Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / skia / c845272b4e97bde892ebeefeeae0b04c96cd230f / . / fuzz / Fuzz.h
blob: 4456a13642b005c97e34fffdbcd030dd15672021 [file] [log] [blame]
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]1/*
2 * Copyright 2016 Google Inc.
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8#ifndef Fuzz_DEFINED
9#define Fuzz_DEFINED
10
Mike Kleinc0bd9f92019-04-23 12:05:21 -0500[diff] [blame]11#include "include/core/SkData.h"
12#include "include/core/SkImageFilter.h"
13#include "include/core/SkRegion.h"
14#include "include/core/SkTypes.h"
15#include "include/private/SkMalloc.h"
Mike Klein77d36942019-12-12 10:24:25 -0500[diff] [blame]16#include "include/private/SkTFitsIn.h"
Mike Kleinc0bd9f92019-04-23 12:05:21 -0500[diff] [blame]17#include "tools/Registry.h"
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]18
Hal Canaryc640d0d2018-06-13 09:59:02 -0400[diff] [blame]19#include <limits>
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]20#include <cmath>
Kevin Lubick2541edf2018-01-11 10:27:14 -0500[diff] [blame]21#include <signal.h>
Mike Kleinbf45c702018-06-11 11:56:57 -0400[diff] [blame]22#include <limits>
kjlubick840f12a2016-10-25 06:11:05 -0700[diff] [blame]23
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]24class Fuzz : SkNoncopyable {
25public:
Kevin Lubick2541edf2018-01-11 10:27:14 -0500[diff] [blame]26 explicit Fuzz(sk_sp<SkData> bytes) : fBytes(bytes), fNextByte(0) {}
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]27
kjlubicke5654502016-07-19 16:50:03 -0700[diff] [blame]28 // Returns the total number of "random" bytes available.
Kevin Lubick2541edf2018-01-11 10:27:14 -0500[diff] [blame]29 size_t size() { return fBytes->size(); }
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]30 // Returns if there are no bytes remaining for fuzzing.
Kevin Lubickf84ded22018-10-23 09:28:48 -0400[diff] [blame]31 bool exhausted() {
Kevin Lubick2541edf2018-01-11 10:27:14 -0500[diff] [blame]32 return fBytes->size() == fNextByte;
33 }
kjlubicke5654502016-07-19 16:50:03 -0700[diff] [blame]34
Kevin Lubickf84ded22018-10-23 09:28:48 -0400[diff] [blame]35 size_t remaining() {
36 return fBytes->size() - fNextByte;
37 }
38
39 void deplete() {
40 fNextByte = fBytes->size();
41 }
42
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]43 // next() loads fuzzed bytes into the variable passed in by pointer.
44 // We use this approach instead of T next() because different compilers
45 // evaluate function parameters in different orders. If fuzz->next()
46 // returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be
47 // foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang.
48 // By requiring params to be passed in, we avoid the temptation to call
49 // next() in a way that does not consume fuzzed bytes in a single
Yuqian Lia63d6902018-02-28 11:46:00 -0500[diff] [blame]50 // platform-independent order.
kjlubicke5654502016-07-19 16:50:03 -0700[diff] [blame]51 template <typename T>
Hal Canary6d9a51a2018-11-19 13:15:21 -0500[diff] [blame]52 void next(T* t) { this->nextBytes(t, sizeof(T)); }
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]53
54 // This is a convenient way to initialize more than one argument at a time.
55 template <typename Arg, typename... Args>
56 void next(Arg* first, Args... rest);
kjlubicke5654502016-07-19 16:50:03 -0700[diff] [blame]57
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]58 // nextRange returns values only in [min, max].
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]59 template <typename T, typename Min, typename Max>
60 void nextRange(T*, Min, Max);
61
Kevin Lubick00587e32019-06-03 11:27:16 -0400[diff] [blame]62 // nextEnum is a wrapper around nextRange for enums.
63 template <typename T>
64 void nextEnum(T* ptr, T max);
65
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]66 // nextN loads n * sizeof(T) bytes into ptr
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]67 template <typename T>
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]68 void nextN(T* ptr, int n);
kjlubick85d30172016-10-24 11:53:35 -0700[diff] [blame]69
Kevin Lubick2541edf2018-01-11 10:27:14 -0500[diff] [blame]70 void signalBug(){
71 // Tell the fuzzer that these inputs found a bug.
72 SkDebugf("Signal bug\n");
73 raise(SIGSEGV);
74 }
mtkleina1159422016-01-15 05:46:54 -0800[diff] [blame]75
Kevin Lubickbc9a1a82018-09-17 14:46:57 -0400[diff] [blame]76 // Specialized versions for when true random doesn't quite make sense
77 void next(bool* b);
Kevin Lubickbc9a1a82018-09-17 14:46:57 -0400[diff] [blame]78 void next(SkRegion* region);
79
Mike Reed1f261da2021-07-18 10:54:25 -0400[diff] [blame]80 bool nextBool() {
81 bool b;
82 this->next(&b);
83 return b;
84 }
85
Kevin Lubickbc9a1a82018-09-17 14:46:57 -0400[diff] [blame]86 void nextRange(float* f, float min, float max);
87
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]88private:
mtkleina1159422016-01-15 05:46:54 -0800[diff] [blame]89 template <typename T>
90 T nextT();
91
bungemanffae30d2016-08-03 13:32:32 -0700[diff] [blame]92 sk_sp<SkData> fBytes;
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]93 size_t fNextByte;
Kevin Lubicke4be55d2018-03-30 15:05:13 -0400[diff] [blame]94 friend void fuzz__MakeEncoderCorpus(Fuzz*);
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]95
Hal Canary6d9a51a2018-11-19 13:15:21 -0500[diff] [blame]96 void nextBytes(void* ptr, size_t size);
97};
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]98
99template <typename Arg, typename... Args>
100inline void Fuzz::next(Arg* first, Args... rest) {
101 this->next(first);
102 this->next(rest...);
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]103}
104
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]105template <typename T, typename Min, typename Max>
Mike Kleinf88f5ef2018-11-19 12:21:46 -0500[diff] [blame]106inline void Fuzz::nextRange(T* value, Min min, Max max) {
Mike Klein77d36942019-12-12 10:24:25 -0500[diff] [blame]107 // UBSAN worries if we make an enum with out of range values, even temporarily.
108 using Raw = typename sk_strip_enum<T>::type;
109 Raw raw;
110 this->next(&raw);
111
112 if (raw < (Raw)min) { raw = (Raw)min; }
113 if (raw > (Raw)max) { raw = (Raw)max; }
114 *value = (T)raw;
Kevin Lubickbc9a1a82018-09-17 14:46:57 -0400[diff] [blame]115}
116
Kevin Lubick2f535ce2016-11-01 15:01:12 -0400[diff] [blame]117template <typename T>
Kevin Lubick00587e32019-06-03 11:27:16 -0400[diff] [blame]118inline void Fuzz::nextEnum(T* value, T max) {
119 // This works around the fact that UBSAN will assert if we put an invalid
120 // value into an enum. We might see issues with enums being represented
121 // on Windows differently than Linux, but that's not a thing we can fix here.
122 using U = typename std::underlying_type<T>::type;
123 U v;
124 this->next(&v);
125 if (v < (U)0) { *value = (T)0; return;}
126 if (v > (U)max) { *value = (T)max; return;}
127 *value = (T)v;
128}
129
130template <typename T>
Kevin Lubick416b2482016-11-10 16:17:49 -0500[diff] [blame]131inline void Fuzz::nextN(T* ptr, int n) {
132 for (int i = 0; i < n; i++) {
133 this->next(ptr+i);
134 }
kjlubicke5654502016-07-19 16:50:03 -0700[diff] [blame]135}
136
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]137struct Fuzzable {
138 const char* name;
139 void (*fn)(Fuzz*);
140};
141
Kevin Lubickdb1e5c62018-02-27 08:30:43 -0500[diff] [blame]142// Not static so that we can link these into oss-fuzz harnesses if we like.
Mike Reedab273fa2017-01-11 13:58:55 -0500[diff] [blame]143#define DEF_FUZZ(name, f) \
Kevin Lubickdb1e5c62018-02-27 08:30:43 -0500[diff] [blame]144 void fuzz_##name(Fuzz*); \
Mike Reedab273fa2017-01-11 13:58:55 -0500[diff] [blame]145 sk_tools::Registry<Fuzzable> register_##name({#name, fuzz_##name}); \
Kevin Lubickdb1e5c62018-02-27 08:30:43 -0500[diff] [blame]146 void fuzz_##name(Fuzz* f)
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]147
mtklein65e58242016-01-13 12:57:57 -0800[diff] [blame]148#endif//Fuzz_DEFINED