is a set of fuzzing tests for C implementations of Lua runtime (PUC Rio Lua and LuaJIT).
CC=clang CXX=clang++ cmake -S . -B build -DUSE_LUA=ON [-DUSE_LUAJIT=ON]
cmake --build build --parallelCMake options:
USE_LUAenables building PUC Rio Lua.USE_LUAJITenables building LuaJIT.LUA_VERSIONcould be a Git branch, tag or commit. By defaultLUA_VERSIONismasterfor PUC Rio Lua andv2.1for LuaJIT.ENABLE_ASANenables AddressSanitizer.ENABLE_UBSANenables UndefinedBehaviorSanitizer.
cmake --build build --target test$ ./build/tests/luaL_loadstring_test -set_cover_merge=1 corpus new_corpus
$ ./build/tests/luaL_loadstring_test -merge=1 corpus new_corpusCompile and link with -fprofile-instr-generate -fcoverage-mapping options. When
using -fsanitize=address, no .profraw will be written on crash or abort, so
once the fuzzing test is finished, a second run is needed by passing only files
in corpus, run: ./build/tests/luaL_loadstring_test -runs=0 ./<corpora minimized>:
$ CFLAGS="-fprofile-instr-generate -fcoverage-mapping" CC=clang CXX=clang++ cmake -S . -B build -G Ninja
$ cmake --build build --parallel
$ ./build/tests/luaL_loadstring_test -runs=0
Then to generate an html view:
$ llvm-profdata merge -sparse default.profraw -o default.profdata
$ llvm-cov show --format=html ./build/tests/luaL_loadstring_test -instr-profile=default.profdata > coverage.htmlShow code coverage for a single function with a name luaL_loadstring:
$ llvm-cov show ./build/tests/luaL_loadstring_test -instr-profile=default.profdata -name=luaL_loadstring- Lua 5.4 Reference Manual: 4 – The Application Program Interface
- Lua 5.3 Reference Manual: 4 – The Application Program Interface
- Lua 5.2 Reference Manual: 4 – The Application Program Interface
- Lua 5.1 Reference Manual: 3 – The Application Program Interface
ISC License, Sergey Bronnikov