a115942ed6
Instead of a single ASSERT macro, this switches to two new methods: - signalBug(): tell afl-fuzz there's a bug caused by its inputs (by crashing) - signalBoring(): tell afl-fuzz these inputs are not worth testing (by exiting gracefully) I'm not seeing any effect on fuzz/s when I just always log verbosely. signalBug() now triggers SIGSEGV rather than SIGABRT. This should make it work with catchsegv more easily. BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1585353002 Review URL: https://codereview.chromium.org/1585353002
45 lines
971 B
C++
45 lines
971 B
C++
/*
|
|
* Copyright 2016 Google Inc.
|
|
*
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*/
|
|
|
|
#ifndef Fuzz_DEFINED
|
|
#define Fuzz_DEFINED
|
|
|
|
#include "SkData.h"
|
|
#include "SkTRegistry.h"
|
|
#include "SkTypes.h"
|
|
|
|
class Fuzz : SkNoncopyable {
|
|
public:
|
|
explicit Fuzz(SkData*);
|
|
|
|
uint8_t nextB();
|
|
uint32_t nextU();
|
|
float nextF();
|
|
|
|
void signalBug (); // Tell afl-fuzz these inputs found a bug.
|
|
void signalBoring(); // Tell afl-fuzz these inputs are not worth testing.
|
|
|
|
private:
|
|
template <typename T>
|
|
T nextT();
|
|
|
|
SkAutoTUnref<SkData> fBytes;
|
|
int fNextByte;
|
|
};
|
|
|
|
struct Fuzzable {
|
|
const char* name;
|
|
void (*fn)(Fuzz*);
|
|
};
|
|
|
|
#define DEF_FUZZ(name, f) \
|
|
static void fuzz_##name(Fuzz*); \
|
|
SkTRegistry<Fuzzable> register_##name({#name, fuzz_##name}); \
|
|
static void fuzz_##name(Fuzz* f)
|
|
|
|
#endif//Fuzz_DEFINED
|