kjlubick
9fd07e5cc4
Make fuzz builds set SK_FUZZ_LOGGING
...
BUG=skia:5191
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1878363002
Review URL: https://codereview.chromium.org/1878363002
2016-04-12 12:02:59 -07:00
kjlubick
4319593988
Do an in-place replacement of SkRandom with Fuzz for FilterFuzz
...
This feels rather clunky, because we aren't using the full potential of the
fuzzer, but it works, it seems.
BUG=skia:4969
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1710183002
Review URL: https://codereview.chromium.org/1710183002
2016-04-05 12:48:47 -07:00
reed
ca2622ba05
return pictures as sk_sp
...
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1811703002
Review URL: https://codereview.chromium.org/1811703002
2016-03-18 07:25:55 -07:00
kjlubick
5bd98a244b
Create ParsePath API fuzz
...
This is based on https://codereview.chromium.org/1675053002
BUG=skia:4438
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1702383003
Review URL: https://codereview.chromium.org/1702383003
2016-02-18 06:27:39 -08:00
kjlubick
2a42f48b58
Add ability to fuzz images using scaling and different modes
...
This also fixes the tryAllocPixels/SkColorTable mismatch which was causing the
"Image might be too large (32 x 32)" problems.
BUG=skia:4952
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1698963003
Review URL: https://codereview.chromium.org/1698963003
2016-02-16 16:14:23 -08:00
kjlubick
47d158eb3c
Make fuzz broadcast when it terminates via return.
...
This helps analysis figure out things like timeouts and unexpected, uncaught
exits.
TBR=mtkelin@google.com
BUG=skia:4438
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1657743002
Review URL: https://codereview.chromium.org/1657743002
2016-02-01 08:23:50 -08:00
kjlubick
2b6aa21817
Make fuzz output the words success for a 'clean exit'
...
The analysis looks for "Success" to determine if the fuzz should be considered
a clean exit or not. It classifies clean exists as "grey" fuzzes, i.e. fixed.
TBR=mtklein@google.com
BUG=skia:4438
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1646603002
Review URL: https://codereview.chromium.org/1646603002
2016-01-27 11:34:36 -08:00
mtklein
d4387ea993
fuzz: list API fuzzing options if -t api and -n matches nothing.
...
Today we segfault if --name is empty. This fixes that too.
This updates some terms: -t api lets us fuzz an API.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1617713003
Review URL: https://codereview.chromium.org/1617713003
2016-01-21 06:13:52 -08:00
kjlubick
dba5734409
Seperating our fuzzing binary from DM produces a 50x speed increase for decoding images and a 10x speed increase in decoding/rendering Skps.
...
This also lets us differentiate between the decoding of Skps and the rendering of them, the latter of which may be more interesting for bugs.
BUG=skia:4800
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1591073002
Review URL: https://codereview.chromium.org/1591073002
2016-01-21 05:03:28 -08:00
mtklein
d0b823479a
If we pass no bytes, use the fuzz binary itself.
...
This is mostly for convenient local testing.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1587043009
Review URL: https://codereview.chromium.org/1587043009
2016-01-15 07:56:20 -08:00
mtklein
f5e9782bde
Restore creature comforts to fuzz binary
...
The hack to remove these niceties didn't seem to make a difference in my
fuzz/s, so we might as well keep them.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589493006
Review URL: https://codereview.chromium.org/1589493006
2016-01-15 06:19:53 -08:00
mtklein
a115942ed6
fuzz: signalBug() / signalBoring()
...
Instead of a single ASSERT macro, this switches to two new methods:
- signalBug(): tell afl-fuzz there's a bug caused by its inputs (by crashing)
- signalBoring(): tell afl-fuzz these inputs are not worth testing (by exiting gracefully)
I'm not seeing any effect on fuzz/s when I just always log verbosely.
signalBug() now triggers SIGSEGV rather than SIGABRT. This should make it work with catchsegv more easily.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1585353002
Review URL: https://codereview.chromium.org/1585353002
2016-01-15 05:46:54 -08:00
mtklein
24a22c7de8
some fuzz hacking
...
Try to start faster:
- remove flags dependency
- print nothing
- strip unused symbols from the binary on Mac (smaller binary)
- only create one fuzz object
- only run one DEF_FUZZ
I am not sure if any of these things mattered, but I thought you may like to look.
Good stuff:
- make nextU() / nextF() work
- drop nextURange() / nextFRange() for now
- add nextB() for a single byte
As you may have guessed, I have figured out how to use afl-fuzz on my laptop.
Syntax to run becomes:
$ afl-fuzz ... out/Release/fuzz <DEF_FUZZ name> @@
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1581203003
Review URL: https://codereview.chromium.org/1581203003
2016-01-14 04:59:42 -08:00
mtklein
65e5824d3a
Add new fuzz binary.
...
This is designed to have short startup time, for maximum fuzzing throughput.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589563002
Review URL: https://codereview.chromium.org/1589563002
2016-01-13 12:57:58 -08:00