# Collecting Source Coverage using Analysis Tasks
The `generic_analysis` task can be used to perform a user-defined analysis of a target executable for every test input from some storage container.
Running an application compiled with [LLVM's source-based code coverage](https://clang.llvm.org/docs/SourceBasedCodeCoverage.html) with each input can be used to generate source based coverage information.
This example demonstrates using `generic_analysis` and the LLVM source coverage tools to provide source-based coverage on every input for a job. For more information, see [Custom Analysis Tasks](../../../../docs/custom-analysis.md)
* [source-coverage-libfuzzer.py](source-coverage-libfuzzer.py): A wrapper that will launch a standard `libfuzzer basic` job *with* a source-based coverage task. (used below)
* [source-coverage.py](source-coverage.py): A wrapper that will launch a new job comprised of a source-based coverage task
* [setup](setup): a basic libFuzzer target that builds with and without source coverage enabled
* [tools/source-coverage.sh](tools/source-coverage.sh): a script that wraps `llvm-profdata` and `llvm-cov` to perform the source analysis
This example generates the following data in the `analysis` container:
* inputs/`SHA256_OF_INPUT`.profraw: the "raw" coverage data for each input analyzed
* coverage.profdata: The merged coverage data using `llvm-profdata`
* coverage.report: The `JSON` report of the merged coverage data provided by `llvm-cov export`
* coverage.lcov : The `lcov` report of the merged coverage data provided by `llvm-cov export --format lcov`
```
❯ # build our libfuzzer
❯ cd setup/
❯ ls
Makefile simple.c
❯ make
clang -g3 -fsanitize=fuzzer -fsanitize=address simple.c -o fuzz.exe
clang -g3 -fsanitize=fuzzer -fprofile-instr-generate -fcoverage-mapping simple.c -o fuzz-coverage.exe
❯ cd ..
❯ # submit our basic job with an additional analysis task
❯ ./source-coverage-libfuzzer.py setup/ setup/fuzz.exe ./setup/fuzz-coverage.exe coverage-example 1 1 linux-1 ./tools/
INFO:onefuzz:creating libfuzzer from template
INFO:onefuzz:creating job (runtime: 24 hours)
INFO:onefuzz:created job: 61bc5c7c-d24f-4ebc-9bac-bec8fe040ade
INFO:onefuzz:using container: oft-setup-d1100b49a03c5a9483f140cee0676b87
INFO:onefuzz:using container: oft-inputs-6f3b76e7e841532bb7714375f564d483
INFO:onefuzz:using container: oft-crashes-6f3b76e7e841532bb7714375f564d483
INFO:onefuzz:using container: oft-reports-6f3b76e7e841532bb7714375f564d483
INFO:onefuzz:using container: oft-unique-reports-6f3b76e7e841532bb7714375f564d483
INFO:onefuzz:using container: oft-unique-inputs-6f3b76e7e841532bb7714375f564d483
INFO:onefuzz:using container: oft-no-repro-6f3b76e7e841532bb7714375f564d483
INFO:onefuzz:using container: oft-coverage-d1100b49a03c5a9483f140cee0676b87
INFO:onefuzz:using container: oft-regression-reports-06bdcba10b5f5e45bdb38ed924856426
INFO:onefuzz:uploading setup dir `setup/`
INFO:onefuzz:creating libfuzzer_regression task
INFO:onefuzz:creating libfuzzer task
INFO:onefuzz:creating coverage task
INFO:onefuzz:creating libfuzzer_crash_report task
INFO:onefuzz:done creating tasks
INFO:onefuzz:using container: oft-setup-d1100b49a03c5a9483f140cee0676b87
INFO:onefuzz:using container: oft-analysis-6f3b76e7e841532bb7714375f564d483
INFO:onefuzz:using container: oft-inputs-6f3b76e7e841532bb7714375f564d483
INFO:onefuzz:using container: oft-tools-6f3b76e7e841532bb7714375f564d483
INFO:onefuzz:Creating generic_analysis task
job:{
"timestamp": null,
"job_id": "61bc5c7c-d24f-4ebc-9bac-bec8fe040ade",
"state": "init",
"config": {
"project": "coverage-example",
"name": "1",
"build": "1",
"duration": 24
},
"error": null,
"end_time": null,
"task_info": null,
"user_info": {
"application_id": "00000000-0000-0000-0000-000000000000",
"object_id": "00000000-0000-0000-0000-000000000000",
"upn": "example@contoso.com"
}
}
❯ # a little while later, check on the status of our job
❯ onefuzz
job: 61bc5c7c-d24f-4ebc-9bac-bec8fe040ade
project:coverage-example name:1 build:1
tasks:
50e1b076 target:fuzz-coverage.exe state:running type:generic_analysis
63880445 target:fuzz.exe state:stopped type:libfuzzer_regression
77fb6177 target:fuzz.exe state:running type:coverage
a8e3338c target:fuzz.exe state:running type:libfuzzer_crash_report
aae7ba1b target:fuzz.exe state:running type:libfuzzer_fuzz
containers:
setup count:4 name:oft-setup-d1100b49a03c5a9483f140cee0676b87
analysis count:14 name:oft-analysis-6f3b76e7e841532bb7714375f564d483
tools count:1 name:oft-tools-6f3b76e7e841532bb7714375f564d483
crashes count:11 name:oft-inputs-6f3b76e7e841532bb7714375f564d483
crashes count:4 name:oft-crashes-6f3b76e7e841532bb7714375f564d483
unique_reports count:3 name:oft-unique-reports-6f3b76e7e841532bb7714375f564d483
regression_reports count:0 name:oft-regression-reports-06bdcba10b5f5e45bdb38ed924856426
coverage count:1 name:oft-coverage-d1100b49a03c5a9483f140cee0676b87
readonly_inputs count:11 name:oft-inputs-6f3b76e7e841532bb7714375f564d483
reports count:4 name:oft-reports-6f3b76e7e841532bb7714375f564d483
no_repro count:0 name:oft-no-repro-6f3b76e7e841532bb7714375f564d483
inputs count:11 name:oft-inputs-6f3b76e7e841532bb7714375f564d483
❯ # lets check on the results of the analysis thus far
❯ onefuzz containers files list oft-analysis-6f3b76e7e841532bb7714375f564d483
{
"files": [
"coverage.lcov",
"coverage.profdata",
"coverage.report",
"inputs/06a7e66b4ddb9d43b9007e20f351c8076a2f5c5c13ec6d683e1307eeee472f7a.profraw",
"inputs/075de2b906dbd7066da008cab735bee896370154603579a50122f9b88545bd45.profraw",
"inputs/0fc4f9bfb1e6850b77e130904c0d5f8d0bfabe9a658efee7c4c41ad0015bff22.profraw",
"inputs/15dab3cc1c78958bc8c6d959cf708c2062e8327d3db873c2629b243c7e1a1759.profraw",
"inputs/3ebe1b59762a1c8020c1efe3747dd07f0e30617ed60b4e6a5bee16b6ea421dd0.profraw",
"inputs/594e519ae499312b29433b7dd8a97ff068defcba9755b6d5d00e84c524d67b06.profraw",
"inputs/75558b9c2275acb05f57066ce1199be864c7affffece0b952edac02e785bbc9f.profraw",
"inputs/bc9b8634ef85180578a9b501c901ce394ccd9087096fa4f298e4fc3752e60804.profraw",
"inputs/c6b27b6743b120d83d5cc1d37b0f51acddcb69ff544763e7552efb7b575bac38.profraw",
"inputs/c8bc644c4ddaaeafdb76142b72577e1f923b6797d87d254025f2fdf2b8225540.profraw",
"inputs/e5e1b99e66064d2e9414a37158465eb4fdc1a8120b9fa8e10e9301b5fc25bc98.profraw"
]
}
❯ # this parses the report and checks that it's an coverage json report as we expect
❯ 1f containers files get oft-analysis-6f3b76e7e841532bb7714375f564d483 coverage.report | jq .type
"llvm.coverage.json.export"
❯ # now let's inspect the merged lcov file
❯ 1f containers files get oft-analysis-6f3b76e7e841532bb7714375f564d483 coverage.lcov |head -n 10
SF:/home/USERNAME/onefuzz/src/cli/examples/llvm-source-coverage/setup/simple.c
FN:8,LLVMFuzzerTestOneInput
FNDA:6,LLVMFuzzerTestOneInput
FNF:1
FNH:1
DA:8,6
DA:9,6
DA:10,6
DA:11,6
DA:12,1
❯
```
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
OneFuzz 是微软开源的一个自托管的模糊测试服务(Fuzzing-As-A-Service)平台。Project OneFuzz 使开发人员驱动的模糊测试能够主动进行 在发布之前强化软件。用单 命令,可以烘焙到 CICD,开发者可以启动 模糊作业从几个虚拟机到数千个核心。
资源推荐
资源详情
资源评论
收起资源包目录
OneFuzz 是微软开源的一个自托管的模糊测试服务(Fuzzing-As-A-Service)平台 (1242个子文件)
azuredeploy.bicep 7KB
operational-insights.bicep 4KB
storageAccounts.bicep 3KB
feature-flags.bicep 3KB
function.bicep 3KB
function-settings-disabled-apps.bicep 2KB
function-settings.bicep 2KB
autoscale-settings.bicep 2KB
event-grid.bicep 1KB
signalR.bicep 743B
server-farms.bicep 570B
simple.c 2KB
fuzz.c 1KB
bad2.c 1KB
bad1.c 1KB
simple.c 1KB
fuzz.c 1KB
bad.c 1KB
bad.c 1KB
main.c 867B
main.c 847B
fuzz.c 675B
fuzz.c 482B
simple.c 425B
main.c 303B
launching-job.cast 34KB
live-debugging.cast 11KB
bandit.cfg 106B
workspace.code-workspace 248B
ScalesetOperations.cs 42KB
OrmModelsTest.cs 38KB
Model.cs 34KB
Defs.cs 33KB
NodeOperations.cs 28KB
Ado.cs 25KB
VmssOperations.cs 25KB
Extension.cs 23KB
Config.cs 22KB
OrmTest.cs 20KB
JinjaToScribanMigrationTests.cs 19KB
EntityConverter.cs 18KB
JinjaTemplateAdapter.cs 18KB
AutoScale.cs 18KB
Orm.cs 15KB
Containers.cs 15KB
Log.cs 15KB
TestLogTracer.cs 15KB
VmOperations.cs 15KB
NsgOperations.cs 14KB
ReproOperations.cs 14KB
ProxyOperations.cs 14KB
TaskOperations.cs 14KB
WebhookOperations.cs 14KB
AgentEvents.cs 13KB
AgentEventsTests.cs 12KB
IpOperations.cs 12KB
NodeOperationsTestHooks.cs 12KB
ImageReference.cs 12KB
Scheduler.cs 11KB
CustomConverterFactory.cs 11KB
Events.cs 10KB
Enums.cs 10KB
Program.cs 10KB
NotificationOperations.cs 9KB
Tasks.cs 9KB
Storage.cs 9KB
Scaleset.cs 9KB
PoolOperations.cs 9KB
ApiBase.cs 9KB
Requests.cs 9KB
TemplateTests.cs 9KB
PoolTests.cs 9KB
ReproVmssTests.cs 9KB
ContainersTests.cs 8KB
Queue.cs 8KB
GithubIssues.cs 8KB
Program.cs 7KB
AgentRegistrationTests.cs 7KB
Request.cs 7KB
ImageReferenceTests.cs 7KB
RequestsTests.cs 7KB
Proxy.cs 7KB
Events.cs 7KB
TimerRetention.cs 7KB
Pool.cs 7KB
TestContext.cs 7KB
Node.cs 7KB
Creds.cs 7KB
OnefuzzContext.cs 6KB
Tasks.cs 6KB
Responses.cs 6KB
JobsTests.cs 6KB
NotificationsBase.cs 6KB
AgentRegistration.cs 6KB
ServiceConfiguration.cs 6KB
TestScaleset.cs 6KB
NodeTests.cs 6KB
Validated.cs 6KB
Webhooks.cs 6KB
Jobs.cs 6KB
共 1242 条
- 1
- 2
- 3
- 4
- 5
- 6
- 13
资源评论
Java程序员-张凯
- 粉丝: 1w+
- 资源: 6656
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功