some fuzz hacking

Try to start faster:
 - remove flags dependency
 - print nothing
 - strip unused symbols from the binary on Mac (smaller binary)
 - only create one fuzz object
 - only run one DEF_FUZZ
I am not sure if any of these things mattered, but I thought you may like to look.

Good stuff:
 - make nextU() / nextF() work
 - drop nextURange() / nextFRange() for now
 - add nextB() for a single byte

As you may have guessed, I have figured out how to use afl-fuzz on my laptop.

Syntax to run becomes:
  $ afl-fuzz ... out/Release/fuzz <DEF_FUZZ name> @@

BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1581203003

Review URL: https://codereview.chromium.org/1581203003

3 files changed, 30 insertions, 26 deletions

diff --git a/fuzz/Fuzz.h b/fuzz/Fuzz.h
index cf5bcb9ead..f5083ef8e6 100644
--- a/fuzz/Fuzz.h
+++ b/fuzz/Fuzz.h
@@ -17,15 +17,13 @@ class Fuzz : SkNoncopyable {
 public:
     explicit Fuzz(SkData*);
 
+    uint8_t  nextB();
     uint32_t nextU();
     float    nextF();
 
-    // These return a value in [min, max).
-    uint32_t nextURange(uint32_t min, uint32_t max);
-    float    nextFRange(float    min, float    max);
-
 private:
     SkAutoTUnref<SkData> fBytes;
+    int fNextByte;
 };
 
 struct Fuzzable {
diff --git a/fuzz/FuzzPaeth.cpp b/fuzz/FuzzPaeth.cpp
index aa7deb09e2..d7c139ce7a 100644
--- a/fuzz/FuzzPaeth.cpp
+++ b/fuzz/FuzzPaeth.cpp
@@ -33,8 +33,8 @@ static uint8_t paeth_alt(uint8_t a, uint8_t b, uint8_t c) {
 }
 
 DEF_FUZZ(Paeth, fuzz) {
-    int a = fuzz->nextU(),
-        b = fuzz->nextU(),
-        c = fuzz->nextU();
+    auto a = fuzz->nextB(),
+         b = fuzz->nextB(),
+         c = fuzz->nextB();
     ASSERT(paeth_alt(a,b,c) == paeth_std(a,b,c));
 }
diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp
index 6e31790951..929ba7a4cf 100644
--- a/fuzz/fuzz.cpp
+++ b/fuzz/fuzz.cpp
@@ -6,35 +6,41 @@
  */
 
 #include "Fuzz.h"
-#include "SkCommandLineFlags.h"
-
-DEFINE_string2(match, m, "", "The usual match patterns, applied to name.");
-DEFINE_string2(bytes, b, "", "Path to file containing fuzzed bytes.");
 
 int main(int argc, char** argv) {
-    SkCommandLineFlags::Parse(argc, argv);
-    SkAutoTUnref<SkData> bytes;
-    if (!FLAGS_bytes.isEmpty()) {
-        bytes.reset(SkData::NewFromFileName(FLAGS_bytes[0]));
-    }
+    ASSERT(argc > 2);
+    const char* name = argv[1];
+    const char* path = argv[2];
+
+    SkAutoTUnref<SkData> bytes(SkData::NewFromFileName(path));
+    Fuzz fuzz(bytes);
 
     for (auto r = SkTRegistry<Fuzzable>::Head(); r; r = r->next()) {
         auto fuzzable = r->factory();
-        if (!SkCommandLineFlags::ShouldSkip(FLAGS_match, fuzzable.name)) {
-            SkDebugf("Running %s...\n", fuzzable.name);
-            Fuzz fuzz(bytes);
+        if (0 == strcmp(name, fuzzable.name)) {
             fuzzable.fn(&fuzz);
+            return 0;
         }
     }
-    return 0;
+    return 1;
 }
 
 
-Fuzz::Fuzz(SkData* bytes) : fBytes(SkSafeRef(bytes)) {}
+Fuzz::Fuzz(SkData* bytes) : fBytes(SkSafeRef(bytes)), fNextByte(0) {}
+
+template <typename T>
+static T read(const SkData* data, int* next) {
+    ASSERT(sizeof(T) <= data->size());
+    if (*next + sizeof(T) > data->size()) {
+        *next = 0;
+    }
+    T val;
+    memcpy(&val, data->bytes() + *next, sizeof(T));
+    *next += sizeof(T);
+    return val;
+}
 
-// These methods are all TODO(kjlubick).
-uint32_t Fuzz::nextU() { return    0; }
-float    Fuzz::nextF() { return 0.0f; }
-uint32_t Fuzz::nextURange(uint32_t min, uint32_t max) { return min; }
-float    Fuzz::nextFRange(float    min, float    max) { return min; }
+uint8_t  Fuzz::nextB() { return read<uint8_t >(fBytes, &fNextByte); }
+uint32_t Fuzz::nextU() { return read<uint32_t>(fBytes, &fNextByte); }
+float    Fuzz::nextF() { return read<float   >(fBytes, &fNextByte); }