1cb93a386Sopenharmony_ci#!/bin/sh 2cb93a386Sopenharmony_ci# Copyright 2017 Google Inc. 3cb93a386Sopenharmony_ci# 4cb93a386Sopenharmony_ci# Use of this source code is governed by a BSD-style license that can be 5cb93a386Sopenharmony_ci# found in the LICENSE file. 6cb93a386Sopenharmony_ci 7cb93a386Sopenharmony_ciif [ -z "$1" ]; then 8cb93a386Sopenharmony_ci cat <<-EOM 9cb93a386Sopenharmony_ci Usage: 10cb93a386Sopenharmony_ci $0 [afl-out-loc] 11cb93a386Sopenharmony_ci 12cb93a386Sopenharmony_ci Run something like this: 13cb93a386Sopenharmony_ci $0 ~/afl-out 14cb93a386Sopenharmony_ci where afl-out is the directory containing all the output of the afl-fuzzers. 15cb93a386Sopenharmony_ci You can typically ssh into skia-fuzzer-be-1 and skia-fuzzer-be-2 and run 16cb93a386Sopenharmony_ci tar -czf afl-out.tar.gz /mnt/ssd0/fuzzes/afl-out/*/fuzzer0/queue 17cb93a386Sopenharmony_ci and extract it locally to get the directories needed to assess coverage. 18cb93a386Sopenharmony_ci 19cb93a386Sopenharmony_ci EOM 20cb93a386Sopenharmony_ci exit 1 21cb93a386Sopenharmony_cifi 22cb93a386Sopenharmony_ci 23cb93a386Sopenharmony_ciset -x 24cb93a386Sopenharmony_ciset -e 25cb93a386Sopenharmony_ci 26cb93a386Sopenharmony_cicd "$(dirname "$0")/.." 27cb93a386Sopenharmony_ci 28cb93a386Sopenharmony_ciEXECUTABLE="fuzz" 29cb93a386Sopenharmony_ci 30cb93a386Sopenharmony_ciDIR="$(mktemp -d "${TMPDIR:-/tmp}/skia_coverage_XXXXXXXXXX")" 31cb93a386Sopenharmony_ciBUILD=out/coverage 32cb93a386Sopenharmony_ci 33cb93a386Sopenharmony_ci# Build $EXECUTABLE 34cb93a386Sopenharmony_cibin/sync 35cb93a386Sopenharmony_cibin/fetch-gn 36cb93a386Sopenharmony_ci 37cb93a386Sopenharmony_cirm -rf $BUILD 38cb93a386Sopenharmony_ci 39cb93a386Sopenharmony_ci#TODO: make this work with Clang. 40cb93a386Sopenharmony_ciARGS='cc="gcc" cxx="g++" extra_cflags=["--coverage"] extra_ldflags=["--coverage"]' 41cb93a386Sopenharmony_cign gen --args="$ARGS" "$BUILD" 42cb93a386Sopenharmony_ci 43cb93a386Sopenharmony_cininja -C "$BUILD" "$EXECUTABLE" 44cb93a386Sopenharmony_ci 45cb93a386Sopenharmony_ciGCOV="$(realpath tools/gcov_shim)" 46cb93a386Sopenharmony_ci 47cb93a386Sopenharmony_ci# Generate a zero-baseline so files not covered by $EXECUTABLE $@ will 48cb93a386Sopenharmony_ci# still show up in the report. This reads the .gcno files that are 49cb93a386Sopenharmony_ci# created at compile time. 50cb93a386Sopenharmony_cilcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/baseline -i 51cb93a386Sopenharmony_ci 52cb93a386Sopenharmony_ci# Running the binary generates the real coverage information, the .gcda files. 53cb93a386Sopenharmony_ciQUEUES=("$1/api_parse_path/fuzzer0/queue/*" "$1/color_deserialize/fuzzer0/queue/*" "$1/skcodec_scale/fuzzer0/queue/*" "$1/skcodec_mode/fuzzer0/queue/*" "$1/api_draw_functions/fuzzer0/queue/*" "$1/api_gradient/fuzzer0/queue/*" "$1/api_image_filter/fuzzer0/queue/*" "$1/api_pathop/fuzzer0/queue/*" "$1/sksl2glsl/fuzzer0/queue/*" "$1/null_canvas/fuzzer0/queue/*" "$1/pdf_canvas/fuzzer0/queue/*" "$1/n32_canvas/fuzzer0/queue/*") 54cb93a386Sopenharmony_ci 55cb93a386Sopenharmony_ciARGS=("-n ParsePath" "-t color_deserialize" "-t image_scale" "-t image_mode" "-n DrawFunctions" "-n Gradients" "-n SerializedImageFilter" "-n Pathop" "-t sksl2glsl" "-n NullCanvas" "-n PDFCanvas" "-n RasterN32Canvas") 56cb93a386Sopenharmony_ci 57cb93a386Sopenharmony_ci# We can't simply pass the directories to the fuzzers because some of the fuzzes will 58cb93a386Sopenharmony_ci# crash or assert, which would kill the call to fuzz prematurely. Instead we run them 59cb93a386Sopenharmony_ci# individually using the loops below. 60cb93a386Sopenharmony_cifor i in `seq ${#QUEUES[@]}` 61cb93a386Sopenharmony_cido 62cb93a386Sopenharmony_ci FILES=${QUEUES[i]} 63cb93a386Sopenharmony_ci for f in $FILES 64cb93a386Sopenharmony_ci do 65cb93a386Sopenharmony_ci # Executing the fuzzes sequentially would take a very long time. So, we run them 66cb93a386Sopenharmony_ci # in the background, making sure we don't go crazy and execute them too fast or 67cb93a386Sopenharmony_ci # that they execute for a long time. 68cb93a386Sopenharmony_ci timeout 10 $BUILD/$EXECUTABLE ${ARGS[i]} -b $f & 69cb93a386Sopenharmony_ci sleep .005s 70cb93a386Sopenharmony_ci done 71cb93a386Sopenharmony_cidone 72cb93a386Sopenharmony_ci 73cb93a386Sopenharmony_cisleep 10s 74cb93a386Sopenharmony_ci 75cb93a386Sopenharmony_ciecho "done running the fuzzes -- generating report" 76cb93a386Sopenharmony_ci 77cb93a386Sopenharmony_cilcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/coverage 78cb93a386Sopenharmony_ci 79cb93a386Sopenharmony_cilcov -q -a "$DIR"/baseline -a "$DIR"/coverage -o "$DIR"/merged 80cb93a386Sopenharmony_ci 81cb93a386Sopenharmony_cigenhtml -q "$DIR"/merged --legend -o "$DIR"/coverage_report --ignore-errors source 82cb93a386Sopenharmony_ci 83cb93a386Sopenharmony_cixdg-open "$DIR"/coverage_report/index.html 84