oss-fuzz/infra/base-images/base-runner/coverage

126 lines
3.8 KiB
Bash
Executable File

#!/bin/bash -u
# Copyright 2018 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
cd $OUT
if (( $# > 0 )); then
FUZZ_TARGETS="$@"
else
FUZZ_TARGETS="$(find . -maxdepth 1 -type f -executable)"
fi
LOGS_DIR="$OUT/logs"
rm -rf $LOGS_DIR && mkdir -p $LOGS_DIR
REPORT_DIR="$OUT/report"
rm -rf $REPORT_DIR
FUZZER_STATS_DIR="$OUT/fuzzer_stats"
rm -rf $FUZZER_STATS_DIR && mkdir -p $FUZZER_STATS_DIR
PROFILE_FILE="merged.profdata"
SUMMARY_FILE="$REPORT_DIR/summary.json"
# It's important to use $COVERAGE_EXTRA_ARGS as the last argument, because it
# can contain paths to source files / directories which are positional args.
LLVM_COV_COMMON_ARGS="-path-equivalence=/,$OUT \
-ignore-filename-regex=.*src/libfuzzer/.* $COVERAGE_EXTRA_ARGS"
# Timeout for running a single fuzz target.
TIMEOUT=1h
# This will be used by llvm-cov command to generate the actual report.
objects=""
# Number of CPUs available, this is needed for running tests in parallel.
NPROC=$(nproc)
function run_fuzz_target {
local target=$1
local profraw_file="$target.profraw"
local profdata_file="$target.profdata"
# Use 100s timeout instead of 25s as code coverage builds can be very slow.
local args="-timeout=100 -runs=0 /corpus/${target}"
export LLVM_PROFILE_FILE=$profraw_file
timeout $TIMEOUT $target $args &> $LOGS_DIR/$target.log
if (( $? != 0 )); then
echo "Error occured while running $target:"
cat $LOGS_DIR/$target.log
fi
llvm-profdata merge -j=1 -sparse $profraw_file -o $profdata_file
# Delete unnecessary and (potentially) large .profraw files.
rm $profraw_file
llvm-cov export -summary-only -instr-profile=$profdata_file -object=$target \
$LLVM_COV_COMMON_ARGS > $FUZZER_STATS_DIR/$target.json
}
# Run each fuzz target, generate raw coverage dumps.
for fuzz_target in $FUZZ_TARGETS; do
# Continue if not a fuzz target.
if [[ $FUZZING_ENGINE != "none" ]]; then
grep "LLVMFuzzerTestOneInput" $fuzz_target > /dev/null 2>&1 || continue
fi
echo "Running $fuzz_target"
run_fuzz_target $fuzz_target &
if [[ -z $objects ]]; then
# The first object needs to be passed without -object= flag.
objects="$fuzz_target"
else
objects="$objects -object=$fuzz_target"
fi
# Do not spawn more processes than the number of CPUs available.
n_child_proc=$(jobs -rp | wc -l)
while [ "$n_child_proc" -eq "$NPROC" ]; do
sleep 4
n_child_proc=$(jobs -rp | wc -l)
done
done
# Wait for background processes to finish.
wait
# Merge all raw dumps.
rm -f $PROFILE_FILE
llvm-profdata merge -sparse *.profdata -o $PROFILE_FILE
# TODO(mmoroz): add script from Chromium for rendering directory view reports.
# It's important to use $LLVM_COV_COMMON_ARGS as the last argument due to
# positional arguments (SOURCES) that can be passed via $COVERAGE_EXTRA_ARGS.
LLVM_COV_ARGS="-instr-profile=$PROFILE_FILE $objects $LLVM_COV_COMMON_ARGS"
# Generate HTML report.
llvm-cov show -format=html -output-dir=$REPORT_DIR \
-Xdemangler c++filt -Xdemangler -n $LLVM_COV_ARGS
# Export coverage summary in JSON format.
llvm-cov export -summary-only $LLVM_COV_ARGS > $SUMMARY_FILE
if [[ -n $HTTP_PORT ]]; then
# Serve the report locally.
echo "Serving the report on http://127.0.0.1:$HTTP_PORT/"
cd $REPORT_DIR
python3 -m http.server $HTTP_PORT
fi