| #!/bin/bash |
| # Copyright 2018 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| ### run a fuzz test on target a device |
| |
| ## |
| ## Usage: fx fuzz [options] [command] [command-arguments] |
| ## |
| ## Options (must be first): |
| ## -d, --device <name> Connect to device using Fuchsia link-local name. |
| ## Must be specified if multiple devices are present. |
| ## -f, --foreground Run in the foreground (default is background). |
| ## -n, --no-cipd Skip steps involving CIPD. |
| ## -o, --output <dir> Use the given directory for saving output files. |
| ## Defaults to the current directory. |
| ## -s, --staging <dir> Use the given directory for staging temporary |
| ## corpus files being transferred on or off of a |
| ## target device. Defaults to a temporary directory |
| ## that is removed on completion; use this options to |
| ## preserve those temporary files on the host. |
| ## |
| ## Commands: |
| ## help Prints this message and exits. |
| ## list [name] Lists fuzzers matching 'name' if provided, or all |
| ## fuzzers. |
| ## corpus [name] Lists the corpus instances in CIPD for the named |
| ## fuzzer. |
| ## fetch <name> [label] Retrieves the corpus for the named fuzzer. If |
| ## 'label' is a directory, installs the corpus from |
| ## that location. Otherwise fetches and installs the |
| ## corpus from CIPD given by 'label' or the latest |
| ## corpus if 'label' is omitted. |
| ## start <name> [...] Fetches the latest corpus for a named fuzzer and |
| ## starts it. Additional arguments are passed to the |
| ## fuzzer. This is default command if not provided. |
| ## check <name> Reports information about the named fuzzer, such as |
| ## execution status, corpus size, and number of |
| ## crashes. |
| ## stop <name> Stops all instances of the named fuzzer. |
| ## repro <name> [...] Runs the named fuzzer on specific inputs. If no |
| ## additional inputs are provided, uses all previously |
| ## found crashes. |
| ## merge <name> [...] Fetches the latest corpus in CIPD, merges and |
| ## minimizes it with the corpus on device, and stores |
| ## the result in CIPD. |
| ## store <name> Gathers the current corpus from the target platform |
| ## and publishes it. |
| ## |
| ## Typical workflow is one of three commands: |
| ## fx fuzz <name> # Fetches the latest corpus and starts the fuzzer |
| ## fx fuzz repro <name> # Replays any test input artifacts found |
| ## fx fuzz merge <name> # Merges the current corpus with the latest in CIPD |
| |
| source "$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"/../lib/vars.sh || exit $? |
| |
| FUZZING_DIR=${FUCHSIA_DIR}/scripts/fuzzing |
| |
| cmd=${1:-help} |
| shift |
| case "${cmd}" in |
| help) |
| fx-command-help |
| ;; |
| list) |
| python ${FUZZING_DIR}/list_fuzzers.py "$@" |
| ;; |
| corpus) |
| python ${FUZZING_DIR}/list_corpora.py "$@" |
| ;; |
| fetch) |
| python ${FUZZING_DIR}/fetch_corpus.py "$@" |
| ;; |
| start) |
| python ${FUZZING_DIR}/start_fuzzer.py "$@" & |
| ;; |
| check) |
| python ${FUZZING_DIR}/check_fuzzer.py "$@" |
| ;; |
| stop) |
| python ${FUZZING_DIR}/stop_fuzzer.py "$@" |
| ;; |
| repro) |
| python ${FUZZING_DIR}/repro_units.py "$@" |
| ;; |
| merge) |
| python ${FUZZING_DIR}/merge_corpus.py "$@" |
| ;; |
| store) |
| python ${FUZZING_DIR}/store_corpus.py "$@" |
| ;; |
| *) |
| if python ${FUZZING_DIR}/list_fuzzers.py "${cmd}" ; then |
| python ${FUZZING_DIR}/start_fuzzer.py "${cmd}" "$@" & |
| else |
| fx-command-help |
| fi |
| ;; |
| esac |
