Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / skia / b7926b81301877b57c0028a4ac39377d71ca7704 / . / fuzz / Fuzz.h
blob: d753be78649f53fc01cd964307f2dc5323cea23d [file] [log] [blame]
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]1/*
2 * Copyright 2016 Google Inc.
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8#ifndef Fuzz_DEFINED
9#define Fuzz_DEFINED
10
Mike Kleinc0bd9f92019-04-23 12:05:21 -0500[diff] [blame]11#include "include/core/SkData.h"
12#include "include/core/SkImageFilter.h"
13#include "include/core/SkRegion.h"
14#include "include/core/SkTypes.h"
15#include "include/private/SkMalloc.h"
Mike Klein77d36942019-12-12 10:24:25 -0500[diff] [blame]16#include "include/private/SkTFitsIn.h"
Mike Kleinc0bd9f92019-04-23 12:05:21 -0500[diff] [blame]17#include "tools/Registry.h"
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]18
Hal Canaryc640d0d2018-06-13 09:59:02 -0400[diff] [blame]19#include <limits>
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]20#include <cmath>
Kevin Lubick2541edf2018-01-11 10:27:14 -0500[diff] [blame]21#include <signal.h>
Mike Kleinbf45c702018-06-11 11:56:57 -0400[diff] [blame]22#include <limits>
kjlubick840f12a2016-10-25 06:11:05 -0700[diff] [blame]23
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]24class Fuzz : SkNoncopyable {
25public:
Kevin Lubick2541edf2018-01-11 10:27:14 -0500[diff] [blame]26 explicit Fuzz(sk_sp<SkData> bytes) : fBytes(bytes), fNextByte(0) {}
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]27
kjlubicke5654502016-07-19 16:50:03 -0700[diff] [blame]28 // Returns the total number of "random" bytes available.
Kevin Lubick2541edf2018-01-11 10:27:14 -0500[diff] [blame]29 size_t size() { return fBytes->size(); }
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]30 // Returns if there are no bytes remaining for fuzzing.
Kevin Lubickf84ded22018-10-23 09:28:48 -0400[diff] [blame]31 bool exhausted() {
Kevin Lubick2541edf2018-01-11 10:27:14 -0500[diff] [blame]32 return fBytes->size() == fNextByte;
33 }
kjlubicke5654502016-07-19 16:50:03 -0700[diff] [blame]34
Kevin Lubickf84ded22018-10-23 09:28:48 -0400[diff] [blame]35 size_t remaining() {
36 return fBytes->size() - fNextByte;
37 }
38
39 void deplete() {
40 fNextByte = fBytes->size();
41 }
42
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]43 // next() loads fuzzed bytes into the variable passed in by pointer.
44 // We use this approach instead of T next() because different compilers
45 // evaluate function parameters in different orders. If fuzz->next()
46 // returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be
47 // foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang.
48 // By requiring params to be passed in, we avoid the temptation to call
49 // next() in a way that does not consume fuzzed bytes in a single
Yuqian Lia63d6902018-02-28 11:46:00 -0500[diff] [blame]50 // platform-independent order.
kjlubicke5654502016-07-19 16:50:03 -0700[diff] [blame]51 template <typename T>
Hal Canary6d9a51a2018-11-19 13:15:21 -0500[diff] [blame]52 void next(T* t) { this->nextBytes(t, sizeof(T)); }
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]53
54 // This is a convenient way to initialize more than one argument at a time.
55 template <typename Arg, typename... Args>
56 void next(Arg* first, Args... rest);
kjlubicke5654502016-07-19 16:50:03 -0700[diff] [blame]57
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]58 // nextRange returns values only in [min, max].
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]59 template <typename T, typename Min, typename Max>
60 void nextRange(T*, Min, Max);
61
Kevin Lubick00587e32019-06-03 11:27:16 -0400[diff] [blame]62 // nextEnum is a wrapper around nextRange for enums.
63 template <typename T>
64 void nextEnum(T* ptr, T max);
65
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]66 // nextN loads n * sizeof(T) bytes into ptr
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]67 template <typename T>
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]68 void nextN(T* ptr, int n);
kjlubick85d30172016-10-24 11:53:35 -0700[diff] [blame]69
Kevin Lubick2541edf2018-01-11 10:27:14 -0500[diff] [blame]70 void signalBug(){
71 // Tell the fuzzer that these inputs found a bug.
72 SkDebugf("Signal bug\n");
73 raise(SIGSEGV);
74 }
mtkleina1159422016-01-15 05:46:54 -0800[diff] [blame]75
Kevin Lubickbc9a1a82018-09-17 14:46:57 -0400[diff] [blame]76 // Specialized versions for when true random doesn't quite make sense
77 void next(bool* b);
78 void next(SkImageFilter::CropRect* cropRect);
79 void next(SkRegion* region);
80
81 void nextRange(float* f, float min, float max);
82
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]83private:
mtkleina1159422016-01-15 05:46:54 -0800[diff] [blame]84 template <typename T>
85 T nextT();
86
bungemanffae30d2016-08-03 13:32:32 -0700[diff] [blame]87 sk_sp<SkData> fBytes;
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]88 size_t fNextByte;
Kevin Lubicke4be55d2018-03-30 15:05:13 -0400[diff] [blame]89 friend void fuzz__MakeEncoderCorpus(Fuzz*);
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]90
Hal Canary6d9a51a2018-11-19 13:15:21 -0500[diff] [blame]91 void nextBytes(void* ptr, size_t size);
92};
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]93
94template <typename Arg, typename... Args>
95inline void Fuzz::next(Arg* first, Args... rest) {
96 this->next(first);
97 this->next(rest...);
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]98}
99
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]100template <typename T, typename Min, typename Max>
Mike Kleinf88f5ef2018-11-19 12:21:46 -0500[diff] [blame]101inline void Fuzz::nextRange(T* value, Min min, Max max) {
Mike Klein77d36942019-12-12 10:24:25 -0500[diff] [blame]102 // UBSAN worries if we make an enum with out of range values, even temporarily.
103 using Raw = typename sk_strip_enum<T>::type;
104 Raw raw;
105 this->next(&raw);
106
107 if (raw < (Raw)min) { raw = (Raw)min; }
108 if (raw > (Raw)max) { raw = (Raw)max; }
109 *value = (T)raw;
Kevin Lubickbc9a1a82018-09-17 14:46:57 -0400[diff] [blame]110}
111
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]112template <typename T>
Kevin Lubick00587e32019-06-03 11:27:16 -0400[diff] [blame]113inline void Fuzz::nextEnum(T* value, T max) {
114 // This works around the fact that UBSAN will assert if we put an invalid
115 // value into an enum. We might see issues with enums being represented
116 // on Windows differently than Linux, but that's not a thing we can fix here.
117 using U = typename std::underlying_type<T>::type;
118 U v;
119 this->next(&v);
120 if (v < (U)0) { *value = (T)0; return;}
121 if (v > (U)max) { *value = (T)max; return;}
122 *value = (T)v;
123}
124
125template <typename T>
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]126inline void Fuzz::nextN(T* ptr, int n) {
127 for (int i = 0; i < n; i++) {
128 this->next(ptr+i);
129 }
kjlubicke5654502016-07-19 16:50:03 -0700[diff] [blame]130}
131
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]132struct Fuzzable {
133 const char* name;
134 void (*fn)(Fuzz*);
135};
136
Kevin Lubickdb1e5c62018-02-27 08:30:43 -0500[diff] [blame]137// Not static so that we can link these into oss-fuzz harnesses if we like.
Mike Reedab273fa2017-01-11 13:58:55 -0500[diff] [blame]138#define DEF_FUZZ(name, f) \
Kevin Lubickdb1e5c62018-02-27 08:30:43 -0500[diff] [blame]139 void fuzz_##name(Fuzz*); \
Mike Reedab273fa2017-01-11 13:58:55 -0500[diff] [blame]140 sk_tools::Registry<Fuzzable> register_##name({#name, fuzz_##name}); \
Kevin Lubickdb1e5c62018-02-27 08:30:43 -0500[diff] [blame]141 void fuzz_##name(Fuzz* f)
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]142
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]143#endif//Fuzz_DEFINED