diff options
author | mtklein <mtklein@chromium.org> | 2016-01-15 05:46:54 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-01-15 05:46:54 -0800 |
commit | a115942ed69762206f87c680ef7ec98de3382fa6 (patch) | |
tree | 9afd175bac06573aac0bc77f602c6f3779d2ba9b /fuzz/Fuzz.h | |
parent | 0a35620a16b368356888d15771392fb00cbb777d (diff) |
fuzz: signalBug() / signalBoring()
Instead of a single ASSERT macro, this switches to two new methods:
- signalBug(): tell afl-fuzz there's a bug caused by its inputs (by crashing)
- signalBoring(): tell afl-fuzz these inputs are not worth testing (by exiting gracefully)
I'm not seeing any effect on fuzz/s when I just always log verbosely.
signalBug() now triggers SIGSEGV rather than SIGABRT. This should make it work with catchsegv more easily.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1585353002
Review URL: https://codereview.chromium.org/1585353002
Diffstat (limited to 'fuzz/Fuzz.h')
-rw-r--r-- | fuzz/Fuzz.h | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/fuzz/Fuzz.h b/fuzz/Fuzz.h index f5083ef8e6..0f34ef4b3e 100644 --- a/fuzz/Fuzz.h +++ b/fuzz/Fuzz.h @@ -11,7 +11,6 @@ #include "SkData.h" #include "SkTRegistry.h" #include "SkTypes.h" -#include <stdlib.h> class Fuzz : SkNoncopyable { public: @@ -21,7 +20,13 @@ public: uint32_t nextU(); float nextF(); + void signalBug (); // Tell afl-fuzz these inputs found a bug. + void signalBoring(); // Tell afl-fuzz these inputs are not worth testing. + private: + template <typename T> + T nextT(); + SkAutoTUnref<SkData> fBytes; int fNextByte; }; @@ -36,6 +41,4 @@ struct Fuzzable { SkTRegistry<Fuzzable> register_##name({#name, fuzz_##name}); \ static void fuzz_##name(Fuzz* f) -#define ASSERT(cond) do { if (!(cond)) abort(); } while(false) - #endif//Fuzz_DEFINED |