FuzzTest into Chromium
FuzzTest is a new fuzzing/property testing framework created elsewhere
in Google and open sourced. It increasingly subsumes the "centipede"
fuzzing engine which we already use in Chromium, but its main purpose is
to allow simple declarations of fuzzers within existing unit tests:
FUZZ_TEST(SomePreExistingFunction); // that's it, best case
This CL builds FuzzTest in Chromium and includes an example fuzzer of
how it can be used.
We are led to believe that the ease of adding FUZZ_TESTS has greatly
increased fuzzer production in other parts of Google, so we would like
to get the same benefits.
Tests built using FuzzTest can operate in a variety of modes, as
described in the BUILD.gn for fuzztest. One of those modes is
responsible for the most complex part of this change - a new gn
argument, "enable_fuzztest_fuzz". This is because unit tests built using
fuzztest can do a limited type of fuzzing even without any fuzzing
engines being enabled - this is a new capability for Chromium and
therefore it doesn't fit within any of our existing gn arguments, which
each pertain to a particular fuzzing engine (use_libfuzzer,
use_centipede, use_afl etc.) Specifically, without this gn argument,
a unit test can support:
./my_test # runs fuzzing for one second
With "enable_fuzztest_fuzz", additionally this option is supported:
./my_test --fuzz=0 # runs fuzzing indefinitely using coverage
# guidance
Adding a new gn argument is not ideal as it adds more permutations
to our build matrix which we need to test. This CL therefore enables
this option by default for sanitizer, Linux builds. At present it's
only enabled for non-component builds, which may not result in this
actually being built on any current builder, but there's a TODO to
fix this.
Bug: 1494445
Change-Id: I70ba4e7bb77ca0a4f03a5d261418ea4d949cad53
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4939211
Reviewed-by: Pâris Meuleman <pmeuleman@chromium.org>
Commit-Queue: Adrian Taylor <adetaylor@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1214823}
NOKEYCHECK=True
GitOrigin-RevId: ec394c127957147a0a15d901276517b27a1df8d1
1 file changed