Commit Graph

265 Commits

Author SHA1 Message Date
mtklein
e1fce93f36 Remove FuzzPaeth now that we have some real Fuzzes.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1711753002

Review URL: https://codereview.chromium.org/1711753002
2016-02-18 06:58:13 -08:00
kjlubick
5bd98a244b Create ParsePath API fuzz
This is based on https://codereview.chromium.org/1675053002

BUG=skia:4438
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1702383003

Review URL: https://codereview.chromium.org/1702383003
2016-02-18 06:27:39 -08:00
kjlubick
2a42f48b58 Add ability to fuzz images using scaling and different modes
This also fixes the tryAllocPixels/SkColorTable mismatch which was causing the
"Image might be too large (32 x 32)" problems.

BUG=skia:4952
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1698963003

Review URL: https://codereview.chromium.org/1698963003
2016-02-16 16:14:23 -08:00
kjlubick
47d158eb3c Make fuzz broadcast when it terminates via return.
This helps analysis figure out things like timeouts and unexpected, uncaught
exits.

TBR=mtkelin@google.com
BUG=skia:4438
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1657743002

Review URL: https://codereview.chromium.org/1657743002
2016-02-01 08:23:50 -08:00
kjlubick
2b6aa21817 Make fuzz output the words success for a 'clean exit'
The analysis looks for "Success" to determine if the fuzz should be considered
a clean exit or not.  It classifies clean exists as "grey" fuzzes, i.e. fixed.

TBR=mtklein@google.com
BUG=skia:4438
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1646603002

Review URL: https://codereview.chromium.org/1646603002
2016-01-27 11:34:36 -08:00
herb
97293c6ce7 Change name from ScaleToSides to SkScaleToSides.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1618283004

Review URL: https://codereview.chromium.org/1618283004
2016-01-22 11:58:55 -08:00
herb
5e0883cf57 Fix bounds of checking if a radii are too long for a side.
BUG=skia:4692,skia:4413
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1617763003

Review URL: https://codereview.chromium.org/1617763003
2016-01-22 08:34:35 -08:00
mtklein
26379ca002 Demo fuzz for Herb
BUG=skia:4692
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1611293002

Review URL: https://codereview.chromium.org/1611293002
2016-01-21 09:25:33 -08:00
mtklein
d4387ea993 fuzz: list API fuzzing options if -t api and -n matches nothing.
Today we segfault if --name is empty.  This fixes that too.

This updates some terms: -t api lets us fuzz an API.

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1617713003

Review URL: https://codereview.chromium.org/1617713003
2016-01-21 06:13:52 -08:00
kjlubick
dba5734409 Seperating our fuzzing binary from DM produces a 50x speed increase for decoding images and a 10x speed increase in decoding/rendering Skps.
This also lets us differentiate between the decoding of Skps and the rendering of them, the latter of which may be more interesting for bugs.

BUG=skia:4800
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1591073002

Review URL: https://codereview.chromium.org/1591073002
2016-01-21 05:03:28 -08:00
mtklein
d0b823479a If we pass no bytes, use the fuzz binary itself.
This is mostly for convenient local testing.

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1587043009

Review URL: https://codereview.chromium.org/1587043009
2016-01-15 07:56:20 -08:00
mtklein
f5e9782bde Restore creature comforts to fuzz binary
The hack to remove these niceties didn't seem to make a difference in my
fuzz/s, so we might as well keep them.

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589493006

Review URL: https://codereview.chromium.org/1589493006
2016-01-15 06:19:53 -08:00
mtklein
a115942ed6 fuzz: signalBug() / signalBoring()
Instead of a single ASSERT macro, this switches to two new methods:
   - signalBug():    tell afl-fuzz there's a bug caused by its inputs (by crashing)
   - signalBoring(): tell afl-fuzz these inputs are not worth testing (by exiting gracefully)

I'm not seeing any effect on fuzz/s when I just always log verbosely.

signalBug() now triggers SIGSEGV rather than SIGABRT.  This should make it work with catchsegv more easily.

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1585353002

Review URL: https://codereview.chromium.org/1585353002
2016-01-15 05:46:54 -08:00
mtklein
24a22c7de8 some fuzz hacking
Try to start faster:
 - remove flags dependency
 - print nothing
 - strip unused symbols from the binary on Mac (smaller binary)
 - only create one fuzz object
 - only run one DEF_FUZZ
I am not sure if any of these things mattered, but I thought you may like to look.

Good stuff:
 - make nextU() / nextF() work
 - drop nextURange() / nextFRange() for now
 - add nextB() for a single byte

As you may have guessed, I have figured out how to use afl-fuzz on my laptop.

Syntax to run becomes:
  $ afl-fuzz ... out/Release/fuzz <DEF_FUZZ name> @@

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1581203003

Review URL: https://codereview.chromium.org/1581203003
2016-01-14 04:59:42 -08:00
mtklein
65e5824d3a Add new fuzz binary.
This is designed to have short startup time, for maximum fuzzing throughput.

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589563002

Review URL: https://codereview.chromium.org/1589563002
2016-01-13 12:57:58 -08:00