Google Git
Sign in
fuchsia / fuchsia / 3a2c9b130f545121abbc96f99745c50c560282db / . / tools / devshell / contrib / fuzz
blob: cc8b9e14d83229239547eac0bd347efbc1f588a8 [file] [log] [blame]
#!/bin/bash
# Copyright 2018 The Fuchsia Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
### run a fuzz test on target a device
##
## Usage: fx fuzz [options] [command] [command-arguments]
##
## Options:
## -d, --device <name> Connect to device using Fuchsia link-local name.
## Must be specified if multiple devices are present.
## -f, --foreground Run in the foreground (default is background).
## -n, --no-cipd Skip steps involving CIPD.
## -o, --output <dir> Use the given directory for saving output files.
## Defaults to the current directory.
## -s, --staging <dir> Use the given directory for staging temporary
## corpus files being transferred on or off of a
## target device. Defaults to a temporary directory
## that is removed on completion; use this options to
## preserve those temporary files on the host.
##
## Commands:
## help Prints this message and exits.
## list [name] Lists fuzzers matching 'name' if provided, or all
## fuzzers.
## corpus [name] Lists the corpus instances in CIPD for the named
## fuzzer.
## fetch <name> [label] Retrieves the corpus for the named fuzzer. If
## 'label' is a directory, installs the corpus from
## that location. Otherwise fetches and installs the
## corpus from CIPD given by 'label', which may
## either be a CIPD "ref", or a CIPD "tag" of the
## form "key:value". If omitted, 'label' defaults to
## "latest".
## start <name> [...] Fetches the latest corpus for a named fuzzer and
## starts it. Additional arguments are passed to the
## fuzzer. This is default command if not provided.
## check <name> Reports information about the named fuzzer, such as
## execution status, corpus size, and number of
## crashes.
## stop <name> Stops all instances of the named fuzzer.
## repro <name> [...] Runs the named fuzzer on specific inputs. If no
## additional inputs are provided, uses all previously
## found crashes.
## merge <name> [...] Fetches the latest corpus in CIPD, merges and
## minimizes it with the corpus on device, and stores
## the result in CIPD.
## store <name> Gathers the current corpus from the target platform
## and publishes it to CIPD. The package will be
## tagged with the current integration revision and
## referenced as 'latest'.
##
## Typical workflow is one of three commands:
## fx fuzz <name> # Fetches the latest corpus and starts the fuzzer
## fx fuzz repro <name> # Replays any test input artifacts found
## fx fuzz merge <name> # Merges the current corpus with the latest in CIPD
source "$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"/../lib/vars.sh || exit $?
FUZZING_DIR=${FUCHSIA_DIR}/scripts/fuzzing
cmd=
while [[ -n "$1" ]] ; do
case "$1" in
-h|--help)
cmd="help"
;;
-d|--device|-o|--output|-s|--staging)
if [[ -z "$2" ]] ; then
echo "Missing argument to $1"
cmd="help"
else
opts="$opts $1 $2"
fi
shift
;;
-f|--foreground|-n|--no-cipd)
opts="$opts $1"
;;
-*)
echo "Unknown option: $1"
cmd="help"
;;
*)
if [[ -z "$cmd" ]] ; then
cmd="$1"
else
args="$args $1"
fi
;;
esac
shift
done
case "${cmd}" in
help)
fx-command-help
;;
list)
python ${FUZZING_DIR}/list_fuzzers.py "$opts $args"
;;
corpus)
python ${FUZZING_DIR}/list_corpora.py "$opts $args"
;;
fetch)
python ${FUZZING_DIR}/fetch_corpus.py "$opts $args"
;;
start)
python ${FUZZING_DIR}/start_fuzzer.py "$opts $args" &
;;
check)
python ${FUZZING_DIR}/check_fuzzer.py "$opts $args"
;;
stop)
python ${FUZZING_DIR}/stop_fuzzer.py "$opts $args"
;;
repro)
python ${FUZZING_DIR}/repro_units.py "$opts $args"
;;
merge)
python ${FUZZING_DIR}/merge_corpus.py "$opts $args"
;;
store)
python ${FUZZING_DIR}/store_corpus.py "$opts $args"
;;
*)
name="$cmd"
if python ${FUZZING_DIR}/list_fuzzers.py "$opts $name" ; then
python ${FUZZING_DIR}/start_fuzzer.py "$opts $name $args" &
else
fx-command-help
fi
;;
esac