Whether string_string_checks will be turned on or not is
being discussed in https://github.com/google/oss-fuzz/issues/542.
Until it's settled, it'd probably be better to remove the option
from ASAN_OPTIONS altogether so as not to confuse anybody.
When `libFuzzer` is used as a fuzzing engine it conveniently puts
everything it finds into its working directory, which happens to
be $OUT. When any other engine is used, the output is sent to /tmp,
which disappears as soon as the container stops. That makes it
unnecessarily hard to extract reproducers found by afl for further analysis
without joining the mount namespace of a running container and
almost impossible with `honggfuzz`, that exits immediately after a crash.
Currently, dictionaries are taken into account only when `libfuzzer` is
used as a fuzzing engine (and also apparently `none` but I'm not sure what it is).
This patch makes it possible to make use of dictionaries with other fuzzing
engines too. I didn't touch the code handling options passed to libFuzzer
so as not to break anything :-)
* [infra] Use coverage utils from Chromium and other fixes (follow-up #1547).
* Sort dependencies in an alpha order plus make more readable.
* Re-order arguments passed to coverage_helper script.
* Rename REPORT_DIR variable and put summary.json into platform specific dir.
* Fix -src-root-dir value.
* [infra] Add script for downloading a batch of corpus backups (for #1547).
* Add missing wget dependency and replace a tab with spaces.
* Convert more tabs to spaces.
When a fuzzer is seriously broken (which happens occasionally during debug),
it's unlikely to start properly let alone provide some meaningful
output. In this case, it seems reasonable to skip some checks and prevent bash
from encountering the following syntax error:
```
/usr/local/bin/bad_build_check: line 68: ((: < 100 : syntax error: operand expected (error token is "< 100 ")
```
* Fix bad build check.
Bad build checks previously just checked that a file is an executable
ELF. This is insufficient because libraries are also executable ELFs.
Add a check that the file contains LLVMFuzzerTestOneInput, in order
to consider a fuzz target.
Also update coverage and test_report for consistency.
* [infra] helper.py: support "profile" command for a single fuzz target with arbitrary corpus location.
* Address review feedback.
* Update code_coverage.md page.
* [infra] Fix helper.py as per feedback from @evverx + fix issues from #1519.
* Remove stuff from local testing
* Suppress unnecessary output from GSUtil.
* [infra] Enable clange code coverage reports generation for local runs.
* Use runner image and move corpus management to the helper.py
.
* Clean up, delete unnecessary stuff, add comments.
* Run fuzz targets in parallel. Do not exit in case of an error.
* Address review feedback, except of the threading thing.
* Fix a typo.
* Use ThreadPool implementatino available in standard python2.7 package.
* Add dry run support + no corpus download option.
* Fix flags handling + add log output in case of an error.
* Append arguments for fuzz target instead of replacing them.
* Remove dry run functionality as it currently errors out after two runs.
* Fix some spacing in the code.
* Update documentation regarding new code coverage script.
* Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
* Quote the parameter to -name so the shell won't interpret it.
* Add AFL bad build checks (instrumentation, startup crash).
* Fix incorrect seed corpus unpack for afl bad instrumentation, startup crash test
* Match AFL startup crash check with ClusterFuzz
* [infra] Enable bad build checks once again.
* Minor typo.
* [bad_example] Update build flags for reproducing bad instrumentation scenario.
* [bad_example] split bad/no instrumentation case into two different ones.
* Use new approach for partial instrumentation detection + do that only for libFuzzer.
* Rename bad_example_bad_instrumentation into bad_example_partial_instrumentation.
* Calculate number of broken targets and fail if 10+% are broken.
* Multiprocess madness.
* Always run all checks and store all errors + clean up the code and add comments
* Add special handling for the projects with very small fuzz targets.
* Remove unnecessary semicolon.
* Address review comments.
* Address more review comments, small refactoring.
Evgeny Vereshchagin