Commit Graph

462 Commits

Author SHA1 Message Date
kjlubick
47d158eb3c Make fuzz broadcast when it terminates via return.
This helps analysis figure out things like timeouts and unexpected, uncaught
exits.

TBR=mtkelin@google.com
BUG=skia:4438
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1657743002

Review URL: https://codereview.chromium.org/1657743002
2016-02-01 08:23:50 -08:00
kjlubick
2b6aa21817 Make fuzz output the words success for a 'clean exit'
The analysis looks for "Success" to determine if the fuzz should be considered
a clean exit or not.  It classifies clean exists as "grey" fuzzes, i.e. fixed.

TBR=mtklein@google.com
BUG=skia:4438
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1646603002

Review URL: https://codereview.chromium.org/1646603002
2016-01-27 11:34:36 -08:00
herb
97293c6ce7 Change name from ScaleToSides to SkScaleToSides.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1618283004

Review URL: https://codereview.chromium.org/1618283004
2016-01-22 11:58:55 -08:00
herb
5e0883cf57 Fix bounds of checking if a radii are too long for a side.
BUG=skia:4692,skia:4413
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1617763003

Review URL: https://codereview.chromium.org/1617763003
2016-01-22 08:34:35 -08:00
mtklein
26379ca002 Demo fuzz for Herb
BUG=skia:4692
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1611293002

Review URL: https://codereview.chromium.org/1611293002
2016-01-21 09:25:33 -08:00
mtklein
d4387ea993 fuzz: list API fuzzing options if -t api and -n matches nothing.
Today we segfault if --name is empty.  This fixes that too.

This updates some terms: -t api lets us fuzz an API.

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1617713003

Review URL: https://codereview.chromium.org/1617713003
2016-01-21 06:13:52 -08:00
kjlubick
dba5734409 Seperating our fuzzing binary from DM produces a 50x speed increase for decoding images and a 10x speed increase in decoding/rendering Skps.
This also lets us differentiate between the decoding of Skps and the rendering of them, the latter of which may be more interesting for bugs.

BUG=skia:4800
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1591073002

Review URL: https://codereview.chromium.org/1591073002
2016-01-21 05:03:28 -08:00
mtklein
d0b823479a If we pass no bytes, use the fuzz binary itself.
This is mostly for convenient local testing.

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1587043009

Review URL: https://codereview.chromium.org/1587043009
2016-01-15 07:56:20 -08:00
mtklein
f5e9782bde Restore creature comforts to fuzz binary
The hack to remove these niceties didn't seem to make a difference in my
fuzz/s, so we might as well keep them.

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589493006

Review URL: https://codereview.chromium.org/1589493006
2016-01-15 06:19:53 -08:00
mtklein
a115942ed6 fuzz: signalBug() / signalBoring()
Instead of a single ASSERT macro, this switches to two new methods:
   - signalBug():    tell afl-fuzz there's a bug caused by its inputs (by crashing)
   - signalBoring(): tell afl-fuzz these inputs are not worth testing (by exiting gracefully)

I'm not seeing any effect on fuzz/s when I just always log verbosely.

signalBug() now triggers SIGSEGV rather than SIGABRT.  This should make it work with catchsegv more easily.

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1585353002

Review URL: https://codereview.chromium.org/1585353002
2016-01-15 05:46:54 -08:00
mtklein
24a22c7de8 some fuzz hacking
Try to start faster:
 - remove flags dependency
 - print nothing
 - strip unused symbols from the binary on Mac (smaller binary)
 - only create one fuzz object
 - only run one DEF_FUZZ
I am not sure if any of these things mattered, but I thought you may like to look.

Good stuff:
 - make nextU() / nextF() work
 - drop nextURange() / nextFRange() for now
 - add nextB() for a single byte

As you may have guessed, I have figured out how to use afl-fuzz on my laptop.

Syntax to run becomes:
  $ afl-fuzz ... out/Release/fuzz <DEF_FUZZ name> @@

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1581203003

Review URL: https://codereview.chromium.org/1581203003
2016-01-14 04:59:42 -08:00
mtklein
65e5824d3a Add new fuzz binary.
This is designed to have short startup time, for maximum fuzzing throughput.

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589563002

Review URL: https://codereview.chromium.org/1589563002
2016-01-13 12:57:58 -08:00