Add metadata to modules in test/vts-testcase/fuzz am: b9c7c40a32 am: d23de70987
am: 6dc0500ce1
Change-Id: I9d3ff5a6c1c34995ab53002edfe2cb7a6280f1fe
diff --git a/OWNERS b/OWNERS
new file mode 100644
index 0000000..344e715
--- /dev/null
+++ b/OWNERS
@@ -0,0 +1,2 @@
+trong@google.com
+yim@google.com
diff --git a/func_fuzzer/automotive/Android.bp b/func_fuzzer/automotive/Android.bp
index b77a8d7..f39ccaa 100644
--- a/func_fuzzer/automotive/Android.bp
+++ b/func_fuzzer/automotive/Android.bp
@@ -3,5 +3,4 @@
subdirs = [
"evs/V1_0",
"vehicle/V2_0",
- "vehicle/V2_1",
]
diff --git a/func_fuzzer/automotive/vehicle/V2_1/Android.bp b/func_fuzzer/automotive/vehicle/V2_1/Android.bp
deleted file mode 100644
index 3e32f88..0000000
--- a/func_fuzzer/automotive/vehicle/V2_1/Android.bp
+++ /dev/null
@@ -1,35 +0,0 @@
-// This file was auto-generated by test/vts-testcase/fuzz/script/update_makefiles.py.
-// Do not edit manually.
-genrule {
- name: "android.hardware.automotive.vehicle@2.1-vts.func_fuzzer.Vehicle_genc++",
- tools: ["hidl-gen", "vtsc"],
- cmd: "$(location hidl-gen) -o $(genDir) -Lvts -randroid.hardware:hardware/interfaces -randroid.hidl:system/libhidl/transport android.hardware.automotive.vehicle@2.1 && $(location vtsc) -mFUZZER -tSOURCE -b$(genDir) android/hardware/automotive/vehicle/2.1/ $(genDir)/android/hardware/automotive/vehicle/2.1/",
- srcs: [
- ":android.hardware.automotive.vehicle@2.1_hal",
- ],
- out: [
- "android/hardware/automotive/vehicle/2.1/Vehicle.vts.cpp",
- ],
-}
-
-cc_binary {
- name: "android.hardware.automotive.vehicle@2.1-vts.func_fuzzer.Vehicle",
- defaults: ["func_fuzzer_defaults"],
- srcs: [":android.hardware.automotive.vehicle@2.1-vts.func_fuzzer.Vehicle_genc++"],
- shared_libs: [
- "android.hardware.automotive.vehicle@2.1",
- "libcutils",
- "liblog",
- "libutils",
- "libhidlbase",
- "libhidltransport",
- "libhwbinder",
- "libhardware",
- "libvts_func_fuzzer_utils",
- ],
- cflags: [
- "-Wno-unused-parameter",
- "-fno-omit-frame-pointer",
- ],
-}
-
diff --git a/iface_fuzzer/ProtoFuzzerMain.cpp b/iface_fuzzer/ProtoFuzzerMain.cpp
index a9babbc..6b79192 100644
--- a/iface_fuzzer/ProtoFuzzerMain.cpp
+++ b/iface_fuzzer/ProtoFuzzerMain.cpp
@@ -16,7 +16,6 @@
#include "ProtoFuzzerMutator.h"
-#include "specification_parser/InterfaceSpecificationParser.h"
#include "test/vts/proto/ComponentSpecificationMessage.pb.h"
#include <unistd.h>
@@ -84,14 +83,13 @@
extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size,
size_t max_size, unsigned int seed) {
ExecSpec exec_spec{};
- if (!exec_spec.ParseFromArray(data, size)) {
+ if (!FromArray(data, size, &exec_spec)) {
exec_spec =
mutator->RandomGen(runner->GetOpenedIfaces(), params.exec_size_);
} else {
mutator->Mutate(runner->GetOpenedIfaces(), &exec_spec);
}
- exec_spec.SerializeToArray(data, exec_spec.ByteSize());
- return exec_spec.ByteSize();
+ return ToArray(data, size, &exec_spec);
}
// TODO(trong): implement a meaningful cross-over mechanism.
@@ -104,9 +102,9 @@
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
- ExecSpec exec_spec;
- if (!exec_spec.ParseFromArray(data, size) ||
- exec_spec.function_call_size() == 0) {
+ ExecSpec exec_spec{};
+ if (!FromArray(data, size, &exec_spec)) {
+ cerr << "Failed to deserialize an ExecSpec." << endl;
return 0;
}
runner->Execute(exec_spec);
diff --git a/iface_fuzzer/ProtoFuzzerRunner.cpp b/iface_fuzzer/ProtoFuzzerRunner.cpp
index eb8deb1..dddefb9 100644
--- a/iface_fuzzer/ProtoFuzzerRunner.cpp
+++ b/iface_fuzzer/ProtoFuzzerRunner.cpp
@@ -93,7 +93,7 @@
return function;
}
-static void GetService(FuzzerBase *hal, string service_name, bool binder_mode) {
+static void GetService(DriverBase *hal, string service_name, bool binder_mode) {
// For fuzzing, only passthrough mode provides coverage.
// If binder mode is not requested, attempt to open HAL in passthrough mode.
// If the attempt fails, fall back to binder mode.
@@ -116,24 +116,24 @@
}
}
-FuzzerBase *ProtoFuzzerRunner::LoadInterface(const CompSpec &comp_spec,
+DriverBase *ProtoFuzzerRunner::LoadInterface(const CompSpec &comp_spec,
uint64_t hidl_service = 0) {
- FuzzerBase *hal;
+ DriverBase *hal;
const char *error;
// Clear dlerror().
dlerror();
- // FuzzerBase can be constructed with or without an argument.
- // Using different FuzzerBase constructors requires dlsym'ing different
+ // DriverBase can be constructed with or without an argument.
+ // Using different DriverBase constructors requires dlsym'ing different
// symbols from the driver library.
string function_name = GetFunctionNamePrefix(comp_spec);
if (hidl_service) {
function_name += "with_arg";
- using loader_func = FuzzerBase *(*)(uint64_t);
+ using loader_func = DriverBase *(*)(uint64_t);
auto hal_loader = (loader_func)Dlsym(driver_handle_, function_name.c_str());
hal = hal_loader(hidl_service);
} else {
- using loader_func = FuzzerBase *(*)();
+ using loader_func = DriverBase *(*)();
auto hal_loader = (loader_func)Dlsym(driver_handle_, function_name.c_str());
hal = hal_loader();
}
@@ -155,7 +155,7 @@
string driver_name = GetDriverName(*comp_spec);
driver_handle_ = Dlopen(driver_name);
- std::shared_ptr<FuzzerBase> hal{LoadInterface(*comp_spec)};
+ std::shared_ptr<DriverBase> hal{LoadInterface(*comp_spec)};
string service_name = GetServiceName(*comp_spec);
cerr << "HAL name: " << comp_spec->package() << endl
<< "Interface name: " << comp_spec->component_name() << endl
@@ -172,6 +172,7 @@
void ProtoFuzzerRunner::Execute(const ExecSpec &exec_spec) {
for (const auto &func_call : exec_spec.function_call()) {
+ cout << func_call.DebugString() << endl;
Execute(func_call);
}
}
@@ -185,7 +186,6 @@
cerr << "Interface is not open: " << iface_name << endl;
exit(1);
}
- cout << func_call.DebugString() << endl;
FuncSpec result{};
iface_desc->second.hal_->CallFunction(func_spec, "", &result);
@@ -209,7 +209,7 @@
string iface_name = StripNamespace(type);
const CompSpec *comp_spec = FindCompSpec(iface_name);
- std::shared_ptr<FuzzerBase> hal{LoadInterface(*comp_spec, hidl_service)};
+ std::shared_ptr<DriverBase> hal{LoadInterface(*comp_spec, hidl_service)};
// Register this interface as opened by the runner.
opened_ifaces_[iface_name] = {
diff --git a/iface_fuzzer/ProtoFuzzerUtils.cpp b/iface_fuzzer/ProtoFuzzerUtils.cpp
index 44f8c9d..6dbdb0a 100644
--- a/iface_fuzzer/ProtoFuzzerUtils.cpp
+++ b/iface_fuzzer/ProtoFuzzerUtils.cpp
@@ -21,7 +21,6 @@
#include <algorithm>
#include <sstream>
-#include "specification_parser/InterfaceSpecificationParser.h"
#include "utils/InterfaceSpecUtil.h"
using std::cout;
@@ -95,7 +94,7 @@
cout << "Loading: " << vts_spec_name << endl;
string vts_spec_path = dir_path + "/" + vts_spec_name;
CompSpec comp_spec{};
- InterfaceSpecificationParser::parse(vts_spec_path.c_str(), &comp_spec);
+ ParseInterfaceSpec(vts_spec_path.c_str(), &comp_spec);
TrimCompSpec(&comp_spec);
result.emplace_back(std::move(comp_spec));
}
@@ -156,6 +155,19 @@
return predefined_types;
}
+bool FromArray(const uint8_t *data, size_t size, ExecSpec *exec_spec) {
+ // TODO(b/63136690): Use checksum to validate exec_spec more reliably.
+ return exec_spec->ParseFromArray(data, size) && exec_spec->has_valid() &&
+ exec_spec->valid();
+}
+
+size_t ToArray(uint8_t *data, size_t size, ExecSpec *exec_spec) {
+ exec_spec->set_valid(true);
+ size_t exec_size = exec_spec->ByteSize();
+ exec_spec->SerializeToArray(data, exec_size);
+ return exec_size;
+}
+
} // namespace fuzzer
} // namespace vts
} // namespace android
diff --git a/iface_fuzzer/include/ProtoFuzzerRunner.h b/iface_fuzzer/include/ProtoFuzzerRunner.h
index 124b2b9..179b059 100644
--- a/iface_fuzzer/include/ProtoFuzzerRunner.h
+++ b/iface_fuzzer/include/ProtoFuzzerRunner.h
@@ -30,7 +30,7 @@
// VTS spec of the interface.
const CompSpec *comp_spec_;
// Handle to an interface instance.
- std::shared_ptr<FuzzerBase> hal_;
+ std::shared_ptr<DriverBase> hal_;
};
using IfaceDescTbl = std::unordered_map<std::string, IfaceDesc>;
@@ -58,7 +58,7 @@
void ProcessReturnValue(const FuncSpec &result);
// Loads the interface corresponding to the given VTS spec. Interface is
// constructed with the given argument.
- FuzzerBase *LoadInterface(const CompSpec &, uint64_t);
+ DriverBase *LoadInterface(const CompSpec &, uint64_t);
// Keeps track of opened interfaces.
IfaceDescTbl opened_ifaces_;
diff --git a/iface_fuzzer/include/ProtoFuzzerUtils.h b/iface_fuzzer/include/ProtoFuzzerUtils.h
index 9f37401..85af37f 100644
--- a/iface_fuzzer/include/ProtoFuzzerUtils.h
+++ b/iface_fuzzer/include/ProtoFuzzerUtils.h
@@ -23,7 +23,7 @@
#include <unordered_map>
#include <vector>
-#include "fuzz_tester/FuzzerBase.h"
+#include "driver_base/DriverBase.h"
#include "test/vts/proto/ExecutionSpecificationMessage.pb.h"
namespace android {
@@ -88,6 +88,13 @@
std::unordered_map<std::string, TypeSpec> ExtractPredefinedTypes(
const std::vector<CompSpec> &);
+// Serializes ExecSpec into byte form and writes it to buffer. Returns number of
+// written bytes.
+size_t ToArray(uint8_t *, size_t, ExecSpec *);
+
+// Deserializes given buffer to an ExecSpec. Returns true on success.
+bool FromArray(const uint8_t *, size_t, ExecSpec *);
+
} // namespace fuzzer
} // namespace vts
} // namespace android