strtofloat_fuzz.cpp source code [libc/fuzzing/stdlib/strtofloat_fuzz.cpp]

1	//===-- strtofloat_fuzz.cpp -----------------------------------------------===//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8	///
9	/// Fuzzing test for llvm-libc atof implementation.
10	///
11	//===----------------------------------------------------------------------===//
12	#include "src/stdlib/atof.h"
13	#include "src/stdlib/strtod.h"
14	#include "src/stdlib/strtof.h"
15	#include "src/stdlib/strtold.h"
16
17	#include "src/__support/FPUtil/FPBits.h"
18
19	#include "hdr/math_macros.h"
20	#include <stddef.h>
21	#include <stdint.h>
22
23	#include "utils/MPFRWrapper/mpfr_inc.h"
24
25	using LIBC_NAMESPACE::fputil::FPBits;
26
27	// This function calculates the effective precision for a given float type and
28	// exponent. Subnormals have a lower effective precision since they don't
29	// necessarily use all of the bits of the mantissa.
30	template <typename F> inline constexpr int effective_precision(int exponent) {
31	const int full_precision = FPBits<F>::FRACTION_LEN + `1`;
32
33	// This is intended to be 0 when the exponent is the lowest normal and
34	// increase as the exponent's magnitude increases.
35	const int bits_below_normal = (-exponent) - (FPBits<F>::EXP_BIAS - `1`);
36
37	// The precision should be the normal, full precision, minus the bits lost
38	// by this being a subnormal, minus one for the implicit leading one.
39	const int bits_if_subnormal = full_precision - bits_below_normal - `1`;
40
41	if (bits_below_normal >= `0`) {
42	return bits_if_subnormal;
43	}
44	return full_precision;
45	}
46
47	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
48	// const char newstr[] = "123";
49	// data = reinterpret_cast<const uint8_t >(newstr);*
50	// size = sizeof(newstr);
51	uint8_t container = new* uint8_t[size + `1`];
52	if (!container)
53	__builtin_trap();
54	size_t i;
55
56	for (i = `0`; i < size; ++i) {
57	// MPFR's strtofr uses "@" as a base-independent exponent symbol
58	if (data[i] != `'@'`)
59	container[i] = data[i];
60	else {
61	container[i] = `'#'`;
62	}
63	}
64	container[size] = `'\0'`; // Add null terminator to container.
65
66	const char str_ptr = reinterpret_cast<const* char *>(container);
67
68	char out_ptr = nullptr*;
69
70	size_t base = `0`;
71
72	// This is just used to determine the base and precision.
73	mpfr_t result;
74	mpfr_init2(result, `256`);
75	mpfr_t bin_result;
76	mpfr_init2(bin_result, `256`);
77	mpfr_strtofr(result, str_ptr, &out_ptr, `0` / base /, MPFR_RNDN);
78	ptrdiff_t result_strlen = out_ptr - str_ptr;
79	mpfr_strtofr(bin_result, str_ptr, &out_ptr, `2` / base /, MPFR_RNDN);
80	ptrdiff_t bin_result_strlen = out_ptr - str_ptr;
81
82	long double bin_result_ld = mpfr_get_ld(bin_result, MPFR_RNDN);
83	long double result_ld = mpfr_get_ld(result, MPFR_RNDN);
84
85	// This detects if mpfr's strtofr selected a base of 2, which libc does not
86	// support. If a base 2 decoding is detected, it is replaced by a base 10
87	// decoding.
88	if ((bin_result_ld != `0.0` \|\| bin_result_strlen == result_strlen) &&
89	bin_result_ld == result_ld) {
90	mpfr_strtofr(result, str_ptr, &out_ptr, `10` / base /, MPFR_RNDN);
91	result_strlen = out_ptr - str_ptr;
92	base = `10`;
93	}
94
95	auto result_exp = mpfr_get_exp(result);
96
97	mpfr_clear(result);
98	mpfr_clear(bin_result);
99
100	// These must be calculated with the correct precision, and not any more, to
101	// prevent numbers like 66336650.00...01 (many zeroes) from causing an issue.
102	// 66336650 is exactly between two float values (66336652 and 66336648) so the
103	// correct float result for 66336650.00...01 is rounding up to 66336652. The
104	// correct double is instead 66336650, which when converted to float is
105	// rounded down to 66336648. This means we have to compare against the correct
106	// precision to get the correct result.
107
108	// TODO: Add support for other rounding modes.
109	int float_precision = effective_precision<float>(result_exp);
110	if (float_precision >= `2`) {
111	mpfr_t mpfr_float;
112	mpfr_init2(mpfr_float, float_precision);
113	mpfr_strtofr(mpfr_float, str_ptr, &out_ptr, base, MPFR_RNDN);
114	float volatile float_result = mpfr_get_flt(mpfr_float, MPFR_RNDN);
115	auto volatile strtof_result = LIBC_NAMESPACE::strtof(str_ptr, &out_ptr);
116	ptrdiff_t strtof_strlen = out_ptr - str_ptr;
117	if (result_strlen != strtof_strlen)
118	__builtin_trap();
119	// If any result is NaN, all of them should be NaN. We can't use the usual
120	// comparisons because NaN != NaN.
121	if (FPBits<float>(float_result).is_nan() !=
122	FPBits<float>(strtof_result).is_nan())
123	__builtin_trap();
124	if (!FPBits<float>(float_result).is_nan() && float_result != strtof_result)
125	__builtin_trap();
126	mpfr_clear(mpfr_float);
127	}
128
129	int double_precision = effective_precision<double>(result_exp);
130	if (double_precision >= `2`) {
131	mpfr_t mpfr_double;
132	mpfr_init2(mpfr_double, double_precision);
133	mpfr_strtofr(mpfr_double, str_ptr, &out_ptr, base, MPFR_RNDN);
134	double volatile double_result = mpfr_get_d(mpfr_double, MPFR_RNDN);
135	auto volatile strtod_result = LIBC_NAMESPACE::strtod(str_ptr, &out_ptr);
136	auto volatile atof_result = LIBC_NAMESPACE::atof(str_ptr);
137	ptrdiff_t strtod_strlen = out_ptr - str_ptr;
138	if (result_strlen != strtod_strlen)
139	__builtin_trap();
140	if (FPBits<double>(double_result).is_nan() !=
141	FPBits<double>(strtod_result).is_nan() \|\|
142	FPBits<double>(double_result).is_nan() !=
143	FPBits<double>(atof_result).is_nan())
144	__builtin_trap();
145	if (!FPBits<double>(double_result).is_nan() &&
146	(double_result != strtod_result \|\| double_result != atof_result))
147	__builtin_trap();
148	mpfr_clear(mpfr_double);
149	}
150
151	int long_double_precision = effective_precision<long double>(result_exp);
152	if (long_double_precision >= `2`) {
153	mpfr_t mpfr_long_double;
154	mpfr_init2(mpfr_long_double, long_double_precision);
155	mpfr_strtofr(mpfr_long_double, str_ptr, &out_ptr, base, MPFR_RNDN);
156	long double volatile long_double_result =
157	mpfr_get_ld(mpfr_long_double, MPFR_RNDN);
158	auto volatile strtold_result = LIBC_NAMESPACE::strtold(str_ptr, &out_ptr);
159	ptrdiff_t strtold_strlen = out_ptr - str_ptr;
160	if (result_strlen != strtold_strlen)
161	__builtin_trap();
162	if (FPBits<long double>(long_double_result).is_nan() ^
163	FPBits<long double>(strtold_result).is_nan())
164	__builtin_trap();
165	if (!FPBits<long double>(long_double_result).is_nan() &&
166	long_double_result != strtold_result)
167	__builtin_trap();
168	mpfr_clear(mpfr_long_double);
169	}
170
171	delete[] container;
172	return `0`;
173	}
174

source code of libc/fuzzing/stdlib/strtofloat_fuzz.cpp