kjlubick
2a42f48b58
Add ability to fuzz images using scaling and different modes
...
This also fixes the tryAllocPixels/SkColorTable mismatch which was causing the
"Image might be too large (32 x 32)" problems.
BUG=skia:4952
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1698963003
Review URL: https://codereview.chromium.org/1698963003
2016-02-16 16:14:23 -08:00
kjlubick
47d158eb3c
Make fuzz broadcast when it terminates via return.
...
This helps analysis figure out things like timeouts and unexpected, uncaught
exits.
TBR=mtkelin@google.com
BUG=skia:4438
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1657743002
Review URL: https://codereview.chromium.org/1657743002
2016-02-01 08:23:50 -08:00
kjlubick
2b6aa21817
Make fuzz output the words success for a 'clean exit'
...
The analysis looks for "Success" to determine if the fuzz should be considered
a clean exit or not. It classifies clean exists as "grey" fuzzes, i.e. fixed.
TBR=mtklein@google.com
BUG=skia:4438
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1646603002
Review URL: https://codereview.chromium.org/1646603002
2016-01-27 11:34:36 -08:00
herb
97293c6ce7
Change name from ScaleToSides to SkScaleToSides.
...
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1618283004
Review URL: https://codereview.chromium.org/1618283004
2016-01-22 11:58:55 -08:00
herb
5e0883cf57
Fix bounds of checking if a radii are too long for a side.
...
BUG=skia:4692,skia:4413
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1617763003
Review URL: https://codereview.chromium.org/1617763003
2016-01-22 08:34:35 -08:00
mtklein
26379ca002
Demo fuzz for Herb
...
BUG=skia:4692
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1611293002
Review URL: https://codereview.chromium.org/1611293002
2016-01-21 09:25:33 -08:00
mtklein
d4387ea993
fuzz: list API fuzzing options if -t api and -n matches nothing.
...
Today we segfault if --name is empty. This fixes that too.
This updates some terms: -t api lets us fuzz an API.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1617713003
Review URL: https://codereview.chromium.org/1617713003
2016-01-21 06:13:52 -08:00
kjlubick
dba5734409
Seperating our fuzzing binary from DM produces a 50x speed increase for decoding images and a 10x speed increase in decoding/rendering Skps.
...
This also lets us differentiate between the decoding of Skps and the rendering of them, the latter of which may be more interesting for bugs.
BUG=skia:4800
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1591073002
Review URL: https://codereview.chromium.org/1591073002
2016-01-21 05:03:28 -08:00
mtklein
d0b823479a
If we pass no bytes, use the fuzz binary itself.
...
This is mostly for convenient local testing.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1587043009
Review URL: https://codereview.chromium.org/1587043009
2016-01-15 07:56:20 -08:00
mtklein
f5e9782bde
Restore creature comforts to fuzz binary
...
The hack to remove these niceties didn't seem to make a difference in my
fuzz/s, so we might as well keep them.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589493006
Review URL: https://codereview.chromium.org/1589493006
2016-01-15 06:19:53 -08:00
mtklein
a115942ed6
fuzz: signalBug() / signalBoring()
...
Instead of a single ASSERT macro, this switches to two new methods:
- signalBug(): tell afl-fuzz there's a bug caused by its inputs (by crashing)
- signalBoring(): tell afl-fuzz these inputs are not worth testing (by exiting gracefully)
I'm not seeing any effect on fuzz/s when I just always log verbosely.
signalBug() now triggers SIGSEGV rather than SIGABRT. This should make it work with catchsegv more easily.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1585353002
Review URL: https://codereview.chromium.org/1585353002
2016-01-15 05:46:54 -08:00
mtklein
24a22c7de8
some fuzz hacking
...
Try to start faster:
- remove flags dependency
- print nothing
- strip unused symbols from the binary on Mac (smaller binary)
- only create one fuzz object
- only run one DEF_FUZZ
I am not sure if any of these things mattered, but I thought you may like to look.
Good stuff:
- make nextU() / nextF() work
- drop nextURange() / nextFRange() for now
- add nextB() for a single byte
As you may have guessed, I have figured out how to use afl-fuzz on my laptop.
Syntax to run becomes:
$ afl-fuzz ... out/Release/fuzz <DEF_FUZZ name> @@
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1581203003
Review URL: https://codereview.chromium.org/1581203003
2016-01-14 04:59:42 -08:00
mtklein
65e5824d3a
Add new fuzz binary.
...
This is designed to have short startup time, for maximum fuzzing throughput.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589563002
Review URL: https://codereview.chromium.org/1589563002
2016-01-13 12:57:58 -08:00