diff options
| author | Nicolas Boichat <drinkcat@chromium.org> | 2018-06-20 14:21:43 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-08-16 00:30:08 -0700 |
| commit | 4a4e2c71a0f6aaa50e0728922f84a7d54c14380a (patch) | |
| tree | 4bbc05387f7b479bc4a3dcb925174676f03d9356 /Makefile.toolchain | |
| parent | 165ee29673b058ba5f4550d5b6e1dfecb179bb22 (diff) | |
| download | chrome-ec-4a4e2c71a0f6aaa50e0728922f84a7d54c14380a.tar.gz | |
test: host_command_fuzz: fuzzing test
Writing fuzzing tests is a little tricky, as clang takes over the main
function. Instead, we start the test main function in a thread, and
have LLVMFuzzerTestOneInput prepare the host command buffer, and
wake the TEST_RUNNER task.
To make fuzzing faster, we only send somehow correctly formed requests,
with a valid checksum and length (this can be disabled with an option).
We also make sure that the emulator does not hibernate, reboot or jump
to a different image when fuzzing is enabled.
BRANCH=none
BUG=chromium:854975
TEST=make buildfuzztests -j
ASAN_OPTIONS="log_path=stderr" \
build/host/host_command_fuzz/host_command_fuzz.exe -timeout=5
Change-Id: I27b25e44c405f118dfc1296247479245e15e54b4
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1107523
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Diffstat (limited to 'Makefile.toolchain')
| -rw-r--r-- | Makefile.toolchain | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/Makefile.toolchain b/Makefile.toolchain index c0ecdc91ca..698106889a 100644 --- a/Makefile.toolchain +++ b/Makefile.toolchain @@ -60,7 +60,8 @@ CFLAGS_TEST=$(if $(TEST_BUILD),-DTEST_BUILD \ $(if $(EMU_BUILD),-DEMU_BUILD) \ $(if $($(PROJECT)-scale),-DTEST_TIME_SCALE=$($(PROJECT)-scale)) \ -DTEST_$(PROJECT) -DTEST_$(UC_PROJECT) \ - $(if $(TEST_ASAN),-fsanitize=address) + $(if $(TEST_ASAN),-fsanitize=address) \ + $(if $(TEST_FUZZ),-fsanitize=fuzzer-no-link -DTEST_FUZZ) CFLAGS_COVERAGE=$(if $(TEST_COVERAGE),-fprofile-arcs -ftest-coverage \ -DTEST_COVERAGE,) CFLAGS_DEFINE=-DOUTDIR=$(out)/$(BLD) -DCHIP=$(CHIP) -DBOARD_TASKFILE=$(_tsk_lst_file) \ @@ -108,7 +109,8 @@ LDFLAGS=-nostdlib -g -Wl,-X -Wl,--gc-sections -Wl,--build-id=none \ BUILD_LDFLAGS=$(LIBFTDI_LDLIBS) HOST_TEST_LDFLAGS=-Wl,-T core/host/host_exe.lds -lrt -pthread -rdynamic -lm\ $(if $(TEST_COVERAGE),-fprofile-arcs,) \ - $(if $(TEST_ASAN), -fsanitize=address) + $(if $(TEST_ASAN), -fsanitize=address) \ + $(if $(TEST_FUZZ), -fsanitize=fuzzer) # utility function to provide overridable defaults # $1: name of variable to set |