99 lines
2.7 KiB
Bash
Executable File
99 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright 2019 The Dawn Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Generates a seed corpus for fuzzing based on dumping wire traces
|
|
# from running Dawn tests
|
|
|
|
# Exit if anything fails
|
|
set -e
|
|
|
|
if [ "$#" -lt 3 ]; then
|
|
cat << EOF
|
|
|
|
Usage:
|
|
$0 <out_dir> <fuzzer_name> <test_name> [additional_test_args...]
|
|
|
|
Example:
|
|
$0 out/fuzz dawn_wire_server_and_vulkan_backend_fuzzer dawn_end2end_tests --gtest_filter=*Vulkan
|
|
|
|
EOF
|
|
exit 1
|
|
fi
|
|
|
|
all_args=("$@")
|
|
out_dir=$1
|
|
fuzzer_name=$2
|
|
test_name=$3
|
|
additional_test_args=("${all_args[@]:3}")
|
|
|
|
testcase_dir="/tmp/testcases/${fuzzer_name}/"
|
|
injected_error_testcase_dir="/tmp/testcases/${fuzzer_name}_injected/"
|
|
minimized_testcase_dir="/tmp/testcases/${fuzzer_name}_minimized/"
|
|
|
|
# Print commands so it's clear what is being executed
|
|
set -x
|
|
|
|
# Make a directory for temporarily storing testcases
|
|
mkdir -p "$testcase_dir"
|
|
|
|
# Make an empty directory for temporarily storing testcases with injected errors
|
|
rm -rf "$injected_error_testcase_dir"
|
|
mkdir -p "$injected_error_testcase_dir"
|
|
|
|
# Make an empty directory for temporarily storing minimized testcases
|
|
rm -rf "$minimized_testcase_dir"
|
|
mkdir -p "$minimized_testcase_dir"
|
|
|
|
# Build the fuzzer and test
|
|
autoninja -C $out_dir $fuzzer_name $test_name
|
|
|
|
fuzzer_binary="${out_dir}/${fuzzer_name}"
|
|
test_binary="${out_dir}/${test_name}"
|
|
|
|
# Run the test binary
|
|
$test_binary --use-wire --wire-trace-dir="$testcase_dir" $additional_test_args
|
|
|
|
# Run the fuzzer over the testcases to inject errors
|
|
$fuzzer_binary --injected-error-testcase-dir="$injected_error_testcase_dir" -runs=0 "$testcase_dir"
|
|
|
|
# Run the fuzzer to minimize the testcases + injected errors
|
|
$fuzzer_binary -merge=1 "$minimized_testcase_dir" "$injected_error_testcase_dir" "$testcase_dir"
|
|
|
|
# Turn off command printing
|
|
set +x
|
|
|
|
if [ -z "$(ls -A $minimized_testcase_dir)" ]; then
|
|
cat << EOF
|
|
|
|
Minimized testcase directory is empty!
|
|
Are you building with use_libfuzzer=true ?
|
|
|
|
EOF
|
|
exit 1
|
|
fi
|
|
|
|
cat << EOF
|
|
|
|
Please test the corpus in $minimized_testcase_dir with $fuzzer_name and confirm it works as expected.
|
|
|
|
$fuzzer_binary $minimized_testcase_dir
|
|
|
|
Then, run the following command to upload new testcases to the seed corpus:
|
|
|
|
gsutil -m rsync $minimized_testcase_dir gs://clusterfuzz-corpus/libfuzzer/${fuzzer_name}/
|
|
|
|
EOF
|