trusty: Write out sancov file when fuzzer exits
Add emission of sancov file when CoverageRecord is destroyed. This
will occur when a fuzzer driver exits cleanly, i.e. -runs=0 with an
existing corpus.
Test: make trusty_gatekeeper_fuzzer
Test: adb shell ./trusty_gatekeeper_fuzzer -runs=0 corpus
Bug: 175221942
Change-Id: I6bd1c8b2f2091e894c35f7a4874b54577a91c8fc
diff --git a/trusty/coverage/coverage.cpp b/trusty/coverage/coverage.cpp
index ff2bcaa..185abe5 100644
--- a/trusty/coverage/coverage.cpp
+++ b/trusty/coverage/coverage.cpp
@@ -21,6 +21,7 @@
#include <android-base/logging.h>
#include <android-base/unique_fd.h>
#include <assert.h>
+#include <log/log.h>
#include <stdio.h>
#include <sys/mman.h>
#include <sys/uio.h>
@@ -38,6 +39,7 @@
using android::base::ErrnoError;
using android::base::Error;
using std::string;
+using std::unique_ptr;
static inline uintptr_t RoundPageUp(uintptr_t val) {
return (val + (PAGE_SIZE - 1)) & ~(PAGE_SIZE - 1);
@@ -47,12 +49,29 @@
: tipc_dev_(std::move(tipc_dev)),
coverage_srv_fd_(-1),
uuid_(*uuid),
+ sancov_filename_(),
+ record_len_(0),
+ shm_(NULL),
+ shm_len_(0) {}
+
+CoverageRecord::CoverageRecord(string tipc_dev, struct uuid* uuid, string sancov_filename)
+ : tipc_dev_(std::move(tipc_dev)),
+ coverage_srv_fd_(-1),
+ uuid_(*uuid),
+ sancov_filename_(sancov_filename),
record_len_(0),
shm_(NULL),
shm_len_(0) {}
CoverageRecord::~CoverageRecord() {
if (shm_) {
+ if (sancov_filename_) {
+ auto res = SaveSancovFile(*sancov_filename_);
+ if (!res.ok()) {
+ ALOGE("Could not write sancov file for module: %s\n", sancov_filename_->c_str());
+ }
+ }
+
munmap((void*)shm_, shm_len_);
}
}
diff --git a/trusty/coverage/include/trusty/coverage/coverage.h b/trusty/coverage/include/trusty/coverage/coverage.h
index b6d46eb..ed723f6 100644
--- a/trusty/coverage/include/trusty/coverage/coverage.h
+++ b/trusty/coverage/include/trusty/coverage/coverage.h
@@ -16,6 +16,7 @@
#pragma once
+#include <optional>
#include <string>
#include <android-base/result.h>
@@ -32,7 +33,18 @@
class CoverageRecord {
public:
+ /**
+ * Create a coverage record interface. Coverage will not be written to a
+ * sancov output file on completion.
+ */
CoverageRecord(std::string tipc_dev, struct uuid* uuid);
+
+ /**
+ * Create a coverage record interface. On destruction, write this coverage
+ * to the given sancov filename.
+ */
+ CoverageRecord(std::string tipc_dev, struct uuid* uuid, std::string sancov_filename);
+
~CoverageRecord();
Result<void> Open();
void ResetFullRecord();
@@ -58,6 +70,7 @@
std::string tipc_dev_;
unique_fd coverage_srv_fd_;
struct uuid uuid_;
+ std::optional<std::string> sancov_filename_;
size_t record_len_;
volatile void* shm_;
size_t shm_len_;