Add coverage dump in istunbul/nyc format

Author: Yevgeny Pats

.gitignore

@@ -2,4 +2,7 @@
 node_modules
 build
 crash-*
-corpus/*
+corpus/*
+coverage
+.nyc_output
+

README.md

@@ -109,6 +109,16 @@ jsfuzz tries to mimic some of the arguments and output style from [libFuzzer](ht
 More fuzz targets examples (for real and popular libraries) are located under the examples directory and
 bugs that were found using those targets are listed in the trophies section.
 
+### Coverage
+
+Coverage in Istanbul/NYC format is written to .nyc_output/out.json It can be viewer with `nyc` cli. For example:
+
+```bash
+nyc report --reporter=html --exclude-node-modules=false
+```
+
+This will save the html report to `coverage` directory
+
 ## Other languages
 
 Currently this library is also ported to python via [pythonfuzz](https://github.com/fuzzitdev/jsfuzz)

examples/csv/fuzz.js

@@ -1,8 +1,16 @@
 const parse = require('csv-parse/lib/sync');
 
+function isASCII(str) {
+    return /^[\x00-\x7F]*$/.test(str);
+}
+
 function fuzz(buf) {
+    const str = buf.toString();
+    if (!isASCII(str)) {
+        return
+    }
     try {
-        parse(buf.toString());
+        parse(str);
     } catch (e) {
         // Those are "valid" exceptions. we can't catch them in one line as
         // jpeg-js doesn't export/inherit from one exception class/style.

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "jsfuzz",
-  "version": "1.0.10",
+  "version": "1.0.11",
   "description": "Coverage Guided Javascript Fuzzer",
   "main": "build/src/index.js",
   "types": "build/src/inde.d.ts",

package.json

@@ -8,6 +8,10 @@ import {BuildVerse, Verse} from "./versifier";
 const crypto = require('crypto');
 const util = require('util');
 const pidusage = require('pidusage');
+process.on('SIGINT', function() {
+    // ignore sigint as this propagates to worker as well.
+    console.log('Received SIGINT. shutting down gracefully');
+});
 
 
 export class Fuzzer {
@@ -144,10 +148,11 @@ export class Fuzzer {
         });
 
         this.worker.on('exit', (code, signal) => {
-            if (signal) {
+            if (signal && code !== 0) {
                 console.log('Worker killed');
                 this.writeCrash(buf);
             }
+            console.log('Worker exited');
             this.clearIntervals();
         });
 

src/fuzzer.ts

@@ -1,8 +1,14 @@
+const fs = require('fs');
 import * as path from "path";
 import {ManageMessageType, ManagerMessage, WorkerMessageType} from "./protocol";
 
 const {createInstrumenter} = require('istanbul-lib-instrument');
 const {hookRequire} = require('istanbul-lib-hook');
+let sigint = false;
+process.on('SIGINT', function() {
+    console.log('Received SIGINT. shutting down gracefully');
+    sigint = true;
+});
 
 class Worker {
     private readonly fn: (buf: Buffer) => void;
@@ -37,11 +43,23 @@ class Worker {
         return total
     }
 
+    dump_coverage() {
+        // @ts-ignore
+        const data = JSON.stringify(global["__coverage__"]);
+        if (!fs.existsSync('./.nyc_output')){
+            fs.mkdirSync('./.nyc_output');
+        }
+        fs.writeFileSync('./.nyc_output/cov.json', data);
+    }
 
     start() {
         process.on('message', async (m: ManagerMessage) => {
             try {
                 if (m.type === ManageMessageType.WORK) {
+                    if (sigint) {
+                        this.dump_coverage();
+                        process.exit(0);
+                    }
                     if (this.fn.constructor.name === 'AsyncFunction') {
                         // @ts-ignore
                         await this.fn(Buffer.from(m.buf.data));
@@ -59,6 +77,7 @@ class Worker {
             } catch (e) {
                 console.log("=================================================================");
                 console.log(e);
+                this.dump_coverage();
                 // @ts-ignore
                 process.send({
                     type: WorkerMessageType.CRASH,