Google Git
Sign in
skia / buildbot / 49f9e3942f5709db83ffda53b55d58f7af532022 / . / fuzzer
tree: 78ac4f0df15d02e9eea71de9a8e49d1dc4a46acc [path history] [tgz]
  1. fuzzer-be/
  2. go/
  3. res/
  4. sys/
  5. templates/
  6. .bowerrc
  7. bower.json
  8. build_fe_release
  9. create-fuzzer-be-sa.sh
  10. DESIGN.md
  11. docker_build_be_release
  12. elements.html
  13. Makefile
  14. package.json
  15. PROD.md
  16. README.md
  17. setup-script.sh
  18. skiapush.json5
  19. startup-script.sh
  20. vm.go
fuzzer/README.md

Fuzzer

When the instance is created, afl-fuzz is downloaded from gs://skia-fuzzer/afl-mirror/afl-[version].tgz To update afl-versions, download the .tgz file from [http://lcamtuf.coredump.cx/afl/releases/?O=D], upload it to that location and make it publically shared.

AFL-fuzz requires that core dumps be handled normally and not notify external entities. As such, this may need to be run as root (sudo su): echo core >/proc/sys/kernel/core_pattern

AFL-fuzz notes: Try minimizing the test cases first for better performance:

#This will lock the test case in to those that run in under a second
FUZZ_INPUT="$HOME/SKP/small"
FUZZ_SAMPLES="$HOME/SKP/minimized"
./afl-cmin -i $FUZZ_INPUT -o $FUZZ_SAMPLES -m 1000 -t 1000 -- $SKIA_ROOT/out/Release/dm --src skp --skps @@ --config 8888

When deployed to production, the params in fuzzer-be.service and fuzzer-fe.service can be tuned via experimentation for optimal performance.