dawn-cmake

Commit Graph

Author	SHA1	Message	Date
Austin Eng	f58f69f66b	fuzzing: Add supportsErrorInjection option to DawnWireServerFuzzer This option will be used by backends that support error injection so that errors can be injected into a "clean" corpus to generate a seed corpus with good examples of injected error conditions. Bug: dawn:295 Change-Id: I837acdde6dd4274adb56edf8e4307427f8d6333b Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/14681 Reviewed-by: Corentin Wallez <cwallez@chromium.org> Commit-Queue: Austin Eng <enga@chromium.org>	2019-12-20 15:52:20 +00:00
Austin Eng	5e98e38744	fuzzing: Remove download of existing testcases in seed corpus script ClusterFuzz already has facilities to minimize testcases daily. It is not necessary to do so in our update script. Bug: dawn:295 Change-Id: I9869d25f657b40f1af1aac90c27200a59f46b9c1 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/14621 Reviewed-by: Corentin Wallez <cwallez@chromium.org> Reviewed-by: Kai Ninomiya <kainino@chromium.org> Commit-Queue: Austin Eng <enga@chromium.org>	2019-12-18 00:35:06 +00:00
Austin Eng	97fb51f4af	Add script to generate fuzzer seed corpus from tests This adds a script which runs the end2end_tests, captures a wire trace, and then minimizes the corpus with the fuzzer. Minimizing the corpus requires libfuzzer, so this only works in a Chromium checkout. Unseeded, the fuzzer starts with coverage of about 600 features. Using a seed corpus captured from the tests, the fuzzer quickly increases coverage to about 10,000 features. Change-Id: I8d0db5121745bd5ee4a350cf46fb37cfa434e3dc Bug: dawn:295 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/14242 Commit-Queue: Austin Eng <enga@chromium.org> Reviewed-by: Kai Ninomiya <kainino@chromium.org>	2019-12-13 01:27:31 +00:00

Author

SHA1

Message

Date

Austin Eng

f58f69f66b

fuzzing: Add supportsErrorInjection option to DawnWireServerFuzzer

This option will be used by backends that support error injection so
that errors can be injected into a "clean" corpus to generate a seed
corpus with good examples of injected error conditions.

Bug: dawn:295
Change-Id: I837acdde6dd4274adb56edf8e4307427f8d6333b
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/14681
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Austin Eng <enga@chromium.org>

2019-12-20 15:52:20 +00:00

Austin Eng

5e98e38744

fuzzing: Remove download of existing testcases in seed corpus script

ClusterFuzz already has facilities to minimize testcases daily. It is
not necessary to do so in our update script.

Bug: dawn:295
Change-Id: I9869d25f657b40f1af1aac90c27200a59f46b9c1
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/14621
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Commit-Queue: Austin Eng <enga@chromium.org>

2019-12-18 00:35:06 +00:00

Austin Eng

97fb51f4af

Add script to generate fuzzer seed corpus from tests

This adds a script which runs the end2end_tests, captures a wire trace,
and then minimizes the corpus with the fuzzer. Minimizing the corpus
requires libfuzzer, so this only works in a Chromium checkout.

Unseeded, the fuzzer starts with coverage of about 600 features.
Using a seed corpus captured from the tests, the fuzzer quickly
increases coverage to about 10,000 features.

Change-Id: I8d0db5121745bd5ee4a350cf46fb37cfa434e3dc
Bug: dawn:295
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/14242
Commit-Queue: Austin Eng <enga@chromium.org>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>

2019-12-13 01:27:31 +00:00

3 Commits