#include <iostream>
#define IMMER_FUZZED_TRACE_ENABLE 0
#if IMMER_FUZZED_TRACE_ENABLE
#define IMMER_FUZZED_TRACE(...) std::cout << __VA_ARGS__ << std::endl;
#else
#define IMMER_FUZZED_TRACE(...)
#endif
namespace {
template <std::size_t VarCount = 2, unsigned Bits = 2>
int run_input(const std::uint8_t* data, std::size_t size)
{
using vector_t =
immer::flex_vector<int, immer::default_memory_policy, Bits, Bits>;
using size_t = std::uint8_t;
auto vars = std::array<vector_t, VarCount>{};
#if IMMER_FUZZED_TRACE_ENABLE
std::cout << "/// new test run" << std::endl;
for (auto i = 0u; i < VarCount; ++i)
std::cout << "auto var" << i << " = vector_t{};" << std::endl;
#endif
auto is_valid_var = [&](auto idx) { return idx >= 0 && idx < VarCount; };
auto is_valid_index = [](auto& v) {
return [&](auto idx) { return idx >= 0 && idx < v.size(); };
};
auto is_valid_size = [](auto& v) {
return [&](auto idx) { return idx >= 0 && idx <= v.size(); };
};
auto can_concat = [](auto&& v1, auto&& v2) {
using size_type = decltype(v1.size());
return v2.size() < (std::numeric_limits<size_type>::max() - v1.size());
};
auto can_insert = [](auto&& v1) {
using size_type = decltype(v1.size());
return v1.size() < std::numeric_limits<size_type>::max();
};
return fuzzer_input{data, size}.run([&](auto& in) {
enum ops
{
op_push_back,
op_update,
op_take,
op_drop,
op_concat,
op_push_back_move,
op_update_move,
};
auto src = read<std::uint8_t>(in, is_valid_var);
auto dst = read<std::uint8_t>(in, is_valid_var);
switch (read<char>(in)) {
case op_push_back:
if (can_insert(vars[src])) {
IMMER_FUZZED_TRACE("var" << +dst << " = var" << +src
<< ".push_back(42);");
vars[dst] = vars[src].push_back(42);
}
break;
case op_update: {
auto idx = read<size_t>(in, is_valid_index(vars[src]));
IMMER_FUZZED_TRACE("var" << +dst << " = var" << +src << ".update("
<< +idx
<< ", [] (auto x) { return x + 1; });");
vars[dst] = vars[src].update(idx, [](auto x) { return x + 1; });
break;
}
case op_take: {
auto idx = read<size_t>(in, is_valid_size(vars[src]));
IMMER_FUZZED_TRACE("var" << +dst << " = var" << +src << ".take("
<< +idx << ");");
vars[dst] = vars[src].take(idx);
break;
}
case op_drop: {
auto idx = read<size_t>(in, is_valid_size(vars[src]));
IMMER_FUZZED_TRACE("var" << +dst << " = var" << +src << ".take("
<< +idx << ");");
vars[dst] = vars[src].drop(idx);
break;
}
case op_concat: {
auto src2 = read<std::uint8_t>(in, is_valid_var);
if (can_concat(vars[src], vars[src2])) {
IMMER_FUZZED_TRACE("var" << +dst << " = var" << +src << " + var"
<< +src2 << ";");
vars[dst] = vars[src] + vars[src2];
}
break;
}
case op_push_back_move: {
if (can_insert(vars[src])) {
IMMER_FUZZED_TRACE("var" << +dst << " = std::move(var" << +src
<< ").push_back(21);");
vars[dst] = std::move(vars[src]).push_back(21);
}
break;
}
case op_update_move: {
auto idx = read<size_t>(in, is_valid_index(vars[src]));
IMMER_FUZZED_TRACE("var" << +dst << " = std::move(var" << +src
<< ").update(" << +idx
<< ", [] (auto x) { return x + 1; });");
vars[dst] =
std::move(vars[src]).update(idx, [](auto x) { return x + 1; });
break;
}
default:
break;
};
return true;
});
}
} // anonymous namespace
TEST_CASE("bug: memory leak because of move update")
{
// There was a problem caused with shared "sizes buffer" in
// relaxed nodes. In particular, the ensure_mutable_relaxed(...)
// function was not decremeting the old sizes buffer. That is why
// the last transient push_back (which uses mutable operations)
// causes some of the relaxed buffers that are created during the
// previous concatenations, and that start to be shared from the
// update() onwards, to later be leaked.
SECTION("simplified")
{
using vector_t =
immer::flex_vector<int, immer::default_memory_policy, 2, 2>;
auto var0 = vector_t{};
auto var1 = vector_t{};
var0 = var0.push_back(42);
var0 = var0.push_back(42);
var0 = var0.push_back(42);
var0 = var0 + var0;
var1 = var0.push_back(42);
var0 = var0 + var1;
var1 = var0.push_back(42);
var0 = var0 + var0;
var0 = var1 + var0;
var0 = var1.update(5, [](auto x) { return x + 1; });
var0 = std::move(var0).push_back(21);
}
#if __GNUC__ != 9
SECTION("")
{
constexpr std::uint8_t input[] = {
0xff, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x40, 0x0, 0x0, 0x4, 0x0, 0x6d, 0x6d, 0x0, 0x1, 0x0, 0x4,
0x6d, 0x6d, 0x6d, 0x0, 0x0, 0x4, 0x1, 0x6d, 0x6d, 0x0, 0x1,
0x0, 0x0, 0x0, 0x4, 0x28, 0x0, 0xfc, 0x1, 0x0, 0x4, 0x0,
0x0, 0x0, 0xfc, 0x1, 0x0, 0x1, 0x5, 0x0, 0x0, 0x1, 0x5,
0x0, 0x0, 0x5, 0x0, 0x0, 0xff, 0xff, 0xff, 0x27,
};
CHECK(run_input(input, sizeof(input)) == 0);
}
#endif
}
TEST_CASE("non-bug: crash")
{
// This is an interesting finding that is left here for
// documentation. This test actually should not run... the
// problem is that when we build too large vectors via
// concatenation, we can sometimes "overflow the shift". This is
// a degenerate case that we won't fix, but this helped adding
// appropriate assertions to the code.
//
// To prevent this in further fuzzing, the can_concat check has
// been made stricter.
return;
SECTION("simplified")
{
using vector_t =
immer::flex_vector<int, immer::default_memory_policy, 2, 2>;
auto var4 = vector_t{};
var4 = var4.push_back(42);
var4 = var4.push_back(42);
var4 = var4.push_back(42);
var4 = var4.push_back(42);
var4 = var4.push_back(42);
auto var0 = var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var0 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4 + var4;
var4 = var4.update(4, [](auto x) { return x + 1; });
}
#if __GNUC__ != 9
SECTION("")
{
constexpr std::uint8_t input[] = {
0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x00,
0x00, 0x00, 0x00, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x00, 0x04, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x00, 0x2a, 0x00,
0x00, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0xfc, 0xf9, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x05, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x00, 0x00, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x23,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x00, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0xd5, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x23, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x00, 0x01, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x00,
0x01, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x05, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x00, 0x00, 0x00,
0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3a,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x21, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x04,
0x04, 0x04, 0x04, 0x00, 0x04, 0x04, 0x00, 0x00, 0x04, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0x13, 0x13, 0x13, 0x13, 0x13, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x29, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x21, 0x00, 0x10, 0x00,
0x00, 0x00, 0x00, 0x00, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x04, 0x04, 0x04, 0x04,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x3a, 0x00, 0x02, 0x00, 0x00, 0x00,
0x04, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x23,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x00, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x23, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x00, 0x01,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x05, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00,
0x00, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x00, 0x01, 0x04, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x21, 0x04, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x04, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x04, 0x04,
0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
0x00,
};
CHECK(run_input<8>(input, sizeof(input)) == 0);
}
#endif
}