Blame - fuzz/Fuzz.h - platform/external/skqp

blob: 294bbdfe0105c9e928558193dad88439eccfe203 [file] [log] [blame]

mtklein	65e5824	2016-01-13 12:57:57 -0800	[diff] [blame]	1	/*
				2	* Copyright 2016 Google Inc.
				3	*
				4	* Use of this source code is governed by a BSD-style license that can be
				5	* found in the LICENSE file.
				6	*/
				7
				8	#ifndef Fuzz_DEFINED
				9	#define Fuzz_DEFINED
				10
Hal Canary	fdcfb8b	2018-06-13 09:42:32 -0400	[diff] [blame]	11	#include "../tools/Registry.h"
Hal Canary	c640d0d	2018-06-13 09:59:02 -0400	[diff] [blame]	12	#include "SkData.h"
Kevin Lubick	bc9a1a8	2018-09-17 14:46:57 -0400	[diff] [blame]	13	#include "SkImageFilter.h"
Herb Derby	b549cc3	2017-03-27 13:35:15 -0400	[diff] [blame]	14	#include "SkMalloc.h"
Kevin Lubick	bc9a1a8	2018-09-17 14:46:57 -0400	[diff] [blame]	15	#include "SkRegion.h"
mtklein	65e5824	2016-01-13 12:57:57 -0800	[diff] [blame]	16	#include "SkTypes.h"
mtklein	65e5824	2016-01-13 12:57:57 -0800	[diff] [blame]	17
Hal Canary	c640d0d	2018-06-13 09:59:02 -0400	[diff] [blame]	18	#include <limits>
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	19	#include <cmath>
Kevin Lubick	2541edf	2018-01-11 10:27:14 -0500	[diff] [blame]	20	#include <signal.h>
Mike Klein	bf45c70	2018-06-11 11:56:57 -0400	[diff] [blame]	21	#include <limits>
kjlubick	840f12a	2016-10-25 06:11:05 -0700	[diff] [blame]	22
mtklein	65e5824	2016-01-13 12:57:57 -0800	[diff] [blame]	23	class Fuzz : SkNoncopyable {
				24	public:
Kevin Lubick	2541edf	2018-01-11 10:27:14 -0500	[diff] [blame]	25	explicit Fuzz(sk_sp<SkData> bytes) : fBytes(bytes), fNextByte(0) {}
mtklein	65e5824	2016-01-13 12:57:57 -0800	[diff] [blame]	26
kjlubick	e565450	2016-07-19 16:50:03 -0700	[diff] [blame]	27	// Returns the total number of "random" bytes available.
Kevin Lubick	2541edf	2018-01-11 10:27:14 -0500	[diff] [blame]	28	size_t size() { return fBytes->size(); }
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	29	// Returns if there are no bytes remaining for fuzzing.
Kevin Lubick	f84ded2	2018-10-23 09:28:48 -0400	[diff] [blame]	30	bool exhausted() {
Kevin Lubick	2541edf	2018-01-11 10:27:14 -0500	[diff] [blame]	31	return fBytes->size() == fNextByte;
				32	}
kjlubick	e565450	2016-07-19 16:50:03 -0700	[diff] [blame]	33
Kevin Lubick	f84ded2	2018-10-23 09:28:48 -0400	[diff] [blame]	34	size_t remaining() {
				35	return fBytes->size() - fNextByte;
				36	}
				37
				38	void deplete() {
				39	fNextByte = fBytes->size();
				40	}
				41
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	42	// next() loads fuzzed bytes into the variable passed in by pointer.
				43	// We use this approach instead of T next() because different compilers
				44	// evaluate function parameters in different orders. If fuzz->next()
				45	// returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be
				46	// foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang.
				47	// By requiring params to be passed in, we avoid the temptation to call
				48	// next() in a way that does not consume fuzzed bytes in a single
Yuqian Li	a63d690	2018-02-28 11:46:00 -0500	[diff] [blame]	49	// platform-independent order.
kjlubick	e565450	2016-07-19 16:50:03 -0700	[diff] [blame]	50	template <typename T>
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	51	void next(T* t);
				52
				53	// This is a convenient way to initialize more than one argument at a time.
				54	template <typename Arg, typename... Args>
				55	void next(Arg* first, Args... rest);
kjlubick	e565450	2016-07-19 16:50:03 -0700	[diff] [blame]	56
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	57	// nextRange returns values only in [min, max].
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	58	template <typename T, typename Min, typename Max>
				59	void nextRange(T*, Min, Max);
				60
Kevin Lubick	bc9a1a8	2018-09-17 14:46:57 -0400	[diff] [blame]	61	// Explicit version of nextRange for enums.
				62	// Again, values are in [min, max].
				63	template <typename T, typename Min, typename Max>
				64	void nextEnum(T*, Min, Max);
				65
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	66	// nextN loads n * sizeof(T) bytes into ptr
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	67	template <typename T>
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	68	void nextN(T* ptr, int n);
kjlubick	85d3017	2016-10-24 11:53:35 -0700	[diff] [blame]	69
Kevin Lubick	2541edf	2018-01-11 10:27:14 -0500	[diff] [blame]	70	void signalBug(){
				71	// Tell the fuzzer that these inputs found a bug.
				72	SkDebugf("Signal bug\n");
				73	raise(SIGSEGV);
				74	}
mtklein	a115942	2016-01-15 05:46:54 -0800	[diff] [blame]	75
Kevin Lubick	bc9a1a8	2018-09-17 14:46:57 -0400	[diff] [blame]	76	// Specialized versions for when true random doesn't quite make sense
				77	void next(bool* b);
				78	void next(SkImageFilter::CropRect* cropRect);
				79	void next(SkRegion* region);
				80
				81	void nextRange(float* f, float min, float max);
				82
mtklein	65e5824	2016-01-13 12:57:57 -0800	[diff] [blame]	83	private:
mtklein	a115942	2016-01-15 05:46:54 -0800	[diff] [blame]	84	template <typename T>
				85	T nextT();
				86
bungeman	ffae30d	2016-08-03 13:32:32 -0700	[diff] [blame]	87	sk_sp<SkData> fBytes;
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	88	size_t fNextByte;
Kevin Lubick	e4be55d	2018-03-30 15:05:13 -0400	[diff] [blame]	89	friend void fuzz__MakeEncoderCorpus(Fuzz*);
mtklein	65e5824	2016-01-13 12:57:57 -0800	[diff] [blame]	90	};
				91
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	92	template <typename T>
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	93	inline void Fuzz::next(T* n) {
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	94	if ((fNextByte + sizeof(T)) > fBytes->size()) {
Hal Canary	24ac42b	2017-02-14 13:35:14 -0500	[diff] [blame]	95	sk_bzero(n, sizeof(T));
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	96	memcpy(n, fBytes->bytes() + fNextByte, fBytes->size() - fNextByte);
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	97	fNextByte = fBytes->size();
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	98	return;
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	99	}
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	100	memcpy(n, fBytes->bytes() + fNextByte, sizeof(T));
kjlubick	e565450	2016-07-19 16:50:03 -0700	[diff] [blame]	101	fNextByte += sizeof(T);
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	102	}
				103
				104	template <typename Arg, typename... Args>
				105	inline void Fuzz::next(Arg* first, Args... rest) {
				106	this->next(first);
				107	this->next(rest...);
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	108	}
				109
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	110	template <typename T, typename Min, typename Max>
				111	inline void Fuzz::nextRange(T* n, Min min, Max max) {
				112	this->next<T>(n);
Kevin Lubick	d104266	2016-11-29 11:25:52 -0500	[diff] [blame]	113	if (min == max) {
				114	*n = min;
				115	return;
				116	}
				117	if (min > max) {
Kevin Lubick	c9f0cc8	2016-11-15 16:07:02 -0500	[diff] [blame]	118	// Avoid misuse of nextRange
Kevin Lubick	1991f55	2018-02-27 10:59:10 -0500	[diff] [blame]	119	SkDebugf("min > max (%d > %d) \n", min, max);
Kevin Lubick	c9f0cc8	2016-11-15 16:07:02 -0500	[diff] [blame]	120	this->signalBug();
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	121	}
Kevin Lubick	c9f0cc8	2016-11-15 16:07:02 -0500	[diff] [blame]	122	if (*n < 0) { // Handle negatives
				123	if (*n != std::numeric_limits<T>::lowest()) {
				124	n = -1;
				125	}
				126	else {
				127	*n = std::numeric_limits<T>::max();
				128	}
				129	}
				130	n = min + (n % ((size_t)max - min + 1));
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	131	}
				132
Kevin Lubick	bc9a1a8	2018-09-17 14:46:57 -0400	[diff] [blame]	133	template <typename T, typename Min, typename Max>
				134	inline void Fuzz::nextEnum(T* value, Min rmin, Max rmax) {
Kevin Lubick	6d3cb2a	2018-11-07 12:49:49 -0500	[diff] [blame]	135	using U = skstd::underlying_type_t<T>;
				136	this->nextRange((U*)value, (U)rmin, (U)rmax);
Kevin Lubick	bc9a1a8	2018-09-17 14:46:57 -0400	[diff] [blame]	137	}
				138
Kevin Lubick	2f535ce	2016-11-01 15:01:12 -0400	[diff] [blame]	139	template <typename T>
Kevin Lubick	416b248	2016-11-10 16:17:49 -0500	[diff] [blame]	140	inline void Fuzz::nextN(T* ptr, int n) {
				141	for (int i = 0; i < n; i++) {
				142	this->next(ptr+i);
				143	}
kjlubick	e565450	2016-07-19 16:50:03 -0700	[diff] [blame]	144	}
				145
mtklein	65e5824	2016-01-13 12:57:57 -0800	[diff] [blame]	146	struct Fuzzable {
				147	const char* name;
				148	void (fn)(Fuzz);
				149	};
				150
Kevin Lubick	db1e5c6	2018-02-27 08:30:43 -0500	[diff] [blame]	151	// Not static so that we can link these into oss-fuzz harnesses if we like.
Mike Reed	ab273fa	2017-01-11 13:58:55 -0500	[diff] [blame]	152	#define DEF_FUZZ(name, f) \
Kevin Lubick	db1e5c6	2018-02-27 08:30:43 -0500	[diff] [blame]	153	void fuzz_##name(Fuzz*); \
Mike Reed	ab273fa	2017-01-11 13:58:55 -0500	[diff] [blame]	154	sk_tools::Registry<Fuzzable> register_##name({#name, fuzz_##name}); \
Kevin Lubick	db1e5c6	2018-02-27 08:30:43 -0500	[diff] [blame]	155	void fuzz_##name(Fuzz* f)
mtklein	65e5824	2016-01-13 12:57:57 -0800	[diff] [blame]	156
mtklein	65e5824	2016-01-13 12:57:57 -0800	[diff] [blame]	157	#endif//Fuzz_DEFINED