Kevin Lubick | 0168e04 | 2017-02-14 13:12:37 -0500 | [diff] [blame^] | 1 | #!/bin/sh |
| 2 | # Copyright 2017 Google Inc. |
| 3 | # |
| 4 | # Use of this source code is governed by a BSD-style license that can be |
| 5 | # found in the LICENSE file. |
| 6 | |
| 7 | if [ -z "$1" ]; then |
| 8 | cat <<-EOM |
| 9 | Usage: |
| 10 | $0 [afl-out-loc] |
| 11 | |
| 12 | Run something like this: |
| 13 | $0 ~/afl-out |
| 14 | where afl-out is the directory containing all the output of the afl-fuzzers. |
| 15 | You can typically ssh into skia-fuzzer-be-1 and skia-fuzzer-be-2 and run |
| 16 | tar -czf afl-out.tar.gz /mnt/ssd0/fuzzes/afl-out/* |
| 17 | and extract it locally to get the directories needed to assess coverage. |
| 18 | |
| 19 | EOM |
| 20 | exit 1 |
| 21 | fi |
| 22 | |
| 23 | set -x |
| 24 | set -e |
| 25 | |
| 26 | cd "$(dirname "$0")/.." |
| 27 | |
| 28 | EXECUTABLE="fuzz" |
| 29 | |
| 30 | DIR="$(mktemp -d "${TMPDIR:-/tmp}/skia_coverage_XXXXXXXXXX")" |
| 31 | BUILD=out/coverage |
| 32 | |
| 33 | # Build $EXECUTABLE |
| 34 | bin/sync |
| 35 | bin/fetch-gn |
| 36 | |
| 37 | rm -rf $BUILD |
| 38 | |
| 39 | #TODO: make this work with Clang. |
| 40 | ARGS='cc="gcc" cxx="g++" extra_cflags=["--coverage"] extra_ldflags=["--coverage"]' |
| 41 | gn gen --args="$ARGS" "$BUILD" |
| 42 | |
| 43 | ninja -C "$BUILD" "$EXECUTABLE" |
| 44 | |
| 45 | GCOV="$(realpath tools/gcov_shim)" |
| 46 | |
| 47 | # # Generate a zero-baseline so files not covered by $EXECUTABLE $@ will |
| 48 | # # still show up in the report. This reads the .gcno files that are |
| 49 | # # created at compile time. |
| 50 | lcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/baseline -i |
| 51 | |
| 52 | # Running the binary generates the real coverage information, the .gcda files. |
| 53 | QUEUES=("$1/api_parse_path/fuzzer0/queue/*" "$1/color_deserialize/fuzzer0/queue/*" "$1/color_icc/fuzzer0/queue/*" "$1/skcodec_scale/fuzzer0/queue/*" "$1/skcodec_mode/fuzzer0/queue/*" "$1/api_draw_functions/fuzzer0/queue/*" "$1/api_gradient/fuzzer0/queue/*" "$1/api_image_filter/fuzzer0/queue/*" "$1/api_pathop/fuzzer0/queue/*" "$1/sksl2glsl/fuzzer0/queue/*") |
| 54 | |
| 55 | ARGS=("-n ParsePath" "-t color_deserialize" "-t icc" "-t image_scale" "-t image_mode" "-n DrawFunctions" "-n Gradients" "-n SerializedImageFilter" "-n Pathop" "-t sksl2glsl") |
| 56 | |
| 57 | # We can't simply pass the directories to the fuzzers because some of the fuzzes will |
| 58 | # crash or assert, which would kill the call to fuzz prematurely. Instead we run them |
| 59 | # individually using the loops below. |
| 60 | for i in `seq ${#QUEUES[@]}` |
| 61 | do |
| 62 | FILES=${QUEUES[i]} |
| 63 | for f in $FILES |
| 64 | do |
| 65 | # Executing the fuzzes sequentially would take a very long time. So, we run them |
| 66 | # in the background, making sure we don't go crazy and execute them too fast or |
| 67 | # that they execute for a long time. |
| 68 | timeout 10 $BUILD/$EXECUTABLE ${ARGS[i]} -b $f & |
| 69 | sleep .005s |
| 70 | done |
| 71 | done |
| 72 | |
| 73 | sleep 10s |
| 74 | |
| 75 | echo "done running the fuzzes -- generating report" |
| 76 | |
| 77 | lcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/coverage |
| 78 | |
| 79 | lcov -q -a "$DIR"/baseline -a "$DIR"/coverage -o "$DIR"/merged |
| 80 | |
| 81 | genhtml -q "$DIR"/merged --legend -o "$DIR"/coverage_report --ignore-errors source |
| 82 | |
| 83 | xdg-open "$DIR"/coverage_report/index.html |