2019-11-08 23:32:43 +08:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
# This script emulates how oss fuzz invokes the build
|
|
|
|
# process, handy for trouble shooting cmake issues and possibly
|
|
|
|
# recreating testcases. For proper debugging of the oss fuzz
|
|
|
|
# build, follow the procedure at https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally
|
|
|
|
|
|
|
|
set -eu
|
|
|
|
|
|
|
|
ossfuzz=$(readlink -f $(dirname $0))/ossfuzz.sh
|
|
|
|
|
|
|
|
mkdir -p ossfuzz-out
|
|
|
|
export OUT=$(pwd)/ossfuzz-out
|
|
|
|
export CC=clang
|
|
|
|
export CXX="clang++"
|
|
|
|
export CFLAGS="-fsanitize=fuzzer-no-link"
|
add multi implementation fuzzer (#1162)
This adds a fuzzer which parses the same input using all the available implementations (haswell, westmere, fallback on x64).
This should get the otherwise uncovered sourcefiles (mostly fallback) to show up in the fuzz coverage.
For instance, the fallback directory has only one line covered.
As of the 20200909 report, 1866 lines are covered out of 4478.
Also, it will detect if the implementations behave differently:
by making sure they all succeed, or all error
turning the parsed data into text again, should produce equal results
While at it, I corrected some minor things:
clean up building too many variants, run with forced implementation (closes #815 )
always store crashes as artefacts, good in case the fuzzer finds something
return value of the fuzzer function should always be 0
reduce log spam
introduce max size for the seed corpus and the CI fuzzer
2020-09-12 05:46:22 +08:00
|
|
|
export CXXFLAGS="-fsanitize=fuzzer-no-link,address,undefined -O3"
|
2019-11-08 23:32:43 +08:00
|
|
|
export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
|
|
|
|
|
|
|
|
$ossfuzz
|
|
|
|
|
|
|
|
echo "look at the results in $OUT"
|