xref: /llvm-project/libc/fuzzing/stdlib/strtofloat_fuzz.cpp (revision dfdef2cbf738dd1cae99fb521d49086fcbbaf19a) 
1 //===-- strtofloat_fuzz.cpp -----------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 ///
9 /// Fuzzing test for llvm-libc atof implementation.
10 ///
11 //===----------------------------------------------------------------------===//
12 #include "src/stdlib/atof.h"
13 #include "src/stdlib/strtod.h"
14 #include "src/stdlib/strtof.h"
15 #include "src/stdlib/strtold.h"
16 
17 #include "src/__support/FPUtil/FPBits.h"
18 
19 #include "hdr/math_macros.h"
20 #include <stddef.h>
21 #include <stdint.h>
22 
23 #include "utils/MPFRWrapper/mpfr_inc.h"
24 
25 using LIBC_NAMESPACE::fputil::FPBits;
26 
27 // This function calculates the effective precision for a given float type and
28 // exponent. Subnormals have a lower effective precision since they don't
29 // necessarily use all of the bits of the mantissa.
30 template <typename F> inline constexpr int effective_precision(int exponent) {
31   const int full_precision = FPBits<F>::FRACTION_LEN + 1;
32 
33   // This is intended to be 0 when the exponent is the lowest normal and
34   // increase as the exponent's magnitude increases.
35   const int bits_below_normal = (-exponent) - (FPBits<F>::EXP_BIAS - 1);
36 
37   // The precision should be the normal, full precision, minus the bits lost
38   // by this being a subnormal, minus one for the implicit leading one.
39   const int bits_if_subnormal = full_precision - bits_below_normal - 1;
40 
41   if (bits_below_normal >= 0) {
42     return bits_if_subnormal;
43   }
44   return full_precision;
45 }
46 
47 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
48   // const char newstr[] = "123";
49   // data = reinterpret_cast<const uint8_t *>(newstr);
50   // size = sizeof(newstr);
51   uint8_t *container = new uint8_t[size + 1];
52   if (!container)
53     __builtin_trap();
54   size_t i;
55 
56   for (i = 0; i < size; ++i) {
57     // MPFR's strtofr uses "@" as a base-independent exponent symbol
58     if (data[i] != '@')
59       container[i] = data[i];
60     else {
61       container[i] = '#';
62     }
63   }
64   container[size] = '\0'; // Add null terminator to container.
65 
66   const char *str_ptr = reinterpret_cast<const char *>(container);
67 
68   char *out_ptr = nullptr;
69 
70   size_t base = 0;
71 
72   // This is just used to determine the base and precision.
73   mpfr_t result;
74   mpfr_init2(result, 256);
75   mpfr_t bin_result;
76   mpfr_init2(bin_result, 256);
77   mpfr_strtofr(result, str_ptr, &out_ptr, 0 /* base */, MPFR_RNDN);
78   ptrdiff_t result_strlen = out_ptr - str_ptr;
79   mpfr_strtofr(bin_result, str_ptr, &out_ptr, 2 /* base */, MPFR_RNDN);
80   ptrdiff_t bin_result_strlen = out_ptr - str_ptr;
81 
82   long double bin_result_ld = mpfr_get_ld(bin_result, MPFR_RNDN);
83   long double result_ld = mpfr_get_ld(result, MPFR_RNDN);
84 
85   // This detects if mpfr's strtofr selected a base of 2, which libc does not
86   // support. If a base 2 decoding is detected, it is replaced by a base 10
87   // decoding.
88   if ((bin_result_ld != 0.0 || bin_result_strlen == result_strlen) &&
89       bin_result_ld == result_ld) {
90     mpfr_strtofr(result, str_ptr, &out_ptr, 10 /* base */, MPFR_RNDN);
91     result_strlen = out_ptr - str_ptr;
92     base = 10;
93   }
94 
95   auto result_exp = mpfr_get_exp(result);
96 
97   mpfr_clear(result);
98   mpfr_clear(bin_result);
99 
100   // These must be calculated with the correct precision, and not any more, to
101   // prevent numbers like 66336650.00...01 (many zeroes) from causing an issue.
102   // 66336650 is exactly between two float values (66336652 and 66336648) so the
103   // correct float result for 66336650.00...01 is rounding up to 66336652. The
104   // correct double is instead 66336650, which when converted to float is
105   // rounded down to 66336648. This means we have to compare against the correct
106   // precision to get the correct result.
107 
108   // TODO: Add support for other rounding modes.
109   int float_precision = effective_precision<float>(result_exp);
110   if (float_precision >= 2) {
111     mpfr_t mpfr_float;
112     mpfr_init2(mpfr_float, float_precision);
113     mpfr_strtofr(mpfr_float, str_ptr, &out_ptr, base, MPFR_RNDN);
114     float volatile float_result = mpfr_get_flt(mpfr_float, MPFR_RNDN);
115     auto volatile strtof_result = LIBC_NAMESPACE::strtof(str_ptr, &out_ptr);
116     ptrdiff_t strtof_strlen = out_ptr - str_ptr;
117     if (result_strlen != strtof_strlen)
118       __builtin_trap();
119     // If any result is NaN, all of them should be NaN. We can't use the usual
120     // comparisons because NaN != NaN.
121     if (FPBits<float>(float_result).is_nan() !=
122         FPBits<float>(strtof_result).is_nan())
123       __builtin_trap();
124     if (!FPBits<float>(float_result).is_nan() && float_result != strtof_result)
125       __builtin_trap();
126     mpfr_clear(mpfr_float);
127   }
128 
129   int double_precision = effective_precision<double>(result_exp);
130   if (double_precision >= 2) {
131     mpfr_t mpfr_double;
132     mpfr_init2(mpfr_double, double_precision);
133     mpfr_strtofr(mpfr_double, str_ptr, &out_ptr, base, MPFR_RNDN);
134     double volatile double_result = mpfr_get_d(mpfr_double, MPFR_RNDN);
135     auto volatile strtod_result = LIBC_NAMESPACE::strtod(str_ptr, &out_ptr);
136     auto volatile atof_result = LIBC_NAMESPACE::atof(str_ptr);
137     ptrdiff_t strtod_strlen = out_ptr - str_ptr;
138     if (result_strlen != strtod_strlen)
139       __builtin_trap();
140     if (FPBits<double>(double_result).is_nan() !=
141             FPBits<double>(strtod_result).is_nan() ||
142         FPBits<double>(double_result).is_nan() !=
143             FPBits<double>(atof_result).is_nan())
144       __builtin_trap();
145     if (!FPBits<double>(double_result).is_nan() &&
146         (double_result != strtod_result || double_result != atof_result))
147       __builtin_trap();
148     mpfr_clear(mpfr_double);
149   }
150 
151   int long_double_precision = effective_precision<long double>(result_exp);
152   if (long_double_precision >= 2) {
153     mpfr_t mpfr_long_double;
154     mpfr_init2(mpfr_long_double, long_double_precision);
155     mpfr_strtofr(mpfr_long_double, str_ptr, &out_ptr, base, MPFR_RNDN);
156     long double volatile long_double_result =
157         mpfr_get_ld(mpfr_long_double, MPFR_RNDN);
158     auto volatile strtold_result = LIBC_NAMESPACE::strtold(str_ptr, &out_ptr);
159     ptrdiff_t strtold_strlen = out_ptr - str_ptr;
160     if (result_strlen != strtold_strlen)
161       __builtin_trap();
162     if (FPBits<long double>(long_double_result).is_nan() ^
163         FPBits<long double>(strtold_result).is_nan())
164       __builtin_trap();
165     if (!FPBits<long double>(long_double_result).is_nan() &&
166         long_double_result != strtold_result)
167       __builtin_trap();
168     mpfr_clear(mpfr_long_double);
169   }
170 
171   delete[] container;
172   return 0;
173 }
174