Creating branches/google/stable and tags/google/stable/2019-05-14 from r360103google/stable

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/branches/google/stable@360714 91177308-0d34-0410-b5e6-96231b3b80d8

148 files changed, 820 insertions, 376 deletions

diff --git a/test/fuzzer/AFLDriverTest.cpp b/test/fuzzer/AFLDriverTest.cpp
index b949adc7d..84b5f9f6b 100644
--- a/test/fuzzer/AFLDriverTest.cpp
+++ b/test/fuzzer/AFLDriverTest.cpp
@@ -1,28 +1,34 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
-// Contains dummy functions used to avoid dependency on AFL.
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 
+// Dummy functions used to avoid dependency on AFL.
 extern "C" void __afl_manual_init() {}
 
 extern "C" int __afl_persistent_loop(unsigned int N) {
   static int Count = N;
-  fprintf(stderr, "__afl_persistent_loop calle, Count = %d\n", Count);
-  if (Count--) return 1;
-  return 0;
+  fprintf(stderr, "__afl_persistent_loop called, Count = %d\n", Count);
+  return Count--;
 }
 
 // This declaration exists to prevent the Darwin linker
 // from complaining about this being a missing weak symbol.
 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
-  fprintf(stderr, "LLVMFuzzerInitialize called\n");
   return 0;
 }
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-  fprintf(stderr, "LLVMFuzzerTestOneInput called; Size = %zd\n", Size);
-  return 0;
+  puts("STDOUT MESSAGE");
+  fflush(stdout);
+  fprintf(stderr, "STDERR MESSAGE\n"
+                  "LLVMFuzzerTestOneInput called; Size = %zd\n",
+          Size);
+  if (Size < 4)
+    return 0;
+
+  return Data[Size];
 }
diff --git a/test/fuzzer/AbsNegAndConstant64Test.cpp b/test/fuzzer/AbsNegAndConstant64Test.cpp
index 0ba80b61d..c079b2070 100644
--- a/test/fuzzer/AbsNegAndConstant64Test.cpp
+++ b/test/fuzzer/AbsNegAndConstant64Test.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // abs(x) < 0 and y == Const puzzle, 64-bit variant.
 #include <cstddef>
diff --git a/test/fuzzer/AbsNegAndConstantTest.cpp b/test/fuzzer/AbsNegAndConstantTest.cpp
index a3f534980..a0eedc19c 100644
--- a/test/fuzzer/AbsNegAndConstantTest.cpp
+++ b/test/fuzzer/AbsNegAndConstantTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // abs(x) < 0 and y == Const puzzle.
 #include <cstddef>
diff --git a/test/fuzzer/AccumulateAllocationsTest.cpp b/test/fuzzer/AccumulateAllocationsTest.cpp
index e9acd7ccb..91886fa16 100644
--- a/test/fuzzer/AccumulateAllocationsTest.cpp
+++ b/test/fuzzer/AccumulateAllocationsTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test with a more mallocs than frees, but no leak.
 #include <cstddef>
diff --git a/test/fuzzer/AcquireCrashStateTest.cpp b/test/fuzzer/AcquireCrashStateTest.cpp
index 0fe71fd46..3035021ba 100644
--- a/test/fuzzer/AcquireCrashStateTest.cpp
+++ b/test/fuzzer/AcquireCrashStateTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Ensures that error reports are suppressed after
 // __sanitizer_acquire_crash_state() has been called the first time.
diff --git a/test/fuzzer/AlignmentAssumptionTest.cpp b/test/fuzzer/AlignmentAssumptionTest.cpp
index be51d37e8..a9c4fc6c2 100644
--- a/test/fuzzer/AlignmentAssumptionTest.cpp
+++ b/test/fuzzer/AlignmentAssumptionTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test for alignment assumption failure.
 
@@ -19,7 +20,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     if (Size > 1 && Data[1] == 'i') {
       Sink = 2;
       if (Size > 2 && Data[2] == '!') {
-        __builtin_assume_aligned(Data + 1, 0x8000);
+        auto r = __builtin_assume_aligned(Data + 1, 0x8000);
       }
     }
   }
diff --git a/test/fuzzer/BadStrcmpTest.cpp b/test/fuzzer/BadStrcmpTest.cpp
index ba2b068f7..4ab2b7094 100644
--- a/test/fuzzer/BadStrcmpTest.cpp
+++ b/test/fuzzer/BadStrcmpTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test that we don't creash in case of bad strcmp params.
 #include <cstddef>
diff --git a/test/fuzzer/BogusInitializeTest.cpp b/test/fuzzer/BogusInitializeTest.cpp
index c7e81a547..925252168 100644
--- a/test/fuzzer/BogusInitializeTest.cpp
+++ b/test/fuzzer/BogusInitializeTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Make sure LLVMFuzzerInitialize does not change argv[0].
 #include <stddef.h>
diff --git a/test/fuzzer/BufferOverflowOnInput.cpp b/test/fuzzer/BufferOverflowOnInput.cpp
index 159da92d4..6e53cd98f 100644
--- a/test/fuzzer/BufferOverflowOnInput.cpp
+++ b/test/fuzzer/BufferOverflowOnInput.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the string "Hi!".
 #include <assert.h>
diff --git a/test/fuzzer/CMakeLists.txt b/test/fuzzer/CMakeLists.txt
index ef46ec4a9..de0268e14 100644
--- a/test/fuzzer/CMakeLists.txt
+++ b/test/fuzzer/CMakeLists.txt
@@ -12,8 +12,9 @@ if (NOT COMPILER_RT_STANDALONE_BUILD)
   endif()
 endif()
 
+set(FUZZER_TEST_ARCH ${FUZZER_SUPPORTED_ARCH})
 if (APPLE)
-  darwin_filter_host_archs(FUZZER_SUPPORTED_ARCH FUZZER_SUPPORTED_ARCH)
+  darwin_filter_host_archs(FUZZER_SUPPORTED_ARCH FUZZER_TEST_ARCH)
 endif()
 
 if(COMPILER_RT_INCLUDE_TESTS)
@@ -45,10 +46,11 @@ macro(test_fuzzer stdlib)
     string(REGEX REPLACE "^.(.*)" "${first_letter}\\1" part "${part}")
     set(STDLIB_CAPITALIZED "${STDLIB_CAPITALIZED}${part}")
   endforeach()
-  foreach(arch ${FUZZER_SUPPORTED_ARCH})
+  foreach(arch ${FUZZER_TEST_ARCH})
     set(LIBFUZZER_TEST_COMPILER ${COMPILER_RT_TEST_COMPILER})
     get_test_cc_for_arch(${arch} LIBFUZZER_TEST_COMPILER LIBFUZZER_TEST_FLAGS)
 
+    set(LIBFUZZER_TEST_TARGET_ARCH ${arch})
     set(LIBFUZZER_TEST_APPLE_PLATFORM "osx")
 
     set(LIBFUZZER_TEST_STDLIB ${stdlib})
diff --git a/test/fuzzer/CallerCalleeTest.cpp b/test/fuzzer/CallerCalleeTest.cpp
index ed9f37cc1..4b38983f7 100644
--- a/test/fuzzer/CallerCalleeTest.cpp
+++ b/test/fuzzer/CallerCalleeTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer.
 // Try to find the target using the indirect caller-callee pairs.
diff --git a/test/fuzzer/CleanseTest.cpp b/test/fuzzer/CleanseTest.cpp
index d4efa12bb..2ff5ebfb3 100644
--- a/test/fuzzer/CleanseTest.cpp
+++ b/test/fuzzer/CleanseTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test the fuzzer is able to 'cleanse' the reproducer
 // by replacing all irrelevant bytes with garbage.
diff --git a/test/fuzzer/CompressedTest.cpp b/test/fuzzer/CompressedTest.cpp
new file mode 100644
index 000000000..ec969cbae
--- /dev/null
+++ b/test/fuzzer/CompressedTest.cpp
@@ -0,0 +1,61 @@
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+// A fuzz target that consumes a Zlib-compressed input.
+// This test verifies that we can find this bug with a custom mutator.
+#include <cstddef>
+#include <cstdint>
+#include <cstdio>
+#include <cstdlib>
+#include <zlib.h>
+
+// The fuzz target.
+// Uncompress the data, crash on input starting with "FU".
+// Good luck finding this w/o a custom mutator. :)
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  uint8_t Uncompressed[100];
+  size_t UncompressedLen = sizeof(Uncompressed);
+  if (Z_OK != uncompress(Uncompressed, &UncompressedLen, Data, Size))
+    return 0;
+  if (UncompressedLen < 2) return 0;
+  if (Uncompressed[0] == 'F' && Uncompressed[1] == 'U')
+    abort();  // Boom
+  return 0;
+}
+
+#ifdef CUSTOM_MUTATOR
+
+// Forward-declare the libFuzzer's mutator callback.
+extern "C" size_t
+LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
+
+// The custom mutator:
+//   * deserialize the data (in this case, uncompress).
+//     * If the data doesn't deserialize, create a properly serialized dummy.
+//   * Mutate the deserialized data (in this case, just call LLVMFuzzerMutate).
+//   * Serialize the mutated data (in this case, compress).
+extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
+                                          size_t MaxSize, unsigned int Seed) {
+  uint8_t Uncompressed[100];
+  size_t UncompressedLen = sizeof(Uncompressed);
+  size_t CompressedLen = MaxSize;
+  if (Z_OK != uncompress(Uncompressed, &UncompressedLen, Data, Size)) {
+    // The data didn't uncompress.
+    // So, it's either a broken input and we want to ignore it,
+    // or we've started fuzzing from an empty corpus and we need to supply
+    // out first properly compressed input.
+    uint8_t Dummy[] = {'H', 'i'};
+    if (Z_OK != compress(Data, &CompressedLen, Dummy, sizeof(Dummy)))
+      return 0;
+    // fprintf(stderr, "Dummy: max %zd res %zd\n", MaxSize, CompressedLen);
+    return CompressedLen;
+  }
+  UncompressedLen =
+      LLVMFuzzerMutate(Uncompressed, UncompressedLen, sizeof(Uncompressed));
+  if (Z_OK != compress(Data, &CompressedLen, Uncompressed, UncompressedLen))
+    return 0;
+  return CompressedLen;
+}
+
+#endif  // CUSTOM_MUTATOR
diff --git a/test/fuzzer/CounterTest.cpp b/test/fuzzer/CounterTest.cpp
index 4917934c6..84112f9e8 100644
--- a/test/fuzzer/CounterTest.cpp
+++ b/test/fuzzer/CounterTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test for a fuzzer: must find the case where a particular basic block is
 // executed many times.
diff --git a/test/fuzzer/CrossOverTest.cpp b/test/fuzzer/CrossOverTest.cpp
new file mode 100644
index 000000000..a7643570a
--- /dev/null
+++ b/test/fuzzer/CrossOverTest.cpp
@@ -0,0 +1,54 @@
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+// Test for a fuzzer. The fuzzer must find the string
+// ABCDEFGHIJ
+// We use it as a test for CrossOver functionality
+// by passing two inputs to it:
+// ABCDE00000
+// ZZZZZFGHIJ
+//
+#include <assert.h>
+#include <cstddef>
+#include <cstdint>
+#include <cstdlib>
+#include <iostream>
+#include <ostream>
+
+static volatile int Sink;
+static volatile int *NullPtr;
+
+// A modified jenkins_one_at_a_time_hash initialized by non-zero,
+// so that simple_hash(0) != 0. See also
+// https://en.wikipedia.org/wiki/Jenkins_hash_function
+static uint32_t simple_hash(const uint8_t *Data, size_t Size) {
+  uint32_t Hash = 0x12039854;
+  for (uint32_t i = 0; i < Size; i++) {
+    Hash += Data[i];
+    Hash += (Hash << 10);
+    Hash ^= (Hash >> 6);
+  }
+  Hash += (Hash << 3);
+  Hash ^= (Hash >> 11);
+  Hash += (Hash << 15);
+  return Hash;
+}
+
+// Don't leave the string in the binary, so that fuzzer don't cheat;
+// const char *ABC = "ABCDEFGHIJ";
+// static uint32_t ExpectedHash = simple_hash((const uint8_t *)ABC, 10);
+static const uint32_t ExpectedHash = 0xe1677acb;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  // fprintf(stderr, "ExpectedHash: %x\n", ExpectedHash);
+  if (Size != 10) return 0;
+  if (*Data == 'A')
+    Sink++;
+  if (*Data == 'Z')
+    Sink--;
+  if (ExpectedHash == simple_hash(Data, Size))
+    *NullPtr = 0;
+  return 0;
+}
+
diff --git a/test/fuzzer/CustomCrossOverAndMutateTest.cpp b/test/fuzzer/CustomCrossOverAndMutateTest.cpp
index 74fc93953..37f073b10 100644
--- a/test/fuzzer/CustomCrossOverAndMutateTest.cpp
+++ b/test/fuzzer/CustomCrossOverAndMutateTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test that libFuzzer does not crash when LLVMFuzzerMutate called from
 // LLVMFuzzerCustomCrossOver.
diff --git a/test/fuzzer/CustomCrossOverTest.cpp b/test/fuzzer/CustomCrossOverTest.cpp
index bd9afe774..36062edd4 100644
--- a/test/fuzzer/CustomCrossOverTest.cpp
+++ b/test/fuzzer/CustomCrossOverTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a cutom crossover.
 #include <assert.h>
diff --git a/test/fuzzer/CustomMutatorTest.cpp b/test/fuzzer/CustomMutatorTest.cpp
index b2adb9408..51b6169eb 100644
--- a/test/fuzzer/CustomMutatorTest.cpp
+++ b/test/fuzzer/CustomMutatorTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a cutom mutator.
 #include <assert.h>
diff --git a/test/fuzzer/CxxStringEqTest.cpp b/test/fuzzer/CxxStringEqTest.cpp
index 924851c5a..b33f474f0 100644
--- a/test/fuzzer/CxxStringEqTest.cpp
+++ b/test/fuzzer/CxxStringEqTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. Must find a specific string
 // used in std::string operator ==.
diff --git a/test/fuzzer/DSO1.cpp b/test/fuzzer/DSO1.cpp
index 72a5ec4a0..c164bf629 100644
--- a/test/fuzzer/DSO1.cpp
+++ b/test/fuzzer/DSO1.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Source code for a simple DSO.
 #ifdef _WIN32
diff --git a/test/fuzzer/DSO2.cpp b/test/fuzzer/DSO2.cpp
index 2967055dc..ed0ee4386 100644
--- a/test/fuzzer/DSO2.cpp
+++ b/test/fuzzer/DSO2.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Source code for a simple DSO.
 #ifdef _WIN32
diff --git a/test/fuzzer/DSOTestExtra.cpp b/test/fuzzer/DSOTestExtra.cpp
index a2274d070..a0d156d79 100644
--- a/test/fuzzer/DSOTestExtra.cpp
+++ b/test/fuzzer/DSOTestExtra.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Source code for a simple DSO.
 
diff --git a/test/fuzzer/DSOTestMain.cpp b/test/fuzzer/DSOTestMain.cpp
index e0c857d4f..b2a85a770 100644
--- a/test/fuzzer/DSOTestMain.cpp
+++ b/test/fuzzer/DSOTestMain.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Source code for a simple DSO.
 
diff --git a/test/fuzzer/DeepRecursionTest.cpp b/test/fuzzer/DeepRecursionTest.cpp
index bf4621d04..aaef38960 100644
--- a/test/fuzzer/DeepRecursionTest.cpp
+++ b/test/fuzzer/DeepRecursionTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the deep recursion.
 // To generate a crashy input:
diff --git a/test/fuzzer/DivTest.cpp b/test/fuzzer/DivTest.cpp
index bce13feb7..5a6ae7622 100644
--- a/test/fuzzer/DivTest.cpp
+++ b/test/fuzzer/DivTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer: find the interesting argument for div.
 #include <assert.h>
diff --git a/test/fuzzer/EmptyTest.cpp b/test/fuzzer/EmptyTest.cpp
index 5e843308f..4d690e83b 100644
--- a/test/fuzzer/EmptyTest.cpp
+++ b/test/fuzzer/EmptyTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 //
 // A fuzzer with empty target function.
 
diff --git a/test/fuzzer/EquivalenceATest.cpp b/test/fuzzer/EquivalenceATest.cpp
index 7d1ebb0f6..32aa4a812 100644
--- a/test/fuzzer/EquivalenceATest.cpp
+++ b/test/fuzzer/EquivalenceATest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 #include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
diff --git a/test/fuzzer/EquivalenceBTest.cpp b/test/fuzzer/EquivalenceBTest.cpp
index b1de208b5..a4da77316 100644
--- a/test/fuzzer/EquivalenceBTest.cpp
+++ b/test/fuzzer/EquivalenceBTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 #include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
diff --git a/test/fuzzer/ExplodeDFSanLabelsTest.cpp b/test/fuzzer/ExplodeDFSanLabelsTest.cpp
index 0decff8ff..a823f3725 100644
--- a/test/fuzzer/ExplodeDFSanLabelsTest.cpp
+++ b/test/fuzzer/ExplodeDFSanLabelsTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // When tracing data flow, explode the number of DFSan labels.
 #include <cstddef>
@@ -11,6 +12,8 @@ __attribute__((noinline))
 void f(uint8_t a, uint8_t b, uint8_t c, uint8_t d) {
   if (a == b + 1 && c == d + 2)
     sink++;
+  if (a == d + 1 && c == b + 2)
+    sink++;
 }
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
diff --git a/test/fuzzer/FlagsTest.cpp b/test/fuzzer/FlagsTest.cpp
index 6eeac177b..8acd2f99b 100644
--- a/test/fuzzer/FlagsTest.cpp
+++ b/test/fuzzer/FlagsTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Parse some flags
 #include <string>
diff --git a/test/fuzzer/FourIndependentBranchesTest.cpp b/test/fuzzer/FourIndependentBranchesTest.cpp
index bbf5ea235..712f94244 100644
--- a/test/fuzzer/FourIndependentBranchesTest.cpp
+++ b/test/fuzzer/FourIndependentBranchesTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the string "FUZZ".
 #include <cstddef>
diff --git a/test/fuzzer/FullCoverageSetTest.cpp b/test/fuzzer/FullCoverageSetTest.cpp
index 6d7e48fe5..7409022fa 100644
--- a/test/fuzzer/FullCoverageSetTest.cpp
+++ b/test/fuzzer/FullCoverageSetTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the string "FUZZER".
 #include <cstddef>
diff --git a/test/fuzzer/GcSectionsTest.cpp b/test/fuzzer/GcSectionsTest.cpp
index fd9da7735..730167c45 100644
--- a/test/fuzzer/GcSectionsTest.cpp
+++ b/test/fuzzer/GcSectionsTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer.
 // The unused function should not be present in the binary.
diff --git a/test/fuzzer/ImplicitIntegerSignChangeTest.cpp b/test/fuzzer/ImplicitIntegerSignChangeTest.cpp
index 0fd7df0e2..f925afd4d 100644
--- a/test/fuzzer/ImplicitIntegerSignChangeTest.cpp
+++ b/test/fuzzer/ImplicitIntegerSignChangeTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test for implicit-integer-sign-change.
 #include <assert.h>
diff --git a/test/fuzzer/ImplicitSignedIntegerTruncationOrSignChangeTest.cpp b/test/fuzzer/ImplicitSignedIntegerTruncationOrSignChangeTest.cpp
index 6e65f5442..e365d599c 100644
--- a/test/fuzzer/ImplicitSignedIntegerTruncationOrSignChangeTest.cpp
+++ b/test/fuzzer/ImplicitSignedIntegerTruncationOrSignChangeTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test for implicit-signed-integer-truncation-or-sign-change.
 #include <assert.h>
diff --git a/test/fuzzer/ImplicitSignedIntegerTruncationTest.cpp b/test/fuzzer/ImplicitSignedIntegerTruncationTest.cpp
index 9a17802e2..3e175a1de 100644
--- a/test/fuzzer/ImplicitSignedIntegerTruncationTest.cpp
+++ b/test/fuzzer/ImplicitSignedIntegerTruncationTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test for signed-integer-overflow.
 #include <assert.h>
diff --git a/test/fuzzer/ImplicitUnsignedIntegerTruncationTest.cpp b/test/fuzzer/ImplicitUnsignedIntegerTruncationTest.cpp
index c0bf40ab0..5c22a0a3a 100644
--- a/test/fuzzer/ImplicitUnsignedIntegerTruncationTest.cpp
+++ b/test/fuzzer/ImplicitUnsignedIntegerTruncationTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test for unsigned-integer-overflow.
 #include <assert.h>
diff --git a/test/fuzzer/InitializeTest.cpp b/test/fuzzer/InitializeTest.cpp
index 5022c9efa..f0299e1f6 100644
--- a/test/fuzzer/InitializeTest.cpp
+++ b/test/fuzzer/InitializeTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Make sure LLVMFuzzerInitialize is called.
 #include <assert.h>
diff --git a/test/fuzzer/IntegerOverflowTest.cpp b/test/fuzzer/IntegerOverflowTest.cpp
new file mode 100644
index 000000000..4f5a259dc
--- /dev/null
+++ b/test/fuzzer/IntegerOverflowTest.cpp
@@ -0,0 +1,17 @@
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+// Simple test for a fuzzer. The fuzzer must find the string "Hi" and cause an
+// integer overflow.
+#include <cstddef>
+#include <cstdint>
+
+static int Val = 1 << 30;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size >= 2 && Data[0] == 'H' && Data[1] == 'i')
+    Val += Val;
+  return 0;
+}
+
diff --git a/test/fuzzer/LargeTest.cpp b/test/fuzzer/LargeTest.cpp
index 83ed61971..59a1619c0 100644
--- a/test/fuzzer/LargeTest.cpp
+++ b/test/fuzzer/LargeTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // A fuzz target with lots of edges.
 #include <cstdint>
diff --git a/test/fuzzer/LeakTest.cpp b/test/fuzzer/LeakTest.cpp
index f259e9d35..b4f7e5dfc 100644
--- a/test/fuzzer/LeakTest.cpp
+++ b/test/fuzzer/LeakTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test with a leak.
 #include <cstddef>
diff --git a/test/fuzzer/LeakTimeoutTest.cpp b/test/fuzzer/LeakTimeoutTest.cpp
index 92526194a..a4c89ce7d 100644
--- a/test/fuzzer/LeakTimeoutTest.cpp
+++ b/test/fuzzer/LeakTimeoutTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test with a leak.
 #include <cstddef>
diff --git a/test/fuzzer/LoadTest.cpp b/test/fuzzer/LoadTest.cpp
index 67a28c7cb..9cf101542 100644
--- a/test/fuzzer/LoadTest.cpp
+++ b/test/fuzzer/LoadTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer: find interesting value of array index.
 #include <assert.h>
diff --git a/test/fuzzer/MagicSeparatorTest.cpp b/test/fuzzer/MagicSeparatorTest.cpp
new file mode 100644
index 000000000..2c0fbc90c
--- /dev/null
+++ b/test/fuzzer/MagicSeparatorTest.cpp
@@ -0,0 +1,49 @@
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+// Simple test for a fuzzer.
+// This is a sample fuzz target for a custom serialization format that uses
+// a magic separator to split the input into several independent buffers.
+// The fuzzer must find the input consisting of 2 subinputs: "Fuzz" and "me".
+#include <cassert>
+#include <cstdint>
+#include <cstdio>
+#include <cstdlib>
+#include <cstring>
+
+#include <algorithm>
+#include <vector>
+
+// Splits [data,data+size) into a vector of strings using a "magic" Separator.
+std::vector<std::vector<uint8_t>> SplitInput(const uint8_t *Data, size_t Size,
+                                     const uint8_t *Separator,
+                                     size_t SeparatorSize) {
+  std::vector<std::vector<uint8_t>> Res;
+  assert(SeparatorSize > 0);
+  auto Beg = Data;
+  auto End = Data + Size;
+  // Using memmem here. std::search may be harder for libFuzzer today.
+  while (const uint8_t *Pos = (const uint8_t *)memmem(Beg, End - Beg,
+                                     Separator, SeparatorSize)) {
+    Res.push_back({Beg, Pos});
+    Beg = Pos + SeparatorSize;
+  }
+  if (Beg < End)
+    Res.push_back({Beg, End});
+  return Res;
+}
+
+static volatile int *Nil = nullptr;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size > 10) return 0;  // To make the test quick.
+  const uint8_t Separator[] = {0xDE, 0xAD, 0xBE, 0xEF};
+  auto Inputs = SplitInput(Data, Size, Separator, sizeof(Separator));
+  std::vector<uint8_t> Fuzz({'F', 'u', 'z', 'z'});
+  std::vector<uint8_t> Me({'m', 'e'});
+  if (Inputs.size() == 2 && Inputs[0] == Fuzz && Inputs[1] == Me)
+    *Nil = 42;  // crash.
+  return 0;
+}
+
diff --git a/test/fuzzer/Memcmp64BytesTest.cpp b/test/fuzzer/Memcmp64BytesTest.cpp
index 5b6cb7071..e2c0db22b 100644
--- a/test/fuzzer/Memcmp64BytesTest.cpp
+++ b/test/fuzzer/Memcmp64BytesTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find a particular string.
 #include <cassert>
diff --git a/test/fuzzer/MemcmpTest.cpp b/test/fuzzer/MemcmpTest.cpp
index 8dbb7d84f..060c5b9b1 100644
--- a/test/fuzzer/MemcmpTest.cpp
+++ b/test/fuzzer/MemcmpTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find a particular string.
 #include <cstdint>
diff --git a/test/fuzzer/MultipleConstraintsOnSmallInputTest.cpp b/test/fuzzer/MultipleConstraintsOnSmallInputTest.cpp
index 8e24acbcf..ddc0a931c 100644
--- a/test/fuzzer/MultipleConstraintsOnSmallInputTest.cpp
+++ b/test/fuzzer/MultipleConstraintsOnSmallInputTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 //
 // echo -en 'Im_so_cute&pretty_:)' > crash
 //
diff --git a/test/fuzzer/NotinstrumentedTest.cpp b/test/fuzzer/NotinstrumentedTest.cpp
index 91418990b..3d0124736 100644
--- a/test/fuzzer/NotinstrumentedTest.cpp
+++ b/test/fuzzer/NotinstrumentedTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // This test should not be instrumented.
 #include <cstddef>
diff --git a/test/fuzzer/NthRunCrashTest.cpp b/test/fuzzer/NthRunCrashTest.cpp
index 26cdc8f17..869b72339 100644
--- a/test/fuzzer/NthRunCrashTest.cpp
+++ b/test/fuzzer/NthRunCrashTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Crash on the N-th execution.
 #include <cstddef>
diff --git a/test/fuzzer/NullDerefOnEmptyTest.cpp b/test/fuzzer/NullDerefOnEmptyTest.cpp
index 459db51f8..d9c85348c 100644
--- a/test/fuzzer/NullDerefOnEmptyTest.cpp
+++ b/test/fuzzer/NullDerefOnEmptyTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the empty string.
 #include <cstddef>
diff --git a/test/fuzzer/NullDerefTest.cpp b/test/fuzzer/NullDerefTest.cpp
index 48df0f54c..32a366141 100644
--- a/test/fuzzer/NullDerefTest.cpp
+++ b/test/fuzzer/NullDerefTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the string "Hi!".
 #include <cstddef>
diff --git a/test/fuzzer/OneHugeAllocTest.cpp b/test/fuzzer/OneHugeAllocTest.cpp
index 32a557871..34c51f522 100644
--- a/test/fuzzer/OneHugeAllocTest.cpp
+++ b/test/fuzzer/OneHugeAllocTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Tests OOM handling when there is a single large allocation.
 #include <assert.h>
diff --git a/test/fuzzer/OnlySomeBytesTest.cpp b/test/fuzzer/OnlySomeBytesTest.cpp
index 076cda063..60de710e8 100644
--- a/test/fuzzer/OnlySomeBytesTest.cpp
+++ b/test/fuzzer/OnlySomeBytesTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Find ABCxxFxUxZxxx... (2048+ bytes, 'x' is any byte)
 #include <assert.h>
diff --git a/test/fuzzer/OutOfMemorySingleLargeMallocTest.cpp b/test/fuzzer/OutOfMemorySingleLargeMallocTest.cpp
index a07795a08..5a6b49ff1 100644
--- a/test/fuzzer/OutOfMemorySingleLargeMallocTest.cpp
+++ b/test/fuzzer/OutOfMemorySingleLargeMallocTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Tests OOM handling.
 #include <assert.h>
diff --git a/test/fuzzer/OutOfMemoryTest.cpp b/test/fuzzer/OutOfMemoryTest.cpp
index 5e59bde09..ae8e6ee3b 100644
--- a/test/fuzzer/OutOfMemoryTest.cpp
+++ b/test/fuzzer/OutOfMemoryTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Tests OOM handling.
 #include <assert.h>
diff --git a/test/fuzzer/OverwriteInputTest.cpp b/test/fuzzer/OverwriteInputTest.cpp
index e68868234..b5f40a7e8 100644
--- a/test/fuzzer/OverwriteInputTest.cpp
+++ b/test/fuzzer/OverwriteInputTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. Make sure we abort if Data is overwritten.
 #include <cstdint>
diff --git a/test/fuzzer/PrintFuncTest.cpp b/test/fuzzer/PrintFuncTest.cpp
index d41b46239..1520e82b9 100644
--- a/test/fuzzer/PrintFuncTest.cpp
+++ b/test/fuzzer/PrintFuncTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the string "Hi!".
 #include <cstddef>
diff --git a/test/fuzzer/ReadBinaryTest.cpp b/test/fuzzer/ReadBinaryTest.cpp
index de7a40036..b4c2a4b8a 100644
--- a/test/fuzzer/ReadBinaryTest.cpp
+++ b/test/fuzzer/ReadBinaryTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. Tests that fuzzer can read a file containing
 // carriage returns.
diff --git a/test/fuzzer/ReloadTest.cpp b/test/fuzzer/ReloadTest.cpp
new file mode 100644
index 000000000..853f7ba99
--- /dev/null
+++ b/test/fuzzer/ReloadTest.cpp
@@ -0,0 +1,24 @@
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+// Test that fuzzer we can reload artifacts with any bytes inside.
+#include <algorithm>
+#include <cstdint>
+#include <cstdlib>
+#include <numeric>
+#include <set>
+
+extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
+                                          size_t MaxSize, unsigned int Seed) {
+  std::srand(Seed);
+  std::generate(Data, Data + MaxSize, std::rand);
+  return MaxSize;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size > 5000 && std::set<uint8_t>(Data, Data + Size).size() > 255 &&
+      (uint8_t)std::accumulate(Data, Data + Size, uint8_t(Size)) == 0)
+    abort();
+  return 0;
+}
diff --git a/test/fuzzer/RepeatedBytesTest.cpp b/test/fuzzer/RepeatedBytesTest.cpp
index 31868cf8c..1ed822a3d 100644
--- a/test/fuzzer/RepeatedBytesTest.cpp
+++ b/test/fuzzer/RepeatedBytesTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find repeated bytes.
 #include <assert.h>
diff --git a/test/fuzzer/RepeatedMemcmp.cpp b/test/fuzzer/RepeatedMemcmp.cpp
index 18369deac..0363adf39 100644
--- a/test/fuzzer/RepeatedMemcmp.cpp
+++ b/test/fuzzer/RepeatedMemcmp.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 #include <cstdint>
 #include <cstdio>
diff --git a/test/fuzzer/ShallowOOMDeepCrash.cpp b/test/fuzzer/ShallowOOMDeepCrash.cpp
new file mode 100644
index 000000000..197fffa5e
--- /dev/null
+++ b/test/fuzzer/ShallowOOMDeepCrash.cpp
@@ -0,0 +1,22 @@
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+// Simple test for a fuzzer.
+// Here the target has a shallow OOM bug and a deeper crash.
+// Make sure we can find the crash while ignoring OOMs.
+#include <cstddef>
+#include <cstdint>
+
+static volatile int *Sink;
+static volatile int *Zero;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size >= 3 && Data[0] == 'O' && Data[1] == 'O' && Data[2] == 'M')
+    Sink = new int[1 << 28]; // instant OOM with -rss_limit_mb=128.
+  if (Size >= 4 && Data[0] == 'F' && Data[1] == 'U' && Data[2] == 'Z' &&
+      Data[3] == 'Z')  // a bit deeper crash.
+    *Zero = 42;
+  return 0;
+}
+
diff --git a/test/fuzzer/ShrinkControlFlowSimpleTest.cpp b/test/fuzzer/ShrinkControlFlowSimpleTest.cpp
index 0afd26df2..d63905ae9 100644
--- a/test/fuzzer/ShrinkControlFlowSimpleTest.cpp
+++ b/test/fuzzer/ShrinkControlFlowSimpleTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test that we can find the minimal item in the corpus (3 bytes: "FUZ").
 #include <cstddef>
diff --git a/test/fuzzer/ShrinkControlFlowTest.cpp b/test/fuzzer/ShrinkControlFlowTest.cpp
index 1957c1f90..886bc066b 100644
--- a/test/fuzzer/ShrinkControlFlowTest.cpp
+++ b/test/fuzzer/ShrinkControlFlowTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test that we can find the minimal item in the corpus (3 bytes: "FUZ").
 #include <cstddef>
diff --git a/test/fuzzer/ShrinkValueProfileTest.cpp b/test/fuzzer/ShrinkValueProfileTest.cpp
index dddf493da..4d4c0b599 100644
--- a/test/fuzzer/ShrinkValueProfileTest.cpp
+++ b/test/fuzzer/ShrinkValueProfileTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test that we can find the minimal item in the corpus (4 bytes: "FUZZ").
 #include <cstddef>
diff --git a/test/fuzzer/SignedIntOverflowTest.cpp b/test/fuzzer/SignedIntOverflowTest.cpp
index d80060207..5283304ea 100644
--- a/test/fuzzer/SignedIntOverflowTest.cpp
+++ b/test/fuzzer/SignedIntOverflowTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test for signed-integer-overflow.
 #include <assert.h>
diff --git a/test/fuzzer/SimpleCmpTest.cpp b/test/fuzzer/SimpleCmpTest.cpp
index 3bb28c173..5768493d8 100644
--- a/test/fuzzer/SimpleCmpTest.cpp
+++ b/test/fuzzer/SimpleCmpTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find several narrow ranges.
 #include <cstdint>
diff --git a/test/fuzzer/SimpleDictionaryTest.cpp b/test/fuzzer/SimpleDictionaryTest.cpp
index ffa2e4137..72b2440d4 100644
--- a/test/fuzzer/SimpleDictionaryTest.cpp
+++ b/test/fuzzer/SimpleDictionaryTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer.
 // The fuzzer must find a string based on dictionary words:
diff --git a/test/fuzzer/SimpleHashTest.cpp b/test/fuzzer/SimpleHashTest.cpp
index 99e96cb25..6ca8ac699 100644
--- a/test/fuzzer/SimpleHashTest.cpp
+++ b/test/fuzzer/SimpleHashTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // This test computes a checksum of the data (all but the last 4 bytes),
 // and then compares the last 4 bytes with the computed value.
diff --git a/test/fuzzer/SimpleTest.cpp b/test/fuzzer/SimpleTest.cpp
index 3882a842b..c51227ba2 100644
--- a/test/fuzzer/SimpleTest.cpp
+++ b/test/fuzzer/SimpleTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the string "Hi!".
 #include <assert.h>
diff --git a/test/fuzzer/SimpleTestStdio.cpp b/test/fuzzer/SimpleTestStdio.cpp
index ed7fe1cb3..36387b362 100644
--- a/test/fuzzer/SimpleTestStdio.cpp
+++ b/test/fuzzer/SimpleTestStdio.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the string "Hi!".
 #include <assert.h>
diff --git a/test/fuzzer/SimpleThreadedTest.cpp b/test/fuzzer/SimpleThreadedTest.cpp
index deeae756a..8f4cf6a9a 100644
--- a/test/fuzzer/SimpleThreadedTest.cpp
+++ b/test/fuzzer/SimpleThreadedTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Threaded test for a fuzzer. The fuzzer should find "H"
 #include <assert.h>
diff --git a/test/fuzzer/SingleByteInputTest.cpp b/test/fuzzer/SingleByteInputTest.cpp
index 72b58ba91..5244653fc 100644
--- a/test/fuzzer/SingleByteInputTest.cpp
+++ b/test/fuzzer/SingleByteInputTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer, need just one byte to crash.
 #include <cstddef>
diff --git a/test/fuzzer/SingleMemcmpTest.cpp b/test/fuzzer/SingleMemcmpTest.cpp
index 19781ba4c..ef0a89b80 100644
--- a/test/fuzzer/SingleMemcmpTest.cpp
+++ b/test/fuzzer/SingleMemcmpTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find a particular string.
 #include <cstdint>
diff --git a/test/fuzzer/SingleStrcmpTest.cpp b/test/fuzzer/SingleStrcmpTest.cpp
index 149073444..46521ab97 100644
--- a/test/fuzzer/SingleStrcmpTest.cpp
+++ b/test/fuzzer/SingleStrcmpTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find a particular string.
 #include <cstdint>
diff --git a/test/fuzzer/SingleStrncmpTest.cpp b/test/fuzzer/SingleStrncmpTest.cpp
index 47298763f..46f1f3e0d 100644
--- a/test/fuzzer/SingleStrncmpTest.cpp
+++ b/test/fuzzer/SingleStrncmpTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find a particular string.
 #include <cstdint>
diff --git a/test/fuzzer/SleepOneSecondTest.cpp b/test/fuzzer/SleepOneSecondTest.cpp
index 27de2f4f7..b91c4b755 100644
--- a/test/fuzzer/SleepOneSecondTest.cpp
+++ b/test/fuzzer/SleepOneSecondTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer: it simply sleeps for 1 second.
 #include <cstddef>
diff --git a/test/fuzzer/SpamyTest.cpp b/test/fuzzer/SpamyTest.cpp
index 721134e18..f0f0d4c74 100644
--- a/test/fuzzer/SpamyTest.cpp
+++ b/test/fuzzer/SpamyTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // The test spams to stderr and stdout.
 #include <assert.h>
diff --git a/test/fuzzer/StrcmpTest.cpp b/test/fuzzer/StrcmpTest.cpp
index 81f041d91..12cafae66 100644
--- a/test/fuzzer/StrcmpTest.cpp
+++ b/test/fuzzer/StrcmpTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Break through a series of strcmp.
 #include <cassert>
diff --git a/test/fuzzer/StrncmpOOBTest.cpp b/test/fuzzer/StrncmpOOBTest.cpp
index 4ed71d9d0..92b4868ce 100644
--- a/test/fuzzer/StrncmpOOBTest.cpp
+++ b/test/fuzzer/StrncmpOOBTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test that libFuzzer itself does not read out of bounds.
 #include <assert.h>
diff --git a/test/fuzzer/StrncmpTest.cpp b/test/fuzzer/StrncmpTest.cpp
index a40e05690..6f2f46dda 100644
--- a/test/fuzzer/StrncmpTest.cpp
+++ b/test/fuzzer/StrncmpTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find a particular string.
 #include <cstdint>
diff --git a/test/fuzzer/StrstrTest.cpp b/test/fuzzer/StrstrTest.cpp
index a3ea4e03b..29d202758 100644
--- a/test/fuzzer/StrstrTest.cpp
+++ b/test/fuzzer/StrstrTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Test strstr and strcasestr hooks.
 #include <cstdint>
diff --git a/test/fuzzer/SwapCmpTest.cpp b/test/fuzzer/SwapCmpTest.cpp
index 5aa47beb2..d4c2cd239 100644
--- a/test/fuzzer/SwapCmpTest.cpp
+++ b/test/fuzzer/SwapCmpTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // The fuzzer must find several constants with swapped bytes.
 #include <cstdint>
diff --git a/test/fuzzer/Switch2Test.cpp b/test/fuzzer/Switch2Test.cpp
index 5f66ac8b4..5d85bd470 100644
--- a/test/fuzzer/Switch2Test.cpp
+++ b/test/fuzzer/Switch2Test.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the interesting switch value.
 #include <cstddef>
diff --git a/test/fuzzer/Switch3Test.cpp b/test/fuzzer/Switch3Test.cpp
new file mode 100644
index 000000000..c85669ee2
--- /dev/null
+++ b/test/fuzzer/Switch3Test.cpp
@@ -0,0 +1,25 @@
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+// Simple test for a fuzzer. The fuzzer must find the interesting switch value.
+#include <cstddef>
+#include <cstdint>
+#include <cstdio>
+#include <cstdlib>
+#include <cstring>
+
+static volatile int Sink;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  uint32_t v;
+  if (Size < 100) return 0;
+  memcpy(&v, Data + Size / 2, sizeof(v));
+  switch(v) {
+    case 0x47524159: abort();
+    case 0x52474220: abort();
+    default:;
+  }
+  return 0;
+}
+
diff --git a/test/fuzzer/SwitchTest.cpp b/test/fuzzer/SwitchTest.cpp
index 86944cad2..15b70ed90 100644
--- a/test/fuzzer/SwitchTest.cpp
+++ b/test/fuzzer/SwitchTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the interesting switch value.
 #include <cstddef>
diff --git a/test/fuzzer/SymbolizeDeadlock.cpp b/test/fuzzer/SymbolizeDeadlock.cpp
index b9ece38b2..a6e3f1881 100644
--- a/test/fuzzer/SymbolizeDeadlock.cpp
+++ b/test/fuzzer/SymbolizeDeadlock.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Tests that deadlocks do not occur when an OOM occurs during symbolization.
 
diff --git a/test/fuzzer/TableLookupTest.cpp b/test/fuzzer/TableLookupTest.cpp
index 4d8ab0611..2b4052303 100644
--- a/test/fuzzer/TableLookupTest.cpp
+++ b/test/fuzzer/TableLookupTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Make sure the fuzzer eventually finds all possible values of a variable
 // within a range.
diff --git a/test/fuzzer/ThreadedLeakTest.cpp b/test/fuzzer/ThreadedLeakTest.cpp
index 59f3671fe..cbc9ad53d 100644
--- a/test/fuzzer/ThreadedLeakTest.cpp
+++ b/test/fuzzer/ThreadedLeakTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // The fuzzer should find a leak in a non-main thread.
 #include <cstddef>
diff --git a/test/fuzzer/ThreadedTest.cpp b/test/fuzzer/ThreadedTest.cpp
index bb51ba764..716eace4b 100644
--- a/test/fuzzer/ThreadedTest.cpp
+++ b/test/fuzzer/ThreadedTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Threaded test for a fuzzer. The fuzzer should not crash.
 #include <assert.h>
diff --git a/test/fuzzer/ThreeBytes.cpp b/test/fuzzer/ThreeBytes.cpp
index 754a5b0b5..cdedd9c18 100644
--- a/test/fuzzer/ThreeBytes.cpp
+++ b/test/fuzzer/ThreeBytes.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Find FUZ
 #include <cstddef>
diff --git a/test/fuzzer/ThreeFunctionsTest.cpp b/test/fuzzer/ThreeFunctionsTest.cpp
index 1278cb056..64583e95a 100644
--- a/test/fuzzer/ThreeFunctionsTest.cpp
+++ b/test/fuzzer/ThreeFunctionsTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Find "FUZZME", the target has 3 different functions.
 #include <assert.h>
diff --git a/test/fuzzer/TimeoutEmptyTest.cpp b/test/fuzzer/TimeoutEmptyTest.cpp
index 1ddf1fa34..f82cfda4a 100644
--- a/test/fuzzer/TimeoutEmptyTest.cpp
+++ b/test/fuzzer/TimeoutEmptyTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the empty string.
 #include <cstddef>
diff --git a/test/fuzzer/TimeoutTest.cpp b/test/fuzzer/TimeoutTest.cpp
index e3cdba3ee..e4526c092 100644
--- a/test/fuzzer/TimeoutTest.cpp
+++ b/test/fuzzer/TimeoutTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. The fuzzer must find the string "Hi!".
 #include <cstddef>
diff --git a/test/fuzzer/TraceMallocTest.cpp b/test/fuzzer/TraceMallocTest.cpp
index af9975603..5a7dfe9d3 100644
--- a/test/fuzzer/TraceMallocTest.cpp
+++ b/test/fuzzer/TraceMallocTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Tests -trace_malloc
 #include <assert.h>
diff --git a/test/fuzzer/TraceMallocThreadedTest.cpp b/test/fuzzer/TraceMallocThreadedTest.cpp
index 0183d939a..6b8bb7c2e 100644
--- a/test/fuzzer/TraceMallocThreadedTest.cpp
+++ b/test/fuzzer/TraceMallocThreadedTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Check that allocation tracing from different threads does not cause
 // interleaving of stack traces.
diff --git a/test/fuzzer/TwoDifferentBugsTest.cpp b/test/fuzzer/TwoDifferentBugsTest.cpp
index 77d2cb1a2..18649b72e 100644
--- a/test/fuzzer/TwoDifferentBugsTest.cpp
+++ b/test/fuzzer/TwoDifferentBugsTest.cpp
@@ -1,5 +1,6 @@
-// This file is distributed under the University of Illinois Open Source
-// License. See LICENSE.TXT for details.
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
 // Simple test for a fuzzer. This test may trigger two different bugs.
 #include <cstddef>
diff --git a/test/fuzzer/afl-driver-close-fd-mask.test b/test/fuzzer/afl-driver-close-fd-mask.test
new file mode 100644
index 000000000..71f74e27e
--- /dev/null
+++ b/test/fuzzer/afl-driver-close-fd-mask.test
@@ -0,0 +1,31 @@
+REQUIRES: linux
+RUN: %no_fuzzer_cpp_compiler %S/AFLDriverTest.cpp %libfuzzer_src/afl/afl_driver.cpp -o %t-AFLDriverTest
+
+; Test that not specifying AFL_DRIVER_CLOSE_FD_MASK works as intended.
+RUN: echo -n "abc" > %t.file3
+RUN: unset AFL_DRIVER_CLOSE_FD_MASK
+RUN: %run %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefixes=STDERR,STDOUT
+STDOUT: STDOUT MESSAGE
+STDERR: STDERR MESSAGE
+
+; Test that stdout is closed properly.
+RUN: AFL_DRIVER_CLOSE_FD_MASK=1 %run %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefixes=NOT_STDOUT,STDERR
+NOT_STDOUT-NOT: STDOUT MESSAGE
+
+; Test that stderr is closed properly.
+RUN: AFL_DRIVER_CLOSE_FD_MASK=2 %run %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefixes=NOT_STDERR,STDOUT
+NOT_STDERR-NOT: STDERR MESSAGE
+
+; Test that both are closed properly.
+RUN: AFL_DRIVER_CLOSE_FD_MASK=3 %run %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefixes=NOT_STDERR,NOT_STDOUT
+
+; Test that a stack is printed when we close stderr
+RUN: echo -n "abcd" > %t.file4
+RUN: AFL_DRIVER_CLOSE_FD_MASK=2 not %run %t-AFLDriverTest < %t.file4 2>&1  | FileCheck %s --check-prefixes=ASAN_CRASH,STDOUT,NOT_STDERR
+ASAN_CRASH: ERROR: AddressSanitizer
+
+; Test that a stack is written to the stderr duplicate file when we close stderr
+; and specify a duplicate.
+RUN: rm -f %t.stderr
+RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=%t.stderr AFL_DRIVER_CLOSE_FD_MASK=2 not %run %t-AFLDriverTest < %t.file4
+RUN: cat %t.stderr | FileCheck %s --check-prefixes=ASAN_CRASH,NOT_STDERR
diff --git a/test/fuzzer/afl-driver-extra-stats.test b/test/fuzzer/afl-driver-extra-stats.test
deleted file mode 100644
index 2f5641daf..000000000
--- a/test/fuzzer/afl-driver-extra-stats.test
+++ /dev/null
@@ -1,33 +0,0 @@
-# AFL doesn't work on Windows. No reason to test the driver.
-UNSUPPORTED: windows
-XFAIL: ios
-RUN: %no_fuzzer_cpp_compiler %S/AFLDriverTest.cpp %libfuzzer_src/afl/afl_driver.cpp -o %t-AFLDriverTest
-
-; Test that not specifying an extra stats file isn't broken.
-RUN: unset AFL_DRIVER_EXTRA_STATS_FILENAME
-RUN: %run %t-AFLDriverTest
-
-; Test that specifying an invalid extra stats file causes a crash.
-RUN: ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%T not --crash %t-AFLDriverTest
-
-; Test that specifying a corrupted stats file causes a crash.
-echo "peak_rss_mb :0" > %t
-ASAN_OPTIONS= AFL_DRIVER_EXTRA_STATS_FILENAME=%t not --crash %t-AFLDriverTest
-
-; Test that specifying a valid nonexistent stats file works.
-RUN: rm -f %t
-RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest
-RUN: [[ $(grep "peak_rss_mb\|slowest_unit_time_sec" %t | wc -l) -eq 2 ]]
-
-; Test that specifying a valid preexisting stats file works.
-RUN: printf "peak_rss_mb : 0\nslowest_unit_time_sec: 0\n" > %t
-RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest
-; Check that both lines were printed.
-RUN: [[ $(grep "peak_rss_mb\|slowest_unit_time_sec" %t | wc -l) -eq 2 ]]
-
-; Test that peak_rss_mb and slowest_unit_time_in_secs are only updated when necessary.
-; Check that both lines have 9999 since there's no way we have exceeded that
-; amount of time or virtual memory.
-RUN: printf "peak_rss_mb : 9999\nslowest_unit_time_sec: 9999\n" > %t
-RUN: AFL_DRIVER_EXTRA_STATS_FILENAME=%t %t-AFLDriverTest
-RUN: [[ $(grep "9999" %t | wc -l) -eq 2 ]]
diff --git a/test/fuzzer/afl-driver.test b/test/fuzzer/afl-driver.test
index 552bafb0b..58f422f1e 100644
--- a/test/fuzzer/afl-driver.test
+++ b/test/fuzzer/afl-driver.test
@@ -3,27 +3,23 @@ REQUIRES: linux
 RUN: %no_fuzzer_cpp_compiler %S/AFLDriverTest.cpp %libfuzzer_src/afl/afl_driver.cpp -o %t-AFLDriverTest
 
 RUN: echo -n "abc" > %t.file3
-RUN: echo -n "abcd" > %t.file4
-
 RUN: %run %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK1
-CHECK1: __afl_persistent_loop calle, Count = 1000
+CHECK1: __afl_persistent_loop called, Count = 1000
 CHECK1: LLVMFuzzerTestOneInput called; Size = 3
 
-
 RUN: %run %t-AFLDriverTest < %t.file3 -42 2>&1 | FileCheck %s --check-prefix=CHECK2
-CHECK2: __afl_persistent_loop calle, Count = 42
+CHECK2: __afl_persistent_loop called, Count = 42
 CHECK2: LLVMFuzzerTestOneInput called; Size = 3
 
-
 RUN: %run %t-AFLDriverTest < %t.file3 666 2>&1 | FileCheck %s --check-prefix=CHECK3
 CHECK3: WARNING: using the deprecated call style
-CHECK3: __afl_persistent_loop calle, Count = 666
+CHECK3: __afl_persistent_loop called, Count = 666
 CHECK3: LLVMFuzzerTestOneInput called; Size = 3
 
-
 RUN: %run %t-AFLDriverTest %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK4
 CHECK4: LLVMFuzzerTestOneInput called; Size = 3
 
-RUN: %run %t-AFLDriverTest %t.file3 %t.file4  2>&1 | FileCheck %s --check-prefix=CHECK5
-CHECK5: LLVMFuzzerTestOneInput called; Size = 3
-CHECK5: LLVMFuzzerTestOneInput called; Size = 4
+RUN: echo -n "ab" > %t.file2
+RUN: %run %t-AFLDriverTest %t.file2 %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK5
+CHECK5: LLVMFuzzerTestOneInput called; Size = 2
+CHECK5: LLVMFuzzerTestOneInput called; Size = 3
\ No newline at end of file
diff --git a/test/fuzzer/compressed.test b/test/fuzzer/compressed.test
new file mode 100644
index 000000000..37ea61330
--- /dev/null
+++ b/test/fuzzer/compressed.test
@@ -0,0 +1,10 @@
+REQUIRES: linux
+REQUIRES: zlib
+# zlib is "supported" on i386 even when only for x86_64, explicitly make i386
+# unsupported by this test.
+UNSUPPORTED: i386
+# Custom mutator should find this bug, w/o custom -- no chance.
+RUN: %cpp_compiler %S/CompressedTest.cpp -o %t-CompressedTestCustom -DCUSTOM_MUTATOR -lz
+RUN: %cpp_compiler %S/CompressedTest.cpp -o %t-CompressedTestPlain -lz
+RUN: not %run %t-CompressedTestCustom -seed=1 -runs=1000000
+RUN:     %run %t-CompressedTestPlain  -seed=1 -runs=1000000
diff --git a/test/fuzzer/coverage.test b/test/fuzzer/coverage.test
index ff7a436e3..db15c7a66 100644
--- a/test/fuzzer/coverage.test
+++ b/test/fuzzer/coverage.test
@@ -1,19 +1,20 @@
 # FIXME: Disabled on Windows because -fPIC cannot be used to compile for Windows.
 UNSUPPORTED: windows
 RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable  %S/NullDerefTest.cpp -o %t-NullDerefTest
-RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO1.cpp -fPIC %ld_flags_rpath_so1 -shared -o %dynamiclib1
-RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO2.cpp -fPIC %ld_flags_rpath_so2 -shared -o %dynamiclib2
+RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO1.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSO2.cpp -fPIC %ld_flags_rpath_so2 -O0 -shared -o %dynamiclib2
 RUN: %cpp_compiler -mllvm -use-unknown-locations=Disable %S/DSOTestMain.cpp %S/DSOTestExtra.cpp %ld_flags_rpath_exe1 %ld_flags_rpath_exe2 -o %t-DSOTest
 
 CHECK: COVERAGE:
-CHECK: COVERED_FUNC: {{.*}}LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:13
+CHECK: COVERED_FUNC: {{.*}}LLVMFuzzerTestOneInput {{.*}}NullDerefTest.cpp:14
 RUN: not %run %t-NullDerefTest -print_coverage=1 2>&1 | FileCheck %s
 
 RUN: %run %t-DSOTest -print_coverage=1 -runs=0 2>&1 | FileCheck %s --check-prefix=DSO
 DSO: COVERAGE:
-DSO-DAG: COVERED_FUNC:{{.*}}1{{.*}}
-DSO-DAG: COVERED_FUNC:{{.*}}2{{.*}}
+DSO-DAG: COVERED_FUNC:{{.*}}DSO1
+DSO-DAG: COVERED_FUNC:{{.*}}DSO2
 DSO-DAG: COVERED_FUNC:{{.*}}LLVMFuzzerTestOneInput{{.*}}DSOTestMain
-DSO-DAG: UNCOVERED_PC:{{.*}}1
-DSO-DAG: UNCOVERED_PC:{{.*}}2
+DSO-DAG: UNCOVERED_PC:{{.*}}DSO1
+DSO-DAG: UNCOVERED_PC:{{.*}}DSO2
 DSO-DAG: UNCOVERED_PC:{{.*}}DSOTestMain
+DSO-DAG: UNCOVERED_FUNC:{{.*}}Uncovered1
diff --git a/test/fuzzer/cross_over.test b/test/fuzzer/cross_over.test
new file mode 100644
index 000000000..058b5eb2c
--- /dev/null
+++ b/test/fuzzer/cross_over.test
@@ -0,0 +1,18 @@
+# Tests CrossOverTest.
+# We want to make sure that the test can find the input
+# ABCDEFGHIJ when given two other inputs in the seed corpus:
+# ABCDE00000 and
+# ZZZZZFGHIJ
+#
+RUN: %cpp_compiler %S/CrossOverTest.cpp -o %t-CrossOverTest
+
+RUN: rm -rf %t-corpus
+RUN: mkdir %t-corpus
+RUN: echo -n ABCDE00000 > %t-corpus/A
+RUN: echo -n ZZZZZFGHIJ > %t-corpus/B
+
+
+RUN: not %run %t-CrossOverTest -max_len=10 -seed=1 -runs=10000000 %t-corpus
+
+# Test the same thing but using -seed_inputs instead of passing the corpus dir.
+RUN: not %run %t-CrossOverTest -max_len=10 -seed=1 -runs=10000000 -seed_inputs=%t-corpus/A,%t-corpus/B
diff --git a/test/fuzzer/cxxstring.test b/test/fuzzer/cxxstring.test
index 65edeec19..c8969d763 100644
--- a/test/fuzzer/cxxstring.test
+++ b/test/fuzzer/cxxstring.test
@@ -1,4 +1,4 @@
-UNSUPPORTED: windows,freebsd
+UNSUPPORTED: freebsd
 
 RUN: %cpp_compiler %S/CxxStringEqTest.cpp -o %t-CxxStringEqTest
 
diff --git a/test/fuzzer/dataflow.test b/test/fuzzer/dataflow.test
index 64f083735..3fd2a9580 100644
--- a/test/fuzzer/dataflow.test
+++ b/test/fuzzer/dataflow.test
@@ -1,6 +1,5 @@
 # Tests the data flow tracer.
-REQUIRES: linux
-UNSUPPORTED: aarch64
+REQUIRES: linux, x86_64
 
 # Build the tracer and the test.
 RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow  %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o  %t-DataFlow.o
@@ -82,3 +81,14 @@ USE_DATA_FLOW_TRACE: INFO: DataFlowTrace: reading from {{.*}}/OUT
 USE_DATA_FLOW_TRACE-DAG: a8eefe2fd5d6b32028f355fafa3e739a6bf5edc => |000001|
 USE_DATA_FLOW_TRACE-DGA: d28cb407e8e1a702c72d25473f0553d3ec172262 => |0000011|
 USE_DATA_FLOW_TRACE: INFO: DataFlowTrace: 6 trace files, 3 functions, 2 traces with focus function
+
+# Test that we can run collect_data_flow on a long input (>2**16 bytes)
+RUN: rm -rf %t/OUT
+RUN: printf "%0.sA" {1..150001} > %t/IN/very_long_input
+RUN: %libfuzzer_src/scripts/collect_data_flow.py %t-ThreeFunctionsTestDF %t/IN/very_long_input %t/OUT | FileCheck %s --check-prefix=COLLECT_TRACE_FOR_LONG_INPUT
+RUN: rm %t/IN/very_long_input
+COLLECT_TRACE_FOR_LONG_INPUT: ******* Trying:{{[ ]+}}[0, 150001]
+COLLECT_TRACE_FOR_LONG_INPUT: ******* Trying:{{[ ]+}}[75000, 150001]
+COLLECT_TRACE_FOR_LONG_INPUT: ******* Trying:{{[ ]+}}[112500, 150001]
+COLLECT_TRACE_FOR_LONG_INPUT: ******* Success:{{[ ]+}}[{{[0123456789]+}}, 150001]
+COLLECT_TRACE_FOR_LONG_INPUT: ******* Success:{{[ ]+}}[0, {{[0123456789]+}}]
diff --git a/test/fuzzer/dead-stripping.test b/test/fuzzer/dead-stripping.test
index 85445ea9f..280617bc3 100644
--- a/test/fuzzer/dead-stripping.test
+++ b/test/fuzzer/dead-stripping.test
@@ -2,22 +2,12 @@ REQUIRES: darwin
 
 No dead_strip. Unused code is not removed.
 RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t
-RUN: nm %t | grep UnusedFunctionShouldBeRemovedByLinker | count 1
+RUN: nm %t | grep UnusedFunctionShouldBeRemovedByLinker
 RUN: %run %t -runs=0 2>&1 | FileCheck %s
 
-With dead_strip. Unused code is not removed.
+With dead_strip. Unused code is (currently) not removed. (It would be better if it was removed!)
 RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -ffunction-sections -Wl,-dead_strip
-RUN: nm %t | grep UnusedFunctionShouldBeRemovedByLinker | count 1
-RUN: %run %t -runs=0 2>&1 | FileCheck %s
-
-With dead_strip, with trace-pc. Unused code is removed.
-RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -ffunction-sections -fsanitize-coverage=0 -fsanitize-coverage=trace-pc -Wl,-dead_strip
-RUN: nm %t | not grep UnusedFunctionShouldBeRemovedByLinker
-RUN: %run %t -runs=0 2>&1 | FileCheck %s
-
-With dead_strip, with pc-table. Unused code is not removed.
-RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -ffunction-sections -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard,pc-table -Wl,-dead_strip
-RUN: nm %t | grep UnusedFunctionShouldBeRemovedByLinker | count 1
+RUN: nm %t | grep UnusedFunctionShouldBeRemovedByLinker
 RUN: %run %t -runs=0 2>&1 | FileCheck %s
 
 CHECK-NOT: ERROR: The size of coverage PC tables does not match
diff --git a/test/fuzzer/deprecated-instrumentation.test b/test/fuzzer/deprecated-instrumentation.test
new file mode 100644
index 000000000..d65abcd77
--- /dev/null
+++ b/test/fuzzer/deprecated-instrumentation.test
@@ -0,0 +1,4 @@
+CHECK: -fsanitize-coverage=trace-pc is no longer supported by libFuzzer
+RUN: %cpp_compiler %S/SimpleTest.cpp -c -o %t-SimpleTest.o -fsanitize-coverage=trace-pc
+RUN: %cpp_compiler %t-SimpleTest.o -o %t-SimpleTest
+RUN: not %run %t-SimpleTest 2>&1 | FileCheck %s
diff --git a/test/fuzzer/dump_coverage.test b/test/fuzzer/dump_coverage.test
deleted file mode 100644
index 803a4fbb8..000000000
--- a/test/fuzzer/dump_coverage.test
+++ /dev/null
@@ -1,22 +0,0 @@
-# FIXME: Disabled on Windows because -fPIC cannot be used to compile for Windows.
-UNSUPPORTED: freebsd, windows
-RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSO1.cpp -fPIC -shared -o %dynamiclib1 %ld_flags_rpath_so1
-RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSO2.cpp -fPIC -shared -o %dynamiclib2 %ld_flags_rpath_so2
-RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/DSOTestMain.cpp %S/DSOTestExtra.cpp %ld_flags_rpath_exe1 %ld_flags_rpath_exe2 -o %t-DSOTest
-
-RUN: %cpp_compiler -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard %S/NullDerefTest.cpp -o %t-NullDerefTest
-
-RUN: rm -rf %t_workdir && mkdir -p %t_workdir
-RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %run %t-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s
-RUN: sancov -covered-functions %t-NullDerefTest %t_workdir/*.sancov | FileCheck %s --check-prefix=SANCOV
-RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' %run %t-DSOTest -dump_coverage=1 -runs=0 2>&1 | FileCheck -allow-deprecated-dag-overlap %s --check-prefix=DSO
-RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not %run %t-NullDerefTest -dump_coverage=0 2>&1 | FileCheck %s --check-prefix=NOCOV
-
-CHECK: SanitizerCoverage: {{.*}}NullDerefTest.{{.*}}.sancov: {{.*}} PCs written
-SANCOV: LLVMFuzzerTestOneInput
-
-DSO: SanitizerCoverage: {{.*}}DSOTest.{{.*}}.sancov: {{.*}} PCs written
-DSO-DAG: SanitizerCoverage: {{.*}}.{{.*}}.sancov: {{.*}} PCs written
-DSO-DAG: SanitizerCoverage: {{.*}}2.{{.*}}.sancov: {{.*}} PCs written
-
-NOCOV-NOT: SanitizerCoverage: {{.*}} PCs written
diff --git a/test/fuzzer/exit_on_src_pos.test b/test/fuzzer/exit_on_src_pos.test
index c08c01410..d8fb662ff 100644
--- a/test/fuzzer/exit_on_src_pos.test
+++ b/test/fuzzer/exit_on_src_pos.test
@@ -6,6 +6,6 @@
 RUN: %cpp_compiler -O0 %S/SimpleTest.cpp -o %t-SimpleTest.exe -mllvm -use-unknown-locations=Disable
 RUN: %cpp_compiler -O0 %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest.exe
 
-RUN: %run %t-SimpleTest.exe  -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
+RUN: %run %t-SimpleTest.exe  -exit_on_src_pos=SimpleTest.cpp:19 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
 RUN: %run %t-ShrinkControlFlowTest.exe  -exit_on_src_pos=Foo 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
 EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.
diff --git a/test/fuzzer/features_dir.test b/test/fuzzer/features_dir.test
new file mode 100644
index 000000000..c6beec01b
--- /dev/null
+++ b/test/fuzzer/features_dir.test
@@ -0,0 +1,7 @@
+# Tests -features_dir=F
+# REQUIRES: linux
+RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
+RUN: rm -rf %t-C %t-F
+RUN: mkdir %t-C %t-F
+RUN: not %run %t-SimpleTest %t-C -features_dir=%t-F
+RUN: for c in %t-C/*; do f=%t-F/$(basename $c); echo looking for $f; [ -a $f ]; done
diff --git a/test/fuzzer/fork-sigusr.test b/test/fuzzer/fork-sigusr.test
new file mode 100644
index 000000000..bceca7127
--- /dev/null
+++ b/test/fuzzer/fork-sigusr.test
@@ -0,0 +1,14 @@
+# Check that libFuzzer honors SIGUSR1/SIGUSR2
+# Disabled on Windows which does not have SIGUSR1/SIGUSR2.
+UNSUPPORTED: darwin, windows
+RUN: rm -rf %t
+RUN: mkdir -p %t
+RUN: %cpp_compiler %S/ShallowOOMDeepCrash.cpp -o %t/ForkSIGUSR
+
+RUN: %run %t/ForkSIGUSR -fork=3 -rss_limit_mb=128 -ignore_crashes=1 2>  %t/log & export PID=$!
+RUN: sleep 3
+RUN: pkill -SIGUSR2 -f %t/ForkSIGUSR
+RUN: sleep 3
+RUN: cat %t/log | FileCheck %s --dump-input-on-failure
+
+CHECK: libFuzzer: {{.*}}exiting
diff --git a/test/fuzzer/fork-ubsan.test b/test/fuzzer/fork-ubsan.test
new file mode 100644
index 000000000..7d7ee1636
--- /dev/null
+++ b/test/fuzzer/fork-ubsan.test
@@ -0,0 +1,6 @@
+# UNSUPPORTED: darwin, freebsd
+# Tests how the fork mode works together with ubsan.
+RUN: %cpp_compiler %S/IntegerOverflowTest.cpp -o %t-IntegerOverflowTest -fsanitize=signed-integer-overflow -fno-sanitize-recover=signed-integer-overflow
+RUN: not %run %t-IntegerOverflowTest -fork=1 -ignore_crashes=1  -runs=10000 2>&1 | FileCheck %s --check-prefix=UBSAN_FORK
+UBSAN_FORK: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'
+UBSAN_FORK: INFO: fuzzed for {{.*}} iterations, wrapping up soon
diff --git a/test/fuzzer/fork.test b/test/fuzzer/fork.test
new file mode 100644
index 000000000..f748ad167
--- /dev/null
+++ b/test/fuzzer/fork.test
@@ -0,0 +1,21 @@
+# UNSUPPORTED: darwin, freebsd
+BINGO: BINGO
+RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
+RUN: not %run %t-SimpleTest -fork=1 2>&1 | FileCheck %s --dump-input-on-failure --check-prefix=BINGO
+
+TIMEOUT: ERROR: libFuzzer: timeout
+RUN: %cpp_compiler %S/TimeoutTest.cpp -o %t-TimeoutTest
+RUN: not %run %t-TimeoutTest -fork=1 -timeout=1 -ignore_timeouts=0 2>&1 | FileCheck %s --dump-input-on-failure --check-prefix=TIMEOUT
+
+OOM: ERROR: libFuzzer: out-of-memory
+RUN: %cpp_compiler %S/OutOfMemoryTest.cpp -o %t-OutOfMemoryTest
+RUN: not %run %t-OutOfMemoryTest -fork=1 -ignore_ooms=0  -rss_limit_mb=128 2>&1 | FileCheck %s --dump-input-on-failure --check-prefix=OOM
+
+# access-violation is the error thrown on Windows. Address will be smaller on i386.
+CRASH: {{SEGV|access-violation}} on unknown address 0x00000000
+RUN: %cpp_compiler %S/ShallowOOMDeepCrash.cpp -o %t-ShallowOOMDeepCrash
+RUN: not %run %t-ShallowOOMDeepCrash -fork=1 -rss_limit_mb=128 2>&1 | FileCheck %s --dump-input-on-failure --check-prefix=CRASH
+
+MAX_TOTAL_TIME: INFO: fuzzed for {{.*}} seconds, wrapping up soon
+MAX_TOTAL_TIME: INFO: exiting: {{.*}} time:
+RUN: not %run %t-ShallowOOMDeepCrash -fork=1 -rss_limit_mb=128 -ignore_crashes=1 -max_total_time=5 2>&1 | FileCheck %s --dump-input-on-failure --check-prefix=MAX_TOTAL_TIME
diff --git a/test/fuzzer/fuzzer-alignment-assumption.test b/test/fuzzer/fuzzer-alignment-assumption.test
index 6db77e19c..4d62877ab 100644
--- a/test/fuzzer/fuzzer-alignment-assumption.test
+++ b/test/fuzzer/fuzzer-alignment-assumption.test
@@ -1,7 +1,7 @@
 RUN: rm -f %t-AlignmentAssumptionTest-Ubsan
 RUN: %cpp_compiler -fsanitize=alignment -fno-sanitize-recover=all %S/AlignmentAssumptionTest.cpp -o %t-AlignmentAssumptionTest-Ubsan
 RUN: not %run %t-AlignmentAssumptionTest-Ubsan 2>&1 | FileCheck %s
-CHECK: AlignmentAssumptionTest.cpp:22:39:  runtime error: assumption of 32768 byte alignment for pointer of type 'const {{.*}} *' (aka 'const unsigned char *') failed
+CHECK: AlignmentAssumptionTest.cpp:23:48:  runtime error: assumption of 32768 byte alignment for pointer of type 'const {{.*}} *' (aka 'const unsigned char *') failed
 CHECK: 0x{{.*}}: note: address is {{.*}} aligned, misalignment offset is {{.*}} byte
 
 CHECK: Test unit written to ./crash-
diff --git a/test/fuzzer/fuzzer-implicit-integer-sign-change.test b/test/fuzzer/fuzzer-implicit-integer-sign-change.test
index 7524f6cc4..0f638d8e7 100644
--- a/test/fuzzer/fuzzer-implicit-integer-sign-change.test
+++ b/test/fuzzer/fuzzer-implicit-integer-sign-change.test
@@ -1,5 +1,5 @@
 RUN: rm -f %t-ImplicitIntegerSignChangeTest-Ubsan
 RUN: %cpp_compiler -fsanitize=implicit-integer-sign-change -fno-sanitize-recover=all %S/ImplicitIntegerSignChangeTest.cpp -o %t-ImplicitIntegerSignChangeTest-Ubsan
 RUN: not %run %t-ImplicitIntegerSignChangeTest-Ubsan 2>&1 | FileCheck %s
-CHECK: ImplicitIntegerSignChangeTest.cpp:22:16: runtime error: implicit conversion from type 'int32_t' (aka 'int') of value -1 (32-bit, signed) to type 'uint32_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit, unsigned)
+CHECK: ImplicitIntegerSignChangeTest.cpp:23:16: runtime error: implicit conversion from type 'int32_t' (aka 'int') of value -1 (32-bit, signed) to type 'uint32_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit, unsigned)
 CHECK: Test unit written to ./crash-
diff --git a/test/fuzzer/fuzzer-implicit-signed-integer-truncation-or-sign-change.test b/test/fuzzer/fuzzer-implicit-signed-integer-truncation-or-sign-change.test
index 532b36a03..9797fb3ab 100644
--- a/test/fuzzer/fuzzer-implicit-signed-integer-truncation-or-sign-change.test
+++ b/test/fuzzer/fuzzer-implicit-signed-integer-truncation-or-sign-change.test
@@ -1,5 +1,5 @@
 RUN: rm -f %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan
 RUN: %cpp_compiler -fsanitize=implicit-signed-integer-truncation,implicit-integer-sign-change -fno-sanitize-recover=all %S/ImplicitSignedIntegerTruncationOrSignChangeTest.cpp -o %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan
 RUN: not %run %t-ImplicitSignedIntegerTruncationOrSignChangeTest-Ubsan 2>&1 | FileCheck %s
-CHECK: ImplicitSignedIntegerTruncationOrSignChangeTest.cpp:22:16: runtime error: implicit conversion from type 'uint32_t' (aka 'unsigned int') of value 4294967295 (32-bit, unsigned) to type 'int8_t' (aka 'signed char') changed the value to -1 (8-bit, signed)
+CHECK: ImplicitSignedIntegerTruncationOrSignChangeTest.cpp:23:16: runtime error: implicit conversion from type 'uint32_t' (aka 'unsigned int') of value 4294967295 (32-bit, unsigned) to type 'int8_t' (aka 'signed char') changed the value to -1 (8-bit, signed)
 CHECK: Test unit written to ./crash-
diff --git a/test/fuzzer/fuzzer-implicit-signed-integer-truncation.test b/test/fuzzer/fuzzer-implicit-signed-integer-truncation.test
index d41625d3a..8a3d41c2b 100644
--- a/test/fuzzer/fuzzer-implicit-signed-integer-truncation.test
+++ b/test/fuzzer/fuzzer-implicit-signed-integer-truncation.test
@@ -1,5 +1,5 @@
 RUN: rm -f %t-ImplicitSignedIntegerTruncationTest-Ubsan
 RUN: %cpp_compiler -fsanitize=implicit-signed-integer-truncation -fno-sanitize-recover=all %S/ImplicitSignedIntegerTruncationTest.cpp -o %t-ImplicitSignedIntegerTruncationTest-Ubsan
 RUN: not %run %t-ImplicitSignedIntegerTruncationTest-Ubsan 2>&1 | FileCheck %s
-CHECK: ImplicitSignedIntegerTruncationTest.cpp:22:17: runtime error: implicit conversion from type 'int' of value 256 (32-bit, signed) to type 'uint8_t' (aka 'unsigned char') changed the value to 0 (8-bit, unsigned)
+CHECK: ImplicitSignedIntegerTruncationTest.cpp:23:17: runtime error: implicit conversion from type 'int' of value 256 (32-bit, signed) to type 'uint8_t' (aka 'unsigned char') changed the value to 0 (8-bit, unsigned)
 CHECK: Test unit written to ./crash-
diff --git a/test/fuzzer/fuzzer-implicit-unsigned-integer-truncation.test b/test/fuzzer/fuzzer-implicit-unsigned-integer-truncation.test
index e62a01e9e..5d37704b8 100644
--- a/test/fuzzer/fuzzer-implicit-unsigned-integer-truncation.test
+++ b/test/fuzzer/fuzzer-implicit-unsigned-integer-truncation.test
@@ -1,5 +1,5 @@
 RUN: rm -f %t-ImplicitUnsignedIntegerTruncationTest-Ubsan
 RUN: %cpp_compiler -fsanitize=implicit-unsigned-integer-truncation -fno-sanitize-recover=all %S/ImplicitUnsignedIntegerTruncationTest.cpp -o %t-ImplicitUnsignedIntegerTruncationTest-Ubsan
 RUN: not %run %t-ImplicitUnsignedIntegerTruncationTest-Ubsan 2>&1 | FileCheck %s
-CHECK: ImplicitUnsignedIntegerTruncationTest.cpp:22:17: runtime error: implicit conversion from type 'unsigned int' of value 256 (32-bit, unsigned) to type 'uint8_t' (aka 'unsigned char') changed the value to 0 (8-bit, unsigned)
+CHECK: ImplicitUnsignedIntegerTruncationTest.cpp:23:17: runtime error: implicit conversion from type 'unsigned int' of value 256 (32-bit, unsigned) to type 'uint8_t' (aka 'unsigned char') changed the value to 0 (8-bit, unsigned)
 CHECK: Test unit written to ./crash-
diff --git a/test/fuzzer/fuzzer-segv.test b/test/fuzzer/fuzzer-segv.test
index 0c4fafe08..7ae9049e1 100644
--- a/test/fuzzer/fuzzer-segv.test
+++ b/test/fuzzer/fuzzer-segv.test
@@ -1,8 +1,8 @@
 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
-RUN: env ASAN_OPTIONS=handle_segv=0 not %run %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_OWN_SEGV_HANDLER
+RUN: %env_asan_opts=handle_segv=0 not %run %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_OWN_SEGV_HANDLER
 LIBFUZZER_OWN_SEGV_HANDLER: == ERROR: libFuzzer: deadly signal
 LIBFUZZER_OWN_SEGV_HANDLER: SUMMARY: libFuzzer: deadly signal
 LIBFUZZER_OWN_SEGV_HANDLER: Test unit written to ./crash-
 
-RUN: env ASAN_OPTIONS=handle_segv=1 not %run %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_ASAN_SEGV_HANDLER
+RUN: %env_asan_opts=handle_segv=1 not %run %t-NullDerefTest 2>&1 | FileCheck %s --check-prefix=LIBFUZZER_ASAN_SEGV_HANDLER
 LIBFUZZER_ASAN_SEGV_HANDLER: ERROR: AddressSanitizer: {{SEGV|access-violation}} on unknown address
diff --git a/test/fuzzer/gc-sections.test b/test/fuzzer/gc-sections.test
index e915c4cc9..415b80c29 100644
--- a/test/fuzzer/gc-sections.test
+++ b/test/fuzzer/gc-sections.test
@@ -1,4 +1,6 @@
 REQUIRES: linux, lld-available
+# LLD isn't pruning functions as we expect it to with ASAN on i386.
+UNSUPPORTED: i386
 
 No gc-sections:
 RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t
@@ -9,12 +11,4 @@ RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -fuse-ld=lld -ffunction-sections
 RUN: nm %t | not grep UnusedFunctionShouldBeRemovedByLinker
 RUN: %run %t -runs=0 2>&1 | FileCheck %s
 
-With gc sections, with trace-pc. Unused code is removed.
-RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -fsanitize-coverage=0 -fsanitize-coverage=trace-pc -ffunction-sections -Wl,-gc-sections
-RUN: nm %t | not grep UnusedFunctionShouldBeRemovedByLinker
-
-RUN: %cpp_compiler %S/GcSectionsTest.cpp -o %t -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard,pc-table -fuse-ld=lld -ffunction-sections -Wl,-gc-sections
-RUN: nm %t | not grep UnusedFunctionShouldBeRemovedByLinker
-RUN: %run %t -runs=0 2>&1 | FileCheck %s
-
 CHECK-NOT: ERROR: The size of coverage PC tables does not match
diff --git a/test/fuzzer/large.test b/test/fuzzer/large.test
new file mode 100644
index 000000000..99ebbbe4e
--- /dev/null
+++ b/test/fuzzer/large.test
@@ -0,0 +1,7 @@
+REQUIRES: linux
+RUN: %cpp_compiler %S/LargeTest.cpp -o %t-LargeTest
+RUN: %run %t-LargeTest -runs=10000
+RUN: %env_asan_opts=handle_segv=0 %run %t-LargeTest -runs=10000 -lazy_counters=1 2>&1 | FileCheck %s
+RUN:                              %run %t-LargeTest -runs=10000 -lazy_counters=1 2>&1 | FileCheck %s
+
+CHECK: pages of counters where protected; libFuzzer's SEGV handler must be installed
diff --git a/test/fuzzer/len_control.test b/test/fuzzer/len_control.test
new file mode 100644
index 000000000..189ad3603
--- /dev/null
+++ b/test/fuzzer/len_control.test
@@ -0,0 +1,11 @@
+# Tests len_control
+RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
+
+LIM4: DONE{{.*}}lim: 4
+LIM77: DONE{{.*}}lim: 77
+LIM20: DONE{{.*}}lim: 20
+RUN: %run %t-SimpleTest -runs=1  2>&1 | FileCheck %s --check-prefix=LIM4
+RUN: %run %t-SimpleTest -seed_inputs=%t-SimpleTest -max_len=77 -runs=1  2>&1 | FileCheck %s --check-prefix=LIM77
+RUN: echo -n 01234567890123456789 > %t-temp
+RUN: %run %t-SimpleTest -seed_inputs=%t-temp -runs=1  2>&1 | FileCheck %s --check-prefix=LIM20
+
diff --git a/test/fuzzer/libcxx.test b/test/fuzzer/libcxx.test
new file mode 100644
index 000000000..00092b5e2
--- /dev/null
+++ b/test/fuzzer/libcxx.test
@@ -0,0 +1,16 @@
+# Ensures that the libFuzzer library does not export exceptions.
+REQUIRES: linux
+
+RUN: %cpp_compiler %S/SimpleTest.cpp -o %t
+RUN: nm %t 2>&1 | FileCheck %s
+
+CHECK-NOT: t __cxa_allocate_dependent_exception
+CHECK-NOT: t __cxa_allocate_exception
+CHECK-NOT: t __cxa_begin_catch
+CHECK-NOT: t __cxa_call_unexpected
+CHECK-NOT: t __cxa_current_exception_type
+CHECK-NOT: t __cxa_end_catch
+CHECK-NOT: t __cxa_free_dependent_exception
+CHECK-NOT: t __cxa_free_exception
+CHECK-NOT: t __cxa_get_exception_ptr
+CHECK-NOT: t __cxa_throw
diff --git a/test/fuzzer/lit.cfg b/test/fuzzer/lit.cfg
index 608991c07..a4d0bc08f 100644
--- a/test/fuzzer/lit.cfg
+++ b/test/fuzzer/lit.cfg
@@ -6,6 +6,7 @@ config.name = "libFuzzer" + config.name_suffix
 config.test_format = lit.formats.ShTest(True)
 config.suffixes = ['.test']
 config.test_source_root = os.path.dirname(__file__)
+config.available_features.add(config.target_arch)
 
 # Choose between lit's internal shell pipeline runner and a real shell.  If
 # LIT_USE_INTERNAL_SHELL is in the environment, we use that as an override.
@@ -35,7 +36,8 @@ else:
   config.available_features.add('lsan')
 
 # MemorySanitizer is not supported on OSX or Windows right now
-if sys.platform.startswith('darwin') or sys.platform.startswith('win'):
+if (sys.platform.startswith('darwin') or sys.platform.startswith('win') or
+    config.target_arch == 'i386'):
   lit_config.note('msan feature unavailable')
   assert 'msan' not in config.available_features
 else:
@@ -63,17 +65,6 @@ config.substitutions.append(('%libfuzzer_src', libfuzzer_src_root))
 def generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True, msan_enabled=False):
   compiler_cmd = config.clang
   extra_cmd = config.target_flags
-  if config.clang and config.stdlib == 'libc++':
-    link_cmd = '-stdlib=libc++ -Wl,-rpath=%s' % config.runtime_library_dir
-  elif config.clang and config.stdlib == 'static-libc++':
-    link_cmd = '-stdlib=libc++ -lc++abi -static-libstdc++ -Wl,-rpath=%s' % (
-        config.runtime_library_dir)
-  elif any(x in config.target_triple for x in ('darwin', 'freebsd')):
-    link_cmd = '-lc++'
-  elif 'windows-msvc' in config.target_triple:
-    link_cmd = ''
-  else:
-    link_cmd = '-lstdc++'
 
   if is_cpp and 'windows-msvc' in config.target_triple:
     std_cmd = '--driver-mode=cl'
@@ -92,7 +83,6 @@ def generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True, msan_enabled=False):
   return " ".join([
     compiler_cmd,
     std_cmd,
-    link_cmd,
     "-O2 -gline-tables-only",
     sanitizers_cmd,
     "-I%s" % libfuzzer_src_root,
@@ -119,8 +109,12 @@ config.substitutions.append(('%msan_compiler',
       generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True, msan_enabled=True)
       ))
 
-if config.host_os == 'Darwin':
-  if config.target_arch in ["x86_64", "x86_64h"]:
-    config.parallelism_group = "darwin-64bit-sanitizer"
-  elif config.apple_platform != "osx" and not config.apple_platform.endswith("sim"):
-    config.parallelism_group = "darwin-ios-device-sanitizer"
+default_asan_opts_str = ':'.join(config.default_sanitizer_opts)
+if default_asan_opts_str:
+  config.environment['ASAN_OPTIONS'] = default_asan_opts_str
+  default_asan_opts_str += ':'
+config.substitutions.append(('%env_asan_opts=',
+                             'env ASAN_OPTIONS=' + default_asan_opts_str))
+
+if not config.parallelism_group:
+  config.parallelism_group = 'shadow-memory'
diff --git a/test/fuzzer/lit.site.cfg.in b/test/fuzzer/lit.site.cfg.in
index b333c78e5..e48be2f4c 100644
--- a/test/fuzzer/lit.site.cfg.in
+++ b/test/fuzzer/lit.site.cfg.in
@@ -11,6 +11,7 @@ config.osx_sysroot_flag = "@OSX_SYSROOT_FLAG@"
 config.cmake_binary_dir = "@CMAKE_BINARY_DIR@"
 config.llvm_library_dir = "@LLVM_LIBRARY_DIR@"
 config.target_triple = "@TARGET_TRIPLE@"
+config.target_arch = "@LIBFUZZER_TEST_TARGET_ARCH@"
 
 # Load common config for all compiler-rt lit tests.
 lit_config.load_config(config,
diff --git a/test/fuzzer/magic-separator.test b/test/fuzzer/magic-separator.test
new file mode 100644
index 000000000..fdffc5f87
--- /dev/null
+++ b/test/fuzzer/magic-separator.test
@@ -0,0 +1,4 @@
+# Temporary disable this test on non-linux: looks like there is no memmem on windows.
+REQUIRES: linux
+RUN: %cpp_compiler -O2 %S/MagicSeparatorTest.cpp -o %t-MagicSeparatorTest
+RUN: not %run %t-MagicSeparatorTest  -use_value_profile=1 -seed=1 -runs=100000000 -max_len=10
diff --git a/test/fuzzer/merge-control-file.test b/test/fuzzer/merge-control-file.test
index 60b2a6a62..f269bed0e 100644
--- a/test/fuzzer/merge-control-file.test
+++ b/test/fuzzer/merge-control-file.test
@@ -12,10 +12,11 @@ RUN: echo ..Z... > %t/T0/3
 
 # Test what happens if the control file is junk.
 
+RUN: rm -f %t/T1/*; cp %t/T0/* %t/T1
 RUN: echo JUNK > %t/MCF
-RUN: not %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=JUNK
+RUN: %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=JUNK
 RUN: echo 3 > %t/MCF; echo 0 >> %t/MCF; echo %t/T1/1 >> %t/MCF
-RUN: not %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=JUNK
+RUN: %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=JUNK
 JUNK: MERGE-OUTER: non-empty control file provided: {{.*}}MCF
 JUNK: MERGE-OUTER: bad control file, will overwrite it
 
@@ -30,20 +31,10 @@ OK_0: MERGE-OUTER: 3 new files with {{.*}} new features added
 
 RUN: rm -f %t/T1/*; cp %t/T0/* %t/T1
 RUN: echo 3 > %t/MCF; echo 0 >> %t/MCF; echo %t/T1/1 >> %t/MCF; echo %t/T1/2 >> %t/MCF; echo %t/T1/3 >> %t/MCF
-RUN: %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF -save_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=SAVE_SUMMARY
-SAVE_SUMMARY: MERGE-OUTER: writing coverage summary for 3 files to {{.*}}/SUMMARY
-
-RUN: rm -f %t/T1/*; cp %t/T0/* %t/T1
-RUN: echo 3 > %t/MCF; echo 0 >> %t/MCF; echo %t/T1/1 >> %t/MCF; echo %t/T1/2 >> %t/MCF; echo %t/T1/3 >> %t/MCF
-RUN: %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF -load_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=LOAD_SUMMARY
-LOAD_SUMMARY: MERGE-OUTER: coverage summary loaded from
-
-RUN: rm -f %t/T1/*; cp %t/T0/* %t/T1
-RUN: echo 3 > %t/MCF; echo 0 >> %t/MCF; echo %t/T1/1 >> %t/MCF; echo %t/T1/2 >> %t/MCF; echo %t/T1/3 >> %t/MCF
 RUN: echo STARTED 0 1 >> %t/MCF
-RUN: echo DONE 0 11 >> %t/MCF
+RUN: echo FT 0 11 >> %t/MCF
 RUN: echo STARTED 1 2 >> %t/MCF
-RUN: echo DONE 1 12 >> %t/MCF
+RUN: echo FT 1 12 >> %t/MCF
 RUN: %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=OK_2
 OK_2: MERGE-OUTER: control file ok, 3 files total, first not processed file 2
 OK_2: MERGE-OUTER: 3 new files with {{.*}} new features added
@@ -51,10 +42,10 @@ OK_2: MERGE-OUTER: 3 new files with {{.*}} new features added
 RUN: rm -f %t/T1/*; cp %t/T0/* %t/T1
 RUN: echo 3 > %t/MCF; echo 0 >> %t/MCF; echo %t/T1/1 >> %t/MCF; echo %t/T1/2 >> %t/MCF; echo %t/T1/3 >> %t/MCF
 RUN: echo STARTED 0 1 >> %t/MCF
-RUN: echo DONE 0 11 >> %t/MCF
+RUN: echo FT 0 11 >> %t/MCF
 RUN: echo STARTED 1 2 >> %t/MCF
-RUN: echo DONE 1 12 >> %t/MCF
+RUN: echo FT 1 12 >> %t/MCF
 RUN: echo STARTED 2 2 >> %t/MCF
-RUN: echo DONE 2 13 >> %t/MCF
+RUN: echo FT 2 13 >> %t/MCF
 RUN: %run %t/T.exe -merge=1 %t/T1 %t/T2 -merge_control_file=%t/MCF 2>&1 | FileCheck %s --check-prefix=OK_3
 OK_3: MERGE-OUTER: nothing to do, merge has been completed before
diff --git a/test/fuzzer/merge-sigusr.test b/test/fuzzer/merge-sigusr.test
index 44448ca29..1b16d3ccf 100644
--- a/test/fuzzer/merge-sigusr.test
+++ b/test/fuzzer/merge-sigusr.test
@@ -22,7 +22,8 @@ RUN: sleep 3
 RUN: cat %t/log | FileCheck %s
 RUN: grep C2/g %t/MCF
 RUN: grep STARTED %t/MCF
-RUN: tail -n 1 %t/MCF | grep DONE
+RUN: tail -n 2 %t/MCF | grep FT
+RUN: tail -n 1 %t/MCF | grep COV
 
 CHECK: INFO: signal received, trying to exit gracefully
 CHECK: INFO: libFuzzer: exiting as requested
diff --git a/test/fuzzer/merge-summary.test b/test/fuzzer/merge-summary.test
deleted file mode 100644
index 116cf1db8..000000000
--- a/test/fuzzer/merge-summary.test
+++ /dev/null
@@ -1,17 +0,0 @@
-RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest
-
-RUN: rm -rf %t/T1 %t/T2
-RUN: mkdir -p %t/T0 %t/T1 %t/T2
-RUN: echo ...Z.. > %t/T2/1
-RUN: echo ....E. > %t/T2/2
-RUN: echo .....R > %t/T2/3
-RUN: echo F..... > %t/T2/a
-RUN: echo .U.... > %t/T2/b
-RUN: echo ..Z... > %t/T2/c
-
-RUN: %run %t-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -save_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=SAVE_SUMMARY
-SAVE_SUMMARY: MERGE-OUTER: writing coverage summary for 6 files to {{.*}}SUMMARY
-RUN: rm %t/T1/*
-RUN: %run %t-FullCoverageSetTest -merge=1 %t/T1 %t/T2 -load_coverage_summary=%t/SUMMARY 2>&1 | FileCheck %s --check-prefix=LOAD_SUMMARY
-LOAD_SUMMARY: MERGE-OUTER: coverage summary loaded from {{.*}}SUMMAR
-LOAD_SUMMARY: MERGE-OUTER: 0 new files with 0 new features added
diff --git a/test/fuzzer/merge.test b/test/fuzzer/merge.test
index ec41c82b9..c003df282 100644
--- a/test/fuzzer/merge.test
+++ b/test/fuzzer/merge.test
@@ -1,4 +1,3 @@
-XFAIL: ios
 CHECK: BINGO
 
 RUN: %cpp_compiler %S/FullCoverageSetTest.cpp -o %t-FullCoverageSetTest
@@ -45,7 +44,7 @@ RUN: cp %t/T0/* %t/T1/
 RUN: rm -f %t/MCF
 RUN: %run %t-FullCoverageSetTest -merge=1 -merge_control_file=%t/MCF %t/T1 %t/T2 2>&1 | FileCheck %s --check-prefix=MCF
 RUN: grep STARTED %t/MCF
-RUN: grep DONE %t/MCF
+RUN: grep FT %t/MCF
 MCF: MERGE-INNER: using the control file {{.*}}MCF
 MCF: MERGE-OUTER: 3 new files
 
@@ -66,6 +65,3 @@ RUN: not grep FUZZER %t/T1/*
 RUN: grep FUZZE %t/T1/*
 MERGE_LEN5: MERGE-OUTER: succesfull in 1 attempt(s)
 
-RUN: rm -rf  %t/T1/* %t/T2/*
-RUN: not %run %t-FullCoverageSetTest -merge=1 %t/T1 %t/T2 2>&1 | FileCheck %s --check-prefix=EMPTY
-EMPTY: MERGE-OUTER: zero succesfull attempts, exiting
diff --git a/test/fuzzer/minimize_crash.test b/test/fuzzer/minimize_crash.test
index dcab67bfd..de44b8747 100644
--- a/test/fuzzer/minimize_crash.test
+++ b/test/fuzzer/minimize_crash.test
@@ -1,4 +1,3 @@
-UNSUPPORTED: windows
 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
 RUN: %cpp_compiler %S/SingleByteInputTest.cpp -o %t-SingleByteInputTest
 RUN: mkdir -p %t.dir
diff --git a/test/fuzzer/minimize_two_crashes.test b/test/fuzzer/minimize_two_crashes.test
index cba88eed1..952b9da70 100644
--- a/test/fuzzer/minimize_two_crashes.test
+++ b/test/fuzzer/minimize_two_crashes.test
@@ -1,12 +1,12 @@
 # Test that the minimizer stops when it sees a different bug.
-UNSUPPORTED: freebsd,windows
+UNSUPPORTED: freebsd
 
 # TODO: Find out why test fails on Darwin with -O2.
 RUN: %cpp_compiler -O0 %S/TwoDifferentBugsTest.cpp -o %t-TwoDifferentBugsTest
 
 RUN: rm -rf %t && mkdir %t
 RUN: echo H12345678901234667888090 > %t/long_crash
-RUN: env ASAN_OPTIONS=dedup_token_length=3 %run %t-TwoDifferentBugsTest -seed=1 -minimize_crash=1 %t/long_crash -exact_artifact_path=%t/result 2>&1 | FileCheck %s
+RUN: %env_asan_opts=dedup_token_length=3 %run %t-TwoDifferentBugsTest -seed=1 -minimize_crash=1 %t/long_crash -exact_artifact_path=%t/result 2>&1 | FileCheck %s
 
 CHECK: DedupToken1: DEDUP_TOKEN: Bar
 CHECK: DedupToken2: DEDUP_TOKEN: Bar
diff --git a/test/fuzzer/null-deref-on-empty.test b/test/fuzzer/null-deref-on-empty.test
index d576cc12b..f159a79f4 100644
--- a/test/fuzzer/null-deref-on-empty.test
+++ b/test/fuzzer/null-deref-on-empty.test
@@ -1,4 +1,3 @@
-UNSUPPORTED: windows
 RUN: %cpp_compiler %S/NullDerefOnEmptyTest.cpp -o %t-NullDerefOnEmptyTest
 
 RUN: not %run %t-NullDerefOnEmptyTest -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=NULL_DEREF_ON_EMPTY
diff --git a/test/fuzzer/null-deref.test b/test/fuzzer/null-deref.test
index e9926cab4..31eb5990d 100644
--- a/test/fuzzer/null-deref.test
+++ b/test/fuzzer/null-deref.test
@@ -1,4 +1,3 @@
-UNSUPPORTED: windows
 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
 
 RUN: not %run %t-NullDerefTest                  2>&1 | FileCheck %s --check-prefix=NullDerefTest
diff --git a/test/fuzzer/only-some-bytes.test b/test/fuzzer/only-some-bytes.test
index 861718384..a783548da 100644
--- a/test/fuzzer/only-some-bytes.test
+++ b/test/fuzzer/only-some-bytes.test
@@ -1,6 +1,5 @@
 # Tests the data flow tracer.
-REQUIRES: linux
-UNSUPPORTED: aarch64
+REQUIRES: linux, x86_64
 
 # Build the tracer and the test.
 RUN: %no_fuzzer_cpp_compiler -c -fno-sanitize=all -fsanitize=dataflow  %S/../../lib/fuzzer/dataflow/DataFlow.cpp -o  %t-DataFlow.o
diff --git a/test/fuzzer/reload.test b/test/fuzzer/reload.test
new file mode 100644
index 000000000..62321cec3
--- /dev/null
+++ b/test/fuzzer/reload.test
@@ -0,0 +1,13 @@
+RUN: %cpp_compiler %S/ReloadTest.cpp -o %t-ReloadTest
+RUN: not %run %t-ReloadTest -max_len=10000 -seed=1 -timeout=15 -len_control=0 -exact_artifact_path=%t.crash 2>&1 | FileCheck %s
+
+CHECK: Test unit written to {{.*}}reload.test.tmp.crash
+
+RUN: not %run %t-ReloadTest %t.crash 2>&1 | FileCheck %s --check-prefix=ARTIFACT
+
+ARTIFACT: Running: {{.*}}reload.test.tmp.crash
+ARTIFACT: ERROR: libFuzzer: deadly signal
+
+# Sanity check that altered artifact is not going to crash
+RUN: echo z >> %t.crash
+RUN: %run %t-ReloadTest %t.crash
diff --git a/test/fuzzer/seed_inputs.test b/test/fuzzer/seed_inputs.test
new file mode 100644
index 000000000..d61e6cf7a
--- /dev/null
+++ b/test/fuzzer/seed_inputs.test
@@ -0,0 +1,24 @@
+RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
+
+USE-1: INFO: seed corpus: files: 1
+RUN: echo -n "%t-SimpleTest" > %t.seed-inputs
+# Test both formats of -seed_inputs argument.
+RUN: %run %t-SimpleTest -runs=1 -seed_inputs=@%t.seed-inputs 2>&1 | FileCheck %s --check-prefix=USE-1
+RUN: %run %t-SimpleTest -runs=1 -seed_inputs=%t-SimpleTest 2>&1 | FileCheck %s --check-prefix=USE-1
+
+USE-2: INFO: seed corpus: files: 2
+RUN: echo -n "%t-SimpleTest,%t-SimpleTest" > %t.seed-inputs
+RUN: %run %t-SimpleTest -runs=1 -seed_inputs=@%t.seed-inputs 2>&1 | FileCheck %s --check-prefix=USE-2
+RUN: %run %t-SimpleTest -runs=1 -seed_inputs=%t-SimpleTest,%t-SimpleTest 2>&1 | FileCheck %s --check-prefix=USE-2
+
+# Test that missing files and trailing commas are tolerated.
+RUN: echo -n "%t-SimpleTest,%t-SimpleTest,nonexistent-file," > %t.seed-inputs
+RUN: %run %t-SimpleTest -runs=1 -seed_inputs=@%t.seed-inputs 2>&1 | FileCheck %s --check-prefix=USE-2
+RUN: %run %t-SimpleTest -runs=1 -seed_inputs=%t-SimpleTest,%t-SimpleTest,nonexistent-file, 2>&1 | FileCheck %s --check-prefix=USE-2
+
+# Test that using a non existent file or an empty seed list fails.
+EMPTY: seed_inputs is empty or @file does not exist.
+RUN: not %run %t-SimpleTest -runs=1 -seed_inputs=@nonexistent-file 2>&1 | FileCheck %s --check-prefix=EMPTY
+RUN: echo -n "" > %t.seed-inputs
+RUN: not %run %t-SimpleTest -runs=1 -seed_inputs=@%t.seed-inputs 2>&1 | FileCheck %s --check-prefix=EMPTY
+RUN: not %run %t-SimpleTest -runs=1 -seed_inputs= 2>&1 | FileCheck %s --check-prefix=EMPTY
diff --git a/test/fuzzer/sigint.test b/test/fuzzer/sigint.test
new file mode 100644
index 000000000..e9834482b
--- /dev/null
+++ b/test/fuzzer/sigint.test
@@ -0,0 +1,15 @@
+REQUIRES: msan
+
+# Check that libFuzzer exits gracefully under SIGINT with MSan.
+RUN: rm -rf %t
+RUN: mkdir -p %t
+RUN: %msan_compiler %S/SleepOneSecondTest.cpp -o %t/LFSIGINT
+
+RUN: %run %t/LFSIGINT 2> %t/log & export PID=$!
+RUN: sleep 2
+RUN: kill -SIGINT $PID
+RUN: sleep 3
+RUN: cat %t/log | FileCheck %s
+
+CHECK: libFuzzer: run interrupted; exiting
+CHECK-NOT: WARNING: MemorySanitizer
diff --git a/test/fuzzer/simple.test b/test/fuzzer/simple.test
index 97a09be7c..054afdb85 100644
--- a/test/fuzzer/simple.test
+++ b/test/fuzzer/simple.test
@@ -1,7 +1,7 @@
 CHECK: BINGO
 RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
 
-RUN: not %run %t-SimpleTest 2>&1 | FileCheck %s
+RUN: not %run %t-SimpleTest         2>&1 | FileCheck %s
 
 # only_ascii mode. Will perform some minimal self-validation.
 RUN: not %run %t-SimpleTest -only_ascii=1 2>&1
diff --git a/test/fuzzer/strncmp-oob.test b/test/fuzzer/strncmp-oob.test
index a0365d961..3d1f19789 100644
--- a/test/fuzzer/strncmp-oob.test
+++ b/test/fuzzer/strncmp-oob.test
@@ -1,6 +1,6 @@
 RUN: %cpp_compiler %S/StrncmpOOBTest.cpp -o %t-StrncmpOOBTest
 
-RUN: env ASAN_OPTIONS=strict_string_checks=1 not %run %t-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
+RUN: %env_asan_opts=strict_string_checks=1 not %run %t-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
 STRNCMP: AddressSanitizer: heap-buffer-overflow
 STRNCMP-NOT: __sanitizer_weak_hook_strncmp
 STRNCMP: in LLVMFuzzerTestOneInput
diff --git a/test/fuzzer/three-bytes.test b/test/fuzzer/three-bytes.test
index 0b2187552..923a51ecb 100644
--- a/test/fuzzer/three-bytes.test
+++ b/test/fuzzer/three-bytes.test
@@ -2,7 +2,6 @@ Tests -use_value_profile=2 (alternative VP metric).
 RUN: %cpp_compiler %S/ThreeBytes.cpp -o %t
 
 RUN:     %run %t -seed=1 -runs=30000
-RUN:     %run %t -seed=1 -runs=30000 -use_value_profile=1
 RUN: not %run %t -seed=1 -runs=1000000 -use_value_profile=2 2>&1 | FileCheck %s
 
 CHECK: Test unit written
diff --git a/test/fuzzer/trace-malloc-threaded.test b/test/fuzzer/trace-malloc-threaded.test
index f38005c1d..a2dfb3809 100644
--- a/test/fuzzer/trace-malloc-threaded.test
+++ b/test/fuzzer/trace-malloc-threaded.test
@@ -7,32 +7,32 @@ RUN: %cpp_compiler %S/TraceMallocThreadedTest.cpp -o \
 RUN:   %t-TraceMallocThreadedTest
 
 RUN: %run %t-TraceMallocThreadedTest -trace_malloc=2 -runs=1 2>&1 | FileCheck %s
-CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9a-f]+ 5639}}
 CHECK-NEXT: {{ +\#0 +}}
 CHECK-NEXT: {{ +\#1 +}}
 CHECK-NEXT: {{ +\#2 +}}
 
-CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9a-f]+ 5639}}
 CHECK-NEXT: {{ +\#0 +}}
 CHECK-NEXT: {{ +\#1 +}}
 CHECK-NEXT: {{ +\#2 +}}
 
-CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9a-f]+ 5639}}
 CHECK-NEXT: {{ +\#0 +}}
 CHECK-NEXT: {{ +\#1 +}}
 CHECK-NEXT: {{ +\#2 +}}
 
-CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9a-f]+ 5639}}
 CHECK-NEXT: {{ +\#0 +}}
 CHECK-NEXT: {{ +\#1 +}}
 CHECK-NEXT: {{ +\#2 +}}
 
-CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9a-f]+ 5639}}
 CHECK-NEXT: {{ +\#0 +}}
 CHECK-NEXT: {{ +\#1 +}}
 CHECK-NEXT: {{ +\#2 +}}
 
-CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9a-f]+ 5639}}
 CHECK-NEXT: {{ +\#0 +}}
 CHECK-NEXT: {{ +\#1 +}}
 CHECK-NEXT: {{ +\#2 +}}
diff --git a/test/fuzzer/trace-pc.test b/test/fuzzer/trace-pc.test
deleted file mode 100644
index 30049331e..000000000
--- a/test/fuzzer/trace-pc.test
+++ /dev/null
@@ -1,3 +0,0 @@
-RUN: %cpp_compiler %S/SimpleTest.cpp -fsanitize-coverage=0 -fsanitize-coverage=trace-pc -o %t-SimpleTest-TracePC
-CHECK: BINGO
-RUN: not %run %t-SimpleTest-TracePC -runs=1000000 -seed=1 2>&1 | FileCheck %s
diff --git a/test/fuzzer/value-profile-cmp.test b/test/fuzzer/value-profile-cmp.test
index 8f6ffe99c..f15a5f5a1 100644
--- a/test/fuzzer/value-profile-cmp.test
+++ b/test/fuzzer/value-profile-cmp.test
@@ -1,5 +1,4 @@
-# FIXME: Disabled on Windows because of hangs.
-UNSUPPORTED: windows, ios
+UNSUPPORTED: ios
 CHECK: BINGO
 RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest
 RUN: not %run %t-SimpleCmpTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
diff --git a/test/fuzzer/value-profile-cmp2.test b/test/fuzzer/value-profile-cmp2.test
index 5935ed6d1..3e4705b45 100644
--- a/test/fuzzer/value-profile-cmp2.test
+++ b/test/fuzzer/value-profile-cmp2.test
@@ -1,4 +1,6 @@
 UNSUPPORTED: ios
+FIXME: Make libFuzzer handle exits without ASan properly on Windows.
+UNSUPPORTED: windows
 CHECK: BINGO
 RUN: %cpp_compiler -fno-sanitize=address %S/SimpleHashTest.cpp -o %t-SimpleHashTest
 RUN: not %run %t-SimpleHashTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 -max_len=64 2>&1 | FileCheck %s
diff --git a/test/fuzzer/value-profile-cmp4.test b/test/fuzzer/value-profile-cmp4.test
index e5ac29f81..05bc3f435 100644
--- a/test/fuzzer/value-profile-cmp4.test
+++ b/test/fuzzer/value-profile-cmp4.test
@@ -1,5 +1,3 @@
-# FIXME: Disabled on Windows because of hangs.
-UNSUPPORTED: windows
 CHECK: BINGO
 RUN: %cpp_compiler %S/AbsNegAndConstant64Test.cpp -o %t-AbsNegAndConstant64Test
 RUN: not %run %t-AbsNegAndConstant64Test -seed=1 -use_cmp=0 -use_value_profile=1 -runs=100000000 2>&1 | FileCheck %s
diff --git a/test/fuzzer/value-profile-load.test b/test/fuzzer/value-profile-load.test
index b6baf1320..607b81cd5 100644
--- a/test/fuzzer/value-profile-load.test
+++ b/test/fuzzer/value-profile-load.test
@@ -1,5 +1,3 @@
-# FIXME: Disabled on Windows because of hangs.
-UNSUPPORTED: windows
 CHECK: AddressSanitizer: global-buffer-overflow
 RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-gep -o %t-LoadTest
 RUN: not %run %t-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s
diff --git a/test/fuzzer/value-profile-switch.test b/test/fuzzer/value-profile-switch.test
index a71682d79..05a9ca7ec 100644
--- a/test/fuzzer/value-profile-switch.test
+++ b/test/fuzzer/value-profile-switch.test
@@ -2,5 +2,7 @@ UNSUPPORTED: ios
 CHECK: BINGO
 RUN: %cpp_compiler %S/SwitchTest.cpp -o %t-SwitchTest
 RUN: %cpp_compiler %S/Switch2Test.cpp -o %t-Switch2Test
+RUN: %cpp_compiler %S/Switch3Test.cpp -o %t-Switch3Test
 RUN: not %run %t-SwitchTest  -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s
 RUN: not %run %t-Switch2Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1 | FileCheck %s
+RUN: not %run %t-Switch3Test -use_cmp=0 -use_value_profile=1 -runs=100000000 -seed=1 2>&1