pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
compiler-rt-netbsd: Include libfuzzer code from upstream patch
Module Name: pkgsrc-wip
Committed By: Kamil Rytarowski <n54%gmx.com@localhost>
Pushed By: kamil
Date: Sat Aug 19 20:04:51 2017 +0200
Changeset: 21e139d3ae9026bc713de9f2c8caf345b165480e
Modified Files:
compiler-rt-netbsd/distinfo
Added Files:
compiler-rt-netbsd/patches/patch-CMakeLists.txt
compiler-rt-netbsd/patches/patch-cmake_Modules_AddCompilerRT.cmake
compiler-rt-netbsd/patches/patch-cmake_base-config-ix.cmake
compiler-rt-netbsd/patches/patch-cmake_config-ix.cmake
compiler-rt-netbsd/patches/patch-lib_CMakeLists.txt
compiler-rt-netbsd/patches/patch-lib_fuzzer_CMakeLists.txt
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerCorpus.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerCrossOver.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDefs.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDictionary.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDriver.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctions.def
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctions.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsDlsym.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsDlsymWin.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsWeak.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsWeakAlias.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtraCounters.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerFlags.def
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIO.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIO.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIOPosix.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIOWindows.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerInterface.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerInternal.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerLoop.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMain.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMerge.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMerge.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMutate.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMutate.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerOptions.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerRandom.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerSHA1.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerSHA1.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmem.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmemPosix.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmemWindows.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerTracePC.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerTracePC.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtil.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtil.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilDarwin.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilLinux.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilPosix.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilWindows.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerValueBitMap.h
compiler-rt-netbsd/patches/patch-lib_fuzzer_README.txt
compiler-rt-netbsd/patches/patch-lib_fuzzer_afl_afl__driver.cpp
compiler-rt-netbsd/patches/patch-lib_fuzzer_build.sh
compiler-rt-netbsd/patches/patch-lib_fuzzer_cxx.dict
compiler-rt-netbsd/patches/patch-lib_fuzzer_standalone_StandaloneFuzzTargetMain.c
compiler-rt-netbsd/patches/patch-lib_fuzzer_tests_CMakeLists.txt
compiler-rt-netbsd/patches/patch-lib_fuzzer_tests_FuzzerUnittest.cpp
compiler-rt-netbsd/patches/patch-test_CMakeLists.txt
compiler-rt-netbsd/patches/patch-test_fuzzer_AFLDriverTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_AbsNegAndConstant64Test.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_AbsNegAndConstantTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_AccumulateAllocationsTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_BadStrcmpTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_BogusInitializeTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_BufferOverflowOnInput.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_CMakeLists.txt
compiler-rt-netbsd/patches/patch-test_fuzzer_CallerCalleeTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_CleanseTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_CounterTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_CustomCrossOverAndMutateTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_CustomCrossOverTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_CustomMutatorTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_CxxStringEqTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_DSO1.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_DSO2.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_DSOTestExtra.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_DSOTestMain.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_DeepRecursionTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_DivTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_EmptyTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_EquivalenceATest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_EquivalenceBTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_FlagsTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_FourIndependentBranchesTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_FullCoverageSetTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_InitializeTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_LargeTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_LeakTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_LeakTimeoutTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_LoadTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_Memcmp64BytesTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_MemcmpTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_NotinstrumentedTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_NthRunCrashTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_NullDerefOnEmptyTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_NullDerefTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_OneHugeAllocTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_OutOfMemorySingleLargeMallocTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_OutOfMemoryTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_OverwriteInputTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_RepeatedBytesTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_RepeatedMemcmp.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkControlFlowSimpleTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkControlFlowTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkValueProfileTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SignedIntOverflowTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleCmpTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleDictionaryTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleHashTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleThreadedTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SingleByteInputTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SingleMemcmpTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SingleStrcmpTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SingleStrncmpTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SpamyTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_StrcmpTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_StrncmpOOBTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_StrncmpTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_StrstrTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SwapCmpTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_Switch2Test.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_SwitchTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_TableLookupTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_ThreadedLeakTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_ThreadedTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_TimeoutEmptyTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_TimeoutTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_TraceMallocTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_TwoDifferentBugsTest.cpp
compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver-extra-stats.test
compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver-stderr.test
compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver.test
compiler-rt-netbsd/patches/patch-test_fuzzer_bad-strcmp.test
compiler-rt-netbsd/patches/patch-test_fuzzer_caller-callee.test
compiler-rt-netbsd/patches/patch-test_fuzzer_cleanse.test
compiler-rt-netbsd/patches/patch-test_fuzzer_coverage.test
compiler-rt-netbsd/patches/patch-test_fuzzer_cxxstring.test
compiler-rt-netbsd/patches/patch-test_fuzzer_dict1.txt
compiler-rt-netbsd/patches/patch-test_fuzzer_disable-leaks.test
compiler-rt-netbsd/patches/patch-test_fuzzer_dump__coverage.test
compiler-rt-netbsd/patches/patch-test_fuzzer_equivalence-signals.test
compiler-rt-netbsd/patches/patch-test_fuzzer_equivalence.test
compiler-rt-netbsd/patches/patch-test_fuzzer_exit-report.test
compiler-rt-netbsd/patches/patch-test_fuzzer_exit__on__src__pos.test
compiler-rt-netbsd/patches/patch-test_fuzzer_extra-counters.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-customcrossover.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-customcrossoverandmutate.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-custommutator.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-dict.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-dirs.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-fdmask.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-finalstats.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-flags.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-leak.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-oom-with-profile.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-oom.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-printcovpcs.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-runs.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-seed.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-segv.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-singleinputs.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-threaded.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-timeout.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-ubsan.test
compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer.test
compiler-rt-netbsd/patches/patch-test_fuzzer_hi.txt
compiler-rt-netbsd/patches/patch-test_fuzzer_inline-8bit-counters.test
compiler-rt-netbsd/patches/patch-test_fuzzer_lit.cfg
compiler-rt-netbsd/patches/patch-test_fuzzer_lit.site.cfg.in
compiler-rt-netbsd/patches/patch-test_fuzzer_memcmp.test
compiler-rt-netbsd/patches/patch-test_fuzzer_memcmp64.test
compiler-rt-netbsd/patches/patch-test_fuzzer_merge-posix.test
compiler-rt-netbsd/patches/patch-test_fuzzer_merge-summary.test
compiler-rt-netbsd/patches/patch-test_fuzzer_merge.test
compiler-rt-netbsd/patches/patch-test_fuzzer_minimize__crash.test
compiler-rt-netbsd/patches/patch-test_fuzzer_minimize__two__crashes.test
compiler-rt-netbsd/patches/patch-test_fuzzer_overwrite-input.test
compiler-rt-netbsd/patches/patch-test_fuzzer_recommended-dictionary.test
compiler-rt-netbsd/patches/patch-test_fuzzer_reduce__inputs.test
compiler-rt-netbsd/patches/patch-test_fuzzer_repeated-bytes.test
compiler-rt-netbsd/patches/patch-test_fuzzer_shrink.test
compiler-rt-netbsd/patches/patch-test_fuzzer_simple-cmp.test
compiler-rt-netbsd/patches/patch-test_fuzzer_standalone.test
compiler-rt-netbsd/patches/patch-test_fuzzer_strcmp.test
compiler-rt-netbsd/patches/patch-test_fuzzer_strncmp.test
compiler-rt-netbsd/patches/patch-test_fuzzer_strstr.test
compiler-rt-netbsd/patches/patch-test_fuzzer_swap-cmp.test
compiler-rt-netbsd/patches/patch-test_fuzzer_trace-malloc-2.test
compiler-rt-netbsd/patches/patch-test_fuzzer_trace-malloc.test
compiler-rt-netbsd/patches/patch-test_fuzzer_trace-pc.test
compiler-rt-netbsd/patches/patch-test_fuzzer_ulimit.test
compiler-rt-netbsd/patches/patch-test_fuzzer_unit_lit.site.cfg.in
compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp.test
compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp2.test
compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp3.test
compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp4.test
compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-div.test
compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-load.test
compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-mem.test
compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-set.test
compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-strcmp.test
compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-strncmp.test
compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-switch.test
Log Message:
compiler-rt-netbsd: Include libfuzzer code from upstream patch
Moving libFuzzer to compiler-rt
https://reviews.llvm.org/D36908
Sponsored by <The NetBSD Foundation>
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=21e139d3ae9026bc713de9f2c8caf345b165480e
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
compiler-rt-netbsd/distinfo | 201 ++++++
compiler-rt-netbsd/patches/patch-CMakeLists.txt | 13 +
.../patch-cmake_Modules_AddCompilerRT.cmake | 26 +
.../patches/patch-cmake_base-config-ix.cmake | 31 +
.../patches/patch-cmake_config-ix.cmake | 44 ++
.../patches/patch-lib_CMakeLists.txt | 12 +
.../patches/patch-lib_fuzzer_CMakeLists.txt | 65 ++
.../patches/patch-lib_fuzzer_FuzzerCorpus.h | 280 ++++++++
.../patches/patch-lib_fuzzer_FuzzerCrossOver.cpp | 57 ++
.../patches/patch-lib_fuzzer_FuzzerDefs.h | 133 ++++
.../patches/patch-lib_fuzzer_FuzzerDictionary.h | 132 ++++
.../patches/patch-lib_fuzzer_FuzzerDriver.cpp | 769 ++++++++++++++++++++
.../patch-lib_fuzzer_FuzzerExtFunctions.def | 51 ++
.../patches/patch-lib_fuzzer_FuzzerExtFunctions.h | 40 ++
.../patch-lib_fuzzer_FuzzerExtFunctionsDlsym.cpp | 57 ++
...patch-lib_fuzzer_FuzzerExtFunctionsDlsymWin.cpp | 67 ++
.../patch-lib_fuzzer_FuzzerExtFunctionsWeak.cpp | 59 ++
...atch-lib_fuzzer_FuzzerExtFunctionsWeakAlias.cpp | 61 ++
.../patch-lib_fuzzer_FuzzerExtraCounters.cpp | 46 ++
.../patches/patch-lib_fuzzer_FuzzerFlags.def | 144 ++++
.../patches/patch-lib_fuzzer_FuzzerIO.cpp | 125 ++++
.../patches/patch-lib_fuzzer_FuzzerIO.h | 81 +++
.../patches/patch-lib_fuzzer_FuzzerIOPosix.cpp | 128 ++++
.../patches/patch-lib_fuzzer_FuzzerIOWindows.cpp | 328 +++++++++
.../patches/patch-lib_fuzzer_FuzzerInterface.h | 72 ++
.../patches/patch-lib_fuzzer_FuzzerInternal.h | 155 +++++
.../patches/patch-lib_fuzzer_FuzzerLoop.cpp | 726 +++++++++++++++++++
.../patches/patch-lib_fuzzer_FuzzerMain.cpp | 26 +
.../patches/patch-lib_fuzzer_FuzzerMerge.cpp | 343 +++++++++
.../patches/patch-lib_fuzzer_FuzzerMerge.h | 85 +++
.../patches/patch-lib_fuzzer_FuzzerMutate.cpp | 538 ++++++++++++++
.../patches/patch-lib_fuzzer_FuzzerMutate.h | 155 +++++
.../patches/patch-lib_fuzzer_FuzzerOptions.h | 73 ++
.../patches/patch-lib_fuzzer_FuzzerRandom.h | 39 ++
.../patches/patch-lib_fuzzer_FuzzerSHA1.cpp | 227 ++++++
.../patches/patch-lib_fuzzer_FuzzerSHA1.h | 38 +
.../patches/patch-lib_fuzzer_FuzzerShmem.h | 74 ++
.../patches/patch-lib_fuzzer_FuzzerShmemPosix.cpp | 108 +++
.../patch-lib_fuzzer_FuzzerShmemWindows.cpp | 69 ++
.../patches/patch-lib_fuzzer_FuzzerTracePC.cpp | 571 +++++++++++++++
.../patches/patch-lib_fuzzer_FuzzerTracePC.h | 258 +++++++
.../patches/patch-lib_fuzzer_FuzzerUtil.cpp | 220 ++++++
.../patches/patch-lib_fuzzer_FuzzerUtil.h | 89 +++
.../patches/patch-lib_fuzzer_FuzzerUtilDarwin.cpp | 166 +++++
.../patches/patch-lib_fuzzer_FuzzerUtilLinux.cpp | 29 +
.../patches/patch-lib_fuzzer_FuzzerUtilPosix.cpp | 149 ++++
.../patches/patch-lib_fuzzer_FuzzerUtilWindows.cpp | 198 ++++++
.../patches/patch-lib_fuzzer_FuzzerValueBitMap.h | 78 +++
.../patches/patch-lib_fuzzer_README.txt | 7 +
.../patches/patch-lib_fuzzer_afl_afl__driver.cpp | 340 +++++++++
.../patches/patch-lib_fuzzer_build.sh | 16 +
.../patches/patch-lib_fuzzer_cxx.dict | 127 ++++
...ib_fuzzer_standalone_StandaloneFuzzTargetMain.c | 46 ++
.../patches/patch-lib_fuzzer_tests_CMakeLists.txt | 51 ++
.../patch-lib_fuzzer_tests_FuzzerUnittest.cpp | 773 +++++++++++++++++++++
.../patches/patch-test_CMakeLists.txt | 12 +
.../patches/patch-test_fuzzer_AFLDriverTest.cpp | 33 +
.../patch-test_fuzzer_AbsNegAndConstant64Test.cpp | 29 +
.../patch-test_fuzzer_AbsNegAndConstantTest.cpp | 29 +
...patch-test_fuzzer_AccumulateAllocationsTest.cpp | 22 +
.../patches/patch-test_fuzzer_BadStrcmpTest.cpp | 24 +
.../patch-test_fuzzer_BogusInitializeTest.cpp | 20 +
.../patch-test_fuzzer_BufferOverflowOnInput.cpp | 29 +
.../patches/patch-test_fuzzer_CMakeLists.txt | 45 ++
.../patches/patch-test_fuzzer_CallerCalleeTest.cpp | 64 ++
.../patches/patch-test_fuzzer_CleanseTest.cpp | 21 +
.../patches/patch-test_fuzzer_CounterTest.cpp | 23 +
...ch-test_fuzzer_CustomCrossOverAndMutateTest.cpp | 39 ++
.../patch-test_fuzzer_CustomCrossOverTest.cpp | 69 ++
.../patch-test_fuzzer_CustomMutatorTest.cpp | 44 ++
.../patches/patch-test_fuzzer_CxxStringEqTest.cpp | 30 +
.../patches/patch-test_fuzzer_DSO1.cpp | 19 +
.../patches/patch-test_fuzzer_DSO2.cpp | 19 +
.../patches/patch-test_fuzzer_DSOTestExtra.cpp | 16 +
.../patches/patch-test_fuzzer_DSOTestMain.cpp | 36 +
.../patch-test_fuzzer_DeepRecursionTest.cpp | 30 +
.../patches/patch-test_fuzzer_DivTest.cpp | 25 +
.../patches/patch-test_fuzzer_EmptyTest.cpp | 16 +
.../patches/patch-test_fuzzer_EquivalenceATest.cpp | 22 +
.../patches/patch-test_fuzzer_EquivalenceBTest.cpp | 32 +
.../patches/patch-test_fuzzer_FlagsTest.cpp | 37 +
...tch-test_fuzzer_FourIndependentBranchesTest.cpp | 27 +
.../patch-test_fuzzer_FullCoverageSetTest.cpp | 29 +
.../patches/patch-test_fuzzer_InitializeTest.cpp | 33 +
.../patches/patch-test_fuzzer_LargeTest.cpp | 42 ++
.../patches/patch-test_fuzzer_LeakTest.cpp | 22 +
.../patches/patch-test_fuzzer_LeakTimeoutTest.cpp | 22 +
.../patches/patch-test_fuzzer_LoadTest.cpp | 27 +
.../patch-test_fuzzer_Memcmp64BytesTest.cpp | 25 +
.../patches/patch-test_fuzzer_MemcmpTest.cpp | 36 +
.../patch-test_fuzzer_NotinstrumentedTest.cpp | 16 +
.../patches/patch-test_fuzzer_NthRunCrashTest.cpp | 24 +
.../patch-test_fuzzer_NullDerefOnEmptyTest.cpp | 24 +
.../patches/patch-test_fuzzer_NullDerefTest.cpp | 31 +
.../patches/patch-test_fuzzer_OneHugeAllocTest.cpp | 33 +
...est_fuzzer_OutOfMemorySingleLargeMallocTest.cpp | 32 +
.../patches/patch-test_fuzzer_OutOfMemoryTest.cpp | 36 +
.../patch-test_fuzzer_OverwriteInputTest.cpp | 18 +
.../patch-test_fuzzer_RepeatedBytesTest.cpp | 36 +
.../patches/patch-test_fuzzer_RepeatedMemcmp.cpp | 29 +
...tch-test_fuzzer_ShrinkControlFlowSimpleTest.cpp | 24 +
.../patch-test_fuzzer_ShrinkControlFlowTest.cpp | 36 +
.../patch-test_fuzzer_ShrinkValueProfileTest.cpp | 27 +
.../patch-test_fuzzer_SignedIntOverflowTest.cpp | 33 +
.../patches/patch-test_fuzzer_SimpleCmpTest.cpp | 52 ++
.../patch-test_fuzzer_SimpleDictionaryTest.cpp | 35 +
.../patches/patch-test_fuzzer_SimpleHashTest.cpp | 45 ++
.../patches/patch-test_fuzzer_SimpleTest.cpp | 33 +
.../patch-test_fuzzer_SimpleThreadedTest.cpp | 31 +
.../patch-test_fuzzer_SingleByteInputTest.cpp | 22 +
.../patches/patch-test_fuzzer_SingleMemcmpTest.cpp | 22 +
.../patches/patch-test_fuzzer_SingleStrcmpTest.cpp | 26 +
.../patch-test_fuzzer_SingleStrncmpTest.cpp | 23 +
.../patches/patch-test_fuzzer_SpamyTest.cpp | 26 +
.../patches/patch-test_fuzzer_StrcmpTest.cpp | 37 +
.../patches/patch-test_fuzzer_StrncmpOOBTest.cpp | 26 +
.../patches/patch-test_fuzzer_StrncmpTest.cpp | 33 +
.../patches/patch-test_fuzzer_StrstrTest.cpp | 33 +
.../patches/patch-test_fuzzer_SwapCmpTest.cpp | 40 ++
.../patches/patch-test_fuzzer_Switch2Test.cpp | 40 ++
.../patches/patch-test_fuzzer_SwitchTest.cpp | 63 ++
.../patches/patch-test_fuzzer_TableLookupTest.cpp | 49 ++
.../patches/patch-test_fuzzer_ThreadedLeakTest.cpp | 23 +
.../patches/patch-test_fuzzer_ThreadedTest.cpp | 31 +
.../patches/patch-test_fuzzer_TimeoutEmptyTest.cpp | 19 +
.../patches/patch-test_fuzzer_TimeoutTest.cpp | 31 +
.../patches/patch-test_fuzzer_TraceMallocTest.cpp | 32 +
.../patch-test_fuzzer_TwoDifferentBugsTest.cpp | 27 +
.../patch-test_fuzzer_afl-driver-extra-stats.test | 35 +
.../patch-test_fuzzer_afl-driver-stderr.test | 17 +
.../patches/patch-test_fuzzer_afl-driver.test | 34 +
.../patches/patch-test_fuzzer_bad-strcmp.test | 7 +
.../patches/patch-test_fuzzer_caller-callee.test | 8 +
.../patches/patch-test_fuzzer_cleanse.test | 9 +
.../patches/patch-test_fuzzer_coverage.test | 26 +
.../patches/patch-test_fuzzer_cxxstring.test | 11 +
.../patches/patch-test_fuzzer_dict1.txt | 9 +
.../patches/patch-test_fuzzer_disable-leaks.test | 10 +
.../patches/patch-test_fuzzer_dump__coverage.test | 25 +
.../patch-test_fuzzer_equivalence-signals.test | 14 +
.../patches/patch-test_fuzzer_equivalence.test | 14 +
.../patches/patch-test_fuzzer_exit-report.test | 11 +
.../patch-test_fuzzer_exit__on__src__pos.test | 13 +
.../patches/patch-test_fuzzer_extra-counters.test | 12 +
.../patch-test_fuzzer_fuzzer-customcrossover.test | 17 +
...est_fuzzer_fuzzer-customcrossoverandmutate.test | 7 +
.../patch-test_fuzzer_fuzzer-custommutator.test | 10 +
.../patches/patch-test_fuzzer_fuzzer-dict.test | 13 +
.../patches/patch-test_fuzzer_fuzzer-dirs.test | 26 +
.../patches/patch-test_fuzzer_fuzzer-fdmask.test | 37 +
.../patch-test_fuzzer_fuzzer-finalstats.test | 17 +
.../patches/patch-test_fuzzer_fuzzer-flags.test | 24 +
.../patches/patch-test_fuzzer_fuzzer-leak.test | 42 ++
.../patch-test_fuzzer_fuzzer-oom-with-profile.test | 12 +
.../patches/patch-test_fuzzer_fuzzer-oom.test | 25 +
.../patch-test_fuzzer_fuzzer-printcovpcs.test | 14 +
.../patches/patch-test_fuzzer_fuzzer-runs.test | 14 +
.../patches/patch-test_fuzzer_fuzzer-seed.test | 9 +
.../patches/patch-test_fuzzer_fuzzer-segv.test | 13 +
.../patch-test_fuzzer_fuzzer-singleinputs.test | 24 +
.../patches/patch-test_fuzzer_fuzzer-threaded.test | 13 +
.../patches/patch-test_fuzzer_fuzzer-timeout.test | 26 +
.../patches/patch-test_fuzzer_fuzzer-ubsan.test | 10 +
.../patches/patch-test_fuzzer_fuzzer.test | 75 ++
.../patches/patch-test_fuzzer_hi.txt | 7 +
.../patch-test_fuzzer_inline-8bit-counters.test | 10 +
.../patches/patch-test_fuzzer_lit.cfg | 85 +++
.../patches/patch-test_fuzzer_lit.site.cfg.in | 22 +
.../patches/patch-test_fuzzer_memcmp.test | 8 +
.../patches/patch-test_fuzzer_memcmp64.test | 8 +
.../patches/patch-test_fuzzer_merge-posix.test | 28 +
.../patches/patch-test_fuzzer_merge-summary.test | 22 +
.../patches/patch-test_fuzzer_merge.test | 60 ++
.../patches/patch-test_fuzzer_minimize__crash.test | 21 +
.../patch-test_fuzzer_minimize__two__crashes.test | 23 +
.../patches/patch-test_fuzzer_overwrite-input.test | 8 +
.../patch-test_fuzzer_recommended-dictionary.test | 11 +
.../patches/patch-test_fuzzer_reduce__inputs.test | 21 +
.../patches/patch-test_fuzzer_repeated-bytes.test | 8 +
.../patches/patch-test_fuzzer_shrink.test | 15 +
.../patches/patch-test_fuzzer_simple-cmp.test | 8 +
.../patches/patch-test_fuzzer_standalone.test | 13 +
.../patches/patch-test_fuzzer_strcmp.test | 9 +
.../patches/patch-test_fuzzer_strncmp.test | 9 +
.../patches/patch-test_fuzzer_strstr.test | 9 +
.../patches/patch-test_fuzzer_swap-cmp.test | 8 +
.../patches/patch-test_fuzzer_trace-malloc-2.test | 15 +
.../patches/patch-test_fuzzer_trace-malloc.test | 12 +
.../patches/patch-test_fuzzer_trace-pc.test | 8 +
.../patches/patch-test_fuzzer_ulimit.test | 8 +
.../patches/patch-test_fuzzer_unit_lit.site.cfg.in | 14 +
.../patch-test_fuzzer_value-profile-cmp.test | 8 +
.../patch-test_fuzzer_value-profile-cmp2.test | 8 +
.../patch-test_fuzzer_value-profile-cmp3.test | 8 +
.../patch-test_fuzzer_value-profile-cmp4.test | 8 +
.../patch-test_fuzzer_value-profile-div.test | 9 +
.../patch-test_fuzzer_value-profile-load.test | 8 +
.../patch-test_fuzzer_value-profile-mem.test | 8 +
.../patch-test_fuzzer_value-profile-set.test | 9 +
.../patch-test_fuzzer_value-profile-strcmp.test | 8 +
.../patch-test_fuzzer_value-profile-strncmp.test | 8 +
.../patch-test_fuzzer_value-profile-switch.test | 10 +
202 files changed, 12287 insertions(+)
diffs:
diff --git a/compiler-rt-netbsd/distinfo b/compiler-rt-netbsd/distinfo
index 3cecd0929f..4e7b031b9b 100644
--- a/compiler-rt-netbsd/distinfo
+++ b/compiler-rt-netbsd/distinfo
@@ -12,6 +12,207 @@ Size (libcxx-3.6.2.src.tar.xz) = 944020 bytes
SHA1 (llvm-3.6.2.src.tar.xz) = 7a00257eb2bc9431e4c77c3a36b033072c54bc7e
RMD160 (llvm-3.6.2.src.tar.xz) = 521cbc5fe2925ea3c6e90c7a31f752a04045c972
Size (llvm-3.6.2.src.tar.xz) = 12802380 bytes
+SHA1 (patch-CMakeLists.txt) = ec39ee9f70dd8a00c3ce3740f1d83087049022ac
+SHA1 (patch-cmake_Modules_AddCompilerRT.cmake) = 1932fdd666b5a6ca5390c721cd0fb00ec82ea230
+SHA1 (patch-cmake_base-config-ix.cmake) = 769409d3071ff8a2aac266c00adf9a80134873c5
+SHA1 (patch-cmake_config-ix.cmake) = 648bf0b34b4b3e37e51758c453604b0f883250e0
+SHA1 (patch-lib_CMakeLists.txt) = 4b04484d6cdfd234e38112604c5e4f39e1da80e4
SHA1 (patch-lib_asan_asan__mapping.h) = 73f5f33e946868b4780864e633916376b11b16f1
+SHA1 (patch-lib_fuzzer_CMakeLists.txt) = 6b7cbef3eae92feb2b3cb1a859b8c6bd94a39b8f
+SHA1 (patch-lib_fuzzer_FuzzerCorpus.h) = b0a51d89bbd2b3e598b6ac54cb4f94a0fe15a9b1
+SHA1 (patch-lib_fuzzer_FuzzerCrossOver.cpp) = c8629812dfdd2650ca23f5f3cd0087c08657c3ad
+SHA1 (patch-lib_fuzzer_FuzzerDefs.h) = 3cdea2fdfa7690c4eb2ea091be042d86127e9c1e
+SHA1 (patch-lib_fuzzer_FuzzerDictionary.h) = 35d7b4e56383da78d09f4380de6f17ddea8b29ca
+SHA1 (patch-lib_fuzzer_FuzzerDriver.cpp) = 0974c17b8ad6f7abd18d188afc2adc08b4d1e82c
+SHA1 (patch-lib_fuzzer_FuzzerExtFunctions.def) = e0d6fa69c0180f1862696e4d176547668a934793
+SHA1 (patch-lib_fuzzer_FuzzerExtFunctions.h) = fe82a8654610c5e38c8c67ace47f0e89832dab5b
+SHA1 (patch-lib_fuzzer_FuzzerExtFunctionsDlsym.cpp) = 5cfbac20b75a40306fd2906e199b8e1f015093c1
+SHA1 (patch-lib_fuzzer_FuzzerExtFunctionsDlsymWin.cpp) = f6d9fd9a0a8e3bd4b132624a1fea856178a7b6c1
+SHA1 (patch-lib_fuzzer_FuzzerExtFunctionsWeak.cpp) = 280740f903c4e2897ea086590bf26e96fe77cbcc
+SHA1 (patch-lib_fuzzer_FuzzerExtFunctionsWeakAlias.cpp) = 40c59d86385e26ffef4c38866ffdd0bae3aa9d6b
+SHA1 (patch-lib_fuzzer_FuzzerExtraCounters.cpp) = 2ed133bbf82b40c94f3e228ae0fd90bc816c2aef
+SHA1 (patch-lib_fuzzer_FuzzerFlags.def) = 0e8fbdcbf99af13f4fc7fcf657f65c2e72d955f7
+SHA1 (patch-lib_fuzzer_FuzzerIO.cpp) = b0a6d9c69817b5f852bed78ab849418497405063
+SHA1 (patch-lib_fuzzer_FuzzerIO.h) = 01c691ec62c22ca62b5633f0d5f69bc6078870f5
+SHA1 (patch-lib_fuzzer_FuzzerIOPosix.cpp) = 566179d2ca897d7052858d86bc3f106b4dc7ccf6
+SHA1 (patch-lib_fuzzer_FuzzerIOWindows.cpp) = a6e654d6d4d45f908b6cca8c8c70b82cc4319203
+SHA1 (patch-lib_fuzzer_FuzzerInterface.h) = f5a5f58cd02caf2fbd4c4ee2b42e77d41440e653
+SHA1 (patch-lib_fuzzer_FuzzerInternal.h) = 6bcaadb4ffecd62ae2efe853ead0671955384aa5
+SHA1 (patch-lib_fuzzer_FuzzerLoop.cpp) = f4f5c736d995eb0789ad212b514ce04386a56335
+SHA1 (patch-lib_fuzzer_FuzzerMain.cpp) = 2ed302c0ee19f3e536a534c3a534a2a8e6cde731
+SHA1 (patch-lib_fuzzer_FuzzerMerge.cpp) = a370c46f85e6d56a56aa41be41d8e5b94b439b32
+SHA1 (patch-lib_fuzzer_FuzzerMerge.h) = 94a06f48cce13b8a991d93d715c5654fe1c65297
+SHA1 (patch-lib_fuzzer_FuzzerMutate.cpp) = 60bb278755009812cbecedfed25a43c547372698
+SHA1 (patch-lib_fuzzer_FuzzerMutate.h) = c31a320cf9d93c1ab4f854dbedd27814b1de555e
+SHA1 (patch-lib_fuzzer_FuzzerOptions.h) = 85de64f16a75e882a09a33e8bbdf91077c4ba78f
+SHA1 (patch-lib_fuzzer_FuzzerRandom.h) = 406ce8079d2709dd274f506e479ecaabcfb64439
+SHA1 (patch-lib_fuzzer_FuzzerSHA1.cpp) = a56f74c19d9554844cdb3d1bef43c3944a0058b1
+SHA1 (patch-lib_fuzzer_FuzzerSHA1.h) = bc73e78a8b4dfdcda320fd43db8d83473c67f7e5
+SHA1 (patch-lib_fuzzer_FuzzerShmem.h) = 4ae17db488cf0e268d56011e7ab3edcbce98d726
+SHA1 (patch-lib_fuzzer_FuzzerShmemPosix.cpp) = 14a752e4c2777f0b2b247775c438143dd614004a
+SHA1 (patch-lib_fuzzer_FuzzerShmemWindows.cpp) = d436d2b53a1b45253c3d13406d19369f0ee91efc
+SHA1 (patch-lib_fuzzer_FuzzerTracePC.cpp) = 2300694504f8cb96aeae5951fdc3bbf911fa83b6
+SHA1 (patch-lib_fuzzer_FuzzerTracePC.h) = aca4959242065c2a53d4f0a463c4d9c2d8a35339
+SHA1 (patch-lib_fuzzer_FuzzerUtil.cpp) = 326170868dbaed4856794ca270eaed3ce4a35ae0
+SHA1 (patch-lib_fuzzer_FuzzerUtil.h) = 8a2c7cc510df9fa25a839de63d7018ac9c9bfb31
+SHA1 (patch-lib_fuzzer_FuzzerUtilDarwin.cpp) = e9eef8692ae3910c2c974f83b344093aa60d5060
+SHA1 (patch-lib_fuzzer_FuzzerUtilLinux.cpp) = 6ac9c2fa0880b2095a210778bdd7d5668419e3c3
+SHA1 (patch-lib_fuzzer_FuzzerUtilPosix.cpp) = 79ee126359d08d29d2f62844b4113a14afa13c36
+SHA1 (patch-lib_fuzzer_FuzzerUtilWindows.cpp) = a795cf6ff0061d5bb085380dfd08f804d0e01009
+SHA1 (patch-lib_fuzzer_FuzzerValueBitMap.h) = ae4d0d89b45316fe64c3050883318dba5979ea65
+SHA1 (patch-lib_fuzzer_README.txt) = 7f879642761ad510d3a4832324443d0274113113
+SHA1 (patch-lib_fuzzer_afl_afl__driver.cpp) = 1299afe427afe20cd91e89a2434720d20c56951f
+SHA1 (patch-lib_fuzzer_build.sh) = 51583bbb85fd43514aa864a8912d58b682ccc2c8
+SHA1 (patch-lib_fuzzer_cxx.dict) = d4605b9ebd83d3f155849d971c06ef07311b10ec
+SHA1 (patch-lib_fuzzer_standalone_StandaloneFuzzTargetMain.c) = d0470b6d4a3cfdb51cb0d843aca824e96a37deb9
+SHA1 (patch-lib_fuzzer_tests_CMakeLists.txt) = f8062b33e8114fefbf0663f2c2871da7482956b2
+SHA1 (patch-lib_fuzzer_tests_FuzzerUnittest.cpp) = d2c25d452c1bdda4274196784e4fb3c0341e3303
SHA1 (patch-lib_sanitizer__common_sanitizer__platform__limits__posix.cc) = 36a89517584891a1a50536a681a5d42e99ef904d
SHA1 (patch-lib_sanitizer__common_sanitizer__platform__limits__posix.h) = 89302e7b40901faaa471cdd76eefa222a0cc055d
+SHA1 (patch-test_CMakeLists.txt) = 4e41e3cc229e635e3313ac4dbf3c83f5aacebd3a
+SHA1 (patch-test_fuzzer_AFLDriverTest.cpp) = ffd2e795de5868530013642c59e9689f44af197d
+SHA1 (patch-test_fuzzer_AbsNegAndConstant64Test.cpp) = 62591fcdc9d41ce59c4027d949d25d8b63dbc8fc
+SHA1 (patch-test_fuzzer_AbsNegAndConstantTest.cpp) = d1907da76e5375d03c804b5632f64932c9fc5861
+SHA1 (patch-test_fuzzer_AccumulateAllocationsTest.cpp) = 8cb89a4daae074138f0c0e3ed69cd58514cfc3f9
+SHA1 (patch-test_fuzzer_BadStrcmpTest.cpp) = cccc525e209a474d72b0d677aa9b153d18e2b9fd
+SHA1 (patch-test_fuzzer_BogusInitializeTest.cpp) = 0e8812f25dea699c81229a4f6004940c02616d6d
+SHA1 (patch-test_fuzzer_BufferOverflowOnInput.cpp) = ba858010c0b21c98b3fb864b2777a6c5c144901c
+SHA1 (patch-test_fuzzer_CMakeLists.txt) = 99c0738daace8dc3c277de66cababab6ae72962f
+SHA1 (patch-test_fuzzer_CallerCalleeTest.cpp) = fe28132e931d2c4549be0cad9aeedc2e0f918e76
+SHA1 (patch-test_fuzzer_CleanseTest.cpp) = cd5098c4e99d754ac436ca1b1187fb3c1af730fd
+SHA1 (patch-test_fuzzer_CounterTest.cpp) = 3c95f80badfe2459340243846f7c2d350947f243
+SHA1 (patch-test_fuzzer_CustomCrossOverAndMutateTest.cpp) = 2a6fb8c39042466c93b3f9606fc839c44dc4d602
+SHA1 (patch-test_fuzzer_CustomCrossOverTest.cpp) = 42d526af7943c9123e00e088c694ed1d951495b1
+SHA1 (patch-test_fuzzer_CustomMutatorTest.cpp) = e90fb3dfd6bde27040f085193b8fe438cf346dac
+SHA1 (patch-test_fuzzer_CxxStringEqTest.cpp) = 2641a54e57f8257dd148a52451f7b28c3699c9a8
+SHA1 (patch-test_fuzzer_DSO1.cpp) = 287cf296fc2a1da2d0ca258284d0d2de50f608e8
+SHA1 (patch-test_fuzzer_DSO2.cpp) = 2160013d4a2b7eab91b595b27cad699271a92162
+SHA1 (patch-test_fuzzer_DSOTestExtra.cpp) = 091d452c88679c68472cef9aeaaa78a01c8f0a62
+SHA1 (patch-test_fuzzer_DSOTestMain.cpp) = 6e12517754780af474882f9a5efc1c2b9b0c5070
+SHA1 (patch-test_fuzzer_DeepRecursionTest.cpp) = 5eb110e8d3cbbf115f9163a18bf7d6e71038a6c3
+SHA1 (patch-test_fuzzer_DivTest.cpp) = 0a26306078ae99699948f5fd13f7a34e4f339ab7
+SHA1 (patch-test_fuzzer_EmptyTest.cpp) = 73110fa09fe8d6e3131f8d8e438c0e1453dc1e19
+SHA1 (patch-test_fuzzer_EquivalenceATest.cpp) = d0a8c5850ce4a41e959ccf73e37f4adbc3f632b3
+SHA1 (patch-test_fuzzer_EquivalenceBTest.cpp) = f74b70b956d7bcae1200fd6f32d2af81f9421e24
+SHA1 (patch-test_fuzzer_FlagsTest.cpp) = ddf442359561b8cfd0f2b43a994d8091671b9722
+SHA1 (patch-test_fuzzer_FourIndependentBranchesTest.cpp) = 7eba908ba8acfa59b8a01e7cec9eb023d95b8d80
+SHA1 (patch-test_fuzzer_FullCoverageSetTest.cpp) = 627403c538792cca5f20902e461c475a8a353d04
+SHA1 (patch-test_fuzzer_InitializeTest.cpp) = 4a5c23a6ef121aa198d2f9c9556d73be4d473b3d
+SHA1 (patch-test_fuzzer_LargeTest.cpp) = 0fe7ece6e9da26e2ab8e30d28249f926667fde3f
+SHA1 (patch-test_fuzzer_LeakTest.cpp) = c441ca88f63b68212ec3326e8b8cc5ada9b62825
+SHA1 (patch-test_fuzzer_LeakTimeoutTest.cpp) = 590b6f2feaced401167c5abe9ff757750e72d04e
+SHA1 (patch-test_fuzzer_LoadTest.cpp) = 0c5509d3b5cac37303b1dad4c33efea6109df23a
+SHA1 (patch-test_fuzzer_Memcmp64BytesTest.cpp) = 018c47fdfabc069bd18588f6d735fab8826155f4
+SHA1 (patch-test_fuzzer_MemcmpTest.cpp) = f91d1dc2553f3685d4d8b6899cf90c6cbeb069a3
+SHA1 (patch-test_fuzzer_NotinstrumentedTest.cpp) = da05af6ac3985af402e82d0b47e9b02692e91418
+SHA1 (patch-test_fuzzer_NthRunCrashTest.cpp) = 7dbb0eb3b7431d34b8de0fd7a44716a508c2a97e
+SHA1 (patch-test_fuzzer_NullDerefOnEmptyTest.cpp) = 22939fa2d8d3a8401543a8cdf00887e417bc2080
+SHA1 (patch-test_fuzzer_NullDerefTest.cpp) = 17d6c9c6b477895c21777b8555d5ad765ac727d1
+SHA1 (patch-test_fuzzer_OneHugeAllocTest.cpp) = 09915a3624850c7f3ff90a1251f980e7d171c32c
+SHA1 (patch-test_fuzzer_OutOfMemorySingleLargeMallocTest.cpp) = 16ce5595199d12525b8954acc1aeaf7706272879
+SHA1 (patch-test_fuzzer_OutOfMemoryTest.cpp) = dff3ff6e335746bbe4dc913b447454ecb0da751d
+SHA1 (patch-test_fuzzer_OverwriteInputTest.cpp) = 09db1b5602712078d2b5930372fdc4e690fb3f67
+SHA1 (patch-test_fuzzer_RepeatedBytesTest.cpp) = a58f53a050136dd1791be2e6c4c88e11d81e052f
+SHA1 (patch-test_fuzzer_RepeatedMemcmp.cpp) = 614f732f8009a5ab71767154097bc70af2bd47c4
+SHA1 (patch-test_fuzzer_ShrinkControlFlowSimpleTest.cpp) = 084e175b22d5c2a902d007a70217133a375a3d86
+SHA1 (patch-test_fuzzer_ShrinkControlFlowTest.cpp) = 78aece67ac6281879a62c84a83fec68957a0260a
+SHA1 (patch-test_fuzzer_ShrinkValueProfileTest.cpp) = ea11bc7bea7a9aac6b8c11c85e566e7997cead49
+SHA1 (patch-test_fuzzer_SignedIntOverflowTest.cpp) = 3198e2f4e1451bcd4896c4ac96c33d303385a1f5
+SHA1 (patch-test_fuzzer_SimpleCmpTest.cpp) = dd71743d7ca8ed2f4992e93125e528098de0edae
+SHA1 (patch-test_fuzzer_SimpleDictionaryTest.cpp) = 27104bc987f6354a9b895d523c48723b91be4d71
+SHA1 (patch-test_fuzzer_SimpleHashTest.cpp) = 45fc9b3b2d9b929409b2dad447d3f9bafe000e5e
+SHA1 (patch-test_fuzzer_SimpleTest.cpp) = 9c15b75db99533c576fbb37d96b8bbb466a20b05
+SHA1 (patch-test_fuzzer_SimpleThreadedTest.cpp) = 64a45c53c00493ec422d02b36ec069466e2fb29a
+SHA1 (patch-test_fuzzer_SingleByteInputTest.cpp) = b10ad4a8cdc477bb23dd4f7cb8f16741d13abee3
+SHA1 (patch-test_fuzzer_SingleMemcmpTest.cpp) = f7bbae1ca1c6728824409f0d0932f02a3dda2d21
+SHA1 (patch-test_fuzzer_SingleStrcmpTest.cpp) = 907cdb4277a709371d328815b5e465ae2bed9c33
+SHA1 (patch-test_fuzzer_SingleStrncmpTest.cpp) = 0c9aeda1835e54fcc98dfd73c55266203472947a
+SHA1 (patch-test_fuzzer_SpamyTest.cpp) = 672f5bdbbc9107084e36059c428b2af2dab3bee2
+SHA1 (patch-test_fuzzer_StrcmpTest.cpp) = 6636ba325a8c7077b946a2aa9baaf260f6c5f8bf
+SHA1 (patch-test_fuzzer_StrncmpOOBTest.cpp) = 3bc284ac84ed0c7e2297ed9591b52ab7f3b76238
+SHA1 (patch-test_fuzzer_StrncmpTest.cpp) = 4d1ebc79aa5afc1c3dc60b53c94c82d5ae02692a
+SHA1 (patch-test_fuzzer_StrstrTest.cpp) = b1b18923b92c74da172bb033a4201e8a4463bcf5
+SHA1 (patch-test_fuzzer_SwapCmpTest.cpp) = a72b9acdb2d4a25b1f5a03fec576e9b4374e4e89
+SHA1 (patch-test_fuzzer_Switch2Test.cpp) = ca29f0d815e2d31bd1d00b04b446f1c1c447f51b
+SHA1 (patch-test_fuzzer_SwitchTest.cpp) = fcf657601181de0777295f975d92eb3ef62f3349
+SHA1 (patch-test_fuzzer_TableLookupTest.cpp) = ac9eb6cd2974477a2c28f4d02270d32765e8f712
+SHA1 (patch-test_fuzzer_ThreadedLeakTest.cpp) = f78ece07780d215cebc8fbd05fa9b2da1e11577b
+SHA1 (patch-test_fuzzer_ThreadedTest.cpp) = 12f649aaf1c564a73c13e974a59cb6e2bc397233
+SHA1 (patch-test_fuzzer_TimeoutEmptyTest.cpp) = 886c9881ef54d7442c7958f5ad72966347f6f5fd
+SHA1 (patch-test_fuzzer_TimeoutTest.cpp) = 1f470f352a57fe83647ed7e7eeda429318480a84
+SHA1 (patch-test_fuzzer_TraceMallocTest.cpp) = 56abe8b21ba2aabb6ec8551f9b0a40ee2b1501f9
+SHA1 (patch-test_fuzzer_TwoDifferentBugsTest.cpp) = 5e1574773191f1ba75ad09dc2b21eb97ad144413
+SHA1 (patch-test_fuzzer_afl-driver-extra-stats.test) = 42e9ee24de05476a4d901e08cd2afc2543ff3636
+SHA1 (patch-test_fuzzer_afl-driver-stderr.test) = ea9d10f2f2e4536334642c0e0976d30fb746c4e4
+SHA1 (patch-test_fuzzer_afl-driver.test) = 27c6561d310087517e64b33e8922420ea2712179
+SHA1 (patch-test_fuzzer_bad-strcmp.test) = 29a00e81662b4a70a52043e437b516330b734f27
+SHA1 (patch-test_fuzzer_caller-callee.test) = 73365188f844f02790b15474c059d6bf252c755b
+SHA1 (patch-test_fuzzer_cleanse.test) = 6c536e5a9ad2a7e9fab4fa9313d3d845d5f71403
+SHA1 (patch-test_fuzzer_coverage.test) = 9d24c750b7b31e59ed10f75714a18c04ee29edcc
+SHA1 (patch-test_fuzzer_cxxstring.test) = 9e3918cb4988e60a05709f622cadbbb9d2b4566a
+SHA1 (patch-test_fuzzer_dict1.txt) = ff448eaf8f07f6893848b4dca9342b85296875cb
+SHA1 (patch-test_fuzzer_disable-leaks.test) = 83e06f0b4eef777db91311e15fc13788757d7879
+SHA1 (patch-test_fuzzer_dump__coverage.test) = 3019866d1c52c06824684bde65e2bdaf752453d0
+SHA1 (patch-test_fuzzer_equivalence-signals.test) = 00514dd5594187e2aa4790372f3b1a797cfd5df9
+SHA1 (patch-test_fuzzer_equivalence.test) = a2a5762244a2ca9ba92fd8666f34addddc295599
+SHA1 (patch-test_fuzzer_exit-report.test) = f3924839a6a5fed71e0f56367aead19f071f45a4
+SHA1 (patch-test_fuzzer_exit__on__src__pos.test) = 95a6038cb59f3f385552ee3cfd022a7da9147e17
+SHA1 (patch-test_fuzzer_extra-counters.test) = 31a7d4da0d75feb7bfd0d71333bb113caf4d3be5
+SHA1 (patch-test_fuzzer_fuzzer-customcrossover.test) = 26c2af2c9f22d2aa3159591f537e53cce50a9406
+SHA1 (patch-test_fuzzer_fuzzer-customcrossoverandmutate.test) = 87e4008e601baf37659d0e200a5954c9ac44d4d6
+SHA1 (patch-test_fuzzer_fuzzer-custommutator.test) = 72a22258c6c75757a66e13df668d8dc97015a9fe
+SHA1 (patch-test_fuzzer_fuzzer-dict.test) = 0ee8f2e10893f9c410df13e3a78149cb402bf0cb
+SHA1 (patch-test_fuzzer_fuzzer-dirs.test) = 57bfc956cd62ddad6ac0f8f1fa904590e62bd7d7
+SHA1 (patch-test_fuzzer_fuzzer-fdmask.test) = 22fa497c8644aff742a9144443de7dfe60a04943
+SHA1 (patch-test_fuzzer_fuzzer-finalstats.test) = 6136c3dc23d251b50c657f0627a4fee10c7f927a
+SHA1 (patch-test_fuzzer_fuzzer-flags.test) = 730f167708ed4d2db30077f8f3c00b3ed7e53839
+SHA1 (patch-test_fuzzer_fuzzer-leak.test) = 0cc2180dfa01c0676a237bd0110b81efb249fd2b
+SHA1 (patch-test_fuzzer_fuzzer-oom-with-profile.test) = 059e0d384c70884a443f5ada657e61648eeed892
+SHA1 (patch-test_fuzzer_fuzzer-oom.test) = e423b2359c001d934291baf6bea197526fc8ea1a
+SHA1 (patch-test_fuzzer_fuzzer-printcovpcs.test) = ac850311958c3798975e4fe85a161f948714d9d0
+SHA1 (patch-test_fuzzer_fuzzer-runs.test) = 70cb24aa2c884cef2a92e43ca34d69de9f161b38
+SHA1 (patch-test_fuzzer_fuzzer-seed.test) = 045033081d9e286f9d443f5999d5d86ef5a6bf1e
+SHA1 (patch-test_fuzzer_fuzzer-segv.test) = 2092fe71fada8f3b5728a28356e05389caaa949a
+SHA1 (patch-test_fuzzer_fuzzer-singleinputs.test) = 716b2364e8f3e140d64dee74850fbdece0ae4575
+SHA1 (patch-test_fuzzer_fuzzer-threaded.test) = 36cb93db9ed016f09bbc4ebc863327d317aa1c86
+SHA1 (patch-test_fuzzer_fuzzer-timeout.test) = 98aaca61ee01f81aa39fe360e42ef11cef0d8062
+SHA1 (patch-test_fuzzer_fuzzer-ubsan.test) = 461627d8b750b8e0a270cdbc5df8710e48217271
+SHA1 (patch-test_fuzzer_fuzzer.test) = 20a276d1dd2a27880a31cf8daa565624ba226325
+SHA1 (patch-test_fuzzer_hi.txt) = ed7a3fa731861f1c0838120779fa6332e07f01ed
+SHA1 (patch-test_fuzzer_inline-8bit-counters.test) = 22c7f38f9ff7ac5c678ed31f754470dd06a02add
+SHA1 (patch-test_fuzzer_lit.cfg) = ed1ca9ea24726e842766a5588b7e6f6435d1b2ea
+SHA1 (patch-test_fuzzer_lit.site.cfg.in) = 24fcf7543a14e6e1bb4dfc594c374293cf845280
+SHA1 (patch-test_fuzzer_memcmp.test) = b90e3c2e1fba5dd407f52179e0e707deee7da056
+SHA1 (patch-test_fuzzer_memcmp64.test) = 8a4ed105c882440adb996d0cb8dbc0c7d38329b0
+SHA1 (patch-test_fuzzer_merge-posix.test) = 7a8c7dd30b62a2898676109c3f3c34a27e172f02
+SHA1 (patch-test_fuzzer_merge-summary.test) = 388b4f3c8df31e705d444ec3ffc015aa07e527df
+SHA1 (patch-test_fuzzer_merge.test) = ec3d4744efc20e159020412d2cc486ba6af92e4a
+SHA1 (patch-test_fuzzer_minimize__crash.test) = 59af61ec795dc5d1a05835e03fde358cf16531ed
+SHA1 (patch-test_fuzzer_minimize__two__crashes.test) = db9ea535604fbf4006f8aaf0bb9c0e47a3577e2b
+SHA1 (patch-test_fuzzer_overwrite-input.test) = 40a7d3dfae0f127aaff71c16806564c15f83f33c
+SHA1 (patch-test_fuzzer_recommended-dictionary.test) = cad46e138a7679580c2194f41ebebe30db798def
+SHA1 (patch-test_fuzzer_reduce__inputs.test) = 1d4e4704c06e65c2a0bb946c76bfdc765eb469ca
+SHA1 (patch-test_fuzzer_repeated-bytes.test) = d2587285f4c64fd2644e7ad17b743a8436e61213
+SHA1 (patch-test_fuzzer_shrink.test) = bebd117cdb187476a6a38ec8f078360933e22323
+SHA1 (patch-test_fuzzer_simple-cmp.test) = 09ec9cf79747c295c18b9d476c7f9cb2126d27a5
+SHA1 (patch-test_fuzzer_standalone.test) = 4a0e269e833c3315bff134a8b48f97254f9c2491
+SHA1 (patch-test_fuzzer_strcmp.test) = 1733d4290b50bfa8ec50ec6f59c1cba08373be6a
+SHA1 (patch-test_fuzzer_strncmp.test) = f77a5a12162f28c0b112bb04f589e30497bfc7e0
+SHA1 (patch-test_fuzzer_strstr.test) = ab7c0caeaeb01ea16f2834ea4af0cf57e39a413d
+SHA1 (patch-test_fuzzer_swap-cmp.test) = ad7655d9e1558c6d977ce50451bf5b2fb2041310
+SHA1 (patch-test_fuzzer_trace-malloc-2.test) = 4d04b1c69b45dd7ab50df0626e3d90baed4ed80b
+SHA1 (patch-test_fuzzer_trace-malloc.test) = a1d0e8526006e5766a961ad18140e69dd04481dd
+SHA1 (patch-test_fuzzer_trace-pc.test) = e60f6d57b90008003f70773c4e1613aad83537c1
+SHA1 (patch-test_fuzzer_ulimit.test) = e1a5ca34fc15ff0e32eab3b86f16cbf9755b07c7
+SHA1 (patch-test_fuzzer_unit_lit.site.cfg.in) = c5b07c6cf2c659d70cfb7a0d15541c8e37b3f68a
+SHA1 (patch-test_fuzzer_value-profile-cmp.test) = 3a7ba1107159e9b0ef41a2862cfe5a515ea8c88b
+SHA1 (patch-test_fuzzer_value-profile-cmp2.test) = 77e0017c7c8c5df3e613925fe53fc6782960d607
+SHA1 (patch-test_fuzzer_value-profile-cmp3.test) = 9776ed24f39916507bfde91a24c7ed079c386757
+SHA1 (patch-test_fuzzer_value-profile-cmp4.test) = add1771c5e8c17c5fac25fff1862a0efcc81f806
+SHA1 (patch-test_fuzzer_value-profile-div.test) = 63e650812fb7f7f9304e05d8dc9f0beb4488ef59
+SHA1 (patch-test_fuzzer_value-profile-load.test) = 93b364775f847c17eb879126e6ec029f4f31207d
+SHA1 (patch-test_fuzzer_value-profile-mem.test) = 61694b2a80458b7749cd52896b8f61b922f5cc22
+SHA1 (patch-test_fuzzer_value-profile-set.test) = 7559e580d9c06624844fd772cca5d2cbccfdf029
+SHA1 (patch-test_fuzzer_value-profile-strcmp.test) = 376152eec4743126f51057748cc054a370b16ff3
+SHA1 (patch-test_fuzzer_value-profile-strncmp.test) = 8402e55ee6bd65a956ff6fac40e31eda2568983f
+SHA1 (patch-test_fuzzer_value-profile-switch.test) = 1ac9a42ed690e96155aa94311fe08c06da6e0709
diff --git a/compiler-rt-netbsd/patches/patch-CMakeLists.txt b/compiler-rt-netbsd/patches/patch-CMakeLists.txt
new file mode 100644
index 0000000000..9813872b19
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-CMakeLists.txt
@@ -0,0 +1,13 @@
+$NetBSD$
+
+--- CMakeLists.txt.orig 2017-08-14 15:43:25.000000000 +0000
++++ CMakeLists.txt
+@@ -36,6 +36,8 @@ option(COMPILER_RT_BUILD_SANITIZERS "Bui
+ mark_as_advanced(COMPILER_RT_BUILD_SANITIZERS)
+ option(COMPILER_RT_BUILD_XRAY "Build xray" ON)
+ mark_as_advanced(COMPILER_RT_BUILD_XRAY)
++option(COMPILER_RT_BUILD_LIBFUZZER "Build libFuzzer" ON)
++mark_as_advanced(COMPILER_RT_BUILD_LIBFUZZER)
+ option(COMPILER_RT_BUILD_XRAY_NO_PREINIT "Build xray with no preinit patching" OFF)
+ mark_as_advanced(COMPILER_RT_BUILD_XRAY_NO_PREINIT)
+
diff --git a/compiler-rt-netbsd/patches/patch-cmake_Modules_AddCompilerRT.cmake b/compiler-rt-netbsd/patches/patch-cmake_Modules_AddCompilerRT.cmake
new file mode 100644
index 0000000000..63bb3b1cac
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-cmake_Modules_AddCompilerRT.cmake
@@ -0,0 +1,26 @@
+$NetBSD$
+
+--- cmake/Modules/AddCompilerRT.cmake.orig 2017-08-03 21:24:37.000000000 +0000
++++ cmake/Modules/AddCompilerRT.cmake
+@@ -202,10 +202,10 @@ function(add_compiler_rt_runtime name ty
+ set_target_properties(${libname} PROPERTIES
+ OUTPUT_NAME ${output_name_${libname}})
+ set_target_properties(${libname} PROPERTIES FOLDER "Compiler-RT Runtime")
++ if(LIB_LINK_LIBS)
++ target_link_libraries(${libname} ${LIB_LINK_LIBS})
++ endif()
+ if(${type} STREQUAL "SHARED")
+- if(LIB_LINK_LIBS)
+- target_link_libraries(${libname} ${LIB_LINK_LIBS})
+- endif()
+ if(WIN32 AND NOT CYGWIN AND NOT MINGW)
+ set_target_properties(${libname} PROPERTIES IMPORT_PREFIX "")
+ set_target_properties(${libname} PROPERTIES IMPORT_SUFFIX ".lib")
+@@ -320,6 +320,7 @@ macro(add_compiler_rt_test test_suite te
+ set(TEST_LINK_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${TEST_LINK_FLAGS}")
+ separate_arguments(TEST_LINK_FLAGS)
+ endif()
++
+ add_custom_target(${test_name}
+ COMMAND ${COMPILER_RT_TEST_COMPILER} ${TEST_OBJECTS}
+ -o "${output_bin}"
diff --git a/compiler-rt-netbsd/patches/patch-cmake_base-config-ix.cmake b/compiler-rt-netbsd/patches/patch-cmake_base-config-ix.cmake
new file mode 100644
index 0000000000..21628bd72e
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-cmake_base-config-ix.cmake
@@ -0,0 +1,31 @@
+$NetBSD$
+
+--- cmake/base-config-ix.cmake.orig 2017-07-04 05:53:17.000000000 +0000
++++ cmake/base-config-ix.cmake
+@@ -4,6 +4,8 @@
+ # runtime libraries.
+
+ include(CheckIncludeFile)
++include(CheckCXXSourceCompiles)
++
+ check_include_file(unwind.h HAVE_UNWIND_H)
+
+ # Top level target used to build all compiler-rt libraries.
+@@ -86,6 +88,17 @@ if(APPLE)
+ option(COMPILER_RT_ENABLE_IOS "Enable building for iOS" On)
+ option(COMPILER_RT_ENABLE_WATCHOS "Enable building for watchOS - Experimental" Off)
+ option(COMPILER_RT_ENABLE_TVOS "Enable building for tvOS - Experimental" Off)
++
++ CHECK_CXX_SOURCE_COMPILES("
++ static thread_local int blah;
++ int main() {
++ return 0;
++ }
++ " HAS_THREAD_LOCAL)
++
++ if( NOT HAS_THREAD_LOCAL )
++ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Dthread_local=__thread")
++ endif()
+ else()
+ option(COMPILER_RT_DEFAULT_TARGET_ONLY "Build builtins only for the default target" Off)
+ endif()
diff --git a/compiler-rt-netbsd/patches/patch-cmake_config-ix.cmake b/compiler-rt-netbsd/patches/patch-cmake_config-ix.cmake
new file mode 100644
index 0000000000..3674b63149
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-cmake_config-ix.cmake
@@ -0,0 +1,44 @@
+$NetBSD$
+
+--- cmake/config-ix.cmake.orig 2017-08-14 15:43:25.000000000 +0000
++++ cmake/config-ix.cmake
+@@ -194,6 +194,7 @@ set(ALL_SANITIZER_COMMON_SUPPORTED_ARCH
+ set(ALL_ASAN_SUPPORTED_ARCH ${X86} ${X86_64} ${ARM32} ${ARM64}
+ ${MIPS32} ${MIPS64} ${PPC64} ${S390X})
+ set(ALL_DFSAN_SUPPORTED_ARCH ${X86_64} ${MIPS64} ${ARM64})
++set(ALL_FUZZER_SUPPORTED_ARCH x86_64)
+
+ if(APPLE)
+ set(ALL_LSAN_SUPPORTED_ARCH ${X86} ${X86_64} ${MIPS64} ${ARM64})
+@@ -413,7 +414,11 @@ if(APPLE)
+ SANITIZER_COMMON_SUPPORTED_ARCH)
+ list_intersect(XRAY_SUPPORTED_ARCH
+ ALL_XRAY_SUPPORTED_ARCH
+- SANITIZER_COMMON_SUPPORTED_ARCH)
++ SANITIZER_COMMON_SUPPORTED_ARCH)
++ list_intersect(FUZZER_SUPPORTED_ARCH
++ ALL_FUZZER_SUPPORTED_ARCH
++ ALL_SANITIZER_COMMON_SUPPORTED_ARCH)
++
+ else()
+ # Architectures supported by compiler-rt libraries.
+ filter_available_targets(SANITIZER_COMMON_SUPPORTED_ARCH
+@@ -425,6 +430,7 @@ else()
+ filter_available_targets(UBSAN_COMMON_SUPPORTED_ARCH
+ ${SANITIZER_COMMON_SUPPORTED_ARCH})
+ filter_available_targets(ASAN_SUPPORTED_ARCH ${ALL_ASAN_SUPPORTED_ARCH})
++ filter_available_targets(FUZZER_SUPPORTED_ARCH ${ALL_FUZZER_SUPPORTED_ARCH})
+ filter_available_targets(DFSAN_SUPPORTED_ARCH ${ALL_DFSAN_SUPPORTED_ARCH})
+ filter_available_targets(LSAN_SUPPORTED_ARCH ${ALL_LSAN_SUPPORTED_ARCH})
+ filter_available_targets(MSAN_SUPPORTED_ARCH ${ALL_MSAN_SUPPORTED_ARCH})
+@@ -573,3 +579,10 @@ if (COMPILER_RT_HAS_SANITIZER_COMMON AND
+ else()
+ set(COMPILER_RT_HAS_XRAY FALSE)
+ endif()
++
++if (COMPILER_RT_HAS_SANITIZER_COMMON AND FUZZER_SUPPORTED_ARCH AND
++ OS_NAME MATCHES "Darwin|Linux")
++ set(COMPILER_RT_HAS_FUZZER TRUE)
++else()
++ set(COMPILER_RT_HAS_FUZZER FALSE)
++endif()
diff --git a/compiler-rt-netbsd/patches/patch-lib_CMakeLists.txt b/compiler-rt-netbsd/patches/patch-lib_CMakeLists.txt
new file mode 100644
index 0000000000..af709ba80d
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_CMakeLists.txt
@@ -0,0 +1,12 @@
+$NetBSD$
+
+--- lib/CMakeLists.txt.orig 2017-07-07 06:32:45.000000000 +0000
++++ lib/CMakeLists.txt
+@@ -46,3 +46,7 @@ endif()
+ if(COMPILER_RT_BUILD_XRAY)
+ compiler_rt_build_runtime(xray)
+ endif()
++
++if(COMPILER_RT_BUILD_LIBFUZZER)
++ compiler_rt_build_runtime(fuzzer)
++endif()
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_CMakeLists.txt b/compiler-rt-netbsd/patches/patch-lib_fuzzer_CMakeLists.txt
new file mode 100644
index 0000000000..083037ee00
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_CMakeLists.txt
@@ -0,0 +1,65 @@
+$NetBSD$
+
+--- lib/fuzzer/CMakeLists.txt.orig 2017-08-19 18:02:19.275934733 +0000
++++ lib/fuzzer/CMakeLists.txt
+@@ -0,0 +1,60 @@
++set(LIBFUZZER_SOURCES
++ FuzzerCrossOver.cpp
++ FuzzerDriver.cpp
++ FuzzerExtFunctionsDlsym.cpp
++ FuzzerExtFunctionsDlsymWin.cpp
++ FuzzerExtFunctionsWeak.cpp
++ FuzzerExtraCounters.cpp
++ FuzzerIO.cpp
++ FuzzerIOPosix.cpp
++ FuzzerIOWindows.cpp
++ FuzzerLoop.cpp
++ FuzzerMerge.cpp
++ FuzzerMutate.cpp
++ FuzzerSHA1.cpp
++ FuzzerShmemPosix.cpp
++ FuzzerShmemWindows.cpp
++ FuzzerTracePC.cpp
++ FuzzerUtil.cpp
++ FuzzerUtilDarwin.cpp
++ FuzzerUtilLinux.cpp
++ FuzzerUtilPosix.cpp
++ FuzzerUtilWindows.cpp
++ )
++
++set(LIBFUZZER_CFLAGS -fno-sanitize-coverage=trace-pc-guard,edge,trace-cmp,indirect-calls,8bit-counters -Werror)
++if(APPLE)
++ set(FUZZER_SUPPORTED_OS osx)
++endif()
++
++add_compiler_rt_object_libraries(RTfuzzer
++ OS ${FUZZER_SUPPORTED_OS}
++ ARCHS ${FUZZER_SUPPORTED_ARCH}
++ SOURCES ${LIBFUZZER_SOURCES}
++ CFLAGS ${LIBFUZZER_CFLAGS})
++
++add_compiler_rt_object_libraries(RTfuzzer_main
++ OS ${FUZZER_SUPPORTED_OS}
++ ARCHS ${FUZZER_SUPPORTED_ARCH}
++ SOURCES FuzzerMain.cpp
++ CFLAGS ${LIBFUZZER_CFLAGS})
++
++add_compiler_rt_runtime(clang_rt.fuzzer
++ STATIC
++ OS ${FUZZER_SUPPORTED_OS}
++ ARCHS ${FUZZER_SUPPORTED_ARCH}
++ OBJECT_LIBS RTfuzzer RTfuzzer_main
++ CFLAGS ${LIBFUZZER_CFLAGS}
++ PARENT_TARGET fuzzer)
++
++add_compiler_rt_runtime(clang_rt.fuzzer_no_main
++ STATIC
++ OS ${FUZZER_SUPPORTED_OS}
++ ARCHS ${FUZZER_SUPPORTED_ARCH}
++ OBJECT_LIBS RTfuzzer
++ CFLAGS ${LIBFUZZER_CFLAGS}
++ PARENT_TARGET fuzzer)
++
++if(COMPILER_RT_INCLUDE_TESTS)
++ add_subdirectory(tests)
++endif()
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerCorpus.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerCorpus.h
new file mode 100644
index 0000000000..d435453fcf
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerCorpus.h
@@ -0,0 +1,280 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerCorpus.h.orig 2017-08-19 18:02:19.276083634 +0000
++++ lib/fuzzer/FuzzerCorpus.h
+@@ -0,0 +1,275 @@
++//===- FuzzerCorpus.h - Internal header for the Fuzzer ----------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// fuzzer::InputCorpus
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_CORPUS
++#define LLVM_FUZZER_CORPUS
++
++#include "FuzzerDefs.h"
++#include "FuzzerIO.h"
++#include "FuzzerRandom.h"
++#include "FuzzerSHA1.h"
++#include "FuzzerTracePC.h"
++#include <algorithm>
++#include <numeric>
++#include <random>
++#include <unordered_set>
++
++namespace fuzzer {
++
++struct InputInfo {
++ Unit U; // The actual input data.
++ uint8_t Sha1[kSHA1NumBytes]; // Checksum.
++ // Number of features that this input has and no smaller input has.
++ size_t NumFeatures = 0;
++ size_t Tmp = 0; // Used by ValidateFeatureSet.
++ // Stats.
++ size_t NumExecutedMutations = 0;
++ size_t NumSuccessfullMutations = 0;
++ bool MayDeleteFile = false;
++ bool Reduced = false;
++ std::vector<uint32_t> UniqFeatureSet;
++};
++
++class InputCorpus {
++ static const size_t kFeatureSetSize = 1 << 21;
++ public:
++ InputCorpus(const std::string &OutputCorpus) : OutputCorpus(OutputCorpus) {
++ memset(InputSizesPerFeature, 0, sizeof(InputSizesPerFeature));
++ memset(SmallestElementPerFeature, 0, sizeof(SmallestElementPerFeature));
++ }
++ ~InputCorpus() {
++ for (auto II : Inputs)
++ delete II;
++ }
++ size_t size() const { return Inputs.size(); }
++ size_t SizeInBytes() const {
++ size_t Res = 0;
++ for (auto II : Inputs)
++ Res += II->U.size();
++ return Res;
++ }
++ size_t NumActiveUnits() const {
++ size_t Res = 0;
++ for (auto II : Inputs)
++ Res += !II->U.empty();
++ return Res;
++ }
++ size_t MaxInputSize() const {
++ size_t Res = 0;
++ for (auto II : Inputs)
++ Res = std::max(Res, II->U.size());
++ return Res;
++ }
++ bool empty() const { return Inputs.empty(); }
++ const Unit &operator[] (size_t Idx) const { return Inputs[Idx]->U; }
++ void AddToCorpus(const Unit &U, size_t NumFeatures, bool MayDeleteFile,
++ const std::vector<uint32_t> &FeatureSet) {
++ assert(!U.empty());
++ if (FeatureDebug)
++ Printf("ADD_TO_CORPUS %zd NF %zd\n", Inputs.size(), NumFeatures);
++ Inputs.push_back(new InputInfo());
++ InputInfo &II = *Inputs.back();
++ II.U = U;
++ II.NumFeatures = NumFeatures;
++ II.MayDeleteFile = MayDeleteFile;
++ II.UniqFeatureSet = FeatureSet;
++ std::sort(II.UniqFeatureSet.begin(), II.UniqFeatureSet.end());
++ ComputeSHA1(U.data(), U.size(), II.Sha1);
++ Hashes.insert(Sha1ToString(II.Sha1));
++ UpdateCorpusDistribution();
++ PrintCorpus();
++ // ValidateFeatureSet();
++ }
++
++ // Debug-only
++ void PrintUnit(const Unit &U) {
++ if (!FeatureDebug) return;
++ for (uint8_t C : U) {
++ if (C != 'F' && C != 'U' && C != 'Z')
++ C = '.';
++ Printf("%c", C);
++ }
++ }
++
++ // Debug-only
++ void PrintFeatureSet(const std::vector<uint32_t> &FeatureSet) {
++ if (!FeatureDebug) return;
++ Printf("{");
++ for (uint32_t Feature: FeatureSet)
++ Printf("%u,", Feature);
++ Printf("}");
++ }
++
++ // Debug-only
++ void PrintCorpus() {
++ if (!FeatureDebug) return;
++ Printf("======= CORPUS:\n");
++ int i = 0;
++ for (auto II : Inputs) {
++ if (std::find(II->U.begin(), II->U.end(), 'F') != II->U.end()) {
++ Printf("[%2d] ", i);
++ Printf("%s sz=%zd ", Sha1ToString(II->Sha1).c_str(), II->U.size());
++ PrintUnit(II->U);
++ Printf(" ");
++ PrintFeatureSet(II->UniqFeatureSet);
++ Printf("\n");
++ }
++ i++;
++ }
++ }
++
++ void Replace(InputInfo *II, const Unit &U) {
++ assert(II->U.size() > U.size());
++ Hashes.erase(Sha1ToString(II->Sha1));
++ DeleteFile(*II);
++ ComputeSHA1(U.data(), U.size(), II->Sha1);
++ Hashes.insert(Sha1ToString(II->Sha1));
++ II->U = U;
++ II->Reduced = true;
++ }
++
++ bool HasUnit(const Unit &U) { return Hashes.count(Hash(U)); }
++ bool HasUnit(const std::string &H) { return Hashes.count(H); }
++ InputInfo &ChooseUnitToMutate(Random &Rand) {
++ InputInfo &II = *Inputs[ChooseUnitIdxToMutate(Rand)];
++ assert(!II.U.empty());
++ return II;
++ };
++
++ // Returns an index of random unit from the corpus to mutate.
++ // Hypothesis: units added to the corpus last are more likely to be
++ // interesting. This function gives more weight to the more recent units.
++ size_t ChooseUnitIdxToMutate(Random &Rand) {
++ size_t Idx = static_cast<size_t>(CorpusDistribution(Rand));
++ assert(Idx < Inputs.size());
++ return Idx;
++ }
++
++ void PrintStats() {
++ for (size_t i = 0; i < Inputs.size(); i++) {
++ const auto &II = *Inputs[i];
++ Printf(" [%zd %s]\tsz: %zd\truns: %zd\tsucc: %zd\n", i,
++ Sha1ToString(II.Sha1).c_str(), II.U.size(),
++ II.NumExecutedMutations, II.NumSuccessfullMutations);
++ }
++ }
++
++ void PrintFeatureSet() {
++ for (size_t i = 0; i < kFeatureSetSize; i++) {
++ if(size_t Sz = GetFeature(i))
++ Printf("[%zd: id %zd sz%zd] ", i, SmallestElementPerFeature[i], Sz);
++ }
++ Printf("\n\t");
++ for (size_t i = 0; i < Inputs.size(); i++)
++ if (size_t N = Inputs[i]->NumFeatures)
++ Printf(" %zd=>%zd ", i, N);
++ Printf("\n");
++ }
++
++ void DeleteFile(const InputInfo &II) {
++ if (!OutputCorpus.empty() && II.MayDeleteFile)
++ RemoveFile(DirPlusFile(OutputCorpus, Sha1ToString(II.Sha1)));
++ }
++
++ void DeleteInput(size_t Idx) {
++ InputInfo &II = *Inputs[Idx];
++ DeleteFile(II);
++ Unit().swap(II.U);
++ if (FeatureDebug)
++ Printf("EVICTED %zd\n", Idx);
++ }
++
++ bool AddFeature(size_t Idx, uint32_t NewSize, bool Shrink) {
++ assert(NewSize);
++ Idx = Idx % kFeatureSetSize;
++ uint32_t OldSize = GetFeature(Idx);
++ if (OldSize == 0 || (Shrink && OldSize > NewSize)) {
++ if (OldSize > 0) {
++ size_t OldIdx = SmallestElementPerFeature[Idx];
++ InputInfo &II = *Inputs[OldIdx];
++ assert(II.NumFeatures > 0);
++ II.NumFeatures--;
++ if (II.NumFeatures == 0)
++ DeleteInput(OldIdx);
++ } else {
++ NumAddedFeatures++;
++ }
++ NumUpdatedFeatures++;
++ if (FeatureDebug)
++ Printf("ADD FEATURE %zd sz %d\n", Idx, NewSize);
++ SmallestElementPerFeature[Idx] = Inputs.size();
++ InputSizesPerFeature[Idx] = NewSize;
++ return true;
++ }
++ return false;
++ }
++
++ size_t NumFeatures() const { return NumAddedFeatures; }
++ size_t NumFeatureUpdates() const { return NumUpdatedFeatures; }
++
++ void ResetFeatureSet() {
++ assert(Inputs.empty());
++ memset(InputSizesPerFeature, 0, sizeof(InputSizesPerFeature));
++ memset(SmallestElementPerFeature, 0, sizeof(SmallestElementPerFeature));
++ }
++
++private:
++
++ static const bool FeatureDebug = false;
++
++ size_t GetFeature(size_t Idx) const { return InputSizesPerFeature[Idx]; }
++
++ void ValidateFeatureSet() {
++ if (FeatureDebug)
++ PrintFeatureSet();
++ for (size_t Idx = 0; Idx < kFeatureSetSize; Idx++)
++ if (GetFeature(Idx))
++ Inputs[SmallestElementPerFeature[Idx]]->Tmp++;
++ for (auto II: Inputs) {
++ if (II->Tmp != II->NumFeatures)
++ Printf("ZZZ %zd %zd\n", II->Tmp, II->NumFeatures);
++ assert(II->Tmp == II->NumFeatures);
++ II->Tmp = 0;
++ }
++ }
++
++ // Updates the probability distribution for the units in the corpus.
++ // Must be called whenever the corpus or unit weights are changed.
++ void UpdateCorpusDistribution() {
++ size_t N = Inputs.size();
++ assert(N);
++ Intervals.resize(N + 1);
++ Weights.resize(N);
++ std::iota(Intervals.begin(), Intervals.end(), 0);
++ for (size_t i = 0; i < N; i++)
++ Weights[i] = Inputs[i]->NumFeatures * (i + 1);
++ CorpusDistribution = std::piecewise_constant_distribution<double>(
++ Intervals.begin(), Intervals.end(), Weights.begin());
++ }
++ std::piecewise_constant_distribution<double> CorpusDistribution;
++
++ std::vector<double> Intervals;
++ std::vector<double> Weights;
++
++ std::unordered_set<std::string> Hashes;
++ std::vector<InputInfo*> Inputs;
++
++ size_t NumAddedFeatures = 0;
++ size_t NumUpdatedFeatures = 0;
++ uint32_t InputSizesPerFeature[kFeatureSetSize];
++ uint32_t SmallestElementPerFeature[kFeatureSetSize];
++
++ std::string OutputCorpus;
++};
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_CORPUS
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerCrossOver.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerCrossOver.cpp
new file mode 100644
index 0000000000..b618891c47
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerCrossOver.cpp
@@ -0,0 +1,57 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerCrossOver.cpp.orig 2017-08-19 18:02:19.276177240 +0000
++++ lib/fuzzer/FuzzerCrossOver.cpp
+@@ -0,0 +1,52 @@
++//===- FuzzerCrossOver.cpp - Cross over two test inputs -------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Cross over test inputs.
++//===----------------------------------------------------------------------===//
++
++#include "FuzzerDefs.h"
++#include "FuzzerMutate.h"
++#include "FuzzerRandom.h"
++#include <cstring>
++
++namespace fuzzer {
++
++// Cross Data1 and Data2, store the result (up to MaxOutSize bytes) in Out.
++size_t MutationDispatcher::CrossOver(const uint8_t *Data1, size_t Size1,
++ const uint8_t *Data2, size_t Size2,
++ uint8_t *Out, size_t MaxOutSize) {
++ assert(Size1 || Size2);
++ MaxOutSize = Rand(MaxOutSize) + 1;
++ size_t OutPos = 0;
++ size_t Pos1 = 0;
++ size_t Pos2 = 0;
++ size_t *InPos = &Pos1;
++ size_t InSize = Size1;
++ const uint8_t *Data = Data1;
++ bool CurrentlyUsingFirstData = true;
++ while (OutPos < MaxOutSize && (Pos1 < Size1 || Pos2 < Size2)) {
++ // Merge a part of Data into Out.
++ size_t OutSizeLeft = MaxOutSize - OutPos;
++ if (*InPos < InSize) {
++ size_t InSizeLeft = InSize - *InPos;
++ size_t MaxExtraSize = std::min(OutSizeLeft, InSizeLeft);
++ size_t ExtraSize = Rand(MaxExtraSize) + 1;
++ memcpy(Out + OutPos, Data + *InPos, ExtraSize);
++ OutPos += ExtraSize;
++ (*InPos) += ExtraSize;
++ }
++ // Use the other input data on the next iteration.
++ InPos = CurrentlyUsingFirstData ? &Pos2 : &Pos1;
++ InSize = CurrentlyUsingFirstData ? Size2 : Size1;
++ Data = CurrentlyUsingFirstData ? Data2 : Data1;
++ CurrentlyUsingFirstData = !CurrentlyUsingFirstData;
++ }
++ return OutPos;
++}
++
++} // namespace fuzzer
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDefs.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDefs.h
new file mode 100644
index 0000000000..f82da4ba79
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDefs.h
@@ -0,0 +1,133 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerDefs.h.orig 2017-08-19 18:02:19.276282767 +0000
++++ lib/fuzzer/FuzzerDefs.h
+@@ -0,0 +1,128 @@
++//===- FuzzerDefs.h - Internal header for the Fuzzer ------------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Basic definitions.
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_DEFS_H
++#define LLVM_FUZZER_DEFS_H
++
++#include <cassert>
++#include <cstddef>
++#include <cstdint>
++#include <cstring>
++#include <string>
++#include <vector>
++
++// Platform detection.
++#ifdef __linux__
++#define LIBFUZZER_APPLE 0
++#define LIBFUZZER_LINUX 1
++#define LIBFUZZER_WINDOWS 0
++#elif __APPLE__
++#define LIBFUZZER_APPLE 1
++#define LIBFUZZER_LINUX 0
++#define LIBFUZZER_WINDOWS 0
++#elif _WIN32
++#define LIBFUZZER_APPLE 0
++#define LIBFUZZER_LINUX 0
++#define LIBFUZZER_WINDOWS 1
++#else
++#error "Support for your platform has not been implemented"
++#endif
++
++#ifndef __has_attribute
++# define __has_attribute(x) 0
++#endif
++
++#define LIBFUZZER_POSIX LIBFUZZER_APPLE || LIBFUZZER_LINUX
++
++#ifdef __x86_64
++# if __has_attribute(target)
++# define ATTRIBUTE_TARGET_POPCNT __attribute__((target("popcnt")))
++# else
++# define ATTRIBUTE_TARGET_POPCNT
++# endif
++#else
++# define ATTRIBUTE_TARGET_POPCNT
++#endif
++
++
++#ifdef __clang__ // avoid gcc warning.
++# if __has_attribute(no_sanitize)
++# define ATTRIBUTE_NO_SANITIZE_MEMORY __attribute__((no_sanitize("memory")))
++# else
++# define ATTRIBUTE_NO_SANITIZE_MEMORY
++# endif
++# define ALWAYS_INLINE __attribute__((always_inline))
++#else
++# define ATTRIBUTE_NO_SANITIZE_MEMORY
++# define ALWAYS_INLINE
++#endif // __clang__
++
++#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address))
++
++#if defined(__has_feature)
++# if __has_feature(address_sanitizer)
++# define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_ADDRESS
++# elif __has_feature(memory_sanitizer)
++# define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_MEMORY
++# else
++# define ATTRIBUTE_NO_SANITIZE_ALL
++# endif
++#else
++# define ATTRIBUTE_NO_SANITIZE_ALL
++#endif
++
++#if LIBFUZZER_WINDOWS
++#define ATTRIBUTE_INTERFACE __declspec(dllexport)
++#else
++#define ATTRIBUTE_INTERFACE __attribute__((visibility("default")))
++#endif
++
++namespace fuzzer {
++
++template <class T> T Min(T a, T b) { return a < b ? a : b; }
++template <class T> T Max(T a, T b) { return a > b ? a : b; }
++
++class Random;
++class Dictionary;
++class DictionaryEntry;
++class MutationDispatcher;
++struct FuzzingOptions;
++class InputCorpus;
++struct InputInfo;
++struct ExternalFunctions;
++
++// Global interface to functions that may or may not be available.
++extern ExternalFunctions *EF;
++
++typedef std::vector<uint8_t> Unit;
++typedef std::vector<Unit> UnitVector;
++typedef int (*UserCallback)(const uint8_t *Data, size_t Size);
++
++int FuzzerDriver(int *argc, char ***argv, UserCallback Callback);
++
++struct ScopedDoingMyOwnMemOrStr {
++ ScopedDoingMyOwnMemOrStr() { DoingMyOwnMemOrStr++; }
++ ~ScopedDoingMyOwnMemOrStr() { DoingMyOwnMemOrStr--; }
++ static int DoingMyOwnMemOrStr;
++};
++
++inline uint8_t Bswap(uint8_t x) { return x; }
++inline uint16_t Bswap(uint16_t x) { return __builtin_bswap16(x); }
++inline uint32_t Bswap(uint32_t x) { return __builtin_bswap32(x); }
++inline uint64_t Bswap(uint64_t x) { return __builtin_bswap64(x); }
++
++uint8_t *ExtraCountersBegin();
++uint8_t *ExtraCountersEnd();
++void ClearExtraCounters();
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_DEFS_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDictionary.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDictionary.h
new file mode 100644
index 0000000000..6c05a14db9
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDictionary.h
@@ -0,0 +1,132 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerDictionary.h.orig 2017-08-19 18:02:19.276407659 +0000
++++ lib/fuzzer/FuzzerDictionary.h
+@@ -0,0 +1,127 @@
++//===- FuzzerDictionary.h - Internal header for the Fuzzer ------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// fuzzer::Dictionary
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_DICTIONARY_H
++#define LLVM_FUZZER_DICTIONARY_H
++
++#include "FuzzerDefs.h"
++#include "FuzzerIO.h"
++#include "FuzzerUtil.h"
++#include <algorithm>
++#include <limits>
++
++namespace fuzzer {
++// A simple POD sized array of bytes.
++template <size_t kMaxSizeT> class FixedWord {
++public:
++ static const size_t kMaxSize = kMaxSizeT;
++ FixedWord() {}
++ FixedWord(const uint8_t *B, uint8_t S) { Set(B, S); }
++
++ void Set(const uint8_t *B, uint8_t S) {
++ assert(S <= kMaxSize);
++ memcpy(Data, B, S);
++ Size = S;
++ }
++
++ bool operator==(const FixedWord<kMaxSize> &w) const {
++ ScopedDoingMyOwnMemOrStr scoped_doing_my_own_mem_os_str;
++ return Size == w.Size && 0 == memcmp(Data, w.Data, Size);
++ }
++
++ bool operator<(const FixedWord<kMaxSize> &w) const {
++ ScopedDoingMyOwnMemOrStr scoped_doing_my_own_mem_os_str;
++ if (Size != w.Size)
++ return Size < w.Size;
++ return memcmp(Data, w.Data, Size) < 0;
++ }
++
++ static size_t GetMaxSize() { return kMaxSize; }
++ const uint8_t *data() const { return Data; }
++ uint8_t size() const { return Size; }
++
++private:
++ uint8_t Size = 0;
++ uint8_t Data[kMaxSize];
++};
++
++typedef FixedWord<64> Word;
++
++class DictionaryEntry {
++ public:
++ DictionaryEntry() {}
++ DictionaryEntry(Word W) : W(W) {}
++ DictionaryEntry(Word W, size_t PositionHint) : W(W), PositionHint(PositionHint) {}
++ const Word &GetW() const { return W; }
++
++ bool HasPositionHint() const { return PositionHint != std::numeric_limits<size_t>::max(); }
++ size_t GetPositionHint() const {
++ assert(HasPositionHint());
++ return PositionHint;
++ }
++ void IncUseCount() { UseCount++; }
++ void IncSuccessCount() { SuccessCount++; }
++ size_t GetUseCount() const { return UseCount; }
++ size_t GetSuccessCount() const {return SuccessCount; }
++
++ void Print(const char *PrintAfter = "\n") {
++ PrintASCII(W.data(), W.size());
++ if (HasPositionHint())
++ Printf("@%zd", GetPositionHint());
++ Printf("%s", PrintAfter);
++ }
++
++private:
++ Word W;
++ size_t PositionHint = std::numeric_limits<size_t>::max();
++ size_t UseCount = 0;
++ size_t SuccessCount = 0;
++};
++
++class Dictionary {
++ public:
++ static const size_t kMaxDictSize = 1 << 14;
++
++ bool ContainsWord(const Word &W) const {
++ return std::any_of(begin(), end(), [&](const DictionaryEntry &DE) {
++ return DE.GetW() == W;
++ });
++ }
++ const DictionaryEntry *begin() const { return &DE[0]; }
++ const DictionaryEntry *end() const { return begin() + Size; }
++ DictionaryEntry & operator[] (size_t Idx) {
++ assert(Idx < Size);
++ return DE[Idx];
++ }
++ void push_back(DictionaryEntry DE) {
++ if (Size < kMaxDictSize)
++ this->DE[Size++] = DE;
++ }
++ void clear() { Size = 0; }
++ bool empty() const { return Size == 0; }
++ size_t size() const { return Size; }
++
++private:
++ DictionaryEntry DE[kMaxDictSize];
++ size_t Size = 0;
++};
++
++// Parses one dictionary entry.
++// If successfull, write the enty to Unit and returns true,
++// otherwise returns false.
++bool ParseOneDictionaryEntry(const std::string &Str, Unit *U);
++// Parses the dictionary file, fills Units, returns true iff all lines
++// were parsed succesfully.
++bool ParseDictionaryFile(const std::string &Text, std::vector<Unit> *Units);
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_DICTIONARY_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDriver.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDriver.cpp
new file mode 100644
index 0000000000..5193d541b2
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerDriver.cpp
@@ -0,0 +1,769 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerDriver.cpp.orig 2017-08-19 18:02:19.276663437 +0000
++++ lib/fuzzer/FuzzerDriver.cpp
+@@ -0,0 +1,764 @@
++//===- FuzzerDriver.cpp - FuzzerDriver function and flags -----------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// FuzzerDriver and flag parsing.
++//===----------------------------------------------------------------------===//
++
++#include "FuzzerCorpus.h"
++#include "FuzzerIO.h"
++#include "FuzzerInterface.h"
++#include "FuzzerInternal.h"
++#include "FuzzerMutate.h"
++#include "FuzzerRandom.h"
++#include "FuzzerShmem.h"
++#include "FuzzerTracePC.h"
++#include <algorithm>
++#include <atomic>
++#include <chrono>
++#include <cstdlib>
++#include <cstring>
++#include <mutex>
++#include <string>
++#include <thread>
++
++// This function should be present in the libFuzzer so that the client
++// binary can test for its existence.
++extern "C" __attribute__((used)) void __libfuzzer_is_present() {}
++
++namespace fuzzer {
++
++// Program arguments.
++struct FlagDescription {
++ const char *Name;
++ const char *Description;
++ int Default;
++ int *IntFlag;
++ const char **StrFlag;
++ unsigned int *UIntFlag;
++};
++
++struct {
++#define FUZZER_DEPRECATED_FLAG(Name)
++#define FUZZER_FLAG_INT(Name, Default, Description) int Name;
++#define FUZZER_FLAG_UNSIGNED(Name, Default, Description) unsigned int Name;
++#define FUZZER_FLAG_STRING(Name, Description) const char *Name;
++#include "FuzzerFlags.def"
++#undef FUZZER_DEPRECATED_FLAG
++#undef FUZZER_FLAG_INT
++#undef FUZZER_FLAG_UNSIGNED
++#undef FUZZER_FLAG_STRING
++} Flags;
++
++static const FlagDescription FlagDescriptions [] {
++#define FUZZER_DEPRECATED_FLAG(Name) \
++ {#Name, "Deprecated; don't use", 0, nullptr, nullptr, nullptr},
++#define FUZZER_FLAG_INT(Name, Default, Description) \
++ {#Name, Description, Default, &Flags.Name, nullptr, nullptr},
++#define FUZZER_FLAG_UNSIGNED(Name, Default, Description) \
++ {#Name, Description, static_cast<int>(Default), \
++ nullptr, nullptr, &Flags.Name},
++#define FUZZER_FLAG_STRING(Name, Description) \
++ {#Name, Description, 0, nullptr, &Flags.Name, nullptr},
++#include "FuzzerFlags.def"
++#undef FUZZER_DEPRECATED_FLAG
++#undef FUZZER_FLAG_INT
++#undef FUZZER_FLAG_UNSIGNED
++#undef FUZZER_FLAG_STRING
++};
++
++static const size_t kNumFlags =
++ sizeof(FlagDescriptions) / sizeof(FlagDescriptions[0]);
++
++static std::vector<std::string> *Inputs;
++static std::string *ProgName;
++
++static void PrintHelp() {
++ Printf("Usage:\n");
++ auto Prog = ProgName->c_str();
++ Printf("\nTo run fuzzing pass 0 or more directories.\n");
++ Printf("%s [-flag1=val1 [-flag2=val2 ...] ] [dir1 [dir2 ...] ]\n", Prog);
++
++ Printf("\nTo run individual tests without fuzzing pass 1 or more files:\n");
++ Printf("%s [-flag1=val1 [-flag2=val2 ...] ] file1 [file2 ...]\n", Prog);
++
++ Printf("\nFlags: (strictly in form -flag=value)\n");
++ size_t MaxFlagLen = 0;
++ for (size_t F = 0; F < kNumFlags; F++)
++ MaxFlagLen = std::max(strlen(FlagDescriptions[F].Name), MaxFlagLen);
++
++ for (size_t F = 0; F < kNumFlags; F++) {
++ const auto &D = FlagDescriptions[F];
++ if (strstr(D.Description, "internal flag") == D.Description) continue;
++ Printf(" %s", D.Name);
++ for (size_t i = 0, n = MaxFlagLen - strlen(D.Name); i < n; i++)
++ Printf(" ");
++ Printf("\t");
++ Printf("%d\t%s\n", D.Default, D.Description);
++ }
++ Printf("\nFlags starting with '--' will be ignored and "
++ "will be passed verbatim to subprocesses.\n");
++}
++
++static const char *FlagValue(const char *Param, const char *Name) {
++ size_t Len = strlen(Name);
++ if (Param[0] == '-' && strstr(Param + 1, Name) == Param + 1 &&
++ Param[Len + 1] == '=')
++ return &Param[Len + 2];
++ return nullptr;
++}
++
++// Avoid calling stol as it triggers a bug in clang/glibc build.
++static long MyStol(const char *Str) {
++ long Res = 0;
++ long Sign = 1;
++ if (*Str == '-') {
++ Str++;
++ Sign = -1;
++ }
++ for (size_t i = 0; Str[i]; i++) {
++ char Ch = Str[i];
++ if (Ch < '0' || Ch > '9')
++ return Res;
++ Res = Res * 10 + (Ch - '0');
++ }
++ return Res * Sign;
++}
++
++static bool ParseOneFlag(const char *Param) {
++ if (Param[0] != '-') return false;
++ if (Param[1] == '-') {
++ static bool PrintedWarning = false;
++ if (!PrintedWarning) {
++ PrintedWarning = true;
++ Printf("INFO: libFuzzer ignores flags that start with '--'\n");
++ }
++ for (size_t F = 0; F < kNumFlags; F++)
++ if (FlagValue(Param + 1, FlagDescriptions[F].Name))
++ Printf("WARNING: did you mean '%s' (single dash)?\n", Param + 1);
++ return true;
++ }
++ for (size_t F = 0; F < kNumFlags; F++) {
++ const char *Name = FlagDescriptions[F].Name;
++ const char *Str = FlagValue(Param, Name);
++ if (Str) {
++ if (FlagDescriptions[F].IntFlag) {
++ int Val = MyStol(Str);
++ *FlagDescriptions[F].IntFlag = Val;
++ if (Flags.verbosity >= 2)
++ Printf("Flag: %s %d\n", Name, Val);
++ return true;
++ } else if (FlagDescriptions[F].UIntFlag) {
++ unsigned int Val = std::stoul(Str);
++ *FlagDescriptions[F].UIntFlag = Val;
++ if (Flags.verbosity >= 2)
++ Printf("Flag: %s %u\n", Name, Val);
++ return true;
++ } else if (FlagDescriptions[F].StrFlag) {
++ *FlagDescriptions[F].StrFlag = Str;
++ if (Flags.verbosity >= 2)
++ Printf("Flag: %s %s\n", Name, Str);
++ return true;
++ } else { // Deprecated flag.
++ Printf("Flag: %s: deprecated, don't use\n", Name);
++ return true;
++ }
++ }
++ }
++ Printf("\n\nWARNING: unrecognized flag '%s'; "
++ "use -help=1 to list all flags\n\n", Param);
++ return true;
++}
++
++// We don't use any library to minimize dependencies.
++static void ParseFlags(const std::vector<std::string> &Args) {
++ for (size_t F = 0; F < kNumFlags; F++) {
++ if (FlagDescriptions[F].IntFlag)
++ *FlagDescriptions[F].IntFlag = FlagDescriptions[F].Default;
++ if (FlagDescriptions[F].UIntFlag)
++ *FlagDescriptions[F].UIntFlag =
++ static_cast<unsigned int>(FlagDescriptions[F].Default);
++ if (FlagDescriptions[F].StrFlag)
++ *FlagDescriptions[F].StrFlag = nullptr;
++ }
++ Inputs = new std::vector<std::string>;
++ for (size_t A = 1; A < Args.size(); A++) {
++ if (ParseOneFlag(Args[A].c_str())) {
++ if (Flags.ignore_remaining_args)
++ break;
++ continue;
++ }
++ Inputs->push_back(Args[A]);
++ }
++}
++
++static std::mutex Mu;
++
++static void PulseThread() {
++ while (true) {
++ SleepSeconds(600);
++ std::lock_guard<std::mutex> Lock(Mu);
++ Printf("pulse...\n");
++ }
++}
++
++static void WorkerThread(const std::string &Cmd, std::atomic<unsigned> *Counter,
++ unsigned NumJobs, std::atomic<bool> *HasErrors) {
++ while (true) {
++ unsigned C = (*Counter)++;
++ if (C >= NumJobs) break;
++ std::string Log = "fuzz-" + std::to_string(C) + ".log";
++ std::string ToRun = Cmd + " > " + Log + " 2>&1\n";
++ if (Flags.verbosity)
++ Printf("%s", ToRun.c_str());
++ int ExitCode = ExecuteCommand(ToRun);
++ if (ExitCode != 0)
++ *HasErrors = true;
++ std::lock_guard<std::mutex> Lock(Mu);
++ Printf("================== Job %u exited with exit code %d ============\n",
++ C, ExitCode);
++ fuzzer::CopyFileToErr(Log);
++ }
++}
++
++std::string CloneArgsWithoutX(const std::vector<std::string> &Args,
++ const char *X1, const char *X2) {
++ std::string Cmd;
++ for (auto &S : Args) {
++ if (FlagValue(S.c_str(), X1) || FlagValue(S.c_str(), X2))
++ continue;
++ Cmd += S + " ";
++ }
++ return Cmd;
++}
++
++static int RunInMultipleProcesses(const std::vector<std::string> &Args,
++ unsigned NumWorkers, unsigned NumJobs) {
++ std::atomic<unsigned> Counter(0);
++ std::atomic<bool> HasErrors(false);
++ std::string Cmd = CloneArgsWithoutX(Args, "jobs", "workers");
++ std::vector<std::thread> V;
++ std::thread Pulse(PulseThread);
++ Pulse.detach();
++ for (unsigned i = 0; i < NumWorkers; i++)
++ V.push_back(std::thread(WorkerThread, Cmd, &Counter, NumJobs, &HasErrors));
++ for (auto &T : V)
++ T.join();
++ return HasErrors ? 1 : 0;
++}
++
++static void RssThread(Fuzzer *F, size_t RssLimitMb) {
++ while (true) {
++ SleepSeconds(1);
++ size_t Peak = GetPeakRSSMb();
++ if (Peak > RssLimitMb)
++ F->RssLimitCallback();
++ }
++}
++
++static void StartRssThread(Fuzzer *F, size_t RssLimitMb) {
++ if (!RssLimitMb) return;
++ std::thread T(RssThread, F, RssLimitMb);
++ T.detach();
++}
++
++int RunOneTest(Fuzzer *F, const char *InputFilePath, size_t MaxLen) {
++ Unit U = FileToVector(InputFilePath);
++ if (MaxLen && MaxLen < U.size())
++ U.resize(MaxLen);
++ F->ExecuteCallback(U.data(), U.size());
++ F->TryDetectingAMemoryLeak(U.data(), U.size(), true);
++ return 0;
++}
++
++static bool AllInputsAreFiles() {
++ if (Inputs->empty()) return false;
++ for (auto &Path : *Inputs)
++ if (!IsFile(Path))
++ return false;
++ return true;
++}
++
++static std::string GetDedupTokenFromFile(const std::string &Path) {
++ auto S = FileToString(Path);
++ auto Beg = S.find("DEDUP_TOKEN:");
++ if (Beg == std::string::npos)
++ return "";
++ auto End = S.find('\n', Beg);
++ if (End == std::string::npos)
++ return "";
++ return S.substr(Beg, End - Beg);
++}
++
++int CleanseCrashInput(const std::vector<std::string> &Args,
++ const FuzzingOptions &Options) {
++ if (Inputs->size() != 1 || !Flags.exact_artifact_path) {
++ Printf("ERROR: -cleanse_crash should be given one input file and"
++ " -exact_artifact_path\n");
++ exit(1);
++ }
++ std::string InputFilePath = Inputs->at(0);
++ std::string OutputFilePath = Flags.exact_artifact_path;
++ std::string BaseCmd =
++ CloneArgsWithoutX(Args, "cleanse_crash", "cleanse_crash");
++
++ auto InputPos = BaseCmd.find(" " + InputFilePath + " ");
++ assert(InputPos != std::string::npos);
++ BaseCmd.erase(InputPos, InputFilePath.size() + 1);
++
++ auto LogFilePath = DirPlusFile(
++ TmpDir(), "libFuzzerTemp." + std::to_string(GetPid()) + ".txt");
++ auto TmpFilePath = DirPlusFile(
++ TmpDir(), "libFuzzerTemp." + std::to_string(GetPid()) + ".repro");
++ auto LogFileRedirect = " > " + LogFilePath + " 2>&1 ";
++
++ auto Cmd = BaseCmd + " " + TmpFilePath + LogFileRedirect;
++
++ std::string CurrentFilePath = InputFilePath;
++ auto U = FileToVector(CurrentFilePath);
++ size_t Size = U.size();
++
++ const std::vector<uint8_t> ReplacementBytes = {' ', 0xff};
++ for (int NumAttempts = 0; NumAttempts < 5; NumAttempts++) {
++ bool Changed = false;
++ for (size_t Idx = 0; Idx < Size; Idx++) {
++ Printf("CLEANSE[%d]: Trying to replace byte %zd of %zd\n", NumAttempts,
++ Idx, Size);
++ uint8_t OriginalByte = U[Idx];
++ if (ReplacementBytes.end() != std::find(ReplacementBytes.begin(),
++ ReplacementBytes.end(),
++ OriginalByte))
++ continue;
++ for (auto NewByte : ReplacementBytes) {
++ U[Idx] = NewByte;
++ WriteToFile(U, TmpFilePath);
++ auto ExitCode = ExecuteCommand(Cmd);
++ RemoveFile(TmpFilePath);
++ if (!ExitCode) {
++ U[Idx] = OriginalByte;
++ } else {
++ Changed = true;
++ Printf("CLEANSE: Replaced byte %zd with 0x%x\n", Idx, NewByte);
++ WriteToFile(U, OutputFilePath);
++ break;
++ }
++ }
++ }
++ if (!Changed) break;
++ }
++ RemoveFile(LogFilePath);
++ return 0;
++}
++
++int MinimizeCrashInput(const std::vector<std::string> &Args,
++ const FuzzingOptions &Options) {
++ if (Inputs->size() != 1) {
++ Printf("ERROR: -minimize_crash should be given one input file\n");
++ exit(1);
++ }
++ std::string InputFilePath = Inputs->at(0);
++ auto BaseCmd = SplitBefore(
++ "-ignore_remaining_args=1",
++ CloneArgsWithoutX(Args, "minimize_crash", "exact_artifact_path"));
++ auto InputPos = BaseCmd.first.find(" " + InputFilePath + " ");
++ assert(InputPos != std::string::npos);
++ BaseCmd.first.erase(InputPos, InputFilePath.size() + 1);
++ if (Flags.runs <= 0 && Flags.max_total_time == 0) {
++ Printf("INFO: you need to specify -runs=N or "
++ "-max_total_time=N with -minimize_crash=1\n"
++ "INFO: defaulting to -max_total_time=600\n");
++ BaseCmd.first += " -max_total_time=600";
++ }
++
++ auto LogFilePath = DirPlusFile(
++ TmpDir(), "libFuzzerTemp." + std::to_string(GetPid()) + ".txt");
++ auto LogFileRedirect = " > " + LogFilePath + " 2>&1 ";
++
++ std::string CurrentFilePath = InputFilePath;
++ while (true) {
++ Unit U = FileToVector(CurrentFilePath);
++ Printf("CRASH_MIN: minimizing crash input: '%s' (%zd bytes)\n",
++ CurrentFilePath.c_str(), U.size());
++
++ auto Cmd = BaseCmd.first + " " + CurrentFilePath + LogFileRedirect + " " +
++ BaseCmd.second;
++
++ Printf("CRASH_MIN: executing: %s\n", Cmd.c_str());
++ int ExitCode = ExecuteCommand(Cmd);
++ if (ExitCode == 0) {
++ Printf("ERROR: the input %s did not crash\n", CurrentFilePath.c_str());
++ exit(1);
++ }
++ Printf("CRASH_MIN: '%s' (%zd bytes) caused a crash. Will try to minimize "
++ "it further\n",
++ CurrentFilePath.c_str(), U.size());
++ auto DedupToken1 = GetDedupTokenFromFile(LogFilePath);
++ if (!DedupToken1.empty())
++ Printf("CRASH_MIN: DedupToken1: %s\n", DedupToken1.c_str());
++
++ std::string ArtifactPath =
++ Flags.exact_artifact_path
++ ? Flags.exact_artifact_path
++ : Options.ArtifactPrefix + "minimized-from-" + Hash(U);
++ Cmd += " -minimize_crash_internal_step=1 -exact_artifact_path=" +
++ ArtifactPath;
++ Printf("CRASH_MIN: executing: %s\n", Cmd.c_str());
++ ExitCode = ExecuteCommand(Cmd);
++ CopyFileToErr(LogFilePath);
++ if (ExitCode == 0) {
++ if (Flags.exact_artifact_path) {
++ CurrentFilePath = Flags.exact_artifact_path;
++ WriteToFile(U, CurrentFilePath);
++ }
++ Printf("CRASH_MIN: failed to minimize beyond %s (%d bytes), exiting\n",
++ CurrentFilePath.c_str(), U.size());
++ break;
++ }
++ auto DedupToken2 = GetDedupTokenFromFile(LogFilePath);
++ if (!DedupToken2.empty())
++ Printf("CRASH_MIN: DedupToken2: %s\n", DedupToken2.c_str());
++
++ if (DedupToken1 != DedupToken2) {
++ if (Flags.exact_artifact_path) {
++ CurrentFilePath = Flags.exact_artifact_path;
++ WriteToFile(U, CurrentFilePath);
++ }
++ Printf("CRASH_MIN: mismatch in dedup tokens"
++ " (looks like a different bug). Won't minimize further\n");
++ break;
++ }
++
++ CurrentFilePath = ArtifactPath;
++ Printf("*********************************\n");
++ }
++ RemoveFile(LogFilePath);
++ return 0;
++}
++
++int MinimizeCrashInputInternalStep(Fuzzer *F, InputCorpus *Corpus) {
++ assert(Inputs->size() == 1);
++ std::string InputFilePath = Inputs->at(0);
++ Unit U = FileToVector(InputFilePath);
++ Printf("INFO: Starting MinimizeCrashInputInternalStep: %zd\n", U.size());
++ if (U.size() < 2) {
++ Printf("INFO: The input is small enough, exiting\n");
++ exit(0);
++ }
++ F->SetMaxInputLen(U.size());
++ F->SetMaxMutationLen(U.size() - 1);
++ F->MinimizeCrashLoop(U);
++ Printf("INFO: Done MinimizeCrashInputInternalStep, no crashes found\n");
++ exit(0);
++ return 0;
++}
++
++int AnalyzeDictionary(Fuzzer *F, const std::vector<Unit>& Dict,
++ UnitVector& Corpus) {
++ Printf("Started dictionary minimization (up to %d tests)\n",
++ Dict.size() * Corpus.size() * 2);
++
++ // Scores and usage count for each dictionary unit.
++ std::vector<int> Scores(Dict.size());
++ std::vector<int> Usages(Dict.size());
++
++ std::vector<size_t> InitialFeatures;
++ std::vector<size_t> ModifiedFeatures;
++ for (auto &C : Corpus) {
++ // Get coverage for the testcase without modifications.
++ F->ExecuteCallback(C.data(), C.size());
++ InitialFeatures.clear();
++ TPC.CollectFeatures([&](size_t Feature) -> bool {
++ InitialFeatures.push_back(Feature);
++ return true;
++ });
++
++ for (size_t i = 0; i < Dict.size(); ++i) {
++ auto Data = C;
++ auto StartPos = std::search(Data.begin(), Data.end(),
++ Dict[i].begin(), Dict[i].end());
++ // Skip dictionary unit, if the testcase does not contain it.
++ if (StartPos == Data.end())
++ continue;
++
++ ++Usages[i];
++ while (StartPos != Data.end()) {
++ // Replace all occurrences of dictionary unit in the testcase.
++ auto EndPos = StartPos + Dict[i].size();
++ for (auto It = StartPos; It != EndPos; ++It)
++ *It ^= 0xFF;
++
++ StartPos = std::search(EndPos, Data.end(),
++ Dict[i].begin(), Dict[i].end());
++ }
++
++ // Get coverage for testcase with masked occurrences of dictionary unit.
++ F->ExecuteCallback(Data.data(), Data.size());
++ ModifiedFeatures.clear();
++ TPC.CollectFeatures([&](size_t Feature) -> bool {
++ ModifiedFeatures.push_back(Feature);
++ return true;
++ });
++
++ if (InitialFeatures == ModifiedFeatures)
++ --Scores[i];
++ else
++ Scores[i] += 2;
++ }
++ }
++
++ Printf("###### Useless dictionary elements. ######\n");
++ for (size_t i = 0; i < Dict.size(); ++i) {
++ // Dictionary units with positive score are treated as useful ones.
++ if (Scores[i] > 0)
++ continue;
++
++ Printf("\"");
++ PrintASCII(Dict[i].data(), Dict[i].size(), "\"");
++ Printf(" # Score: %d, Used: %d\n", Scores[i], Usages[i]);
++ }
++ Printf("###### End of useless dictionary elements. ######\n");
++ return 0;
++}
++
++int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
++ using namespace fuzzer;
++ assert(argc && argv && "Argument pointers cannot be nullptr");
++ std::string Argv0((*argv)[0]);
++ EF = new ExternalFunctions();
++ if (EF->LLVMFuzzerInitialize)
++ EF->LLVMFuzzerInitialize(argc, argv);
++ const std::vector<std::string> Args(*argv, *argv + *argc);
++ assert(!Args.empty());
++ ProgName = new std::string(Args[0]);
++ if (Argv0 != *ProgName) {
++ Printf("ERROR: argv[0] has been modified in LLVMFuzzerInitialize\n");
++ exit(1);
++ }
++ ParseFlags(Args);
++ if (Flags.help) {
++ PrintHelp();
++ return 0;
++ }
++
++ if (Flags.close_fd_mask & 2)
++ DupAndCloseStderr();
++ if (Flags.close_fd_mask & 1)
++ CloseStdout();
++
++ if (Flags.jobs > 0 && Flags.workers == 0) {
++ Flags.workers = std::min(NumberOfCpuCores() / 2, Flags.jobs);
++ if (Flags.workers > 1)
++ Printf("Running %u workers\n", Flags.workers);
++ }
++
++ if (Flags.workers > 0 && Flags.jobs > 0)
++ return RunInMultipleProcesses(Args, Flags.workers, Flags.jobs);
++
++ const size_t kMaxSaneLen = 1 << 20;
++ const size_t kMinDefaultLen = 4096;
++ FuzzingOptions Options;
++ Options.Verbosity = Flags.verbosity;
++ Options.MaxLen = Flags.max_len;
++ Options.ExperimentalLenControl = Flags.experimental_len_control;
++ Options.UnitTimeoutSec = Flags.timeout;
++ Options.ErrorExitCode = Flags.error_exitcode;
++ Options.TimeoutExitCode = Flags.timeout_exitcode;
++ Options.MaxTotalTimeSec = Flags.max_total_time;
++ Options.DoCrossOver = Flags.cross_over;
++ Options.MutateDepth = Flags.mutate_depth;
++ Options.UseCounters = Flags.use_counters;
++ Options.UseIndirCalls = Flags.use_indir_calls;
++ Options.UseMemmem = Flags.use_memmem;
++ Options.UseCmp = Flags.use_cmp;
++ Options.UseValueProfile = Flags.use_value_profile;
++ Options.Shrink = Flags.shrink;
++ Options.ReduceInputs = Flags.reduce_inputs;
++ Options.ShuffleAtStartUp = Flags.shuffle;
++ Options.PreferSmall = Flags.prefer_small;
++ Options.ReloadIntervalSec = Flags.reload;
++ Options.OnlyASCII = Flags.only_ascii;
++ Options.DetectLeaks = Flags.detect_leaks;
++ Options.TraceMalloc = Flags.trace_malloc;
++ Options.RssLimitMb = Flags.rss_limit_mb;
++ if (Flags.runs >= 0)
++ Options.MaxNumberOfRuns = Flags.runs;
++ if (!Inputs->empty() && !Flags.minimize_crash_internal_step)
++ Options.OutputCorpus = (*Inputs)[0];
++ Options.ReportSlowUnits = Flags.report_slow_units;
++ if (Flags.artifact_prefix)
++ Options.ArtifactPrefix = Flags.artifact_prefix;
++ if (Flags.exact_artifact_path)
++ Options.ExactArtifactPath = Flags.exact_artifact_path;
++ std::vector<Unit> Dictionary;
++ if (Flags.dict)
++ if (!ParseDictionaryFile(FileToString(Flags.dict), &Dictionary))
++ return 1;
++ if (Flags.verbosity > 0 && !Dictionary.empty())
++ Printf("Dictionary: %zd entries\n", Dictionary.size());
++ bool DoPlainRun = AllInputsAreFiles();
++ Options.SaveArtifacts =
++ !DoPlainRun || Flags.minimize_crash_internal_step;
++ Options.PrintNewCovPcs = Flags.print_pcs;
++ Options.PrintFinalStats = Flags.print_final_stats;
++ Options.PrintCorpusStats = Flags.print_corpus_stats;
++ Options.PrintCoverage = Flags.print_coverage;
++ Options.DumpCoverage = Flags.dump_coverage;
++ if (Flags.exit_on_src_pos)
++ Options.ExitOnSrcPos = Flags.exit_on_src_pos;
++ if (Flags.exit_on_item)
++ Options.ExitOnItem = Flags.exit_on_item;
++
++ unsigned Seed = Flags.seed;
++ // Initialize Seed.
++ if (Seed == 0)
++ Seed =
++ std::chrono::system_clock::now().time_since_epoch().count() + GetPid();
++ if (Flags.verbosity)
++ Printf("INFO: Seed: %u\n", Seed);
++
++ Random Rand(Seed);
++ auto *MD = new MutationDispatcher(Rand, Options);
++ auto *Corpus = new InputCorpus(Options.OutputCorpus);
++ auto *F = new Fuzzer(Callback, *Corpus, *MD, Options);
++
++ for (auto &U: Dictionary)
++ if (U.size() <= Word::GetMaxSize())
++ MD->AddWordToManualDictionary(Word(U.data(), U.size()));
++
++ StartRssThread(F, Flags.rss_limit_mb);
++
++ Options.HandleAbrt = Flags.handle_abrt;
++ Options.HandleBus = Flags.handle_bus;
++ Options.HandleFpe = Flags.handle_fpe;
++ Options.HandleIll = Flags.handle_ill;
++ Options.HandleInt = Flags.handle_int;
++ Options.HandleSegv = Flags.handle_segv;
++ Options.HandleTerm = Flags.handle_term;
++ Options.HandleXfsz = Flags.handle_xfsz;
++ SetSignalHandler(Options);
++
++ std::atexit(Fuzzer::StaticExitCallback);
++
++ if (Flags.minimize_crash)
++ return MinimizeCrashInput(Args, Options);
++
++ if (Flags.minimize_crash_internal_step)
++ return MinimizeCrashInputInternalStep(F, Corpus);
++
++ if (Flags.cleanse_crash)
++ return CleanseCrashInput(Args, Options);
++
++ if (auto Name = Flags.run_equivalence_server) {
++ SMR.Destroy(Name);
++ if (!SMR.Create(Name)) {
++ Printf("ERROR: can't create shared memory region\n");
++ return 1;
++ }
++ Printf("INFO: EQUIVALENCE SERVER UP\n");
++ while (true) {
++ SMR.WaitClient();
++ size_t Size = SMR.ReadByteArraySize();
++ SMR.WriteByteArray(nullptr, 0);
++ const Unit tmp(SMR.GetByteArray(), SMR.GetByteArray() + Size);
++ F->ExecuteCallback(tmp.data(), tmp.size());
++ SMR.PostServer();
++ }
++ return 0;
++ }
++
++ if (auto Name = Flags.use_equivalence_server) {
++ if (!SMR.Open(Name)) {
++ Printf("ERROR: can't open shared memory region\n");
++ return 1;
++ }
++ Printf("INFO: EQUIVALENCE CLIENT UP\n");
++ }
++
++ if (DoPlainRun) {
++ Options.SaveArtifacts = false;
++ int Runs = std::max(1, Flags.runs);
++ Printf("%s: Running %zd inputs %d time(s) each.\n", ProgName->c_str(),
++ Inputs->size(), Runs);
++ for (auto &Path : *Inputs) {
++ auto StartTime = system_clock::now();
++ Printf("Running: %s\n", Path.c_str());
++ for (int Iter = 0; Iter < Runs; Iter++)
++ RunOneTest(F, Path.c_str(), Options.MaxLen);
++ auto StopTime = system_clock::now();
++ auto MS = duration_cast<milliseconds>(StopTime - StartTime).count();
++ Printf("Executed %s in %zd ms\n", Path.c_str(), (long)MS);
++ }
++ Printf("***\n"
++ "*** NOTE: fuzzing was not performed, you have only\n"
++ "*** executed the target code on a fixed set of inputs.\n"
++ "***\n");
++ F->PrintFinalStats();
++ exit(0);
++ }
++
++ if (Flags.merge) {
++ if (Options.MaxLen == 0)
++ F->SetMaxInputLen(kMaxSaneLen);
++ if (Flags.merge_control_file)
++ F->CrashResistantMergeInternalStep(Flags.merge_control_file);
++ else
++ F->CrashResistantMerge(Args, *Inputs,
++ Flags.load_coverage_summary,
++ Flags.save_coverage_summary);
++ exit(0);
++ }
++
++ size_t TemporaryMaxLen = Options.MaxLen ? Options.MaxLen : kMaxSaneLen;
++
++ UnitVector InitialCorpus;
++ for (auto &Inp : *Inputs) {
++ Printf("Loading corpus dir: %s\n", Inp.c_str());
++ ReadDirToVectorOfUnits(Inp.c_str(), &InitialCorpus, nullptr,
++ TemporaryMaxLen, /*ExitOnError=*/false);
++ }
++
++ if (Flags.analyze_dict) {
++ if (Dictionary.empty() || Inputs->empty()) {
++ Printf("ERROR: can't analyze dict without dict and corpus provided\n");
++ return 1;
++ }
++ if (AnalyzeDictionary(F, Dictionary, InitialCorpus)) {
++ Printf("Dictionary analysis failed\n");
++ exit(1);
++ }
++ Printf("Dictionary analysis suceeded\n");
++ exit(0);
++ }
++
++ if (Options.MaxLen == 0) {
++ size_t MaxLen = 0;
++ for (auto &U : InitialCorpus)
++ MaxLen = std::max(U.size(), MaxLen);
++ F->SetMaxInputLen(std::min(std::max(kMinDefaultLen, MaxLen), kMaxSaneLen));
++ }
++
++ if (InitialCorpus.empty()) {
++ InitialCorpus.push_back(Unit({'\n'})); // Valid ASCII input.
++ if (Options.Verbosity)
++ Printf("INFO: A corpus is not provided, starting from an empty corpus\n");
++ }
++ F->ShuffleAndMinimize(&InitialCorpus);
++ InitialCorpus.clear(); // Don't need this memory any more.
++ F->Loop();
++
++ if (Flags.verbosity)
++ Printf("Done %zd runs in %zd second(s)\n", F->getTotalNumberOfRuns(),
++ F->secondsSinceProcessStartUp());
++ F->PrintFinalStats();
++
++ exit(0); // Don't let F destroy itself.
++}
++
++// Storage for global ExternalFunctions object.
++ExternalFunctions *EF = nullptr;
++
++} // namespace fuzzer
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctions.def b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctions.def
new file mode 100644
index 0000000000..cd35a44192
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctions.def
@@ -0,0 +1,51 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerExtFunctions.def.orig 2017-08-19 18:02:19.276859462 +0000
++++ lib/fuzzer/FuzzerExtFunctions.def
+@@ -0,0 +1,46 @@
++//===- FuzzerExtFunctions.def - External functions --------------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// This defines the external function pointers that
++// ``fuzzer::ExternalFunctions`` should contain and try to initialize. The
++// EXT_FUNC macro must be defined at the point of inclusion. The signature of
++// the macro is:
++//
++// EXT_FUNC(<name>, <return_type>, <function_signature>, <warn_if_missing>)
++//===----------------------------------------------------------------------===//
++
++// Optional user functions
++EXT_FUNC(LLVMFuzzerInitialize, int, (int *argc, char ***argv), false);
++EXT_FUNC(LLVMFuzzerCustomMutator, size_t,
++ (uint8_t * Data, size_t Size, size_t MaxSize, unsigned int Seed),
++ false);
++EXT_FUNC(LLVMFuzzerCustomCrossOver, size_t,
++ (const uint8_t * Data1, size_t Size1,
++ const uint8_t * Data2, size_t Size2,
++ uint8_t * Out, size_t MaxOutSize, unsigned int Seed),
++ false);
++
++// Sanitizer functions
++EXT_FUNC(__lsan_enable, void, (), false);
++EXT_FUNC(__lsan_disable, void, (), false);
++EXT_FUNC(__lsan_do_recoverable_leak_check, int, (), false);
++EXT_FUNC(__sanitizer_install_malloc_and_free_hooks, int,
++ (void (*malloc_hook)(const volatile void *, size_t),
++ void (*free_hook)(const volatile void *)),
++ false);
++EXT_FUNC(__sanitizer_print_memory_profile, int, (size_t, size_t), false);
++EXT_FUNC(__sanitizer_print_stack_trace, void, (), true);
++EXT_FUNC(__sanitizer_symbolize_pc, void,
++ (void *, const char *fmt, char *out_buf, size_t out_buf_size), false);
++EXT_FUNC(__sanitizer_get_module_and_offset_for_pc, int,
++ (void *pc, char *module_path,
++ size_t module_path_len,void **pc_offset), false);
++EXT_FUNC(__sanitizer_set_death_callback, void, (void (*)(void)), true);
++EXT_FUNC(__sanitizer_set_report_fd, void, (void*), false);
++EXT_FUNC(__sanitizer_dump_coverage, void, (const uintptr_t *, uintptr_t),
++ false);
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctions.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctions.h
new file mode 100644
index 0000000000..725c501c7a
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctions.h
@@ -0,0 +1,40 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerExtFunctions.h.orig 2017-08-19 18:02:19.276759855 +0000
++++ lib/fuzzer/FuzzerExtFunctions.h
+@@ -0,0 +1,35 @@
++//===- FuzzerExtFunctions.h - Interface to external functions ---*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Defines an interface to (possibly optional) functions.
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_EXT_FUNCTIONS_H
++#define LLVM_FUZZER_EXT_FUNCTIONS_H
++
++#include <stddef.h>
++#include <stdint.h>
++
++namespace fuzzer {
++
++struct ExternalFunctions {
++ // Initialize function pointers. Functions that are not available will be set
++ // to nullptr. Do not call this constructor before ``main()`` has been
++ // entered.
++ ExternalFunctions();
++
++#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
++ RETURN_TYPE(*NAME) FUNC_SIG = nullptr
++
++#include "FuzzerExtFunctions.def"
++
++#undef EXT_FUNC
++};
++} // namespace fuzzer
++
++#endif
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsDlsym.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsDlsym.cpp
new file mode 100644
index 0000000000..b3b6679c45
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsDlsym.cpp
@@ -0,0 +1,57 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerExtFunctionsDlsym.cpp.orig 2017-08-19 18:02:19.276956803 +0000
++++ lib/fuzzer/FuzzerExtFunctionsDlsym.cpp
+@@ -0,0 +1,52 @@
++//===- FuzzerExtFunctionsDlsym.cpp - Interface to external functions ------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Implementation for operating systems that support dlsym(). We only use it on
++// Apple platforms for now. We don't use this approach on Linux because it
++// requires that clients of LibFuzzer pass ``--export-dynamic`` to the linker.
++// That is a complication we don't wish to expose to clients right now.
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_APPLE
++
++#include "FuzzerExtFunctions.h"
++#include "FuzzerIO.h"
++#include <dlfcn.h>
++
++using namespace fuzzer;
++
++template <typename T>
++static T GetFnPtr(const char *FnName, bool WarnIfMissing) {
++ dlerror(); // Clear any previous errors.
++ void *Fn = dlsym(RTLD_DEFAULT, FnName);
++ if (Fn == nullptr) {
++ if (WarnIfMissing) {
++ const char *ErrorMsg = dlerror();
++ Printf("WARNING: Failed to find function \"%s\".", FnName);
++ if (ErrorMsg)
++ Printf(" Reason %s.", ErrorMsg);
++ Printf("\n");
++ }
++ }
++ return reinterpret_cast<T>(Fn);
++}
++
++namespace fuzzer {
++
++ExternalFunctions::ExternalFunctions() {
++#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
++ this->NAME = GetFnPtr<decltype(ExternalFunctions::NAME)>(#NAME, WARN)
++
++#include "FuzzerExtFunctions.def"
++
++#undef EXT_FUNC
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_APPLE
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsDlsymWin.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsDlsymWin.cpp
new file mode 100644
index 0000000000..ed655ade97
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsDlsymWin.cpp
@@ -0,0 +1,67 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerExtFunctionsDlsymWin.cpp.orig 2017-08-19 18:02:19.277056758 +0000
++++ lib/fuzzer/FuzzerExtFunctionsDlsymWin.cpp
+@@ -0,0 +1,62 @@
++//===- FuzzerExtFunctionsDlsymWin.cpp - Interface to external functions ---===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Implementation using dynamic loading for Windows.
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_WINDOWS
++
++#include "FuzzerExtFunctions.h"
++#include "FuzzerIO.h"
++#include "Windows.h"
++
++// This must be included after Windows.h.
++#include "Psapi.h"
++
++namespace fuzzer {
++
++ExternalFunctions::ExternalFunctions() {
++ HMODULE Modules[1024];
++ DWORD BytesNeeded;
++ HANDLE CurrentProcess = GetCurrentProcess();
++
++ if (!EnumProcessModules(CurrentProcess, Modules, sizeof(Modules),
++ &BytesNeeded)) {
++ Printf("EnumProcessModules failed (error: %d).\n", GetLastError());
++ exit(1);
++ }
++
++ if (sizeof(Modules) < BytesNeeded) {
++ Printf("Error: the array is not big enough to hold all loaded modules.\n");
++ exit(1);
++ }
++
++ for (size_t i = 0; i < (BytesNeeded / sizeof(HMODULE)); i++)
++ {
++ FARPROC Fn;
++#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
++ if (this->NAME == nullptr) { \
++ Fn = GetProcAddress(Modules[i], #NAME); \
++ if (Fn == nullptr) \
++ Fn = GetProcAddress(Modules[i], #NAME "__dll"); \
++ this->NAME = (decltype(ExternalFunctions::NAME)) Fn; \
++ }
++#include "FuzzerExtFunctions.def"
++#undef EXT_FUNC
++ }
++
++#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
++ if (this->NAME == nullptr && WARN) \
++ Printf("WARNING: Failed to find function \"%s\".\n", #NAME);
++#include "FuzzerExtFunctions.def"
++#undef EXT_FUNC
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_WINDOWS
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsWeak.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsWeak.cpp
new file mode 100644
index 0000000000..9b91c8b070
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsWeak.cpp
@@ -0,0 +1,59 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerExtFunctionsWeak.cpp.orig 2017-08-19 18:02:19.277155657 +0000
++++ lib/fuzzer/FuzzerExtFunctionsWeak.cpp
+@@ -0,0 +1,54 @@
++//===- FuzzerExtFunctionsWeak.cpp - Interface to external functions -------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Implementation for Linux. This relies on the linker's support for weak
++// symbols. We don't use this approach on Apple platforms because it requires
++// clients of LibFuzzer to pass ``-U _<symbol_name>`` to the linker to allow
++// weak symbols to be undefined. That is a complication we don't want to expose
++// to clients right now.
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_LINUX
++
++#include "FuzzerExtFunctions.h"
++#include "FuzzerIO.h"
++
++extern "C" {
++// Declare these symbols as weak to allow them to be optionally defined.
++#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
++ __attribute__((weak)) RETURN_TYPE NAME FUNC_SIG
++
++#include "FuzzerExtFunctions.def"
++
++#undef EXT_FUNC
++}
++
++using namespace fuzzer;
++
++static void CheckFnPtr(void *FnPtr, const char *FnName, bool WarnIfMissing) {
++ if (FnPtr == nullptr && WarnIfMissing) {
++ Printf("WARNING: Failed to find function \"%s\".\n", FnName);
++ }
++}
++
++namespace fuzzer {
++
++ExternalFunctions::ExternalFunctions() {
++#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
++ this->NAME = ::NAME; \
++ CheckFnPtr(reinterpret_cast<void *>(reinterpret_cast<uintptr_t>(::NAME)), \
++ #NAME, WARN);
++
++#include "FuzzerExtFunctions.def"
++
++#undef EXT_FUNC
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_LINUX
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsWeakAlias.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsWeakAlias.cpp
new file mode 100644
index 0000000000..5300fb0812
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtFunctionsWeakAlias.cpp
@@ -0,0 +1,61 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerExtFunctionsWeakAlias.cpp.orig 2017-08-19 18:02:19.277269311 +0000
++++ lib/fuzzer/FuzzerExtFunctionsWeakAlias.cpp
+@@ -0,0 +1,56 @@
++//===- FuzzerExtFunctionsWeakAlias.cpp - Interface to external functions --===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Implementation using weak aliases. Works for Windows.
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_WINDOWS
++
++#include "FuzzerExtFunctions.h"
++#include "FuzzerIO.h"
++
++using namespace fuzzer;
++
++extern "C" {
++// Declare these symbols as weak to allow them to be optionally defined.
++#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
++ RETURN_TYPE NAME##Def FUNC_SIG { \
++ Printf("ERROR: Function \"%s\" not defined.\n", #NAME); \
++ exit(1); \
++ } \
++ RETURN_TYPE NAME FUNC_SIG __attribute__((weak, alias(#NAME "Def")));
++
++#include "FuzzerExtFunctions.def"
++
++#undef EXT_FUNC
++}
++
++template <typename T>
++static T *GetFnPtr(T *Fun, T *FunDef, const char *FnName, bool WarnIfMissing) {
++ if (Fun == FunDef) {
++ if (WarnIfMissing)
++ Printf("WARNING: Failed to find function \"%s\".\n", FnName);
++ return nullptr;
++ }
++ return Fun;
++}
++
++namespace fuzzer {
++
++ExternalFunctions::ExternalFunctions() {
++#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
++ this->NAME = GetFnPtr<decltype(::NAME)>(::NAME, ::NAME##Def, #NAME, WARN);
++
++#include "FuzzerExtFunctions.def"
++
++#undef EXT_FUNC
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_WINDOWS
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtraCounters.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtraCounters.cpp
new file mode 100644
index 0000000000..33bd28e839
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerExtraCounters.cpp
@@ -0,0 +1,46 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerExtraCounters.cpp.orig 2017-08-19 18:02:19.277368365 +0000
++++ lib/fuzzer/FuzzerExtraCounters.cpp
+@@ -0,0 +1,41 @@
++//===- FuzzerExtraCounters.cpp - Extra coverage counters ------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Extra coverage counters defined by user code.
++//===----------------------------------------------------------------------===//
++
++#include "FuzzerDefs.h"
++
++#if LIBFUZZER_LINUX
++__attribute__((weak)) extern uint8_t __start___libfuzzer_extra_counters;
++__attribute__((weak)) extern uint8_t __stop___libfuzzer_extra_counters;
++
++namespace fuzzer {
++uint8_t *ExtraCountersBegin() { return &__start___libfuzzer_extra_counters; }
++uint8_t *ExtraCountersEnd() { return &__stop___libfuzzer_extra_counters; }
++ATTRIBUTE_NO_SANITIZE_ALL
++void ClearExtraCounters() { // hand-written memset, don't asan-ify.
++ uintptr_t *Beg = reinterpret_cast<uintptr_t*>(ExtraCountersBegin());
++ uintptr_t *End = reinterpret_cast<uintptr_t*>(ExtraCountersEnd());
++ for (; Beg < End; Beg++) {
++ *Beg = 0;
++ __asm__ __volatile__("" : : : "memory");
++ }
++}
++
++} // namespace fuzzer
++
++#else
++// TODO: implement for other platforms.
++namespace fuzzer {
++uint8_t *ExtraCountersBegin() { return nullptr; }
++uint8_t *ExtraCountersEnd() { return nullptr; }
++void ClearExtraCounters() {}
++} // namespace fuzzer
++
++#endif
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerFlags.def b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerFlags.def
new file mode 100644
index 0000000000..8ad4e867af
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerFlags.def
@@ -0,0 +1,144 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerFlags.def.orig 2017-08-19 18:02:19.277490553 +0000
++++ lib/fuzzer/FuzzerFlags.def
+@@ -0,0 +1,139 @@
++//===- FuzzerFlags.def - Run-time flags -------------------------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Flags. FUZZER_FLAG_INT/FUZZER_FLAG_STRING macros should be defined at the
++// point of inclusion. We are not using any flag parsing library for better
++// portability and independence.
++//===----------------------------------------------------------------------===//
++FUZZER_FLAG_INT(verbosity, 1, "Verbosity level.")
++FUZZER_FLAG_UNSIGNED(seed, 0, "Random seed. If 0, seed is generated.")
++FUZZER_FLAG_INT(runs, -1,
++ "Number of individual test runs (-1 for infinite runs).")
++FUZZER_FLAG_INT(max_len, 0, "Maximum length of the test input. "
++ "If 0, libFuzzer tries to guess a good value based on the corpus "
++ "and reports it. ")
++FUZZER_FLAG_INT(experimental_len_control, 0, "experimental flag")
++FUZZER_FLAG_INT(cross_over, 1, "If 1, cross over inputs.")
++FUZZER_FLAG_INT(mutate_depth, 5,
++ "Apply this number of consecutive mutations to each input.")
++FUZZER_FLAG_INT(shuffle, 1, "Shuffle inputs at startup")
++FUZZER_FLAG_INT(prefer_small, 1,
++ "If 1, always prefer smaller inputs during the corpus shuffle.")
++FUZZER_FLAG_INT(
++ timeout, 1200,
++ "Timeout in seconds (if positive). "
++ "If one unit runs more than this number of seconds the process will abort.")
++FUZZER_FLAG_INT(error_exitcode, 77, "When libFuzzer itself reports a bug "
++ "this exit code will be used.")
++FUZZER_FLAG_INT(timeout_exitcode, 77, "When libFuzzer reports a timeout "
++ "this exit code will be used.")
++FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total "
++ "time in seconds to run the fuzzer.")
++FUZZER_FLAG_INT(help, 0, "Print help.")
++FUZZER_FLAG_INT(merge, 0, "If 1, the 2-nd, 3-rd, etc corpora will be "
++ "merged into the 1-st corpus. Only interesting units will be taken. "
++ "This flag can be used to minimize a corpus.")
++FUZZER_FLAG_STRING(merge_control_file, "internal flag")
++FUZZER_FLAG_STRING(save_coverage_summary, "Experimental:"
++ " save coverage summary to a given file."
++ " Used with -merge=1")
++FUZZER_FLAG_STRING(load_coverage_summary, "Experimental:"
++ " load coverage summary from a given file."
++ " Treat this coverage as belonging to the first corpus. "
++ " Used with -merge=1")
++FUZZER_FLAG_INT(minimize_crash, 0, "If 1, minimizes the provided"
++ " crash input. Use with -runs=N or -max_total_time=N to limit "
++ "the number attempts."
++ " Use with -exact_artifact_path to specify the output."
++ " Combine with ASAN_OPTIONS=dedup_token_length=3 (or similar) to ensure that"
++ " the minimized input triggers the same crash."
++ )
++FUZZER_FLAG_INT(cleanse_crash, 0, "If 1, tries to cleanse the provided"
++ " crash input to make it contain fewer original bytes."
++ " Use with -exact_artifact_path to specify the output."
++ )
++FUZZER_FLAG_INT(minimize_crash_internal_step, 0, "internal flag")
++FUZZER_FLAG_INT(use_counters, 1, "Use coverage counters")
++FUZZER_FLAG_INT(use_indir_calls, 1, "Use indirect caller-callee counters")
++FUZZER_FLAG_INT(use_memmem, 1,
++ "Use hints from intercepting memmem, strstr, etc")
++FUZZER_FLAG_INT(use_value_profile, 0,
++ "Experimental. Use value profile to guide fuzzing.")
++FUZZER_FLAG_INT(use_cmp, 1, "Use CMP traces to guide mutations")
++FUZZER_FLAG_INT(shrink, 0, "Experimental. Try to shrink corpus inputs.")
++FUZZER_FLAG_INT(reduce_inputs, 1,
++ "Try to reduce the size of inputs while preserving their full feature sets")
++FUZZER_FLAG_UNSIGNED(jobs, 0, "Number of jobs to run. If jobs >= 1 we spawn"
++ " this number of jobs in separate worker processes"
++ " with stdout/stderr redirected to fuzz-JOB.log.")
++FUZZER_FLAG_UNSIGNED(workers, 0,
++ "Number of simultaneous worker processes to run the jobs."
++ " If zero, \"min(jobs,NumberOfCpuCores()/2)\" is used.")
++FUZZER_FLAG_INT(reload, 1,
++ "Reload the main corpus every <N> seconds to get new units"
++ " discovered by other processes. If 0, disabled")
++FUZZER_FLAG_INT(report_slow_units, 10,
++ "Report slowest units if they run for more than this number of seconds.")
++FUZZER_FLAG_INT(only_ascii, 0,
++ "If 1, generate only ASCII (isprint+isspace) inputs.")
++FUZZER_FLAG_STRING(dict, "Experimental. Use the dictionary file.")
++FUZZER_FLAG_STRING(artifact_prefix, "Write fuzzing artifacts (crash, "
++ "timeout, or slow inputs) as "
++ "$(artifact_prefix)file")
++FUZZER_FLAG_STRING(exact_artifact_path,
++ "Write the single artifact on failure (crash, timeout) "
++ "as $(exact_artifact_path). This overrides -artifact_prefix "
++ "and will not use checksum in the file name. Do not "
++ "use the same path for several parallel processes.")
++FUZZER_FLAG_INT(print_pcs, 0, "If 1, print out newly covered PCs.")
++FUZZER_FLAG_INT(print_final_stats, 0, "If 1, print statistics at exit.")
++FUZZER_FLAG_INT(print_corpus_stats, 0,
++ "If 1, print statistics on corpus elements at exit.")
++FUZZER_FLAG_INT(print_coverage, 0, "If 1, print coverage information as text"
++ " at exit.")
++FUZZER_FLAG_INT(dump_coverage, 0, "If 1, dump coverage information as a"
++ " .sancov file at exit.")
++FUZZER_FLAG_INT(handle_segv, 1, "If 1, try to intercept SIGSEGV.")
++FUZZER_FLAG_INT(handle_bus, 1, "If 1, try to intercept SIGBUS.")
++FUZZER_FLAG_INT(handle_abrt, 1, "If 1, try to intercept SIGABRT.")
++FUZZER_FLAG_INT(handle_ill, 1, "If 1, try to intercept SIGILL.")
++FUZZER_FLAG_INT(handle_fpe, 1, "If 1, try to intercept SIGFPE.")
++FUZZER_FLAG_INT(handle_int, 1, "If 1, try to intercept SIGINT.")
++FUZZER_FLAG_INT(handle_term, 1, "If 1, try to intercept SIGTERM.")
++FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
++FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; "
++ "if 2, close stderr; if 3, close both. "
++ "Be careful, this will also close e.g. asan's stderr/stdout.")
++FUZZER_FLAG_INT(detect_leaks, 1, "If 1, and if LeakSanitizer is enabled "
++ "try to detect memory leaks during fuzzing (i.e. not only at shut down).")
++FUZZER_FLAG_INT(trace_malloc, 0, "If >= 1 will print all mallocs/frees. "
++ "If >= 2 will also print stack traces.")
++FUZZER_FLAG_INT(rss_limit_mb, 2048, "If non-zero, the fuzzer will exit upon"
++ "reaching this limit of RSS memory usage.")
++FUZZER_FLAG_STRING(exit_on_src_pos, "Exit if a newly found PC originates"
++ " from the given source location. Example: -exit_on_src_pos=foo.cc:123. "
++ "Used primarily for testing libFuzzer itself.")
++FUZZER_FLAG_STRING(exit_on_item, "Exit if an item with a given sha1 sum"
++ " was added to the corpus. "
++ "Used primarily for testing libFuzzer itself.")
++FUZZER_FLAG_INT(ignore_remaining_args, 0, "If 1, ignore all arguments passed "
++ "after this one. Useful for fuzzers that need to do their own "
++ "argument parsing.")
++
++FUZZER_FLAG_STRING(run_equivalence_server, "Experimental")
++FUZZER_FLAG_STRING(use_equivalence_server, "Experimental")
++FUZZER_FLAG_INT(analyze_dict, 0, "Experimental")
++
++FUZZER_DEPRECATED_FLAG(exit_on_first)
++FUZZER_DEPRECATED_FLAG(save_minimized_corpus)
++FUZZER_DEPRECATED_FLAG(sync_command)
++FUZZER_DEPRECATED_FLAG(sync_timeout)
++FUZZER_DEPRECATED_FLAG(test_single_input)
++FUZZER_DEPRECATED_FLAG(drill)
++FUZZER_DEPRECATED_FLAG(truncate_units)
++FUZZER_DEPRECATED_FLAG(output_csv)
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIO.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIO.cpp
new file mode 100644
index 0000000000..23ce1f0b45
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIO.cpp
@@ -0,0 +1,125 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerIO.cpp.orig 2017-08-19 18:02:19.277703424 +0000
++++ lib/fuzzer/FuzzerIO.cpp
+@@ -0,0 +1,120 @@
++//===- FuzzerIO.cpp - IO utils. -------------------------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// IO functions.
++//===----------------------------------------------------------------------===//
++
++#include "FuzzerIO.h"
++#include "FuzzerDefs.h"
++#include "FuzzerExtFunctions.h"
++#include <algorithm>
++#include <cstdarg>
++#include <fstream>
++#include <iterator>
++#include <sys/stat.h>
++#include <sys/types.h>
++
++namespace fuzzer {
++
++static FILE *OutputFile = stderr;
++
++long GetEpoch(const std::string &Path) {
++ struct stat St;
++ if (stat(Path.c_str(), &St))
++ return 0; // Can't stat, be conservative.
++ return St.st_mtime;
++}
++
++Unit FileToVector(const std::string &Path, size_t MaxSize, bool ExitOnError) {
++ std::ifstream T(Path);
++ if (ExitOnError && !T) {
++ Printf("No such directory: %s; exiting\n", Path.c_str());
++ exit(1);
++ }
++
++ T.seekg(0, T.end);
++ auto EndPos = T.tellg();
++ if (EndPos < 0) return {};
++ size_t FileLen = EndPos;
++ if (MaxSize)
++ FileLen = std::min(FileLen, MaxSize);
++
++ T.seekg(0, T.beg);
++ Unit Res(FileLen);
++ T.read(reinterpret_cast<char *>(Res.data()), FileLen);
++ return Res;
++}
++
++std::string FileToString(const std::string &Path) {
++ std::ifstream T(Path);
++ return std::string((std::istreambuf_iterator<char>(T)),
++ std::istreambuf_iterator<char>());
++}
++
++void CopyFileToErr(const std::string &Path) {
++ Printf("%s", FileToString(Path).c_str());
++}
++
++void WriteToFile(const Unit &U, const std::string &Path) {
++ // Use raw C interface because this function may be called from a sig handler.
++ FILE *Out = fopen(Path.c_str(), "w");
++ if (!Out) return;
++ fwrite(U.data(), sizeof(U[0]), U.size(), Out);
++ fclose(Out);
++}
++
++void ReadDirToVectorOfUnits(const char *Path, std::vector<Unit> *V,
++ long *Epoch, size_t MaxSize, bool ExitOnError) {
++ long E = Epoch ? *Epoch : 0;
++ std::vector<std::string> Files;
++ ListFilesInDirRecursive(Path, Epoch, &Files, /*TopDir*/true);
++ size_t NumLoaded = 0;
++ for (size_t i = 0; i < Files.size(); i++) {
++ auto &X = Files[i];
++ if (Epoch && GetEpoch(X) < E) continue;
++ NumLoaded++;
++ if ((NumLoaded & (NumLoaded - 1)) == 0 && NumLoaded >= 1024)
++ Printf("Loaded %zd/%zd files from %s\n", NumLoaded, Files.size(), Path);
++ auto S = FileToVector(X, MaxSize, ExitOnError);
++ if (!S.empty())
++ V->push_back(S);
++ }
++}
++
++std::string DirPlusFile(const std::string &DirPath,
++ const std::string &FileName) {
++ return DirPath + GetSeparator() + FileName;
++}
++
++void DupAndCloseStderr() {
++ int OutputFd = DuplicateFile(2);
++ if (OutputFd > 0) {
++ FILE *NewOutputFile = OpenFile(OutputFd, "w");
++ if (NewOutputFile) {
++ OutputFile = NewOutputFile;
++ if (EF->__sanitizer_set_report_fd)
++ EF->__sanitizer_set_report_fd(
++ reinterpret_cast<void *>(GetHandleFromFd(OutputFd)));
++ DiscardOutput(2);
++ }
++ }
++}
++
++void CloseStdout() {
++ DiscardOutput(1);
++}
++
++void Printf(const char *Fmt, ...) {
++ va_list ap;
++ va_start(ap, Fmt);
++ vfprintf(OutputFile, Fmt, ap);
++ va_end(ap);
++ fflush(OutputFile);
++}
++
++} // namespace fuzzer
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIO.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIO.h
new file mode 100644
index 0000000000..740e9289ed
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIO.h
@@ -0,0 +1,81 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerIO.h.orig 2017-08-19 18:02:19.277594839 +0000
++++ lib/fuzzer/FuzzerIO.h
+@@ -0,0 +1,76 @@
++//===- FuzzerIO.h - Internal header for IO utils ----------------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// IO interface.
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_IO_H
++#define LLVM_FUZZER_IO_H
++
++#include "FuzzerDefs.h"
++
++namespace fuzzer {
++
++long GetEpoch(const std::string &Path);
++
++Unit FileToVector(const std::string &Path, size_t MaxSize = 0,
++ bool ExitOnError = true);
++
++std::string FileToString(const std::string &Path);
++
++void CopyFileToErr(const std::string &Path);
++
++void WriteToFile(const Unit &U, const std::string &Path);
++
++void ReadDirToVectorOfUnits(const char *Path, std::vector<Unit> *V,
++ long *Epoch, size_t MaxSize, bool ExitOnError);
++
++// Returns "Dir/FileName" or equivalent for the current OS.
++std::string DirPlusFile(const std::string &DirPath,
++ const std::string &FileName);
++
++// Returns the name of the dir, similar to the 'dirname' utility.
++std::string DirName(const std::string &FileName);
++
++// Returns path to a TmpDir.
++std::string TmpDir();
++
++bool IsInterestingCoverageFile(const std::string &FileName);
++
++void DupAndCloseStderr();
++
++void CloseStdout();
++
++void Printf(const char *Fmt, ...);
++
++// Print using raw syscalls, useful when printing at early init stages.
++void RawPrint(const char *Str);
++
++// Platform specific functions:
++bool IsFile(const std::string &Path);
++
++void ListFilesInDirRecursive(const std::string &Dir, long *Epoch,
++ std::vector<std::string> *V, bool TopDir);
++
++char GetSeparator();
++
++FILE* OpenFile(int Fd, const char *Mode);
++
++int CloseFile(int Fd);
++
++int DuplicateFile(int Fd);
++
++void RemoveFile(const std::string &Path);
++
++void DiscardOutput(int Fd);
++
++intptr_t GetHandleFromFd(int fd);
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_IO_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIOPosix.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIOPosix.cpp
new file mode 100644
index 0000000000..6a0ad158a2
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIOPosix.cpp
@@ -0,0 +1,128 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerIOPosix.cpp.orig 2017-08-19 18:02:19.277813883 +0000
++++ lib/fuzzer/FuzzerIOPosix.cpp
+@@ -0,0 +1,123 @@
++//===- FuzzerIOPosix.cpp - IO utils for Posix. ----------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// IO functions implementation using Posix API.
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_POSIX
++
++#include "FuzzerExtFunctions.h"
++#include "FuzzerIO.h"
++#include <cstdarg>
++#include <cstdio>
++#include <dirent.h>
++#include <fstream>
++#include <iterator>
++#include <libgen.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <unistd.h>
++
++namespace fuzzer {
++
++bool IsFile(const std::string &Path) {
++ struct stat St;
++ if (stat(Path.c_str(), &St))
++ return false;
++ return S_ISREG(St.st_mode);
++}
++
++void ListFilesInDirRecursive(const std::string &Dir, long *Epoch,
++ std::vector<std::string> *V, bool TopDir) {
++ auto E = GetEpoch(Dir);
++ if (Epoch)
++ if (E && *Epoch >= E) return;
++
++ DIR *D = opendir(Dir.c_str());
++ if (!D) {
++ Printf("No such directory: %s; exiting\n", Dir.c_str());
++ exit(1);
++ }
++ while (auto E = readdir(D)) {
++ std::string Path = DirPlusFile(Dir, E->d_name);
++ if (E->d_type == DT_REG || E->d_type == DT_LNK)
++ V->push_back(Path);
++ else if (E->d_type == DT_DIR && *E->d_name != '.')
++ ListFilesInDirRecursive(Path, Epoch, V, false);
++ }
++ closedir(D);
++ if (Epoch && TopDir)
++ *Epoch = E;
++}
++
++char GetSeparator() {
++ return '/';
++}
++
++FILE* OpenFile(int Fd, const char* Mode) {
++ return fdopen(Fd, Mode);
++}
++
++int CloseFile(int fd) {
++ return close(fd);
++}
++
++int DuplicateFile(int Fd) {
++ return dup(Fd);
++}
++
++void RemoveFile(const std::string &Path) {
++ unlink(Path.c_str());
++}
++
++void DiscardOutput(int Fd) {
++ FILE* Temp = fopen("/dev/null", "w");
++ if (!Temp)
++ return;
++ dup2(fileno(Temp), Fd);
++ fclose(Temp);
++}
++
++intptr_t GetHandleFromFd(int fd) {
++ return static_cast<intptr_t>(fd);
++}
++
++std::string DirName(const std::string &FileName) {
++ char *Tmp = new char[FileName.size() + 1];
++ memcpy(Tmp, FileName.c_str(), FileName.size() + 1);
++ std::string Res = dirname(Tmp);
++ delete [] Tmp;
++ return Res;
++}
++
++std::string TmpDir() {
++ if (auto Env = getenv("TMPDIR"))
++ return Env;
++ return "/tmp";
++}
++
++bool IsInterestingCoverageFile(const std::string &FileName) {
++ if (FileName.find("compiler-rt/lib/") != std::string::npos)
++ return false; // sanitizer internal.
++ if (FileName.find("/usr/lib/") != std::string::npos)
++ return false;
++ if (FileName.find("/usr/include/") != std::string::npos)
++ return false;
++ if (FileName == "<null>")
++ return false;
++ return true;
++}
++
++
++void RawPrint(const char *Str) {
++ write(2, Str, strlen(Str));
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_POSIX
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIOWindows.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIOWindows.cpp
new file mode 100644
index 0000000000..a13fca55f9
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerIOWindows.cpp
@@ -0,0 +1,328 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerIOWindows.cpp.orig 2017-08-19 18:02:19.277972513 +0000
++++ lib/fuzzer/FuzzerIOWindows.cpp
+@@ -0,0 +1,323 @@
++//===- FuzzerIOWindows.cpp - IO utils for Windows. ------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// IO functions implementation for Windows.
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_WINDOWS
++
++#include "FuzzerExtFunctions.h"
++#include "FuzzerIO.h"
++#include <cstdarg>
++#include <cstdio>
++#include <fstream>
++#include <io.h>
++#include <iterator>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <windows.h>
++
++namespace fuzzer {
++
++static bool IsFile(const std::string &Path, const DWORD &FileAttributes) {
++
++ if (FileAttributes & FILE_ATTRIBUTE_NORMAL)
++ return true;
++
++ if (FileAttributes & FILE_ATTRIBUTE_DIRECTORY)
++ return false;
++
++ HANDLE FileHandle(
++ CreateFileA(Path.c_str(), 0, FILE_SHARE_READ, NULL, OPEN_EXISTING,
++ FILE_FLAG_BACKUP_SEMANTICS, 0));
++
++ if (FileHandle == INVALID_HANDLE_VALUE) {
++ Printf("CreateFileA() failed for \"%s\" (Error code: %lu).\n", Path.c_str(),
++ GetLastError());
++ return false;
++ }
++
++ DWORD FileType = GetFileType(FileHandle);
++
++ if (FileType == FILE_TYPE_UNKNOWN) {
++ Printf("GetFileType() failed for \"%s\" (Error code: %lu).\n", Path.c_str(),
++ GetLastError());
++ CloseHandle(FileHandle);
++ return false;
++ }
++
++ if (FileType != FILE_TYPE_DISK) {
++ CloseHandle(FileHandle);
++ return false;
++ }
++
++ CloseHandle(FileHandle);
++ return true;
++}
++
++bool IsFile(const std::string &Path) {
++ DWORD Att = GetFileAttributesA(Path.c_str());
++
++ if (Att == INVALID_FILE_ATTRIBUTES) {
++ Printf("GetFileAttributesA() failed for \"%s\" (Error code: %lu).\n",
++ Path.c_str(), GetLastError());
++ return false;
++ }
++
++ return IsFile(Path, Att);
++}
++
++void ListFilesInDirRecursive(const std::string &Dir, long *Epoch,
++ std::vector<std::string> *V, bool TopDir) {
++ auto E = GetEpoch(Dir);
++ if (Epoch)
++ if (E && *Epoch >= E) return;
++
++ std::string Path(Dir);
++ assert(!Path.empty());
++ if (Path.back() != '\\')
++ Path.push_back('\\');
++ Path.push_back('*');
++
++ // Get the first directory entry.
++ WIN32_FIND_DATAA FindInfo;
++ HANDLE FindHandle(FindFirstFileA(Path.c_str(), &FindInfo));
++ if (FindHandle == INVALID_HANDLE_VALUE)
++ {
++ if (GetLastError() == ERROR_FILE_NOT_FOUND)
++ return;
++ Printf("No such directory: %s; exiting\n", Dir.c_str());
++ exit(1);
++ }
++
++ do {
++ std::string FileName = DirPlusFile(Dir, FindInfo.cFileName);
++
++ if (FindInfo.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
++ size_t FilenameLen = strlen(FindInfo.cFileName);
++ if ((FilenameLen == 1 && FindInfo.cFileName[0] == '.') ||
++ (FilenameLen == 2 && FindInfo.cFileName[0] == '.' &&
++ FindInfo.cFileName[1] == '.'))
++ continue;
++
++ ListFilesInDirRecursive(FileName, Epoch, V, false);
++ }
++ else if (IsFile(FileName, FindInfo.dwFileAttributes))
++ V->push_back(FileName);
++ } while (FindNextFileA(FindHandle, &FindInfo));
++
++ DWORD LastError = GetLastError();
++ if (LastError != ERROR_NO_MORE_FILES)
++ Printf("FindNextFileA failed (Error code: %lu).\n", LastError);
++
++ FindClose(FindHandle);
++
++ if (Epoch && TopDir)
++ *Epoch = E;
++}
++
++char GetSeparator() {
++ return '\\';
++}
++
++FILE* OpenFile(int Fd, const char* Mode) {
++ return _fdopen(Fd, Mode);
++}
++
++int CloseFile(int Fd) {
++ return _close(Fd);
++}
++
++int DuplicateFile(int Fd) {
++ return _dup(Fd);
++}
++
++void RemoveFile(const std::string &Path) {
++ _unlink(Path.c_str());
++}
++
++void DiscardOutput(int Fd) {
++ FILE* Temp = fopen("nul", "w");
++ if (!Temp)
++ return;
++ _dup2(_fileno(Temp), Fd);
++ fclose(Temp);
++}
++
++intptr_t GetHandleFromFd(int fd) {
++ return _get_osfhandle(fd);
++}
++
++static bool IsSeparator(char C) {
++ return C == '\\' || C == '/';
++}
++
++// Parse disk designators, like "C:\". If Relative == true, also accepts: "C:".
++// Returns number of characters considered if successful.
++static size_t ParseDrive(const std::string &FileName, const size_t Offset,
++ bool Relative = true) {
++ if (Offset + 1 >= FileName.size() || FileName[Offset + 1] != ':')
++ return 0;
++ if (Offset + 2 >= FileName.size() || !IsSeparator(FileName[Offset + 2])) {
++ if (!Relative) // Accept relative path?
++ return 0;
++ else
++ return 2;
++ }
++ return 3;
++}
++
++// Parse a file name, like: SomeFile.txt
++// Returns number of characters considered if successful.
++static size_t ParseFileName(const std::string &FileName, const size_t Offset) {
++ size_t Pos = Offset;
++ const size_t End = FileName.size();
++ for(; Pos < End && !IsSeparator(FileName[Pos]); ++Pos)
++ ;
++ return Pos - Offset;
++}
++
++// Parse a directory ending in separator, like: `SomeDir\`
++// Returns number of characters considered if successful.
++static size_t ParseDir(const std::string &FileName, const size_t Offset) {
++ size_t Pos = Offset;
++ const size_t End = FileName.size();
++ if (Pos >= End || IsSeparator(FileName[Pos]))
++ return 0;
++ for(; Pos < End && !IsSeparator(FileName[Pos]); ++Pos)
++ ;
++ if (Pos >= End)
++ return 0;
++ ++Pos; // Include separator.
++ return Pos - Offset;
++}
++
++// Parse a servername and share, like: `SomeServer\SomeShare\`
++// Returns number of characters considered if successful.
++static size_t ParseServerAndShare(const std::string &FileName,
++ const size_t Offset) {
++ size_t Pos = Offset, Res;
++ if (!(Res = ParseDir(FileName, Pos)))
++ return 0;
++ Pos += Res;
++ if (!(Res = ParseDir(FileName, Pos)))
++ return 0;
++ Pos += Res;
++ return Pos - Offset;
++}
++
++// Parse the given Ref string from the position Offset, to exactly match the given
++// string Patt.
++// Returns number of characters considered if successful.
++static size_t ParseCustomString(const std::string &Ref, size_t Offset,
++ const char *Patt) {
++ size_t Len = strlen(Patt);
++ if (Offset + Len > Ref.size())
++ return 0;
++ return Ref.compare(Offset, Len, Patt) == 0 ? Len : 0;
++}
++
++// Parse a location, like:
++// \\?\UNC\Server\Share\ \\?\C:\ \\Server\Share\ \ C:\ C:
++// Returns number of characters considered if successful.
++static size_t ParseLocation(const std::string &FileName) {
++ size_t Pos = 0, Res;
++
++ if ((Res = ParseCustomString(FileName, Pos, R"(\\?\)"))) {
++ Pos += Res;
++ if ((Res = ParseCustomString(FileName, Pos, R"(UNC\)"))) {
++ Pos += Res;
++ if ((Res = ParseServerAndShare(FileName, Pos)))
++ return Pos + Res;
++ return 0;
++ }
++ if ((Res = ParseDrive(FileName, Pos, false)))
++ return Pos + Res;
++ return 0;
++ }
++
++ if (Pos < FileName.size() && IsSeparator(FileName[Pos])) {
++ ++Pos;
++ if (Pos < FileName.size() && IsSeparator(FileName[Pos])) {
++ ++Pos;
++ if ((Res = ParseServerAndShare(FileName, Pos)))
++ return Pos + Res;
++ return 0;
++ }
++ return Pos;
++ }
++
++ if ((Res = ParseDrive(FileName, Pos)))
++ return Pos + Res;
++
++ return Pos;
++}
++
++std::string DirName(const std::string &FileName) {
++ size_t LocationLen = ParseLocation(FileName);
++ size_t DirLen = 0, Res;
++ while ((Res = ParseDir(FileName, LocationLen + DirLen)))
++ DirLen += Res;
++ size_t FileLen = ParseFileName(FileName, LocationLen + DirLen);
++
++ if (LocationLen + DirLen + FileLen != FileName.size()) {
++ Printf("DirName() failed for \"%s\", invalid path.\n", FileName.c_str());
++ exit(1);
++ }
++
++ if (DirLen) {
++ --DirLen; // Remove trailing separator.
++ if (!FileLen) { // Path ended in separator.
++ assert(DirLen);
++ // Remove file name from Dir.
++ while (DirLen && !IsSeparator(FileName[LocationLen + DirLen - 1]))
++ --DirLen;
++ if (DirLen) // Remove trailing separator.
++ --DirLen;
++ }
++ }
++
++ if (!LocationLen) { // Relative path.
++ if (!DirLen)
++ return ".";
++ return std::string(".\\").append(FileName, 0, DirLen);
++ }
++
++ return FileName.substr(0, LocationLen + DirLen);
++}
++
++std::string TmpDir() {
++ std::string Tmp;
++ Tmp.resize(MAX_PATH + 1);
++ DWORD Size = GetTempPathA(Tmp.size(), &Tmp[0]);
++ if (Size == 0) {
++ Printf("Couldn't get Tmp path.\n");
++ exit(1);
++ }
++ Tmp.resize(Size);
++ return Tmp;
++}
++
++bool IsInterestingCoverageFile(const std::string &FileName) {
++ if (FileName.find("Program Files") != std::string::npos)
++ return false;
++ if (FileName.find("compiler-rt\\lib\\") != std::string::npos)
++ return false; // sanitizer internal.
++ if (FileName == "<null>")
++ return false;
++ return true;
++}
++
++void RawPrint(const char *Str) {
++ // Not tested, may or may not work. Fix if needed.
++ Printf("%s", Str);
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_WINDOWS
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerInterface.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerInterface.h
new file mode 100644
index 0000000000..f0b1e8a3d5
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerInterface.h
@@ -0,0 +1,72 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerInterface.h.orig 2017-08-19 18:02:19.278081906 +0000
++++ lib/fuzzer/FuzzerInterface.h
+@@ -0,0 +1,67 @@
++//===- FuzzerInterface.h - Interface header for the Fuzzer ------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Define the interface between libFuzzer and the library being tested.
++//===----------------------------------------------------------------------===//
++
++// NOTE: the libFuzzer interface is thin and in the majority of cases
++// you should not include this file into your target. In 95% of cases
++// all you need is to define the following function in your file:
++// extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
++
++// WARNING: keep the interface in C.
++
++#ifndef LLVM_FUZZER_INTERFACE_H
++#define LLVM_FUZZER_INTERFACE_H
++
++#include <stddef.h>
++#include <stdint.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif // __cplusplus
++
++// Mandatory user-provided target function.
++// Executes the code under test with [Data, Data+Size) as the input.
++// libFuzzer will invoke this function *many* times with different inputs.
++// Must return 0.
++int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
++
++// Optional user-provided initialization function.
++// If provided, this function will be called by libFuzzer once at startup.
++// It may read and modify argc/argv.
++// Must return 0.
++int LLVMFuzzerInitialize(int *argc, char ***argv);
++
++// Optional user-provided custom mutator.
++// Mutates raw data in [Data, Data+Size) inplace.
++// Returns the new size, which is not greater than MaxSize.
++// Given the same Seed produces the same mutation.
++size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize,
++ unsigned int Seed);
++
++// Optional user-provided custom cross-over function.
++// Combines pieces of Data1 & Data2 together into Out.
++// Returns the new size, which is not greater than MaxOutSize.
++// Should produce the same mutation given the same Seed.
++size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
++ const uint8_t *Data2, size_t Size2,
++ uint8_t *Out, size_t MaxOutSize,
++ unsigned int Seed);
++
++// Experimental, may go away in future.
++// libFuzzer-provided function to be used inside LLVMFuzzerCustomMutator.
++// Mutates raw data in [Data, Data+Size) inplace.
++// Returns the new size, which is not greater than MaxSize.
++size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
++
++#ifdef __cplusplus
++} // extern "C"
++#endif // __cplusplus
++
++#endif // LLVM_FUZZER_INTERFACE_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerInternal.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerInternal.h
new file mode 100644
index 0000000000..a813407471
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerInternal.h
@@ -0,0 +1,155 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerInternal.h.orig 2017-08-19 18:02:19.278202262 +0000
++++ lib/fuzzer/FuzzerInternal.h
+@@ -0,0 +1,150 @@
++//===- FuzzerInternal.h - Internal header for the Fuzzer --------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Define the main class fuzzer::Fuzzer and most functions.
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_INTERNAL_H
++#define LLVM_FUZZER_INTERNAL_H
++
++#include "FuzzerDefs.h"
++#include "FuzzerExtFunctions.h"
++#include "FuzzerInterface.h"
++#include "FuzzerOptions.h"
++#include "FuzzerSHA1.h"
++#include "FuzzerValueBitMap.h"
++#include <algorithm>
++#include <atomic>
++#include <chrono>
++#include <climits>
++#include <cstdlib>
++#include <string.h>
++
++namespace fuzzer {
++
++using namespace std::chrono;
++
++class Fuzzer {
++public:
++
++ Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD,
++ FuzzingOptions Options);
++ ~Fuzzer();
++ void Loop();
++ void MinimizeCrashLoop(const Unit &U);
++ void ShuffleAndMinimize(UnitVector *V);
++ void RereadOutputCorpus(size_t MaxSize);
++
++ size_t secondsSinceProcessStartUp() {
++ return duration_cast<seconds>(system_clock::now() - ProcessStartTime)
++ .count();
++ }
++
++ bool TimedOut() {
++ return Options.MaxTotalTimeSec > 0 &&
++ secondsSinceProcessStartUp() >
++ static_cast<size_t>(Options.MaxTotalTimeSec);
++ }
++
++ size_t execPerSec() {
++ size_t Seconds = secondsSinceProcessStartUp();
++ return Seconds ? TotalNumberOfRuns / Seconds : 0;
++ }
++
++ size_t getTotalNumberOfRuns() { return TotalNumberOfRuns; }
++
++ static void StaticAlarmCallback();
++ static void StaticCrashSignalCallback();
++ static void StaticExitCallback();
++ static void StaticInterruptCallback();
++ static void StaticFileSizeExceedCallback();
++
++ void ExecuteCallback(const uint8_t *Data, size_t Size);
++ bool RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile = false,
++ InputInfo *II = nullptr);
++
++ // Merge Corpora[1:] into Corpora[0].
++ void Merge(const std::vector<std::string> &Corpora);
++ void CrashResistantMerge(const std::vector<std::string> &Args,
++ const std::vector<std::string> &Corpora,
++ const char *CoverageSummaryInputPathOrNull,
++ const char *CoverageSummaryOutputPathOrNull);
++ void CrashResistantMergeInternalStep(const std::string &ControlFilePath);
++ MutationDispatcher &GetMD() { return MD; }
++ void PrintFinalStats();
++ void SetMaxInputLen(size_t MaxInputLen);
++ void SetMaxMutationLen(size_t MaxMutationLen);
++ void RssLimitCallback();
++
++ bool InFuzzingThread() const { return IsMyThread; }
++ size_t GetCurrentUnitInFuzzingThead(const uint8_t **Data) const;
++ void TryDetectingAMemoryLeak(const uint8_t *Data, size_t Size,
++ bool DuringInitialCorpusExecution);
++
++ void HandleMalloc(size_t Size);
++ void AnnounceOutput(const uint8_t *Data, size_t Size);
++
++private:
++ void AlarmCallback();
++ void CrashCallback();
++ void ExitCallback();
++ void CrashOnOverwrittenData();
++ void InterruptCallback();
++ void MutateAndTestOne();
++ void ReportNewCoverage(InputInfo *II, const Unit &U);
++ void PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size);
++ void WriteToOutputCorpus(const Unit &U);
++ void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix);
++ void PrintStats(const char *Where, const char *End = "\n", size_t Units = 0);
++ void PrintStatusForNewUnit(const Unit &U, const char *Text);
++ void ShuffleCorpus(UnitVector *V);
++ void CheckExitOnSrcPosOrItem();
++
++ static void StaticDeathCallback();
++ void DumpCurrentUnit(const char *Prefix);
++ void DeathCallback();
++
++ void AllocateCurrentUnitData();
++ uint8_t *CurrentUnitData = nullptr;
++ std::atomic<size_t> CurrentUnitSize;
++ uint8_t BaseSha1[kSHA1NumBytes]; // Checksum of the base unit.
++ bool RunningCB = false;
++
++ size_t TotalNumberOfRuns = 0;
++ size_t NumberOfNewUnitsAdded = 0;
++
++ size_t LastCorpusUpdateRun = 0;
++ system_clock::time_point LastCorpusUpdateTime = system_clock::now();
++
++
++ bool HasMoreMallocsThanFrees = false;
++ size_t NumberOfLeakDetectionAttempts = 0;
++
++ UserCallback CB;
++ InputCorpus &Corpus;
++ MutationDispatcher &MD;
++ FuzzingOptions Options;
++
++ system_clock::time_point ProcessStartTime = system_clock::now();
++ system_clock::time_point UnitStartTime, UnitStopTime;
++ long TimeOfLongestUnitInSeconds = 0;
++ long EpochOfLastReadOfOutputCorpus = 0;
++
++ size_t MaxInputLen = 0;
++ size_t MaxMutationLen = 0;
++ size_t TmpMaxMutationLen = 0;
++
++ std::vector<uint32_t> UniqFeatureSetTmp;
++
++ // Need to know our own thread.
++ static thread_local bool IsMyThread;
++};
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_INTERNAL_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerLoop.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerLoop.cpp
new file mode 100644
index 0000000000..a6280f618f
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerLoop.cpp
@@ -0,0 +1,726 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerLoop.cpp.orig 2017-08-19 18:02:19.278432653 +0000
++++ lib/fuzzer/FuzzerLoop.cpp
+@@ -0,0 +1,721 @@
++//===- FuzzerLoop.cpp - Fuzzer's main loop --------------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Fuzzer's main loop.
++//===----------------------------------------------------------------------===//
++
++#include "FuzzerCorpus.h"
++#include "FuzzerIO.h"
++#include "FuzzerInternal.h"
++#include "FuzzerMutate.h"
++#include "FuzzerRandom.h"
++#include "FuzzerShmem.h"
++#include "FuzzerTracePC.h"
++#include <algorithm>
++#include <cstring>
++#include <memory>
++#include <set>
++
++#if defined(__has_include)
++#if __has_include(<sanitizer / lsan_interface.h>)
++#include <sanitizer/lsan_interface.h>
++#endif
++#endif
++
++#define NO_SANITIZE_MEMORY
++#if defined(__has_feature)
++#if __has_feature(memory_sanitizer)
++#undef NO_SANITIZE_MEMORY
++#define NO_SANITIZE_MEMORY __attribute__((no_sanitize_memory))
++#endif
++#endif
++
++namespace fuzzer {
++static const size_t kMaxUnitSizeToPrint = 256;
++
++thread_local bool Fuzzer::IsMyThread;
++
++SharedMemoryRegion SMR;
++
++// Only one Fuzzer per process.
++static Fuzzer *F;
++
++// Leak detection is expensive, so we first check if there were more mallocs
++// than frees (using the sanitizer malloc hooks) and only then try to call lsan.
++struct MallocFreeTracer {
++ void Start(int TraceLevel) {
++ this->TraceLevel = TraceLevel;
++ if (TraceLevel)
++ Printf("MallocFreeTracer: START\n");
++ Mallocs = 0;
++ Frees = 0;
++ }
++ // Returns true if there were more mallocs than frees.
++ bool Stop() {
++ if (TraceLevel)
++ Printf("MallocFreeTracer: STOP %zd %zd (%s)\n", Mallocs.load(),
++ Frees.load(), Mallocs == Frees ? "same" : "DIFFERENT");
++ bool Result = Mallocs > Frees;
++ Mallocs = 0;
++ Frees = 0;
++ TraceLevel = 0;
++ return Result;
++ }
++ std::atomic<size_t> Mallocs;
++ std::atomic<size_t> Frees;
++ int TraceLevel = 0;
++};
++
++static MallocFreeTracer AllocTracer;
++
++ATTRIBUTE_NO_SANITIZE_MEMORY
++void MallocHook(const volatile void *ptr, size_t size) {
++ size_t N = AllocTracer.Mallocs++;
++ F->HandleMalloc(size);
++ if (int TraceLevel = AllocTracer.TraceLevel) {
++ Printf("MALLOC[%zd] %p %zd\n", N, ptr, size);
++ if (TraceLevel >= 2 && EF)
++ EF->__sanitizer_print_stack_trace();
++ }
++}
++
++ATTRIBUTE_NO_SANITIZE_MEMORY
++void FreeHook(const volatile void *ptr) {
++ size_t N = AllocTracer.Frees++;
++ if (int TraceLevel = AllocTracer.TraceLevel) {
++ Printf("FREE[%zd] %p\n", N, ptr);
++ if (TraceLevel >= 2 && EF)
++ EF->__sanitizer_print_stack_trace();
++ }
++}
++
++// Crash on a single malloc that exceeds the rss limit.
++void Fuzzer::HandleMalloc(size_t Size) {
++ if (!Options.RssLimitMb || (Size >> 20) < (size_t)Options.RssLimitMb)
++ return;
++ Printf("==%d== ERROR: libFuzzer: out-of-memory (malloc(%zd))\n", GetPid(),
++ Size);
++ Printf(" To change the out-of-memory limit use -rss_limit_mb=<N>\n\n");
++ if (EF->__sanitizer_print_stack_trace)
++ EF->__sanitizer_print_stack_trace();
++ DumpCurrentUnit("oom-");
++ Printf("SUMMARY: libFuzzer: out-of-memory\n");
++ PrintFinalStats();
++ _Exit(Options.ErrorExitCode); // Stop right now.
++}
++
++Fuzzer::Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD,
++ FuzzingOptions Options)
++ : CB(CB), Corpus(Corpus), MD(MD), Options(Options) {
++ if (EF->__sanitizer_set_death_callback)
++ EF->__sanitizer_set_death_callback(StaticDeathCallback);
++ assert(!F);
++ F = this;
++ TPC.ResetMaps();
++ IsMyThread = true;
++ if (Options.DetectLeaks && EF->__sanitizer_install_malloc_and_free_hooks)
++ EF->__sanitizer_install_malloc_and_free_hooks(MallocHook, FreeHook);
++ TPC.SetUseCounters(Options.UseCounters);
++ TPC.SetUseValueProfile(Options.UseValueProfile);
++
++ if (Options.Verbosity)
++ TPC.PrintModuleInfo();
++ if (!Options.OutputCorpus.empty() && Options.ReloadIntervalSec)
++ EpochOfLastReadOfOutputCorpus = GetEpoch(Options.OutputCorpus);
++ MaxInputLen = MaxMutationLen = Options.MaxLen;
++ TmpMaxMutationLen = Max(size_t(4), Corpus.MaxInputSize());
++ AllocateCurrentUnitData();
++ CurrentUnitSize = 0;
++ memset(BaseSha1, 0, sizeof(BaseSha1));
++}
++
++Fuzzer::~Fuzzer() { }
++
++void Fuzzer::AllocateCurrentUnitData() {
++ if (CurrentUnitData || MaxInputLen == 0) return;
++ CurrentUnitData = new uint8_t[MaxInputLen];
++}
++
++void Fuzzer::StaticDeathCallback() {
++ assert(F);
++ F->DeathCallback();
++}
++
++void Fuzzer::DumpCurrentUnit(const char *Prefix) {
++ if (!CurrentUnitData) return; // Happens when running individual inputs.
++ MD.PrintMutationSequence();
++ Printf("; base unit: %s\n", Sha1ToString(BaseSha1).c_str());
++ size_t UnitSize = CurrentUnitSize;
++ if (UnitSize <= kMaxUnitSizeToPrint) {
++ PrintHexArray(CurrentUnitData, UnitSize, "\n");
++ PrintASCII(CurrentUnitData, UnitSize, "\n");
++ }
++ WriteUnitToFileWithPrefix({CurrentUnitData, CurrentUnitData + UnitSize},
++ Prefix);
++}
++
++NO_SANITIZE_MEMORY
++void Fuzzer::DeathCallback() {
++ DumpCurrentUnit("crash-");
++ PrintFinalStats();
++}
++
++void Fuzzer::StaticAlarmCallback() {
++ assert(F);
++ F->AlarmCallback();
++}
++
++void Fuzzer::StaticCrashSignalCallback() {
++ assert(F);
++ F->CrashCallback();
++}
++
++void Fuzzer::StaticExitCallback() {
++ assert(F);
++ F->ExitCallback();
++}
++
++void Fuzzer::StaticInterruptCallback() {
++ assert(F);
++ F->InterruptCallback();
++}
++
++void Fuzzer::StaticFileSizeExceedCallback() {
++ Printf("==%lu== ERROR: libFuzzer: file size exceeded\n", GetPid());
++ exit(1);
++}
++
++void Fuzzer::CrashCallback() {
++ Printf("==%lu== ERROR: libFuzzer: deadly signal\n", GetPid());
++ if (EF->__sanitizer_print_stack_trace)
++ EF->__sanitizer_print_stack_trace();
++ Printf("NOTE: libFuzzer has rudimentary signal handlers.\n"
++ " Combine libFuzzer with AddressSanitizer or similar for better "
++ "crash reports.\n");
++ Printf("SUMMARY: libFuzzer: deadly signal\n");
++ DumpCurrentUnit("crash-");
++ PrintFinalStats();
++ _Exit(Options.ErrorExitCode); // Stop right now.
++}
++
++void Fuzzer::ExitCallback() {
++ if (!RunningCB)
++ return; // This exit did not come from the user callback
++ Printf("==%lu== ERROR: libFuzzer: fuzz target exited\n", GetPid());
++ if (EF->__sanitizer_print_stack_trace)
++ EF->__sanitizer_print_stack_trace();
++ Printf("SUMMARY: libFuzzer: fuzz target exited\n");
++ DumpCurrentUnit("crash-");
++ PrintFinalStats();
++ _Exit(Options.ErrorExitCode);
++}
++
++
++void Fuzzer::InterruptCallback() {
++ Printf("==%lu== libFuzzer: run interrupted; exiting\n", GetPid());
++ PrintFinalStats();
++ _Exit(0); // Stop right now, don't perform any at-exit actions.
++}
++
++NO_SANITIZE_MEMORY
++void Fuzzer::AlarmCallback() {
++ assert(Options.UnitTimeoutSec > 0);
++ // In Windows Alarm callback is executed by a different thread.
++#if !LIBFUZZER_WINDOWS
++ if (!InFuzzingThread()) return;
++#endif
++ if (!RunningCB)
++ return; // We have not started running units yet.
++ size_t Seconds =
++ duration_cast<seconds>(system_clock::now() - UnitStartTime).count();
++ if (Seconds == 0)
++ return;
++ if (Options.Verbosity >= 2)
++ Printf("AlarmCallback %zd\n", Seconds);
++ if (Seconds >= (size_t)Options.UnitTimeoutSec) {
++ Printf("ALARM: working on the last Unit for %zd seconds\n", Seconds);
++ Printf(" and the timeout value is %d (use -timeout=N to change)\n",
++ Options.UnitTimeoutSec);
++ DumpCurrentUnit("timeout-");
++ Printf("==%lu== ERROR: libFuzzer: timeout after %d seconds\n", GetPid(),
++ Seconds);
++ if (EF->__sanitizer_print_stack_trace)
++ EF->__sanitizer_print_stack_trace();
++ Printf("SUMMARY: libFuzzer: timeout\n");
++ PrintFinalStats();
++ _Exit(Options.TimeoutExitCode); // Stop right now.
++ }
++}
++
++void Fuzzer::RssLimitCallback() {
++ Printf(
++ "==%lu== ERROR: libFuzzer: out-of-memory (used: %zdMb; limit: %zdMb)\n",
++ GetPid(), GetPeakRSSMb(), Options.RssLimitMb);
++ Printf(" To change the out-of-memory limit use -rss_limit_mb=<N>\n\n");
++ if (EF->__sanitizer_print_memory_profile)
++ EF->__sanitizer_print_memory_profile(95, 8);
++ DumpCurrentUnit("oom-");
++ Printf("SUMMARY: libFuzzer: out-of-memory\n");
++ PrintFinalStats();
++ _Exit(Options.ErrorExitCode); // Stop right now.
++}
++
++void Fuzzer::PrintStats(const char *Where, const char *End, size_t Units) {
++ size_t ExecPerSec = execPerSec();
++ if (!Options.Verbosity)
++ return;
++ Printf("#%zd\t%s", TotalNumberOfRuns, Where);
++ if (size_t N = TPC.GetTotalPCCoverage())
++ Printf(" cov: %zd", N);
++ if (size_t N = Corpus.NumFeatures())
++ Printf( " ft: %zd", N);
++ if (!Corpus.empty()) {
++ Printf(" corp: %zd", Corpus.NumActiveUnits());
++ if (size_t N = Corpus.SizeInBytes()) {
++ if (N < (1<<14))
++ Printf("/%zdb", N);
++ else if (N < (1 << 24))
++ Printf("/%zdKb", N >> 10);
++ else
++ Printf("/%zdMb", N >> 20);
++ }
++ }
++ if (Units)
++ Printf(" units: %zd", Units);
++
++ Printf(" exec/s: %zd", ExecPerSec);
++ Printf(" rss: %zdMb", GetPeakRSSMb());
++ Printf("%s", End);
++}
++
++void Fuzzer::PrintFinalStats() {
++ if (Options.PrintCoverage)
++ TPC.PrintCoverage();
++ if (Options.DumpCoverage)
++ TPC.DumpCoverage();
++ if (Options.PrintCorpusStats)
++ Corpus.PrintStats();
++ if (!Options.PrintFinalStats) return;
++ size_t ExecPerSec = execPerSec();
++ Printf("stat::number_of_executed_units: %zd\n", TotalNumberOfRuns);
++ Printf("stat::average_exec_per_sec: %zd\n", ExecPerSec);
++ Printf("stat::new_units_added: %zd\n", NumberOfNewUnitsAdded);
++ Printf("stat::slowest_unit_time_sec: %zd\n", TimeOfLongestUnitInSeconds);
++ Printf("stat::peak_rss_mb: %zd\n", GetPeakRSSMb());
++}
++
++void Fuzzer::SetMaxInputLen(size_t MaxInputLen) {
++ assert(this->MaxInputLen == 0); // Can only reset MaxInputLen from 0 to non-0.
++ assert(MaxInputLen);
++ this->MaxInputLen = MaxInputLen;
++ this->MaxMutationLen = MaxInputLen;
++ AllocateCurrentUnitData();
++ Printf("INFO: -max_len is not provided; "
++ "libFuzzer will not generate inputs larger than %zd bytes\n",
++ MaxInputLen);
++}
++
++void Fuzzer::SetMaxMutationLen(size_t MaxMutationLen) {
++ assert(MaxMutationLen && MaxMutationLen <= MaxInputLen);
++ this->MaxMutationLen = MaxMutationLen;
++}
++
++void Fuzzer::CheckExitOnSrcPosOrItem() {
++ if (!Options.ExitOnSrcPos.empty()) {
++ static auto *PCsSet = new std::set<uintptr_t>;
++ auto HandlePC = [&](uintptr_t PC) {
++ if (!PCsSet->insert(PC).second) return;
++ std::string Descr = DescribePC("%F %L", PC + 1);
++ if (Descr.find(Options.ExitOnSrcPos) != std::string::npos) {
++ Printf("INFO: found line matching '%s', exiting.\n",
++ Options.ExitOnSrcPos.c_str());
++ _Exit(0);
++ }
++ };
++ TPC.ForEachObservedPC(HandlePC);
++ }
++ if (!Options.ExitOnItem.empty()) {
++ if (Corpus.HasUnit(Options.ExitOnItem)) {
++ Printf("INFO: found item with checksum '%s', exiting.\n",
++ Options.ExitOnItem.c_str());
++ _Exit(0);
++ }
++ }
++}
++
++void Fuzzer::RereadOutputCorpus(size_t MaxSize) {
++ if (Options.OutputCorpus.empty() || !Options.ReloadIntervalSec) return;
++ std::vector<Unit> AdditionalCorpus;
++ ReadDirToVectorOfUnits(Options.OutputCorpus.c_str(), &AdditionalCorpus,
++ &EpochOfLastReadOfOutputCorpus, MaxSize,
++ /*ExitOnError*/ false);
++ if (Options.Verbosity >= 2)
++ Printf("Reload: read %zd new units.\n", AdditionalCorpus.size());
++ bool Reloaded = false;
++ for (auto &U : AdditionalCorpus) {
++ if (U.size() > MaxSize)
++ U.resize(MaxSize);
++ if (!Corpus.HasUnit(U)) {
++ if (RunOne(U.data(), U.size())) {
++ CheckExitOnSrcPosOrItem();
++ Reloaded = true;
++ }
++ }
++ }
++ if (Reloaded)
++ PrintStats("RELOAD");
++}
++
++void Fuzzer::ShuffleCorpus(UnitVector *V) {
++ std::shuffle(V->begin(), V->end(), MD.GetRand());
++ if (Options.PreferSmall)
++ std::stable_sort(V->begin(), V->end(), [](const Unit &A, const Unit &B) {
++ return A.size() < B.size();
++ });
++}
++
++void Fuzzer::ShuffleAndMinimize(UnitVector *InitialCorpus) {
++ Printf("#0\tREAD units: %zd\n", InitialCorpus->size());
++ if (Options.ShuffleAtStartUp)
++ ShuffleCorpus(InitialCorpus);
++
++ // Test the callback with empty input and never try it again.
++ uint8_t dummy;
++ ExecuteCallback(&dummy, 0);
++
++ for (const auto &U : *InitialCorpus) {
++ RunOne(U.data(), U.size());
++ CheckExitOnSrcPosOrItem();
++ TryDetectingAMemoryLeak(U.data(), U.size(),
++ /*DuringInitialCorpusExecution*/ true);
++ }
++ PrintStats("INITED");
++ if (Corpus.empty()) {
++ Printf("ERROR: no interesting inputs were found. "
++ "Is the code instrumented for coverage? Exiting.\n");
++ exit(1);
++ }
++}
++
++void Fuzzer::PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size) {
++ auto TimeOfUnit =
++ duration_cast<seconds>(UnitStopTime - UnitStartTime).count();
++ if (!(TotalNumberOfRuns & (TotalNumberOfRuns - 1)) &&
++ secondsSinceProcessStartUp() >= 2)
++ PrintStats("pulse ");
++ if (TimeOfUnit > TimeOfLongestUnitInSeconds * 1.1 &&
++ TimeOfUnit >= Options.ReportSlowUnits) {
++ TimeOfLongestUnitInSeconds = TimeOfUnit;
++ Printf("Slowest unit: %zd s:\n", TimeOfLongestUnitInSeconds);
++ WriteUnitToFileWithPrefix({Data, Data + Size}, "slow-unit-");
++ }
++}
++
++bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile,
++ InputInfo *II) {
++ if (!Size) return false;
++
++ ExecuteCallback(Data, Size);
++
++ UniqFeatureSetTmp.clear();
++ size_t FoundUniqFeaturesOfII = 0;
++ size_t NumUpdatesBefore = Corpus.NumFeatureUpdates();
++ TPC.CollectFeatures([&](size_t Feature) {
++ if (Corpus.AddFeature(Feature, Size, Options.Shrink))
++ UniqFeatureSetTmp.push_back(Feature);
++ if (Options.ReduceInputs && II)
++ if (std::binary_search(II->UniqFeatureSet.begin(),
++ II->UniqFeatureSet.end(), Feature))
++ FoundUniqFeaturesOfII++;
++ });
++ PrintPulseAndReportSlowInput(Data, Size);
++ size_t NumNewFeatures = Corpus.NumFeatureUpdates() - NumUpdatesBefore;
++ if (NumNewFeatures) {
++ TPC.UpdateObservedPCs();
++ Corpus.AddToCorpus({Data, Data + Size}, NumNewFeatures, MayDeleteFile,
++ UniqFeatureSetTmp);
++ return true;
++ }
++ if (II && FoundUniqFeaturesOfII &&
++ FoundUniqFeaturesOfII == II->UniqFeatureSet.size() &&
++ II->U.size() > Size) {
++ Corpus.Replace(II, {Data, Data + Size});
++ return true;
++ }
++ return false;
++}
++
++size_t Fuzzer::GetCurrentUnitInFuzzingThead(const uint8_t **Data) const {
++ assert(InFuzzingThread());
++ *Data = CurrentUnitData;
++ return CurrentUnitSize;
++}
++
++void Fuzzer::CrashOnOverwrittenData() {
++ Printf("==%d== ERROR: libFuzzer: fuzz target overwrites it's const input\n",
++ GetPid());
++ DumpCurrentUnit("crash-");
++ Printf("SUMMARY: libFuzzer: out-of-memory\n");
++ _Exit(Options.ErrorExitCode); // Stop right now.
++}
++
++// Compare two arrays, but not all bytes if the arrays are large.
++static bool LooseMemeq(const uint8_t *A, const uint8_t *B, size_t Size) {
++ const size_t Limit = 64;
++ if (Size <= 64)
++ return !memcmp(A, B, Size);
++ // Compare first and last Limit/2 bytes.
++ return !memcmp(A, B, Limit / 2) &&
++ !memcmp(A + Size - Limit / 2, B + Size - Limit / 2, Limit / 2);
++}
++
++void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {
++ TPC.RecordInitialStack();
++ TotalNumberOfRuns++;
++ assert(InFuzzingThread());
++ if (SMR.IsClient())
++ SMR.WriteByteArray(Data, Size);
++ // We copy the contents of Unit into a separate heap buffer
++ // so that we reliably find buffer overflows in it.
++ uint8_t *DataCopy = new uint8_t[Size];
++ memcpy(DataCopy, Data, Size);
++ if (CurrentUnitData && CurrentUnitData != Data)
++ memcpy(CurrentUnitData, Data, Size);
++ CurrentUnitSize = Size;
++ AllocTracer.Start(Options.TraceMalloc);
++ UnitStartTime = system_clock::now();
++ TPC.ResetMaps();
++ RunningCB = true;
++ int Res = CB(DataCopy, Size);
++ RunningCB = false;
++ UnitStopTime = system_clock::now();
++ (void)Res;
++ assert(Res == 0);
++ HasMoreMallocsThanFrees = AllocTracer.Stop();
++ if (!LooseMemeq(DataCopy, Data, Size))
++ CrashOnOverwrittenData();
++ CurrentUnitSize = 0;
++ delete[] DataCopy;
++}
++
++void Fuzzer::WriteToOutputCorpus(const Unit &U) {
++ if (Options.OnlyASCII)
++ assert(IsASCII(U));
++ if (Options.OutputCorpus.empty())
++ return;
++ std::string Path = DirPlusFile(Options.OutputCorpus, Hash(U));
++ WriteToFile(U, Path);
++ if (Options.Verbosity >= 2)
++ Printf("Written %zd bytes to %s\n", U.size(), Path.c_str());
++}
++
++void Fuzzer::WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix) {
++ if (!Options.SaveArtifacts)
++ return;
++ std::string Path = Options.ArtifactPrefix + Prefix + Hash(U);
++ if (!Options.ExactArtifactPath.empty())
++ Path = Options.ExactArtifactPath; // Overrides ArtifactPrefix.
++ WriteToFile(U, Path);
++ Printf("artifact_prefix='%s'; Test unit written to %s\n",
++ Options.ArtifactPrefix.c_str(), Path.c_str());
++ if (U.size() <= kMaxUnitSizeToPrint)
++ Printf("Base64: %s\n", Base64(U).c_str());
++}
++
++void Fuzzer::PrintStatusForNewUnit(const Unit &U, const char *Text) {
++ if (!Options.PrintNEW)
++ return;
++ PrintStats(Text, "");
++ if (Options.Verbosity) {
++ Printf(" L: %zd/%zd ", U.size(), Corpus.MaxInputSize());
++ MD.PrintMutationSequence();
++ Printf("\n");
++ }
++}
++
++void Fuzzer::ReportNewCoverage(InputInfo *II, const Unit &U) {
++ II->NumSuccessfullMutations++;
++ MD.RecordSuccessfulMutationSequence();
++ PrintStatusForNewUnit(U, II->Reduced ? "REDUCE" :
++ "NEW ");
++ WriteToOutputCorpus(U);
++ NumberOfNewUnitsAdded++;
++ CheckExitOnSrcPosOrItem(); // Check only after the unit is saved to corpus.
++ LastCorpusUpdateRun = TotalNumberOfRuns;
++ LastCorpusUpdateTime = system_clock::now();
++}
++
++// Tries detecting a memory leak on the particular input that we have just
++// executed before calling this function.
++void Fuzzer::TryDetectingAMemoryLeak(const uint8_t *Data, size_t Size,
++ bool DuringInitialCorpusExecution) {
++ if (!HasMoreMallocsThanFrees) return; // mallocs==frees, a leak is unlikely.
++ if (!Options.DetectLeaks) return;
++ if (!&(EF->__lsan_enable) || !&(EF->__lsan_disable) ||
++ !(EF->__lsan_do_recoverable_leak_check))
++ return; // No lsan.
++ // Run the target once again, but with lsan disabled so that if there is
++ // a real leak we do not report it twice.
++ EF->__lsan_disable();
++ ExecuteCallback(Data, Size);
++ EF->__lsan_enable();
++ if (!HasMoreMallocsThanFrees) return; // a leak is unlikely.
++ if (NumberOfLeakDetectionAttempts++ > 1000) {
++ Options.DetectLeaks = false;
++ Printf("INFO: libFuzzer disabled leak detection after every mutation.\n"
++ " Most likely the target function accumulates allocated\n"
++ " memory in a global state w/o actually leaking it.\n"
++ " You may try running this binary with -trace_malloc=[12]"
++ " to get a trace of mallocs and frees.\n"
++ " If LeakSanitizer is enabled in this process it will still\n"
++ " run on the process shutdown.\n");
++ return;
++ }
++ // Now perform the actual lsan pass. This is expensive and we must ensure
++ // we don't call it too often.
++ if (EF->__lsan_do_recoverable_leak_check()) { // Leak is found, report it.
++ if (DuringInitialCorpusExecution)
++ Printf("\nINFO: a leak has been found in the initial corpus.\n\n");
++ Printf("INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.\n\n");
++ CurrentUnitSize = Size;
++ DumpCurrentUnit("leak-");
++ PrintFinalStats();
++ _Exit(Options.ErrorExitCode); // not exit() to disable lsan further on.
++ }
++}
++
++void Fuzzer::MutateAndTestOne() {
++ MD.StartMutationSequence();
++
++ auto &II = Corpus.ChooseUnitToMutate(MD.GetRand());
++ const auto &U = II.U;
++ memcpy(BaseSha1, II.Sha1, sizeof(BaseSha1));
++ assert(CurrentUnitData);
++ size_t Size = U.size();
++ assert(Size <= MaxInputLen && "Oversized Unit");
++ memcpy(CurrentUnitData, U.data(), Size);
++
++ assert(MaxMutationLen > 0);
++
++ size_t CurrentMaxMutationLen =
++ Min(MaxMutationLen, Max(U.size(), TmpMaxMutationLen));
++ assert(CurrentMaxMutationLen > 0);
++
++ for (int i = 0; i < Options.MutateDepth; i++) {
++ if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
++ break;
++ size_t NewSize = 0;
++ NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen);
++ assert(NewSize > 0 && "Mutator returned empty unit");
++ assert(NewSize <= CurrentMaxMutationLen && "Mutator return overisized unit");
++ Size = NewSize;
++ II.NumExecutedMutations++;
++ if (RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II))
++ ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size});
++
++ TryDetectingAMemoryLeak(CurrentUnitData, Size,
++ /*DuringInitialCorpusExecution*/ false);
++ }
++}
++
++void Fuzzer::Loop() {
++ TPC.SetPrintNewPCs(Options.PrintNewCovPcs);
++ system_clock::time_point LastCorpusReload = system_clock::now();
++ if (Options.DoCrossOver)
++ MD.SetCorpus(&Corpus);
++ while (true) {
++ auto Now = system_clock::now();
++ if (duration_cast<seconds>(Now - LastCorpusReload).count() >=
++ Options.ReloadIntervalSec) {
++ RereadOutputCorpus(MaxInputLen);
++ LastCorpusReload = system_clock::now();
++ }
++ if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
++ break;
++ if (TimedOut()) break;
++
++ // Update TmpMaxMutationLen
++ if (Options.ExperimentalLenControl) {
++ if (TmpMaxMutationLen < MaxMutationLen &&
++ (TotalNumberOfRuns - LastCorpusUpdateRun > 1000 &&
++ duration_cast<seconds>(Now - LastCorpusUpdateTime).count() >= 1)) {
++ LastCorpusUpdateRun = TotalNumberOfRuns;
++ LastCorpusUpdateTime = Now;
++ TmpMaxMutationLen =
++ Min(MaxMutationLen,
++ TmpMaxMutationLen + Max(size_t(4), TmpMaxMutationLen / 8));
++ if (TmpMaxMutationLen <= MaxMutationLen)
++ Printf("#%zd\tTEMP_MAX_LEN: %zd\n", TotalNumberOfRuns,
++ TmpMaxMutationLen);
++ }
++ } else {
++ TmpMaxMutationLen = MaxMutationLen;
++ }
++
++ // Perform several mutations and runs.
++ MutateAndTestOne();
++ }
++
++ PrintStats("DONE ", "\n");
++ MD.PrintRecommendedDictionary();
++}
++
++void Fuzzer::MinimizeCrashLoop(const Unit &U) {
++ if (U.size() <= 1) return;
++ while (!TimedOut() && TotalNumberOfRuns < Options.MaxNumberOfRuns) {
++ MD.StartMutationSequence();
++ memcpy(CurrentUnitData, U.data(), U.size());
++ for (int i = 0; i < Options.MutateDepth; i++) {
++ size_t NewSize = MD.Mutate(CurrentUnitData, U.size(), MaxMutationLen);
++ assert(NewSize > 0 && NewSize <= MaxMutationLen);
++ ExecuteCallback(CurrentUnitData, NewSize);
++ PrintPulseAndReportSlowInput(CurrentUnitData, NewSize);
++ TryDetectingAMemoryLeak(CurrentUnitData, NewSize,
++ /*DuringInitialCorpusExecution*/ false);
++ }
++ }
++}
++
++void Fuzzer::AnnounceOutput(const uint8_t *Data, size_t Size) {
++ if (SMR.IsServer()) {
++ SMR.WriteByteArray(Data, Size);
++ } else if (SMR.IsClient()) {
++ SMR.PostClient();
++ SMR.WaitServer();
++ size_t OtherSize = SMR.ReadByteArraySize();
++ uint8_t *OtherData = SMR.GetByteArray();
++ if (Size != OtherSize || memcmp(Data, OtherData, Size) != 0) {
++ size_t i = 0;
++ for (i = 0; i < Min(Size, OtherSize); i++)
++ if (Data[i] != OtherData[i])
++ break;
++ Printf("==%lu== ERROR: libFuzzer: equivalence-mismatch. Sizes: %zd %zd; "
++ "offset %zd\n", GetPid(), Size, OtherSize, i);
++ DumpCurrentUnit("mismatch-");
++ Printf("SUMMARY: libFuzzer: equivalence-mismatch\n");
++ PrintFinalStats();
++ _Exit(Options.ErrorExitCode);
++ }
++ }
++}
++
++} // namespace fuzzer
++
++extern "C" {
++
++size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) {
++ assert(fuzzer::F);
++ return fuzzer::F->GetMD().DefaultMutate(Data, Size, MaxSize);
++}
++
++// Experimental
++void LLVMFuzzerAnnounceOutput(const uint8_t *Data, size_t Size) {
++ assert(fuzzer::F);
++ fuzzer::F->AnnounceOutput(Data, Size);
++}
++} // extern "C"
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMain.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMain.cpp
new file mode 100644
index 0000000000..dbdd16b6d3
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMain.cpp
@@ -0,0 +1,26 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerMain.cpp.orig 2017-08-19 18:02:19.278529938 +0000
++++ lib/fuzzer/FuzzerMain.cpp
+@@ -0,0 +1,21 @@
++//===- FuzzerMain.cpp - main() function and flags -------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// main() and flags.
++//===----------------------------------------------------------------------===//
++
++#include "FuzzerDefs.h"
++
++extern "C" {
++// This function should be defined by the user.
++int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
++} // extern "C"
++
++int main(int argc, char **argv) {
++ return fuzzer::FuzzerDriver(&argc, &argv, LLVMFuzzerTestOneInput);
++}
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMerge.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMerge.cpp
new file mode 100644
index 0000000000..6646e84e54
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMerge.cpp
@@ -0,0 +1,343 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerMerge.cpp.orig 2017-08-19 18:02:19.278803424 +0000
++++ lib/fuzzer/FuzzerMerge.cpp
+@@ -0,0 +1,338 @@
++//===- FuzzerMerge.cpp - merging corpora ----------------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Merging corpora.
++//===----------------------------------------------------------------------===//
++
++#include "FuzzerMerge.h"
++#include "FuzzerIO.h"
++#include "FuzzerInternal.h"
++#include "FuzzerTracePC.h"
++#include "FuzzerUtil.h"
++
++#include <fstream>
++#include <iterator>
++#include <set>
++#include <sstream>
++
++namespace fuzzer {
++
++bool Merger::Parse(const std::string &Str, bool ParseCoverage) {
++ std::istringstream SS(Str);
++ return Parse(SS, ParseCoverage);
++}
++
++void Merger::ParseOrExit(std::istream &IS, bool ParseCoverage) {
++ if (!Parse(IS, ParseCoverage)) {
++ Printf("MERGE: failed to parse the control file (unexpected error)\n");
++ exit(1);
++ }
++}
++
++// The control file example:
++//
++// 3 # The number of inputs
++// 1 # The number of inputs in the first corpus, <= the previous number
++// file0
++// file1
++// file2 # One file name per line.
++// STARTED 0 123 # FileID, file size
++// DONE 0 1 4 6 8 # FileID COV1 COV2 ...
++// STARTED 1 456 # If DONE is missing, the input crashed while processing.
++// STARTED 2 567
++// DONE 2 8 9
++bool Merger::Parse(std::istream &IS, bool ParseCoverage) {
++ LastFailure.clear();
++ std::string Line;
++
++ // Parse NumFiles.
++ if (!std::getline(IS, Line, '\n')) return false;
++ std::istringstream L1(Line);
++ size_t NumFiles = 0;
++ L1 >> NumFiles;
++ if (NumFiles == 0 || NumFiles > 10000000) return false;
++
++ // Parse NumFilesInFirstCorpus.
++ if (!std::getline(IS, Line, '\n')) return false;
++ std::istringstream L2(Line);
++ NumFilesInFirstCorpus = NumFiles + 1;
++ L2 >> NumFilesInFirstCorpus;
++ if (NumFilesInFirstCorpus > NumFiles) return false;
++
++ // Parse file names.
++ Files.resize(NumFiles);
++ for (size_t i = 0; i < NumFiles; i++)
++ if (!std::getline(IS, Files[i].Name, '\n'))
++ return false;
++
++ // Parse STARTED and DONE lines.
++ size_t ExpectedStartMarker = 0;
++ const size_t kInvalidStartMarker = -1;
++ size_t LastSeenStartMarker = kInvalidStartMarker;
++ std::vector<uint32_t> TmpFeatures;
++ while (std::getline(IS, Line, '\n')) {
++ std::istringstream ISS1(Line);
++ std::string Marker;
++ size_t N;
++ ISS1 >> Marker;
++ ISS1 >> N;
++ if (Marker == "STARTED") {
++ // STARTED FILE_ID FILE_SIZE
++ if (ExpectedStartMarker != N)
++ return false;
++ ISS1 >> Files[ExpectedStartMarker].Size;
++ LastSeenStartMarker = ExpectedStartMarker;
++ assert(ExpectedStartMarker < Files.size());
++ ExpectedStartMarker++;
++ } else if (Marker == "DONE") {
++ // DONE FILE_ID COV1 COV2 COV3 ...
++ size_t CurrentFileIdx = N;
++ if (CurrentFileIdx != LastSeenStartMarker)
++ return false;
++ LastSeenStartMarker = kInvalidStartMarker;
++ if (ParseCoverage) {
++ TmpFeatures.clear(); // use a vector from outer scope to avoid resizes.
++ while (ISS1 >> std::hex >> N)
++ TmpFeatures.push_back(N);
++ std::sort(TmpFeatures.begin(), TmpFeatures.end());
++ Files[CurrentFileIdx].Features = TmpFeatures;
++ }
++ } else {
++ return false;
++ }
++ }
++ if (LastSeenStartMarker != kInvalidStartMarker)
++ LastFailure = Files[LastSeenStartMarker].Name;
++
++ FirstNotProcessedFile = ExpectedStartMarker;
++ return true;
++}
++
++size_t Merger::ApproximateMemoryConsumption() const {
++ size_t Res = 0;
++ for (const auto &F: Files)
++ Res += sizeof(F) + F.Features.size() * sizeof(F.Features[0]);
++ return Res;
++}
++
++// Decides which files need to be merged (add thost to NewFiles).
++// Returns the number of new features added.
++size_t Merger::Merge(const std::set<uint32_t> &InitialFeatures,
++ std::vector<std::string> *NewFiles) {
++ NewFiles->clear();
++ assert(NumFilesInFirstCorpus <= Files.size());
++ std::set<uint32_t> AllFeatures(InitialFeatures);
++
++ // What features are in the initial corpus?
++ for (size_t i = 0; i < NumFilesInFirstCorpus; i++) {
++ auto &Cur = Files[i].Features;
++ AllFeatures.insert(Cur.begin(), Cur.end());
++ }
++ size_t InitialNumFeatures = AllFeatures.size();
++
++ // Remove all features that we already know from all other inputs.
++ for (size_t i = NumFilesInFirstCorpus; i < Files.size(); i++) {
++ auto &Cur = Files[i].Features;
++ std::vector<uint32_t> Tmp;
++ std::set_difference(Cur.begin(), Cur.end(), AllFeatures.begin(),
++ AllFeatures.end(), std::inserter(Tmp, Tmp.begin()));
++ Cur.swap(Tmp);
++ }
++
++ // Sort. Give preference to
++ // * smaller files
++ // * files with more features.
++ std::sort(Files.begin() + NumFilesInFirstCorpus, Files.end(),
++ [&](const MergeFileInfo &a, const MergeFileInfo &b) -> bool {
++ if (a.Size != b.Size)
++ return a.Size < b.Size;
++ return a.Features.size() > b.Features.size();
++ });
++
++ // One greedy pass: add the file's features to AllFeatures.
++ // If new features were added, add this file to NewFiles.
++ for (size_t i = NumFilesInFirstCorpus; i < Files.size(); i++) {
++ auto &Cur = Files[i].Features;
++ // Printf("%s -> sz %zd ft %zd\n", Files[i].Name.c_str(),
++ // Files[i].Size, Cur.size());
++ size_t OldSize = AllFeatures.size();
++ AllFeatures.insert(Cur.begin(), Cur.end());
++ if (AllFeatures.size() > OldSize)
++ NewFiles->push_back(Files[i].Name);
++ }
++ return AllFeatures.size() - InitialNumFeatures;
++}
++
++void Merger::PrintSummary(std::ostream &OS) {
++ for (auto &File : Files) {
++ OS << std::hex;
++ OS << File.Name << " size: " << File.Size << " features: ";
++ for (auto Feature : File.Features)
++ OS << " " << Feature;
++ OS << "\n";
++ }
++}
++
++std::set<uint32_t> Merger::AllFeatures() const {
++ std::set<uint32_t> S;
++ for (auto &File : Files)
++ S.insert(File.Features.begin(), File.Features.end());
++ return S;
++}
++
++std::set<uint32_t> Merger::ParseSummary(std::istream &IS) {
++ std::string Line, Tmp;
++ std::set<uint32_t> Res;
++ while (std::getline(IS, Line, '\n')) {
++ size_t N;
++ std::istringstream ISS1(Line);
++ ISS1 >> Tmp; // Name
++ ISS1 >> Tmp; // size:
++ assert(Tmp == "size:" && "Corrupt summary file");
++ ISS1 >> std::hex;
++ ISS1 >> N; // File Size
++ ISS1 >> Tmp; // features:
++ assert(Tmp == "features:" && "Corrupt summary file");
++ while (ISS1 >> std::hex >> N)
++ Res.insert(N);
++ }
++ return Res;
++}
++
++// Inner process. May crash if the target crashes.
++void Fuzzer::CrashResistantMergeInternalStep(const std::string &CFPath) {
++ Printf("MERGE-INNER: using the control file '%s'\n", CFPath.c_str());
++ Merger M;
++ std::ifstream IF(CFPath);
++ M.ParseOrExit(IF, false);
++ IF.close();
++ if (!M.LastFailure.empty())
++ Printf("MERGE-INNER: '%s' caused a failure at the previous merge step\n",
++ M.LastFailure.c_str());
++
++ Printf("MERGE-INNER: %zd total files;"
++ " %zd processed earlier; will process %zd files now\n",
++ M.Files.size(), M.FirstNotProcessedFile,
++ M.Files.size() - M.FirstNotProcessedFile);
++
++ std::ofstream OF(CFPath, std::ofstream::out | std::ofstream::app);
++ for (size_t i = M.FirstNotProcessedFile; i < M.Files.size(); i++) {
++ auto U = FileToVector(M.Files[i].Name);
++ if (U.size() > MaxInputLen) {
++ U.resize(MaxInputLen);
++ U.shrink_to_fit();
++ }
++ std::ostringstream StartedLine;
++ // Write the pre-run marker.
++ OF << "STARTED " << std::dec << i << " " << U.size() << "\n";
++ OF.flush(); // Flush is important since ExecuteCommand may crash.
++ // Run.
++ TPC.ResetMaps();
++ ExecuteCallback(U.data(), U.size());
++ // Collect coverage.
++ std::set<size_t> Features;
++ TPC.CollectFeatures([&](size_t Feature) -> bool {
++ Features.insert(Feature);
++ return true;
++ });
++ // Show stats.
++ if (!(TotalNumberOfRuns & (TotalNumberOfRuns - 1)))
++ PrintStats("pulse ");
++ // Write the post-run marker and the coverage.
++ OF << "DONE " << i;
++ for (size_t F : Features)
++ OF << " " << std::hex << F;
++ OF << "\n";
++ }
++}
++
++// Outer process. Does not call the target code and thus sohuld not fail.
++void Fuzzer::CrashResistantMerge(const std::vector<std::string> &Args,
++ const std::vector<std::string> &Corpora,
++ const char *CoverageSummaryInputPathOrNull,
++ const char *CoverageSummaryOutputPathOrNull) {
++ if (Corpora.size() <= 1) {
++ Printf("Merge requires two or more corpus dirs\n");
++ return;
++ }
++ std::vector<std::string> AllFiles;
++ ListFilesInDirRecursive(Corpora[0], nullptr, &AllFiles, /*TopDir*/true);
++ size_t NumFilesInFirstCorpus = AllFiles.size();
++ for (size_t i = 1; i < Corpora.size(); i++)
++ ListFilesInDirRecursive(Corpora[i], nullptr, &AllFiles, /*TopDir*/true);
++ Printf("MERGE-OUTER: %zd files, %zd in the initial corpus\n",
++ AllFiles.size(), NumFilesInFirstCorpus);
++ auto CFPath = DirPlusFile(TmpDir(),
++ "libFuzzerTemp." + std::to_string(GetPid()) + ".txt");
++ // Write the control file.
++ RemoveFile(CFPath);
++ std::ofstream ControlFile(CFPath);
++ ControlFile << AllFiles.size() << "\n";
++ ControlFile << NumFilesInFirstCorpus << "\n";
++ for (auto &Path: AllFiles)
++ ControlFile << Path << "\n";
++ if (!ControlFile) {
++ Printf("MERGE-OUTER: failed to write to the control file: %s\n",
++ CFPath.c_str());
++ exit(1);
++ }
++ ControlFile.close();
++
++ // Execute the inner process untill it passes.
++ // Every inner process should execute at least one input.
++ auto BaseCmd = SplitBefore("-ignore_remaining_args=1",
++ CloneArgsWithoutX(Args, "keep-all-flags"));
++ bool Success = false;
++ for (size_t i = 1; i <= AllFiles.size(); i++) {
++ Printf("MERGE-OUTER: attempt %zd\n", i);
++ auto ExitCode = ExecuteCommand(BaseCmd.first + " -merge_control_file=" +
++ CFPath + " " + BaseCmd.second);
++ if (!ExitCode) {
++ Printf("MERGE-OUTER: succesfull in %zd attempt(s)\n", i);
++ Success = true;
++ break;
++ }
++ }
++ if (!Success) {
++ Printf("MERGE-OUTER: zero succesfull attempts, exiting\n");
++ exit(1);
++ }
++ // Read the control file and do the merge.
++ Merger M;
++ std::ifstream IF(CFPath);
++ IF.seekg(0, IF.end);
++ Printf("MERGE-OUTER: the control file has %zd bytes\n", (size_t)IF.tellg());
++ IF.seekg(0, IF.beg);
++ M.ParseOrExit(IF, true);
++ IF.close();
++ Printf("MERGE-OUTER: consumed %zdMb (%zdMb rss) to parse the control file\n",
++ M.ApproximateMemoryConsumption() >> 20, GetPeakRSSMb());
++ if (CoverageSummaryOutputPathOrNull) {
++ Printf("MERGE-OUTER: writing coverage summary for %zd files to %s\n",
++ M.Files.size(), CoverageSummaryOutputPathOrNull);
++ std::ofstream SummaryOut(CoverageSummaryOutputPathOrNull);
++ M.PrintSummary(SummaryOut);
++ }
++ std::vector<std::string> NewFiles;
++ std::set<uint32_t> InitialFeatures;
++ if (CoverageSummaryInputPathOrNull) {
++ std::ifstream SummaryIn(CoverageSummaryInputPathOrNull);
++ InitialFeatures = M.ParseSummary(SummaryIn);
++ Printf("MERGE-OUTER: coverage summary loaded from %s, %zd features found\n",
++ CoverageSummaryInputPathOrNull, InitialFeatures.size());
++ }
++ size_t NumNewFeatures = M.Merge(InitialFeatures, &NewFiles);
++ Printf("MERGE-OUTER: %zd new files with %zd new features added\n",
++ NewFiles.size(), NumNewFeatures);
++ for (auto &F: NewFiles)
++ WriteToOutputCorpus(FileToVector(F));
++ // We are done, delete the control file.
++ RemoveFile(CFPath);
++}
++
++} // namespace fuzzer
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMerge.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMerge.h
new file mode 100644
index 0000000000..978ec0a901
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMerge.h
@@ -0,0 +1,85 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerMerge.h.orig 2017-08-19 18:02:19.278638628 +0000
++++ lib/fuzzer/FuzzerMerge.h
+@@ -0,0 +1,80 @@
++//===- FuzzerMerge.h - merging corpa ----------------------------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Merging Corpora.
++//
++// The task:
++// Take the existing corpus (possibly empty) and merge new inputs into
++// it so that only inputs with new coverage ('features') are added.
++// The process should tolerate the crashes, OOMs, leaks, etc.
++//
++// Algorithm:
++// The outter process collects the set of files and writes their names
++// into a temporary "control" file, then repeatedly launches the inner
++// process until all inputs are processed.
++// The outer process does not actually execute the target code.
++//
++// The inner process reads the control file and sees a) list of all the inputs
++// and b) the last processed input. Then it starts processing the inputs one
++// by one. Before processing every input it writes one line to control file:
++// STARTED INPUT_ID INPUT_SIZE
++// After processing an input it write another line:
++// DONE INPUT_ID Feature1 Feature2 Feature3 ...
++// If a crash happens while processing an input the last line in the control
++// file will be "STARTED INPUT_ID" and so the next process will know
++// where to resume.
++//
++// Once all inputs are processed by the innner process(es) the outer process
++// reads the control files and does the merge based entirely on the contents
++// of control file.
++// It uses a single pass greedy algorithm choosing first the smallest inputs
++// within the same size the inputs that have more new features.
++//
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_MERGE_H
++#define LLVM_FUZZER_MERGE_H
++
++#include "FuzzerDefs.h"
++
++#include <istream>
++#include <ostream>
++#include <set>
++#include <vector>
++
++namespace fuzzer {
++
++struct MergeFileInfo {
++ std::string Name;
++ size_t Size = 0;
++ std::vector<uint32_t> Features;
++};
++
++struct Merger {
++ std::vector<MergeFileInfo> Files;
++ size_t NumFilesInFirstCorpus = 0;
++ size_t FirstNotProcessedFile = 0;
++ std::string LastFailure;
++
++ bool Parse(std::istream &IS, bool ParseCoverage);
++ bool Parse(const std::string &Str, bool ParseCoverage);
++ void ParseOrExit(std::istream &IS, bool ParseCoverage);
++ void PrintSummary(std::ostream &OS);
++ std::set<uint32_t> ParseSummary(std::istream &IS);
++ size_t Merge(const std::set<uint32_t> &InitialFeatures,
++ std::vector<std::string> *NewFiles);
++ size_t Merge(std::vector<std::string> *NewFiles) {
++ return Merge(std::set<uint32_t>{}, NewFiles);
++ }
++ size_t ApproximateMemoryConsumption() const;
++ std::set<uint32_t> AllFeatures() const;
++};
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_MERGE_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMutate.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMutate.cpp
new file mode 100644
index 0000000000..4e1b8caca4
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMutate.cpp
@@ -0,0 +1,538 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerMutate.cpp.orig 2017-08-19 18:02:19.279148526 +0000
++++ lib/fuzzer/FuzzerMutate.cpp
+@@ -0,0 +1,533 @@
++//===- FuzzerMutate.cpp - Mutate a test input -----------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Mutate a test input.
++//===----------------------------------------------------------------------===//
++
++#include "FuzzerMutate.h"
++#include "FuzzerCorpus.h"
++#include "FuzzerDefs.h"
++#include "FuzzerExtFunctions.h"
++#include "FuzzerIO.h"
++#include "FuzzerOptions.h"
++
++namespace fuzzer {
++
++const size_t Dictionary::kMaxDictSize;
++
++static void PrintASCII(const Word &W, const char *PrintAfter) {
++ PrintASCII(W.data(), W.size(), PrintAfter);
++}
++
++MutationDispatcher::MutationDispatcher(Random &Rand,
++ const FuzzingOptions &Options)
++ : Rand(Rand), Options(Options) {
++ DefaultMutators.insert(
++ DefaultMutators.begin(),
++ {
++ {&MutationDispatcher::Mutate_EraseBytes, "EraseBytes"},
++ {&MutationDispatcher::Mutate_InsertByte, "InsertByte"},
++ {&MutationDispatcher::Mutate_InsertRepeatedBytes,
++ "InsertRepeatedBytes"},
++ {&MutationDispatcher::Mutate_ChangeByte, "ChangeByte"},
++ {&MutationDispatcher::Mutate_ChangeBit, "ChangeBit"},
++ {&MutationDispatcher::Mutate_ShuffleBytes, "ShuffleBytes"},
++ {&MutationDispatcher::Mutate_ChangeASCIIInteger, "ChangeASCIIInt"},
++ {&MutationDispatcher::Mutate_ChangeBinaryInteger, "ChangeBinInt"},
++ {&MutationDispatcher::Mutate_CopyPart, "CopyPart"},
++ {&MutationDispatcher::Mutate_CrossOver, "CrossOver"},
++ {&MutationDispatcher::Mutate_AddWordFromManualDictionary,
++ "ManualDict"},
++ {&MutationDispatcher::Mutate_AddWordFromPersistentAutoDictionary,
++ "PersAutoDict"},
++ });
++ if(Options.UseCmp)
++ DefaultMutators.push_back(
++ {&MutationDispatcher::Mutate_AddWordFromTORC, "CMP"});
++
++ if (EF->LLVMFuzzerCustomMutator)
++ Mutators.push_back({&MutationDispatcher::Mutate_Custom, "Custom"});
++ else
++ Mutators = DefaultMutators;
++
++ if (EF->LLVMFuzzerCustomCrossOver)
++ Mutators.push_back(
++ {&MutationDispatcher::Mutate_CustomCrossOver, "CustomCrossOver"});
++}
++
++static char RandCh(Random &Rand) {
++ if (Rand.RandBool()) return Rand(256);
++ const char *Special = "!*'();:@&=+$,/?%#[]012Az-`~.\xff\x00";
++ return Special[Rand(sizeof(Special) - 1)];
++}
++
++size_t MutationDispatcher::Mutate_Custom(uint8_t *Data, size_t Size,
++ size_t MaxSize) {
++ return EF->LLVMFuzzerCustomMutator(Data, Size, MaxSize, Rand.Rand());
++}
++
++size_t MutationDispatcher::Mutate_CustomCrossOver(uint8_t *Data, size_t Size,
++ size_t MaxSize) {
++ if (!Corpus || Corpus->size() < 2 || Size == 0)
++ return 0;
++ size_t Idx = Rand(Corpus->size());
++ const Unit &Other = (*Corpus)[Idx];
++ if (Other.empty())
++ return 0;
++ CustomCrossOverInPlaceHere.resize(MaxSize);
++ auto &U = CustomCrossOverInPlaceHere;
++ size_t NewSize = EF->LLVMFuzzerCustomCrossOver(
++ Data, Size, Other.data(), Other.size(), U.data(), U.size(), Rand.Rand());
++ if (!NewSize)
++ return 0;
++ assert(NewSize <= MaxSize && "CustomCrossOver returned overisized unit");
++ memcpy(Data, U.data(), NewSize);
++ return NewSize;
++}
++
++size_t MutationDispatcher::Mutate_ShuffleBytes(uint8_t *Data, size_t Size,
++ size_t MaxSize) {
++ if (Size > MaxSize || Size == 0) return 0;
++ size_t ShuffleAmount =
++ Rand(std::min(Size, (size_t)8)) + 1; // [1,8] and <= Size.
++ size_t ShuffleStart = Rand(Size - ShuffleAmount);
++ assert(ShuffleStart + ShuffleAmount <= Size);
++ std::shuffle(Data + ShuffleStart, Data + ShuffleStart + ShuffleAmount, Rand);
++ return Size;
++}
++
++size_t MutationDispatcher::Mutate_EraseBytes(uint8_t *Data, size_t Size,
++ size_t MaxSize) {
++ if (Size <= 1) return 0;
++ size_t N = Rand(Size / 2) + 1;
++ assert(N < Size);
++ size_t Idx = Rand(Size - N + 1);
++ // Erase Data[Idx:Idx+N].
++ memmove(Data + Idx, Data + Idx + N, Size - Idx - N);
++ // Printf("Erase: %zd %zd => %zd; Idx %zd\n", N, Size, Size - N, Idx);
++ return Size - N;
++}
++
++size_t MutationDispatcher::Mutate_InsertByte(uint8_t *Data, size_t Size,
++ size_t MaxSize) {
++ if (Size >= MaxSize) return 0;
++ size_t Idx = Rand(Size + 1);
++ // Insert new value at Data[Idx].
++ memmove(Data + Idx + 1, Data + Idx, Size - Idx);
++ Data[Idx] = RandCh(Rand);
++ return Size + 1;
++}
++
++size_t MutationDispatcher::Mutate_InsertRepeatedBytes(uint8_t *Data,
++ size_t Size,
++ size_t MaxSize) {
++ const size_t kMinBytesToInsert = 3;
++ if (Size + kMinBytesToInsert >= MaxSize) return 0;
++ size_t MaxBytesToInsert = std::min(MaxSize - Size, (size_t)128);
++ size_t N = Rand(MaxBytesToInsert - kMinBytesToInsert + 1) + kMinBytesToInsert;
++ assert(Size + N <= MaxSize && N);
++ size_t Idx = Rand(Size + 1);
++ // Insert new values at Data[Idx].
++ memmove(Data + Idx + N, Data + Idx, Size - Idx);
++ // Give preference to 0x00 and 0xff.
++ uint8_t Byte = Rand.RandBool() ? Rand(256) : (Rand.RandBool() ? 0 : 255);
++ for (size_t i = 0; i < N; i++)
++ Data[Idx + i] = Byte;
++ return Size + N;
++}
++
++size_t MutationDispatcher::Mutate_ChangeByte(uint8_t *Data, size_t Size,
++ size_t MaxSize) {
++ if (Size > MaxSize) return 0;
++ size_t Idx = Rand(Size);
++ Data[Idx] = RandCh(Rand);
++ return Size;
++}
++
++size_t MutationDispatcher::Mutate_ChangeBit(uint8_t *Data, size_t Size,
++ size_t MaxSize) {
++ if (Size > MaxSize) return 0;
++ size_t Idx = Rand(Size);
++ Data[Idx] ^= 1 << Rand(8);
++ return Size;
++}
++
++size_t MutationDispatcher::Mutate_AddWordFromManualDictionary(uint8_t *Data,
++ size_t Size,
++ size_t MaxSize) {
++ return AddWordFromDictionary(ManualDictionary, Data, Size, MaxSize);
++}
++
++size_t MutationDispatcher::ApplyDictionaryEntry(uint8_t *Data, size_t Size,
++ size_t MaxSize,
++ DictionaryEntry &DE) {
++ const Word &W = DE.GetW();
++ bool UsePositionHint = DE.HasPositionHint() &&
++ DE.GetPositionHint() + W.size() < Size &&
++ Rand.RandBool();
++ if (Rand.RandBool()) { // Insert W.
++ if (Size + W.size() > MaxSize) return 0;
++ size_t Idx = UsePositionHint ? DE.GetPositionHint() : Rand(Size + 1);
++ memmove(Data + Idx + W.size(), Data + Idx, Size - Idx);
++ memcpy(Data + Idx, W.data(), W.size());
++ Size += W.size();
++ } else { // Overwrite some bytes with W.
++ if (W.size() > Size) return 0;
++ size_t Idx = UsePositionHint ? DE.GetPositionHint() : Rand(Size - W.size());
++ memcpy(Data + Idx, W.data(), W.size());
++ }
++ return Size;
++}
++
++// Somewhere in the past we have observed a comparison instructions
++// with arguments Arg1 Arg2. This function tries to guess a dictionary
++// entry that will satisfy that comparison.
++// It first tries to find one of the arguments (possibly swapped) in the
++// input and if it succeeds it creates a DE with a position hint.
++// Otherwise it creates a DE with one of the arguments w/o a position hint.
++DictionaryEntry MutationDispatcher::MakeDictionaryEntryFromCMP(
++ const void *Arg1, const void *Arg2,
++ const void *Arg1Mutation, const void *Arg2Mutation,
++ size_t ArgSize, const uint8_t *Data,
++ size_t Size) {
++ ScopedDoingMyOwnMemOrStr scoped_doing_my_own_mem_os_str;
++ bool HandleFirst = Rand.RandBool();
++ const void *ExistingBytes, *DesiredBytes;
++ Word W;
++ const uint8_t *End = Data + Size;
++ for (int Arg = 0; Arg < 2; Arg++) {
++ ExistingBytes = HandleFirst ? Arg1 : Arg2;
++ DesiredBytes = HandleFirst ? Arg2Mutation : Arg1Mutation;
++ HandleFirst = !HandleFirst;
++ W.Set(reinterpret_cast<const uint8_t*>(DesiredBytes), ArgSize);
++ const size_t kMaxNumPositions = 8;
++ size_t Positions[kMaxNumPositions];
++ size_t NumPositions = 0;
++ for (const uint8_t *Cur = Data;
++ Cur < End && NumPositions < kMaxNumPositions; Cur++) {
++ Cur =
++ (const uint8_t *)SearchMemory(Cur, End - Cur, ExistingBytes, ArgSize);
++ if (!Cur) break;
++ Positions[NumPositions++] = Cur - Data;
++ }
++ if (!NumPositions) continue;
++ return DictionaryEntry(W, Positions[Rand(NumPositions)]);
++ }
++ DictionaryEntry DE(W);
++ return DE;
++}
++
++
++template <class T>
++DictionaryEntry MutationDispatcher::MakeDictionaryEntryFromCMP(
++ T Arg1, T Arg2, const uint8_t *Data, size_t Size) {
++ if (Rand.RandBool()) Arg1 = Bswap(Arg1);
++ if (Rand.RandBool()) Arg2 = Bswap(Arg2);
++ T Arg1Mutation = Arg1 + Rand(-1, 1);
++ T Arg2Mutation = Arg2 + Rand(-1, 1);
++ return MakeDictionaryEntryFromCMP(&Arg1, &Arg2, &Arg1Mutation, &Arg2Mutation,
++ sizeof(Arg1), Data, Size);
++}
++
++DictionaryEntry MutationDispatcher::MakeDictionaryEntryFromCMP(
++ const Word &Arg1, const Word &Arg2, const uint8_t *Data, size_t Size) {
++ return MakeDictionaryEntryFromCMP(Arg1.data(), Arg2.data(), Arg1.data(),
++ Arg2.data(), Arg1.size(), Data, Size);
++}
++
++size_t MutationDispatcher::Mutate_AddWordFromTORC(
++ uint8_t *Data, size_t Size, size_t MaxSize) {
++ Word W;
++ DictionaryEntry DE;
++ switch (Rand(4)) {
++ case 0: {
++ auto X = TPC.TORC8.Get(Rand.Rand());
++ DE = MakeDictionaryEntryFromCMP(X.A, X.B, Data, Size);
++ } break;
++ case 1: {
++ auto X = TPC.TORC4.Get(Rand.Rand());
++ if ((X.A >> 16) == 0 && (X.B >> 16) == 0 && Rand.RandBool())
++ DE = MakeDictionaryEntryFromCMP((uint16_t)X.A, (uint16_t)X.B, Data, Size);
++ else
++ DE = MakeDictionaryEntryFromCMP(X.A, X.B, Data, Size);
++ } break;
++ case 2: {
++ auto X = TPC.TORCW.Get(Rand.Rand());
++ DE = MakeDictionaryEntryFromCMP(X.A, X.B, Data, Size);
++ } break;
++ case 3: if (Options.UseMemmem) {
++ auto X = TPC.MMT.Get(Rand.Rand());
++ DE = DictionaryEntry(X);
++ } break;
++ default:
++ assert(0);
++ }
++ if (!DE.GetW().size()) return 0;
++ Size = ApplyDictionaryEntry(Data, Size, MaxSize, DE);
++ if (!Size) return 0;
++ DictionaryEntry &DERef =
++ CmpDictionaryEntriesDeque[CmpDictionaryEntriesDequeIdx++ %
++ kCmpDictionaryEntriesDequeSize];
++ DERef = DE;
++ CurrentDictionaryEntrySequence.push_back(&DERef);
++ return Size;
++}
++
++size_t MutationDispatcher::Mutate_AddWordFromPersistentAutoDictionary(
++ uint8_t *Data, size_t Size, size_t MaxSize) {
++ return AddWordFromDictionary(PersistentAutoDictionary, Data, Size, MaxSize);
++}
++
++size_t MutationDispatcher::AddWordFromDictionary(Dictionary &D, uint8_t *Data,
++ size_t Size, size_t MaxSize) {
++ if (Size > MaxSize) return 0;
++ if (D.empty()) return 0;
++ DictionaryEntry &DE = D[Rand(D.size())];
++ Size = ApplyDictionaryEntry(Data, Size, MaxSize, DE);
++ if (!Size) return 0;
++ DE.IncUseCount();
++ CurrentDictionaryEntrySequence.push_back(&DE);
++ return Size;
++}
++
++// Overwrites part of To[0,ToSize) with a part of From[0,FromSize).
++// Returns ToSize.
++size_t MutationDispatcher::CopyPartOf(const uint8_t *From, size_t FromSize,
++ uint8_t *To, size_t ToSize) {
++ // Copy From[FromBeg, FromBeg + CopySize) into To[ToBeg, ToBeg + CopySize).
++ size_t ToBeg = Rand(ToSize);
++ size_t CopySize = Rand(ToSize - ToBeg) + 1;
++ assert(ToBeg + CopySize <= ToSize);
++ CopySize = std::min(CopySize, FromSize);
++ size_t FromBeg = Rand(FromSize - CopySize + 1);
++ assert(FromBeg + CopySize <= FromSize);
++ memmove(To + ToBeg, From + FromBeg, CopySize);
++ return ToSize;
++}
++
++// Inserts part of From[0,ToSize) into To.
++// Returns new size of To on success or 0 on failure.
++size_t MutationDispatcher::InsertPartOf(const uint8_t *From, size_t FromSize,
++ uint8_t *To, size_t ToSize,
++ size_t MaxToSize) {
++ if (ToSize >= MaxToSize) return 0;
++ size_t AvailableSpace = MaxToSize - ToSize;
++ size_t MaxCopySize = std::min(AvailableSpace, FromSize);
++ size_t CopySize = Rand(MaxCopySize) + 1;
++ size_t FromBeg = Rand(FromSize - CopySize + 1);
++ assert(FromBeg + CopySize <= FromSize);
++ size_t ToInsertPos = Rand(ToSize + 1);
++ assert(ToInsertPos + CopySize <= MaxToSize);
++ size_t TailSize = ToSize - ToInsertPos;
++ if (To == From) {
++ MutateInPlaceHere.resize(MaxToSize);
++ memcpy(MutateInPlaceHere.data(), From + FromBeg, CopySize);
++ memmove(To + ToInsertPos + CopySize, To + ToInsertPos, TailSize);
++ memmove(To + ToInsertPos, MutateInPlaceHere.data(), CopySize);
++ } else {
++ memmove(To + ToInsertPos + CopySize, To + ToInsertPos, TailSize);
++ memmove(To + ToInsertPos, From + FromBeg, CopySize);
++ }
++ return ToSize + CopySize;
++}
++
++size_t MutationDispatcher::Mutate_CopyPart(uint8_t *Data, size_t Size,
++ size_t MaxSize) {
++ if (Size > MaxSize || Size == 0) return 0;
++ if (Rand.RandBool())
++ return CopyPartOf(Data, Size, Data, Size);
++ else
++ return InsertPartOf(Data, Size, Data, Size, MaxSize);
++}
++
++size_t MutationDispatcher::Mutate_ChangeASCIIInteger(uint8_t *Data, size_t Size,
++ size_t MaxSize) {
++ if (Size > MaxSize) return 0;
++ size_t B = Rand(Size);
++ while (B < Size && !isdigit(Data[B])) B++;
++ if (B == Size) return 0;
++ size_t E = B;
++ while (E < Size && isdigit(Data[E])) E++;
++ assert(B < E);
++ // now we have digits in [B, E).
++ // strtol and friends don't accept non-zero-teminated data, parse it manually.
++ uint64_t Val = Data[B] - '0';
++ for (size_t i = B + 1; i < E; i++)
++ Val = Val * 10 + Data[i] - '0';
++
++ // Mutate the integer value.
++ switch(Rand(5)) {
++ case 0: Val++; break;
++ case 1: Val--; break;
++ case 2: Val /= 2; break;
++ case 3: Val *= 2; break;
++ case 4: Val = Rand(Val * Val); break;
++ default: assert(0);
++ }
++ // Just replace the bytes with the new ones, don't bother moving bytes.
++ for (size_t i = B; i < E; i++) {
++ size_t Idx = E + B - i - 1;
++ assert(Idx >= B && Idx < E);
++ Data[Idx] = (Val % 10) + '0';
++ Val /= 10;
++ }
++ return Size;
++}
++
++template<class T>
++size_t ChangeBinaryInteger(uint8_t *Data, size_t Size, Random &Rand) {
++ if (Size < sizeof(T)) return 0;
++ size_t Off = Rand(Size - sizeof(T) + 1);
++ assert(Off + sizeof(T) <= Size);
++ T Val;
++ if (Off < 64 && !Rand(4)) {
++ Val = Size;
++ if (Rand.RandBool())
++ Val = Bswap(Val);
++ } else {
++ memcpy(&Val, Data + Off, sizeof(Val));
++ T Add = Rand(21);
++ Add -= 10;
++ if (Rand.RandBool())
++ Val = Bswap(T(Bswap(Val) + Add)); // Add assuming different endiannes.
++ else
++ Val = Val + Add; // Add assuming current endiannes.
++ if (Add == 0 || Rand.RandBool()) // Maybe negate.
++ Val = -Val;
++ }
++ memcpy(Data + Off, &Val, sizeof(Val));
++ return Size;
++}
++
++size_t MutationDispatcher::Mutate_ChangeBinaryInteger(uint8_t *Data,
++ size_t Size,
++ size_t MaxSize) {
++ if (Size > MaxSize) return 0;
++ switch (Rand(4)) {
++ case 3: return ChangeBinaryInteger<uint64_t>(Data, Size, Rand);
++ case 2: return ChangeBinaryInteger<uint32_t>(Data, Size, Rand);
++ case 1: return ChangeBinaryInteger<uint16_t>(Data, Size, Rand);
++ case 0: return ChangeBinaryInteger<uint8_t>(Data, Size, Rand);
++ default: assert(0);
++ }
++ return 0;
++}
++
++size_t MutationDispatcher::Mutate_CrossOver(uint8_t *Data, size_t Size,
++ size_t MaxSize) {
++ if (Size > MaxSize) return 0;
++ if (!Corpus || Corpus->size() < 2 || Size == 0) return 0;
++ size_t Idx = Rand(Corpus->size());
++ const Unit &O = (*Corpus)[Idx];
++ if (O.empty()) return 0;
++ MutateInPlaceHere.resize(MaxSize);
++ auto &U = MutateInPlaceHere;
++ size_t NewSize = 0;
++ switch(Rand(3)) {
++ case 0:
++ NewSize = CrossOver(Data, Size, O.data(), O.size(), U.data(), U.size());
++ break;
++ case 1:
++ NewSize = InsertPartOf(O.data(), O.size(), U.data(), U.size(), MaxSize);
++ if (!NewSize)
++ NewSize = CopyPartOf(O.data(), O.size(), U.data(), U.size());
++ break;
++ case 2:
++ NewSize = CopyPartOf(O.data(), O.size(), U.data(), U.size());
++ break;
++ default: assert(0);
++ }
++ assert(NewSize > 0 && "CrossOver returned empty unit");
++ assert(NewSize <= MaxSize && "CrossOver returned overisized unit");
++ memcpy(Data, U.data(), NewSize);
++ return NewSize;
++}
++
++void MutationDispatcher::StartMutationSequence() {
++ CurrentMutatorSequence.clear();
++ CurrentDictionaryEntrySequence.clear();
++}
++
++// Copy successful dictionary entries to PersistentAutoDictionary.
++void MutationDispatcher::RecordSuccessfulMutationSequence() {
++ for (auto DE : CurrentDictionaryEntrySequence) {
++ // PersistentAutoDictionary.AddWithSuccessCountOne(DE);
++ DE->IncSuccessCount();
++ assert(DE->GetW().size());
++ // Linear search is fine here as this happens seldom.
++ if (!PersistentAutoDictionary.ContainsWord(DE->GetW()))
++ PersistentAutoDictionary.push_back({DE->GetW(), 1});
++ }
++}
++
++void MutationDispatcher::PrintRecommendedDictionary() {
++ std::vector<DictionaryEntry> V;
++ for (auto &DE : PersistentAutoDictionary)
++ if (!ManualDictionary.ContainsWord(DE.GetW()))
++ V.push_back(DE);
++ if (V.empty()) return;
++ Printf("###### Recommended dictionary. ######\n");
++ for (auto &DE: V) {
++ assert(DE.GetW().size());
++ Printf("\"");
++ PrintASCII(DE.GetW(), "\"");
++ Printf(" # Uses: %zd\n", DE.GetUseCount());
++ }
++ Printf("###### End of recommended dictionary. ######\n");
++}
++
++void MutationDispatcher::PrintMutationSequence() {
++ Printf("MS: %zd ", CurrentMutatorSequence.size());
++ for (auto M : CurrentMutatorSequence)
++ Printf("%s-", M.Name);
++ if (!CurrentDictionaryEntrySequence.empty()) {
++ Printf(" DE: ");
++ for (auto DE : CurrentDictionaryEntrySequence) {
++ Printf("\"");
++ PrintASCII(DE->GetW(), "\"-");
++ }
++ }
++}
++
++size_t MutationDispatcher::Mutate(uint8_t *Data, size_t Size, size_t MaxSize) {
++ return MutateImpl(Data, Size, MaxSize, Mutators);
++}
++
++size_t MutationDispatcher::DefaultMutate(uint8_t *Data, size_t Size,
++ size_t MaxSize) {
++ return MutateImpl(Data, Size, MaxSize, DefaultMutators);
++}
++
++// Mutates Data in place, returns new size.
++size_t MutationDispatcher::MutateImpl(uint8_t *Data, size_t Size,
++ size_t MaxSize,
++ const std::vector<Mutator> &Mutators) {
++ assert(MaxSize > 0);
++ // Some mutations may fail (e.g. can't insert more bytes if Size == MaxSize),
++ // in which case they will return 0.
++ // Try several times before returning un-mutated data.
++ for (int Iter = 0; Iter < 100; Iter++) {
++ auto M = Mutators[Rand(Mutators.size())];
++ size_t NewSize = (this->*(M.Fn))(Data, Size, MaxSize);
++ if (NewSize && NewSize <= MaxSize) {
++ if (Options.OnlyASCII)
++ ToASCII(Data, NewSize);
++ CurrentMutatorSequence.push_back(M);
++ return NewSize;
++ }
++ }
++ *Data = ' ';
++ return 1; // Fallback, should not happen frequently.
++}
++
++void MutationDispatcher::AddWordToManualDictionary(const Word &W) {
++ ManualDictionary.push_back(
++ {W, std::numeric_limits<size_t>::max()});
++}
++
++} // namespace fuzzer
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMutate.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMutate.h
new file mode 100644
index 0000000000..4520943d69
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerMutate.h
@@ -0,0 +1,155 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerMutate.h.orig 2017-08-19 18:02:19.278941947 +0000
++++ lib/fuzzer/FuzzerMutate.h
+@@ -0,0 +1,150 @@
++//===- FuzzerMutate.h - Internal header for the Fuzzer ----------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// fuzzer::MutationDispatcher
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_MUTATE_H
++#define LLVM_FUZZER_MUTATE_H
++
++#include "FuzzerDefs.h"
++#include "FuzzerDictionary.h"
++#include "FuzzerOptions.h"
++#include "FuzzerRandom.h"
++
++namespace fuzzer {
++
++class MutationDispatcher {
++public:
++ MutationDispatcher(Random &Rand, const FuzzingOptions &Options);
++ ~MutationDispatcher() {}
++ /// Indicate that we are about to start a new sequence of mutations.
++ void StartMutationSequence();
++ /// Print the current sequence of mutations.
++ void PrintMutationSequence();
++ /// Indicate that the current sequence of mutations was successfull.
++ void RecordSuccessfulMutationSequence();
++ /// Mutates data by invoking user-provided mutator.
++ size_t Mutate_Custom(uint8_t *Data, size_t Size, size_t MaxSize);
++ /// Mutates data by invoking user-provided crossover.
++ size_t Mutate_CustomCrossOver(uint8_t *Data, size_t Size, size_t MaxSize);
++ /// Mutates data by shuffling bytes.
++ size_t Mutate_ShuffleBytes(uint8_t *Data, size_t Size, size_t MaxSize);
++ /// Mutates data by erasing bytes.
++ size_t Mutate_EraseBytes(uint8_t *Data, size_t Size, size_t MaxSize);
++ /// Mutates data by inserting a byte.
++ size_t Mutate_InsertByte(uint8_t *Data, size_t Size, size_t MaxSize);
++ /// Mutates data by inserting several repeated bytes.
++ size_t Mutate_InsertRepeatedBytes(uint8_t *Data, size_t Size, size_t MaxSize);
++ /// Mutates data by chanding one byte.
++ size_t Mutate_ChangeByte(uint8_t *Data, size_t Size, size_t MaxSize);
++ /// Mutates data by chanding one bit.
++ size_t Mutate_ChangeBit(uint8_t *Data, size_t Size, size_t MaxSize);
++ /// Mutates data by copying/inserting a part of data into a different place.
++ size_t Mutate_CopyPart(uint8_t *Data, size_t Size, size_t MaxSize);
++
++ /// Mutates data by adding a word from the manual dictionary.
++ size_t Mutate_AddWordFromManualDictionary(uint8_t *Data, size_t Size,
++ size_t MaxSize);
++
++ /// Mutates data by adding a word from the TORC.
++ size_t Mutate_AddWordFromTORC(uint8_t *Data, size_t Size, size_t MaxSize);
++
++ /// Mutates data by adding a word from the persistent automatic dictionary.
++ size_t Mutate_AddWordFromPersistentAutoDictionary(uint8_t *Data, size_t Size,
++ size_t MaxSize);
++
++ /// Tries to find an ASCII integer in Data, changes it to another ASCII int.
++ size_t Mutate_ChangeASCIIInteger(uint8_t *Data, size_t Size, size_t MaxSize);
++ /// Change a 1-, 2-, 4-, or 8-byte integer in interesting ways.
++ size_t Mutate_ChangeBinaryInteger(uint8_t *Data, size_t Size, size_t MaxSize);
++
++ /// CrossOver Data with some other element of the corpus.
++ size_t Mutate_CrossOver(uint8_t *Data, size_t Size, size_t MaxSize);
++
++ /// Applies one of the configured mutations.
++ /// Returns the new size of data which could be up to MaxSize.
++ size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize);
++ /// Applies one of the default mutations. Provided as a service
++ /// to mutation authors.
++ size_t DefaultMutate(uint8_t *Data, size_t Size, size_t MaxSize);
++
++ /// Creates a cross-over of two pieces of Data, returns its size.
++ size_t CrossOver(const uint8_t *Data1, size_t Size1, const uint8_t *Data2,
++ size_t Size2, uint8_t *Out, size_t MaxOutSize);
++
++ void AddWordToManualDictionary(const Word &W);
++
++ void PrintRecommendedDictionary();
++
++ void SetCorpus(const InputCorpus *Corpus) { this->Corpus = Corpus; }
++
++ Random &GetRand() { return Rand; }
++
++private:
++
++ struct Mutator {
++ size_t (MutationDispatcher::*Fn)(uint8_t *Data, size_t Size, size_t Max);
++ const char *Name;
++ };
++
++ size_t AddWordFromDictionary(Dictionary &D, uint8_t *Data, size_t Size,
++ size_t MaxSize);
++ size_t MutateImpl(uint8_t *Data, size_t Size, size_t MaxSize,
++ const std::vector<Mutator> &Mutators);
++
++ size_t InsertPartOf(const uint8_t *From, size_t FromSize, uint8_t *To,
++ size_t ToSize, size_t MaxToSize);
++ size_t CopyPartOf(const uint8_t *From, size_t FromSize, uint8_t *To,
++ size_t ToSize);
++ size_t ApplyDictionaryEntry(uint8_t *Data, size_t Size, size_t MaxSize,
++ DictionaryEntry &DE);
++
++ template <class T>
++ DictionaryEntry MakeDictionaryEntryFromCMP(T Arg1, T Arg2,
++ const uint8_t *Data, size_t Size);
++ DictionaryEntry MakeDictionaryEntryFromCMP(const Word &Arg1, const Word &Arg2,
++ const uint8_t *Data, size_t Size);
++ DictionaryEntry MakeDictionaryEntryFromCMP(const void *Arg1, const void *Arg2,
++ const void *Arg1Mutation,
++ const void *Arg2Mutation,
++ size_t ArgSize,
++ const uint8_t *Data, size_t Size);
++
++ Random &Rand;
++ const FuzzingOptions Options;
++
++ // Dictionary provided by the user via -dict=DICT_FILE.
++ Dictionary ManualDictionary;
++ // Temporary dictionary modified by the fuzzer itself,
++ // recreated periodically.
++ Dictionary TempAutoDictionary;
++ // Persistent dictionary modified by the fuzzer, consists of
++ // entries that led to successfull discoveries in the past mutations.
++ Dictionary PersistentAutoDictionary;
++
++ std::vector<Mutator> CurrentMutatorSequence;
++ std::vector<DictionaryEntry *> CurrentDictionaryEntrySequence;
++
++ static const size_t kCmpDictionaryEntriesDequeSize = 16;
++ DictionaryEntry CmpDictionaryEntriesDeque[kCmpDictionaryEntriesDequeSize];
++ size_t CmpDictionaryEntriesDequeIdx = 0;
++
++ const InputCorpus *Corpus = nullptr;
++ std::vector<uint8_t> MutateInPlaceHere;
++ // CustomCrossOver needs its own buffer as a custom implementation may call
++ // LLVMFuzzerMutate, which in turn may resize MutateInPlaceHere.
++ std::vector<uint8_t> CustomCrossOverInPlaceHere;
++
++ std::vector<Mutator> Mutators;
++ std::vector<Mutator> DefaultMutators;
++};
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_MUTATE_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerOptions.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerOptions.h
new file mode 100644
index 0000000000..d6f22808d9
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerOptions.h
@@ -0,0 +1,73 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerOptions.h.orig 2017-08-19 18:02:19.279254091 +0000
++++ lib/fuzzer/FuzzerOptions.h
+@@ -0,0 +1,68 @@
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// fuzzer::FuzzingOptions
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_OPTIONS_H
++#define LLVM_FUZZER_OPTIONS_H
++
++#include "FuzzerDefs.h"
++
++namespace fuzzer {
++
++struct FuzzingOptions {
++ int Verbosity = 1;
++ size_t MaxLen = 0;
++ bool ExperimentalLenControl = false;
++ int UnitTimeoutSec = 300;
++ int TimeoutExitCode = 77;
++ int ErrorExitCode = 77;
++ int MaxTotalTimeSec = 0;
++ int RssLimitMb = 0;
++ bool DoCrossOver = true;
++ int MutateDepth = 5;
++ bool UseCounters = false;
++ bool UseIndirCalls = true;
++ bool UseMemmem = true;
++ bool UseCmp = false;
++ bool UseValueProfile = false;
++ bool Shrink = false;
++ bool ReduceInputs = false;
++ int ReloadIntervalSec = 1;
++ bool ShuffleAtStartUp = true;
++ bool PreferSmall = true;
++ size_t MaxNumberOfRuns = -1L;
++ int ReportSlowUnits = 10;
++ bool OnlyASCII = false;
++ std::string OutputCorpus;
++ std::string ArtifactPrefix = "./";
++ std::string ExactArtifactPath;
++ std::string ExitOnSrcPos;
++ std::string ExitOnItem;
++ bool SaveArtifacts = true;
++ bool PrintNEW = true; // Print a status line when new units are found;
++ bool PrintNewCovPcs = false;
++ bool PrintFinalStats = false;
++ bool PrintCorpusStats = false;
++ bool PrintCoverage = false;
++ bool DumpCoverage = false;
++ bool DetectLeaks = true;
++ int TraceMalloc = 0;
++ bool HandleAbrt = false;
++ bool HandleBus = false;
++ bool HandleFpe = false;
++ bool HandleIll = false;
++ bool HandleInt = false;
++ bool HandleSegv = false;
++ bool HandleTerm = false;
++ bool HandleXfsz = false;
++};
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_OPTIONS_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerRandom.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerRandom.h
new file mode 100644
index 0000000000..9607e00e02
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerRandom.h
@@ -0,0 +1,39 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerRandom.h.orig 2017-08-19 18:02:19.279355642 +0000
++++ lib/fuzzer/FuzzerRandom.h
+@@ -0,0 +1,34 @@
++//===- FuzzerRandom.h - Internal header for the Fuzzer ----------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// fuzzer::Random
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_RANDOM_H
++#define LLVM_FUZZER_RANDOM_H
++
++#include <random>
++
++namespace fuzzer {
++class Random : public std::mt19937 {
++ public:
++ Random(unsigned int seed) : std::mt19937(seed) {}
++ result_type operator()() { return this->std::mt19937::operator()(); }
++ size_t Rand() { return this->operator()(); }
++ size_t RandBool() { return Rand() % 2; }
++ size_t operator()(size_t n) { return n ? Rand() % n : 0; }
++ intptr_t operator()(intptr_t From, intptr_t To) {
++ assert(From < To);
++ intptr_t RangeSize = To - From + 1;
++ return operator()(RangeSize) + From;
++ }
++};
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_RANDOM_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerSHA1.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerSHA1.cpp
new file mode 100644
index 0000000000..5fb3657a3b
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerSHA1.cpp
@@ -0,0 +1,227 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerSHA1.cpp.orig 2017-08-19 18:02:19.279602126 +0000
++++ lib/fuzzer/FuzzerSHA1.cpp
+@@ -0,0 +1,222 @@
++//===- FuzzerSHA1.h - Private copy of the SHA1 implementation ---*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// This code is taken from public domain
++// (http://oauth.googlecode.com/svn/code/c/liboauth/src/sha1.c)
++// and modified by adding anonymous namespace, adding an interface
++// function fuzzer::ComputeSHA1() and removing unnecessary code.
++//
++// lib/Fuzzer can not use SHA1 implementation from openssl because
++// openssl may not be available and because we may be fuzzing openssl itself.
++// For the same reason we do not want to depend on SHA1 from LLVM tree.
++//===----------------------------------------------------------------------===//
++
++#include "FuzzerSHA1.h"
++#include "FuzzerDefs.h"
++
++/* This code is public-domain - it is based on libcrypt
++ * placed in the public domain by Wei Dai and other contributors.
++ */
++
++#include <iomanip>
++#include <sstream>
++#include <stdint.h>
++#include <string.h>
++
++namespace { // Added for LibFuzzer
++
++#ifdef __BIG_ENDIAN__
++# define SHA_BIG_ENDIAN
++#elif defined __LITTLE_ENDIAN__
++/* override */
++#elif defined __BYTE_ORDER
++# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
++# define SHA_BIG_ENDIAN
++# endif
++#else // ! defined __LITTLE_ENDIAN__
++# include <endian.h> // machine/endian.h
++# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
++# define SHA_BIG_ENDIAN
++# endif
++#endif
++
++
++/* header */
++
++#define HASH_LENGTH 20
++#define BLOCK_LENGTH 64
++
++typedef struct sha1nfo {
++ uint32_t buffer[BLOCK_LENGTH/4];
++ uint32_t state[HASH_LENGTH/4];
++ uint32_t byteCount;
++ uint8_t bufferOffset;
++ uint8_t keyBuffer[BLOCK_LENGTH];
++ uint8_t innerHash[HASH_LENGTH];
++} sha1nfo;
++
++/* public API - prototypes - TODO: doxygen*/
++
++/**
++ */
++void sha1_init(sha1nfo *s);
++/**
++ */
++void sha1_writebyte(sha1nfo *s, uint8_t data);
++/**
++ */
++void sha1_write(sha1nfo *s, const char *data, size_t len);
++/**
++ */
++uint8_t* sha1_result(sha1nfo *s);
++
++
++/* code */
++#define SHA1_K0 0x5a827999
++#define SHA1_K20 0x6ed9eba1
++#define SHA1_K40 0x8f1bbcdc
++#define SHA1_K60 0xca62c1d6
++
++void sha1_init(sha1nfo *s) {
++ s->state[0] = 0x67452301;
++ s->state[1] = 0xefcdab89;
++ s->state[2] = 0x98badcfe;
++ s->state[3] = 0x10325476;
++ s->state[4] = 0xc3d2e1f0;
++ s->byteCount = 0;
++ s->bufferOffset = 0;
++}
++
++uint32_t sha1_rol32(uint32_t number, uint8_t bits) {
++ return ((number << bits) | (number >> (32-bits)));
++}
++
++void sha1_hashBlock(sha1nfo *s) {
++ uint8_t i;
++ uint32_t a,b,c,d,e,t;
++
++ a=s->state[0];
++ b=s->state[1];
++ c=s->state[2];
++ d=s->state[3];
++ e=s->state[4];
++ for (i=0; i<80; i++) {
++ if (i>=16) {
++ t = s->buffer[(i+13)&15] ^ s->buffer[(i+8)&15] ^ s->buffer[(i+2)&15] ^ s->buffer[i&15];
++ s->buffer[i&15] = sha1_rol32(t,1);
++ }
++ if (i<20) {
++ t = (d ^ (b & (c ^ d))) + SHA1_K0;
++ } else if (i<40) {
++ t = (b ^ c ^ d) + SHA1_K20;
++ } else if (i<60) {
++ t = ((b & c) | (d & (b | c))) + SHA1_K40;
++ } else {
++ t = (b ^ c ^ d) + SHA1_K60;
++ }
++ t+=sha1_rol32(a,5) + e + s->buffer[i&15];
++ e=d;
++ d=c;
++ c=sha1_rol32(b,30);
++ b=a;
++ a=t;
++ }
++ s->state[0] += a;
++ s->state[1] += b;
++ s->state[2] += c;
++ s->state[3] += d;
++ s->state[4] += e;
++}
++
++void sha1_addUncounted(sha1nfo *s, uint8_t data) {
++ uint8_t * const b = (uint8_t*) s->buffer;
++#ifdef SHA_BIG_ENDIAN
++ b[s->bufferOffset] = data;
++#else
++ b[s->bufferOffset ^ 3] = data;
++#endif
++ s->bufferOffset++;
++ if (s->bufferOffset == BLOCK_LENGTH) {
++ sha1_hashBlock(s);
++ s->bufferOffset = 0;
++ }
++}
++
++void sha1_writebyte(sha1nfo *s, uint8_t data) {
++ ++s->byteCount;
++ sha1_addUncounted(s, data);
++}
++
++void sha1_write(sha1nfo *s, const char *data, size_t len) {
++ for (;len--;) sha1_writebyte(s, (uint8_t) *data++);
++}
++
++void sha1_pad(sha1nfo *s) {
++ // Implement SHA-1 padding (fips180-2 §5.1.1)
++
++ // Pad with 0x80 followed by 0x00 until the end of the block
++ sha1_addUncounted(s, 0x80);
++ while (s->bufferOffset != 56) sha1_addUncounted(s, 0x00);
++
++ // Append length in the last 8 bytes
++ sha1_addUncounted(s, 0); // We're only using 32 bit lengths
++ sha1_addUncounted(s, 0); // But SHA-1 supports 64 bit lengths
++ sha1_addUncounted(s, 0); // So zero pad the top bits
++ sha1_addUncounted(s, s->byteCount >> 29); // Shifting to multiply by 8
++ sha1_addUncounted(s, s->byteCount >> 21); // as SHA-1 supports bitstreams as well as
++ sha1_addUncounted(s, s->byteCount >> 13); // byte.
++ sha1_addUncounted(s, s->byteCount >> 5);
++ sha1_addUncounted(s, s->byteCount << 3);
++}
++
++uint8_t* sha1_result(sha1nfo *s) {
++ // Pad to complete the last block
++ sha1_pad(s);
++
++#ifndef SHA_BIG_ENDIAN
++ // Swap byte order back
++ int i;
++ for (i=0; i<5; i++) {
++ s->state[i]=
++ (((s->state[i])<<24)& 0xff000000)
++ | (((s->state[i])<<8) & 0x00ff0000)
++ | (((s->state[i])>>8) & 0x0000ff00)
++ | (((s->state[i])>>24)& 0x000000ff);
++ }
++#endif
++
++ // Return pointer to hash (20 characters)
++ return (uint8_t*) s->state;
++}
++
++} // namespace; Added for LibFuzzer
++
++namespace fuzzer {
++
++// The rest is added for LibFuzzer
++void ComputeSHA1(const uint8_t *Data, size_t Len, uint8_t *Out) {
++ sha1nfo s;
++ sha1_init(&s);
++ sha1_write(&s, (const char*)Data, Len);
++ memcpy(Out, sha1_result(&s), HASH_LENGTH);
++}
++
++std::string Sha1ToString(const uint8_t Sha1[kSHA1NumBytes]) {
++ std::stringstream SS;
++ for (int i = 0; i < kSHA1NumBytes; i++)
++ SS << std::hex << std::setfill('0') << std::setw(2) << (unsigned)Sha1[i];
++ return SS.str();
++}
++
++std::string Hash(const Unit &U) {
++ uint8_t Hash[kSHA1NumBytes];
++ ComputeSHA1(U.data(), U.size(), Hash);
++ return Sha1ToString(Hash);
++}
++
++}
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerSHA1.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerSHA1.h
new file mode 100644
index 0000000000..afebd048f5
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerSHA1.h
@@ -0,0 +1,38 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerSHA1.h.orig 2017-08-19 18:02:19.279456327 +0000
++++ lib/fuzzer/FuzzerSHA1.h
+@@ -0,0 +1,33 @@
++//===- FuzzerSHA1.h - Internal header for the SHA1 utils --------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// SHA1 utils.
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_SHA1_H
++#define LLVM_FUZZER_SHA1_H
++
++#include "FuzzerDefs.h"
++#include <cstddef>
++#include <stdint.h>
++
++namespace fuzzer {
++
++// Private copy of SHA1 implementation.
++static const int kSHA1NumBytes = 20;
++
++// Computes SHA1 hash of 'Len' bytes in 'Data', writes kSHA1NumBytes to 'Out'.
++void ComputeSHA1(const uint8_t *Data, size_t Len, uint8_t *Out);
++
++std::string Sha1ToString(const uint8_t Sha1[kSHA1NumBytes]);
++
++std::string Hash(const Unit &U);
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_SHA1_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmem.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmem.h
new file mode 100644
index 0000000000..811cd4d956
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmem.h
@@ -0,0 +1,74 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerShmem.h.orig 2017-08-19 18:02:19.279709080 +0000
++++ lib/fuzzer/FuzzerShmem.h
+@@ -0,0 +1,69 @@
++//===- FuzzerShmem.h - shared memory interface ------------------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// SharedMemoryRegion
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_SHMEM_H
++#define LLVM_FUZZER_SHMEM_H
++
++#include <algorithm>
++#include <cstring>
++#include <string>
++
++#include "FuzzerDefs.h"
++
++namespace fuzzer {
++
++class SharedMemoryRegion {
++ public:
++ bool Create(const char *Name);
++ bool Open(const char *Name);
++ bool Destroy(const char *Name);
++ uint8_t *GetData() { return Data; }
++ void PostServer() {Post(0);}
++ void WaitServer() {Wait(0);}
++ void PostClient() {Post(1);}
++ void WaitClient() {Wait(1);}
++
++ size_t WriteByteArray(const uint8_t *Bytes, size_t N) {
++ assert(N <= kShmemSize - sizeof(N));
++ memcpy(GetData(), &N, sizeof(N));
++ memcpy(GetData() + sizeof(N), Bytes, N);
++ assert(N == ReadByteArraySize());
++ return N;
++ }
++ size_t ReadByteArraySize() {
++ size_t Res;
++ memcpy(&Res, GetData(), sizeof(Res));
++ return Res;
++ }
++ uint8_t *GetByteArray() { return GetData() + sizeof(size_t); }
++
++ bool IsServer() const { return Data && IAmServer; }
++ bool IsClient() const { return Data && !IAmServer; }
++
++private:
++
++ static const size_t kShmemSize = 1 << 22;
++ bool IAmServer;
++ std::string Path(const char *Name);
++ std::string SemName(const char *Name, int Idx);
++ void Post(int Idx);
++ void Wait(int Idx);
++
++ bool Map(int fd);
++ uint8_t *Data = nullptr;
++ void *Semaphore[2];
++};
++
++extern SharedMemoryRegion SMR;
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_SHMEM_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmemPosix.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmemPosix.cpp
new file mode 100644
index 0000000000..6543a71ff6
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmemPosix.cpp
@@ -0,0 +1,108 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerShmemPosix.cpp.orig 2017-08-19 18:02:19.279820516 +0000
++++ lib/fuzzer/FuzzerShmemPosix.cpp
+@@ -0,0 +1,103 @@
++//===- FuzzerShmemPosix.cpp - Posix shared memory ---------------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// SharedMemoryRegion
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_POSIX
++
++#include "FuzzerIO.h"
++#include "FuzzerShmem.h"
++
++#include <errno.h>
++#include <fcntl.h>
++#include <semaphore.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <sys/mman.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <unistd.h>
++
++namespace fuzzer {
++
++std::string SharedMemoryRegion::Path(const char *Name) {
++ return DirPlusFile(TmpDir(), Name);
++}
++
++std::string SharedMemoryRegion::SemName(const char *Name, int Idx) {
++ std::string Res(Name);
++ return Res + (char)('0' + Idx);
++}
++
++bool SharedMemoryRegion::Map(int fd) {
++ Data =
++ (uint8_t *)mmap(0, kShmemSize, PROT_WRITE | PROT_READ, MAP_SHARED, fd, 0);
++ if (Data == (uint8_t*)-1)
++ return false;
++ return true;
++}
++
++bool SharedMemoryRegion::Create(const char *Name) {
++ int fd = open(Path(Name).c_str(), O_CREAT | O_RDWR, 0777);
++ if (fd < 0) return false;
++ if (ftruncate(fd, kShmemSize) < 0) return false;
++ if (!Map(fd))
++ return false;
++ for (int i = 0; i < 2; i++) {
++ sem_unlink(SemName(Name, i).c_str());
++ Semaphore[i] = sem_open(SemName(Name, i).c_str(), O_CREAT, 0644, 0);
++ if (Semaphore[i] == (void *)-1)
++ return false;
++ }
++ IAmServer = true;
++ return true;
++}
++
++bool SharedMemoryRegion::Open(const char *Name) {
++ int fd = open(Path(Name).c_str(), O_RDWR);
++ if (fd < 0) return false;
++ struct stat stat_res;
++ if (0 != fstat(fd, &stat_res))
++ return false;
++ assert(stat_res.st_size == kShmemSize);
++ if (!Map(fd))
++ return false;
++ for (int i = 0; i < 2; i++) {
++ Semaphore[i] = sem_open(SemName(Name, i).c_str(), 0);
++ if (Semaphore[i] == (void *)-1)
++ return false;
++ }
++ IAmServer = false;
++ return true;
++}
++
++bool SharedMemoryRegion::Destroy(const char *Name) {
++ return 0 == unlink(Path(Name).c_str());
++}
++
++void SharedMemoryRegion::Post(int Idx) {
++ assert(Idx == 0 || Idx == 1);
++ sem_post((sem_t*)Semaphore[Idx]);
++}
++
++void SharedMemoryRegion::Wait(int Idx) {
++ assert(Idx == 0 || Idx == 1);
++ for (int i = 0; i < 10 && sem_wait((sem_t*)Semaphore[Idx]); i++) {
++ // sem_wait may fail if interrupted by a signal.
++ sleep(i);
++ if (i)
++ Printf("%s: sem_wait[%d] failed %s\n", i < 9 ? "WARNING" : "ERROR", i,
++ strerror(errno));
++ if (i == 9) abort();
++ }
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_POSIX
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmemWindows.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmemWindows.cpp
new file mode 100644
index 0000000000..ff2e621198
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerShmemWindows.cpp
@@ -0,0 +1,69 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerShmemWindows.cpp.orig 2017-08-19 18:02:19.279927649 +0000
++++ lib/fuzzer/FuzzerShmemWindows.cpp
+@@ -0,0 +1,64 @@
++//===- FuzzerShmemWindows.cpp - Posix shared memory -------------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// SharedMemoryRegion
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_WINDOWS
++
++#include "FuzzerIO.h"
++#include "FuzzerShmem.h"
++
++#include <fcntl.h>
++#include <stdio.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++
++namespace fuzzer {
++
++std::string SharedMemoryRegion::Path(const char *Name) {
++ return DirPlusFile(TmpDir(), Name);
++}
++
++std::string SharedMemoryRegion::SemName(const char *Name, int Idx) {
++ std::string Res(Name);
++ return Res + (char)('0' + Idx);
++}
++
++bool SharedMemoryRegion::Map(int fd) {
++ assert(0 && "UNIMPLEMENTED");
++ return false;
++}
++
++bool SharedMemoryRegion::Create(const char *Name) {
++ assert(0 && "UNIMPLEMENTED");
++ return false;
++}
++
++bool SharedMemoryRegion::Open(const char *Name) {
++ assert(0 && "UNIMPLEMENTED");
++ return false;
++}
++
++bool SharedMemoryRegion::Destroy(const char *Name) {
++ assert(0 && "UNIMPLEMENTED");
++ return false;
++}
++
++void SharedMemoryRegion::Post(int Idx) {
++ assert(0 && "UNIMPLEMENTED");
++}
++
++void SharedMemoryRegion::Wait(int Idx) {
++ Semaphore[1] = nullptr;
++ assert(0 && "UNIMPLEMENTED");
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_WINDOWS
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerTracePC.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerTracePC.cpp
new file mode 100644
index 0000000000..31ddd76de8
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerTracePC.cpp
@@ -0,0 +1,571 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerTracePC.cpp.orig 2017-08-19 18:02:19.280291420 +0000
++++ lib/fuzzer/FuzzerTracePC.cpp
+@@ -0,0 +1,566 @@
++//===- FuzzerTracePC.cpp - PC tracing--------------------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Trace PCs.
++// This module implements __sanitizer_cov_trace_pc_guard[_init],
++// the callback required for -fsanitize-coverage=trace-pc-guard instrumentation.
++//
++//===----------------------------------------------------------------------===//
++
++#include "FuzzerTracePC.h"
++#include "FuzzerCorpus.h"
++#include "FuzzerDefs.h"
++#include "FuzzerDictionary.h"
++#include "FuzzerExtFunctions.h"
++#include "FuzzerIO.h"
++#include "FuzzerUtil.h"
++#include "FuzzerValueBitMap.h"
++#include <set>
++
++// The coverage counters and PCs.
++// These are declared as global variables named "__sancov_*" to simplify
++// experiments with inlined instrumentation.
++alignas(64) ATTRIBUTE_INTERFACE
++uint8_t __sancov_trace_pc_guard_8bit_counters[fuzzer::TracePC::kNumPCs];
++
++ATTRIBUTE_INTERFACE
++uintptr_t __sancov_trace_pc_pcs[fuzzer::TracePC::kNumPCs];
++
++namespace fuzzer {
++
++TracePC TPC;
++
++int ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr;
++
++uint8_t *TracePC::Counters() const {
++ return __sancov_trace_pc_guard_8bit_counters;
++}
++
++uintptr_t *TracePC::PCs() const {
++ return __sancov_trace_pc_pcs;
++}
++
++size_t TracePC::GetTotalPCCoverage() {
++ if (ObservedPCs.size())
++ return ObservedPCs.size();
++ size_t Res = 0;
++ for (size_t i = 1, N = GetNumPCs(); i < N; i++)
++ if (PCs()[i])
++ Res++;
++ return Res;
++}
++
++
++void TracePC::HandleInline8bitCountersInit(uint8_t *Start, uint8_t *Stop) {
++ if (Start == Stop) return;
++ if (NumModulesWithInline8bitCounters &&
++ ModuleCounters[NumModulesWithInline8bitCounters-1].Start == Start) return;
++ assert(NumModulesWithInline8bitCounters <
++ sizeof(ModuleCounters) / sizeof(ModuleCounters[0]));
++ ModuleCounters[NumModulesWithInline8bitCounters++] = {Start, Stop};
++ NumInline8bitCounters += Stop - Start;
++}
++
++void TracePC::HandlePCsInit(const uint8_t *Start, const uint8_t *Stop) {
++ const uintptr_t *B = reinterpret_cast<const uintptr_t *>(Start);
++ const uintptr_t *E = reinterpret_cast<const uintptr_t *>(Stop);
++ if (NumPCTables && ModulePCTable[NumPCTables - 1].Start == B) return;
++ assert(NumPCTables < sizeof(ModulePCTable) / sizeof(ModulePCTable[0]));
++ ModulePCTable[NumPCTables++] = {B, E};
++ NumPCsInPCTables += E - B;
++}
++
++void TracePC::HandleInit(uint32_t *Start, uint32_t *Stop) {
++ if (Start == Stop || *Start) return;
++ assert(NumModules < sizeof(Modules) / sizeof(Modules[0]));
++ for (uint32_t *P = Start; P < Stop; P++) {
++ NumGuards++;
++ if (NumGuards == kNumPCs) {
++ RawPrint(
++ "WARNING: The binary has too many instrumented PCs.\n"
++ " You may want to reduce the size of the binary\n"
++ " for more efficient fuzzing and precise coverage data\n");
++ }
++ *P = NumGuards % kNumPCs;
++ }
++ Modules[NumModules].Start = Start;
++ Modules[NumModules].Stop = Stop;
++ NumModules++;
++}
++
++void TracePC::PrintModuleInfo() {
++ if (NumGuards) {
++ Printf("INFO: Loaded %zd modules (%zd guards): ", NumModules, NumGuards);
++ for (size_t i = 0; i < NumModules; i++)
++ Printf("%zd [%p, %p), ", Modules[i].Stop - Modules[i].Start,
++ Modules[i].Start, Modules[i].Stop);
++ Printf("\n");
++ }
++ if (NumModulesWithInline8bitCounters) {
++ Printf("INFO: Loaded %zd modules (%zd inline 8-bit counters): ",
++ NumModulesWithInline8bitCounters, NumInline8bitCounters);
++ for (size_t i = 0; i < NumModulesWithInline8bitCounters; i++)
++ Printf("%zd [%p, %p), ", ModuleCounters[i].Stop - ModuleCounters[i].Start,
++ ModuleCounters[i].Start, ModuleCounters[i].Stop);
++ Printf("\n");
++ }
++ if (NumPCTables) {
++ Printf("INFO: Loaded %zd PC tables (%zd PCs): ", NumPCTables,
++ NumPCsInPCTables);
++ for (size_t i = 0; i < NumPCTables; i++) {
++ Printf("%zd [%p,%p), ", ModulePCTable[i].Stop - ModulePCTable[i].Start,
++ ModulePCTable[i].Start, ModulePCTable[i].Stop);
++ }
++ Printf("\n");
++
++ if ((NumGuards && NumGuards != NumPCsInPCTables) ||
++ (NumInline8bitCounters && NumInline8bitCounters != NumPCsInPCTables)) {
++ Printf("ERROR: The size of coverage PC tables does not match the"
++ " number of instrumented PCs. This might be a bug in the compiler,"
++ " please contact the libFuzzer developers.\n");
++ _Exit(1);
++ }
++ }
++}
++
++ATTRIBUTE_NO_SANITIZE_ALL
++void TracePC::HandleCallerCallee(uintptr_t Caller, uintptr_t Callee) {
++ const uintptr_t kBits = 12;
++ const uintptr_t kMask = (1 << kBits) - 1;
++ uintptr_t Idx = (Caller & kMask) | ((Callee & kMask) << kBits);
++ ValueProfileMap.AddValueModPrime(Idx);
++}
++
++void TracePC::UpdateObservedPCs() {
++ if (NumPCsInPCTables) {
++ auto Observe = [&](uintptr_t PC) {
++ bool Inserted = ObservedPCs.insert(PC).second;
++ if (Inserted && DoPrintNewPCs)
++ PrintPC("\tNEW_PC: %p %F %L\n", "\tNEW_PC: %p\n", PC + 1);
++ };
++
++ if (NumInline8bitCounters == NumPCsInPCTables) {
++ for (size_t i = 0; i < NumModulesWithInline8bitCounters; i++) {
++ uint8_t *Beg = ModuleCounters[i].Start;
++ size_t Size = ModuleCounters[i].Stop - Beg;
++ assert(Size ==
++ (size_t)(ModulePCTable[i].Stop - ModulePCTable[i].Start));
++ for (size_t j = 0; j < Size; j++)
++ if (Beg[j])
++ Observe(ModulePCTable[i].Start[j]);
++ }
++ } else if (NumGuards == NumPCsInPCTables) {
++ size_t GuardIdx = 1;
++ for (size_t i = 0; i < NumModules; i++) {
++ uint32_t *Beg = Modules[i].Start;
++ size_t Size = Modules[i].Stop - Beg;
++ assert(Size ==
++ (size_t)(ModulePCTable[i].Stop - ModulePCTable[i].Start));
++ for (size_t j = 0; j < Size; j++, GuardIdx++)
++ if (Counters()[GuardIdx])
++ Observe(ModulePCTable[i].Start[j]);
++ }
++ }
++ }
++}
++
++inline ALWAYS_INLINE uintptr_t GetPreviousInstructionPc(uintptr_t PC) {
++ // TODO: this implementation is x86 only.
++ // see sanitizer_common GetPreviousInstructionPc for full implementation.
++ return PC - 1;
++}
++
++inline ALWAYS_INLINE uintptr_t GetNextInstructionPc(uintptr_t PC) {
++ // TODO: this implementation is x86 only.
++ // see sanitizer_common GetPreviousInstructionPc for full implementation.
++ return PC + 1;
++}
++
++static std::string GetModuleName(uintptr_t PC) {
++ char ModulePathRaw[4096] = ""; // What's PATH_MAX in portable C++?
++ void *OffsetRaw = nullptr;
++ if (!EF->__sanitizer_get_module_and_offset_for_pc(
++ reinterpret_cast<void *>(PC), ModulePathRaw,
++ sizeof(ModulePathRaw), &OffsetRaw))
++ return "";
++ return ModulePathRaw;
++}
++
++void TracePC::PrintCoverage() {
++ if (!EF->__sanitizer_symbolize_pc ||
++ !EF->__sanitizer_get_module_and_offset_for_pc) {
++ Printf("INFO: __sanitizer_symbolize_pc or "
++ "__sanitizer_get_module_and_offset_for_pc is not available,"
++ " not printing coverage\n");
++ return;
++ }
++ Printf("COVERAGE:\n");
++ std::string LastFunctionName = "";
++ std::string LastFileStr = "";
++ std::set<size_t> UncoveredLines;
++ std::set<size_t> CoveredLines;
++
++ auto FunctionEndCallback = [&](const std::string &CurrentFunc,
++ const std::string &CurrentFile) {
++ if (LastFunctionName != CurrentFunc) {
++ if (CoveredLines.empty() && !UncoveredLines.empty()) {
++ Printf("UNCOVERED_FUNC: %s\n", LastFunctionName.c_str());
++ } else {
++ for (auto Line : UncoveredLines) {
++ if (!CoveredLines.count(Line))
++ Printf("UNCOVERED_LINE: %s %s:%zd\n", LastFunctionName.c_str(),
++ LastFileStr.c_str(), Line);
++ }
++ }
++
++ UncoveredLines.clear();
++ CoveredLines.clear();
++ LastFunctionName = CurrentFunc;
++ LastFileStr = CurrentFile;
++ }
++ };
++
++ for (size_t i = 0; i < NumPCTables; i++) {
++ auto &M = ModulePCTable[i];
++ assert(M.Start < M.Stop);
++ auto ModuleName = GetModuleName(*M.Start);
++ for (auto Ptr = M.Start; Ptr < M.Stop; Ptr++) {
++ auto PC = *Ptr;
++ auto VisualizePC = GetNextInstructionPc(PC);
++ bool IsObserved = ObservedPCs.count(PC);
++ std::string FileStr = DescribePC("%s", VisualizePC);
++ if (!IsInterestingCoverageFile(FileStr)) continue;
++ std::string FunctionStr = DescribePC("%F", VisualizePC);
++ FunctionEndCallback(FunctionStr, FileStr);
++ std::string LineStr = DescribePC("%l", VisualizePC);
++ size_t Line = std::stoul(LineStr);
++ if (IsObserved && CoveredLines.insert(Line).second)
++ Printf("COVERED: %s %s:%zd\n", FunctionStr.c_str(), FileStr.c_str(),
++ Line);
++ else
++ UncoveredLines.insert(Line);
++ }
++ }
++ FunctionEndCallback("", "");
++}
++
++void TracePC::DumpCoverage() {
++ if (EF->__sanitizer_dump_coverage) {
++ std::vector<uintptr_t> PCsCopy(GetNumPCs());
++ for (size_t i = 0; i < GetNumPCs(); i++)
++ PCsCopy[i] = PCs()[i] ? GetPreviousInstructionPc(PCs()[i]) : 0;
++ EF->__sanitizer_dump_coverage(PCsCopy.data(), PCsCopy.size());
++ }
++}
++
++// Value profile.
++// We keep track of various values that affect control flow.
++// These values are inserted into a bit-set-based hash map.
++// Every new bit in the map is treated as a new coverage.
++//
++// For memcmp/strcmp/etc the interesting value is the length of the common
++// prefix of the parameters.
++// For cmp instructions the interesting value is a XOR of the parameters.
++// The interesting value is mixed up with the PC and is then added to the map.
++
++ATTRIBUTE_NO_SANITIZE_ALL
++void TracePC::AddValueForMemcmp(void *caller_pc, const void *s1, const void *s2,
++ size_t n, bool StopAtZero) {
++ if (!n) return;
++ size_t Len = std::min(n, Word::GetMaxSize());
++ const uint8_t *A1 = reinterpret_cast<const uint8_t *>(s1);
++ const uint8_t *A2 = reinterpret_cast<const uint8_t *>(s2);
++ uint8_t B1[Word::kMaxSize];
++ uint8_t B2[Word::kMaxSize];
++ // Copy the data into locals in this non-msan-instrumented function
++ // to avoid msan complaining further.
++ size_t Hash = 0; // Compute some simple hash of both strings.
++ for (size_t i = 0; i < Len; i++) {
++ B1[i] = A1[i];
++ B2[i] = A2[i];
++ size_t T = B1[i];
++ Hash ^= (T << 8) | B2[i];
++ }
++ size_t I = 0;
++ for (; I < Len; I++)
++ if (B1[I] != B2[I] || (StopAtZero && B1[I] == 0))
++ break;
++ size_t PC = reinterpret_cast<size_t>(caller_pc);
++ size_t Idx = (PC & 4095) | (I << 12);
++ ValueProfileMap.AddValue(Idx);
++ TORCW.Insert(Idx ^ Hash, Word(B1, Len), Word(B2, Len));
++}
++
++template <class T>
++ATTRIBUTE_TARGET_POPCNT ALWAYS_INLINE
++ATTRIBUTE_NO_SANITIZE_ALL
++void TracePC::HandleCmp(uintptr_t PC, T Arg1, T Arg2) {
++ uint64_t ArgXor = Arg1 ^ Arg2;
++ uint64_t ArgDistance = __builtin_popcountll(ArgXor) + 1; // [1,65]
++ uintptr_t Idx = ((PC & 4095) + 1) * ArgDistance;
++ if (sizeof(T) == 4)
++ TORC4.Insert(ArgXor, Arg1, Arg2);
++ else if (sizeof(T) == 8)
++ TORC8.Insert(ArgXor, Arg1, Arg2);
++ ValueProfileMap.AddValue(Idx);
++}
++
++static size_t InternalStrnlen(const char *S, size_t MaxLen) {
++ size_t Len = 0;
++ for (; Len < MaxLen && S[Len]; Len++) {}
++ return Len;
++}
++
++// Finds min of (strlen(S1), strlen(S2)).
++// Needed bacause one of these strings may actually be non-zero terminated.
++static size_t InternalStrnlen2(const char *S1, const char *S2) {
++ size_t Len = 0;
++ for (; S1[Len] && S2[Len]; Len++) {}
++ return Len;
++}
++
++void TracePC::ClearInlineCounters() {
++ for (size_t i = 0; i < NumModulesWithInline8bitCounters; i++) {
++ uint8_t *Beg = ModuleCounters[i].Start;
++ size_t Size = ModuleCounters[i].Stop - Beg;
++ memset(Beg, 0, Size);
++ }
++}
++
++} // namespace fuzzer
++
++extern "C" {
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++void __sanitizer_cov_trace_pc_guard(uint32_t *Guard) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ uint32_t Idx = *Guard;
++ __sancov_trace_pc_pcs[Idx] = PC;
++ __sancov_trace_pc_guard_8bit_counters[Idx]++;
++ // Uncomment the following line to get stack-depth profiling.
++ // fuzzer::TPC.RecordCurrentStack();
++}
++
++// Best-effort support for -fsanitize-coverage=trace-pc, which is available
++// in both Clang and GCC.
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++void __sanitizer_cov_trace_pc() {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ uintptr_t Idx = PC & (((uintptr_t)1 << fuzzer::TracePC::kTracePcBits) - 1);
++ __sancov_trace_pc_pcs[Idx] = PC;
++ __sancov_trace_pc_guard_8bit_counters[Idx]++;
++}
++
++ATTRIBUTE_INTERFACE
++void __sanitizer_cov_trace_pc_guard_init(uint32_t *Start, uint32_t *Stop) {
++ fuzzer::TPC.HandleInit(Start, Stop);
++}
++
++ATTRIBUTE_INTERFACE
++void __sanitizer_cov_8bit_counters_init(uint8_t *Start, uint8_t *Stop) {
++ fuzzer::TPC.HandleInline8bitCountersInit(Start, Stop);
++}
++
++ATTRIBUTE_INTERFACE
++void __sanitizer_cov_pcs_init(const uint8_t *pcs_beg, const uint8_t *pcs_end) {
++ fuzzer::TPC.HandlePCsInit(pcs_beg, pcs_end);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++void __sanitizer_cov_trace_pc_indir(uintptr_t Callee) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCallerCallee(PC, Callee);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++// Now the __sanitizer_cov_trace_const_cmp[1248] callbacks just mimic
++// the behaviour of __sanitizer_cov_trace_cmp[1248] ones. This, however,
++// should be changed later to make full use of instrumentation.
++void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++void __sanitizer_cov_trace_const_cmp4(uint32_t Arg1, uint32_t Arg2) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++void __sanitizer_cov_trace_const_cmp2(uint16_t Arg1, uint16_t Arg2) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_t Arg2) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++void __sanitizer_cov_trace_const_cmp1(uint8_t Arg1, uint8_t Arg2) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t *Cases) {
++ uint64_t N = Cases[0];
++ uint64_t ValSizeInBits = Cases[1];
++ uint64_t *Vals = Cases + 2;
++ // Skip the most common and the most boring case.
++ if (Vals[N - 1] < 256 && Val < 256)
++ return;
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ size_t i;
++ uint64_t Token = 0;
++ for (i = 0; i < N; i++) {
++ Token = Val ^ Vals[i];
++ if (Val < Vals[i])
++ break;
++ }
++
++ if (ValSizeInBits == 16)
++ fuzzer::TPC.HandleCmp(PC + i, static_cast<uint16_t>(Token), (uint16_t)(0));
++ else if (ValSizeInBits == 32)
++ fuzzer::TPC.HandleCmp(PC + i, static_cast<uint32_t>(Token), (uint32_t)(0));
++ else
++ fuzzer::TPC.HandleCmp(PC + i, Token, (uint64_t)(0));
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++void __sanitizer_cov_trace_div4(uint32_t Val) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCmp(PC, Val, (uint32_t)0);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++void __sanitizer_cov_trace_div8(uint64_t Val) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCmp(PC, Val, (uint64_t)0);
++}
++
++ATTRIBUTE_INTERFACE
++ATTRIBUTE_NO_SANITIZE_ALL
++ATTRIBUTE_TARGET_POPCNT
++void __sanitizer_cov_trace_gep(uintptr_t Idx) {
++ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
++ fuzzer::TPC.HandleCmp(PC, Idx, (uintptr_t)0);
++}
++
++ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
++void __sanitizer_weak_hook_memcmp(void *caller_pc, const void *s1,
++ const void *s2, size_t n, int result) {
++ if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
++ if (result == 0) return; // No reason to mutate.
++ if (n <= 1) return; // Not interesting.
++ fuzzer::TPC.AddValueForMemcmp(caller_pc, s1, s2, n, /*StopAtZero*/false);
++}
++
++ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
++void __sanitizer_weak_hook_strncmp(void *caller_pc, const char *s1,
++ const char *s2, size_t n, int result) {
++ if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
++ if (result == 0) return; // No reason to mutate.
++ size_t Len1 = fuzzer::InternalStrnlen(s1, n);
++ size_t Len2 = fuzzer::InternalStrnlen(s2, n);
++ n = std::min(n, Len1);
++ n = std::min(n, Len2);
++ if (n <= 1) return; // Not interesting.
++ fuzzer::TPC.AddValueForMemcmp(caller_pc, s1, s2, n, /*StopAtZero*/true);
++}
++
++ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
++void __sanitizer_weak_hook_strcmp(void *caller_pc, const char *s1,
++ const char *s2, int result) {
++ if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
++ if (result == 0) return; // No reason to mutate.
++ size_t N = fuzzer::InternalStrnlen2(s1, s2);
++ if (N <= 1) return; // Not interesting.
++ fuzzer::TPC.AddValueForMemcmp(caller_pc, s1, s2, N, /*StopAtZero*/true);
++}
++
++ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
++void __sanitizer_weak_hook_strncasecmp(void *called_pc, const char *s1,
++ const char *s2, size_t n, int result) {
++ if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
++ return __sanitizer_weak_hook_strncmp(called_pc, s1, s2, n, result);
++}
++
++ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
++void __sanitizer_weak_hook_strcasecmp(void *called_pc, const char *s1,
++ const char *s2, int result) {
++ if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
++ return __sanitizer_weak_hook_strcmp(called_pc, s1, s2, result);
++}
++
++ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
++void __sanitizer_weak_hook_strstr(void *called_pc, const char *s1,
++ const char *s2, char *result) {
++ if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
++ fuzzer::TPC.MMT.Add(reinterpret_cast<const uint8_t *>(s2), strlen(s2));
++}
++
++ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
++void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1,
++ const char *s2, char *result) {
++ if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
++ fuzzer::TPC.MMT.Add(reinterpret_cast<const uint8_t *>(s2), strlen(s2));
++}
++
++ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
++void __sanitizer_weak_hook_memmem(void *called_pc, const void *s1, size_t len1,
++ const void *s2, size_t len2, void *result) {
++ if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
++ fuzzer::TPC.MMT.Add(reinterpret_cast<const uint8_t *>(s2), len2);
++}
++} // extern "C"
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerTracePC.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerTracePC.h
new file mode 100644
index 0000000000..f75d1b4e41
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerTracePC.h
@@ -0,0 +1,258 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerTracePC.h.orig 2017-08-19 18:02:19.280068717 +0000
++++ lib/fuzzer/FuzzerTracePC.h
+@@ -0,0 +1,253 @@
++//===- FuzzerTracePC.h - Internal header for the Fuzzer ---------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// fuzzer::TracePC
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_TRACE_PC
++#define LLVM_FUZZER_TRACE_PC
++
++#include "FuzzerDefs.h"
++#include "FuzzerDictionary.h"
++#include "FuzzerValueBitMap.h"
++
++#include <set>
++
++namespace fuzzer {
++
++// TableOfRecentCompares (TORC) remembers the most recently performed
++// comparisons of type T.
++// We record the arguments of CMP instructions in this table unconditionally
++// because it seems cheaper this way than to compute some expensive
++// conditions inside __sanitizer_cov_trace_cmp*.
++// After the unit has been executed we may decide to use the contents of
++// this table to populate a Dictionary.
++template<class T, size_t kSizeT>
++struct TableOfRecentCompares {
++ static const size_t kSize = kSizeT;
++ struct Pair {
++ T A, B;
++ };
++ ATTRIBUTE_NO_SANITIZE_ALL
++ void Insert(size_t Idx, const T &Arg1, const T &Arg2) {
++ Idx = Idx % kSize;
++ Table[Idx].A = Arg1;
++ Table[Idx].B = Arg2;
++ }
++
++ Pair Get(size_t I) { return Table[I % kSize]; }
++
++ Pair Table[kSize];
++};
++
++template <size_t kSizeT>
++struct MemMemTable {
++ static const size_t kSize = kSizeT;
++ Word MemMemWords[kSize];
++ Word EmptyWord;
++
++ void Add(const uint8_t *Data, size_t Size) {
++ if (Size <= 2) return;
++ Size = std::min(Size, Word::GetMaxSize());
++ size_t Idx = SimpleFastHash(Data, Size) % kSize;
++ MemMemWords[Idx].Set(Data, Size);
++ }
++ const Word &Get(size_t Idx) {
++ for (size_t i = 0; i < kSize; i++) {
++ const Word &W = MemMemWords[(Idx + i) % kSize];
++ if (W.size()) return W;
++ }
++ EmptyWord.Set(nullptr, 0);
++ return EmptyWord;
++ }
++};
++
++class TracePC {
++ public:
++ static const size_t kNumPCs = 1 << 21;
++ // How many bits of PC are used from __sanitizer_cov_trace_pc.
++ static const size_t kTracePcBits = 18;
++
++ void HandleInit(uint32_t *Start, uint32_t *Stop);
++ void HandleInline8bitCountersInit(uint8_t *Start, uint8_t *Stop);
++ void HandlePCsInit(const uint8_t *Start, const uint8_t *Stop);
++ void HandleCallerCallee(uintptr_t Caller, uintptr_t Callee);
++ template <class T> void HandleCmp(uintptr_t PC, T Arg1, T Arg2);
++ size_t GetTotalPCCoverage();
++ void SetUseCounters(bool UC) { UseCounters = UC; }
++ void SetUseValueProfile(bool VP) { UseValueProfile = VP; }
++ void SetPrintNewPCs(bool P) { DoPrintNewPCs = P; }
++ void UpdateObservedPCs();
++ template <class Callback> void CollectFeatures(Callback CB) const;
++
++ void ResetMaps() {
++ ValueProfileMap.Reset();
++ if (NumModules)
++ memset(Counters(), 0, GetNumPCs());
++ ClearExtraCounters();
++ ClearInlineCounters();
++ }
++
++ void ClearInlineCounters();
++
++ void UpdateFeatureSet(size_t CurrentElementIdx, size_t CurrentElementSize);
++ void PrintFeatureSet();
++
++ void PrintModuleInfo();
++
++ void PrintCoverage();
++ void DumpCoverage();
++
++ void AddValueForMemcmp(void *caller_pc, const void *s1, const void *s2,
++ size_t n, bool StopAtZero);
++
++ TableOfRecentCompares<uint32_t, 32> TORC4;
++ TableOfRecentCompares<uint64_t, 32> TORC8;
++ TableOfRecentCompares<Word, 32> TORCW;
++ MemMemTable<1024> MMT;
++
++ size_t GetNumPCs() const {
++ return NumGuards == 0 ? (1 << kTracePcBits) : Min(kNumPCs, NumGuards + 1);
++ }
++ uintptr_t GetPC(size_t Idx) {
++ assert(Idx < GetNumPCs());
++ return PCs()[Idx];
++ }
++
++ void RecordCurrentStack() {
++ uintptr_t Stack = GetCurrentStack();
++ if (Stack < LowestStack)
++ LowestStack = Stack;
++ }
++ void RecordInitialStack() {
++ InitialStack = GetCurrentStack();
++ LowestStack = InitialStack;
++ }
++ uintptr_t GetCurrentStack() const {
++ return reinterpret_cast<uintptr_t>(__builtin_frame_address(0));
++ }
++ uintptr_t GetMaxStackOffset() const { return InitialStack - LowestStack; }
++
++ template<class CallBack>
++ void ForEachObservedPC(CallBack CB) {
++ for (auto PC : ObservedPCs)
++ CB(PC);
++ }
++
++private:
++ bool UseCounters = false;
++ bool UseValueProfile = false;
++ bool DoPrintNewPCs = false;
++
++ struct Module {
++ uint32_t *Start, *Stop;
++ };
++
++ Module Modules[4096];
++ size_t NumModules; // linker-initialized.
++ size_t NumGuards; // linker-initialized.
++
++ struct { uint8_t *Start, *Stop; } ModuleCounters[4096];
++ size_t NumModulesWithInline8bitCounters; // linker-initialized.
++ size_t NumInline8bitCounters;
++
++ struct { const uintptr_t *Start, *Stop; } ModulePCTable[4096];
++ size_t NumPCTables;
++ size_t NumPCsInPCTables;
++
++ uint8_t *Counters() const;
++ uintptr_t *PCs() const;
++
++ std::set<uintptr_t> ObservedPCs;
++
++ ValueBitMap ValueProfileMap;
++ uintptr_t InitialStack, LowestStack; // Assume stack grows down.
++};
++
++template <class Callback>
++// void Callback(size_t FirstFeature, size_t Idx, uint8_t Value);
++ATTRIBUTE_NO_SANITIZE_ALL
++void ForEachNonZeroByte(const uint8_t *Begin, const uint8_t *End,
++ size_t FirstFeature, Callback Handle8bitCounter) {
++ typedef uintptr_t LargeType;
++ const size_t Step = sizeof(LargeType) / sizeof(uint8_t);
++ const size_t StepMask = Step - 1;
++ auto P = Begin;
++ // Iterate by 1 byte until either the alignment boundary or the end.
++ for (; reinterpret_cast<uintptr_t>(P) & StepMask && P < End; P++)
++ if (uint8_t V = *P)
++ Handle8bitCounter(FirstFeature, P - Begin, V);
++
++ // Iterate by Step bytes at a time.
++ for (; P < End; P += Step)
++ if (LargeType Bundle = *reinterpret_cast<const LargeType *>(P))
++ for (size_t I = 0; I < Step; I++, Bundle >>= 8)
++ if (uint8_t V = Bundle & 0xff)
++ Handle8bitCounter(FirstFeature, P - Begin + I, V);
++
++ // Iterate by 1 byte until the end.
++ for (; P < End; P++)
++ if (uint8_t V = *P)
++ Handle8bitCounter(FirstFeature, P - Begin, V);
++}
++
++template <class Callback> // bool Callback(size_t Feature)
++ATTRIBUTE_NO_SANITIZE_ADDRESS
++__attribute__((noinline))
++void TracePC::CollectFeatures(Callback HandleFeature) const {
++ uint8_t *Counters = this->Counters();
++ size_t N = GetNumPCs();
++ auto Handle8bitCounter = [&](size_t FirstFeature,
++ size_t Idx, uint8_t Counter) {
++ assert(Counter);
++ unsigned Bit = 0;
++ /**/ if (Counter >= 128) Bit = 7;
++ else if (Counter >= 32) Bit = 6;
++ else if (Counter >= 16) Bit = 5;
++ else if (Counter >= 8) Bit = 4;
++ else if (Counter >= 4) Bit = 3;
++ else if (Counter >= 3) Bit = 2;
++ else if (Counter >= 2) Bit = 1;
++ HandleFeature(FirstFeature + Idx * 8 + Bit);
++ };
++
++ size_t FirstFeature = 0;
++
++ if (!NumInline8bitCounters) {
++ ForEachNonZeroByte(Counters, Counters + N, FirstFeature, Handle8bitCounter);
++ FirstFeature += N * 8;
++ }
++
++ if (NumInline8bitCounters) {
++ for (size_t i = 0; i < NumModulesWithInline8bitCounters; i++) {
++ ForEachNonZeroByte(ModuleCounters[i].Start, ModuleCounters[i].Stop,
++ FirstFeature, Handle8bitCounter);
++ FirstFeature += 8 * (ModuleCounters[i].Stop - ModuleCounters[i].Start);
++ }
++ }
++
++ ForEachNonZeroByte(ExtraCountersBegin(), ExtraCountersEnd(), FirstFeature,
++ Handle8bitCounter);
++ FirstFeature += (ExtraCountersEnd() - ExtraCountersBegin()) * 8;
++
++ if (UseValueProfile) {
++ ValueProfileMap.ForEach([&](size_t Idx) {
++ HandleFeature(FirstFeature + Idx);
++ });
++ FirstFeature += ValueProfileMap.SizeInBits();
++ }
++
++ if (auto MaxStackOffset = GetMaxStackOffset())
++ HandleFeature(FirstFeature + MaxStackOffset);
++}
++
++extern TracePC TPC;
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_TRACE_PC
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtil.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtil.cpp
new file mode 100644
index 0000000000..2ac9d55ea4
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtil.cpp
@@ -0,0 +1,220 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerUtil.cpp.orig 2017-08-19 18:02:19.280543829 +0000
++++ lib/fuzzer/FuzzerUtil.cpp
+@@ -0,0 +1,215 @@
++//===- FuzzerUtil.cpp - Misc utils ----------------------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Misc utils.
++//===----------------------------------------------------------------------===//
++
++#include "FuzzerUtil.h"
++#include "FuzzerIO.h"
++#include "FuzzerInternal.h"
++#include <cassert>
++#include <chrono>
++#include <cstring>
++#include <errno.h>
++#include <signal.h>
++#include <sstream>
++#include <stdio.h>
++#include <sys/types.h>
++#include <thread>
++
++namespace fuzzer {
++
++void PrintHexArray(const uint8_t *Data, size_t Size,
++ const char *PrintAfter) {
++ for (size_t i = 0; i < Size; i++)
++ Printf("0x%x,", (unsigned)Data[i]);
++ Printf("%s", PrintAfter);
++}
++
++void Print(const Unit &v, const char *PrintAfter) {
++ PrintHexArray(v.data(), v.size(), PrintAfter);
++}
++
++void PrintASCIIByte(uint8_t Byte) {
++ if (Byte == '\\')
++ Printf("\\\\");
++ else if (Byte == '"')
++ Printf("\\\"");
++ else if (Byte >= 32 && Byte < 127)
++ Printf("%c", Byte);
++ else
++ Printf("\\x%02x", Byte);
++}
++
++void PrintASCII(const uint8_t *Data, size_t Size, const char *PrintAfter) {
++ for (size_t i = 0; i < Size; i++)
++ PrintASCIIByte(Data[i]);
++ Printf("%s", PrintAfter);
++}
++
++void PrintASCII(const Unit &U, const char *PrintAfter) {
++ PrintASCII(U.data(), U.size(), PrintAfter);
++}
++
++bool ToASCII(uint8_t *Data, size_t Size) {
++ bool Changed = false;
++ for (size_t i = 0; i < Size; i++) {
++ uint8_t &X = Data[i];
++ auto NewX = X;
++ NewX &= 127;
++ if (!isspace(NewX) && !isprint(NewX))
++ NewX = ' ';
++ Changed |= NewX != X;
++ X = NewX;
++ }
++ return Changed;
++}
++
++bool IsASCII(const Unit &U) { return IsASCII(U.data(), U.size()); }
++
++bool IsASCII(const uint8_t *Data, size_t Size) {
++ for (size_t i = 0; i < Size; i++)
++ if (!(isprint(Data[i]) || isspace(Data[i]))) return false;
++ return true;
++}
++
++bool ParseOneDictionaryEntry(const std::string &Str, Unit *U) {
++ U->clear();
++ if (Str.empty()) return false;
++ size_t L = 0, R = Str.size() - 1; // We are parsing the range [L,R].
++ // Skip spaces from both sides.
++ while (L < R && isspace(Str[L])) L++;
++ while (R > L && isspace(Str[R])) R--;
++ if (R - L < 2) return false;
++ // Check the closing "
++ if (Str[R] != '"') return false;
++ R--;
++ // Find the opening "
++ while (L < R && Str[L] != '"') L++;
++ if (L >= R) return false;
++ assert(Str[L] == '\"');
++ L++;
++ assert(L <= R);
++ for (size_t Pos = L; Pos <= R; Pos++) {
++ uint8_t V = (uint8_t)Str[Pos];
++ if (!isprint(V) && !isspace(V)) return false;
++ if (V =='\\') {
++ // Handle '\\'
++ if (Pos + 1 <= R && (Str[Pos + 1] == '\\' || Str[Pos + 1] == '"')) {
++ U->push_back(Str[Pos + 1]);
++ Pos++;
++ continue;
++ }
++ // Handle '\xAB'
++ if (Pos + 3 <= R && Str[Pos + 1] == 'x'
++ && isxdigit(Str[Pos + 2]) && isxdigit(Str[Pos + 3])) {
++ char Hex[] = "0xAA";
++ Hex[2] = Str[Pos + 2];
++ Hex[3] = Str[Pos + 3];
++ U->push_back(strtol(Hex, nullptr, 16));
++ Pos += 3;
++ continue;
++ }
++ return false; // Invalid escape.
++ } else {
++ // Any other character.
++ U->push_back(V);
++ }
++ }
++ return true;
++}
++
++bool ParseDictionaryFile(const std::string &Text, std::vector<Unit> *Units) {
++ if (Text.empty()) {
++ Printf("ParseDictionaryFile: file does not exist or is empty\n");
++ return false;
++ }
++ std::istringstream ISS(Text);
++ Units->clear();
++ Unit U;
++ int LineNo = 0;
++ std::string S;
++ while (std::getline(ISS, S, '\n')) {
++ LineNo++;
++ size_t Pos = 0;
++ while (Pos < S.size() && isspace(S[Pos])) Pos++; // Skip spaces.
++ if (Pos == S.size()) continue; // Empty line.
++ if (S[Pos] == '#') continue; // Comment line.
++ if (ParseOneDictionaryEntry(S, &U)) {
++ Units->push_back(U);
++ } else {
++ Printf("ParseDictionaryFile: error in line %d\n\t\t%s\n", LineNo,
++ S.c_str());
++ return false;
++ }
++ }
++ return true;
++}
++
++std::string Base64(const Unit &U) {
++ static const char Table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
++ "abcdefghijklmnopqrstuvwxyz"
++ "0123456789+/";
++ std::string Res;
++ size_t i;
++ for (i = 0; i + 2 < U.size(); i += 3) {
++ uint32_t x = (U[i] << 16) + (U[i + 1] << 8) + U[i + 2];
++ Res += Table[(x >> 18) & 63];
++ Res += Table[(x >> 12) & 63];
++ Res += Table[(x >> 6) & 63];
++ Res += Table[x & 63];
++ }
++ if (i + 1 == U.size()) {
++ uint32_t x = (U[i] << 16);
++ Res += Table[(x >> 18) & 63];
++ Res += Table[(x >> 12) & 63];
++ Res += "==";
++ } else if (i + 2 == U.size()) {
++ uint32_t x = (U[i] << 16) + (U[i + 1] << 8);
++ Res += Table[(x >> 18) & 63];
++ Res += Table[(x >> 12) & 63];
++ Res += Table[(x >> 6) & 63];
++ Res += "=";
++ }
++ return Res;
++}
++
++std::string DescribePC(const char *SymbolizedFMT, uintptr_t PC) {
++ if (!EF->__sanitizer_symbolize_pc) return "<can not symbolize>";
++ char PcDescr[1024];
++ EF->__sanitizer_symbolize_pc(reinterpret_cast<void*>(PC),
++ SymbolizedFMT, PcDescr, sizeof(PcDescr));
++ PcDescr[sizeof(PcDescr) - 1] = 0; // Just in case.
++ return PcDescr;
++}
++
++void PrintPC(const char *SymbolizedFMT, const char *FallbackFMT, uintptr_t PC) {
++ if (EF->__sanitizer_symbolize_pc)
++ Printf("%s", DescribePC(SymbolizedFMT, PC).c_str());
++ else
++ Printf(FallbackFMT, PC);
++}
++
++unsigned NumberOfCpuCores() {
++ unsigned N = std::thread::hardware_concurrency();
++ if (!N) {
++ Printf("WARNING: std::thread::hardware_concurrency not well defined for "
++ "your platform. Assuming CPU count of 1.\n");
++ N = 1;
++ }
++ return N;
++}
++
++size_t SimpleFastHash(const uint8_t *Data, size_t Size) {
++ size_t Res = 0;
++ for (size_t i = 0; i < Size; i++)
++ Res = Res * 11 + Data[i];
++ return Res;
++}
++
++} // namespace fuzzer
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtil.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtil.h
new file mode 100644
index 0000000000..ce3b00c8c2
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtil.h
@@ -0,0 +1,89 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerUtil.h.orig 2017-08-19 18:02:19.280409686 +0000
++++ lib/fuzzer/FuzzerUtil.h
+@@ -0,0 +1,84 @@
++//===- FuzzerUtil.h - Internal header for the Fuzzer Utils ------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Util functions.
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_UTIL_H
++#define LLVM_FUZZER_UTIL_H
++
++#include "FuzzerDefs.h"
++
++namespace fuzzer {
++
++void PrintHexArray(const Unit &U, const char *PrintAfter = "");
++
++void PrintHexArray(const uint8_t *Data, size_t Size,
++ const char *PrintAfter = "");
++
++void PrintASCII(const uint8_t *Data, size_t Size, const char *PrintAfter = "");
++
++void PrintASCII(const Unit &U, const char *PrintAfter = "");
++
++// Changes U to contain only ASCII (isprint+isspace) characters.
++// Returns true iff U has been changed.
++bool ToASCII(uint8_t *Data, size_t Size);
++
++bool IsASCII(const Unit &U);
++
++bool IsASCII(const uint8_t *Data, size_t Size);
++
++std::string Base64(const Unit &U);
++
++void PrintPC(const char *SymbolizedFMT, const char *FallbackFMT, uintptr_t PC);
++
++std::string DescribePC(const char *SymbolizedFMT, uintptr_t PC);
++
++unsigned NumberOfCpuCores();
++
++// Platform specific functions.
++void SetSignalHandler(const FuzzingOptions& Options);
++
++void SleepSeconds(int Seconds);
++
++unsigned long GetPid();
++
++size_t GetPeakRSSMb();
++
++int ExecuteCommand(const std::string &Command);
++
++FILE *OpenProcessPipe(const char *Command, const char *Mode);
++
++const void *SearchMemory(const void *haystack, size_t haystacklen,
++ const void *needle, size_t needlelen);
++
++std::string CloneArgsWithoutX(const std::vector<std::string> &Args,
++ const char *X1, const char *X2);
++
++inline std::string CloneArgsWithoutX(const std::vector<std::string> &Args,
++ const char *X) {
++ return CloneArgsWithoutX(Args, X, X);
++}
++
++inline std::pair<std::string, std::string> SplitBefore(std::string X,
++ std::string S) {
++ auto Pos = S.find(X);
++ if (Pos == std::string::npos)
++ return std::make_pair(S, "");
++ return std::make_pair(S.substr(0, Pos), S.substr(Pos));
++}
++
++std::string DisassembleCmd(const std::string &FileName);
++
++std::string SearchRegexCmd(const std::string &Regex);
++
++size_t SimpleFastHash(const uint8_t *Data, size_t Size);
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_UTIL_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilDarwin.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilDarwin.cpp
new file mode 100644
index 0000000000..18a54a84e3
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilDarwin.cpp
@@ -0,0 +1,166 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerUtilDarwin.cpp.orig 2017-08-19 18:02:19.280671668 +0000
++++ lib/fuzzer/FuzzerUtilDarwin.cpp
+@@ -0,0 +1,161 @@
++//===- FuzzerUtilDarwin.cpp - Misc utils ----------------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Misc utils for Darwin.
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_APPLE
++
++#include "FuzzerIO.h"
++#include <mutex>
++#include <signal.h>
++#include <spawn.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/wait.h>
++
++// There is no header for this on macOS so declare here
++extern "C" char **environ;
++
++namespace fuzzer {
++
++static std::mutex SignalMutex;
++// Global variables used to keep track of how signal handling should be
++// restored. They should **not** be accessed without holding `SignalMutex`.
++static int ActiveThreadCount = 0;
++static struct sigaction OldSigIntAction;
++static struct sigaction OldSigQuitAction;
++static sigset_t OldBlockedSignalsSet;
++
++// This is a reimplementation of Libc's `system()`. On Darwin the Libc
++// implementation contains a mutex which prevents it from being used
++// concurrently. This implementation **can** be used concurrently. It sets the
++// signal handlers when the first thread enters and restores them when the last
++// thread finishes execution of the function and ensures this is not racey by
++// using a mutex.
++int ExecuteCommand(const std::string &Command) {
++ posix_spawnattr_t SpawnAttributes;
++ if (posix_spawnattr_init(&SpawnAttributes))
++ return -1;
++ // Block and ignore signals of the current process when the first thread
++ // enters.
++ {
++ std::lock_guard<std::mutex> Lock(SignalMutex);
++ if (ActiveThreadCount == 0) {
++ static struct sigaction IgnoreSignalAction;
++ sigset_t BlockedSignalsSet;
++ memset(&IgnoreSignalAction, 0, sizeof(IgnoreSignalAction));
++ IgnoreSignalAction.sa_handler = SIG_IGN;
++
++ if (sigaction(SIGINT, &IgnoreSignalAction, &OldSigIntAction) == -1) {
++ Printf("Failed to ignore SIGINT\n");
++ (void)posix_spawnattr_destroy(&SpawnAttributes);
++ return -1;
++ }
++ if (sigaction(SIGQUIT, &IgnoreSignalAction, &OldSigQuitAction) == -1) {
++ Printf("Failed to ignore SIGQUIT\n");
++ // Try our best to restore the signal handlers.
++ (void)sigaction(SIGINT, &OldSigIntAction, NULL);
++ (void)posix_spawnattr_destroy(&SpawnAttributes);
++ return -1;
++ }
++
++ (void)sigemptyset(&BlockedSignalsSet);
++ (void)sigaddset(&BlockedSignalsSet, SIGCHLD);
++ if (sigprocmask(SIG_BLOCK, &BlockedSignalsSet, &OldBlockedSignalsSet) ==
++ -1) {
++ Printf("Failed to block SIGCHLD\n");
++ // Try our best to restore the signal handlers.
++ (void)sigaction(SIGQUIT, &OldSigQuitAction, NULL);
++ (void)sigaction(SIGINT, &OldSigIntAction, NULL);
++ (void)posix_spawnattr_destroy(&SpawnAttributes);
++ return -1;
++ }
++ }
++ ++ActiveThreadCount;
++ }
++
++ // NOTE: Do not introduce any new `return` statements past this
++ // point. It is important that `ActiveThreadCount` always be decremented
++ // when leaving this function.
++
++ // Make sure the child process uses the default handlers for the
++ // following signals rather than inheriting what the parent has.
++ sigset_t DefaultSigSet;
++ (void)sigemptyset(&DefaultSigSet);
++ (void)sigaddset(&DefaultSigSet, SIGQUIT);
++ (void)sigaddset(&DefaultSigSet, SIGINT);
++ (void)posix_spawnattr_setsigdefault(&SpawnAttributes, &DefaultSigSet);
++ // Make sure the child process doesn't block SIGCHLD
++ (void)posix_spawnattr_setsigmask(&SpawnAttributes, &OldBlockedSignalsSet);
++ short SpawnFlags = POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK;
++ (void)posix_spawnattr_setflags(&SpawnAttributes, SpawnFlags);
++
++ pid_t Pid;
++ char **Environ = environ; // Read from global
++ const char *CommandCStr = Command.c_str();
++ char *const Argv[] = {
++ strdup("sh"),
++ strdup("-c"),
++ strdup(CommandCStr),
++ NULL
++ };
++ int ErrorCode = 0, ProcessStatus = 0;
++ // FIXME: We probably shouldn't hardcode the shell path.
++ ErrorCode = posix_spawn(&Pid, "/bin/sh", NULL, &SpawnAttributes,
++ Argv, Environ);
++ (void)posix_spawnattr_destroy(&SpawnAttributes);
++ if (!ErrorCode) {
++ pid_t SavedPid = Pid;
++ do {
++ // Repeat until call completes uninterrupted.
++ Pid = waitpid(SavedPid, &ProcessStatus, /*options=*/0);
++ } while (Pid == -1 && errno == EINTR);
++ if (Pid == -1) {
++ // Fail for some other reason.
++ ProcessStatus = -1;
++ }
++ } else if (ErrorCode == ENOMEM || ErrorCode == EAGAIN) {
++ // Fork failure.
++ ProcessStatus = -1;
++ } else {
++ // Shell execution failure.
++ ProcessStatus = W_EXITCODE(127, 0);
++ }
++ for (unsigned i = 0, n = sizeof(Argv) / sizeof(Argv[0]); i < n; ++i)
++ free(Argv[i]);
++
++ // Restore the signal handlers of the current process when the last thread
++ // using this function finishes.
++ {
++ std::lock_guard<std::mutex> Lock(SignalMutex);
++ --ActiveThreadCount;
++ if (ActiveThreadCount == 0) {
++ bool FailedRestore = false;
++ if (sigaction(SIGINT, &OldSigIntAction, NULL) == -1) {
++ Printf("Failed to restore SIGINT handling\n");
++ FailedRestore = true;
++ }
++ if (sigaction(SIGQUIT, &OldSigQuitAction, NULL) == -1) {
++ Printf("Failed to restore SIGQUIT handling\n");
++ FailedRestore = true;
++ }
++ if (sigprocmask(SIG_BLOCK, &OldBlockedSignalsSet, NULL) == -1) {
++ Printf("Failed to unblock SIGCHLD\n");
++ FailedRestore = true;
++ }
++ if (FailedRestore)
++ ProcessStatus = -1;
++ }
++ }
++ return ProcessStatus;
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_APPLE
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilLinux.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilLinux.cpp
new file mode 100644
index 0000000000..1722bbfb73
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilLinux.cpp
@@ -0,0 +1,29 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerUtilLinux.cpp.orig 2017-08-19 18:02:19.280774289 +0000
++++ lib/fuzzer/FuzzerUtilLinux.cpp
+@@ -0,0 +1,24 @@
++//===- FuzzerUtilLinux.cpp - Misc utils for Linux. ------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Misc utils for Linux.
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_LINUX
++
++#include <stdlib.h>
++
++namespace fuzzer {
++
++int ExecuteCommand(const std::string &Command) {
++ return system(Command.c_str());
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_LINUX
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilPosix.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilPosix.cpp
new file mode 100644
index 0000000000..20115a9dee
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilPosix.cpp
@@ -0,0 +1,149 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerUtilPosix.cpp.orig 2017-08-19 18:02:19.280896146 +0000
++++ lib/fuzzer/FuzzerUtilPosix.cpp
+@@ -0,0 +1,144 @@
++//===- FuzzerUtilPosix.cpp - Misc utils for Posix. ------------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Misc utils implementation using Posix API.
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_POSIX
++#include "FuzzerIO.h"
++#include "FuzzerInternal.h"
++#include <cassert>
++#include <chrono>
++#include <cstring>
++#include <errno.h>
++#include <iomanip>
++#include <signal.h>
++#include <sstream>
++#include <stdio.h>
++#include <sys/resource.h>
++#include <sys/syscall.h>
++#include <sys/time.h>
++#include <sys/types.h>
++#include <thread>
++#include <unistd.h>
++
++namespace fuzzer {
++
++static void AlarmHandler(int, siginfo_t *, void *) {
++ Fuzzer::StaticAlarmCallback();
++}
++
++static void CrashHandler(int, siginfo_t *, void *) {
++ Fuzzer::StaticCrashSignalCallback();
++}
++
++static void InterruptHandler(int, siginfo_t *, void *) {
++ Fuzzer::StaticInterruptCallback();
++}
++
++static void FileSizeExceedHandler(int, siginfo_t *, void *) {
++ Fuzzer::StaticFileSizeExceedCallback();
++}
++
++static void SetSigaction(int signum,
++ void (*callback)(int, siginfo_t *, void *)) {
++ struct sigaction sigact = {};
++ if (sigaction(signum, nullptr, &sigact)) {
++ Printf("libFuzzer: sigaction failed with %d\n", errno);
++ exit(1);
++ }
++ if (sigact.sa_flags & SA_SIGINFO) {
++ if (sigact.sa_sigaction)
++ return;
++ } else {
++ if (sigact.sa_handler != SIG_DFL && sigact.sa_handler != SIG_IGN &&
++ sigact.sa_handler != SIG_ERR)
++ return;
++ }
++
++ sigact = {};
++ sigact.sa_sigaction = callback;
++ if (sigaction(signum, &sigact, 0)) {
++ Printf("libFuzzer: sigaction failed with %d\n", errno);
++ exit(1);
++ }
++}
++
++void SetTimer(int Seconds) {
++ struct itimerval T {
++ {Seconds, 0}, { Seconds, 0 }
++ };
++ if (setitimer(ITIMER_REAL, &T, nullptr)) {
++ Printf("libFuzzer: setitimer failed with %d\n", errno);
++ exit(1);
++ }
++ SetSigaction(SIGALRM, AlarmHandler);
++}
++
++void SetSignalHandler(const FuzzingOptions& Options) {
++ if (Options.UnitTimeoutSec > 0)
++ SetTimer(Options.UnitTimeoutSec / 2 + 1);
++ if (Options.HandleInt)
++ SetSigaction(SIGINT, InterruptHandler);
++ if (Options.HandleTerm)
++ SetSigaction(SIGTERM, InterruptHandler);
++ if (Options.HandleSegv)
++ SetSigaction(SIGSEGV, CrashHandler);
++ if (Options.HandleBus)
++ SetSigaction(SIGBUS, CrashHandler);
++ if (Options.HandleAbrt)
++ SetSigaction(SIGABRT, CrashHandler);
++ if (Options.HandleIll)
++ SetSigaction(SIGILL, CrashHandler);
++ if (Options.HandleFpe)
++ SetSigaction(SIGFPE, CrashHandler);
++ if (Options.HandleXfsz)
++ SetSigaction(SIGXFSZ, FileSizeExceedHandler);
++}
++
++void SleepSeconds(int Seconds) {
++ sleep(Seconds); // Use C API to avoid coverage from instrumented libc++.
++}
++
++unsigned long GetPid() { return (unsigned long)getpid(); }
++
++size_t GetPeakRSSMb() {
++ struct rusage usage;
++ if (getrusage(RUSAGE_SELF, &usage))
++ return 0;
++ if (LIBFUZZER_LINUX) {
++ // ru_maxrss is in KiB
++ return usage.ru_maxrss >> 10;
++ } else if (LIBFUZZER_APPLE) {
++ // ru_maxrss is in bytes
++ return usage.ru_maxrss >> 20;
++ }
++ assert(0 && "GetPeakRSSMb() is not implemented for your platform");
++ return 0;
++}
++
++FILE *OpenProcessPipe(const char *Command, const char *Mode) {
++ return popen(Command, Mode);
++}
++
++const void *SearchMemory(const void *Data, size_t DataLen, const void *Patt,
++ size_t PattLen) {
++ return memmem(Data, DataLen, Patt, PattLen);
++}
++
++std::string DisassembleCmd(const std::string &FileName) {
++ return "objdump -d " + FileName;
++}
++
++std::string SearchRegexCmd(const std::string &Regex) {
++ return "grep '" + Regex + "'";
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_POSIX
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilWindows.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilWindows.cpp
new file mode 100644
index 0000000000..f7bd32b822
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerUtilWindows.cpp
@@ -0,0 +1,198 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerUtilWindows.cpp.orig 2017-08-19 18:02:19.281027957 +0000
++++ lib/fuzzer/FuzzerUtilWindows.cpp
+@@ -0,0 +1,193 @@
++//===- FuzzerUtilWindows.cpp - Misc utils for Windows. --------------------===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// Misc utils implementation for Windows.
++//===----------------------------------------------------------------------===//
++#include "FuzzerDefs.h"
++#if LIBFUZZER_WINDOWS
++#include "FuzzerIO.h"
++#include "FuzzerInternal.h"
++#include <cassert>
++#include <chrono>
++#include <cstring>
++#include <errno.h>
++#include <iomanip>
++#include <signal.h>
++#include <sstream>
++#include <stdio.h>
++#include <sys/types.h>
++#include <windows.h>
++
++// This must be included after windows.h.
++#include <Psapi.h>
++
++namespace fuzzer {
++
++static const FuzzingOptions* HandlerOpt = nullptr;
++
++static LONG CALLBACK ExceptionHandler(PEXCEPTION_POINTERS ExceptionInfo) {
++ switch (ExceptionInfo->ExceptionRecord->ExceptionCode) {
++ case EXCEPTION_ACCESS_VIOLATION:
++ case EXCEPTION_ARRAY_BOUNDS_EXCEEDED:
++ case EXCEPTION_STACK_OVERFLOW:
++ if (HandlerOpt->HandleSegv)
++ Fuzzer::StaticCrashSignalCallback();
++ break;
++ case EXCEPTION_DATATYPE_MISALIGNMENT:
++ case EXCEPTION_IN_PAGE_ERROR:
++ if (HandlerOpt->HandleBus)
++ Fuzzer::StaticCrashSignalCallback();
++ break;
++ case EXCEPTION_ILLEGAL_INSTRUCTION:
++ case EXCEPTION_PRIV_INSTRUCTION:
++ if (HandlerOpt->HandleIll)
++ Fuzzer::StaticCrashSignalCallback();
++ break;
++ case EXCEPTION_FLT_DENORMAL_OPERAND:
++ case EXCEPTION_FLT_DIVIDE_BY_ZERO:
++ case EXCEPTION_FLT_INEXACT_RESULT:
++ case EXCEPTION_FLT_INVALID_OPERATION:
++ case EXCEPTION_FLT_OVERFLOW:
++ case EXCEPTION_FLT_STACK_CHECK:
++ case EXCEPTION_FLT_UNDERFLOW:
++ case EXCEPTION_INT_DIVIDE_BY_ZERO:
++ case EXCEPTION_INT_OVERFLOW:
++ if (HandlerOpt->HandleFpe)
++ Fuzzer::StaticCrashSignalCallback();
++ break;
++ // TODO: handle (Options.HandleXfsz)
++ }
++ return EXCEPTION_CONTINUE_SEARCH;
++}
++
++BOOL WINAPI CtrlHandler(DWORD dwCtrlType) {
++ switch (dwCtrlType) {
++ case CTRL_C_EVENT:
++ if (HandlerOpt->HandleInt)
++ Fuzzer::StaticInterruptCallback();
++ return TRUE;
++ case CTRL_BREAK_EVENT:
++ if (HandlerOpt->HandleTerm)
++ Fuzzer::StaticInterruptCallback();
++ return TRUE;
++ }
++ return FALSE;
++}
++
++void CALLBACK AlarmHandler(PVOID, BOOLEAN) {
++ Fuzzer::StaticAlarmCallback();
++}
++
++class TimerQ {
++ HANDLE TimerQueue;
++ public:
++ TimerQ() : TimerQueue(NULL) {};
++ ~TimerQ() {
++ if (TimerQueue)
++ DeleteTimerQueueEx(TimerQueue, NULL);
++ };
++ void SetTimer(int Seconds) {
++ if (!TimerQueue) {
++ TimerQueue = CreateTimerQueue();
++ if (!TimerQueue) {
++ Printf("libFuzzer: CreateTimerQueue failed.\n");
++ exit(1);
++ }
++ }
++ HANDLE Timer;
++ if (!CreateTimerQueueTimer(&Timer, TimerQueue, AlarmHandler, NULL,
++ Seconds*1000, Seconds*1000, 0)) {
++ Printf("libFuzzer: CreateTimerQueueTimer failed.\n");
++ exit(1);
++ }
++ };
++};
++
++static TimerQ Timer;
++
++static void CrashHandler(int) { Fuzzer::StaticCrashSignalCallback(); }
++
++void SetSignalHandler(const FuzzingOptions& Options) {
++ HandlerOpt = &Options;
++
++ if (Options.UnitTimeoutSec > 0)
++ Timer.SetTimer(Options.UnitTimeoutSec / 2 + 1);
++
++ if (Options.HandleInt || Options.HandleTerm)
++ if (!SetConsoleCtrlHandler(CtrlHandler, TRUE)) {
++ DWORD LastError = GetLastError();
++ Printf("libFuzzer: SetConsoleCtrlHandler failed (Error code: %lu).\n",
++ LastError);
++ exit(1);
++ }
++
++ if (Options.HandleSegv || Options.HandleBus || Options.HandleIll ||
++ Options.HandleFpe)
++ SetUnhandledExceptionFilter(ExceptionHandler);
++
++ if (Options.HandleAbrt)
++ if (SIG_ERR == signal(SIGABRT, CrashHandler)) {
++ Printf("libFuzzer: signal failed with %d\n", errno);
++ exit(1);
++ }
++}
++
++void SleepSeconds(int Seconds) { Sleep(Seconds * 1000); }
++
++unsigned long GetPid() { return GetCurrentProcessId(); }
++
++size_t GetPeakRSSMb() {
++ PROCESS_MEMORY_COUNTERS info;
++ if (!GetProcessMemoryInfo(GetCurrentProcess(), &info, sizeof(info)))
++ return 0;
++ return info.PeakWorkingSetSize >> 20;
++}
++
++FILE *OpenProcessPipe(const char *Command, const char *Mode) {
++ return _popen(Command, Mode);
++}
++
++int ExecuteCommand(const std::string &Command) {
++ return system(Command.c_str());
++}
++
++const void *SearchMemory(const void *Data, size_t DataLen, const void *Patt,
++ size_t PattLen) {
++ // TODO: make this implementation more efficient.
++ const char *Cdata = (const char *)Data;
++ const char *Cpatt = (const char *)Patt;
++
++ if (!Data || !Patt || DataLen == 0 || PattLen == 0 || DataLen < PattLen)
++ return NULL;
++
++ if (PattLen == 1)
++ return memchr(Data, *Cpatt, DataLen);
++
++ const char *End = Cdata + DataLen - PattLen + 1;
++
++ for (const char *It = Cdata; It < End; ++It)
++ if (It[0] == Cpatt[0] && memcmp(It, Cpatt, PattLen) == 0)
++ return It;
++
++ return NULL;
++}
++
++std::string DisassembleCmd(const std::string &FileName) {
++ if (ExecuteCommand("dumpbin /summary > nul") == 0)
++ return "dumpbin /disasm " + FileName;
++ Printf("libFuzzer: couldn't find tool to disassemble (dumpbin)\n");
++ exit(1);
++}
++
++std::string SearchRegexCmd(const std::string &Regex) {
++ return "findstr /r \"" + Regex + "\"";
++}
++
++} // namespace fuzzer
++
++#endif // LIBFUZZER_WINDOWS
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerValueBitMap.h b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerValueBitMap.h
new file mode 100644
index 0000000000..737856e5dd
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_FuzzerValueBitMap.h
@@ -0,0 +1,78 @@
+$NetBSD$
+
+--- lib/fuzzer/FuzzerValueBitMap.h.orig 2017-08-19 18:02:19.281154191 +0000
++++ lib/fuzzer/FuzzerValueBitMap.h
+@@ -0,0 +1,73 @@
++//===- FuzzerValueBitMap.h - INTERNAL - Bit map -----------------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// ValueBitMap.
++//===----------------------------------------------------------------------===//
++
++#ifndef LLVM_FUZZER_VALUE_BIT_MAP_H
++#define LLVM_FUZZER_VALUE_BIT_MAP_H
++
++#include "FuzzerDefs.h"
++
++namespace fuzzer {
++
++// A bit map containing kMapSizeInWords bits.
++struct ValueBitMap {
++ static const size_t kMapSizeInBits = 1 << 16;
++ static const size_t kMapPrimeMod = 65371; // Largest Prime < kMapSizeInBits;
++ static const size_t kBitsInWord = (sizeof(uintptr_t) * 8);
++ static const size_t kMapSizeInWords = kMapSizeInBits / kBitsInWord;
++ public:
++
++ // Clears all bits.
++ void Reset() { memset(Map, 0, sizeof(Map)); }
++
++ // Computes a hash function of Value and sets the corresponding bit.
++ // Returns true if the bit was changed from 0 to 1.
++ ATTRIBUTE_NO_SANITIZE_ALL
++ inline bool AddValue(uintptr_t Value) {
++ uintptr_t Idx = Value % kMapSizeInBits;
++ uintptr_t WordIdx = Idx / kBitsInWord;
++ uintptr_t BitIdx = Idx % kBitsInWord;
++ uintptr_t Old = Map[WordIdx];
++ uintptr_t New = Old | (1UL << BitIdx);
++ Map[WordIdx] = New;
++ return New != Old;
++ }
++
++ ATTRIBUTE_NO_SANITIZE_ALL
++ inline bool AddValueModPrime(uintptr_t Value) {
++ return AddValue(Value % kMapPrimeMod);
++ }
++
++ inline bool Get(uintptr_t Idx) {
++ assert(Idx < kMapSizeInBits);
++ uintptr_t WordIdx = Idx / kBitsInWord;
++ uintptr_t BitIdx = Idx % kBitsInWord;
++ return Map[WordIdx] & (1UL << BitIdx);
++ }
++
++ size_t SizeInBits() const { return kMapSizeInBits; }
++
++ template <class Callback>
++ ATTRIBUTE_NO_SANITIZE_ALL
++ void ForEach(Callback CB) const {
++ for (size_t i = 0; i < kMapSizeInWords; i++)
++ if (uintptr_t M = Map[i])
++ for (size_t j = 0; j < sizeof(M) * 8; j++)
++ if (M & ((uintptr_t)1 << j))
++ CB(i * sizeof(M) * 8 + j);
++ }
++
++ private:
++ uintptr_t Map[kMapSizeInWords] __attribute__((aligned(512)));
++};
++
++} // namespace fuzzer
++
++#endif // LLVM_FUZZER_VALUE_BIT_MAP_H
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_README.txt b/compiler-rt-netbsd/patches/patch-lib_fuzzer_README.txt
new file mode 100644
index 0000000000..4ba105926d
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_README.txt
@@ -0,0 +1,7 @@
+$NetBSD$
+
+--- lib/fuzzer/README.txt.orig 2017-08-19 18:02:19.281259472 +0000
++++ lib/fuzzer/README.txt
+@@ -0,0 +1,2 @@
++Move to http://llvm.org/docs/LibFuzzer.html
++
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_afl_afl__driver.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_afl_afl__driver.cpp
new file mode 100644
index 0000000000..943b162f19
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_afl_afl__driver.cpp
@@ -0,0 +1,340 @@
+$NetBSD$
+
+--- lib/fuzzer/afl/afl_driver.cpp.orig 2017-08-19 18:02:19.281430930 +0000
++++ lib/fuzzer/afl/afl_driver.cpp
+@@ -0,0 +1,335 @@
++//===- afl_driver.cpp - a glue between AFL and libFuzzer --------*- C++ -* ===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//===----------------------------------------------------------------------===//
++
++/* This file allows to fuzz libFuzzer-style target functions
++ (LLVMFuzzerTestOneInput) with AFL using AFL's persistent (in-process) mode.
++
++Usage:
++################################################################################
++cat << EOF > test_fuzzer.cc
++#include <stddef.h>
++#include <stdint.h>
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
++ if (size > 0 && data[0] == 'H')
++ if (size > 1 && data[1] == 'I')
++ if (size > 2 && data[2] == '!')
++ __builtin_trap();
++ return 0;
++}
++EOF
++# Build your target with -fsanitize-coverage=trace-pc-guard using fresh clang.
++clang -g -fsanitize-coverage=trace-pc-guard test_fuzzer.cc -c
++# Build afl-llvm-rt.o.c from the AFL distribution.
++clang -c -w $AFL_HOME/llvm_mode/afl-llvm-rt.o.c
++# Build this file, link it with afl-llvm-rt.o.o and the target code.
++clang++ afl_driver.cpp test_fuzzer.o afl-llvm-rt.o.o
++# Run AFL:
++rm -rf IN OUT; mkdir IN OUT; echo z > IN/z;
++$AFL_HOME/afl-fuzz -i IN -o OUT ./a.out
++################################################################################
++Environment Variables:
++There are a few environment variables that can be set to use features that
++afl-fuzz doesn't have.
++
++AFL_DRIVER_STDERR_DUPLICATE_FILENAME: Setting this *appends* stderr to the file
++specified. If the file does not exist, it is created. This is useful for getting
++stack traces (when using ASAN for example) or original error messages on hard to
++reproduce bugs.
++
++AFL_DRIVER_EXTRA_STATS_FILENAME: Setting this causes afl_driver to write extra
++statistics to the file specified. Currently these are peak_rss_mb
++(the peak amount of virtual memory used in MB) and slowest_unit_time_secs. If
++the file does not exist it is created. If the file does exist then
++afl_driver assumes it was restarted by afl-fuzz and will try to read old
++statistics from the file. If that fails then the process will quit.
++
++*/
++#include <assert.h>
++#include <errno.h>
++#include <signal.h>
++#include <stdint.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/resource.h>
++#include <sys/time.h>
++#include <unistd.h>
++
++#include <fstream>
++#include <iostream>
++#include <vector>
++
++// Platform detection. Copied from FuzzerInternal.h
++#ifdef __linux__
++#define LIBFUZZER_LINUX 1
++#define LIBFUZZER_APPLE 0
++#elif __APPLE__
++#define LIBFUZZER_LINUX 0
++#define LIBFUZZER_APPLE 1
++#else
++#error "Support for your platform has not been implemented"
++#endif
++
++// Used to avoid repeating error checking boilerplate. If cond is false, a
++// fatal error has occured in the program. In this event print error_message
++// to stderr and abort(). Otherwise do nothing. Note that setting
++// AFL_DRIVER_STDERR_DUPLICATE_FILENAME may cause error_message to be appended
++// to the file as well, if the error occurs after the duplication is performed.
++#define CHECK_ERROR(cond, error_message) \
++ if (!(cond)) { \
++ fprintf(stderr, (error_message)); \
++ abort(); \
++ }
++
++// libFuzzer interface is thin, so we don't include any libFuzzer headers.
++extern "C" {
++int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
++__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
++}
++
++// Notify AFL about persistent mode.
++static volatile char AFL_PERSISTENT[] = "##SIG_AFL_PERSISTENT##";
++extern "C" int __afl_persistent_loop(unsigned int);
++static volatile char suppress_warning2 = AFL_PERSISTENT[0];
++
++// Notify AFL about deferred forkserver.
++static volatile char AFL_DEFER_FORKSVR[] = "##SIG_AFL_DEFER_FORKSRV##";
++extern "C" void __afl_manual_init();
++static volatile char suppress_warning1 = AFL_DEFER_FORKSVR[0];
++
++// Input buffer.
++static const size_t kMaxAflInputSize = 1 << 20;
++static uint8_t AflInputBuf[kMaxAflInputSize];
++
++// Variables we need for writing to the extra stats file.
++static FILE *extra_stats_file = NULL;
++static uint32_t previous_peak_rss = 0;
++static time_t slowest_unit_time_secs = 0;
++static const int kNumExtraStats = 2;
++static const char *kExtraStatsFormatString = "peak_rss_mb : %u\n"
++ "slowest_unit_time_sec : %u\n";
++
++// Copied from FuzzerUtil.cpp.
++size_t GetPeakRSSMb() {
++ struct rusage usage;
++ if (getrusage(RUSAGE_SELF, &usage))
++ return 0;
++ if (LIBFUZZER_LINUX) {
++ // ru_maxrss is in KiB
++ return usage.ru_maxrss >> 10;
++ } else if (LIBFUZZER_APPLE) {
++ // ru_maxrss is in bytes
++ return usage.ru_maxrss >> 20;
++ }
++ assert(0 && "GetPeakRSSMb() is not implemented for your platform");
++ return 0;
++}
++
++// Based on SetSigaction in FuzzerUtil.cpp
++static void SetSigaction(int signum,
++ void (*callback)(int, siginfo_t *, void *)) {
++ struct sigaction sigact;
++ memset(&sigact, 0, sizeof(sigact));
++ sigact.sa_sigaction = callback;
++ if (sigaction(signum, &sigact, 0)) {
++ fprintf(stderr, "libFuzzer: sigaction failed with %d\n", errno);
++ exit(1);
++ }
++}
++
++// Write extra stats to the file specified by the user. If none is specified
++// this function will never be called.
++static void write_extra_stats() {
++ uint32_t peak_rss = GetPeakRSSMb();
++
++ if (peak_rss < previous_peak_rss)
++ peak_rss = previous_peak_rss;
++
++ int chars_printed = fprintf(extra_stats_file, kExtraStatsFormatString,
++ peak_rss, slowest_unit_time_secs);
++
++ CHECK_ERROR(chars_printed != 0, "Failed to write extra_stats_file");
++
++ CHECK_ERROR(fclose(extra_stats_file) == 0,
++ "Failed to close extra_stats_file");
++}
++
++// Call write_extra_stats before we exit.
++static void crash_handler(int, siginfo_t *, void *) {
++ // Make sure we don't try calling write_extra_stats again if we crashed while
++ // trying to call it.
++ static bool first_crash = true;
++ CHECK_ERROR(first_crash,
++ "Crashed in crash signal handler. This is a bug in the fuzzer.");
++
++ first_crash = false;
++ write_extra_stats();
++}
++
++// If the user has specified an extra_stats_file through the environment
++// variable AFL_DRIVER_EXTRA_STATS_FILENAME, then perform necessary set up
++// to write stats to it on exit. If no file is specified, do nothing. Otherwise
++// install signal and exit handlers to write to the file when the process exits.
++// Then if the file doesn't exist create it and set extra stats to 0. But if it
++// does exist then read the initial values of the extra stats from the file
++// and check that the file is writable.
++static void maybe_initialize_extra_stats() {
++ // If AFL_DRIVER_EXTRA_STATS_FILENAME isn't set then we have nothing to do.
++ char *extra_stats_filename = getenv("AFL_DRIVER_EXTRA_STATS_FILENAME");
++ if (!extra_stats_filename)
++ return;
++
++ // Open the file and find the previous peak_rss_mb value.
++ // This is necessary because the fuzzing process is restarted after N
++ // iterations are completed. So we may need to get this value from a previous
++ // process to be accurate.
++ extra_stats_file = fopen(extra_stats_filename, "r");
++
++ // If extra_stats_file already exists: read old stats from it.
++ if (extra_stats_file) {
++ int matches = fscanf(extra_stats_file, kExtraStatsFormatString,
++ &previous_peak_rss, &slowest_unit_time_secs);
++
++ // Make sure we have read a real extra stats file and that we have used it
++ // to set slowest_unit_time_secs and previous_peak_rss.
++ CHECK_ERROR(matches == kNumExtraStats, "Extra stats file is corrupt");
++
++ CHECK_ERROR(fclose(extra_stats_file) == 0, "Failed to close file");
++
++ // Now open the file for writing.
++ extra_stats_file = fopen(extra_stats_filename, "w");
++ CHECK_ERROR(extra_stats_file,
++ "Failed to open extra stats file for writing");
++ } else {
++ // Looks like this is the first time in a fuzzing job this is being called.
++ extra_stats_file = fopen(extra_stats_filename, "w+");
++ CHECK_ERROR(extra_stats_file, "failed to create extra stats file");
++ }
++
++ // Make sure that crash_handler gets called on any kind of fatal error.
++ int crash_signals[] = {SIGSEGV, SIGBUS, SIGABRT, SIGILL, SIGFPE, SIGINT,
++ SIGTERM};
++
++ const size_t num_signals = sizeof(crash_signals) / sizeof(crash_signals[0]);
++
++ for (size_t idx = 0; idx < num_signals; idx++)
++ SetSigaction(crash_signals[idx], crash_handler);
++
++ // Make sure it gets called on other kinds of exits.
++ atexit(write_extra_stats);
++}
++
++// If the user asks us to duplicate stderr, then do it.
++static void maybe_duplicate_stderr() {
++ char* stderr_duplicate_filename =
++ getenv("AFL_DRIVER_STDERR_DUPLICATE_FILENAME");
++
++ if (!stderr_duplicate_filename)
++ return;
++
++ FILE* stderr_duplicate_stream =
++ freopen(stderr_duplicate_filename, "a+", stderr);
++
++ if (!stderr_duplicate_stream) {
++ fprintf(
++ stderr,
++ "Failed to duplicate stderr to AFL_DRIVER_STDERR_DUPLICATE_FILENAME");
++ abort();
++ }
++}
++
++// Define LLVMFuzzerMutate to avoid link failures for targets that use it
++// with libFuzzer's LLVMFuzzerCustomMutator.
++extern "C" size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) {
++ assert(false && "LLVMFuzzerMutate should not be called from afl_driver");
++ return 0;
++}
++
++// Execute any files provided as parameters.
++int ExecuteFilesOnyByOne(int argc, char **argv) {
++ for (int i = 1; i < argc; i++) {
++ std::ifstream in(argv[i]);
++ in.seekg(0, in.end);
++ size_t length = in.tellg();
++ in.seekg (0, in.beg);
++ std::cout << "Reading " << length << " bytes from " << argv[i] << std::endl;
++ // Allocate exactly length bytes so that we reliably catch buffer overflows.
++ std::vector<char> bytes(length);
++ in.read(bytes.data(), bytes.size());
++ assert(in);
++ LLVMFuzzerTestOneInput(reinterpret_cast<const uint8_t *>(bytes.data()),
++ bytes.size());
++ std::cout << "Execution successfull" << std::endl;
++ }
++ return 0;
++}
++
++int main(int argc, char **argv) {
++ fprintf(stderr,
++ "======================= INFO =========================\n"
++ "This binary is built for AFL-fuzz.\n"
++ "To run the target function on individual input(s) execute this:\n"
++ " %s < INPUT_FILE\n"
++ "or\n"
++ " %s INPUT_FILE1 [INPUT_FILE2 ... ]\n"
++ "To fuzz with afl-fuzz execute this:\n"
++ " afl-fuzz [afl-flags] %s [-N]\n"
++ "afl-fuzz will run N iterations before "
++ "re-spawning the process (default: 1000)\n"
++ "======================================================\n",
++ argv[0], argv[0], argv[0]);
++ if (LLVMFuzzerInitialize)
++ LLVMFuzzerInitialize(&argc, &argv);
++ // Do any other expensive one-time initialization here.
++
++ maybe_duplicate_stderr();
++ maybe_initialize_extra_stats();
++
++ __afl_manual_init();
++
++ int N = 1000;
++ if (argc == 2 && argv[1][0] == '-')
++ N = atoi(argv[1] + 1);
++ else if(argc == 2 && (N = atoi(argv[1])) > 0)
++ fprintf(stderr, "WARNING: using the deprecated call style `%s %d`\n",
++ argv[0], N);
++ else if (argc > 1)
++ return ExecuteFilesOnyByOne(argc, argv);
++
++ assert(N > 0);
++ time_t unit_time_secs;
++ int num_runs = 0;
++ while (__afl_persistent_loop(N)) {
++ ssize_t n_read = read(0, AflInputBuf, kMaxAflInputSize);
++ if (n_read > 0) {
++ // Copy AflInputBuf into a separate buffer to let asan find buffer
++ // overflows. Don't use unique_ptr/etc to avoid extra dependencies.
++ uint8_t *copy = new uint8_t[n_read];
++ memcpy(copy, AflInputBuf, n_read);
++
++ struct timeval unit_start_time;
++ CHECK_ERROR(gettimeofday(&unit_start_time, NULL) == 0,
++ "Calling gettimeofday failed");
++
++ num_runs++;
++ LLVMFuzzerTestOneInput(copy, n_read);
++
++ struct timeval unit_stop_time;
++ CHECK_ERROR(gettimeofday(&unit_stop_time, NULL) == 0,
++ "Calling gettimeofday failed");
++
++ // Update slowest_unit_time_secs if we see a new max.
++ unit_time_secs = unit_stop_time.tv_sec - unit_start_time.tv_sec;
++ if (slowest_unit_time_secs < unit_time_secs)
++ slowest_unit_time_secs = unit_time_secs;
++
++ delete[] copy;
++ }
++ }
++ fprintf(stderr, "%s: successfully executed %d input(s)\n", argv[0], num_runs);
++}
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_build.sh b/compiler-rt-netbsd/patches/patch-lib_fuzzer_build.sh
new file mode 100644
index 0000000000..b79c116c6e
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_build.sh
@@ -0,0 +1,16 @@
+$NetBSD$
+
+--- lib/fuzzer/build.sh.orig 2017-08-19 18:02:19.281531111 +0000
++++ lib/fuzzer/build.sh
+@@ -0,0 +1,11 @@
++#!/bin/bash
++LIBFUZZER_SRC_DIR=$(dirname $0)
++CXX="${CXX:-clang}"
++for f in $LIBFUZZER_SRC_DIR/*.cpp; do
++ $CXX -g -O2 -fno-omit-frame-pointer -std=c++11 $f -c &
++done
++wait
++rm -f libFuzzer.a
++ar ru libFuzzer.a Fuzzer*.o
++rm -f Fuzzer*.o
++
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_cxx.dict b/compiler-rt-netbsd/patches/patch-lib_fuzzer_cxx.dict
new file mode 100644
index 0000000000..19abc7cd0c
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_cxx.dict
@@ -0,0 +1,127 @@
+$NetBSD$
+
+--- lib/fuzzer/cxx.dict.orig 2017-08-19 18:02:19.281646376 +0000
++++ lib/fuzzer/cxx.dict
+@@ -0,0 +1,122 @@
++"++"
++"--"
++"<<"
++">>"
++"+="
++"-="
++"*="
++"/="
++">>="
++"<<="
++"&="
++"|="
++"^="
++"%="
++"!="
++"&&"
++"||"
++"=="
++">="
++"<="
++"->"
++"alignas"
++"alignof"
++"and"
++"and_eq"
++"asm"
++"auto"
++"bitand"
++"bitor"
++"bool"
++"break"
++"case"
++"catch"
++"char"
++"char16_t"
++"char32_t"
++"class"
++"compl"
++"concept"
++"const"
++"constexpr"
++"const_cast"
++"continue"
++"decltype"
++"default"
++"delete"
++"do"
++"double"
++"dynamic_cast"
++"else"
++"enum"
++"explicit"
++"export"
++"extern"
++"false"
++"float"
++"for"
++"friend"
++"goto"
++"if"
++"inline"
++"int"
++"long"
++"mutable"
++"namespace"
++"new"
++"noexcept"
++"not"
++"not_eq"
++"nullptr"
++"operator"
++"or"
++"or_eq"
++"private"
++"protected"
++"public"
++"register"
++"reinterpret_cast"
++"requires"
++"return"
++"short"
++"signed"
++"sizeof"
++"static"
++"static_assert"
++"static_cast"
++"struct"
++"switch"
++"template"
++"this"
++"thread_local"
++"throw"
++"true"
++"try"
++"typedef"
++"typeid"
++"typename"
++"union"
++"unsigned"
++"using"
++"virtual"
++"void"
++"volatile"
++"wchar_t"
++"while"
++"xor"
++"xor_eq"
++"if"
++"elif"
++"else"
++"endif"
++"defined"
++"ifdef"
++"ifndef"
++"define"
++"undef"
++"include"
++"line"
++"error"
++"pragma"
++"override"
++"final"
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_standalone_StandaloneFuzzTargetMain.c b/compiler-rt-netbsd/patches/patch-lib_fuzzer_standalone_StandaloneFuzzTargetMain.c
new file mode 100644
index 0000000000..b862d2aa0d
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_standalone_StandaloneFuzzTargetMain.c
@@ -0,0 +1,46 @@
+$NetBSD$
+
+--- lib/fuzzer/standalone/StandaloneFuzzTargetMain.c.orig 2017-08-19 18:02:19.281760598 +0000
++++ lib/fuzzer/standalone/StandaloneFuzzTargetMain.c
+@@ -0,0 +1,41 @@
++/*===- StandaloneFuzzTargetMain.c - standalone main() for fuzz targets. ---===//
++//
++// The LLVM Compiler Infrastructure
++//
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++//===----------------------------------------------------------------------===//
++// This main() function can be linked to a fuzz target (i.e. a library
++// that exports LLVMFuzzerTestOneInput() and possibly LLVMFuzzerInitialize())
++// instead of libFuzzer. This main() function will not perform any fuzzing
++// but will simply feed all input files one by one to the fuzz target.
++//
++// Use this file to provide reproducers for bugs when linking against libFuzzer
++// or other fuzzing engine is undesirable.
++//===----------------------------------------------------------------------===*/
++#include <assert.h>
++#include <stdio.h>
++#include <stdlib.h>
++
++extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
++__attribute__((weak)) extern int LLVMFuzzerInitialize(int *argc, char ***argv);
++int main(int argc, char **argv) {
++ fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1);
++ if (LLVMFuzzerInitialize)
++ LLVMFuzzerInitialize(&argc, &argv);
++ for (int i = 1; i < argc; i++) {
++ fprintf(stderr, "Running: %s\n", argv[i]);
++ FILE *f = fopen(argv[i], "r");
++ assert(f);
++ fseek(f, 0, SEEK_END);
++ size_t len = ftell(f);
++ fseek(f, 0, SEEK_SET);
++ unsigned char *buf = (unsigned char*)malloc(len);
++ size_t n_read = fread(buf, 1, len, f);
++ assert(n_read == len);
++ LLVMFuzzerTestOneInput(buf, len);
++ free(buf);
++ fprintf(stderr, "Done: %s: (%zd bytes)\n", argv[i], n_read);
++ }
++}
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_tests_CMakeLists.txt b/compiler-rt-netbsd/patches/patch-lib_fuzzer_tests_CMakeLists.txt
new file mode 100644
index 0000000000..f0696e5be7
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_tests_CMakeLists.txt
@@ -0,0 +1,51 @@
+$NetBSD$
+
+--- lib/fuzzer/tests/CMakeLists.txt.orig 2017-08-19 18:02:19.281880135 +0000
++++ lib/fuzzer/tests/CMakeLists.txt
+@@ -0,0 +1,46 @@
++set(LIBFUZZER_UNITTEST_CFLAGS
++ ${COMPILER_RT_UNITTEST_CFLAGS}
++ ${COMPILER_RT_GTEST_CFLAGS}
++ -I${COMPILER_RT_SOURCE_DIR}/lib/fuzzer
++ -fno-rtti
++ -Werror
++ -O2)
++
++add_custom_target(FuzzerUnitTests)
++set_target_properties(FuzzerUnitTests PROPERTIES FOLDER "Compiler-RT Tests")
++
++set(LIBFUZZER_UNITTEST_LINK_FLAGS ${COMPILER_RT_UNITTEST_LINK_FLAGS})
++list(APPEND LIBFUZZER_UNITTEST_LINK_FLAGS --driver-mode=g++)
++
++if(APPLE)
++ list(APPEND LIBFUZZER_UNITTEST_LINK_FLAGS -lc++)
++else()
++ list(APPEND LIBFUZZER_UNITTEST_LINK_FLAGS -lstdc++)
++endif()
++
++foreach(arch ${FUZZER_SUPPORTED_ARCH})
++ set(LIBFUZZER_TEST_RUNTIME RTFuzzerTest.${arch})
++ if(APPLE)
++ set(LIBFUZZER_TEST_RUNTIME_OBJECTS
++ $<TARGET_OBJECTS:RTfuzzer.osx>)
++ else()
++ set(LIBFUZZER_TEST_RUNTIME_OBJECTS
++ $<TARGET_OBJECTS:RTfuzzer.${arch}>)
++ endif()
++ add_library(${LIBFUZZER_TEST_RUNTIME} STATIC
++ ${LIBFUZZER_TEST_RUNTIME_OBJECTS})
++ set_target_properties(${LIBFUZZER_TEST_RUNTIME} PROPERTIES
++ ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
++ FOLDER "Compiler-RT Runtime tests")
++
++ set(FuzzerTestObjects)
++ generate_compiler_rt_tests(FuzzerTestObjects
++ FuzzerUnitTests "Fuzzer-${arch}-Test" ${arch}
++ SOURCES FuzzerUnittest.cpp ${COMPILER_RT_GTEST_SOURCE}
++ RUNTIME ${LIBFUZZER_TEST_RUNTIME}
++ DEPS gtest
++ CFLAGS ${LIBFUZZER_UNITTEST_CFLAGS}
++ LINK_FLAGS ${LIBFUZZER_UNITTEST_LINK_FLAGS})
++ set_target_properties(FuzzerUnitTests PROPERTIES
++ RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})
++endforeach()
diff --git a/compiler-rt-netbsd/patches/patch-lib_fuzzer_tests_FuzzerUnittest.cpp b/compiler-rt-netbsd/patches/patch-lib_fuzzer_tests_FuzzerUnittest.cpp
new file mode 100644
index 0000000000..6cf94d0c4c
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-lib_fuzzer_tests_FuzzerUnittest.cpp
@@ -0,0 +1,773 @@
+$NetBSD$
+
+--- lib/fuzzer/tests/FuzzerUnittest.cpp.orig 2017-08-19 18:02:19.282137613 +0000
++++ lib/fuzzer/tests/FuzzerUnittest.cpp
+@@ -0,0 +1,768 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Avoid ODR violations (LibFuzzer is built without ASan and this test is built
++// with ASan) involving C++ standard library types when using libcxx.
++#define _LIBCPP_HAS_NO_ASAN
++
++// Do not attempt to use LLVM ostream from gtest.
++#define GTEST_NO_LLVM_RAW_OSTREAM 1
++
++#include "FuzzerCorpus.h"
++#include "FuzzerDictionary.h"
++#include "FuzzerInternal.h"
++#include "FuzzerMerge.h"
++#include "FuzzerMutate.h"
++#include "FuzzerRandom.h"
++#include "FuzzerTracePC.h"
++#include "gtest/gtest.h"
++#include <memory>
++#include <set>
++#include <sstream>
++
++using namespace fuzzer;
++
++// For now, have LLVMFuzzerTestOneInput just to make it link.
++// Later we may want to make unittests that actually call LLVMFuzzerTestOneInput.
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ abort();
++}
++
++TEST(Fuzzer, CrossOver) {
++ std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
++ fuzzer::EF = t.get();
++ Random Rand(0);
++ MutationDispatcher MD(Rand, {});
++ Unit A({0, 1, 2}), B({5, 6, 7});
++ Unit C;
++ Unit Expected[] = {
++ { 0 },
++ { 0, 1 },
++ { 0, 5 },
++ { 0, 1, 2 },
++ { 0, 1, 5 },
++ { 0, 5, 1 },
++ { 0, 5, 6 },
++ { 0, 1, 2, 5 },
++ { 0, 1, 5, 2 },
++ { 0, 1, 5, 6 },
++ { 0, 5, 1, 2 },
++ { 0, 5, 1, 6 },
++ { 0, 5, 6, 1 },
++ { 0, 5, 6, 7 },
++ { 0, 1, 2, 5, 6 },
++ { 0, 1, 5, 2, 6 },
++ { 0, 1, 5, 6, 2 },
++ { 0, 1, 5, 6, 7 },
++ { 0, 5, 1, 2, 6 },
++ { 0, 5, 1, 6, 2 },
++ { 0, 5, 1, 6, 7 },
++ { 0, 5, 6, 1, 2 },
++ { 0, 5, 6, 1, 7 },
++ { 0, 5, 6, 7, 1 },
++ { 0, 1, 2, 5, 6, 7 },
++ { 0, 1, 5, 2, 6, 7 },
++ { 0, 1, 5, 6, 2, 7 },
++ { 0, 1, 5, 6, 7, 2 },
++ { 0, 5, 1, 2, 6, 7 },
++ { 0, 5, 1, 6, 2, 7 },
++ { 0, 5, 1, 6, 7, 2 },
++ { 0, 5, 6, 1, 2, 7 },
++ { 0, 5, 6, 1, 7, 2 },
++ { 0, 5, 6, 7, 1, 2 }
++ };
++ for (size_t Len = 1; Len < 8; Len++) {
++ std::set<Unit> FoundUnits, ExpectedUnitsWitThisLength;
++ for (int Iter = 0; Iter < 3000; Iter++) {
++ C.resize(Len);
++ size_t NewSize = MD.CrossOver(A.data(), A.size(), B.data(), B.size(),
++ C.data(), C.size());
++ C.resize(NewSize);
++ FoundUnits.insert(C);
++ }
++ for (const Unit &U : Expected)
++ if (U.size() <= Len)
++ ExpectedUnitsWitThisLength.insert(U);
++ EXPECT_EQ(ExpectedUnitsWitThisLength, FoundUnits);
++ }
++}
++
++TEST(Fuzzer, Hash) {
++ uint8_t A[] = {'a', 'b', 'c'};
++ fuzzer::Unit U(A, A + sizeof(A));
++ EXPECT_EQ("a9993e364706816aba3e25717850c26c9cd0d89d", fuzzer::Hash(U));
++ U.push_back('d');
++ EXPECT_EQ("81fe8bfe87576c3ecb22426f8e57847382917acf", fuzzer::Hash(U));
++}
++
++typedef size_t (MutationDispatcher::*Mutator)(uint8_t *Data, size_t Size,
++ size_t MaxSize);
++
++void TestEraseBytes(Mutator M, int NumIter) {
++ std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
++ fuzzer::EF = t.get();
++ uint8_t REM0[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t REM1[8] = {0x00, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t REM2[8] = {0x00, 0x11, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t REM3[8] = {0x00, 0x11, 0x22, 0x44, 0x55, 0x66, 0x77};
++ uint8_t REM4[8] = {0x00, 0x11, 0x22, 0x33, 0x55, 0x66, 0x77};
++ uint8_t REM5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x66, 0x77};
++ uint8_t REM6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x77};
++ uint8_t REM7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
++
++ uint8_t REM8[6] = {0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t REM9[6] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55};
++ uint8_t REM10[6] = {0x00, 0x11, 0x22, 0x55, 0x66, 0x77};
++
++ uint8_t REM11[5] = {0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t REM12[5] = {0x00, 0x11, 0x22, 0x33, 0x44};
++ uint8_t REM13[5] = {0x00, 0x44, 0x55, 0x66, 0x77};
++
++
++ Random Rand(0);
++ MutationDispatcher MD(Rand, {});
++ int FoundMask = 0;
++ for (int i = 0; i < NumIter; i++) {
++ uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ size_t NewSize = (MD.*M)(T, sizeof(T), sizeof(T));
++ if (NewSize == 7 && !memcmp(REM0, T, 7)) FoundMask |= 1 << 0;
++ if (NewSize == 7 && !memcmp(REM1, T, 7)) FoundMask |= 1 << 1;
++ if (NewSize == 7 && !memcmp(REM2, T, 7)) FoundMask |= 1 << 2;
++ if (NewSize == 7 && !memcmp(REM3, T, 7)) FoundMask |= 1 << 3;
++ if (NewSize == 7 && !memcmp(REM4, T, 7)) FoundMask |= 1 << 4;
++ if (NewSize == 7 && !memcmp(REM5, T, 7)) FoundMask |= 1 << 5;
++ if (NewSize == 7 && !memcmp(REM6, T, 7)) FoundMask |= 1 << 6;
++ if (NewSize == 7 && !memcmp(REM7, T, 7)) FoundMask |= 1 << 7;
++
++ if (NewSize == 6 && !memcmp(REM8, T, 6)) FoundMask |= 1 << 8;
++ if (NewSize == 6 && !memcmp(REM9, T, 6)) FoundMask |= 1 << 9;
++ if (NewSize == 6 && !memcmp(REM10, T, 6)) FoundMask |= 1 << 10;
++
++ if (NewSize == 5 && !memcmp(REM11, T, 5)) FoundMask |= 1 << 11;
++ if (NewSize == 5 && !memcmp(REM12, T, 5)) FoundMask |= 1 << 12;
++ if (NewSize == 5 && !memcmp(REM13, T, 5)) FoundMask |= 1 << 13;
++ }
++ EXPECT_EQ(FoundMask, (1 << 14) - 1);
++}
++
++TEST(FuzzerMutate, EraseBytes1) {
++ TestEraseBytes(&MutationDispatcher::Mutate_EraseBytes, 200);
++}
++TEST(FuzzerMutate, EraseBytes2) {
++ TestEraseBytes(&MutationDispatcher::Mutate, 2000);
++}
++
++void TestInsertByte(Mutator M, int NumIter) {
++ std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
++ fuzzer::EF = t.get();
++ Random Rand(0);
++ MutationDispatcher MD(Rand, {});
++ int FoundMask = 0;
++ uint8_t INS0[8] = {0xF1, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
++ uint8_t INS1[8] = {0x00, 0xF2, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
++ uint8_t INS2[8] = {0x00, 0x11, 0xF3, 0x22, 0x33, 0x44, 0x55, 0x66};
++ uint8_t INS3[8] = {0x00, 0x11, 0x22, 0xF4, 0x33, 0x44, 0x55, 0x66};
++ uint8_t INS4[8] = {0x00, 0x11, 0x22, 0x33, 0xF5, 0x44, 0x55, 0x66};
++ uint8_t INS5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0xF6, 0x55, 0x66};
++ uint8_t INS6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0xF7, 0x66};
++ uint8_t INS7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF8};
++ for (int i = 0; i < NumIter; i++) {
++ uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
++ size_t NewSize = (MD.*M)(T, 7, 8);
++ if (NewSize == 8 && !memcmp(INS0, T, 8)) FoundMask |= 1 << 0;
++ if (NewSize == 8 && !memcmp(INS1, T, 8)) FoundMask |= 1 << 1;
++ if (NewSize == 8 && !memcmp(INS2, T, 8)) FoundMask |= 1 << 2;
++ if (NewSize == 8 && !memcmp(INS3, T, 8)) FoundMask |= 1 << 3;
++ if (NewSize == 8 && !memcmp(INS4, T, 8)) FoundMask |= 1 << 4;
++ if (NewSize == 8 && !memcmp(INS5, T, 8)) FoundMask |= 1 << 5;
++ if (NewSize == 8 && !memcmp(INS6, T, 8)) FoundMask |= 1 << 6;
++ if (NewSize == 8 && !memcmp(INS7, T, 8)) FoundMask |= 1 << 7;
++ }
++ EXPECT_EQ(FoundMask, 255);
++}
++
++TEST(FuzzerMutate, InsertByte1) {
++ TestInsertByte(&MutationDispatcher::Mutate_InsertByte, 1 << 15);
++}
++TEST(FuzzerMutate, InsertByte2) {
++ TestInsertByte(&MutationDispatcher::Mutate, 1 << 17);
++}
++
++void TestInsertRepeatedBytes(Mutator M, int NumIter) {
++ std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
++ fuzzer::EF = t.get();
++ Random Rand(0);
++ MutationDispatcher MD(Rand, {});
++ int FoundMask = 0;
++ uint8_t INS0[7] = {0x00, 0x11, 0x22, 0x33, 'a', 'a', 'a'};
++ uint8_t INS1[7] = {0x00, 0x11, 0x22, 'a', 'a', 'a', 0x33};
++ uint8_t INS2[7] = {0x00, 0x11, 'a', 'a', 'a', 0x22, 0x33};
++ uint8_t INS3[7] = {0x00, 'a', 'a', 'a', 0x11, 0x22, 0x33};
++ uint8_t INS4[7] = {'a', 'a', 'a', 0x00, 0x11, 0x22, 0x33};
++
++ uint8_t INS5[8] = {0x00, 0x11, 0x22, 0x33, 'b', 'b', 'b', 'b'};
++ uint8_t INS6[8] = {0x00, 0x11, 0x22, 'b', 'b', 'b', 'b', 0x33};
++ uint8_t INS7[8] = {0x00, 0x11, 'b', 'b', 'b', 'b', 0x22, 0x33};
++ uint8_t INS8[8] = {0x00, 'b', 'b', 'b', 'b', 0x11, 0x22, 0x33};
++ uint8_t INS9[8] = {'b', 'b', 'b', 'b', 0x00, 0x11, 0x22, 0x33};
++
++ for (int i = 0; i < NumIter; i++) {
++ uint8_t T[8] = {0x00, 0x11, 0x22, 0x33};
++ size_t NewSize = (MD.*M)(T, 4, 8);
++ if (NewSize == 7 && !memcmp(INS0, T, 7)) FoundMask |= 1 << 0;
++ if (NewSize == 7 && !memcmp(INS1, T, 7)) FoundMask |= 1 << 1;
++ if (NewSize == 7 && !memcmp(INS2, T, 7)) FoundMask |= 1 << 2;
++ if (NewSize == 7 && !memcmp(INS3, T, 7)) FoundMask |= 1 << 3;
++ if (NewSize == 7 && !memcmp(INS4, T, 7)) FoundMask |= 1 << 4;
++
++ if (NewSize == 8 && !memcmp(INS5, T, 8)) FoundMask |= 1 << 5;
++ if (NewSize == 8 && !memcmp(INS6, T, 8)) FoundMask |= 1 << 6;
++ if (NewSize == 8 && !memcmp(INS7, T, 8)) FoundMask |= 1 << 7;
++ if (NewSize == 8 && !memcmp(INS8, T, 8)) FoundMask |= 1 << 8;
++ if (NewSize == 8 && !memcmp(INS9, T, 8)) FoundMask |= 1 << 9;
++
++ }
++ EXPECT_EQ(FoundMask, (1 << 10) - 1);
++}
++
++TEST(FuzzerMutate, InsertRepeatedBytes1) {
++ TestInsertRepeatedBytes(&MutationDispatcher::Mutate_InsertRepeatedBytes, 10000);
++}
++TEST(FuzzerMutate, InsertRepeatedBytes2) {
++ TestInsertRepeatedBytes(&MutationDispatcher::Mutate, 300000);
++}
++
++void TestChangeByte(Mutator M, int NumIter) {
++ std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
++ fuzzer::EF = t.get();
++ Random Rand(0);
++ MutationDispatcher MD(Rand, {});
++ int FoundMask = 0;
++ uint8_t CH0[8] = {0xF0, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t CH1[8] = {0x00, 0xF1, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t CH2[8] = {0x00, 0x11, 0xF2, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t CH3[8] = {0x00, 0x11, 0x22, 0xF3, 0x44, 0x55, 0x66, 0x77};
++ uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0xF4, 0x55, 0x66, 0x77};
++ uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0xF5, 0x66, 0x77};
++ uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0xF5, 0x77};
++ uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF7};
++ for (int i = 0; i < NumIter; i++) {
++ uint8_t T[9] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ size_t NewSize = (MD.*M)(T, 8, 9);
++ if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0;
++ if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1;
++ if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2;
++ if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3;
++ if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4;
++ if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5;
++ if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6;
++ if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7;
++ }
++ EXPECT_EQ(FoundMask, 255);
++}
++
++TEST(FuzzerMutate, ChangeByte1) {
++ TestChangeByte(&MutationDispatcher::Mutate_ChangeByte, 1 << 15);
++}
++TEST(FuzzerMutate, ChangeByte2) {
++ TestChangeByte(&MutationDispatcher::Mutate, 1 << 17);
++}
++
++void TestChangeBit(Mutator M, int NumIter) {
++ std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
++ fuzzer::EF = t.get();
++ Random Rand(0);
++ MutationDispatcher MD(Rand, {});
++ int FoundMask = 0;
++ uint8_t CH0[8] = {0x01, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t CH1[8] = {0x00, 0x13, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t CH2[8] = {0x00, 0x11, 0x02, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t CH3[8] = {0x00, 0x11, 0x22, 0x37, 0x44, 0x55, 0x66, 0x77};
++ uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0x54, 0x55, 0x66, 0x77};
++ uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x54, 0x66, 0x77};
++ uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x76, 0x77};
++ uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0xF7};
++ for (int i = 0; i < NumIter; i++) {
++ uint8_t T[9] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ size_t NewSize = (MD.*M)(T, 8, 9);
++ if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0;
++ if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1;
++ if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2;
++ if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3;
++ if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4;
++ if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5;
++ if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6;
++ if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7;
++ }
++ EXPECT_EQ(FoundMask, 255);
++}
++
++TEST(FuzzerMutate, ChangeBit1) {
++ TestChangeBit(&MutationDispatcher::Mutate_ChangeBit, 1 << 16);
++}
++TEST(FuzzerMutate, ChangeBit2) {
++ TestChangeBit(&MutationDispatcher::Mutate, 1 << 18);
++}
++
++void TestShuffleBytes(Mutator M, int NumIter) {
++ std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
++ fuzzer::EF = t.get();
++ Random Rand(0);
++ MutationDispatcher MD(Rand, {});
++ int FoundMask = 0;
++ uint8_t CH0[7] = {0x00, 0x22, 0x11, 0x33, 0x44, 0x55, 0x66};
++ uint8_t CH1[7] = {0x11, 0x00, 0x33, 0x22, 0x44, 0x55, 0x66};
++ uint8_t CH2[7] = {0x00, 0x33, 0x11, 0x22, 0x44, 0x55, 0x66};
++ uint8_t CH3[7] = {0x00, 0x11, 0x22, 0x44, 0x55, 0x66, 0x33};
++ uint8_t CH4[7] = {0x00, 0x11, 0x22, 0x33, 0x55, 0x44, 0x66};
++ for (int i = 0; i < NumIter; i++) {
++ uint8_t T[7] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
++ size_t NewSize = (MD.*M)(T, 7, 7);
++ if (NewSize == 7 && !memcmp(CH0, T, 7)) FoundMask |= 1 << 0;
++ if (NewSize == 7 && !memcmp(CH1, T, 7)) FoundMask |= 1 << 1;
++ if (NewSize == 7 && !memcmp(CH2, T, 7)) FoundMask |= 1 << 2;
++ if (NewSize == 7 && !memcmp(CH3, T, 7)) FoundMask |= 1 << 3;
++ if (NewSize == 7 && !memcmp(CH4, T, 7)) FoundMask |= 1 << 4;
++ }
++ EXPECT_EQ(FoundMask, 31);
++}
++
++TEST(FuzzerMutate, ShuffleBytes1) {
++ TestShuffleBytes(&MutationDispatcher::Mutate_ShuffleBytes, 1 << 16);
++}
++TEST(FuzzerMutate, ShuffleBytes2) {
++ TestShuffleBytes(&MutationDispatcher::Mutate, 1 << 20);
++}
++
++void TestCopyPart(Mutator M, int NumIter) {
++ std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
++ fuzzer::EF = t.get();
++ Random Rand(0);
++ MutationDispatcher MD(Rand, {});
++ int FoundMask = 0;
++ uint8_t CH0[7] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x00, 0x11};
++ uint8_t CH1[7] = {0x55, 0x66, 0x22, 0x33, 0x44, 0x55, 0x66};
++ uint8_t CH2[7] = {0x00, 0x55, 0x66, 0x33, 0x44, 0x55, 0x66};
++ uint8_t CH3[7] = {0x00, 0x11, 0x22, 0x00, 0x11, 0x22, 0x66};
++ uint8_t CH4[7] = {0x00, 0x11, 0x11, 0x22, 0x33, 0x55, 0x66};
++
++ for (int i = 0; i < NumIter; i++) {
++ uint8_t T[7] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66};
++ size_t NewSize = (MD.*M)(T, 7, 7);
++ if (NewSize == 7 && !memcmp(CH0, T, 7)) FoundMask |= 1 << 0;
++ if (NewSize == 7 && !memcmp(CH1, T, 7)) FoundMask |= 1 << 1;
++ if (NewSize == 7 && !memcmp(CH2, T, 7)) FoundMask |= 1 << 2;
++ if (NewSize == 7 && !memcmp(CH3, T, 7)) FoundMask |= 1 << 3;
++ if (NewSize == 7 && !memcmp(CH4, T, 7)) FoundMask |= 1 << 4;
++ }
++
++ uint8_t CH5[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x00, 0x11, 0x22};
++ uint8_t CH6[8] = {0x22, 0x33, 0x44, 0x00, 0x11, 0x22, 0x33, 0x44};
++ uint8_t CH7[8] = {0x00, 0x11, 0x22, 0x00, 0x11, 0x22, 0x33, 0x44};
++ uint8_t CH8[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x22, 0x33, 0x44};
++ uint8_t CH9[8] = {0x00, 0x11, 0x22, 0x22, 0x33, 0x44, 0x33, 0x44};
++
++ for (int i = 0; i < NumIter; i++) {
++ uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ size_t NewSize = (MD.*M)(T, 5, 8);
++ if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5;
++ if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6;
++ if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7;
++ if (NewSize == 8 && !memcmp(CH8, T, 8)) FoundMask |= 1 << 8;
++ if (NewSize == 8 && !memcmp(CH9, T, 8)) FoundMask |= 1 << 9;
++ }
++
++ EXPECT_EQ(FoundMask, 1023);
++}
++
++TEST(FuzzerMutate, CopyPart1) {
++ TestCopyPart(&MutationDispatcher::Mutate_CopyPart, 1 << 10);
++}
++TEST(FuzzerMutate, CopyPart2) {
++ TestCopyPart(&MutationDispatcher::Mutate, 1 << 13);
++}
++
++void TestAddWordFromDictionary(Mutator M, int NumIter) {
++ std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
++ fuzzer::EF = t.get();
++ Random Rand(0);
++ MutationDispatcher MD(Rand, {});
++ uint8_t Word1[4] = {0xAA, 0xBB, 0xCC, 0xDD};
++ uint8_t Word2[3] = {0xFF, 0xEE, 0xEF};
++ MD.AddWordToManualDictionary(Word(Word1, sizeof(Word1)));
++ MD.AddWordToManualDictionary(Word(Word2, sizeof(Word2)));
++ int FoundMask = 0;
++ uint8_t CH0[7] = {0x00, 0x11, 0x22, 0xAA, 0xBB, 0xCC, 0xDD};
++ uint8_t CH1[7] = {0x00, 0x11, 0xAA, 0xBB, 0xCC, 0xDD, 0x22};
++ uint8_t CH2[7] = {0x00, 0xAA, 0xBB, 0xCC, 0xDD, 0x11, 0x22};
++ uint8_t CH3[7] = {0xAA, 0xBB, 0xCC, 0xDD, 0x00, 0x11, 0x22};
++ uint8_t CH4[6] = {0x00, 0x11, 0x22, 0xFF, 0xEE, 0xEF};
++ uint8_t CH5[6] = {0x00, 0x11, 0xFF, 0xEE, 0xEF, 0x22};
++ uint8_t CH6[6] = {0x00, 0xFF, 0xEE, 0xEF, 0x11, 0x22};
++ uint8_t CH7[6] = {0xFF, 0xEE, 0xEF, 0x00, 0x11, 0x22};
++ for (int i = 0; i < NumIter; i++) {
++ uint8_t T[7] = {0x00, 0x11, 0x22};
++ size_t NewSize = (MD.*M)(T, 3, 7);
++ if (NewSize == 7 && !memcmp(CH0, T, 7)) FoundMask |= 1 << 0;
++ if (NewSize == 7 && !memcmp(CH1, T, 7)) FoundMask |= 1 << 1;
++ if (NewSize == 7 && !memcmp(CH2, T, 7)) FoundMask |= 1 << 2;
++ if (NewSize == 7 && !memcmp(CH3, T, 7)) FoundMask |= 1 << 3;
++ if (NewSize == 6 && !memcmp(CH4, T, 6)) FoundMask |= 1 << 4;
++ if (NewSize == 6 && !memcmp(CH5, T, 6)) FoundMask |= 1 << 5;
++ if (NewSize == 6 && !memcmp(CH6, T, 6)) FoundMask |= 1 << 6;
++ if (NewSize == 6 && !memcmp(CH7, T, 6)) FoundMask |= 1 << 7;
++ }
++ EXPECT_EQ(FoundMask, 255);
++}
++
++TEST(FuzzerMutate, AddWordFromDictionary1) {
++ TestAddWordFromDictionary(
++ &MutationDispatcher::Mutate_AddWordFromManualDictionary, 1 << 15);
++}
++
++TEST(FuzzerMutate, AddWordFromDictionary2) {
++ TestAddWordFromDictionary(&MutationDispatcher::Mutate, 1 << 15);
++}
++
++void TestChangeASCIIInteger(Mutator M, int NumIter) {
++ std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
++ fuzzer::EF = t.get();
++ Random Rand(0);
++ MutationDispatcher MD(Rand, {});
++
++ uint8_t CH0[8] = {'1', '2', '3', '4', '5', '6', '7', '7'};
++ uint8_t CH1[8] = {'1', '2', '3', '4', '5', '6', '7', '9'};
++ uint8_t CH2[8] = {'2', '4', '6', '9', '1', '3', '5', '6'};
++ uint8_t CH3[8] = {'0', '6', '1', '7', '2', '8', '3', '9'};
++ int FoundMask = 0;
++ for (int i = 0; i < NumIter; i++) {
++ uint8_t T[8] = {'1', '2', '3', '4', '5', '6', '7', '8'};
++ size_t NewSize = (MD.*M)(T, 8, 8);
++ /**/ if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0;
++ else if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1;
++ else if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2;
++ else if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3;
++ else if (NewSize == 8) FoundMask |= 1 << 4;
++ }
++ EXPECT_EQ(FoundMask, 31);
++}
++
++TEST(FuzzerMutate, ChangeASCIIInteger1) {
++ TestChangeASCIIInteger(&MutationDispatcher::Mutate_ChangeASCIIInteger,
++ 1 << 15);
++}
++
++TEST(FuzzerMutate, ChangeASCIIInteger2) {
++ TestChangeASCIIInteger(&MutationDispatcher::Mutate, 1 << 15);
++}
++
++void TestChangeBinaryInteger(Mutator M, int NumIter) {
++ std::unique_ptr<ExternalFunctions> t(new ExternalFunctions());
++ fuzzer::EF = t.get();
++ Random Rand(0);
++ MutationDispatcher MD(Rand, {});
++
++ uint8_t CH0[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x79};
++ uint8_t CH1[8] = {0x00, 0x11, 0x22, 0x31, 0x44, 0x55, 0x66, 0x77};
++ uint8_t CH2[8] = {0xff, 0x10, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t CH3[8] = {0x00, 0x11, 0x2a, 0x33, 0x44, 0x55, 0x66, 0x77};
++ uint8_t CH4[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x4f, 0x66, 0x77};
++ uint8_t CH5[8] = {0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88};
++ uint8_t CH6[8] = {0x00, 0x11, 0x22, 0x00, 0x00, 0x00, 0x08, 0x77}; // Size
++ uint8_t CH7[8] = {0x00, 0x08, 0x00, 0x33, 0x44, 0x55, 0x66, 0x77}; // Sw(Size)
++
++ int FoundMask = 0;
++ for (int i = 0; i < NumIter; i++) {
++ uint8_t T[8] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
++ size_t NewSize = (MD.*M)(T, 8, 8);
++ /**/ if (NewSize == 8 && !memcmp(CH0, T, 8)) FoundMask |= 1 << 0;
++ else if (NewSize == 8 && !memcmp(CH1, T, 8)) FoundMask |= 1 << 1;
++ else if (NewSize == 8 && !memcmp(CH2, T, 8)) FoundMask |= 1 << 2;
++ else if (NewSize == 8 && !memcmp(CH3, T, 8)) FoundMask |= 1 << 3;
++ else if (NewSize == 8 && !memcmp(CH4, T, 8)) FoundMask |= 1 << 4;
++ else if (NewSize == 8 && !memcmp(CH5, T, 8)) FoundMask |= 1 << 5;
++ else if (NewSize == 8 && !memcmp(CH6, T, 8)) FoundMask |= 1 << 6;
++ else if (NewSize == 8 && !memcmp(CH7, T, 8)) FoundMask |= 1 << 7;
++ }
++ EXPECT_EQ(FoundMask, 255);
++}
++
++TEST(FuzzerMutate, ChangeBinaryInteger1) {
++ TestChangeBinaryInteger(&MutationDispatcher::Mutate_ChangeBinaryInteger,
++ 1 << 12);
++}
++
++TEST(FuzzerMutate, ChangeBinaryInteger2) {
++ TestChangeBinaryInteger(&MutationDispatcher::Mutate, 1 << 15);
++}
++
++
++TEST(FuzzerDictionary, ParseOneDictionaryEntry) {
++ Unit U;
++ EXPECT_FALSE(ParseOneDictionaryEntry("", &U));
++ EXPECT_FALSE(ParseOneDictionaryEntry(" ", &U));
++ EXPECT_FALSE(ParseOneDictionaryEntry("\t ", &U));
++ EXPECT_FALSE(ParseOneDictionaryEntry(" \" ", &U));
++ EXPECT_FALSE(ParseOneDictionaryEntry(" zz\" ", &U));
++ EXPECT_FALSE(ParseOneDictionaryEntry(" \"zz ", &U));
++ EXPECT_FALSE(ParseOneDictionaryEntry(" \"\" ", &U));
++ EXPECT_TRUE(ParseOneDictionaryEntry("\"a\"", &U));
++ EXPECT_EQ(U, Unit({'a'}));
++ EXPECT_TRUE(ParseOneDictionaryEntry("\"abc\"", &U));
++ EXPECT_EQ(U, Unit({'a', 'b', 'c'}));
++ EXPECT_TRUE(ParseOneDictionaryEntry("abc=\"abc\"", &U));
++ EXPECT_EQ(U, Unit({'a', 'b', 'c'}));
++ EXPECT_FALSE(ParseOneDictionaryEntry("\"\\\"", &U));
++ EXPECT_TRUE(ParseOneDictionaryEntry("\"\\\\\"", &U));
++ EXPECT_EQ(U, Unit({'\\'}));
++ EXPECT_TRUE(ParseOneDictionaryEntry("\"\\xAB\"", &U));
++ EXPECT_EQ(U, Unit({0xAB}));
++ EXPECT_TRUE(ParseOneDictionaryEntry("\"\\xABz\\xDE\"", &U));
++ EXPECT_EQ(U, Unit({0xAB, 'z', 0xDE}));
++ EXPECT_TRUE(ParseOneDictionaryEntry("\"#\"", &U));
++ EXPECT_EQ(U, Unit({'#'}));
++ EXPECT_TRUE(ParseOneDictionaryEntry("\"\\\"\"", &U));
++ EXPECT_EQ(U, Unit({'"'}));
++}
++
++TEST(FuzzerDictionary, ParseDictionaryFile) {
++ std::vector<Unit> Units;
++ EXPECT_FALSE(ParseDictionaryFile("zzz\n", &Units));
++ EXPECT_FALSE(ParseDictionaryFile("", &Units));
++ EXPECT_TRUE(ParseDictionaryFile("\n", &Units));
++ EXPECT_EQ(Units.size(), 0U);
++ EXPECT_TRUE(ParseDictionaryFile("#zzzz a b c d\n", &Units));
++ EXPECT_EQ(Units.size(), 0U);
++ EXPECT_TRUE(ParseDictionaryFile(" #zzzz\n", &Units));
++ EXPECT_EQ(Units.size(), 0U);
++ EXPECT_TRUE(ParseDictionaryFile(" #zzzz\n", &Units));
++ EXPECT_EQ(Units.size(), 0U);
++ EXPECT_TRUE(ParseDictionaryFile(" #zzzz\naaa=\"aa\"", &Units));
++ EXPECT_EQ(Units, std::vector<Unit>({Unit({'a', 'a'})}));
++ EXPECT_TRUE(
++ ParseDictionaryFile(" #zzzz\naaa=\"aa\"\n\nabc=\"abc\"", &Units));
++ EXPECT_EQ(Units,
++ std::vector<Unit>({Unit({'a', 'a'}), Unit({'a', 'b', 'c'})}));
++}
++
++TEST(FuzzerUtil, Base64) {
++ EXPECT_EQ("", Base64({}));
++ EXPECT_EQ("YQ==", Base64({'a'}));
++ EXPECT_EQ("eA==", Base64({'x'}));
++ EXPECT_EQ("YWI=", Base64({'a', 'b'}));
++ EXPECT_EQ("eHk=", Base64({'x', 'y'}));
++ EXPECT_EQ("YWJj", Base64({'a', 'b', 'c'}));
++ EXPECT_EQ("eHl6", Base64({'x', 'y', 'z'}));
++ EXPECT_EQ("YWJjeA==", Base64({'a', 'b', 'c', 'x'}));
++ EXPECT_EQ("YWJjeHk=", Base64({'a', 'b', 'c', 'x', 'y'}));
++ EXPECT_EQ("YWJjeHl6", Base64({'a', 'b', 'c', 'x', 'y', 'z'}));
++}
++
++TEST(Corpus, Distribution) {
++ Random Rand(0);
++ std::unique_ptr<InputCorpus> C(new InputCorpus(""));
++ size_t N = 10;
++ size_t TriesPerUnit = 1<<16;
++ for (size_t i = 0; i < N; i++)
++ C->AddToCorpus(Unit{ static_cast<uint8_t>(i) }, 1, false, {});
++
++ std::vector<size_t> Hist(N);
++ for (size_t i = 0; i < N * TriesPerUnit; i++) {
++ Hist[C->ChooseUnitIdxToMutate(Rand)]++;
++ }
++ for (size_t i = 0; i < N; i++) {
++ // A weak sanity check that every unit gets invoked.
++ EXPECT_GT(Hist[i], TriesPerUnit / N / 3);
++ }
++}
++
++TEST(Merge, Bad) {
++ const char *kInvalidInputs[] = {
++ "",
++ "x",
++ "3\nx",
++ "2\n3",
++ "2\n2",
++ "2\n2\nA\n",
++ "2\n2\nA\nB\nC\n",
++ "0\n0\n",
++ "1\n1\nA\nDONE 0",
++ "1\n1\nA\nSTARTED 1",
++ };
++ Merger M;
++ for (auto S : kInvalidInputs) {
++ // fprintf(stderr, "TESTING:\n%s\n", S);
++ EXPECT_FALSE(M.Parse(S, false));
++ }
++}
++
++void EQ(const std::vector<uint32_t> &A, const std::vector<uint32_t> &B) {
++ EXPECT_EQ(A, B);
++}
++
++void EQ(const std::vector<std::string> &A, const std::vector<std::string> &B) {
++ std::set<std::string> a(A.begin(), A.end());
++ std::set<std::string> b(B.begin(), B.end());
++ EXPECT_EQ(a, b);
++}
++
++static void Merge(const std::string &Input,
++ const std::vector<std::string> Result,
++ size_t NumNewFeatures) {
++ Merger M;
++ std::vector<std::string> NewFiles;
++ EXPECT_TRUE(M.Parse(Input, true));
++ std::stringstream SS;
++ M.PrintSummary(SS);
++ EXPECT_EQ(NumNewFeatures, M.Merge(&NewFiles));
++ EXPECT_EQ(M.AllFeatures(), M.ParseSummary(SS));
++ EQ(NewFiles, Result);
++}
++
++TEST(Merge, Good) {
++ Merger M;
++
++ EXPECT_TRUE(M.Parse("1\n0\nAA\n", false));
++ EXPECT_EQ(M.Files.size(), 1U);
++ EXPECT_EQ(M.NumFilesInFirstCorpus, 0U);
++ EXPECT_EQ(M.Files[0].Name, "AA");
++ EXPECT_TRUE(M.LastFailure.empty());
++ EXPECT_EQ(M.FirstNotProcessedFile, 0U);
++
++ EXPECT_TRUE(M.Parse("2\n1\nAA\nBB\nSTARTED 0 42\n", false));
++ EXPECT_EQ(M.Files.size(), 2U);
++ EXPECT_EQ(M.NumFilesInFirstCorpus, 1U);
++ EXPECT_EQ(M.Files[0].Name, "AA");
++ EXPECT_EQ(M.Files[1].Name, "BB");
++ EXPECT_EQ(M.LastFailure, "AA");
++ EXPECT_EQ(M.FirstNotProcessedFile, 1U);
++
++ EXPECT_TRUE(M.Parse("3\n1\nAA\nBB\nC\n"
++ "STARTED 0 1000\n"
++ "DONE 0 1 2 3\n"
++ "STARTED 1 1001\n"
++ "DONE 1 4 5 6 \n"
++ "STARTED 2 1002\n"
++ "", true));
++ EXPECT_EQ(M.Files.size(), 3U);
++ EXPECT_EQ(M.NumFilesInFirstCorpus, 1U);
++ EXPECT_EQ(M.Files[0].Name, "AA");
++ EXPECT_EQ(M.Files[0].Size, 1000U);
++ EXPECT_EQ(M.Files[1].Name, "BB");
++ EXPECT_EQ(M.Files[1].Size, 1001U);
++ EXPECT_EQ(M.Files[2].Name, "C");
++ EXPECT_EQ(M.Files[2].Size, 1002U);
++ EXPECT_EQ(M.LastFailure, "C");
++ EXPECT_EQ(M.FirstNotProcessedFile, 3U);
++ EQ(M.Files[0].Features, {1, 2, 3});
++ EQ(M.Files[1].Features, {4, 5, 6});
++
++
++ std::vector<std::string> NewFiles;
++
++ EXPECT_TRUE(M.Parse("3\n2\nAA\nBB\nC\n"
++ "STARTED 0 1000\nDONE 0 1 2 3\n"
++ "STARTED 1 1001\nDONE 1 4 5 6 \n"
++ "STARTED 2 1002\nDONE 2 6 1 3 \n"
++ "", true));
++ EXPECT_EQ(M.Files.size(), 3U);
++ EXPECT_EQ(M.NumFilesInFirstCorpus, 2U);
++ EXPECT_TRUE(M.LastFailure.empty());
++ EXPECT_EQ(M.FirstNotProcessedFile, 3U);
++ EQ(M.Files[0].Features, {1, 2, 3});
++ EQ(M.Files[1].Features, {4, 5, 6});
++ EQ(M.Files[2].Features, {1, 3, 6});
++ EXPECT_EQ(0U, M.Merge(&NewFiles));
++ EQ(NewFiles, {});
++
++ EXPECT_TRUE(M.Parse("3\n1\nA\nB\nC\n"
++ "STARTED 0 1000\nDONE 0 1 2 3\n"
++ "STARTED 1 1001\nDONE 1 4 5 6 \n"
++ "STARTED 2 1002\nDONE 2 6 1 3\n"
++ "", true));
++ EQ(M.Files[0].Features, {1, 2, 3});
++ EQ(M.Files[1].Features, {4, 5, 6});
++ EQ(M.Files[2].Features, {1, 3, 6});
++ EXPECT_EQ(3U, M.Merge(&NewFiles));
++ EQ(NewFiles, {"B"});
++
++ // Same as the above, but with InitialFeatures.
++ EXPECT_TRUE(M.Parse("2\n0\nB\nC\n"
++ "STARTED 0 1001\nDONE 0 4 5 6 \n"
++ "STARTED 1 1002\nDONE 1 6 1 3\n"
++ "", true));
++ EQ(M.Files[0].Features, {4, 5, 6});
++ EQ(M.Files[1].Features, {1, 3, 6});
++ EXPECT_EQ(3U, M.Merge({1, 2, 3}, &NewFiles));
++ EQ(NewFiles, {"B"});
++}
++
++TEST(Merge, Merge) {
++
++ Merge("3\n1\nA\nB\nC\n"
++ "STARTED 0 1000\nDONE 0 1 2 3\n"
++ "STARTED 1 1001\nDONE 1 4 5 6 \n"
++ "STARTED 2 1002\nDONE 2 6 1 3 \n",
++ {"B"}, 3);
++
++ Merge("3\n0\nA\nB\nC\n"
++ "STARTED 0 2000\nDONE 0 1 2 3\n"
++ "STARTED 1 1001\nDONE 1 4 5 6 \n"
++ "STARTED 2 1002\nDONE 2 6 1 3 \n",
++ {"A", "B", "C"}, 6);
++
++ Merge("4\n0\nA\nB\nC\nD\n"
++ "STARTED 0 2000\nDONE 0 1 2 3\n"
++ "STARTED 1 1101\nDONE 1 4 5 6 \n"
++ "STARTED 2 1102\nDONE 2 6 1 3 100 \n"
++ "STARTED 3 1000\nDONE 3 1 \n",
++ {"A", "B", "C", "D"}, 7);
++
++ Merge("4\n1\nA\nB\nC\nD\n"
++ "STARTED 0 2000\nDONE 0 4 5 6 7 8\n"
++ "STARTED 1 1100\nDONE 1 1 2 3 \n"
++ "STARTED 2 1100\nDONE 2 2 3 \n"
++ "STARTED 3 1000\nDONE 3 1 \n",
++ {"B", "D"}, 3);
++}
++
++TEST(Fuzzer, ForEachNonZeroByte) {
++ const size_t N = 64;
++ alignas(64) uint8_t Ar[N + 8] = {
++ 0, 0, 0, 0, 0, 0, 0, 0,
++ 1, 2, 0, 0, 0, 0, 0, 0,
++ 0, 0, 3, 0, 4, 0, 0, 0,
++ 0, 0, 0, 0, 0, 0, 0, 0,
++ 0, 0, 0, 5, 0, 6, 0, 0,
++ 0, 0, 0, 0, 0, 0, 7, 0,
++ 0, 0, 0, 0, 0, 0, 0, 0,
++ 0, 0, 0, 0, 0, 0, 0, 8,
++ 9, 9, 9, 9, 9, 9, 9, 9,
++ };
++ typedef std::vector<std::pair<size_t, uint8_t> > Vec;
++ Vec Res, Expected;
++ auto CB = [&](size_t FirstFeature, size_t Idx, uint8_t V) {
++ Res.push_back({FirstFeature + Idx, V});
++ };
++ ForEachNonZeroByte(Ar, Ar + N, 100, CB);
++ Expected = {{108, 1}, {109, 2}, {118, 3}, {120, 4},
++ {135, 5}, {137, 6}, {146, 7}, {163, 8}};
++ EXPECT_EQ(Res, Expected);
++
++ Res.clear();
++ ForEachNonZeroByte(Ar + 9, Ar + N, 109, CB);
++ Expected = { {109, 2}, {118, 3}, {120, 4},
++ {135, 5}, {137, 6}, {146, 7}, {163, 8}};
++ EXPECT_EQ(Res, Expected);
++
++ Res.clear();
++ ForEachNonZeroByte(Ar + 9, Ar + N - 9, 109, CB);
++ Expected = { {109, 2}, {118, 3}, {120, 4},
++ {135, 5}, {137, 6}, {146, 7}};
++ EXPECT_EQ(Res, Expected);
++}
++
++int main(int argc, char **argv) {
++ testing::InitGoogleTest(&argc, argv);
++ return RUN_ALL_TESTS();
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_CMakeLists.txt b/compiler-rt-netbsd/patches/patch-test_CMakeLists.txt
new file mode 100644
index 0000000000..4e03357a3b
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_CMakeLists.txt
@@ -0,0 +1,12 @@
+$NetBSD$
+
+--- test/CMakeLists.txt.orig 2017-07-07 06:32:45.000000000 +0000
++++ test/CMakeLists.txt
+@@ -58,6 +58,7 @@ if(COMPILER_RT_CAN_EXECUTE_TESTS)
+ # CFI tests require diagnostic mode, which is implemented in UBSan.
+ compiler_rt_test_runtime(ubsan cfi)
+ compiler_rt_test_runtime(sanitizer_common)
++ compiler_rt_test_runtime(fuzzer)
+
+ foreach(sanitizer ${COMPILER_RT_SANITIZERS_TO_BUILD})
+ # cfi testing is gated on ubsan
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_AFLDriverTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_AFLDriverTest.cpp
new file mode 100644
index 0000000000..f82bcea9e8
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_AFLDriverTest.cpp
@@ -0,0 +1,33 @@
+$NetBSD$
+
+--- test/fuzzer/AFLDriverTest.cpp.orig 2017-08-19 18:02:19.282363447 +0000
++++ test/fuzzer/AFLDriverTest.cpp
+@@ -0,0 +1,28 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Contains dummy functions used to avoid dependency on AFL.
++#include <stdint.h>
++#include <stdio.h>
++#include <stdlib.h>
++
++extern "C" void __afl_manual_init() {}
++
++extern "C" int __afl_persistent_loop(unsigned int N) {
++ static int Count = N;
++ fprintf(stderr, "__afl_persistent_loop calle, Count = %d\n", Count);
++ if (Count--) return 1;
++ return 0;
++}
++
++// This declaration exists to prevent the Darwin linker
++// from complaining about this being a missing weak symbol.
++extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
++ fprintf(stderr, "LLVMFuzzerInitialize called\n");
++ return 0;
++}
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ fprintf(stderr, "LLVMFuzzerTestOneInput called; Size = %zd\n", Size);
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_AbsNegAndConstant64Test.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_AbsNegAndConstant64Test.cpp
new file mode 100644
index 0000000000..333934b841
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_AbsNegAndConstant64Test.cpp
@@ -0,0 +1,29 @@
+$NetBSD$
+
+--- test/fuzzer/AbsNegAndConstant64Test.cpp.orig 2017-08-19 18:02:19.282454842 +0000
++++ test/fuzzer/AbsNegAndConstant64Test.cpp
+@@ -0,0 +1,24 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// abs(x) < 0 and y == Const puzzle, 64-bit variant.
++#include <cstddef>
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 16) return 0;
++ int64_t x;
++ uint64_t y;
++ memcpy(&x, Data, sizeof(x));
++ memcpy(&y, Data + sizeof(x), sizeof(y));
++ if (llabs(x) < 0 && y == 0xbaddcafedeadbeefULL) {
++ printf("BINGO; Found the target, exiting; x = 0x%lx y 0x%lx\n", x, y);
++ fflush(stdout);
++ exit(1);
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_AbsNegAndConstantTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_AbsNegAndConstantTest.cpp
new file mode 100644
index 0000000000..e759fda695
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_AbsNegAndConstantTest.cpp
@@ -0,0 +1,29 @@
+$NetBSD$
+
+--- test/fuzzer/AbsNegAndConstantTest.cpp.orig 2017-08-19 18:02:19.282544863 +0000
++++ test/fuzzer/AbsNegAndConstantTest.cpp
+@@ -0,0 +1,24 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// abs(x) < 0 and y == Const puzzle.
++#include <cstddef>
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 8) return 0;
++ int x;
++ unsigned y;
++ memcpy(&x, Data, sizeof(x));
++ memcpy(&y, Data + sizeof(x), sizeof(y));
++ if (abs(x) < 0 && y == 0xbaddcafe) {
++ printf("BINGO; Found the target, exiting; x = 0x%x y 0x%x\n", x, y);
++ fflush(stdout);
++ exit(1);
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_AccumulateAllocationsTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_AccumulateAllocationsTest.cpp
new file mode 100644
index 0000000000..cfaacdede8
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_AccumulateAllocationsTest.cpp
@@ -0,0 +1,22 @@
+$NetBSD$
+
+--- test/fuzzer/AccumulateAllocationsTest.cpp.orig 2017-08-19 18:02:19.282638651 +0000
++++ test/fuzzer/AccumulateAllocationsTest.cpp
+@@ -0,0 +1,17 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test with a more mallocs than frees, but no leak.
++#include <cstddef>
++#include <cstdint>
++
++const int kAllocatedPointersSize = 10000;
++int NumAllocatedPointers = 0;
++int *AllocatedPointers[kAllocatedPointersSize];
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (NumAllocatedPointers < kAllocatedPointersSize)
++ AllocatedPointers[NumAllocatedPointers++] = new int;
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_BadStrcmpTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_BadStrcmpTest.cpp
new file mode 100644
index 0000000000..b7d395a975
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_BadStrcmpTest.cpp
@@ -0,0 +1,24 @@
+$NetBSD$
+
+--- test/fuzzer/BadStrcmpTest.cpp.orig 2017-08-19 18:02:19.282735771 +0000
++++ test/fuzzer/BadStrcmpTest.cpp
+@@ -0,0 +1,19 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test that we don't creash in case of bad strcmp params.
++#include <cstddef>
++#include <cstdint>
++#include <cstring>
++
++static volatile int Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size != 10) return 0;
++ // Data is not zero-terminated, so this call is bad.
++ // Still, there are cases when such calles appear, see e.g.
++ // https://bugs.llvm.org/show_bug.cgi?id=32357
++ Sink = strcmp(reinterpret_cast<const char*>(Data), "123456789");
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_BogusInitializeTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_BogusInitializeTest.cpp
new file mode 100644
index 0000000000..14bc67b197
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_BogusInitializeTest.cpp
@@ -0,0 +1,20 @@
+$NetBSD$
+
+--- test/fuzzer/BogusInitializeTest.cpp.orig 2017-08-19 18:02:19.282826585 +0000
++++ test/fuzzer/BogusInitializeTest.cpp
+@@ -0,0 +1,15 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Make sure LLVMFuzzerInitialize does not change argv[0].
++#include <stddef.h>
++#include <stdint.h>
++
++extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
++ ***argv = 'X';
++ return 0;
++}
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_BufferOverflowOnInput.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_BufferOverflowOnInput.cpp
new file mode 100644
index 0000000000..dc5ea00853
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_BufferOverflowOnInput.cpp
@@ -0,0 +1,29 @@
+$NetBSD$
+
+--- test/fuzzer/BufferOverflowOnInput.cpp.orig 2017-08-19 18:02:19.282917509 +0000
++++ test/fuzzer/BufferOverflowOnInput.cpp
+@@ -0,0 +1,24 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find the string "Hi!".
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++#include <ostream>
++
++static volatile bool SeedLargeBuffer;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ assert(Data);
++ if (Size >= 4)
++ SeedLargeBuffer = true;
++ if (Size == 3 && SeedLargeBuffer && Data[3]) {
++ std::cout << "Woops, reading Data[3] w/o crashing\n" << std::flush;
++ exit(1);
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_CMakeLists.txt b/compiler-rt-netbsd/patches/patch-test_fuzzer_CMakeLists.txt
new file mode 100644
index 0000000000..bc69953379
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_CMakeLists.txt
@@ -0,0 +1,45 @@
+$NetBSD$
+
+--- test/fuzzer/CMakeLists.txt.orig 2017-08-19 18:02:19.283012005 +0000
++++ test/fuzzer/CMakeLists.txt
+@@ -0,0 +1,40 @@
++
++set(LIBFUZZER_TEST_DEPS ${SANITIZER_COMMON_LIT_TEST_DEPS})
++if (NOT COMPILER_RT_STANDALONE_BUILD)
++ list(APPEND LIBFUZZER_TEST_DEPS fuzzer)
++endif()
++
++if(COMPILER_RT_INCLUDE_TESTS)
++ list(APPEND LIBFUZZER_TEST_DEPS FuzzerUnitTests)
++endif()
++
++set(LIBFUZZER_TESTSUITES)
++
++
++if(COMPILER_RT_INCLUDE_TESTS)
++ # libFuzzer unit tests.
++ configure_lit_site_cfg(
++ ${CMAKE_CURRENT_SOURCE_DIR}/unit/lit.site.cfg.in
++ ${CMAKE_CURRENT_BINARY_DIR}/unit/lit.site.cfg)
++ list(APPEND LIBFUZZER_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/unit)
++endif()
++
++foreach(arch ${FUZZER_SUPPORTED_ARCH})
++ get_test_cc_for_arch(${arch} LIBFUZZER_TEST_COMPILER LIBFUZZER_TEST_FLAGS)
++
++ string(TOUPPER ${arch} ARCH_UPPER_CASE)
++ set(CONFIG_NAME ${ARCH_UPPER_CASE}${OS_NAME}Config)
++
++ #LIT-based libFuzzer tests.
++ configure_lit_site_cfg(
++ ${CMAKE_CURRENT_SOURCE_DIR}/lit.site.cfg.in
++ ${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME}/lit.site.cfg
++ )
++ list(APPEND LIBFUZZER_TESTSUITES ${CMAKE_CURRENT_BINARY_DIR}/${CONFIG_NAME})
++
++endforeach()
++
++add_lit_testsuite(check-fuzzer "Running Fuzzer tests"
++ ${LIBFUZZER_TESTSUITES}
++ DEPENDS ${LIBFUZZER_TEST_DEPS})
++set_target_properties(check-fuzzer PROPERTIES FOLDER "Compiler-RT Tests")
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_CallerCalleeTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_CallerCalleeTest.cpp
new file mode 100644
index 0000000000..50e2f49126
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_CallerCalleeTest.cpp
@@ -0,0 +1,64 @@
+$NetBSD$
+
+--- test/fuzzer/CallerCalleeTest.cpp.orig 2017-08-19 18:02:19.283110158 +0000
++++ test/fuzzer/CallerCalleeTest.cpp
+@@ -0,0 +1,59 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer.
++// Try to find the target using the indirect caller-callee pairs.
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <cstring>
++#include <iostream>
++
++typedef void (*F)();
++static F t[256];
++
++void f34() {
++ std::cerr << "BINGO\n";
++ exit(1);
++}
++void f23() { t[(unsigned)'d'] = f34;}
++void f12() { t[(unsigned)'c'] = f23;}
++void f01() { t[(unsigned)'b'] = f12;}
++void f00() {}
++
++static F t0[256] = {
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++ f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
++};
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 4) return 0;
++ // Spoof the counters.
++ for (int i = 0; i < 200; i++) {
++ f23();
++ f12();
++ f01();
++ }
++ memcpy(t, t0, sizeof(t));
++ t[(unsigned)'a'] = f01;
++ t[Data[0]]();
++ t[Data[1]]();
++ t[Data[2]]();
++ t[Data[3]]();
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_CleanseTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_CleanseTest.cpp
new file mode 100644
index 0000000000..225e6fce26
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_CleanseTest.cpp
@@ -0,0 +1,21 @@
+$NetBSD$
+
+--- test/fuzzer/CleanseTest.cpp.orig 2017-08-19 18:02:19.283201204 +0000
++++ test/fuzzer/CleanseTest.cpp
+@@ -0,0 +1,16 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test the the fuzzer is able to 'cleanse' the reproducer
++// by replacing all irrelevant bytes with garbage.
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size >= 20 && Data[1] == '1' && Data[5] == '5' && Data[10] == 'A' &&
++ Data[19] == 'Z')
++ abort();
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_CounterTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_CounterTest.cpp
new file mode 100644
index 0000000000..28c4ea003d
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_CounterTest.cpp
@@ -0,0 +1,23 @@
+$NetBSD$
+
+--- test/fuzzer/CounterTest.cpp.orig 2017-08-19 18:02:19.283295037 +0000
++++ test/fuzzer/CounterTest.cpp
+@@ -0,0 +1,18 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test for a fuzzer: must find the case where a particular basic block is
++// executed many times.
++#include <iostream>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ int Num = 0;
++ for (size_t i = 0; i < Size; i++)
++ if (Data[i] == 'A' + i)
++ Num++;
++ if (Num >= 4) {
++ std::cerr << "BINGO!\n";
++ exit(1);
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_CustomCrossOverAndMutateTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_CustomCrossOverAndMutateTest.cpp
new file mode 100644
index 0000000000..cd952d7a60
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_CustomCrossOverAndMutateTest.cpp
@@ -0,0 +1,39 @@
+$NetBSD$
+
+--- test/fuzzer/CustomCrossOverAndMutateTest.cpp.orig 2017-08-19 18:02:19.283397798 +0000
++++ test/fuzzer/CustomCrossOverAndMutateTest.cpp
+@@ -0,0 +1,34 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test that libFuzzer does not crash when LLVMFuzzerMutate called from
++// LLVMFuzzerCustomCrossOver.
++#include <algorithm>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <string.h>
++#include <string>
++#include <vector>
++
++#include "FuzzerInterface.h"
++
++static volatile int sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ std::string Str(reinterpret_cast<const char *>(Data), Size);
++ if (Size && Data[0] == '0')
++ sink++;
++ return 0;
++}
++
++extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
++ const uint8_t *Data2, size_t Size2,
++ uint8_t *Out, size_t MaxOutSize,
++ unsigned int Seed) {
++ std::vector<uint8_t> Buffer(MaxOutSize * 10);
++ LLVMFuzzerMutate(Buffer.data(), Buffer.size(), Buffer.size());
++ size_t Size = std::min(Size1, MaxOutSize);
++ memcpy(Out, Data1, Size);
++ return Size;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_CustomCrossOverTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_CustomCrossOverTest.cpp
new file mode 100644
index 0000000000..13283f8b6a
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_CustomCrossOverTest.cpp
@@ -0,0 +1,69 @@
+$NetBSD$
+
+--- test/fuzzer/CustomCrossOverTest.cpp.orig 2017-08-19 18:02:19.283504181 +0000
++++ test/fuzzer/CustomCrossOverTest.cpp
+@@ -0,0 +1,64 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a cutom mutator.
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++#include <ostream>
++#include <random>
++#include <string.h>
++
++#include "FuzzerInterface.h"
++
++static const char *Separator = "-_^_-";
++static const char *Target = "012-_^_-abc";
++
++static volatile int sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ assert(Data);
++ std::string Str(reinterpret_cast<const char *>(Data), Size);
++
++ // Ensure that two different elements exist in the corpus.
++ if (Size && Data[0] == '0') sink++;
++ if (Size && Data[0] == 'a') sink--;
++
++ if (Str.find(Target) != std::string::npos) {
++ std::cout << "BINGO; Found the target, exiting\n" << std::flush;
++ exit(1);
++ }
++ return 0;
++}
++
++extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
++ const uint8_t *Data2, size_t Size2,
++ uint8_t *Out, size_t MaxOutSize,
++ unsigned int Seed) {
++ static bool Printed;
++ static size_t SeparatorLen = strlen(Separator);
++
++ if (!Printed) {
++ std::cerr << "In LLVMFuzzerCustomCrossover\n";
++ Printed = true;
++ }
++
++ std::mt19937 R(Seed);
++
++ size_t Offset1 = 0;
++ size_t Len1 = R() % (Size1 - Offset1);
++ size_t Offset2 = 0;
++ size_t Len2 = R() % (Size2 - Offset2);
++ size_t Size = Len1 + Len2 + SeparatorLen;
++
++ if (Size > MaxOutSize)
++ return 0;
++
++ memcpy(Out, Data1 + Offset1, Len1);
++ memcpy(Out + Len1, Separator, SeparatorLen);
++ memcpy(Out + Len1 + SeparatorLen, Data2 + Offset2, Len2);
++
++ return Len1 + Len2 + SeparatorLen;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_CustomMutatorTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_CustomMutatorTest.cpp
new file mode 100644
index 0000000000..e441868518
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_CustomMutatorTest.cpp
@@ -0,0 +1,44 @@
+$NetBSD$
+
+--- test/fuzzer/CustomMutatorTest.cpp.orig 2017-08-19 18:02:19.283599433 +0000
++++ test/fuzzer/CustomMutatorTest.cpp
+@@ -0,0 +1,39 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a cutom mutator.
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++#include <ostream>
++
++#include "FuzzerInterface.h"
++
++static volatile int Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ assert(Data);
++ if (Size > 0 && Data[0] == 'H') {
++ Sink = 1;
++ if (Size > 1 && Data[1] == 'i') {
++ Sink = 2;
++ if (Size > 2 && Data[2] == '!') {
++ std::cout << "BINGO; Found the target, exiting\n" << std::flush;
++ exit(1);
++ }
++ }
++ }
++ return 0;
++}
++
++extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
++ size_t MaxSize, unsigned int Seed) {
++ static bool Printed;
++ if (!Printed) {
++ std::cerr << "In LLVMFuzzerCustomMutator\n";
++ Printed = true;
++ }
++ return LLVMFuzzerMutate(Data, Size, MaxSize);
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_CxxStringEqTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_CxxStringEqTest.cpp
new file mode 100644
index 0000000000..a303737a0b
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_CxxStringEqTest.cpp
@@ -0,0 +1,30 @@
+$NetBSD$
+
+--- test/fuzzer/CxxStringEqTest.cpp.orig 2017-08-19 18:02:19.283693244 +0000
++++ test/fuzzer/CxxStringEqTest.cpp
+@@ -0,0 +1,25 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. Must find a specific string
++// used in std::string operator ==.
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++#include <string>
++
++static volatile int Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ std::string Str((const char*)Data, Size);
++ bool Eq = Str == "FooBar";
++ Sink = Str == "123456"; // Try to confuse the fuzzer
++ if (Eq) {
++ std::cout << "BINGO; Found the target, exiting\n";
++ std::cout.flush();
++ abort();
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_DSO1.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_DSO1.cpp
new file mode 100644
index 0000000000..b5d5fe6091
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_DSO1.cpp
@@ -0,0 +1,19 @@
+$NetBSD$
+
+--- test/fuzzer/DSO1.cpp.orig 2017-08-19 18:02:19.283784592 +0000
++++ test/fuzzer/DSO1.cpp
+@@ -0,0 +1,14 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Source code for a simple DSO.
++#ifdef _WIN32
++__declspec( dllexport )
++#endif
++int DSO1(int a) {
++ if (a < 123456)
++ return 0;
++ return 1;
++}
++
++void Uncovered1() { }
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_DSO2.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_DSO2.cpp
new file mode 100644
index 0000000000..e4d3525ab3
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_DSO2.cpp
@@ -0,0 +1,19 @@
+$NetBSD$
+
+--- test/fuzzer/DSO2.cpp.orig 2017-08-19 18:02:19.283874673 +0000
++++ test/fuzzer/DSO2.cpp
+@@ -0,0 +1,14 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Source code for a simple DSO.
++#ifdef _WIN32
++__declspec( dllexport )
++#endif
++int DSO2(int a) {
++ if (a < 3598235)
++ return 0;
++ return 1;
++}
++
++void Uncovered2() {}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_DSOTestExtra.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_DSOTestExtra.cpp
new file mode 100644
index 0000000000..fc8f7f5091
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_DSOTestExtra.cpp
@@ -0,0 +1,16 @@
+$NetBSD$
+
+--- test/fuzzer/DSOTestExtra.cpp.orig 2017-08-19 18:02:19.283973480 +0000
++++ test/fuzzer/DSOTestExtra.cpp
+@@ -0,0 +1,11 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Source code for a simple DSO.
++
++int DSOTestExtra(int a) {
++ if (a < 452345)
++ return 0;
++ return 1;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_DSOTestMain.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_DSOTestMain.cpp
new file mode 100644
index 0000000000..0676a86db0
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_DSOTestMain.cpp
@@ -0,0 +1,36 @@
+$NetBSD$
+
+--- test/fuzzer/DSOTestMain.cpp.orig 2017-08-19 18:02:19.284075295 +0000
++++ test/fuzzer/DSOTestMain.cpp
+@@ -0,0 +1,31 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Source code for a simple DSO.
++
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++extern int DSO1(int a);
++extern int DSO2(int a);
++extern int DSOTestExtra(int a);
++
++static volatile int *nil = 0;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ int x, y, z;
++ if (Size < sizeof(int) * 3) {
++ x = y = z = 0;
++ } else {
++ memcpy(&x, Data + 0 * sizeof(int), sizeof(int));
++ memcpy(&y, Data + 1 * sizeof(int), sizeof(int));
++ memcpy(&z, Data + 2 * sizeof(int), sizeof(int));
++ }
++ int sum = DSO1(x) + DSO2(y) + (z ? DSOTestExtra(z) : 0);
++ if (sum == 3) {
++ fprintf(stderr, "BINGO %d %d %d\n", x, y, z);
++ *nil = 0;
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_DeepRecursionTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_DeepRecursionTest.cpp
new file mode 100644
index 0000000000..b1283816c8
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_DeepRecursionTest.cpp
@@ -0,0 +1,30 @@
+$NetBSD$
+
+--- test/fuzzer/DeepRecursionTest.cpp.orig 2017-08-19 18:02:19.284183764 +0000
++++ test/fuzzer/DeepRecursionTest.cpp
+@@ -0,0 +1,25 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find the deep recursion.
++// To generate a crashy input:
++// for((i=0;i<110;i++)); do echo -n ABCDEFGHIJ >> INPUT; done
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++
++static volatile int Sink;
++
++void Recursive(const uint8_t *Data, size_t Size, int Depth) {
++ if (Depth > 1000) abort();
++ if (!Size) return;
++ if (*Data == ('A' + Depth % 10))
++ Recursive(Data + 1, Size - 1, Depth + 1);
++ Sink++;
++}
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ Recursive(Data, Size, 0);
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_DivTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_DivTest.cpp
new file mode 100644
index 0000000000..5ffc6e1d3c
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_DivTest.cpp
@@ -0,0 +1,25 @@
+$NetBSD$
+
+--- test/fuzzer/DivTest.cpp.orig 2017-08-19 18:02:19.284290831 +0000
++++ test/fuzzer/DivTest.cpp
+@@ -0,0 +1,20 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer: find the interesting argument for div.
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstring>
++#include <iostream>
++
++static volatile int Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 4) return 0;
++ int a;
++ memcpy(&a, Data, 4);
++ Sink = 12345678 / (987654 - a);
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_EmptyTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_EmptyTest.cpp
new file mode 100644
index 0000000000..9603482870
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_EmptyTest.cpp
@@ -0,0 +1,16 @@
+$NetBSD$
+
+--- test/fuzzer/EmptyTest.cpp.orig 2017-08-19 18:02:19.284386702 +0000
++++ test/fuzzer/EmptyTest.cpp
+@@ -0,0 +1,11 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++//
++// A fuzzer with empty target function.
++
++#include <cstdint>
++#include <cstdlib>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_EquivalenceATest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_EquivalenceATest.cpp
new file mode 100644
index 0000000000..581d61f421
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_EquivalenceATest.cpp
@@ -0,0 +1,22 @@
+$NetBSD$
+
+--- test/fuzzer/EquivalenceATest.cpp.orig 2017-08-19 18:02:19.284485804 +0000
++++ test/fuzzer/EquivalenceATest.cpp
+@@ -0,0 +1,17 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++#include <stddef.h>
++#include <stdint.h>
++#include <stdio.h>
++
++// Test for libFuzzer's "equivalence" fuzzing, part A.
++extern "C" void LLVMFuzzerAnnounceOutput(const uint8_t *Data, size_t Size);
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ // fprintf(stderr, "A %zd\n", Size);
++ uint8_t Result[50];
++ if (Size > 50) Size = 50;
++ for (size_t i = 0; i < Size; i++)
++ Result[Size - i - 1] = Data[i];
++ LLVMFuzzerAnnounceOutput(Result, Size);
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_EquivalenceBTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_EquivalenceBTest.cpp
new file mode 100644
index 0000000000..8cbd12db7e
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_EquivalenceBTest.cpp
@@ -0,0 +1,32 @@
+$NetBSD$
+
+--- test/fuzzer/EquivalenceBTest.cpp.orig 2017-08-19 18:02:19.284587129 +0000
++++ test/fuzzer/EquivalenceBTest.cpp
+@@ -0,0 +1,27 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++#include <stddef.h>
++#include <stdint.h>
++#include <stdio.h>
++
++// Test for libFuzzer's "equivalence" fuzzing, part B.
++extern "C" void LLVMFuzzerAnnounceOutput(const uint8_t *Data, size_t Size);
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ // fprintf(stderr, "B %zd\n", Size);
++ uint8_t Result[50];
++ if (Size > 50) Size = 50;
++ for (size_t i = 0; i < Size; i++)
++ Result[Size - i - 1] = Data[i];
++
++ // Be a bit different from EquivalenceATest
++ if (Size > 10 && Data[5] == 'B' && Data[6] == 'C' && Data[7] == 'D') {
++ static int c;
++ if (!c)
++ fprintf(stderr, "ZZZZZZZ\n");
++ c = 1;
++ Result[2]++;
++ }
++
++ LLVMFuzzerAnnounceOutput(Result, Size);
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_FlagsTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_FlagsTest.cpp
new file mode 100644
index 0000000000..7036686d25
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_FlagsTest.cpp
@@ -0,0 +1,37 @@
+$NetBSD$
+
+--- test/fuzzer/FlagsTest.cpp.orig 2017-08-19 18:02:19.284689096 +0000
++++ test/fuzzer/FlagsTest.cpp
+@@ -0,0 +1,32 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Parse some flags
++#include <string>
++#include <vector>
++
++static std::vector<std::string> Flags;
++
++extern "C" int LLVMFuzzerInitialize(int *Argc, char ***Argv) {
++ // Parse --flags and anything after -ignore_remaining_args=1 is passed.
++ int I = 1;
++ while (I < *Argc) {
++ std::string S((*Argv)[I++]);
++ if (S == "-ignore_remaining_args=1")
++ break;
++ if (S.substr(0, 2) == "--")
++ Flags.push_back(S);
++ }
++ while (I < *Argc)
++ Flags.push_back(std::string((*Argv)[I++]));
++
++ return 0;
++}
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ fprintf(stderr, "BINGO ");
++ for (auto Flag : Flags)
++ fprintf(stderr, "%s ", Flag.c_str());
++ fprintf(stderr, "\n");
++ exit(0);
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_FourIndependentBranchesTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_FourIndependentBranchesTest.cpp
new file mode 100644
index 0000000000..1b0502c38d
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_FourIndependentBranchesTest.cpp
@@ -0,0 +1,27 @@
+$NetBSD$
+
+--- test/fuzzer/FourIndependentBranchesTest.cpp.orig 2017-08-19 18:02:19.284788633 +0000
++++ test/fuzzer/FourIndependentBranchesTest.cpp
+@@ -0,0 +1,22 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find the string "FUZZ".
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ int bits = 0;
++ if (Size > 0 && Data[0] == 'F') bits |= 1;
++ if (Size > 1 && Data[1] == 'U') bits |= 2;
++ if (Size > 2 && Data[2] == 'Z') bits |= 4;
++ if (Size > 3 && Data[3] == 'Z') bits |= 8;
++ if (bits == 15) {
++ std::cerr << "BINGO!\n";
++ exit(1);
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_FullCoverageSetTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_FullCoverageSetTest.cpp
new file mode 100644
index 0000000000..aa46439352
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_FullCoverageSetTest.cpp
@@ -0,0 +1,29 @@
+$NetBSD$
+
+--- test/fuzzer/FullCoverageSetTest.cpp.orig 2017-08-19 18:02:19.284888478 +0000
++++ test/fuzzer/FullCoverageSetTest.cpp
+@@ -0,0 +1,24 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find the string "FUZZER".
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ int bits = 0;
++ if (Size > 0 && Data[0] == 'F') bits |= 1;
++ if (Size > 1 && Data[1] == 'U') bits |= 2;
++ if (Size > 2 && Data[2] == 'Z') bits |= 4;
++ if (Size > 3 && Data[3] == 'Z') bits |= 8;
++ if (Size > 4 && Data[4] == 'E') bits |= 16;
++ if (Size > 5 && Data[5] == 'R') bits |= 32;
++ if (bits == 63) {
++ std::cerr << "BINGO!\n";
++ exit(1);
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_InitializeTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_InitializeTest.cpp
new file mode 100644
index 0000000000..3814a5bde6
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_InitializeTest.cpp
@@ -0,0 +1,33 @@
+$NetBSD$
+
+--- test/fuzzer/InitializeTest.cpp.orig 2017-08-19 18:02:19.285007262 +0000
++++ test/fuzzer/InitializeTest.cpp
+@@ -0,0 +1,28 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Make sure LLVMFuzzerInitialize is called.
++#include <assert.h>
++#include <stddef.h>
++#include <stdint.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++
++static char *argv0;
++
++extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
++ assert(*argc > 0);
++ argv0 = **argv;
++ fprintf(stderr, "LLVMFuzzerInitialize: %s\n", argv0);
++ return 0;
++}
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size == strlen(argv0) &&
++ !memmem(Data, Size, argv0, Size)) {
++ fprintf(stderr, "BINGO %s\n", argv0);
++ exit(1);
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_LargeTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_LargeTest.cpp
new file mode 100644
index 0000000000..600dca7fa8
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_LargeTest.cpp
@@ -0,0 +1,42 @@
+$NetBSD$
+
+--- test/fuzzer/LargeTest.cpp.orig 2017-08-19 18:02:19.285112631 +0000
++++ test/fuzzer/LargeTest.cpp
+@@ -0,0 +1,37 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// A fuzz target with lots of edges.
++#include <cstdint>
++#include <cstdlib>
++
++static inline void break_optimization(const void *arg) {
++ __asm__ __volatile__("" : : "r" (arg) : "memory");
++}
++
++#define A \
++ do { \
++ i++; \
++ c++; \
++ if (Data[(i + __LINE__) % Size] == (c % 256)) \
++ break_optimization(Data); \
++ else \
++ break_optimization(0); \
++ } while (0)
++
++// for (int i = 0, n = Data[(__LINE__ - 1) % Size] % 16; i < n; i++)
++
++#define B do{A; A; A; A; A; A; A; A; A; A; A; A; A; A; A; A; A; A; }while(0)
++#define C do{B; B; B; B; B; B; B; B; B; B; B; B; B; B; B; B; B; B; }while(0)
++#define D do{C; C; C; C; C; C; C; C; C; C; C; C; C; C; C; C; C; C; }while(0)
++#define E do{D; D; D; D; D; D; D; D; D; D; D; D; D; D; D; D; D; D; }while(0)
++
++volatile int sink;
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (!Size) return 0;
++ int c = 0;
++ int i = 0;
++ D;
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_LeakTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_LeakTest.cpp
new file mode 100644
index 0000000000..f48ed2cae4
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_LeakTest.cpp
@@ -0,0 +1,22 @@
+$NetBSD$
+
+--- test/fuzzer/LeakTest.cpp.orig 2017-08-19 18:02:19.285212458 +0000
++++ test/fuzzer/LeakTest.cpp
+@@ -0,0 +1,17 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test with a leak.
++#include <cstddef>
++#include <cstdint>
++
++static volatile void *Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size > 0 && *Data == 'H') {
++ Sink = new int;
++ Sink = nullptr;
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_LeakTimeoutTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_LeakTimeoutTest.cpp
new file mode 100644
index 0000000000..0fa64c18df
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_LeakTimeoutTest.cpp
@@ -0,0 +1,22 @@
+$NetBSD$
+
+--- test/fuzzer/LeakTimeoutTest.cpp.orig 2017-08-19 18:02:19.285312577 +0000
++++ test/fuzzer/LeakTimeoutTest.cpp
+@@ -0,0 +1,17 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test with a leak.
++#include <cstddef>
++#include <cstdint>
++
++static volatile int *Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (!Size) return 0;
++ Sink = new int;
++ Sink = new int;
++ while (Sink) *Sink = 0; // Infinite loop.
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_LoadTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_LoadTest.cpp
new file mode 100644
index 0000000000..e52cd082f0
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_LoadTest.cpp
@@ -0,0 +1,27 @@
+$NetBSD$
+
+--- test/fuzzer/LoadTest.cpp.orig 2017-08-19 18:02:19.285414503 +0000
++++ test/fuzzer/LoadTest.cpp
+@@ -0,0 +1,22 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer: find interesting value of array index.
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstring>
++#include <iostream>
++
++static volatile int Sink;
++const int kArraySize = 1234567;
++int array[kArraySize];
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 8) return 0;
++ uint64_t a = 0;
++ memcpy(&a, Data, 8);
++ Sink = array[a % (kArraySize + 1)];
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_Memcmp64BytesTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_Memcmp64BytesTest.cpp
new file mode 100644
index 0000000000..1bb2fa73f6
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_Memcmp64BytesTest.cpp
@@ -0,0 +1,25 @@
+$NetBSD$
+
+--- test/fuzzer/Memcmp64BytesTest.cpp.orig 2017-08-19 18:02:19.285514569 +0000
++++ test/fuzzer/Memcmp64BytesTest.cpp
+@@ -0,0 +1,20 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find a particular string.
++#include <cassert>
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ const char kString64Bytes[] =
++ "123456789 123456789 123456789 123456789 123456789 123456789 1234";
++ assert(sizeof(kString64Bytes) == 65);
++ if (Size >= 64 && memcmp(Data, kString64Bytes, 64) == 0) {
++ fprintf(stderr, "BINGO\n");
++ exit(1);
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_MemcmpTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_MemcmpTest.cpp
new file mode 100644
index 0000000000..2705bc28e5
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_MemcmpTest.cpp
@@ -0,0 +1,36 @@
+$NetBSD$
+
+--- test/fuzzer/MemcmpTest.cpp.orig 2017-08-19 18:02:19.285618057 +0000
++++ test/fuzzer/MemcmpTest.cpp
+@@ -0,0 +1,31 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find a particular string.
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ // TODO: check other sizes.
++ if (Size >= 8 && memcmp(Data, "01234567", 8) == 0) {
++ if (Size >= 12 && memcmp(Data + 8, "ABCD", 4) == 0) {
++ if (Size >= 14 && memcmp(Data + 12, "XY", 2) == 0) {
++ if (Size >= 17 && memcmp(Data + 14, "KLM", 3) == 0) {
++ if (Size >= 27 && memcmp(Data + 17, "ABCDE-GHIJ", 10) == 0){
++ fprintf(stderr, "BINGO %zd\n", Size);
++ for (size_t i = 0; i < Size; i++) {
++ uint8_t C = Data[i];
++ if (C >= 32 && C < 127)
++ fprintf(stderr, "%c", C);
++ }
++ fprintf(stderr, "\n");
++ exit(1);
++ }
++ }
++ }
++ }
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_NotinstrumentedTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_NotinstrumentedTest.cpp
new file mode 100644
index 0000000000..241c52c0b5
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_NotinstrumentedTest.cpp
@@ -0,0 +1,16 @@
+$NetBSD$
+
+--- test/fuzzer/NotinstrumentedTest.cpp.orig 2017-08-19 18:02:19.285731717 +0000
++++ test/fuzzer/NotinstrumentedTest.cpp
+@@ -0,0 +1,11 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// This test should not be instrumented.
++#include <cstddef>
++#include <cstdint>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_NthRunCrashTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_NthRunCrashTest.cpp
new file mode 100644
index 0000000000..30301171a6
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_NthRunCrashTest.cpp
@@ -0,0 +1,24 @@
+$NetBSD$
+
+--- test/fuzzer/NthRunCrashTest.cpp.orig 2017-08-19 18:02:19.285834145 +0000
++++ test/fuzzer/NthRunCrashTest.cpp
+@@ -0,0 +1,19 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Crash on the N-th execution.
++#include <cstddef>
++#include <cstdint>
++#include <iostream>
++#include <ostream>
++
++static int Counter;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Counter++ == 1000) {
++ std::cout << "BINGO; Found the target, exiting\n" << std::flush;
++ exit(1);
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_NullDerefOnEmptyTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_NullDerefOnEmptyTest.cpp
new file mode 100644
index 0000000000..7e99d53a08
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_NullDerefOnEmptyTest.cpp
@@ -0,0 +1,24 @@
+$NetBSD$
+
+--- test/fuzzer/NullDerefOnEmptyTest.cpp.orig 2017-08-19 18:02:19.285935455 +0000
++++ test/fuzzer/NullDerefOnEmptyTest.cpp
+@@ -0,0 +1,19 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find the empty string.
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++
++static volatile int *Null = 0;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size == 0) {
++ std::cout << "Found the target, dereferencing NULL\n";
++ *Null = 1;
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_NullDerefTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_NullDerefTest.cpp
new file mode 100644
index 0000000000..94eae2b42c
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_NullDerefTest.cpp
@@ -0,0 +1,31 @@
+$NetBSD$
+
+--- test/fuzzer/NullDerefTest.cpp.orig 2017-08-19 18:02:19.286039885 +0000
++++ test/fuzzer/NullDerefTest.cpp
+@@ -0,0 +1,26 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find the string "Hi!".
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++
++static volatile int Sink;
++static volatile int *Null = 0;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size > 0 && Data[0] == 'H') {
++ Sink = 1;
++ if (Size > 1 && Data[1] == 'i') {
++ Sink = 2;
++ if (Size > 2 && Data[2] == '!') {
++ std::cout << "Found the target, dereferencing NULL\n";
++ *Null = 1;
++ }
++ }
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_OneHugeAllocTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_OneHugeAllocTest.cpp
new file mode 100644
index 0000000000..95d3fad774
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_OneHugeAllocTest.cpp
@@ -0,0 +1,33 @@
+$NetBSD$
+
+--- test/fuzzer/OneHugeAllocTest.cpp.orig 2017-08-19 18:02:19.286142909 +0000
++++ test/fuzzer/OneHugeAllocTest.cpp
+@@ -0,0 +1,28 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Tests OOM handling when there is a single large allocation.
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <cstring>
++#include <iostream>
++
++static volatile char *SinkPtr;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size > 0 && Data[0] == 'H') {
++ if (Size > 1 && Data[1] == 'i') {
++ if (Size > 2 && Data[2] == '!') {
++ size_t kSize = (size_t)1 << 31;
++ char *p = new char[kSize];
++ memset(p, 0, kSize);
++ SinkPtr = p;
++ delete [] p;
++ }
++ }
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_OutOfMemorySingleLargeMallocTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_OutOfMemorySingleLargeMallocTest.cpp
new file mode 100644
index 0000000000..d4ebb6fcee
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_OutOfMemorySingleLargeMallocTest.cpp
@@ -0,0 +1,32 @@
+$NetBSD$
+
+--- test/fuzzer/OutOfMemorySingleLargeMallocTest.cpp.orig 2017-08-19 18:02:19.286247186 +0000
++++ test/fuzzer/OutOfMemorySingleLargeMallocTest.cpp
+@@ -0,0 +1,27 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Tests OOM handling.
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <cstring>
++#include <iostream>
++
++static volatile char *SinkPtr;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size > 0 && Data[0] == 'H') {
++ if (Size > 1 && Data[1] == 'i') {
++ if (Size > 2 && Data[2] == '!') {
++ size_t kSize = 0x20000000U;
++ char *p = new char[kSize];
++ SinkPtr = p;
++ delete [] p;
++ }
++ }
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_OutOfMemoryTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_OutOfMemoryTest.cpp
new file mode 100644
index 0000000000..1f382d371c
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_OutOfMemoryTest.cpp
@@ -0,0 +1,36 @@
+$NetBSD$
+
+--- test/fuzzer/OutOfMemoryTest.cpp.orig 2017-08-19 18:02:19.286352578 +0000
++++ test/fuzzer/OutOfMemoryTest.cpp
+@@ -0,0 +1,31 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Tests OOM handling.
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <cstring>
++#include <iostream>
++#include <thread>
++
++static volatile char *SinkPtr;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size > 0 && Data[0] == 'H') {
++ if (Size > 1 && Data[1] == 'i') {
++ if (Size > 2 && Data[2] == '!') {
++ while (true) {
++ size_t kSize = 1 << 28;
++ char *p = new char[kSize];
++ memset(p, 0, kSize);
++ SinkPtr = p;
++ std::this_thread::sleep_for(std::chrono::seconds(1));
++ }
++ }
++ }
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_OverwriteInputTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_OverwriteInputTest.cpp
new file mode 100644
index 0000000000..65b5f82edc
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_OverwriteInputTest.cpp
@@ -0,0 +1,18 @@
+$NetBSD$
+
+--- test/fuzzer/OverwriteInputTest.cpp.orig 2017-08-19 18:02:19.286462278 +0000
++++ test/fuzzer/OverwriteInputTest.cpp
+@@ -0,0 +1,13 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. Make sure we abort if Data is overwritten.
++#include <cstdint>
++#include <iostream>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size)
++ *const_cast<uint8_t*>(Data) = 1;
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_RepeatedBytesTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_RepeatedBytesTest.cpp
new file mode 100644
index 0000000000..9536fd4c9e
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_RepeatedBytesTest.cpp
@@ -0,0 +1,36 @@
+$NetBSD$
+
+--- test/fuzzer/RepeatedBytesTest.cpp.orig 2017-08-19 18:02:19.286575651 +0000
++++ test/fuzzer/RepeatedBytesTest.cpp
+@@ -0,0 +1,31 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find repeated bytes.
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++#include <ostream>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ assert(Data);
++ // Looking for AAAAAAAAAAAAAAAAAAAAAA or some such.
++ size_t CurA = 0, MaxA = 0;
++ for (size_t i = 0; i < Size; i++) {
++ // Make sure there are no conditionals in the loop so that
++ // coverage can't help the fuzzer.
++ int EQ = Data[i] == 'A';
++ CurA = EQ * (CurA + 1);
++ int GT = CurA > MaxA;
++ MaxA = GT * CurA + (!GT) * MaxA;
++ }
++ if (MaxA >= 20) {
++ std::cout << "BINGO; Found the target (Max: " << MaxA << "), exiting\n"
++ << std::flush;
++ exit(0);
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_RepeatedMemcmp.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_RepeatedMemcmp.cpp
new file mode 100644
index 0000000000..c7f16a03ca
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_RepeatedMemcmp.cpp
@@ -0,0 +1,29 @@
+$NetBSD$
+
+--- test/fuzzer/RepeatedMemcmp.cpp.orig 2017-08-19 18:02:19.286681844 +0000
++++ test/fuzzer/RepeatedMemcmp.cpp
+@@ -0,0 +1,24 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ int Matches1 = 0;
++ for (size_t i = 0; i + 2 < Size; i += 3)
++ if (!memcmp(Data + i, "foo", 3))
++ Matches1++;
++ int Matches2 = 0;
++ for (size_t i = 0; i + 2 < Size; i += 3)
++ if (!memcmp(Data + i, "bar", 3))
++ Matches2++;
++
++ if (Matches1 > 10 && Matches2 > 10) {
++ fprintf(stderr, "BINGO!\n");
++ exit(1);
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkControlFlowSimpleTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkControlFlowSimpleTest.cpp
new file mode 100644
index 0000000000..6184704d90
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkControlFlowSimpleTest.cpp
@@ -0,0 +1,24 @@
+$NetBSD$
+
+--- test/fuzzer/ShrinkControlFlowSimpleTest.cpp.orig 2017-08-19 18:02:19.286786696 +0000
++++ test/fuzzer/ShrinkControlFlowSimpleTest.cpp
+@@ -0,0 +1,19 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test that we can find the minimal item in the corpus (3 bytes: "FUZ").
++#include <cstddef>
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++static volatile int Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 2) return 0;
++ if (Data[0] == 'F' && Data[Size / 2] == 'U' && Data[Size - 1] == 'Z')
++ Sink++;
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkControlFlowTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkControlFlowTest.cpp
new file mode 100644
index 0000000000..97f79909db
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkControlFlowTest.cpp
@@ -0,0 +1,36 @@
+$NetBSD$
+
+--- test/fuzzer/ShrinkControlFlowTest.cpp.orig 2017-08-19 18:02:19.286895189 +0000
++++ test/fuzzer/ShrinkControlFlowTest.cpp
+@@ -0,0 +1,31 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test that we can find the minimal item in the corpus (3 bytes: "FUZ").
++#include <cstddef>
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++static volatile int Sink;
++
++void Foo() {
++ Sink++;
++}
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ int8_t Ids[256];
++ memset(Ids, -1, sizeof(Ids));
++ for (size_t i = 0; i < Size; i++)
++ if (Ids[Data[i]] == -1)
++ Ids[Data[i]] = i;
++ int F = Ids[(unsigned char)'F'];
++ int U = Ids[(unsigned char)'U'];
++ int Z = Ids[(unsigned char)'Z'];
++ if (F >= 0 && U > F && Z > U) {
++ Foo();
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkValueProfileTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkValueProfileTest.cpp
new file mode 100644
index 0000000000..f430606989
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_ShrinkValueProfileTest.cpp
@@ -0,0 +1,27 @@
+$NetBSD$
+
+--- test/fuzzer/ShrinkValueProfileTest.cpp.orig 2017-08-19 18:02:19.287000833 +0000
++++ test/fuzzer/ShrinkValueProfileTest.cpp
+@@ -0,0 +1,22 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test that we can find the minimal item in the corpus (3 bytes: "FUZ").
++#include <cstddef>
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++static volatile uint32_t Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < sizeof(uint32_t)) return 0;
++ uint32_t X, Y;
++ size_t Offset = Size < 8 ? 0 : Size / 2;
++ memcpy(&X, Data + Offset, sizeof(uint32_t));
++ memcpy(&Y, "FUZZ", sizeof(uint32_t));
++ Sink = X == Y;
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SignedIntOverflowTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SignedIntOverflowTest.cpp
new file mode 100644
index 0000000000..97dd8c419b
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SignedIntOverflowTest.cpp
@@ -0,0 +1,33 @@
+$NetBSD$
+
+--- test/fuzzer/SignedIntOverflowTest.cpp.orig 2017-08-19 18:02:19.287107990 +0000
++++ test/fuzzer/SignedIntOverflowTest.cpp
+@@ -0,0 +1,28 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test for signed-integer-overflow.
++#include <assert.h>
++#include <climits>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++
++static volatile int Sink;
++static int Large = INT_MAX;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ assert(Data);
++ if (Size > 0 && Data[0] == 'H') {
++ Sink = 1;
++ if (Size > 1 && Data[1] == 'i') {
++ Sink = 2;
++ if (Size > 2 && Data[2] == '!') {
++ Large++; // int overflow.
++ }
++ }
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleCmpTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleCmpTest.cpp
new file mode 100644
index 0000000000..61f09c4903
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleCmpTest.cpp
@@ -0,0 +1,52 @@
+$NetBSD$
+
+--- test/fuzzer/SimpleCmpTest.cpp.orig 2017-08-19 18:02:19.287218834 +0000
++++ test/fuzzer/SimpleCmpTest.cpp
+@@ -0,0 +1,47 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find several narrow ranges.
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++extern int AllLines[];
++
++bool PrintOnce(int Line) {
++ if (!AllLines[Line])
++ fprintf(stderr, "Seen line %d\n", Line);
++ AllLines[Line] = 1;
++ return true;
++}
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size != 22) return 0;
++ uint64_t x = 0;
++ int64_t y = 0;
++ int32_t z = 0;
++ uint16_t a = 0;
++ memcpy(&x, Data, 8); // 8
++ memcpy(&y, Data + 8, 8); // 16
++ memcpy(&z, Data + 16, sizeof(z)); // 20
++ memcpy(&a, Data + 20, sizeof(a)); // 22
++ const bool k32bit = sizeof(void*) == 4;
++
++ if ((k32bit || x > 1234567890) && PrintOnce(__LINE__) &&
++ (k32bit || x < 1234567895) && PrintOnce(__LINE__) &&
++ a == 0x4242 && PrintOnce(__LINE__) &&
++ (k32bit || y >= 987654321) && PrintOnce(__LINE__) &&
++ (k32bit || y <= 987654325) && PrintOnce(__LINE__) &&
++ z < -10000 && PrintOnce(__LINE__) &&
++ z >= -10005 && PrintOnce(__LINE__) &&
++ z != -10003 && PrintOnce(__LINE__) &&
++ true) {
++ fprintf(stderr, "BINGO; Found the target: size %zd (%zd, %zd, %d, %d), exiting.\n",
++ Size, x, y, z, a);
++ exit(1);
++ }
++ return 0;
++}
++
++int AllLines[__LINE__ + 1]; // Must be the last line.
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleDictionaryTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleDictionaryTest.cpp
new file mode 100644
index 0000000000..ac3c4f5a52
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleDictionaryTest.cpp
@@ -0,0 +1,35 @@
+$NetBSD$
+
+--- test/fuzzer/SimpleDictionaryTest.cpp.orig 2017-08-19 18:02:19.287342583 +0000
++++ test/fuzzer/SimpleDictionaryTest.cpp
+@@ -0,0 +1,30 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer.
++// The fuzzer must find a string based on dictionary words:
++// "Elvis"
++// "Presley"
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <cstring>
++#include <iostream>
++#include <ostream>
++
++static volatile int Zero = 0;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ const char *Expected = "ElvisPresley";
++ if (Size < strlen(Expected)) return 0;
++ size_t Match = 0;
++ for (size_t i = 0; Expected[i]; i++)
++ if (Expected[i] + Zero == Data[i])
++ Match++;
++ if (Match == strlen(Expected)) {
++ std::cout << "BINGO; Found the target, exiting\n" << std::flush;
++ exit(1);
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleHashTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleHashTest.cpp
new file mode 100644
index 0000000000..a5d3d38bb5
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleHashTest.cpp
@@ -0,0 +1,45 @@
+$NetBSD$
+
+--- test/fuzzer/SimpleHashTest.cpp.orig 2017-08-19 18:02:19.287453036 +0000
++++ test/fuzzer/SimpleHashTest.cpp
+@@ -0,0 +1,40 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// This test computes a checksum of the data (all but the last 4 bytes),
++// and then compares the last 4 bytes with the computed value.
++// A fuzzer with cmp traces is expected to defeat this check.
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++// A modified jenkins_one_at_a_time_hash initialized by non-zero,
++// so that simple_hash(0) != 0. See also
++// https://en.wikipedia.org/wiki/Jenkins_hash_function
++static uint32_t simple_hash(const uint8_t *Data, size_t Size) {
++ uint32_t Hash = 0x12039854;
++ for (uint32_t i = 0; i < Size; i++) {
++ Hash += Data[i];
++ Hash += (Hash << 10);
++ Hash ^= (Hash >> 6);
++ }
++ Hash += (Hash << 3);
++ Hash ^= (Hash >> 11);
++ Hash += (Hash << 15);
++ return Hash;
++}
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 14)
++ return 0;
++
++ uint32_t Hash = simple_hash(&Data[0], Size - 4);
++ uint32_t Want = reinterpret_cast<const uint32_t *>(&Data[Size - 4])[0];
++ if (Hash != Want)
++ return 0;
++ fprintf(stderr, "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash,
++ (unsigned int)Want);
++ exit(1);
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleTest.cpp
new file mode 100644
index 0000000000..3942612625
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleTest.cpp
@@ -0,0 +1,33 @@
+$NetBSD$
+
+--- test/fuzzer/SimpleTest.cpp.orig 2017-08-19 18:02:19.287564326 +0000
++++ test/fuzzer/SimpleTest.cpp
+@@ -0,0 +1,28 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find the string "Hi!".
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++#include <ostream>
++
++static volatile int Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ assert(Data);
++ if (Size > 0 && Data[0] == 'H') {
++ Sink = 1;
++ if (Size > 1 && Data[1] == 'i') {
++ Sink = 2;
++ if (Size > 2 && Data[2] == '!') {
++ std::cout << "BINGO; Found the target, exiting\n" << std::flush;
++ exit(0);
++ }
++ }
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleThreadedTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleThreadedTest.cpp
new file mode 100644
index 0000000000..989437e4f6
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SimpleThreadedTest.cpp
@@ -0,0 +1,31 @@
+$NetBSD$
+
+--- test/fuzzer/SimpleThreadedTest.cpp.orig 2017-08-19 18:02:19.287673427 +0000
++++ test/fuzzer/SimpleThreadedTest.cpp
+@@ -0,0 +1,26 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Threaded test for a fuzzer. The fuzzer should find "H"
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstring>
++#include <iostream>
++#include <ostream>
++#include <thread>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ auto C = [&] {
++ if (Size >= 2 && Data[0] == 'H') {
++ std::cout << "BINGO; Found the target, exiting\n" << std::flush;
++ abort();
++ }
++ };
++ std::thread T[] = {std::thread(C), std::thread(C), std::thread(C),
++ std::thread(C), std::thread(C), std::thread(C)};
++ for (auto &X : T)
++ X.join();
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleByteInputTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleByteInputTest.cpp
new file mode 100644
index 0000000000..72f237de24
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleByteInputTest.cpp
@@ -0,0 +1,22 @@
+$NetBSD$
+
+--- test/fuzzer/SingleByteInputTest.cpp.orig 2017-08-19 18:02:19.287781530 +0000
++++ test/fuzzer/SingleByteInputTest.cpp
+@@ -0,0 +1,17 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer, need just one byte to crash.
++#include <cstddef>
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size > 0 && Data[Size/2] == 42) {
++ fprintf(stderr, "BINGO\n");
++ abort();
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleMemcmpTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleMemcmpTest.cpp
new file mode 100644
index 0000000000..79c975930a
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleMemcmpTest.cpp
@@ -0,0 +1,22 @@
+$NetBSD$
+
+--- test/fuzzer/SingleMemcmpTest.cpp.orig 2017-08-19 18:02:19.287892538 +0000
++++ test/fuzzer/SingleMemcmpTest.cpp
+@@ -0,0 +1,17 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find a particular string.
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ const char *S = (const char*)Data;
++ if (Size >= 6 && !memcmp(S, "qwerty", 6)) {
++ fprintf(stderr, "BINGO\n");
++ exit(1);
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleStrcmpTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleStrcmpTest.cpp
new file mode 100644
index 0000000000..89788a5a33
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleStrcmpTest.cpp
@@ -0,0 +1,26 @@
+$NetBSD$
+
+--- test/fuzzer/SingleStrcmpTest.cpp.orig 2017-08-19 18:02:19.288011068 +0000
++++ test/fuzzer/SingleStrcmpTest.cpp
+@@ -0,0 +1,21 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find a particular string.
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size >= 7) {
++ char Copy[7];
++ memcpy(Copy, Data, 6);
++ Copy[6] = 0;
++ if (!strcmp(Copy, "qwerty")) {
++ fprintf(stderr, "BINGO\n");
++ exit(1);
++ }
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleStrncmpTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleStrncmpTest.cpp
new file mode 100644
index 0000000000..96d2ec7b3c
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SingleStrncmpTest.cpp
@@ -0,0 +1,23 @@
+$NetBSD$
+
+--- test/fuzzer/SingleStrncmpTest.cpp.orig 2017-08-19 18:02:19.288125276 +0000
++++ test/fuzzer/SingleStrncmpTest.cpp
+@@ -0,0 +1,18 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find a particular string.
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ const char *S = (const char*)Data;
++ volatile auto Strncmp = &(strncmp); // Make sure strncmp is not inlined.
++ if (Size >= 6 && !Strncmp(S, "qwerty", 6)) {
++ fprintf(stderr, "BINGO\n");
++ exit(1);
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SpamyTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SpamyTest.cpp
new file mode 100644
index 0000000000..9f858e0619
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SpamyTest.cpp
@@ -0,0 +1,26 @@
+$NetBSD$
+
+--- test/fuzzer/SpamyTest.cpp.orig 2017-08-19 18:02:19.288237388 +0000
++++ test/fuzzer/SpamyTest.cpp
+@@ -0,0 +1,21 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// The test spams to stderr and stdout.
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstdio>
++#include <iostream>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ assert(Data);
++ printf("PRINTF_STDOUT\n");
++ fflush(stdout);
++ fprintf(stderr, "PRINTF_STDERR\n");
++ std::cout << "STREAM_COUT\n";
++ std::cout.flush();
++ std::cerr << "STREAM_CERR\n";
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_StrcmpTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_StrcmpTest.cpp
new file mode 100644
index 0000000000..39c24a331d
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_StrcmpTest.cpp
@@ -0,0 +1,37 @@
+$NetBSD$
+
+--- test/fuzzer/StrcmpTest.cpp.orig 2017-08-19 18:02:19.288352136 +0000
++++ test/fuzzer/StrcmpTest.cpp
+@@ -0,0 +1,32 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Break through a series of strcmp.
++#include <cassert>
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++bool Eq(const uint8_t *Data, size_t Size, const char *Str) {
++ char Buff[1024];
++ size_t Len = strlen(Str);
++ if (Size < Len) return false;
++ if (Len >= sizeof(Buff)) return false;
++ memcpy(Buff, (const char*)Data, Len);
++ Buff[Len] = 0;
++ int res = strcmp(Buff, Str);
++ return res == 0;
++}
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Eq(Data, Size, "ABC") &&
++ Size >= 3 && Eq(Data + 3, Size - 3, "QWER") &&
++ Size >= 7 && Eq(Data + 7, Size - 7, "ZXCVN") &&
++ Size >= 14 && Data[13] == 42
++ ) {
++ fprintf(stderr, "BINGO\n");
++ exit(1);
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_StrncmpOOBTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_StrncmpOOBTest.cpp
new file mode 100644
index 0000000000..c6e3979861
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_StrncmpOOBTest.cpp
@@ -0,0 +1,26 @@
+$NetBSD$
+
+--- test/fuzzer/StrncmpOOBTest.cpp.orig 2017-08-19 18:02:19.288464190 +0000
++++ test/fuzzer/StrncmpOOBTest.cpp
+@@ -0,0 +1,21 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test that libFuzzer itself does not read out of bounds.
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <cstring>
++#include <iostream>
++
++static volatile int Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 5) return 0;
++ const char *Ch = reinterpret_cast<const char *>(Data);
++ if (Ch[Size - 3] == 'a')
++ Sink = strncmp(Ch + Size - 3, "abcdefg", 6);
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_StrncmpTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_StrncmpTest.cpp
new file mode 100644
index 0000000000..801e305fae
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_StrncmpTest.cpp
@@ -0,0 +1,33 @@
+$NetBSD$
+
+--- test/fuzzer/StrncmpTest.cpp.orig 2017-08-19 18:02:19.288579066 +0000
++++ test/fuzzer/StrncmpTest.cpp
+@@ -0,0 +1,28 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find a particular string.
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++static volatile int sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ // TODO: check other sizes.
++ const char *S = (const char*)Data;
++ if (Size >= 8 && strncmp(S, "123", 8))
++ sink = 1;
++ if (Size >= 8 && strncmp(S, "01234567", 8) == 0) {
++ if (Size >= 12 && strncmp(S + 8, "ABCD", 4) == 0) {
++ if (Size >= 14 && strncmp(S + 12, "XY", 2) == 0) {
++ if (Size >= 17 && strncmp(S + 14, "KLM", 3) == 0) {
++ fprintf(stderr, "BINGO\n");
++ exit(1);
++ }
++ }
++ }
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_StrstrTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_StrstrTest.cpp
new file mode 100644
index 0000000000..687f792e6a
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_StrstrTest.cpp
@@ -0,0 +1,33 @@
+$NetBSD$
+
+--- test/fuzzer/StrstrTest.cpp.orig 2017-08-19 18:02:19.288692067 +0000
++++ test/fuzzer/StrstrTest.cpp
+@@ -0,0 +1,28 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Test strstr and strcasestr hooks.
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <string.h>
++#include <string>
++
++// Windows does not have strcasestr and memmem, so we are not testing them.
++#ifdef _WIN32
++#define strcasestr strstr
++#define memmem(a, b, c, d) true
++#endif
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 4) return 0;
++ std::string s(reinterpret_cast<const char*>(Data), Size);
++ if (strstr(s.c_str(), "FUZZ") &&
++ strcasestr(s.c_str(), "aBcD") &&
++ memmem(s.data(), s.size(), "kuku", 4)
++ ) {
++ fprintf(stderr, "BINGO\n");
++ exit(1);
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SwapCmpTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SwapCmpTest.cpp
new file mode 100644
index 0000000000..410a9afbdd
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SwapCmpTest.cpp
@@ -0,0 +1,40 @@
+$NetBSD$
+
+--- test/fuzzer/SwapCmpTest.cpp.orig 2017-08-19 18:02:19.288823805 +0000
++++ test/fuzzer/SwapCmpTest.cpp
+@@ -0,0 +1,35 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// The fuzzer must find several constants with swapped bytes.
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 14) return 0;
++ uint64_t x = 0;
++ uint32_t y = 0;
++ uint16_t z = 0;
++ memcpy(&x, Data, sizeof(x));
++ memcpy(&y, Data + Size / 2, sizeof(y));
++ memcpy(&z, Data + Size - sizeof(z), sizeof(z));
++
++ x = __builtin_bswap64(x);
++ y = __builtin_bswap32(y);
++ z = __builtin_bswap16(z);
++ const bool k32bit = sizeof(void*) == 4;
++
++ if ((k32bit || x == 0x46555A5A5A5A5546ULL) &&
++ z == 0x4F4B &&
++ y == 0x66757A7A &&
++ true
++ ) {
++ if (Data[Size - 3] == 'z') {
++ fprintf(stderr, "BINGO; Found the target\n");
++ exit(1);
++ }
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_Switch2Test.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_Switch2Test.cpp
new file mode 100644
index 0000000000..d50a2fd68a
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_Switch2Test.cpp
@@ -0,0 +1,40 @@
+$NetBSD$
+
+--- test/fuzzer/Switch2Test.cpp.orig 2017-08-19 18:02:19.288942008 +0000
++++ test/fuzzer/Switch2Test.cpp
+@@ -0,0 +1,35 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find the interesting switch value.
++#include <cstddef>
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++int Switch(int a) {
++ switch(a) {
++ case 100001: return 1;
++ case 100002: return 2;
++ case 100003: return 4;
++ }
++ return 0;
++}
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ const int N = 3;
++ if (Size < N * sizeof(int)) return 0;
++ int Res = 0;
++ for (int i = 0; i < N; i++) {
++ int X;
++ memcpy(&X, Data + i * sizeof(int), sizeof(int));
++ Res += Switch(X);
++ }
++ if (Res == 5 || Res == 3 || Res == 6 || Res == 7) {
++ fprintf(stderr, "BINGO; Found the target, exiting; Res=%d\n", Res);
++ exit(1);
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_SwitchTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_SwitchTest.cpp
new file mode 100644
index 0000000000..5ce9961015
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_SwitchTest.cpp
@@ -0,0 +1,63 @@
+$NetBSD$
+
+--- test/fuzzer/SwitchTest.cpp.orig 2017-08-19 18:02:19.289059734 +0000
++++ test/fuzzer/SwitchTest.cpp
+@@ -0,0 +1,58 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find the interesting switch value.
++#include <cstddef>
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++
++static volatile int Sink;
++
++template<class T>
++bool Switch(const uint8_t *Data, size_t Size) {
++ T X;
++ if (Size < sizeof(X)) return false;
++ memcpy(&X, Data, sizeof(X));
++ switch (X) {
++ case 1: Sink = __LINE__; break;
++ case 101: Sink = __LINE__; break;
++ case 1001: Sink = __LINE__; break;
++ case 10001: Sink = __LINE__; break;
++ case 100001: Sink = __LINE__; break;
++ case 1000001: Sink = __LINE__; break;
++ case 10000001: Sink = __LINE__; break;
++ case 100000001: return true;
++ }
++ return false;
++}
++
++bool ShortSwitch(const uint8_t *Data, size_t Size) {
++ short X;
++ if (Size < sizeof(short)) return false;
++ memcpy(&X, Data, sizeof(short));
++ switch(X) {
++ case 42: Sink = __LINE__; break;
++ case 402: Sink = __LINE__; break;
++ case 4002: Sink = __LINE__; break;
++ case 5002: Sink = __LINE__; break;
++ case 7002: Sink = __LINE__; break;
++ case 9002: Sink = __LINE__; break;
++ case 14002: Sink = __LINE__; break;
++ case 21402: return true;
++ }
++ return false;
++}
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size >= 4 && Switch<int>(Data, Size) &&
++ Size >= 12 && Switch<uint64_t>(Data + 4, Size - 4) &&
++ Size >= 14 && ShortSwitch(Data + 12, 2)
++ ) {
++ fprintf(stderr, "BINGO; Found the target, exiting\n");
++ exit(1);
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_TableLookupTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_TableLookupTest.cpp
new file mode 100644
index 0000000000..fc26b79ab7
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_TableLookupTest.cpp
@@ -0,0 +1,49 @@
+$NetBSD$
+
+--- test/fuzzer/TableLookupTest.cpp.orig 2017-08-19 18:02:19.289176689 +0000
++++ test/fuzzer/TableLookupTest.cpp
+@@ -0,0 +1,44 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Make sure the fuzzer eventually finds all possible values of a variable
++// within a range.
++#include <cassert>
++#include <cstdint>
++#include <cstdio>
++#include <cstdlib>
++#include <cstring>
++#include <set>
++
++const size_t N = 1 << 12;
++
++// Define an array of counters that will be understood by libFuzzer
++// as extra coverage signal. The array must be:
++// * uint8_t
++// * in the section named __libfuzzer_extra_counters.
++// The target code may declare more than one such array.
++//
++// Use either `Counters[Idx] = 1` or `Counters[Idx]++;`
++// depending on whether multiple occurrences of the event 'Idx'
++// is important to distinguish from one occurrence.
++#ifdef __linux__
++__attribute__((section("__libfuzzer_extra_counters")))
++#endif
++static uint8_t Counters[N];
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ static std::set<uint16_t> SeenIdx;
++ if (Size != 4) return 0;
++ uint32_t Idx;
++ memcpy(&Idx, Data, 4);
++ Idx %= N;
++ assert(Counters[Idx] == 0); // libFuzzer should reset these between the runs.
++ // Or Counters[Idx]=1 if we don't care how many times this happened.
++ Counters[Idx]++;
++ SeenIdx.insert(Idx);
++ if (SeenIdx.size() == N) {
++ fprintf(stderr, "BINGO: found all values\n");
++ abort();
++ }
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_ThreadedLeakTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_ThreadedLeakTest.cpp
new file mode 100644
index 0000000000..3be6d07797
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_ThreadedLeakTest.cpp
@@ -0,0 +1,23 @@
+$NetBSD$
+
+--- test/fuzzer/ThreadedLeakTest.cpp.orig 2017-08-19 18:02:19.289287843 +0000
++++ test/fuzzer/ThreadedLeakTest.cpp
+@@ -0,0 +1,18 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// The fuzzer should find a leak in a non-main thread.
++#include <cstddef>
++#include <cstdint>
++#include <thread>
++
++static volatile int *Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size == 0) return 0;
++ if (Data[0] != 'F') return 0;
++ std::thread T([&] { Sink = new int; });
++ T.join();
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_ThreadedTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_ThreadedTest.cpp
new file mode 100644
index 0000000000..f09e94b962
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_ThreadedTest.cpp
@@ -0,0 +1,31 @@
+$NetBSD$
+
+--- test/fuzzer/ThreadedTest.cpp.orig 2017-08-19 18:02:19.289402316 +0000
++++ test/fuzzer/ThreadedTest.cpp
+@@ -0,0 +1,26 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Threaded test for a fuzzer. The fuzzer should not crash.
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstring>
++#include <thread>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 8) return 0;
++ assert(Data);
++ auto C = [&] {
++ size_t Res = 0;
++ for (size_t i = 0; i < Size / 2; i++)
++ Res += memcmp(Data, Data + Size / 2, 4);
++ return Res;
++ };
++ std::thread T[] = {std::thread(C), std::thread(C), std::thread(C),
++ std::thread(C), std::thread(C), std::thread(C)};
++ for (auto &X : T)
++ X.join();
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_TimeoutEmptyTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_TimeoutEmptyTest.cpp
new file mode 100644
index 0000000000..8cfc19eccd
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_TimeoutEmptyTest.cpp
@@ -0,0 +1,19 @@
+$NetBSD$
+
+--- test/fuzzer/TimeoutEmptyTest.cpp.orig 2017-08-19 18:02:19.289516338 +0000
++++ test/fuzzer/TimeoutEmptyTest.cpp
+@@ -0,0 +1,14 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find the empty string.
++#include <cstddef>
++#include <cstdint>
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ static volatile int Zero = 0;
++ if (!Size)
++ while(!Zero)
++ ;
++ return 0;
++}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_TimeoutTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_TimeoutTest.cpp
new file mode 100644
index 0000000000..a177f581bd
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_TimeoutTest.cpp
@@ -0,0 +1,31 @@
+$NetBSD$
+
+--- test/fuzzer/TimeoutTest.cpp.orig 2017-08-19 18:02:19.289650327 +0000
++++ test/fuzzer/TimeoutTest.cpp
+@@ -0,0 +1,26 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. The fuzzer must find the string "Hi!".
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++
++static volatile int Sink;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size > 0 && Data[0] == 'H') {
++ Sink = 1;
++ if (Size > 1 && Data[1] == 'i') {
++ Sink = 2;
++ if (Size > 2 && Data[2] == '!') {
++ Sink = 2;
++ while (Sink)
++ ;
++ }
++ }
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_TraceMallocTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_TraceMallocTest.cpp
new file mode 100644
index 0000000000..df5314ab84
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_TraceMallocTest.cpp
@@ -0,0 +1,32 @@
+$NetBSD$
+
+--- test/fuzzer/TraceMallocTest.cpp.orig 2017-08-19 18:02:19.289765223 +0000
++++ test/fuzzer/TraceMallocTest.cpp
+@@ -0,0 +1,27 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Tests -trace_malloc
++#include <assert.h>
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++
++int *Ptr;
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (!Size) return 0;
++ if (*Data == 1) {
++ delete Ptr;
++ Ptr = nullptr;
++ } else if (*Data == 2) {
++ delete Ptr;
++ Ptr = new int;
++ } else if (*Data == 3) {
++ if (!Ptr)
++ Ptr = new int;
++ }
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_TwoDifferentBugsTest.cpp b/compiler-rt-netbsd/patches/patch-test_fuzzer_TwoDifferentBugsTest.cpp
new file mode 100644
index 0000000000..cc70e13c5d
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_TwoDifferentBugsTest.cpp
@@ -0,0 +1,27 @@
+$NetBSD$
+
+--- test/fuzzer/TwoDifferentBugsTest.cpp.orig 2017-08-19 18:02:19.289878817 +0000
++++ test/fuzzer/TwoDifferentBugsTest.cpp
+@@ -0,0 +1,22 @@
++// This file is distributed under the University of Illinois Open Source
++// License. See LICENSE.TXT for details.
++
++// Simple test for a fuzzer. This test may trigger two different bugs.
++#include <cstddef>
++#include <cstdint>
++#include <cstdlib>
++#include <iostream>
++
++static volatile int *Null = 0;
++
++void Foo() { Null[1] = 0; }
++void Bar() { Null[2] = 0; }
++
++extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
++ if (Size < 10 && Data[0] == 'H')
++ Foo();
++ if (Size >= 10 && Data[0] == 'H')
++ Bar();
++ return 0;
++}
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver-extra-stats.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver-extra-stats.test
new file mode 100644
index 0000000000..9795072e94
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver-extra-stats.test
@@ -0,0 +1,35 @@
+$NetBSD$
+
+--- test/fuzzer/afl-driver-extra-stats.test.orig 2017-08-19 18:02:19.289993703 +0000
++++ test/fuzzer/afl-driver-extra-stats.test
+@@ -0,0 +1,30 @@
++RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %libfuzzer_src/afl/afl_driver.cpp -o %t-AFLDriverTest
++
++; Test that not specifying an extra stats file isn't broken.
++RUN: unset AFL_DRIVER_EXTRA_STATS_FILENAME
++RUN: %t-AFLDriverTest
++
++; Test that specifying an invalid extra stats file causes a crash.
++RUN: ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%T not --crash %t-AFLDriverTest
++
++; Test that specifying a corrupted stats file causes a crash.
++echo "peak_rss_mb :0" > %t
++ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%t not --crash %t-AFLDriverTest
++
++; Test that specifying a valid nonexistent stats file works.
++RUN: rm -f %t
++RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest
++RUN: [[ $(grep "peak_rss_mb\|slowest_unit_time_sec" %t | wc -l) -eq 2 ]]
++
++; Test that specifying a valid preexisting stats file works.
++RUN: printf "peak_rss_mb : 0\nslowest_unit_time_sec: 0\n" > %t
++RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest
++; Check that both lines were printed.
++RUN: [[ $(grep "peak_rss_mb\|slowest_unit_time_sec" %t | wc -l) -eq 2 ]]
++
++; Test that peak_rss_mb and slowest_unit_time_in_secs are only updated when necessary.
++; Check that both lines have 9999 since there's no way we have exceeded that
++; amount of time or virtual memory.
++RUN: printf "peak_rss_mb : 9999\nslowest_unit_time_sec: 9999\n" > %t
++RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest
++RUN: [[ $(grep "9999" %t | wc -l) -eq 2 ]]
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver-stderr.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver-stderr.test
new file mode 100644
index 0000000000..b96ecd4a81
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver-stderr.test
@@ -0,0 +1,17 @@
+$NetBSD$
+
+--- test/fuzzer/afl-driver-stderr.test.orig 2017-08-19 18:02:19.290115039 +0000
++++ test/fuzzer/afl-driver-stderr.test
+@@ -0,0 +1,12 @@
++RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %libfuzzer_src/afl/afl_driver.cpp -o %t-AFLDriverTest
++
++; Test that not specifying a stderr file isn't broken.
++RUN: unset AFL_DRIVER_STDERR_DUPLICATE_FILENAME
++RUN: %t-AFLDriverTest
++
++; Test that specifying an invalid file causes a crash.
++RUN: ASAN_OPTIONS= AFL_DRIVER_STDERR_DUPLICATE_FILENAME="%T" not --crash %t-AFLDriverTest
++
++; Test that a file is created when specified as the duplicate stderr.
++RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=%t %t-AFLDriverTest
++RUN: stat %t
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver.test
new file mode 100644
index 0000000000..39211ebeb8
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_afl-driver.test
@@ -0,0 +1,34 @@
+$NetBSD$
+
+--- test/fuzzer/afl-driver.test.orig 2017-08-19 18:02:19.290234492 +0000
++++ test/fuzzer/afl-driver.test
+@@ -0,0 +1,29 @@
++REQUIRES: linux
++
++RUN: %no_fuzzer_cpp_compiler -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard %S/AFLDriverTest.cpp %libfuzzer_src/afl/afl_driver.cpp -o %t-AFLDriverTest
++
++RUN: echo -n "abc" > %t.file3
++RUN: echo -n "abcd" > %t.file4
++
++RUN: %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK1
++CHECK1: __afl_persistent_loop calle, Count = 1000
++CHECK1: LLVMFuzzerTestOneInput called; Size = 3
++
++
++RUN: %t-AFLDriverTest < %t.file3 -42 2>&1 | FileCheck %s --check-prefix=CHECK2
++CHECK2: __afl_persistent_loop calle, Count = 42
++CHECK2: LLVMFuzzerTestOneInput called; Size = 3
++
++
++RUN: %t-AFLDriverTest < %t.file3 666 2>&1 | FileCheck %s --check-prefix=CHECK3
++CHECK3: WARNING: using the deprecated call style
++CHECK3: __afl_persistent_loop calle, Count = 666
++CHECK3: LLVMFuzzerTestOneInput called; Size = 3
++
++
++RUN: %t-AFLDriverTest %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK4
++CHECK4: LLVMFuzzerTestOneInput called; Size = 3
++
++RUN: %t-AFLDriverTest %t.file3 %t.file4 2>&1 | FileCheck %s --check-prefix=CHECK5
++CHECK5: LLVMFuzzerTestOneInput called; Size = 3
++CHECK5: LLVMFuzzerTestOneInput called; Size = 4
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_bad-strcmp.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_bad-strcmp.test
new file mode 100644
index 0000000000..528cba5fb8
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_bad-strcmp.test
@@ -0,0 +1,7 @@
+$NetBSD$
+
+--- test/fuzzer/bad-strcmp.test.orig 2017-08-19 18:02:19.290355547 +0000
++++ test/fuzzer/bad-strcmp.test
+@@ -0,0 +1,2 @@
++RUN: %cpp_compiler %S/BadStrcmpTest.cpp -o %t-BadStrcmpTest
++RUN: %t-BadStrcmpTest -runs=100000
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_caller-callee.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_caller-callee.test
new file mode 100644
index 0000000000..0ff39720f1
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_caller-callee.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/caller-callee.test.orig 2017-08-19 18:02:19.290475379 +0000
++++ test/fuzzer/caller-callee.test
+@@ -0,0 +1,3 @@
++RUN: %cpp_compiler %S/CallerCalleeTest.cpp -o %t-CallerCalleeTest
++CHECK: BINGO
++RUN: not %t-CallerCalleeTest -use_value_profile=1 -cross_over=0 -seed=1 -runs=10000000 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_cleanse.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_cleanse.test
new file mode 100644
index 0000000000..126db0faa7
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_cleanse.test
@@ -0,0 +1,9 @@
+$NetBSD$
+
+--- test/fuzzer/cleanse.test.orig 2017-08-19 18:02:19.290592084 +0000
++++ test/fuzzer/cleanse.test
+@@ -0,0 +1,4 @@
++RUN: %cpp_compiler %S/CleanseTest.cpp -o %t-CleanseTest
++RUN: echo -n 0123456789ABCDEFGHIZ > %t-in
++RUN: %t-CleanseTest -cleanse_crash=1 %t-in -exact_artifact_path=%t-out
++RUN: echo -n ' 1 5 A Z' | diff - %t-out
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_coverage.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_coverage.test
new file mode 100644
index 0000000000..05ef30fe05
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_coverage.test
@@ -0,0 +1,26 @@
+$NetBSD$
+
+--- test/fuzzer/coverage.test.orig 2017-08-19 18:02:19.290710907 +0000
++++ test/fuzzer/coverage.test
+@@ -0,0 +1,21 @@
++RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/NullDerefTest.cpp -o %t-NullDerefTest
++RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO1.cpp -fPIC -shared -o %t-DSO1.so
++RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO2.cpp -fPIC -shared -o %t-DSO2.so
++RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-DSO1.so %t-DSO2.so -o %t-DSOTest
++
++CHECK: COVERAGE:
++CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:13
++CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:14
++CHECK-DAG: COVERED: {{.*}}in LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:16
++RUN: not %t-NullDerefTest -print_coverage=1 2>&1 | FileCheck %s
++
++RUN: %t-DSOTest -print_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO
++DSO: COVERAGE:
++DSO-DAG: COVERED:{{.*}}DSO1{{.*}}DSO1.cpp
++DSO-DAG: COVERED:{{.*}}DSO2{{.*}}DSO2.cpp
++DSO-DAG: COVERED:{{.*}}LLVMFuzzerTestOneInput{{.*}}DSOTestMain
++DSO-DAG: UNCOVERED_LINE:{{.*}}DSO1{{.*}}DSO1.cpp
++DSO-DAG: UNCOVERED_LINE:{{.*}}DSO2{{.*}}DSO2.cpp
++DSO-DAG: UNCOVERED_FUNC: in Uncovered1
++DSO-DAG: UNCOVERED_FUNC: in Uncovered2
++DSO-DAG: UNCOVERED_LINE: in LLVMFuzzerTestOneInput
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_cxxstring.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_cxxstring.test
new file mode 100644
index 0000000000..3417d0ee29
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_cxxstring.test
@@ -0,0 +1,11 @@
+$NetBSD$
+
+--- test/fuzzer/cxxstring.test.orig 2017-08-19 18:02:19.290826980 +0000
++++ test/fuzzer/cxxstring.test
+@@ -0,0 +1,6 @@
++UNSUPPORTED: windows
++
++RUN: %cpp_compiler %S/CxxStringEqTest.cpp -o %t-CxxStringEqTest
++
++RUN: not %t-CxxStringEqTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
++CHECK: BINGO
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_dict1.txt b/compiler-rt-netbsd/patches/patch-test_fuzzer_dict1.txt
new file mode 100644
index 0000000000..be98bafcd3
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_dict1.txt
@@ -0,0 +1,9 @@
+$NetBSD$
+
+--- test/fuzzer/dict1.txt.orig 2017-08-19 18:02:19.290942467 +0000
++++ test/fuzzer/dict1.txt
+@@ -0,0 +1,4 @@
++# Dictionary for SimpleDictionaryTest
++
++a="Elvis"
++b="Presley"
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_disable-leaks.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_disable-leaks.test
new file mode 100644
index 0000000000..03a81c5062
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_disable-leaks.test
@@ -0,0 +1,10 @@
+$NetBSD$
+
+--- test/fuzzer/disable-leaks.test.orig 2017-08-19 18:02:19.291058715 +0000
++++ test/fuzzer/disable-leaks.test
+@@ -0,0 +1,5 @@
++REQUIRES: lsan
++RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-AccumulateAllocationsTest
++RUN: %t-AccumulateAllocationsTest -detect_leaks=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=ACCUMULATE_ALLOCS
++ACCUMULATE_ALLOCS: INFO: libFuzzer disabled leak detection after every mutation
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_dump__coverage.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_dump__coverage.test
new file mode 100644
index 0000000000..1121fcb4ed
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_dump__coverage.test
@@ -0,0 +1,25 @@
+$NetBSD$
+
+--- test/fuzzer/dump_coverage.test.orig 2017-08-19 18:02:19.291194021 +0000
++++ test/fuzzer/dump_coverage.test
+@@ -0,0 +1,20 @@
++RUN: %cpp_compiler %S/DSO1.cpp -fPIC -shared -o %t-DSO1.so
++RUN: %cpp_compiler %S/DSO2.cpp -fPIC -shared -o %t-DSO2.so
++RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-DSO1.so %t-DSO2.so -o %t-DSOTest
++
++RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
++
++RUN: rm -rf %t_workdir && mkdir -p %t_workdir
++RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %t-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s
++RUN: sancov -covered-functions %t-NullDerefTest* %t_workdir/*.sancov | FileCheck %s --check-prefix=SANCOV
++RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' %t-DSOTest -dump_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO
++RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %t-NullDerefTest -dump_coverage=0 2>&1 | FileCheck %s --check-prefix=NOCOV
++
++CHECK: SanitizerCoverage: {{.*}}NullDerefTest.{{.*}}.sancov: {{.*}} PCs written
++SANCOV: LLVMFuzzerTestOneInput
++
++DSO: SanitizerCoverage: {{.*}}DSOTest.{{.*}}.sancov: {{.*}} PCs written
++DSO-DAG: SanitizerCoverage: {{.*}}DSO1.{{.*}}.sancov: {{.*}} PCs written
++DSO-DAG: SanitizerCoverage: {{.*}}DSO2.{{.*}}.sancov: {{.*}} PCs written
++
++NOCOV-NOT: SanitizerCoverage: {{.*}} PCs written
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_equivalence-signals.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_equivalence-signals.test
new file mode 100644
index 0000000000..b9f96392bd
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_equivalence-signals.test
@@ -0,0 +1,14 @@
+$NetBSD$
+
+--- test/fuzzer/equivalence-signals.test.orig 2017-08-19 18:02:19.291310217 +0000
++++ test/fuzzer/equivalence-signals.test
+@@ -0,0 +1,9 @@
++# Run EquivalenceATest against itself with a small timeout
++# to stress the signal handling and ensure that shmem doesn't mind
++# the signals.
++
++RUN: %cpp_compiler %S/EquivalenceATest.cpp -o %t-EquivalenceATest
++RUN: %t-EquivalenceATest -timeout=1 -run_equivalence_server=EQUIV_SIG_TEST & export APID=$!
++RUN: sleep 3
++RUN: %t-EquivalenceATest -timeout=1 -use_equivalence_server=EQUIV_SIG_TEST -runs=500000 2>&1
++RUN: kill -9 $APID
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_equivalence.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_equivalence.test
new file mode 100644
index 0000000000..f431a40567
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_equivalence.test
@@ -0,0 +1,14 @@
+$NetBSD$
+
+--- test/fuzzer/equivalence.test.orig 2017-08-19 18:02:19.291428703 +0000
++++ test/fuzzer/equivalence.test
+@@ -0,0 +1,9 @@
++RUN: %cpp_compiler %S/EquivalenceATest.cpp -o %t-EquivalenceATest
++RUN: %cpp_compiler %S/EquivalenceBTest.cpp -o %t-EquivalenceBTest
++
++RUN: %t-EquivalenceATest -run_equivalence_server=EQUIV_TEST & export APID=$!
++RUN: sleep 3
++RUN: not %t-EquivalenceBTest -use_equivalence_server=EQUIV_TEST -max_len=4096 2>&1 | FileCheck %s
++CHECK: ERROR: libFuzzer: equivalence-mismatch. Sizes: {{.*}}; offset 2
++CHECK: SUMMARY: libFuzzer: equivalence-mismatch
++RUN: kill -9 $APID
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_exit-report.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_exit-report.test
new file mode 100644
index 0000000000..c24ee09a42
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_exit-report.test
@@ -0,0 +1,11 @@
+$NetBSD$
+
+--- test/fuzzer/exit-report.test.orig 2017-08-19 18:02:19.291546414 +0000
++++ test/fuzzer/exit-report.test
+@@ -0,0 +1,6 @@
++RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
++RUN: not %t-SimpleTest 2>&1 | FileCheck %s
++
++CHECK: ERROR: libFuzzer: fuzz target exited
++CHECK: SUMMARY: libFuzzer: fuzz target exited
++CHECK: Test unit written to
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_exit__on__src__pos.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_exit__on__src__pos.test
new file mode 100644
index 0000000000..c3a00046f2
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_exit__on__src__pos.test
@@ -0,0 +1,13 @@
+$NetBSD$
+
+--- test/fuzzer/exit_on_src_pos.test.orig 2017-08-19 18:02:19.291663507 +0000
++++ test/fuzzer/exit_on_src_pos.test
+@@ -0,0 +1,8 @@
++# Temporary use -mllvm -use-unknown-locations=Disable so that
++# all instructions have debug info (file line numbers) attached.
++RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest -mllvm -use-unknown-locations=Disable
++RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest
++
++RUN: %t-SimpleTest -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
++RUN: %t-ShrinkControlFlowTest -exit_on_src_pos=Foo 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
++EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_extra-counters.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_extra-counters.test
new file mode 100644
index 0000000000..9fc99ebc9e
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_extra-counters.test
@@ -0,0 +1,12 @@
+$NetBSD$
+
+--- test/fuzzer/extra-counters.test.orig 2017-08-19 18:02:19.291784050 +0000
++++ test/fuzzer/extra-counters.test
+@@ -0,0 +1,7 @@
++REQUIRES: linux
++
++RUN: %cpp_compiler %S/TableLookupTest.cpp -o %t-TableLookupTest
++RUN: not %t-TableLookupTest -print_final_stats=1 2>&1 | FileCheck %s
++CHECK: BINGO
++// Expecting >= 4096 new_units_added
++CHECK: stat::new_units_added:{{.*[4][0-9][0-9][0-9]}}
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-customcrossover.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-customcrossover.test
new file mode 100644
index 0000000000..fee72c7748
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-customcrossover.test
@@ -0,0 +1,17 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-customcrossover.test.orig 2017-08-19 18:02:19.291913215 +0000
++++ test/fuzzer/fuzzer-customcrossover.test
+@@ -0,0 +1,12 @@
++RUN: %cpp_compiler %S/CustomCrossOverTest.cpp -o %t-CustomCrossOverTest
++
++RUN: rm -rf %t/CustomCrossover
++RUN: mkdir -p %t/CustomCrossover
++RUN: echo "0123456789" > %t/CustomCrossover/digits
++RUN: echo "abcdefghij" > %t/CustomCrossover/chars
++RUN: not %t-CustomCrossOverTest -seed=1 -runs=100000 %t/CustomCrossover 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomCrossover
++RUN: rm -rf %t/CustomCrossover
++
++LLVMFuzzerCustomCrossover: In LLVMFuzzerCustomCrossover
++LLVMFuzzerCustomCrossover: BINGO
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-customcrossoverandmutate.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-customcrossoverandmutate.test
new file mode 100644
index 0000000000..f06d9396aa
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-customcrossoverandmutate.test
@@ -0,0 +1,7 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-customcrossoverandmutate.test.orig 2017-08-19 18:02:19.292035528 +0000
++++ test/fuzzer/fuzzer-customcrossoverandmutate.test
+@@ -0,0 +1,2 @@
++RUN: %cpp_compiler %S/CustomCrossOverAndMutateTest.cpp -o %t-CustomCrossOverAndMutateTest
++RUN: %t-CustomCrossOverAndMutateTest -seed=1 -runs=100000
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-custommutator.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-custommutator.test
new file mode 100644
index 0000000000..1d5c8d215e
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-custommutator.test
@@ -0,0 +1,10 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-custommutator.test.orig 2017-08-19 18:02:19.292150944 +0000
++++ test/fuzzer/fuzzer-custommutator.test
+@@ -0,0 +1,5 @@
++RUN: %cpp_compiler %S/CustomMutatorTest.cpp -o %t-CustomMutatorTest
++RUN: not %t-CustomMutatorTest 2>&1 | FileCheck %s --check-prefix=LLVMFuzzerCustomMutator
++LLVMFuzzerCustomMutator: In LLVMFuzzerCustomMutator
++LLVMFuzzerCustomMutator: BINGO
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-dict.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-dict.test
new file mode 100644
index 0000000000..3a3f576312
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-dict.test
@@ -0,0 +1,13 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-dict.test.orig 2017-08-19 18:02:19.292270169 +0000
++++ test/fuzzer/fuzzer-dict.test
+@@ -0,0 +1,8 @@
++RUN: %cpp_compiler %S/SimpleDictionaryTest.cpp -o %t-SimpleDictionaryTest
++
++CHECK: BINGO
++Done1000000: Done 1000000 runs in
++
++RUN: not %t-SimpleDictionaryTest -dict=%S/dict1.txt -seed=1 -runs=1000003 2>&1 | FileCheck %s
++RUN: %t-SimpleDictionaryTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-dirs.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-dirs.test
new file mode 100644
index 0000000000..89150e3731
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-dirs.test
@@ -0,0 +1,26 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-dirs.test.orig 2017-08-19 18:02:19.292391997 +0000
++++ test/fuzzer/fuzzer-dirs.test
+@@ -0,0 +1,21 @@
++RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
++
++RUN: rm -rf %t/SUB1
++RUN: mkdir -p %t/SUB1/SUB2/SUB3
++RUN: echo a > %t/SUB1/a
++RUN: echo b > %t/SUB1/SUB2/b
++RUN: echo c > %t/SUB1/SUB2/SUB3/c
++RUN: %t-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=SUBDIRS
++SUBDIRS: READ units: 3
++RUN: echo -n zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz > %t/SUB1/f64
++RUN: cat %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 > %t/SUB1/f256
++RUN: cat %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 > %t/SUB1/f1024
++RUN: cat %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 > %t/SUB1/f4096
++RUN: cat %t/SUB1/f4096 %t/SUB1/f4096 > %t/SUB1/f8192
++RUN: %t-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=LONG
++LONG: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 8192 bytes
++RUN: rm -rf %t/SUB1
++
++RUN: not %t-SimpleTest NONEXISTENT_DIR 2>&1 | FileCheck %s --check-prefix=NONEXISTENT_DIR
++NONEXISTENT_DIR: No such directory: NONEXISTENT_DIR; exiting
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-fdmask.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-fdmask.test
new file mode 100644
index 0000000000..5641b97216
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-fdmask.test
@@ -0,0 +1,37 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-fdmask.test.orig 2017-08-19 18:02:19.292513640 +0000
++++ test/fuzzer/fuzzer-fdmask.test
+@@ -0,0 +1,32 @@
++RUN: %cpp_compiler %S/SpamyTest.cpp -o %t-SpamyTest
++
++RUN: %t-SpamyTest -runs=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_0
++RUN: %t-SpamyTest -runs=1 -close_fd_mask=0 2>&1 | FileCheck %s --check-prefix=FD_MASK_0
++RUN: %t-SpamyTest -runs=1 -close_fd_mask=1 2>&1 | FileCheck %s --check-prefix=FD_MASK_1
++RUN: %t-SpamyTest -runs=1 -close_fd_mask=2 2>&1 | FileCheck %s --check-prefix=FD_MASK_2
++RUN: %t-SpamyTest -runs=1 -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=FD_MASK_3
++
++FD_MASK_0: PRINTF_STDOUT
++FD_MASK_0: PRINTF_STDERR
++FD_MASK_0: STREAM_COUT
++FD_MASK_0: STREAM_CERR
++FD_MASK_0: INITED
++
++FD_MASK_1-NOT: PRINTF_STDOUT
++FD_MASK_1: PRINTF_STDERR
++FD_MASK_1-NOT: STREAM_COUT
++FD_MASK_1: STREAM_CERR
++FD_MASK_1: INITED
++
++FD_MASK_2: PRINTF_STDOUT
++FD_MASK_2-NOT: PRINTF_STDERR
++FD_MASK_2: STREAM_COUT
++FD_MASK_2-NOTE: STREAM_CERR
++FD_MASK_2: INITED
++
++FD_MASK_3-NOT: PRINTF_STDOUT
++FD_MASK_3-NOT: PRINTF_STDERR
++FD_MASK_3-NOT: STREAM_COUT
++FD_MASK_3-NOT: STREAM_CERR
++FD_MASK_3: INITED
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-finalstats.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-finalstats.test
new file mode 100644
index 0000000000..a40a91e4e7
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-finalstats.test
@@ -0,0 +1,17 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-finalstats.test.orig 2017-08-19 18:02:19.292642662 +0000
++++ test/fuzzer/fuzzer-finalstats.test
+@@ -0,0 +1,12 @@
++RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
++RUN: %t-SimpleTest -seed=1 -runs=77 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS
++FINAL_STATS: stat::number_of_executed_units: 77
++FINAL_STATS: stat::average_exec_per_sec: 0
++FINAL_STATS: stat::new_units_added:
++FINAL_STATS: stat::slowest_unit_time_sec: 0
++FINAL_STATS: stat::peak_rss_mb:
++
++RUN: %t-SimpleTest %S/dict1.txt -runs=33 -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=FINAL_STATS1
++FINAL_STATS1: stat::number_of_executed_units: 33
++FINAL_STATS1: stat::peak_rss_mb:
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-flags.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-flags.test
new file mode 100644
index 0000000000..f314b9de4c
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-flags.test
@@ -0,0 +1,24 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-flags.test.orig 2017-08-19 18:02:19.292776433 +0000
++++ test/fuzzer/fuzzer-flags.test
+@@ -0,0 +1,19 @@
++RUN: %cpp_compiler %S/FlagsTest.cpp -o %t-FlagsTest
++RUN: not %t-FlagsTest -foo_bar=1 2>&1 | FileCheck %s --check-prefix=FOO_BAR
++FOO_BAR: WARNING: unrecognized flag '-foo_bar=1'; use -help=1 to list all flags
++FOO_BAR: BINGO
++
++RUN: not %t-FlagsTest -runs=10 --max_len=100 2>&1 | FileCheck %s --check-prefix=DASH_DASH
++DASH_DASH: WARNING: did you mean '-max_len=100' (single dash)?
++DASH_DASH: INFO: A corpus is not provided, starting from an empty corpus
++
++RUN: %t-FlagsTest -help=1 2>&1 | FileCheck %s --check-prefix=NO_INTERNAL
++NO_INTERNAL-NOT: internal flag
++
++RUN: not %t-FlagsTest --foo-bar -runs=10 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU
++PASSTHRU: BINGO --foo-bar --baz -help=1 test
++
++RUN: mkdir -p %t/T0 %t/T1
++RUN: touch %t/T1/empty
++RUN: not %t-FlagsTest --foo-bar -merge=1 %t/T0 %t/T1 -ignore_remaining_args=1 --baz -help=1 test 2>&1 | FileCheck %s --check-prefix=PASSTHRU-MERGE
++PASSTHRU-MERGE: BINGO --foo-bar --baz -help=1 test
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-leak.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-leak.test
new file mode 100644
index 0000000000..92b6d13cec
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-leak.test
@@ -0,0 +1,42 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-leak.test.orig 2017-08-19 18:02:19.292905180 +0000
++++ test/fuzzer/fuzzer-leak.test
+@@ -0,0 +1,37 @@
++REQUIRES: lsan
++RUN: %cpp_compiler %S/LeakTest.cpp -o %t-LeakTest
++RUN: %cpp_compiler %S/ThreadedLeakTest.cpp -o %t-ThreadedLeakTest
++RUN: %cpp_compiler %S/LeakTimeoutTest.cpp -o %t-LeakTimeoutTest
++
++RUN: not %t-LeakTest -runs=100000 -detect_leaks=1 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
++LEAK_DURING: ERROR: LeakSanitizer: detected memory leaks
++LEAK_DURING: Direct leak of 4 byte(s) in 1 object(s) allocated from:
++LEAK_DURING: INFO: to ignore leaks on libFuzzer side use -detect_leaks=0
++LEAK_DURING: Test unit written to ./leak-
++LEAK_DURING-NOT: DONE
++LEAK_DURING-NOT: Done
++
++RUN: not %t-LeakTest -runs=0 -detect_leaks=1 %S 2>&1 | FileCheck %s --check-prefix=LEAK_IN_CORPUS
++LEAK_IN_CORPUS: ERROR: LeakSanitizer: detected memory leaks
++LEAK_IN_CORPUS: INFO: a leak has been found in the initial corpus.
++
++RUN: not %t-LeakTest -runs=100000000 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=MULTI_RUN_LEAK
++MULTI_RUN_LEAK-NOT: pulse
++MULTI_RUN_LEAK: LeakSanitizer: detected memory leaks
++
++RUN: not %t-LeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER
++RUN: not %t-LeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
++RUN: not %t-ThreadedLeakTest -runs=100000 -detect_leaks=0 2>&1 | FileCheck %s --check-prefix=LEAK_AFTER
++RUN: not %t-ThreadedLeakTest -runs=100000 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
++LEAK_AFTER: Done 100000 runs in
++LEAK_AFTER: ERROR: LeakSanitizer: detected memory leaks
++
++RUN: not %t-LeakTest -runs=100000 -max_len=1 2>&1 | FileCheck %s --check-prefix=MAX_LEN_1
++MAX_LEN_1: Test unit written to ./leak-7cf184f4c67ad58283ecb19349720b0cae756829
++
++RUN: not %t-LeakTimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=LEAK_TIMEOUT
++LEAK_TIMEOUT: ERROR: libFuzzer: timeout after
++LEAK_TIMEOUT-NOT: LeakSanitizer
++
++
++RUN: %t-LeakTest -error_exitcode=0
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-oom-with-profile.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-oom-with-profile.test
new file mode 100644
index 0000000000..92bf3cc401
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-oom-with-profile.test
@@ -0,0 +1,12 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-oom-with-profile.test.orig 2017-08-19 18:02:19.293022847 +0000
++++ test/fuzzer/fuzzer-oom-with-profile.test
+@@ -0,0 +1,7 @@
++REQUIRES: linux
++RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-OutOfMemoryTest
++RUN: not %t-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s
++CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 300Mb)
++CHECK: Live Heap Allocations
++CHECK: Test unit written to ./oom-
++SUMMARY: libFuzzer: out-of-memory
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-oom.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-oom.test
new file mode 100644
index 0000000000..8ea7e3d04b
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-oom.test
@@ -0,0 +1,25 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-oom.test.orig 2017-08-19 18:02:19.293150199 +0000
++++ test/fuzzer/fuzzer-oom.test
+@@ -0,0 +1,20 @@
++RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-OutOfMemoryTest
++RUN: %cpp_compiler %S/OutOfMemorySingleLargeMallocTest.cpp -o %t-OutOfMemorySingleLargeMallocTest
++RUN: %cpp_compiler %S/AccumulateAllocationsTest.cpp -o %t-AccumulateAllocationsTest
++
++RUN: not %t-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s
++
++CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 300Mb)
++CHECK: Test unit written to ./oom-
++SUMMARY: libFuzzer: out-of-memory
++
++RUN: not %t-OutOfMemorySingleLargeMallocTest -rss_limit_mb=300 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC
++
++We used to check for "out-of-memory (malloc(53{{.*}}))", but that would fail
++sometimes, so now we accept any OOM message.
++
++SINGLE_LARGE_MALLOC: libFuzzer: out-of-memory
++SINGLE_LARGE_MALLOC: in LLVMFuzzerTestOneInput
++
++# Check that -rss_limit_mb=0 means no limit.
++RUN: %t-AccumulateAllocationsTest -runs=1000 -rss_limit_mb=0
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-printcovpcs.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-printcovpcs.test
new file mode 100644
index 0000000000..c78e35bda5
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-printcovpcs.test
@@ -0,0 +1,14 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-printcovpcs.test.orig 2017-08-19 18:02:19.293271013 +0000
++++ test/fuzzer/fuzzer-printcovpcs.test
+@@ -0,0 +1,9 @@
++RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
++RUN: not %t-SimpleTest -print_pcs=1 -seed=1 2>&1 | FileCheck %s --check-prefix=PCS
++PCS-NOT: NEW_PC
++PCS:INITED
++PCS:NEW_PC: {{0x[a-f0-9]+}}
++PCS:NEW_PC: {{0x[a-f0-9]+}}
++PCS:NEW
++PCS:BINGO
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-runs.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-runs.test
new file mode 100644
index 0000000000..e7510ab385
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-runs.test
@@ -0,0 +1,14 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-runs.test.orig 2017-08-19 18:02:19.293393642 +0000
++++ test/fuzzer/fuzzer-runs.test
+@@ -0,0 +1,9 @@
++RUN: mkdir -p %t
++RUN: %cpp_compiler %S/NthRunCrashTest.cpp -o %t-NthRunCrashTest
++RUN: echo abcd > %t/NthRunCrashTest.in
++RUN: %t-NthRunCrashTest %t/NthRunCrashTest.in
++RUN: %t-NthRunCrashTest %t/NthRunCrashTest.in -runs=10
++RUN: not %t-NthRunCrashTest %t/NthRunCrashTest.in -runs=10000 2>&1 | FileCheck %s
++RUN: rm %t/NthRunCrashTest.in
++CHECK: BINGO
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-seed.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-seed.test
new file mode 100644
index 0000000000..88bcbf6cf9
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-seed.test
@@ -0,0 +1,9 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-seed.test.orig 2017-08-19 18:02:19.293529771 +0000
++++ test/fuzzer/fuzzer-seed.test
+@@ -0,0 +1,4 @@
++RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-SimpleCmpTest
++RUN: %t-SimpleCmpTest -seed=-1 -runs=0 2>&1 | FileCheck %s --check-prefix=CHECK_SEED_MINUS_ONE
++CHECK_SEED_MINUS_ONE: Seed: 4294967295
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-segv.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-segv.test
new file mode 100644
index 0000000000..7d5ded8ed0
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-segv.test
@@ -0,0 +1,13 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-segv.test.orig 2017-08-19 18:02:19.293654026 +0000
++++ test/fuzzer/fuzzer-segv.test
+@@ -0,0 +1,8 @@
++RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
++RUN: env ASAN_OPTIONS=handle_segv=0 not %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_OWN_SEGV_HANDLER
++LIBFUZZER_OWN_SEGV_HANDLER: == ERROR: libFuzzer: deadly signal
++LIBFUZZER_OWN_SEGV_HANDLER: SUMMARY: libFuzzer: deadly signal
++LIBFUZZER_OWN_SEGV_HANDLER: Test unit written to ./crash-
++
++RUN: env ASAN_OPTIONS=handle_segv=1 not %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_ASAN_SEGV_HANDLER
++LIBFUZZER_ASAN_SEGV_HANDLER: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-singleinputs.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-singleinputs.test
new file mode 100644
index 0000000000..26f8668ab8
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-singleinputs.test
@@ -0,0 +1,24 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-singleinputs.test.orig 2017-08-19 18:02:19.293776218 +0000
++++ test/fuzzer/fuzzer-singleinputs.test
+@@ -0,0 +1,19 @@
++RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
++RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
++
++RUN: not %t-NullDerefTest %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInput
++SingleInput-NOT: Test unit written to ./crash-
++
++RUN: rm -rf %tmp/SINGLE_INPUTS
++RUN: mkdir -p %tmp/SINGLE_INPUTS
++RUN: echo aaa > %tmp/SINGLE_INPUTS/aaa
++RUN: echo bbb > %tmp/SINGLE_INPUTS/bbb
++RUN: %t-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
++RUN: %t-SimpleTest -max_len=2 %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
++RUN: rm -rf %tmp/SINGLE_INPUTS
++SINGLE_INPUTS: SimpleTest{{.*}}: Running 2 inputs 1 time(s) each.
++SINGLE_INPUTS: aaa in
++SINGLE_INPUTS: bbb in
++SINGLE_INPUTS: NOTE: fuzzing was not performed, you have only
++SINGLE_INPUTS: executed the target code on a fixed set of inputs.
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-threaded.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-threaded.test
new file mode 100644
index 0000000000..d68e2db75d
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-threaded.test
@@ -0,0 +1,13 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-threaded.test.orig 2017-08-19 18:02:19.293898795 +0000
++++ test/fuzzer/fuzzer-threaded.test
+@@ -0,0 +1,8 @@
++CHECK: Done 1000 runs in
++RUN: %cpp_compiler %S/ThreadedTest.cpp -o %t-ThreadedTest
++
++RUN: %t-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
++RUN: %t-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
++RUN: %t-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
++RUN: %t-ThreadedTest -use_traces=1 -runs=1000 2>&1 | FileCheck %s
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-timeout.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-timeout.test
new file mode 100644
index 0000000000..2324202a0c
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-timeout.test
@@ -0,0 +1,26 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-timeout.test.orig 2017-08-19 18:02:19.294024960 +0000
++++ test/fuzzer/fuzzer-timeout.test
+@@ -0,0 +1,21 @@
++RUN: %cpp_compiler %S/TimeoutTest.cpp -o %t-TimeoutTest
++RUN: %cpp_compiler %S/TimeoutEmptyTest.cpp -o %t-TimeoutEmptyTest
++RUN: not %t-TimeoutTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutTest
++TimeoutTest: ALARM: working on the last Unit for
++TimeoutTest: Test unit written to ./timeout-
++TimeoutTest: == ERROR: libFuzzer: timeout after
++TimeoutTest: #0
++TimeoutTest: #1
++TimeoutTest: #2
++TimeoutTest: SUMMARY: libFuzzer: timeout
++
++RUN: not %t-TimeoutTest -timeout=1 %S/hi.txt 2>&1 | FileCheck %s --check-prefix=SingleInputTimeoutTest
++SingleInputTimeoutTest: ALARM: working on the last Unit for {{[1-3]}} seconds
++SingleInputTimeoutTest-NOT: Test unit written to ./timeout-
++
++RUN: %t-TimeoutTest -timeout=1 -timeout_exitcode=0
++
++RUN: not %t-TimeoutEmptyTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutEmptyTest
++TimeoutEmptyTest: ALARM: working on the last Unit for
++TimeoutEmptyTest: == ERROR: libFuzzer: timeout after
++TimeoutEmptyTest: SUMMARY: libFuzzer: timeout
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-ubsan.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-ubsan.test
new file mode 100644
index 0000000000..f427670990
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer-ubsan.test
@@ -0,0 +1,10 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer-ubsan.test.orig 2017-08-19 18:02:19.294148921 +0000
++++ test/fuzzer/fuzzer-ubsan.test
+@@ -0,0 +1,5 @@
++RUN: %cpp_compiler -fsanitize=undefined -fno-sanitize-recover=all %S/SignedIntOverflowTest.cpp -o %t-SignedIntOverflowTest-Ubsan
++RUN: not %t-SignedIntOverflowTest-Ubsan 2>&1 | FileCheck %s
++CHECK: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
++CHECK: Test unit written to ./crash-
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer.test
new file mode 100644
index 0000000000..1ac4e5d0bf
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_fuzzer.test
@@ -0,0 +1,75 @@
+$NetBSD$
+
+--- test/fuzzer/fuzzer.test.orig 2017-08-19 18:02:19.294303096 +0000
++++ test/fuzzer/fuzzer.test
+@@ -0,0 +1,70 @@
++CHECK: BINGO
++Done1000000: Done 1000000 runs in
++RUN: %cpp_compiler %S/BogusInitializeTest.cpp -o %t-BogusInitializeTest
++RUN: %cpp_compiler %S/BufferOverflowOnInput.cpp -o %t-BufferOverflowOnInput
++RUN: %cpp_compiler %S/CounterTest.cpp -o %t-CounterTest
++RUN: %cpp_compiler %S/DSO1.cpp -fPIC -shared -o %t-DSO1.so
++RUN: %cpp_compiler %S/DSO2.cpp -fPIC -shared -o %t-DSO2.so
++RUN: %cpp_compiler %S/DSOTestMain.cpp %S/DSOTestExtra.cpp -L. %t-DSO1.so %t-DSO2.so -o %t-DSOTest
++RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest
++RUN: %cpp_compiler %S/InitializeTest.cpp -o %t-InitializeTest
++RUN: %cpp_compiler %S/NotinstrumentedTest.cpp -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -o %t-NotinstrumentedTest-NoCoverage
++RUN: %cpp_compiler %S/NullDerefOnEmptyTest.cpp -o %t-NullDerefOnEmptyTest
++RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
++RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest
++RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
++RUN: %cpp_compiler %S/StrncmpOOBTest.cpp -o %t-StrncmpOOBTest
++
++RUN: not %t-SimpleTest 2>&1 | FileCheck %s
++
++# only_ascii mode. Will perform some minimal self-validation.
++RUN: not %t-SimpleTest -only_ascii=1 2>&1
++
++RUN: %t-SimpleCmpTest -max_total_time=1 -use_cmp=0 2>&1 | FileCheck %s --check-prefix=MaxTotalTime
++MaxTotalTime: Done {{.*}} runs in {{.}} second(s)
++
++RUN: not %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest
++RUN: not %t-NullDerefTest -close_fd_mask=3 2>&1 | FileCheck %s --check-prefix=NullDerefTest
++NullDerefTest: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address
++NullDerefTest: Test unit written to ./crash-
++RUN: not %t-NullDerefTest -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix
++NullDerefTestPrefix: Test unit written to ZZZcrash-
++RUN: not %t-NullDerefTest -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=NullDerefTestExactPath
++NullDerefTestExactPath: Test unit written to FOOBAR
++
++RUN: not %t-NullDerefOnEmptyTest -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=NULL_DEREF_ON_EMPTY
++NULL_DEREF_ON_EMPTY: stat::number_of_executed_units:
++
++#not %t-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
++
++RUN: not %t-CounterTest -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=COUNTERS
++
++COUNTERS: INITED {{.*}} {{bits:|ft:}}
++COUNTERS: NEW {{.*}} {{bits:|ft:}} {{[1-9]*}}
++COUNTERS: NEW {{.*}} {{bits:|ft:}} {{[1-9]*}}
++COUNTERS: BINGO
++
++# Don't run UninstrumentedTest for now since we build libFuzzer itself with asan.
++DISABLED: not %t-UninstrumentedTest-Uninstrumented 2>&1 | FileCheck %s --check-prefix=UNINSTRUMENTED
++UNINSTRUMENTED: ERROR: __sanitizer_set_death_callback is not defined. Exiting.
++
++RUN: not %t-NotinstrumentedTest-NoCoverage 2>&1 | FileCheck %s --check-prefix=NO_COVERAGE
++NO_COVERAGE: ERROR: no interesting inputs were found. Is the code instrumented for coverage? Exiting
++
++RUN: not %t-BufferOverflowOnInput 2>&1 | FileCheck %s --check-prefix=OOB
++OOB: AddressSanitizer: heap-buffer-overflow
++OOB: is located 0 bytes to the right of 3-byte region
++
++RUN: not %t-InitializeTest -use_value_profile=1 2>&1 | FileCheck %s
++
++RUN: not %t-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO
++DSO: INFO: Loaded 3 modules
++DSO: BINGO
++
++RUN: env ASAN_OPTIONS=strict_string_checks=1 not %t-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
++STRNCMP: AddressSanitizer: heap-buffer-overflow
++STRNCMP-NOT: __sanitizer_weak_hook_strncmp
++STRNCMP: in LLVMFuzzerTestOneInput
++
++RUN: not %t-BogusInitializeTest 2>&1 | FileCheck %s --check-prefix=BOGUS_INITIALIZE
++BOGUS_INITIALIZE: argv[0] has been modified in LLVMFuzzerInitialize
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_hi.txt b/compiler-rt-netbsd/patches/patch-test_fuzzer_hi.txt
new file mode 100644
index 0000000000..9f05e89795
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_hi.txt
@@ -0,0 +1,7 @@
+$NetBSD$
+
+--- test/fuzzer/hi.txt.orig 2017-08-19 18:02:19.294426961 +0000
++++ test/fuzzer/hi.txt
+@@ -0,0 +1 @@
++Hi!
+\ No newline at end of file
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_inline-8bit-counters.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_inline-8bit-counters.test
new file mode 100644
index 0000000000..326a29b85d
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_inline-8bit-counters.test
@@ -0,0 +1,10 @@
+$NetBSD$
+
+--- test/fuzzer/inline-8bit-counters.test.orig 2017-08-19 18:02:19.294547308 +0000
++++ test/fuzzer/inline-8bit-counters.test
+@@ -0,0 +1,5 @@
++REQUIRES: linux
++RUN: %cpp_compiler %S/SimpleTest.cpp -fno-sanitize-coverage=trace-pc-guard -fsanitize-coverage=inline-8bit-counters -o %t-SimpleTest-Inline8bitCounters
++CHECK: INFO: Loaded 1 modules ({{.*}} inline 8-bit counters)
++CHECK: BINGO
++RUN: not %t-SimpleTest-Inline8bitCounters -runs=1000000 -seed=1 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_lit.cfg b/compiler-rt-netbsd/patches/patch-test_fuzzer_lit.cfg
new file mode 100644
index 0000000000..5bf646be33
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_lit.cfg
@@ -0,0 +1,85 @@
+$NetBSD$
+
+--- test/fuzzer/lit.cfg.orig 2017-08-19 18:02:19.294685989 +0000
++++ test/fuzzer/lit.cfg
+@@ -0,0 +1,80 @@
++import lit.formats
++import sys
++import os
++
++config.name = "LLVMFuzzer"
++config.test_format = lit.formats.ShTest(True)
++config.suffixes = ['.test']
++config.test_source_root = os.path.dirname(__file__)
++
++# Choose between lit's internal shell pipeline runner and a real shell. If
++# LIT_USE_INTERNAL_SHELL is in the environment, we use that as an override.
++use_lit_shell = os.environ.get("LIT_USE_INTERNAL_SHELL")
++if use_lit_shell:
++ # 0 is external, "" is default, and everything else is internal.
++ execute_external = (use_lit_shell == "0")
++else:
++ # Otherwise we default to internal on Windows and external elsewhere, as
++ # bash on Windows is usually very slow.
++ execute_external = (not sys.platform in ['win32'])
++
++# testFormat: The test format to use to interpret tests.
++#
++# For now we require '&&' between commands, until they get globally killed and
++# the test runner updated.
++config.test_format = lit.formats.ShTest(execute_external)
++
++# LeakSanitizer is not supported on OSX right now.
++if sys.platform.startswith('darwin'):
++ lit_config.note('lsan feature unavailable')
++else:
++ lit_config.note('lsan feature available')
++ config.available_features.add('lsan')
++
++if sys.platform.startswith('win') or sys.platform.startswith('cygwin'):
++ config.available_features.add('windows')
++
++if sys.platform.startswith('darwin'):
++ config.available_features.add('darwin')
++
++if sys.platform.startswith('linux'):
++ # Note the value of ``sys.platform`` is not consistent
++ # between python 2 and 3, hence the use of ``.startswith()``.
++ lit_config.note('linux feature available')
++ config.available_features.add('linux')
++else:
++ lit_config.note('linux feature unavailable')
++
++config.substitutions.append(('%build_dir', config.cmake_binary_dir))
++libfuzzer_src_root = os.path.join(config.compiler_rt_src_root, "lib", "fuzzer")
++config.substitutions.append(('%libfuzzer_src', libfuzzer_src_root))
++
++def generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True):
++ compiler_cmd = config.c_compiler
++ link_cmd = '-lc++' if 'darwin' in config.target_triple else '-lstdc++'
++ std_cmd = '-std=c++11' if is_cpp else ''
++ sanitizers = ['address']
++ if fuzzer_enabled:
++ sanitizers.append('fuzzer')
++ sanitizers_cmd = ('-fsanitize=%s' % ','.join(sanitizers))
++ isysroot_cmd = ('-isysroot %s' % config.osx_sysroot
++ ) if 'darwin' in config.target_triple else ''
++ include_cmd = '-I%s' % libfuzzer_src_root
++ return '%s %s %s -gline-tables-only %s %s %s' % (
++ compiler_cmd, std_cmd, link_cmd, isysroot_cmd, sanitizers_cmd, include_cmd)
++
++config.substitutions.append(('%cpp_compiler',
++ generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True)
++ ))
++
++config.substitutions.append(('%c_compiler',
++ generate_compiler_cmd(is_cpp=False, fuzzer_enabled=True)
++ ))
++
++config.substitutions.append(('%no_fuzzer_cpp_compiler',
++ generate_compiler_cmd(is_cpp=True, fuzzer_enabled=False)
++ ))
++
++config.substitutions.append(('%no_fuzzer_c_compiler',
++ generate_compiler_cmd(is_cpp=False, fuzzer_enabled=False)
++ ))
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_lit.site.cfg.in b/compiler-rt-netbsd/patches/patch-test_fuzzer_lit.site.cfg.in
new file mode 100644
index 0000000000..e0d1347cf8
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_lit.site.cfg.in
@@ -0,0 +1,22 @@
+$NetBSD$
+
+--- test/fuzzer/lit.site.cfg.in.orig 2017-08-19 18:02:19.294813995 +0000
++++ test/fuzzer/lit.site.cfg.in
+@@ -0,0 +1,17 @@
++@LIT_SITE_CFG_IN_HEADER@
++
++config.test_exec_root = "@CMAKE_CURRENT_BINARY_DIR@"
++
++config.cpp_compiler = "@LIBFUZZER_TEST_COMPILER@"
++config.target_flags = "@LIBFUZZER_TEST_FLAGS@"
++config.c_compiler = "@LIBFUZZER_TEST_COMPILER@"
++
++config.osx_sysroot = "@CMAKE_OSX_SYSROOT@"
++config.cmake_binary_dir = "@CMAKE_BINARY_DIR@"
++config.target_triple = "@TARGET_TRIPLE@"
++
++# Load common config for all compiler-rt lit tests.
++lit_config.load_config(config,
++ "@COMPILER_RT_BINARY_DIR@/test/lit.common.configured")
++
++lit_config.load_config(config, "@CMAKE_CURRENT_SOURCE_DIR@/lit.cfg")
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_memcmp.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_memcmp.test
new file mode 100644
index 0000000000..24c444189d
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_memcmp.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/memcmp.test.orig 2017-08-19 18:02:19.294941833 +0000
++++ test/fuzzer/memcmp.test
+@@ -0,0 +1,3 @@
++RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
++RUN: not %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
++CHECK: BINGO
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_memcmp64.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_memcmp64.test
new file mode 100644
index 0000000000..d9c175b431
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_memcmp64.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/memcmp64.test.orig 2017-08-19 18:02:19.295083286 +0000
++++ test/fuzzer/memcmp64.test
+@@ -0,0 +1,3 @@
++RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
++RUN: not %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
++CHECK: BINGO
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_merge-posix.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_merge-posix.test
new file mode 100644
index 0000000000..2bd47da6c3
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_merge-posix.test
@@ -0,0 +1,28 @@
+$NetBSD$
+
+--- test/fuzzer/merge-posix.test.orig 2017-08-19 18:02:19.295214190 +0000
++++ test/fuzzer/merge-posix.test
+@@ -0,0 +1,23 @@
++RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest
++
++RUN: rm -rf %tmp/T1 %tmp/T2
++RUN: mkdir -p %tmp/T1 %tmp/T2
++
++RUN: echo F..... > %tmp/T1/1
++RUN: echo .U.... > %tmp/T1/2
++RUN: echo ..Z... > %tmp/T1/3
++
++RUN: echo .....F > %tmp/T2/1
++RUN: echo ....U. > %tmp/T2/2
++RUN: echo ...Z.. > %tmp/T2/3
++RUN: echo ...Z.. > %tmp/T2/4
++RUN: echo ....E. > %tmp/T2/5
++RUN: echo .....R > %tmp/T2/6
++
++# Check that we can report an error if file size exceeded
++RUN: (ulimit -f 1; not %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=SIGXFSZ)
++SIGXFSZ: ERROR: libFuzzer: file size exceeded
++
++# Check that we honor TMPDIR
++RUN: TMPDIR=DIR_DOES_NOT_EXIST not %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=TMPDIR
++TMPDIR: MERGE-OUTER: failed to write to the control file: DIR_DOES_NOT_EXIST/libFuzzerTemp
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_merge-summary.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_merge-summary.test
new file mode 100644
index 0000000000..68f7d105f5
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_merge-summary.test
@@ -0,0 +1,22 @@
+$NetBSD$
+
+--- test/fuzzer/merge-summary.test.orig 2017-08-19 18:02:19.295343610 +0000
++++ test/fuzzer/merge-summary.test
+@@ -0,0 +1,17 @@
++RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest
++
++RUN: rm -rf %t/T1 %t/T2
++RUN: mkdir -p %t/T0 %t/T1 %t/T2
++RUN: echo ...Z.. > %t/T2/1
++RUN: echo ....E. > %t/T2/2
++RUN: echo .....R > %t/T2/3
++RUN: echo F..... > %t/T2/a
++RUN: echo .U.... > %t/T2/b
++RUN: echo ..Z... > %t/T2/c
++
++RUN: %t-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -save_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=SAVE_SUMMARY
++SAVE_SUMMARY: MERGE-OUTER: writing coverage summary for 6 files to {{.*}}SUMMARY
++RUN: rm %t/T1/*
++RUN: %t-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -load_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=LOAD_SUMMARY
++LOAD_SUMMARY: MERGE-OUTER: coverage summary loaded from {{.*}}SUMMAR
++LOAD_SUMMARY: MERGE-OUTER: 0 new files with 0 new features added
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_merge.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_merge.test
new file mode 100644
index 0000000000..bb20f25432
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_merge.test
@@ -0,0 +1,60 @@
+$NetBSD$
+
+--- test/fuzzer/merge.test.orig 2017-08-19 18:02:19.295487605 +0000
++++ test/fuzzer/merge.test
+@@ -0,0 +1,55 @@
++CHECK: BINGO
++
++RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest
++
++RUN: rm -rf %tmp/T0 %tmp/T1 %tmp/T2
++RUN: mkdir -p %tmp/T0 %tmp/T1 %tmp/T2
++RUN: echo F..... > %tmp/T0/1
++RUN: echo .U.... > %tmp/T0/2
++RUN: echo ..Z... > %tmp/T0/3
++
++# T1 has 3 elements, T2 is empty.
++RUN: cp %tmp/T0/* %tmp/T1/
++RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK1
++CHECK1: MERGE-OUTER: 3 files, 3 in the initial corpus
++CHECK1: MERGE-OUTER: 0 new files with 0 new features added
++
++RUN: echo ...Z.. > %tmp/T2/1
++RUN: echo ....E. > %tmp/T2/2
++RUN: echo .....R > %tmp/T2/3
++RUN: echo F..... > %tmp/T2/a
++RUN: echo .U.... > %tmp/T2/b
++RUN: echo ..Z... > %tmp/T2/c
++
++# T1 has 3 elements, T2 has 6 elements, only 3 are new.
++RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK2
++CHECK2: MERGE-OUTER: 9 files, 3 in the initial corpus
++CHECK2: MERGE-OUTER: 3 new files with 3 new features added
++
++# Now, T1 has 6 units and T2 has no new interesting units.
++RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK3
++CHECK3: MERGE-OUTER: 12 files, 6 in the initial corpus
++CHECK3: MERGE-OUTER: 0 new files with 0 new features added
++
++# Check that we respect max_len during the merge and don't crash.
++RUN: rm %tmp/T1/*
++RUN: cp %tmp/T0/* %tmp/T1/
++RUN: echo looooooooong > %tmp/T2/looooooooong
++RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=6 2>&1 | FileCheck %s --check-prefix=MAX_LEN
++MAX_LEN: MERGE-OUTER: 3 new files
++
++# Check that merge tolerates failures.
++RUN: rm %tmp/T1/*
++RUN: cp %tmp/T0/* %tmp/T1/
++RUN: echo 'FUZZER' > %tmp/T2/FUZZER
++RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=MERGE_WITH_CRASH
++MERGE_WITH_CRASH: MERGE-OUTER: succesfull in 2 attempt(s)
++MERGE_WITH_CRASH: MERGE-OUTER: 3 new files
++
++# Check that we actually limit the size with max_len
++RUN: %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 -max_len=5 2>&1 | FileCheck %s --check-prefix=MERGE_LEN5
++MERGE_LEN5: MERGE-OUTER: succesfull in 1 attempt(s)
++
++RUN: rm -rf %tmp/T1/* %tmp/T2/*
++RUN: not %t-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=EMPTY
++EMPTY: MERGE-OUTER: zero succesfull attempts, exiting
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_minimize__crash.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_minimize__crash.test
new file mode 100644
index 0000000000..ceace8df72
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_minimize__crash.test
@@ -0,0 +1,21 @@
+$NetBSD$
+
+--- test/fuzzer/minimize_crash.test.orig 2017-08-19 18:02:19.295617710 +0000
++++ test/fuzzer/minimize_crash.test
+@@ -0,0 +1,16 @@
++RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
++RUN: %cpp_compiler %S/SingleByteInputTest.cpp -o %t-SingleByteInputTest
++
++RUN: echo 'Hi!rv349f34t3gg' > not_minimal_crash
++RUN: %t-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 2>&1 | FileCheck %s
++CHECK: CRASH_MIN: failed to minimize beyond ./minimized-from-{{.*}} (3 bytes), exiting
++RUN: %t-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=CHECK_EXACT
++CHECK_EXACT: CRASH_MIN: failed to minimize beyond exact_minimized_path (3 bytes), exiting
++RUN: rm not_minimal_crash minimized-from-* exact_minimized_path
++
++RUN: echo -n 'abcd*xyz' > not_minimal_crash
++RUN: %t-SingleByteInputTest -minimize_crash=1 not_minimal_crash -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=MIN1
++MIN1: Test unit written to exact_minimized_path
++MIN1: Test unit written to exact_minimized_path
++MIN1: INFO: The input is small enough, exiting
++MIN1: CRASH_MIN: failed to minimize beyond exact_minimized_path (1 bytes), exiting
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_minimize__two__crashes.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_minimize__two__crashes.test
new file mode 100644
index 0000000000..41a1705ceb
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_minimize__two__crashes.test
@@ -0,0 +1,23 @@
+$NetBSD$
+
+--- test/fuzzer/minimize_two_crashes.test.orig 2017-08-19 18:02:19.295753747 +0000
++++ test/fuzzer/minimize_two_crashes.test
+@@ -0,0 +1,18 @@
++# Test that the minimizer stops when it sees a differe bug.
++
++RUN: %cpp_compiler %S/TwoDifferentBugsTest.cpp -o %t-TwoDifferentBugsTest
++
++RUN: rm -rf %t && mkdir %t
++RUN: echo H12345678901234667888090 > %t/long_crash
++RUN: env ASAN_OPTIONS=dedup_token_length=3 %t-TwoDifferentBugsTest -seed=1 -minimize_crash=1 %t/long_crash -exact_artifact_path=%t/result 2>&1 | FileCheck %s
++
++CHECK: DedupToken1: DEDUP_TOKEN: Bar
++CHECK: DedupToken2: DEDUP_TOKEN: Bar
++CHECK: DedupToken1: DEDUP_TOKEN: Bar
++CHECK: DedupToken2: DEDUP_TOKEN: Foo
++CHECK: CRASH_MIN: mismatch in dedup tokens
++
++RUN: not %t-TwoDifferentBugsTest %t/result 2>&1 | FileCheck %s --check-prefix=VERIFY
++
++VERIFY: ERROR: AddressSanitizer:
++VERIFY: in Bar
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_overwrite-input.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_overwrite-input.test
new file mode 100644
index 0000000000..45463a20df
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_overwrite-input.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/overwrite-input.test.orig 2017-08-19 18:02:19.295888052 +0000
++++ test/fuzzer/overwrite-input.test
+@@ -0,0 +1,3 @@
++RUN: %cpp_compiler %S/OverwriteInputTest.cpp -o %t-OverwriteInputTest
++RUN: not %t-OverwriteInputTest 2>&1 | FileCheck %s
++CHECK: ERROR: libFuzzer: fuzz target overwrites it's const input
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_recommended-dictionary.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_recommended-dictionary.test
new file mode 100644
index 0000000000..88d65557c8
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_recommended-dictionary.test
@@ -0,0 +1,11 @@
+$NetBSD$
+
+--- test/fuzzer/recommended-dictionary.test.orig 2017-08-19 18:02:19.296013430 +0000
++++ test/fuzzer/recommended-dictionary.test
+@@ -0,0 +1,6 @@
++RUN: %cpp_compiler %S/RepeatedMemcmp.cpp -o %t-RepeatedMemcmp
++RUN: %t-RepeatedMemcmp -seed=11 -runs=100000 -max_len=20 2>&1 | FileCheck %s --check-prefix=RECOMMENDED_DICT
++RECOMMENDED_DICT:###### Recommended dictionary. ######
++RECOMMENDED_DICT-DAG: "foo"
++RECOMMENDED_DICT-DAG: "bar"
++RECOMMENDED_DICT:###### End of recommended dictionary. ######
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_reduce__inputs.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_reduce__inputs.test
new file mode 100644
index 0000000000..8b6320578f
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_reduce__inputs.test
@@ -0,0 +1,21 @@
+$NetBSD$
+
+--- test/fuzzer/reduce_inputs.test.orig 2017-08-19 18:02:19.296143521 +0000
++++ test/fuzzer/reduce_inputs.test
+@@ -0,0 +1,16 @@
++# Test -reduce_inputs=1
++
++RUN: rm -rf %t/C
++RUN: mkdir -p %t/C
++RUN: %cpp_compiler %S/ShrinkControlFlowSimpleTest.cpp -o %t-ShrinkControlFlowSimpleTest
++RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest
++RUN: %t-ShrinkControlFlowSimpleTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 %t/C 2>&1 | FileCheck %s
++CHECK: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60'
++
++# Test that reduce_inputs deletes redundant files in the corpus.
++RUN: %t-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT
++COUNT: READ units: 4
++
++# a bit longer test
++RUN: %t-ShrinkControlFlowTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -seed=1 -runs=1000000 2>&1 | FileCheck %s
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_repeated-bytes.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_repeated-bytes.test
new file mode 100644
index 0000000000..f50d3842f6
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_repeated-bytes.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/repeated-bytes.test.orig 2017-08-19 18:02:19.296269829 +0000
++++ test/fuzzer/repeated-bytes.test
+@@ -0,0 +1,3 @@
++RUN: %cpp_compiler %S/RepeatedBytesTest.cpp -o %t-RepeatedBytesTest
++CHECK: BINGO
++RUN: not %t-RepeatedBytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_shrink.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_shrink.test
new file mode 100644
index 0000000000..9985752c13
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_shrink.test
@@ -0,0 +1,15 @@
+$NetBSD$
+
+--- test/fuzzer/shrink.test.orig 2017-08-19 18:02:19.296403320 +0000
++++ test/fuzzer/shrink.test
+@@ -0,0 +1,10 @@
++RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest
++RUN: %cpp_compiler %S/ShrinkValueProfileTest.cpp -o %t-ShrinkValueProfileTest
++RUN: %t-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=1 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK1
++# Limit max_len to run this negative test faster.
++RUN: %t-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=0 -reduce_inputs=0 -max_len=64 2>&1 | FileCheck %s --check-prefix=SHRINK0
++RUN: %t-ShrinkValueProfileTest -seed=1 -exit_on_item=aea2e3923af219a8956f626558ef32f30a914ebc -runs=100000 -shrink=1 -reduce_inputs=0 -use_value_profile=1 2>&1 | FileCheck %s --check-prefix=SHRINK1_VP
++
++SHRINK0: Done 1000000 runs in
++SHRINK1: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60', exiting.
++SHRINK1_VP: INFO: found item with checksum 'aea2e3923af219a8956f626558ef32f30a914ebc', exiting
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_simple-cmp.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_simple-cmp.test
new file mode 100644
index 0000000000..32903985d3
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_simple-cmp.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/simple-cmp.test.orig 2017-08-19 18:02:19.296541907 +0000
++++ test/fuzzer/simple-cmp.test
+@@ -0,0 +1,3 @@
++RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest
++CHECK: BINGO
++RUN: not %t-SimpleCmpTest -seed=1 -runs=100000000 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_standalone.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_standalone.test
new file mode 100644
index 0000000000..b2e34fcb84
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_standalone.test
@@ -0,0 +1,13 @@
+$NetBSD$
+
+--- test/fuzzer/standalone.test.orig 2017-08-19 18:02:19.296683561 +0000
++++ test/fuzzer/standalone.test
+@@ -0,0 +1,8 @@
++RUN: %no_fuzzer_c_compiler %libfuzzer_src/standalone/StandaloneFuzzTargetMain.c -c -o %t_1.o
++RUN: %no_fuzzer_cpp_compiler %S/InitializeTest.cpp -c -o %t_2.o
++
++RUN: %no_fuzzer_cpp_compiler %t_1.o %t_2.o %build_dir/lib/libLLVMFuzzerNoMain.a -o %t-StandaloneInitializeTest
++RUN: %t-StandaloneInitializeTest %S/hi.txt %S/dict1.txt 2>&1 | FileCheck %s
++CHECK: StandaloneFuzzTargetMain: running 2 inputs
++CHECK: Done: {{.*}}hi.txt: (3 bytes)
++CHECK: Done: {{.*}}dict1.txt: (61 bytes)
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_strcmp.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_strcmp.test
new file mode 100644
index 0000000000..ec051de4c1
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_strcmp.test
@@ -0,0 +1,9 @@
+$NetBSD$
+
+--- test/fuzzer/strcmp.test.orig 2017-08-19 18:02:19.296816515 +0000
++++ test/fuzzer/strcmp.test
+@@ -0,0 +1,4 @@
++RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
++RUN: not %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
++CHECK: BINGO
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_strncmp.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_strncmp.test
new file mode 100644
index 0000000000..1499c3be2e
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_strncmp.test
@@ -0,0 +1,9 @@
+$NetBSD$
+
+--- test/fuzzer/strncmp.test.orig 2017-08-19 18:02:19.296947649 +0000
++++ test/fuzzer/strncmp.test
+@@ -0,0 +1,4 @@
++RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
++RUN: not %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s
++CHECK: BINGO
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_strstr.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_strstr.test
new file mode 100644
index 0000000000..ec58b6ad55
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_strstr.test
@@ -0,0 +1,9 @@
+$NetBSD$
+
+--- test/fuzzer/strstr.test.orig 2017-08-19 18:02:19.297080660 +0000
++++ test/fuzzer/strstr.test
+@@ -0,0 +1,4 @@
++RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
++RUN: not %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
++CHECK: BINGO
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_swap-cmp.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_swap-cmp.test
new file mode 100644
index 0000000000..3ce9ed45e4
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_swap-cmp.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/swap-cmp.test.orig 2017-08-19 18:02:19.297211656 +0000
++++ test/fuzzer/swap-cmp.test
+@@ -0,0 +1,3 @@
++RUN: %cpp_compiler %S/SwapCmpTest.cpp -o %t-SwapCmpTest
++CHECK: BINGO
++RUN: not %t-SwapCmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_trace-malloc-2.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_trace-malloc-2.test
new file mode 100644
index 0000000000..d95b48267b
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_trace-malloc-2.test
@@ -0,0 +1,15 @@
+$NetBSD$
+
+--- test/fuzzer/trace-malloc-2.test.orig 2017-08-19 18:02:19.297349194 +0000
++++ test/fuzzer/trace-malloc-2.test
+@@ -0,0 +1,10 @@
++// FIXME: This test infinite loops on darwin because it crashes
++// printing a stack trace repeatedly
++UNSUPPORTED: darwin
++
++RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-TraceMallocTest
++
++RUN: %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=1000 2>&1 | FileCheck %s --check-prefix=TRACE2
++TRACE2-DAG: FREE[0]
++TRACE2-DAG: MALLOC[0]
++TRACE2-DAG: in LLVMFuzzerTestOneInput
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_trace-malloc.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_trace-malloc.test
new file mode 100644
index 0000000000..926334c467
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_trace-malloc.test
@@ -0,0 +1,12 @@
+$NetBSD$
+
+--- test/fuzzer/trace-malloc.test.orig 2017-08-19 18:02:19.297480396 +0000
++++ test/fuzzer/trace-malloc.test
+@@ -0,0 +1,7 @@
++RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-TraceMallocTest
++
++RUN: %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=10000 2>&1 | FileCheck %s
++CHECK-DAG: MallocFreeTracer: STOP 0 0 (same)
++CHECK-DAG: MallocFreeTracer: STOP 0 1 (DIFFERENT)
++CHECK-DAG: MallocFreeTracer: STOP 1 0 (DIFFERENT)
++CHECK-DAG: MallocFreeTracer: STOP 1 1 (same)
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_trace-pc.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_trace-pc.test
new file mode 100644
index 0000000000..642521c416
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_trace-pc.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/trace-pc.test.orig 2017-08-19 18:02:19.297614243 +0000
++++ test/fuzzer/trace-pc.test
+@@ -0,0 +1,3 @@
++RUN: %cpp_compiler %S/SimpleTest.cpp -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -fsanitize-coverage=trace-pc -o %t-SimpleTest-TracePC
++CHECK: BINGO
++RUN: not %t-SimpleTest-TracePC -runs=1000000 -seed=1 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_ulimit.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_ulimit.test
new file mode 100644
index 0000000000..f755f523ba
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_ulimit.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/ulimit.test.orig 2017-08-19 18:02:19.297747767 +0000
++++ test/fuzzer/ulimit.test
+@@ -0,0 +1,3 @@
++RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
++RUN: ulimit -s 1000
++RUN: not %t-SimpleTest
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_unit_lit.site.cfg.in b/compiler-rt-netbsd/patches/patch-test_fuzzer_unit_lit.site.cfg.in
new file mode 100644
index 0000000000..83766d9824
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_unit_lit.site.cfg.in
@@ -0,0 +1,14 @@
+$NetBSD$
+
+--- test/fuzzer/unit/lit.site.cfg.in.orig 2017-08-19 18:02:19.297865914 +0000
++++ test/fuzzer/unit/lit.site.cfg.in
+@@ -0,0 +1,9 @@
++@LIT_SITE_CFG_IN_HEADER@
++
++config.name = "LLVMFuzzer-Unittest"
++# Load common config for all compiler-rt unit tests.
++lit_config.load_config(config, "@COMPILER_RT_BINARY_DIR@/unittests/lit.common.unit.configured")
++
++config.test_exec_root = os.path.join("@COMPILER_RT_BINARY_DIR@",
++ "lib", "fuzzer", "tests")
++config.test_source_root = config.test_exec_root
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp.test
new file mode 100644
index 0000000000..ad2a6af113
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/value-profile-cmp.test.orig 2017-08-19 18:02:19.297987727 +0000
++++ test/fuzzer/value-profile-cmp.test
+@@ -0,0 +1,3 @@
++CHECK: BINGO
++RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest
++RUN: not %t-SimpleCmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp2.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp2.test
new file mode 100644
index 0000000000..b94789481c
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp2.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/value-profile-cmp2.test.orig 2017-08-19 18:02:19.298132603 +0000
++++ test/fuzzer/value-profile-cmp2.test
+@@ -0,0 +1,3 @@
++CHECK: BINGO
++RUN: %cpp_compiler %S/SimpleHashTest.cpp -o %t-SimpleHashTest
++RUN: not %t-SimpleHashTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 -max_len=64 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp3.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp3.test
new file mode 100644
index 0000000000..9218341ce1
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp3.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/value-profile-cmp3.test.orig 2017-08-19 18:02:19.298260978 +0000
++++ test/fuzzer/value-profile-cmp3.test
+@@ -0,0 +1,3 @@
++CHECK: BINGO
++RUN: %cpp_compiler %S/AbsNegAndConstantTest.cpp -o %t-AbsNegAndConstantTest
++RUN: not %t-AbsNegAndConstantTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp4.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp4.test
new file mode 100644
index 0000000000..40761d1327
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-cmp4.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/value-profile-cmp4.test.orig 2017-08-19 18:02:19.298390656 +0000
++++ test/fuzzer/value-profile-cmp4.test
+@@ -0,0 +1,3 @@
++CHECK: BINGO
++RUN: %cpp_compiler %S/AbsNegAndConstant64Test.cpp -o %t-AbsNegAndConstant64Test
++RUN: not %t-AbsNegAndConstant64Test -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-div.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-div.test
new file mode 100644
index 0000000000..23bf685f7d
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-div.test
@@ -0,0 +1,9 @@
+$NetBSD$
+
+--- test/fuzzer/value-profile-div.test.orig 2017-08-19 18:02:19.298519673 +0000
++++ test/fuzzer/value-profile-div.test
+@@ -0,0 +1,4 @@
++CHECK: AddressSanitizer: {{FPE|int-divide-by-zero}}
++RUN: %cpp_compiler %S/DivTest.cpp -fsanitize-coverage=trace-div -o %t-DivTest
++RUN: not %t-DivTest -seed=1 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-load.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-load.test
new file mode 100644
index 0000000000..9635746447
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-load.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/value-profile-load.test.orig 2017-08-19 18:02:19.298648517 +0000
++++ test/fuzzer/value-profile-load.test
+@@ -0,0 +1,3 @@
++CHECK: AddressSanitizer: global-buffer-overflow
++RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-gep,trace-div,trace-cmp -o %t-LoadTest
++RUN: not %t-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-mem.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-mem.test
new file mode 100644
index 0000000000..c6b5616248
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-mem.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/value-profile-mem.test.orig 2017-08-19 18:02:19.298780064 +0000
++++ test/fuzzer/value-profile-mem.test
+@@ -0,0 +1,3 @@
++CHECK: BINGO
++RUN: %cpp_compiler %S/SingleMemcmpTest.cpp -o %t-SingleMemcmpTest
++RUN: not %t-SingleMemcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-set.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-set.test
new file mode 100644
index 0000000000..a695b8ce18
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-set.test
@@ -0,0 +1,9 @@
+$NetBSD$
+
+--- test/fuzzer/value-profile-set.test.orig 2017-08-19 18:02:19.298922941 +0000
++++ test/fuzzer/value-profile-set.test
+@@ -0,0 +1,4 @@
++CHECK: BINGO
++RUN: %cpp_compiler %S/FourIndependentBranchesTest.cpp -o %t-FourIndependentBranchesTest
++RUN: not %t-FourIndependentBranchesTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
++
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-strcmp.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-strcmp.test
new file mode 100644
index 0000000000..4f6ef4d260
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-strcmp.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/value-profile-strcmp.test.orig 2017-08-19 18:02:19.299052620 +0000
++++ test/fuzzer/value-profile-strcmp.test
+@@ -0,0 +1,3 @@
++CHECK: BINGO
++RUN: %cpp_compiler %S/SingleStrcmpTest.cpp -o %t-SingleStrcmpTest
++RUN: not %t-SingleStrcmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-strncmp.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-strncmp.test
new file mode 100644
index 0000000000..eda30af5e6
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-strncmp.test
@@ -0,0 +1,8 @@
+$NetBSD$
+
+--- test/fuzzer/value-profile-strncmp.test.orig 2017-08-19 18:02:19.299180331 +0000
++++ test/fuzzer/value-profile-strncmp.test
+@@ -0,0 +1,3 @@
++CHECK: BINGO
++RUN: %cpp_compiler %S/SingleStrncmpTest.cpp -o %t-SingleStrncmpTest
++RUN: not %t-SingleStrncmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
diff --git a/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-switch.test b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-switch.test
new file mode 100644
index 0000000000..3cda02f6c0
--- /dev/null
+++ b/compiler-rt-netbsd/patches/patch-test_fuzzer_value-profile-switch.test
@@ -0,0 +1,10 @@
+$NetBSD$
+
+--- test/fuzzer/value-profile-switch.test.orig 2017-08-19 18:02:19.299309068 +0000
++++ test/fuzzer/value-profile-switch.test
+@@ -0,0 +1,5 @@
++CHECK: BINGO
++RUN: %cpp_compiler %S/SwitchTest.cpp -o %t-SwitchTest
++RUN: %cpp_compiler %S/Switch2Test.cpp -o %t-Switch2Test
++RUN: not %t-SwitchTest -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s
++RUN: not %t-Switch2Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s
Home |
Main Index |
Thread Index |
Old Index