2018-06-14 22:00:46 +00:00
|
|
|
#!/bin/bash -u
|
|
|
|
# Copyright 2018 Google Inc.
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
#
|
|
|
|
################################################################################
|
|
|
|
cd $OUT
|
|
|
|
|
2018-06-18 21:19:48 +00:00
|
|
|
if (( $# > 0 )); then
|
|
|
|
FUZZ_TARGETS="$@"
|
|
|
|
else
|
|
|
|
FUZZ_TARGETS="$(find . -maxdepth 1 -type f -executable)"
|
|
|
|
fi
|
|
|
|
|
2018-08-17 22:15:08 +00:00
|
|
|
DUMPS_DIR="$OUT/dumps"
|
|
|
|
FUZZER_STATS_DIR="$OUT/fuzzer_stats"
|
2018-06-14 22:00:46 +00:00
|
|
|
LOGS_DIR="$OUT/logs"
|
2018-07-19 22:58:58 +00:00
|
|
|
REPORT_DIR="$OUT/report"
|
2018-06-14 22:00:46 +00:00
|
|
|
|
2018-08-17 22:15:08 +00:00
|
|
|
for directory in $DUMPS_DIR $FUZZER_STATS_DIR $LOGS_DIR $REPORT_DIR; do
|
|
|
|
rm -rf $directory
|
|
|
|
mkdir -p $directory
|
|
|
|
done
|
|
|
|
|
2018-08-17 04:23:56 +00:00
|
|
|
|
2018-08-17 22:15:08 +00:00
|
|
|
PROFILE_FILE="$DUMPS_DIR/merged.profdata"
|
2018-07-27 14:34:02 +00:00
|
|
|
SUMMARY_FILE="$REPORT_DIR/summary.json"
|
|
|
|
|
2018-08-17 04:23:56 +00:00
|
|
|
# It's important to use $COVERAGE_EXTRA_ARGS as the last argument, because it
|
|
|
|
# can contain paths to source files / directories which are positional args.
|
|
|
|
LLVM_COV_COMMON_ARGS="-path-equivalence=/,$OUT \
|
|
|
|
-ignore-filename-regex=.*src/libfuzzer/.* $COVERAGE_EXTRA_ARGS"
|
|
|
|
|
|
|
|
# Timeout for running a single fuzz target.
|
|
|
|
TIMEOUT=1h
|
|
|
|
|
2018-06-14 22:00:46 +00:00
|
|
|
# This will be used by llvm-cov command to generate the actual report.
|
|
|
|
objects=""
|
|
|
|
|
|
|
|
# Number of CPUs available, this is needed for running tests in parallel.
|
|
|
|
NPROC=$(nproc)
|
|
|
|
|
|
|
|
function run_fuzz_target {
|
|
|
|
local target=$1
|
2018-08-17 22:15:08 +00:00
|
|
|
|
|
|
|
# '%1m' will produce separate dump files for every object. For example, if a
|
|
|
|
# fuzz target loads a shared library, we will have dumps for both of them.
|
|
|
|
local profraw_file="$DUMPS_DIR/$target.%1m.profraw"
|
|
|
|
local profraw_file_mask="$DUMPS_DIR/$target.*.profraw"
|
|
|
|
local profdata_file="$DUMPS_DIR/$target.profdata"
|
2018-06-14 22:00:46 +00:00
|
|
|
|
|
|
|
# Use 100s timeout instead of 25s as code coverage builds can be very slow.
|
|
|
|
local args="-timeout=100 -runs=0 /corpus/${target}"
|
|
|
|
|
2018-08-17 04:23:56 +00:00
|
|
|
export LLVM_PROFILE_FILE=$profraw_file
|
|
|
|
timeout $TIMEOUT $target $args &> $LOGS_DIR/$target.log
|
2018-07-20 22:43:08 +00:00
|
|
|
if (( $? != 0 )); then
|
2018-06-14 22:00:46 +00:00
|
|
|
echo "Error occured while running $target:"
|
|
|
|
cat $LOGS_DIR/$target.log
|
|
|
|
fi
|
2018-08-17 04:23:56 +00:00
|
|
|
|
2018-08-17 22:15:08 +00:00
|
|
|
llvm-profdata merge -j=1 -sparse $profraw_file_mask -o $profdata_file
|
2018-08-17 04:23:56 +00:00
|
|
|
|
|
|
|
# Delete unnecessary and (potentially) large .profraw files.
|
2018-08-17 22:15:08 +00:00
|
|
|
rm $profraw_file_mask
|
2018-08-17 04:23:56 +00:00
|
|
|
|
2018-08-17 22:15:08 +00:00
|
|
|
shared_libraries=$(coverage_helper.py shared_libs -object=$target)
|
2018-08-17 04:23:56 +00:00
|
|
|
llvm-cov export -summary-only -instr-profile=$profdata_file -object=$target \
|
2018-08-17 22:15:08 +00:00
|
|
|
$shared_libraries $LLVM_COV_COMMON_ARGS > $FUZZER_STATS_DIR/$target.json
|
2018-06-14 22:00:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# Run each fuzz target, generate raw coverage dumps.
|
2018-06-18 21:19:48 +00:00
|
|
|
for fuzz_target in $FUZZ_TARGETS; do
|
2018-06-26 15:23:56 +00:00
|
|
|
# Continue if not a fuzz target.
|
2018-06-28 14:08:57 +00:00
|
|
|
if [[ $FUZZING_ENGINE != "none" ]]; then
|
2018-07-03 16:26:51 +00:00
|
|
|
grep "LLVMFuzzerTestOneInput" $fuzz_target > /dev/null 2>&1 || continue
|
2018-06-28 14:08:57 +00:00
|
|
|
fi
|
2018-06-25 23:35:28 +00:00
|
|
|
|
2018-06-14 22:00:46 +00:00
|
|
|
echo "Running $fuzz_target"
|
|
|
|
run_fuzz_target $fuzz_target &
|
2018-08-12 17:19:40 +00:00
|
|
|
|
|
|
|
if [[ -z $objects ]]; then
|
|
|
|
# The first object needs to be passed without -object= flag.
|
|
|
|
objects="$fuzz_target"
|
|
|
|
else
|
|
|
|
objects="$objects -object=$fuzz_target"
|
|
|
|
fi
|
2018-06-14 22:00:46 +00:00
|
|
|
|
|
|
|
# Do not spawn more processes than the number of CPUs available.
|
|
|
|
n_child_proc=$(jobs -rp | wc -l)
|
|
|
|
while [ "$n_child_proc" -eq "$NPROC" ]; do
|
|
|
|
sleep 4
|
|
|
|
n_child_proc=$(jobs -rp | wc -l)
|
|
|
|
done
|
|
|
|
done
|
|
|
|
|
|
|
|
# Wait for background processes to finish.
|
|
|
|
wait
|
|
|
|
|
2018-08-17 22:15:08 +00:00
|
|
|
# Merge all dumps from the individual targets.
|
2018-08-17 04:23:56 +00:00
|
|
|
rm -f $PROFILE_FILE
|
2018-08-17 22:15:08 +00:00
|
|
|
llvm-profdata merge -sparse $DUMPS_DIR/*.profdata -o $PROFILE_FILE
|
2018-06-14 22:00:46 +00:00
|
|
|
|
|
|
|
# TODO(mmoroz): add script from Chromium for rendering directory view reports.
|
2018-08-17 22:15:08 +00:00
|
|
|
# The first path in $objects does not have -object= prefix (llvm-cov format).
|
|
|
|
shared_libraries=$(coverage_helper.py shared_libs -object=$objects)
|
|
|
|
objects="$objects $shared_libraries"
|
2018-06-14 22:00:46 +00:00
|
|
|
|
2018-08-17 04:23:56 +00:00
|
|
|
# It's important to use $LLVM_COV_COMMON_ARGS as the last argument due to
|
|
|
|
# positional arguments (SOURCES) that can be passed via $COVERAGE_EXTRA_ARGS.
|
|
|
|
LLVM_COV_ARGS="-instr-profile=$PROFILE_FILE $objects $LLVM_COV_COMMON_ARGS"
|
2018-08-12 17:19:40 +00:00
|
|
|
|
2018-06-14 22:00:46 +00:00
|
|
|
# Generate HTML report.
|
2018-08-12 17:19:40 +00:00
|
|
|
llvm-cov show -format=html -output-dir=$REPORT_DIR \
|
|
|
|
-Xdemangler c++filt -Xdemangler -n $LLVM_COV_ARGS
|
2018-07-27 14:34:02 +00:00
|
|
|
|
|
|
|
# Export coverage summary in JSON format.
|
2018-08-12 17:19:40 +00:00
|
|
|
llvm-cov export -summary-only $LLVM_COV_ARGS > $SUMMARY_FILE
|
2018-06-14 22:00:46 +00:00
|
|
|
|
2018-07-20 22:43:08 +00:00
|
|
|
if [[ -n $HTTP_PORT ]]; then
|
|
|
|
# Serve the report locally.
|
|
|
|
echo "Serving the report on http://127.0.0.1:$HTTP_PORT/"
|
|
|
|
cd $REPORT_DIR
|
|
|
|
python3 -m http.server $HTTP_PORT
|
|
|
|
fi
|