aboutsummaryrefslogtreecommitdiffhomepage
path: root/fuzz
Commit message (Collapse)AuthorAge
...
* Demo fuzz for HerbGravatar mtklein2016-01-21
| | | | | | | BUG=skia:4692 GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1611293002 Review URL: https://codereview.chromium.org/1611293002
* fuzz: list API fuzzing options if -t api and -n matches nothing.Gravatar mtklein2016-01-21
| | | | | | | | | | | Today we segfault if --name is empty. This fixes that too. This updates some terms: -t api lets us fuzz an API. BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1617713003 Review URL: https://codereview.chromium.org/1617713003
* Seperating our fuzzing binary from DM produces a 50x speed increase for ↵Gravatar kjlubick2016-01-21
| | | | | | | | | | | decoding images and a 10x speed increase in decoding/rendering Skps. This also lets us differentiate between the decoding of Skps and the rendering of them, the latter of which may be more interesting for bugs. BUG=skia:4800 GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1591073002 Review URL: https://codereview.chromium.org/1591073002
* If we pass no bytes, use the fuzz binary itself.Gravatar mtklein2016-01-15
| | | | | | | | | This is mostly for convenient local testing. BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1587043009 Review URL: https://codereview.chromium.org/1587043009
* Restore creature comforts to fuzz binaryGravatar mtklein2016-01-15
| | | | | | | | | | The hack to remove these niceties didn't seem to make a difference in my fuzz/s, so we might as well keep them. BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589493006 Review URL: https://codereview.chromium.org/1589493006
* fuzz: signalBug() / signalBoring()Gravatar mtklein2016-01-15
| | | | | | | | | | | | | | | Instead of a single ASSERT macro, this switches to two new methods: - signalBug(): tell afl-fuzz there's a bug caused by its inputs (by crashing) - signalBoring(): tell afl-fuzz these inputs are not worth testing (by exiting gracefully) I'm not seeing any effect on fuzz/s when I just always log verbosely. signalBug() now triggers SIGSEGV rather than SIGABRT. This should make it work with catchsegv more easily. BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1585353002 Review URL: https://codereview.chromium.org/1585353002
* some fuzz hackingGravatar mtklein2016-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | Try to start faster: - remove flags dependency - print nothing - strip unused symbols from the binary on Mac (smaller binary) - only create one fuzz object - only run one DEF_FUZZ I am not sure if any of these things mattered, but I thought you may like to look. Good stuff: - make nextU() / nextF() work - drop nextURange() / nextFRange() for now - add nextB() for a single byte As you may have guessed, I have figured out how to use afl-fuzz on my laptop. Syntax to run becomes: $ afl-fuzz ... out/Release/fuzz <DEF_FUZZ name> @@ BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1581203003 Review URL: https://codereview.chromium.org/1581203003
* Add new fuzz binary.Gravatar mtklein2016-01-13
This is designed to have short startup time, for maximum fuzzing throughput. BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589563002 Review URL: https://codereview.chromium.org/1589563002