diff options
| author | Nicolas Boichat <drinkcat@chromium.org> | 2018-06-20 14:21:43 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-08-16 00:30:08 -0700 |
| commit | 4a4e2c71a0f6aaa50e0728922f84a7d54c14380a (patch) | |
| tree | 4bbc05387f7b479bc4a3dcb925174676f03d9356 /Makefile.rules | |
| parent | 165ee29673b058ba5f4550d5b6e1dfecb179bb22 (diff) | |
| download | chrome-ec-4a4e2c71a0f6aaa50e0728922f84a7d54c14380a.tar.gz | |
test: host_command_fuzz: fuzzing test
Writing fuzzing tests is a little tricky, as clang takes over the main
function. Instead, we start the test main function in a thread, and
have LLVMFuzzerTestOneInput prepare the host command buffer, and
wake the TEST_RUNNER task.
To make fuzzing faster, we only send somehow correctly formed requests,
with a valid checksum and length (this can be disabled with an option).
We also make sure that the emulator does not hibernate, reboot or jump
to a different image when fuzzing is enabled.
BRANCH=none
BUG=chromium:854975
TEST=make buildfuzztests -j
ASAN_OPTIONS="log_path=stderr" \
build/host/host_command_fuzz/host_command_fuzz.exe -timeout=5
Change-Id: I27b25e44c405f118dfc1296247479245e15e54b4
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1107523
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Diffstat (limited to 'Makefile.rules')
| -rw-r--r-- | Makefile.rules | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/Makefile.rules b/Makefile.rules index 8b9c998338..a11635b6b3 100644 --- a/Makefile.rules +++ b/Makefile.rules @@ -83,7 +83,10 @@ cmd_c_to_host = $(HOSTCC) $(HOST_CFLAGS) $(HOST_LDFLAGS) -MMD -MF $@.d -o $@ \ $(sort $(foreach c,$($(*F)-objs),util/$(c:%.o=%.c)) $(wildcard $*.c)) cmd_cxx_to_host = $(HOSTCXX) -std=c++0x $(COMMON_WARN) $(HOST_CXXFLAGS)\ -I ./$($(notdir $@)_ROOT) -o $@ $(filter %.cc,$^) $($(notdir $@)_LIBS) -cmd_host_test = ./util/run_host_test $* $(silent) +cmd_host_test = $(MAKE) --no-print-directory BOARD=host PROJECT=$* \ + V=$(V) out=build/host/$* TEST_BUILD=y EMU_BUILD=y $(TEST_FLAG) \ + CROSS_COMPILE= build/host/$*/$*.exe +cmd_run_host_test = ./util/run_host_test $* $(silent) # generate new version.h, compare if it changed and replace if so cmd_version = ./util/getversion.sh > $@.tmp && cmp -s $@.tmp $@ || mv $@.tmp $@; rm -f $@.tmp cmd_vif = $(out)/util/genvif -b $(BOARD) -o $(out) @@ -245,14 +248,10 @@ run-test-targets=$(foreach t,$(test-list-host),run-$(t)) .PHONY: $(host-test-targets) $(run-test-targets) $(host-test-targets): host-%: - @set -e ; \ - $(call echo," BUILD host - build/host/$*") \ - $(MAKE) --no-print-directory BOARD=host PROJECT=$* \ - V=$(V) out=build/host/$* TEST_BUILD=y EMU_BUILD=y $(TEST_FLAG) \ - CROSS_COMPILE= build/host/$*/$*.exe + $(call quiet,host_test,BUILD ) $(run-test-targets): run-%: host-% - $(call quiet,host_test,TEST ) + $(call quiet,run_host_test,TEST ) .PHONY: hosttests runtests hosttests: $(host-test-targets) @@ -321,6 +320,19 @@ coverage: TEST_FLAG=TEST_COVERAGE=y coverage: $(cov-test-targets) $(call quiet,report_cov,REPORT ) +# Fuzzing tests + +fuzz-test-targets=$(foreach t,$(fuzz-test-list-host),host-$(t)) + +.PHONY: $(fuzz-test-targets) + +$(fuzz-test-targets): host-%: + $(call quiet,host_test,BUILD ) + +.PHONY: buildfuzztests +buildfuzztests: TEST_FLAG=TEST_FUZZ=y TEST_ASAN=y +buildfuzztests: $(fuzz-test-targets) + $(out)/firmware_image.lds: common/firmware_image.lds.S $(call quiet,lds,LDS ) $(out)/%.lds: core/$(CORE)/ec.lds.S |