diff options
| author | Nicolas Boichat <drinkcat@chromium.org> | 2018-06-20 14:21:43 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-08-16 00:30:08 -0700 |
| commit | 4a4e2c71a0f6aaa50e0728922f84a7d54c14380a (patch) | |
| tree | 4bbc05387f7b479bc4a3dcb925174676f03d9356 /include | |
| parent | 165ee29673b058ba5f4550d5b6e1dfecb179bb22 (diff) | |
| download | chrome-ec-4a4e2c71a0f6aaa50e0728922f84a7d54c14380a.tar.gz | |
test: host_command_fuzz: fuzzing test
Writing fuzzing tests is a little tricky, as clang takes over the main
function. Instead, we start the test main function in a thread, and
have LLVMFuzzerTestOneInput prepare the host command buffer, and
wake the TEST_RUNNER task.
To make fuzzing faster, we only send somehow correctly formed requests,
with a valid checksum and length (this can be disabled with an option).
We also make sure that the emulator does not hibernate, reboot or jump
to a different image when fuzzing is enabled.
BRANCH=none
BUG=chromium:854975
TEST=make buildfuzztests -j
ASAN_OPTIONS="log_path=stderr" \
build/host/host_command_fuzz/host_command_fuzz.exe -timeout=5
Change-Id: I27b25e44c405f118dfc1296247479245e15e54b4
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1107523
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/system.h | 5 | ||||
| -rw-r--r-- | include/test_util.h | 5 |
2 files changed, 9 insertions, 1 deletions
diff --git a/include/system.h b/include/system.h index ef7c9f5f9b..bce8689503 100644 --- a/include/system.h +++ b/include/system.h @@ -280,7 +280,10 @@ const char *system_get_build_info(void); * * @param flags Reset flags; see SYSTEM_RESET_* above. */ -void system_reset(int flags) __attribute__((noreturn)); +#ifndef TEST_FUZZ +__attribute__((noreturn)) +#endif +void system_reset(int flags); /** * Set a scratchpad register to the specified value. diff --git a/include/test_util.h b/include/test_util.h index a1ab956359..c85986b229 100644 --- a/include/test_util.h +++ b/include/test_util.h @@ -107,6 +107,9 @@ void test_init(void); /* Test entry point */ void run_test(void); +/* Test entry point for fuzzing tests. */ +int test_fuzz_one_input(const uint8_t *data, unsigned int size); + /* Resets test error count */ void test_reset(void); @@ -144,8 +147,10 @@ void interrupt_generator_udelay(unsigned us); #ifdef EMU_BUILD void wait_for_task_started(void); +void wait_for_task_started_nosleep(void); #else static inline void wait_for_task_started(void) { } +static inline void wait_for_task_started_nosleep(void) { } #endif uint32_t prng(uint32_t seed); |