initial public release

src/agent/script/linux/libfuzzer-coverage/coverage_cmd.py

@@ -0,0 +1,52 @@
+#!/usr/bin/env python
+#
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+import gdb
+from typing import List, Tuple, Dict
+import os
+
+
+def get_symbol_addresses(symbol: str) -> List[int]:
+    raw = gdb.execute("info variables %s" % symbol, False, True)
+    addresses = [int(x.split(" ")[0], 0) for x in raw.split("\n") if x.startswith("0x")]
+    return addresses
+
+
+def get_filename(addr: int) -> str:
+    path = gdb.execute("info symbol %d" % addr, False, True).split(" ")[-1].strip()
+    return os.path.basename(path)
+
+
+def get_tables() -> Dict[str, Tuple[int, int]]:
+    starts = get_symbol_addresses("__start___sancov_cntrs")
+    stops = get_symbol_addresses("__stop___sancov_cntrs")
+    if len(starts) != len(stops):
+        raise Exception("start and stop sancov cntrs do not match")
+    tables = {get_filename(x): (x, y - x) for (x, y) in zip(starts, stops)}
+    return tables
+
+
+class CoverageCommand(gdb.Command):
+    def __init__(self):
+        super(self.__class__, self).__init__("coverage", gdb.COMMAND_DATA)
+
+    def invoke(self, arg, _):
+        argv = gdb.string_to_argv(arg)
+        (exe, test_input, result_path) = argv
+
+        gdb.execute("file {}".format(exe))
+        gdb.Breakpoint("exit")
+        gdb.execute("r {} 2>&1 >/dev/null".format(test_input))
+
+        tables = get_tables()
+
+        for (module, (addr, length)) in tables.items():
+            mem = gdb.selected_inferior().read_memory(addr, length)
+
+            with open(os.path.join(result_path, module + ".cov"), "wb") as handle:
+                handle.write(mem)
+
+
+CoverageCommand()

src/agent/script/linux/libfuzzer-coverage/merge-coverage

@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+import os
+import sys
+
+
+def main():
+    total_coverage_path = sys.argv[1]
+    new_coverage_path = sys.argv[2]
+
+    with open(total_coverage_path, 'rb') as f:
+        total_coverage = f.read()
+
+    with open(new_coverage_path, 'rb') as f:
+        new_coverage = f.read()
+
+    updated_total_coverage = bytes(max(a, b) for a, b in zip(total_coverage, new_coverage))
+
+    with open(total_coverage_path, 'wb') as f:
+        f.write(updated_total_coverage)
+
+
+if __name__ == '__main__':
+    main()

src/agent/script/linux/libfuzzer-coverage/record-coverage

@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+import os
+from subprocess import run, DEVNULL
+import sys
+
+
+SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
+GDB_COVERAGE_SCRIPT = os.path.join(SCRIPT_DIR, 'coverage_cmd.py')
+
+
+def main():
+    exe = sys.argv[1]
+    test_input = sys.argv[2]
+    out_dir = sys.argv[3]
+
+    script_cmd = 'coverage {} {} {}'.format(exe, test_input, out_dir)
+    args = ['gdb', '-nh', '-batch', '-x', GDB_COVERAGE_SCRIPT, '-ex', script_cmd]
+    run(args, check=True, stdout=DEVNULL, stderr=DEVNULL)
+
+
+if __name__ == '__main__':
+    main()

src/agent/script/linux/libfuzzer-coverage/show-coverage

@@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+import sys
+
+
+def main():
+    coverage_path = sys.argv[1]
+
+    with open(coverage_path, 'rb') as f:
+        coverage = f.read()
+
+    size = len(coverage)
+    count = sum(map(lambda b: int(bool(b)), coverage))
+
+    print('{} / {}'.format(count, size))
+    print('{} %'.format(count / size * 100))
+
+
+if __name__ == '__main__':
+    main()