[dev.fuzz] testing: capture coverage even if tRunner failed

Call SnapshotCoverage when the fuzzFn panics, or t.Fatal(f) is called.
We currently don't use this coverage for anything, but it is necessary
to allow the coordinator to continue when loading a corpus that contains
an input that causes crashes. We will also probably want this behavior
once we allow the fuzzer to continue after finding a crasher, since the
input used to find one crasher may be a useful input for further
mutation.

Fixes #46633

Change-Id: I40ed5440c88fa354d90a4ff4ae2bf8a19bf3254f
Reviewed-on: https://go-review.googlesource.com/c/go/+/328650
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>

diff --git a/src/testing/fuzz.go b/src/testing/fuzz.go
index b4c1ffcdd5ce4955d7ee482b9e5306966f90639e..fc1212b1424a84900441652737b117f085d9bc74 100644 (file)
--- a/src/testing/fuzz.go
+++ b/src/testing/fuzz.go
@@ -354,9 +354,13 @@ func (f *F) Fuzz(ff interface{}) {
                        for _, v := range e.Values {
                                args = append(args, reflect.ValueOf(v))
                        }
+                       // Before reseting the current coverage, defer the snapshot so that we
+                       // make sure it is called right before the tRunner function exits,
+                       // regardless of whether it was executed cleanly, panicked, or if the
+                       // fuzzFn called t.Fatal.
+                       defer f.fuzzContext.snapshotCoverage()
                        f.fuzzContext.resetCoverage()
                        fn.Call(args)
-                       f.fuzzContext.snapshotCoverage()
                })
                <-t.signal
                f.inFuzzFn = false