blob: e9ac001b62c5db66e825f249865e4568fb61a91a [file] [log] [blame]
Kevin Lubick0168e042017-02-14 13:12:37 -05001#!/bin/sh
2# Copyright 2017 Google Inc.
3#
4# Use of this source code is governed by a BSD-style license that can be
5# found in the LICENSE file.
6
7if [ -z "$1" ]; then
8 cat <<-EOM
9 Usage:
10 $0 [afl-out-loc]
11
12 Run something like this:
13 $0 ~/afl-out
14 where afl-out is the directory containing all the output of the afl-fuzzers.
15 You can typically ssh into skia-fuzzer-be-1 and skia-fuzzer-be-2 and run
16 tar -czf afl-out.tar.gz /mnt/ssd0/fuzzes/afl-out/*
17 and extract it locally to get the directories needed to assess coverage.
18
19 EOM
20 exit 1
21fi
22
23set -x
24set -e
25
26cd "$(dirname "$0")/.."
27
28EXECUTABLE="fuzz"
29
30DIR="$(mktemp -d "${TMPDIR:-/tmp}/skia_coverage_XXXXXXXXXX")"
31BUILD=out/coverage
32
33# Build $EXECUTABLE
34bin/sync
35bin/fetch-gn
36
37rm -rf $BUILD
38
39#TODO: make this work with Clang.
40ARGS='cc="gcc" cxx="g++" extra_cflags=["--coverage"] extra_ldflags=["--coverage"]'
41gn gen --args="$ARGS" "$BUILD"
42
43ninja -C "$BUILD" "$EXECUTABLE"
44
45GCOV="$(realpath tools/gcov_shim)"
46
47# # Generate a zero-baseline so files not covered by $EXECUTABLE $@ will
48# # still show up in the report. This reads the .gcno files that are
49# # created at compile time.
50lcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/baseline -i
51
52# Running the binary generates the real coverage information, the .gcda files.
53QUEUES=("$1/api_parse_path/fuzzer0/queue/*" "$1/color_deserialize/fuzzer0/queue/*" "$1/color_icc/fuzzer0/queue/*" "$1/skcodec_scale/fuzzer0/queue/*" "$1/skcodec_mode/fuzzer0/queue/*" "$1/api_draw_functions/fuzzer0/queue/*" "$1/api_gradient/fuzzer0/queue/*" "$1/api_image_filter/fuzzer0/queue/*" "$1/api_pathop/fuzzer0/queue/*" "$1/sksl2glsl/fuzzer0/queue/*")
54
55ARGS=("-n ParsePath" "-t color_deserialize" "-t icc" "-t image_scale" "-t image_mode" "-n DrawFunctions" "-n Gradients" "-n SerializedImageFilter" "-n Pathop" "-t sksl2glsl")
56
57# We can't simply pass the directories to the fuzzers because some of the fuzzes will
58# crash or assert, which would kill the call to fuzz prematurely. Instead we run them
59# individually using the loops below.
60for i in `seq ${#QUEUES[@]}`
61do
62 FILES=${QUEUES[i]}
63 for f in $FILES
64 do
65 # Executing the fuzzes sequentially would take a very long time. So, we run them
66 # in the background, making sure we don't go crazy and execute them too fast or
67 # that they execute for a long time.
68 timeout 10 $BUILD/$EXECUTABLE ${ARGS[i]} -b $f &
69 sleep .005s
70 done
71done
72
73sleep 10s
74
75echo "done running the fuzzes -- generating report"
76
77lcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/coverage
78
79lcov -q -a "$DIR"/baseline -a "$DIR"/coverage -o "$DIR"/merged
80
81genhtml -q "$DIR"/merged --legend -o "$DIR"/coverage_report --ignore-errors source
82
83xdg-open "$DIR"/coverage_report/index.html