Transform some of the tests in vts_libsnapshot_test
to corpus and use them as initial corpus to
libsnapshot_fuzzer.
The corpus alone gives us 50% of line coverage in snapshot.cpp.
Test: run it
Bug: 154633114
Change-Id: I8f3bf1d76ef64d710224e24c913990692481b65e
Use protobuf because it already has all the fuzzing implemenetations.
Delete fuzz_utils.
Pros:
- Fuzzing protobuf is faster; it is easy to achieve 4K exec/s
- It is more guided; protobufs are fuzzed using mutators, and mutators
should have better knowledge of the structure of the fuzz data
- No more hand-written parsing code of the fuzz data. That code in
fuzz_utils.h is deleted.
- Corpus data can be reused even after adding new fields in the protobuf
- Corpus data is human-readable and easily manually written (it is
the text format of the protobuf)
Cons:
- The "actions" are "declared" in protobuf definition and "defined" in
C++, so there's more boilerplate to write. Adding a new "Action"
requires changes in both.
Test: run libsnapshot_fuzzer
Bug: 154633114
Change-Id: Idc2a6b2c087e370e4cfef53142a244b9b275389e
Roland Levillain
Yifan Hong