Home | History | Annotate | Download | only in fuzz
      1 #!/bin/sh
      2 # Copyright 2017 Google Inc.
      3 #
      4 # Use of this source code is governed by a BSD-style license that can be
      5 # found in the LICENSE file.
      6 
      7 if [ -z "$1" ]; then
      8 	cat <<-EOM
      9 	Usage:
     10 	  $0 [afl-out-loc]
     11 
     12 	Run something like this:
     13 	  $0 ~/afl-out
     14 	where afl-out is the directory containing all the output of the afl-fuzzers.
     15 	You can typically ssh into skia-fuzzer-be-1 and skia-fuzzer-be-2 and run
     16 	tar -czf afl-out.tar.gz /mnt/ssd0/fuzzes/afl-out/*/fuzzer0/queue
     17 	and extract it locally to get the directories needed to assess coverage.
     18 
     19 	EOM
     20 	exit 1
     21 fi
     22 
     23 set -x
     24 set -e
     25 
     26 cd "$(dirname "$0")/.."
     27 
     28 EXECUTABLE="fuzz"
     29 
     30 DIR="$(mktemp -d "${TMPDIR:-/tmp}/skia_coverage_XXXXXXXXXX")"
     31 BUILD=out/coverage
     32 
     33 # Build $EXECUTABLE
     34 bin/sync
     35 bin/fetch-gn
     36 
     37 rm -rf $BUILD
     38 
     39 #TODO: make this work with Clang.
     40 ARGS='cc="gcc" cxx="g++" extra_cflags=["--coverage"] extra_ldflags=["--coverage"]'
     41 gn gen --args="$ARGS" "$BUILD"
     42 
     43 ninja -C "$BUILD" "$EXECUTABLE"
     44 
     45 GCOV="$(realpath tools/gcov_shim)"
     46 
     47 # Generate a zero-baseline so files not covered by $EXECUTABLE $@ will
     48 # still show up in the report.  This reads the .gcno files that are
     49 # created at compile time.
     50 lcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/baseline -i
     51 
     52 # Running the binary generates the real coverage information, the .gcda files.
     53 QUEUES=("$1/api_parse_path/fuzzer0/queue/*" "$1/color_deserialize/fuzzer0/queue/*" "$1/skcodec_scale/fuzzer0/queue/*" "$1/skcodec_mode/fuzzer0/queue/*" "$1/api_draw_functions/fuzzer0/queue/*" "$1/api_gradient/fuzzer0/queue/*" "$1/api_image_filter/fuzzer0/queue/*" "$1/api_pathop/fuzzer0/queue/*" "$1/sksl2glsl/fuzzer0/queue/*" "$1/null_canvas/fuzzer0/queue/*" "$1/pdf_canvas/fuzzer0/queue/*" "$1/n32_canvas/fuzzer0/queue/*")
     54 
     55 ARGS=("-n ParsePath" "-t color_deserialize" "-t image_scale" "-t image_mode" "-n DrawFunctions" "-n Gradients" "-n SerializedImageFilter" "-n Pathop" "-t sksl2glsl" "-n NullCanvas" "-n PDFCanvas" "-n RasterN32Canvas")
     56 
     57 # We can't simply pass the directories to the fuzzers because some of the fuzzes will
     58 # crash or assert, which would kill the call to fuzz prematurely. Instead we run them
     59 # individually using the loops below.
     60 for i in `seq ${#QUEUES[@]}`
     61 do
     62 	FILES=${QUEUES[i]}
     63 	for f in $FILES
     64 	do
     65 		# Executing the fuzzes sequentially would take a very long time. So, we run them
     66 		# in the background, making sure we don't go crazy and execute them too fast or
     67 		# that they execute for a long time.
     68 		timeout 10 $BUILD/$EXECUTABLE ${ARGS[i]}  -b $f &
     69 		sleep .005s
     70 	done
     71 done
     72 
     73 sleep 10s
     74 
     75 echo "done running the fuzzes -- generating report"
     76 
     77 lcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/coverage
     78 
     79 lcov -q -a "$DIR"/baseline -a "$DIR"/coverage -o "$DIR"/merged
     80 
     81 genhtml -q "$DIR"/merged --legend -o "$DIR"/coverage_report --ignore-errors source
     82 
     83 xdg-open "$DIR"/coverage_report/index.html
     84