From dbeab81f5d10a2b0c8c1715c48132fc631c52699 Mon Sep 17 00:00:00 2001 From: Abhishek Arya Date: Fri, 24 Jul 2020 16:41:45 -0700 Subject: Add corpus-dir to run_fuzzer, for later use in coverage cmd. (#4191) * Add corpus-dir to run_fuzzer, for later use in coverage cmd. * Update as per comment. --- docs/getting-started/new_project_guide.md | 18 ++++++++++++++--- infra/helper.py | 32 +++++++++++++++++++++++-------- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/docs/getting-started/new_project_guide.md b/docs/getting-started/new_project_guide.md index 17ff2376f..5e752e7b0 100644 --- a/docs/getting-started/new_project_guide.md +++ b/docs/getting-started/new_project_guide.md @@ -306,11 +306,23 @@ You can build your docker image and fuzz targets locally, so you can test them b 3. If you want to test changes against a particular fuzz target, run the following command: ```bash - $ python infra/helper.py run_fuzzer $PROJECT_NAME + $ python infra/helper.py run_fuzzer $PROJECT_NAME --corpus-dir= ``` -4. We recommend taking a look at your code coverage as a sanity check to make sure that your -fuzz targets get to the code you expect. Please refer to [code coverage]({{ site.baseurl }}/advanced-topics/code-coverage/). +4. We recommend taking a look at your code coverage as a sanity check to make +sure that your fuzz targets get to the code you expect. This would use the +corpus generated from the previous `run_fuzzer` step in your local corpus +directory. + + ```bash + $ python infra/helper.py build_fuzzers --sanitizer coverage $PROJECT_NAME + $ python infra/helper.py coverage $PROJECT_NAME --fuzz-target= --corpus-dir= + ``` + +Please refer to +[code coverage]({{ site.baseurl }}/advanced-topics/code-coverage/) for detailed +information on code coverage generation. + **Note:** Currently, we only support AddressSanitizer (address) and UndefinedBehaviorSanitizer (undefined) configurations. MemorySanitizer is recommended, but needs to be enabled manually once you verify diff --git a/infra/helper.py b/infra/helper.py index 41551dc92..b1266c287 100755 --- a/infra/helper.py +++ b/infra/helper.py @@ -121,6 +121,8 @@ def main(): # pylint: disable=too-many-branches,too-many-return-statements,too- _add_engine_args(run_fuzzer_parser) _add_sanitizer_args(run_fuzzer_parser) _add_environment_args(run_fuzzer_parser) + run_fuzzer_parser.add_argument( + '--corpus-dir', help='directory to store corpus for the fuzz target') run_fuzzer_parser.add_argument('project_name', help='name of the project') run_fuzzer_parser.add_argument('fuzzer_name', help='name of the fuzzer') run_fuzzer_parser.add_argument('fuzzer_args', @@ -739,6 +741,12 @@ def coverage(args): run_args = _env_to_docker_args(env) + if args.port: + run_args.extend([ + '-p', + '%s:%s' % (args.port, args.port), + ]) + if args.corpus_dir: if not os.path.exists(args.corpus_dir): print('ERROR: the path provided in --corpus-dir argument does not exist', @@ -756,12 +764,6 @@ def coverage(args): 'gcr.io/oss-fuzz-base/base-runner', ]) - if args.port: - run_args.extend([ - '-p', - '%s:%s' % (args.port, args.port), - ]) - run_args.append('coverage') if args.fuzz_target: run_args.append(args.fuzz_target) @@ -792,14 +794,28 @@ def run_fuzzer(args): if args.e: env += args.e - run_args = _env_to_docker_args(env) + [ + run_args = _env_to_docker_args(env) + + if args.corpus_dir: + if not os.path.exists(args.corpus_dir): + print('ERROR: the path provided in --corpus-dir argument does not exist', + file=sys.stderr) + return 1 + corpus_dir = os.path.realpath(args.corpus_dir) + run_args.extend([ + '-v', + '{corpus_dir}:/tmp/{fuzzer}_corpus'.format(corpus_dir=corpus_dir, + fuzzer=args.fuzzer_name) + ]) + + run_args.extend([ '-v', '%s:/out' % _get_output_dir(args.project_name), '-t', 'gcr.io/oss-fuzz-base/base-runner', 'run_fuzzer', args.fuzzer_name, - ] + args.fuzzer_args + ] + args.fuzzer_args) return docker_run(run_args) -- cgit v1.2.3