1 #!/bin/sh 2 # Copyright 2017 Google Inc. 3 # 4 # Use of this source code is governed by a BSD-style license that can be 5 # found in the LICENSE file. 6 7 if [ -z "$1" ]; then 8 cat <<-EOM 9 Usage: 10 $0 [afl-out-loc] 11 12 Run something like this: 13 $0 ~/afl-out 14 where afl-out is the directory containing all the output of the afl-fuzzers. 15 You can typically ssh into skia-fuzzer-be-1 and skia-fuzzer-be-2 and run 16 tar -czf afl-out.tar.gz /mnt/ssd0/fuzzes/afl-out/*/fuzzer0/queue 17 and extract it locally to get the directories needed to assess coverage. 18 19 EOM 20 exit 1 21 fi 22 23 set -x 24 set -e 25 26 cd "$(dirname "$0")/.." 27 28 EXECUTABLE="fuzz" 29 30 DIR="$(mktemp -d "${TMPDIR:-/tmp}/skia_coverage_XXXXXXXXXX")" 31 BUILD=out/coverage 32 33 # Build $EXECUTABLE 34 bin/sync 35 bin/fetch-gn 36 37 rm -rf $BUILD 38 39 #TODO: make this work with Clang. 40 ARGS='cc="gcc" cxx="g++" extra_cflags=["--coverage"] extra_ldflags=["--coverage"]' 41 gn gen --args="$ARGS" "$BUILD" 42 43 ninja -C "$BUILD" "$EXECUTABLE" 44 45 GCOV="$(realpath tools/gcov_shim)" 46 47 # Generate a zero-baseline so files not covered by $EXECUTABLE $@ will 48 # still show up in the report. This reads the .gcno files that are 49 # created at compile time. 50 lcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/baseline -i 51 52 # Running the binary generates the real coverage information, the .gcda files. 53 QUEUES=("$1/api_parse_path/fuzzer0/queue/*" "$1/color_deserialize/fuzzer0/queue/*" "$1/skcodec_scale/fuzzer0/queue/*" "$1/skcodec_mode/fuzzer0/queue/*" "$1/api_draw_functions/fuzzer0/queue/*" "$1/api_gradient/fuzzer0/queue/*" "$1/api_image_filter/fuzzer0/queue/*" "$1/api_pathop/fuzzer0/queue/*" "$1/sksl2glsl/fuzzer0/queue/*" "$1/null_canvas/fuzzer0/queue/*" "$1/pdf_canvas/fuzzer0/queue/*" "$1/n32_canvas/fuzzer0/queue/*") 54 55 ARGS=("-n ParsePath" "-t color_deserialize" "-t image_scale" "-t image_mode" "-n DrawFunctions" "-n Gradients" "-n SerializedImageFilter" "-n Pathop" "-t sksl2glsl" "-n NullCanvas" "-n PDFCanvas" "-n RasterN32Canvas") 56 57 # We can't simply pass the directories to the fuzzers because some of the fuzzes will 58 # crash or assert, which would kill the call to fuzz prematurely. Instead we run them 59 # individually using the loops below. 60 for i in `seq ${#QUEUES[@]}` 61 do 62 FILES=${QUEUES[i]} 63 for f in $FILES 64 do 65 # Executing the fuzzes sequentially would take a very long time. So, we run them 66 # in the background, making sure we don't go crazy and execute them too fast or 67 # that they execute for a long time. 68 timeout 10 $BUILD/$EXECUTABLE ${ARGS[i]} -b $f & 69 sleep .005s 70 done 71 done 72 73 sleep 10s 74 75 echo "done running the fuzzes -- generating report" 76 77 lcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/coverage 78 79 lcov -q -a "$DIR"/baseline -a "$DIR"/coverage -o "$DIR"/merged 80 81 genhtml -q "$DIR"/merged --legend -o "$DIR"/coverage_report --ignore-errors source 82 83 xdg-open "$DIR"/coverage_report/index.html 84