Fix fuzzers and remove hardcoded -j from travis
Fix a couple of broken fuzzers.
Also remove the shadow list of fuzzers from travis and
instead run them all.
Test: manual
Change-Id: I079cfc34acbb4eebbf968c369173772db76b24c1
diff --git a/.travis.yml b/.travis.yml
index 75b6e76..256881c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -155,9 +155,11 @@
- tools/gn gen out/dist --args="${GN_ARGS}" --check
- |
if [[ "$CFG" == ui-* ]]; then
- tools/ninja -C out/dist -j8 ui 2>&1 | grep -v "no version information available"
+ tools/ninja -C out/dist ui 2>&1 | grep -v "no version information"
+ elif [[ "$CFG" == *-libfuzzer ]]; then
+ tools/ninja -C out/dist fuzzers
else
- tools/ninja -C out/dist -j8
+ tools/ninja -C out/dist
fi
- |
TEST_TARGETS="
@@ -166,6 +168,11 @@
"
if [[ "$CFG" == ui-* ]]; then
out/dist/ui_unittests --ci
+ elif [[ "$CFG" == *-libfuzzer ]]; then
+ # Run a single iteration each to make sure they are not crashing.
+ for fuzzer in $(find out/dist -name '*_fuzzer' -executable); do
+ $fuzzer -runs=1
+ done
elif [[ "$CFG" == android-* ]]; then
TARGET_ARCH=$(echo $CFG | cut -d- -f3)
tools/run_android_emulator --pid /tmp/emulator.pid -v &
@@ -179,13 +186,6 @@
done
BENCHMARK_FUNCTIONAL_TEST_ONLY=true out/dist/perfetto_benchmarks
tools/diff_test_trace_processor.py out/dist/trace_processor_shell
- if [[ "$CFG" == *-libfuzzer ]]; then
- # Run a single iteration each to make sure they are not crashing.
- out/dist/end_to_end_shared_memory_fuzzer -runs=1
- out/dist/buffered_frame_deserializer_fuzzer -runs=1
- out/dist/unwinding_fuzzer -runs=1
- out/dist/trace_processor_fuzzer -runs=1
- fi
fi
after_script:
diff --git a/src/profiling/memory/shared_ring_buffer_fuzzer.cc b/src/profiling/memory/shared_ring_buffer_fuzzer.cc
index 7101a15..2fe7554 100644
--- a/src/profiling/memory/shared_ring_buffer_fuzzer.cc
+++ b/src/profiling/memory/shared_ring_buffer_fuzzer.cc
@@ -71,7 +71,8 @@
memcpy(&header, data, sizeof(header));
header.spinlock = 0;
- PERFETTO_CHECK(ftruncate(*fd, total_size_pages * base::kPageSize) == 0);
+ PERFETTO_CHECK(ftruncate(*fd, static_cast<off_t>(total_size_pages *
+ base::kPageSize)) == 0);
PERFETTO_CHECK(base::WriteAll(*fd, &header, sizeof(header)) != -1);
PERFETTO_CHECK(lseek(*fd, base::kPageSize, SEEK_SET) != -1);
PERFETTO_CHECK(base::WriteAll(*fd, payload, payload_size) != -1);
@@ -98,6 +99,8 @@
} // namespace profiling
} // namespace perfetto
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size);
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
return perfetto::profiling::FuzzRingBuffer(data, size);
}
diff --git a/src/profiling/memory/unwinding.h b/src/profiling/memory/unwinding.h
index e4578b0..478e2ea 100644
--- a/src/profiling/memory/unwinding.h
+++ b/src/profiling/memory/unwinding.h
@@ -161,7 +161,7 @@
}
void OnDataAvailable(base::UnixSocket* self) override;
- private:
+ public: // Public for testing / fuzzing.
struct ClientData {
DataSourceInstanceID data_source_instance_id;
std::unique_ptr<base::UnixSocket> sock;
@@ -170,6 +170,8 @@
};
void HandleBuffer(SharedRingBuffer::Buffer* buf, ClientData* socket_data);
+
+ private:
void HandleHandoffSocket(HandoffData data);
void HandleDisconnectSocket(pid_t pid);
diff --git a/src/profiling/memory/unwinding_fuzzer.cc b/src/profiling/memory/unwinding_fuzzer.cc
index a52d673..00bcf4d 100644
--- a/src/profiling/memory/unwinding_fuzzer.cc
+++ b/src/profiling/memory/unwinding_fuzzer.cc
@@ -25,20 +25,27 @@
namespace profiling {
namespace {
+class FakeDelegate : public UnwindingWorker::Delegate {
+ public:
+ ~FakeDelegate() override {}
+ void PostAllocRecord(AllocRecord) override {}
+ void PostFreeRecord(FreeRecord) override {}
+ void PostSocketDisconnected(DataSourceInstanceID, pid_t) override {}
+};
+
int FuzzUnwinding(const uint8_t* data, size_t size) {
- UnwindingRecord record;
- auto unwinding_metadata = std::make_shared<UnwindingMetadata>(
- getpid(), base::OpenFile("/proc/self/maps", O_RDONLY),
- base::OpenFile("/proc/self/mem", O_RDONLY));
+ FakeDelegate delegate;
+ UnwindingWorker worker(&delegate, /*task_runner=*/nullptr);
- record.pid = getpid();
- record.size = size;
- record.data.reset(new uint8_t[size]);
- memcpy(record.data.get(), data, size);
- record.metadata = unwinding_metadata;
+ SharedRingBuffer::Buffer buf(const_cast<uint8_t*>(data), size);
- BookkeepingRecord out;
- HandleUnwindingRecord(&record, &out);
+ UnwindingWorker::ClientData sock_data{
+ 0, nullptr,
+ UnwindingMetadata{getpid(), base::OpenFile("/proc/self/maps", O_RDONLY),
+ base::OpenFile("/proc/self/mem", O_RDONLY)},
+ *SharedRingBuffer::Create(4096)};
+
+ worker.HandleBuffer(&buf, &sock_data);
return 0;
}
