Home
last modified time | relevance | path

Searched full:fuzzer (Results 1 – 25 of 727) sorted by relevance

12345678910>>...30

/third_party/icu/docs/processes/
Dfuzzer_targets.md6 Developing Fuzzer Targets for ICU APIs
9 This documents describes how to develop a [fuzzer](https://opensource.google.com/projects/oss-fuzz)
14 Fuzzer targets are exclusively in directory
15 [`source/test/fuzzer/`](https://github.com/unicode-org/icu/tree/main/icu4c/source/test/fuzzer)
16 and end with `_fuzzer.cpp`. Only files with such ending are recognized and executed as fuzzer
19 ### General structure of a fuzzer target
21 As a minimum, a fuzzer target contains the function
30 This function is expected and invoked by the fuzzer system. The `data` parameter contains the
31 fuzzer-controlled data of size `size` bytes. Part or all of this data is then passed into the
34 Fuzzer target
[all …]
/third_party/skia/third_party/externals/harfbuzz/test/fuzzing/
DMakefile.am20 run-shape-fuzzer-tests.py \
21 run-subset-fuzzer-tests.py \
22 run-draw-fuzzer-tests.py \
28 hb-shape-fuzzer \
29 hb-subset-fuzzer \
30 hb-set-fuzzer \
31 hb-draw-fuzzer \
41 hb-fuzzer.hh \
42 hb-shape-fuzzer.cc \
50 hb-fuzzer.hh \
[all …]
Dmeson.build2 'hb-shape-fuzzer.cc',
3 'hb-subset-fuzzer.cc',
4 'hb-set-fuzzer.cc',
5 'hb-draw-fuzzer.cc',
35 test('shape_fuzzer', find_program('run-shape-fuzzer-tests.py'),
46 test('subset_fuzzer', find_program('run-subset-fuzzer-tests.py'),
58 test('draw_fuzzer', find_program('run-draw-fuzzer-tests.py'),
/third_party/openssl/fuzz/
DREADME.md15 Install `clang`, which [ships with `libfuzzer`](http://llvm.org/docs/LibFuzzer.html#fuzzer-usage)
23 `/usr/lib/llvm-7/lib/clang/7.0.1/lib/linux/libclang_rt.fuzzer-x86_64.a`.
26 --with-fuzzer-lib=$PATH_TO_LIBFUZZER \
29 -fsanitize=fuzzer-no-link \
43 fuzz/helper.py $FUZZER
45 where $FUZZER is one of the executables in `fuzz/`.
49 `fuzz/corpora/$FUZZER-crash/`.
59 a `--with-fuzzer-include` option, which should be the parent directory of the
60 prebuilt fuzzer library. This is represented as `$PATH_TO_LIBFUZZER_DIR` below.
63 --with-fuzzer-include=$PATH_TO_LIBFUZZER_DIR \
[all …]
Dhelper.py12 fuzzer.py <fuzzer> <extra fuzzer arguments>
19 FUZZER = sys.argv[1] variable
24 FUZZER_DIR = os.path.abspath(os.path.join(CORPORA_DIR, FUZZER))
42 _create(FUZZER)
43 _create(FUZZER + "-crash")
44 _add(FUZZER + "-seed")
46 cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))] + sys.argv[2:]
/third_party/skia/third_party/externals/spirv-tools/source/fuzz/
Dfuzzer.h37 // running a number of randomized fuzzer passes.
38 class Fuzzer {
40 // Possible statuses that can result from running the fuzzer.
58 Fuzzer(std::unique_ptr<opt::IRContext> ir_context,
69 Fuzzer(const Fuzzer&) = delete;
70 Fuzzer(Fuzzer&&) = delete;
71 Fuzzer& operator=(const Fuzzer&) = delete;
72 Fuzzer& operator=(Fuzzer&&) = delete;
74 ~Fuzzer();
76 // Transforms |ir_context_| by running a number of randomized fuzzer passes.
[all …]
/third_party/spirv-tools/source/fuzz/
Dfuzzer.h37 // running a number of randomized fuzzer passes.
38 class Fuzzer {
40 // Possible statuses that can result from running the fuzzer.
58 Fuzzer(std::unique_ptr<opt::IRContext> ir_context,
69 Fuzzer(const Fuzzer&) = delete;
70 Fuzzer(Fuzzer&&) = delete;
71 Fuzzer& operator=(const Fuzzer&) = delete;
72 Fuzzer& operator=(Fuzzer&&) = delete;
74 ~Fuzzer();
76 // Transforms |ir_context_| by running a number of randomized fuzzer passes.
[all …]
/third_party/skia/third_party/externals/swiftshader/third_party/SPIRV-Tools/source/fuzz/
Dfuzzer.h37 // running a number of randomized fuzzer passes.
38 class Fuzzer {
40 // Possible statuses that can result from running the fuzzer.
58 Fuzzer(std::unique_ptr<opt::IRContext> ir_context,
69 Fuzzer(const Fuzzer&) = delete;
70 Fuzzer(Fuzzer&&) = delete;
71 Fuzzer& operator=(const Fuzzer&) = delete;
72 Fuzzer& operator=(Fuzzer&&) = delete;
74 ~Fuzzer();
76 // Transforms |ir_context_| by running a number of randomized fuzzer passes.
[all …]
/third_party/skia/third_party/externals/tint/fuzzers/
Dtint_all_transforms_fuzzer.cc28 fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv); in LLVMFuzzerTestOneInput() local
29 fuzzer.SetTransformManager(tb.manager(), tb.data_map()); in LLVMFuzzerTestOneInput()
30 fuzzer.SetDumpInput(GetCliParams().dump_input); in LLVMFuzzerTestOneInput()
32 fuzzer.Run(data, size); in LLVMFuzzerTestOneInput()
40 fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kHLSL); in LLVMFuzzerTestOneInput() local
41 fuzzer.SetTransformManager(tb.manager(), tb.data_map()); in LLVMFuzzerTestOneInput()
42 fuzzer.SetDumpInput(GetCliParams().dump_input); in LLVMFuzzerTestOneInput()
44 fuzzer.Run(data, size); in LLVMFuzzerTestOneInput()
53 fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kMSL); in LLVMFuzzerTestOneInput() local
54 fuzzer.SetTransformManager(tb.manager(), tb.data_map()); in LLVMFuzzerTestOneInput()
[all …]
Dtint_black_box_fuzz_target.cc132 tint::fuzzers::CommonFuzzer fuzzer(tint::fuzzers::InputFormat::kWGSL, in main() local
134 return fuzzer.Run(data.data(), data.size()); in main()
139 tint::fuzzers::CommonFuzzer fuzzer(tint::fuzzers::InputFormat::kWGSL, in main() local
141 fuzzer.SetOptionsMsl(options); in main()
142 return fuzzer.Run(data.data(), data.size()); in main()
147 tint::fuzzers::CommonFuzzer fuzzer(tint::fuzzers::InputFormat::kWGSL, in main() local
149 fuzzer.SetOptionsSpirv(options); in main()
150 return fuzzer.Run(data.data(), data.size()); in main()
153 tint::fuzzers::CommonFuzzer fuzzer(tint::fuzzers::InputFormat::kWGSL, in main() local
155 return fuzzer.Run(data.data(), data.size()); in main()
[all …]
/third_party/skia/fuzz/
DREADME.md3 randomly, focusing on specific APIs). For example, we have a codec fuzzer which takes a mutated
4 png/jpeg or similar file and attempts to turn it into an `SkImage`. We also have a canvas fuzzer
9 that contains all fuzzers and is a convenient way to reproduce fuzzer-reported bugs. There are also
10 single fuzzer executables containing exactly one fuzzer, which are convenient to build with
28 When enabling a fuzzer in OSS-Fuzz, we typically need to follow these steps:
29 1. *Add a seed corpus to `gs://skia-fuzzer/oss-fuzz/` (in the
30 …[skia-public project](https://console.cloud.google.com/storage/browser/skia-fuzzer?project=skia-pu…
37 to build the desired fuzzer target and move it into $OUT. If there is a seed corpus, move
38 it into $OUT and make sure it is the same name as the fuzzer executable with `_seed_corpus.zip`
53 <https://oss-fuzz.com/fuzzer-stats> is useful to see metrics on how our fuzzers are running. It
[all …]
/third_party/skia/m133/fuzz/
DREADME.md3 randomly, focusing on specific APIs). For example, we have a codec fuzzer which takes a mutated
4 png/jpeg or similar file and attempts to turn it into an `SkImage`. We also have a canvas fuzzer
9 that contains all fuzzers and is a convenient way to reproduce fuzzer-reported bugs. There are also
10 single fuzzer executables containing exactly one fuzzer, which are convenient to build with
28 When enabling a fuzzer in OSS-Fuzz, we typically need to follow these steps:
29 1. *Add a seed corpus to `gs://skia-fuzzer/oss-fuzz/` (in the
30 …[skia-public project](https://console.cloud.google.com/storage/browser/skia-fuzzer?project=skia-pu…
37 to build the desired fuzzer target and move it into $OUT. If there is a seed corpus, move
38 it into $OUT and make sure it is the same name as the fuzzer executable with `_seed_corpus.zip`
53 <https://oss-fuzz.com/fuzzer-stats> is useful to see metrics on how our fuzzers are running. It
[all …]
/third_party/json/tests/thirdparty/Fuzzer/
DFuzzerLoop.cpp1 //===- FuzzerLoop.cpp - Fuzzer's main loop --------------------------------===//
9 // Fuzzer's main loop.
40 namespace fuzzer { namespace
43 thread_local bool Fuzzer::IsMyThread;
58 // Only one Fuzzer per process.
59 static Fuzzer *F;
61 void Fuzzer::ResetEdgeCoverage() { in ResetEdgeCoverage()
66 void Fuzzer::ResetCounters() { in ResetCounters()
71 void Fuzzer::PrepareCounters(Fuzzer::Coverage *C) { in PrepareCounters()
80 bool Fuzzer::RecordMaxCoverage(Fuzzer::Coverage *C) { in RecordMaxCoverage()
[all …]
DFuzzerUtilWindows.cpp27 namespace fuzzer { namespace
37 Fuzzer::StaticCrashSignalCallback(); in ExceptionHandler()
42 Fuzzer::StaticCrashSignalCallback(); in ExceptionHandler()
47 Fuzzer::StaticCrashSignalCallback(); in ExceptionHandler()
59 Fuzzer::StaticCrashSignalCallback(); in ExceptionHandler()
69 Fuzzer::StaticInterruptCallback(); in CtrlHandler()
73 Fuzzer::StaticInterruptCallback(); in CtrlHandler()
80 Fuzzer::StaticAlarmCallback(); in AlarmHandler()
110 static void CrashHandler(int) { Fuzzer::StaticCrashSignalCallback(); } in CrashHandler()
180 } // namespace fuzzer
/third_party/skia/third_party/externals/libwebp/
D.gitignore47 tests/fuzzer/advanced_api_fuzzer
48 tests/fuzzer/animation_api_fuzzer
49 tests/fuzzer/animdecoder_fuzzer
50 tests/fuzzer/animencoder_fuzzer
51 tests/fuzzer/demux_api_fuzzer
52 tests/fuzzer/enc_dec_fuzzer
53 tests/fuzzer/mux_demux_api_fuzzer
54 tests/fuzzer/simple_api_fuzzer
/third_party/skia/m133/third_party/externals/libwebp/
D.gitignore49 tests/fuzzer/advanced_api_fuzzer
50 tests/fuzzer/animation_api_fuzzer
51 tests/fuzzer/animdecoder_fuzzer
52 tests/fuzzer/animencoder_fuzzer
53 tests/fuzzer/demux_api_fuzzer
54 tests/fuzzer/enc_dec_fuzzer
55 tests/fuzzer/mux_demux_api_fuzzer
56 tests/fuzzer/simple_api_fuzzer
/third_party/skia/m133/third_party/externals/harfbuzz/test/fuzzing/
Dmeson.build2 'hb-shape-fuzzer.cc',
3 'hb-subset-fuzzer.cc',
4 'hb-set-fuzzer.cc',
5 'hb-draw-fuzzer.cc',
9 tests += 'hb-repacker-fuzzer.cc'
43 test('shape_fuzzer', find_program('run-shape-fuzzer-tests.py'),
54 test('subset_fuzzer', find_program('run-subset-fuzzer-tests.py'),
67 test('repacker_fuzzer', find_program('run-repacker-fuzzer-tests.py'),
80 test('draw_fuzzer', find_program('run-draw-fuzzer-tests.py'),
/third_party/skia/third_party/externals/dawn/infra/config/global/
Dmain.star197 def get_default_properties(os, clang, debug, cpu, fuzzer):
205 fuzzer: is this builder running the fuzzers
218 if fuzzer:
233 def add_ci_builder(name, os, clang, debug, cpu, fuzzer):
242 fuzzer: is this builder running the fuzzers
246 properties_ci = get_default_properties(os, clang, debug, cpu, fuzzer)
248 if fuzzer:
251 if not fuzzer:
265 def add_try_builder(name, os, clang, debug, cpu, fuzzer):
274 fuzzer: is this builder running the fuzzers
[all …]
/third_party/skia/third_party/externals/tint/fuzzers/tint_spirv_tools_fuzzer/
Dspirv_fuzz_mutator.h25 #include "source/fuzz/fuzzer.h"
37 /// the `spvtools::fuzz::Fuzzer` class.
45 /// @param enable_all_passes - whether to use all fuzzer passes.
47 /// next fuzzer pass.
49 /// each fuzzer pass.
53 /// threshold in the spvtools::fuzz::Fuzzer is reached (see the doc for
73 // applied in batches by fuzzer passes (see docs for the
74 // `spvtools::fuzz::Fuzzer` for more info).
77 // The errors produced by the `spvtools::fuzz::Fuzzer`.
79 std::unique_ptr<spvtools::fuzz::Fuzzer> fuzzer_;
Dspirv_fuzz_mutator.cc55 fuzzer_ = std::make_unique<spvtools::fuzz::Fuzzer>( in SpirvFuzzMutator()
67 case spvtools::fuzz::Fuzzer::Status::kComplete: in Mutate()
69 case spvtools::fuzz::Fuzzer::Status::kModuleTooBig: in Mutate()
70 case spvtools::fuzz::Fuzzer::Status::kTransformationLimitReached: in Mutate()
72 case spvtools::fuzz::Fuzzer::Status::kFuzzerStuck: in Mutate()
74 case spvtools::fuzz::Fuzzer::Status::kFuzzerPassLedToInvalidModule: in Mutate()
100 std::ofstream(prefix + ".fuzzer.log") << "seed: " << seed_ << std::endl in LogErrors()
104 util::WriteBinary(prefix + ".fuzzer.invalid.spv", GetBinary()); in LogErrors()
107 util::WriteBinary(prefix + ".fuzzer.original.spv", original_binary_); in LogErrors()
115 std::ofstream(prefix + ".fuzzer.transformations.json") << json << std::endl; in LogErrors()
[all …]
/third_party/skia/site/docs/dev/testing/
Dfuzz.md48 Your fuzzer entry point should implement this API:
56 You should now be able to use `-fsanitize=fuzzer` with Clang.
62 sanitize = "fuzzer"
63 extra_cflags = [ "-DSK_BUILD_FOR_LIBFUZZER", # enables fuzzer-constraints (see below)
68 Build Skia and your fuzzer entry point:
71 clang++-10 -I. -O1 -fsanitize=fuzzer fuzz/oss_fuzz/whatever.cpp out/libfuzzer/libskia.a
73 Run your new fuzzer binary
79 There are some defines that can help guide a fuzzer to be more productive (e.g.
/third_party/skia/m133/site/docs/dev/testing/
Dfuzz.md48 Your fuzzer entry point should implement this API:
56 You should now be able to use `-fsanitize=fuzzer` with Clang.
62 sanitize = "fuzzer"
63 extra_cflags = [ "-DSK_BUILD_FOR_LIBFUZZER", # enables fuzzer-constraints (see below)
68 Build Skia and your fuzzer entry point:
71 clang++-10 -I. -O1 -fsanitize=fuzzer fuzz/oss_fuzz/whatever.cpp out/libfuzzer/libskia.a
73 Run your new fuzzer binary
79 There are some defines that can help guide a fuzzer to be more productive (e.g.
/third_party/json/tests/
DMakefile12 FUZZER_ENGINE = src/fuzzer-driver_afl.cpp
17 $(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_json.cpp -o $@
20 $(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_bson.cpp -o $@
23 $(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_cbor.cpp -o $@
26 $(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_msgpack.cpp -o $@
29 $(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_ubjson.cpp -o $@
32 $(CXX) $(CXXFLAGS) $(CPPFLAGS) $(FUZZER_ENGINE) src/fuzzer-parse_bjdata.cpp -o $@
Dfuzzing.md31 To use libFuzzer, you need to pass `-fsanitize=fuzzer` as `FUZZER_ENGINE`. In the `tests` directory…
34 make fuzzers FUZZER_ENGINE="-fsanitize=fuzzer"
45 make fuzzers FUZZER_ENGINE="-fsanitize=fuzzer" CXX=$(brew --prefix llvm)/bin/clang
54 The fuzzer should be able to run indefinitely without crashing. In case of a crash, the tested inpu…
59 To use afl++, you need to pass `-fsanitize=fuzzer` as `FUZZER_ENGINE`. It will be replaced by a `li…
63 CXX=afl-clang-fast++ make fuzzers FUZZER_ENGINE="-fsanitize=fuzzer"
66 Then the fuzzer is called like this in the `tests` directory:
72 The fuzzer should be able to run indefinitely without crashing. In case of a crash, the tested inpu…
/third_party/skia/resources/sksl/
Dupdate_fuzzer.py10 # You will need to be given access to the Google Storage fuzzer repo (at
11 # gs://skia-fuzzer/oss-fuzz/) by the Skia Infra team.
33 # Exclude files that won't be useful fuzzer inputs.
54 'gs://skia-fuzzer/oss-fuzz/sksl_seed_corpus.zip'],
59 'gs://skia-fuzzer/oss-fuzz/sksl_with_256_padding_seed_corpus.zip'],
65 'gs://skia-fuzzer/oss-fuzz/sksl_seed_corpus.zip'],
70 'gs://skia-fuzzer/oss-fuzz/sksl_with_256_padding_seed_corpus.zip'],
75 print("### Unable to upload fuzzer corpus to Google Cloud:")

12345678910>>...30