[infra] Golang coverage summary for each fuzz target (#2817, #2714). (#…

…4671) * Golang coverage summary for each fuzz target * Document usage of compile_go_fuzzer * update the documentation change Co-authored-by: Max Moroz <[email protected]>
google · Nov 20, 2020 · c031d50 · c031d50
1 parent ee7031c
commit c031d50
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 20 deletions.
diff --git a/docs/getting-started/new-project-guide/go_lang.md b/docs/getting-started/new-project-guide/go_lang.md
@@ -74,21 +74,18 @@ RUN go get github.com/ianlancetaylor/demangle
 In order to build a Go fuzz target, you need to call `go-fuzz`
 command first, and then link the resulting `.a` file against
 `$LIB_FUZZING_ENGINE` using the `$CXX $CXXFLAGS ...` command.
-[Example](https://github.com/google/oss-fuzz/blob/356f2b947670b7eb33a1f535c71bc5c87a60b0d1/projects/syzkaller/build.sh#L19):
 
-```sh
-function compile_fuzzer {
-  path=$1
-  function=$2
-  fuzzer=$3
-
-  # Compile and instrument all Go files relevant to this fuzz target.
-  go-fuzz -func $function -o $fuzzer.a $path
+The best way to do this is by using a `compile_go_fuzzer` script,
+as it also supports coverage builds.
 
-  # Link Go code ($fuzzer.a) with fuzzing engine to produce fuzz target binary.
-  $CXX $CXXFLAGS $LIB_FUZZING_ENGINE $fuzzer.a -o $OUT/$fuzzer
-}
+A usage example from go-dns project is
 
-compile_fuzzer ./pkg/compiler Fuzz compiler_fuzzer
-compile_fuzzer ./prog/test FuzzDeserialize prog_deserialize_fuzzer
+```sh
+compile_go_fuzzer github.com/miekg/dns FuzzNewRR fuzz_newrr fuzz
 ```
+
+Arguments are :
+* path of the package with the fuzz target
+* name of the fuzz function
+* name of the fuzzer to be built
+* optional tag to be used by `go build` and such
diff --git a/infra/base-images/base-runner/coverage b/infra/base-images/base-runner/coverage
@@ -111,6 +111,18 @@ function run_fuzz_target {
   fi
 }
 
+function run_go_fuzz_target {
+  local target=$1
+
+  cd $GOPATH/src
+  echo "Running go target $target"
+  export FUZZ_CORPUS_DIR="/corpus/${target}/"
+  export FUZZ_PROFILE_NAME="$DUMPS_DIR/$target.perf"
+  bash $OUT/$target $DUMPS_DIR/$target.profdata
+  $SYSGOPATH/bin/gocovsum $DUMPS_DIR/$target.profdata > $FUZZER_STATS_DIR/$target.json
+  cd $OUT
+}
+
 export SYSGOPATH=$GOPATH
 export GOPATH=$OUT/$GOPATH
 # Run each fuzz target, generate raw coverage dumps.
@@ -121,12 +133,7 @@ for fuzz_target in $FUZZ_TARGETS; do
     if [[ $FUZZING_ENGINE != "none" ]]; then
       grep "go test -run" $fuzz_target > /dev/null 2>&1 || continue
     fi
-    cd $GOPATH/src
-    echo "Running go target $fuzz_target"
-    export FUZZ_CORPUS_DIR="/corpus/${fuzz_target}/"
-    export FUZZ_PROFILE_NAME="$DUMPS_DIR/$fuzz_target.perf"
-    bash $OUT/$fuzz_target $DUMPS_DIR/$fuzz_target.profdata &
-    cd $OUT
+    run_go_fuzz_target $fuzz_target &
   else
     # Continue if not a fuzz target.
     if [[ $FUZZING_ENGINE != "none" ]]; then