Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / test / vts-testcase / fuzz / 8d5000d37a18c0d8e437fc52157dffd1281c5a2c^2..8d5000d37a18c0d8e437fc52157dffd1281c5a2c / .
commit8d5000d37a18c0d8e437fc52157dffd1281c5a2c[log] [tgz]
authorHsin-Yi Chen <hsinyichen@google.com>Fri Jan 26 21:36:50 2018 +0000
committerandroid-build-merger <android-build-merger@google.com>Fri Jan 26 21:36:50 2018 +0000
tree376a947ee9d12f5d6cadb01d15082fa8ee7271b9
parent1ad9a6052b3498709210320d76b056d02a904120 [diff]
parent6dc0500ce1afee2cfac5ed9cad78a56840fbdfe2 [diff]
Add metadata to modules in test/vts-testcase/fuzz am: b9c7c40a32 am: d23de70987
am: 6dc0500ce1

Change-Id: I9d3ff5a6c1c34995ab53002edfe2cb7a6280f1fe

diff --git a/OWNERS b/OWNERS
new file mode 100644
index 0000000..344e715
--- /dev/null
+++ b/OWNERS

@@ -0,0 +1,2 @@
+trong@google.com
+yim@google.com

diff --git a/func_fuzzer/automotive/Android.bp b/func_fuzzer/automotive/Android.bp
index b77a8d7..f39ccaa 100644
--- a/func_fuzzer/automotive/Android.bp
+++ b/func_fuzzer/automotive/Android.bp

@@ -3,5 +3,4 @@
 subdirs = [
     "evs/V1_0",
     "vehicle/V2_0",
-    "vehicle/V2_1",
 ]

diff --git a/func_fuzzer/automotive/vehicle/V2_1/Android.bp b/func_fuzzer/automotive/vehicle/V2_1/Android.bp
deleted file mode 100644
index 3e32f88..0000000
--- a/func_fuzzer/automotive/vehicle/V2_1/Android.bp
+++ /dev/null

@@ -1,35 +0,0 @@
-// This file was auto-generated by test/vts-testcase/fuzz/script/update_makefiles.py.
-// Do not edit manually.
-genrule {
-    name: "android.hardware.automotive.vehicle@2.1-vts.func_fuzzer.Vehicle_genc++",
-    tools: ["hidl-gen", "vtsc"],
-    cmd: "$(location hidl-gen) -o $(genDir) -Lvts -randroid.hardware:hardware/interfaces -randroid.hidl:system/libhidl/transport android.hardware.automotive.vehicle@2.1 && $(location vtsc) -mFUZZER -tSOURCE -b$(genDir) android/hardware/automotive/vehicle/2.1/ $(genDir)/android/hardware/automotive/vehicle/2.1/",
-    srcs: [
-        ":android.hardware.automotive.vehicle@2.1_hal",
-    ],
-    out: [
-        "android/hardware/automotive/vehicle/2.1/Vehicle.vts.cpp",
-    ],
-}
-
-cc_binary {
-    name: "android.hardware.automotive.vehicle@2.1-vts.func_fuzzer.Vehicle",
-    defaults: ["func_fuzzer_defaults"],
-    srcs: [":android.hardware.automotive.vehicle@2.1-vts.func_fuzzer.Vehicle_genc++"],
-    shared_libs: [
-        "android.hardware.automotive.vehicle@2.1",
-        "libcutils",
-        "liblog",
-        "libutils",
-        "libhidlbase",
-        "libhidltransport",
-        "libhwbinder",
-        "libhardware",
-        "libvts_func_fuzzer_utils",
-    ],
-    cflags: [
-        "-Wno-unused-parameter",
-        "-fno-omit-frame-pointer",
-    ],
-}
-

diff --git a/iface_fuzzer/ProtoFuzzerMain.cpp b/iface_fuzzer/ProtoFuzzerMain.cpp
index a9babbc..6b79192 100644
--- a/iface_fuzzer/ProtoFuzzerMain.cpp
+++ b/iface_fuzzer/ProtoFuzzerMain.cpp

@@ -16,7 +16,6 @@
 
 #include "ProtoFuzzerMutator.h"
 
-#include "specification_parser/InterfaceSpecificationParser.h"
 #include "test/vts/proto/ComponentSpecificationMessage.pb.h"
 
 #include <unistd.h>
@@ -84,14 +83,13 @@
 extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size,
                                           size_t max_size, unsigned int seed) {
   ExecSpec exec_spec{};
-  if (!exec_spec.ParseFromArray(data, size)) {
+  if (!FromArray(data, size, &exec_spec)) {
     exec_spec =
         mutator->RandomGen(runner->GetOpenedIfaces(), params.exec_size_);
   } else {
     mutator->Mutate(runner->GetOpenedIfaces(), &exec_spec);
   }
-  exec_spec.SerializeToArray(data, exec_spec.ByteSize());
-  return exec_spec.ByteSize();
+  return ToArray(data, size, &exec_spec);
 }
 
 // TODO(trong): implement a meaningful cross-over mechanism.
@@ -104,9 +102,9 @@
 }
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  ExecSpec exec_spec;
-  if (!exec_spec.ParseFromArray(data, size) ||
-      exec_spec.function_call_size() == 0) {
+  ExecSpec exec_spec{};
+  if (!FromArray(data, size, &exec_spec)) {
+    cerr << "Failed to deserialize an ExecSpec." << endl;
     return 0;
   }
   runner->Execute(exec_spec);

diff --git a/iface_fuzzer/ProtoFuzzerRunner.cpp b/iface_fuzzer/ProtoFuzzerRunner.cpp
index eb8deb1..dddefb9 100644
--- a/iface_fuzzer/ProtoFuzzerRunner.cpp
+++ b/iface_fuzzer/ProtoFuzzerRunner.cpp

@@ -93,7 +93,7 @@
   return function;
 }
 
-static void GetService(FuzzerBase *hal, string service_name, bool binder_mode) {
+static void GetService(DriverBase *hal, string service_name, bool binder_mode) {
   // For fuzzing, only passthrough mode provides coverage.
   // If binder mode is not requested, attempt to open HAL in passthrough mode.
   // If the attempt fails, fall back to binder mode.
@@ -116,24 +116,24 @@
   }
 }
 
-FuzzerBase *ProtoFuzzerRunner::LoadInterface(const CompSpec &comp_spec,
+DriverBase *ProtoFuzzerRunner::LoadInterface(const CompSpec &comp_spec,
                                              uint64_t hidl_service = 0) {
-  FuzzerBase *hal;
+  DriverBase *hal;
   const char *error;
   // Clear dlerror().
   dlerror();
 
-  // FuzzerBase can be constructed with or without an argument.
-  // Using different FuzzerBase constructors requires dlsym'ing different
+  // DriverBase can be constructed with or without an argument.
+  // Using different DriverBase constructors requires dlsym'ing different
   // symbols from the driver library.
   string function_name = GetFunctionNamePrefix(comp_spec);
   if (hidl_service) {
     function_name += "with_arg";
-    using loader_func = FuzzerBase *(*)(uint64_t);
+    using loader_func = DriverBase *(*)(uint64_t);
     auto hal_loader = (loader_func)Dlsym(driver_handle_, function_name.c_str());
     hal = hal_loader(hidl_service);
   } else {
-    using loader_func = FuzzerBase *(*)();
+    using loader_func = DriverBase *(*)();
     auto hal_loader = (loader_func)Dlsym(driver_handle_, function_name.c_str());
     hal = hal_loader();
   }
@@ -155,7 +155,7 @@
   string driver_name = GetDriverName(*comp_spec);
   driver_handle_ = Dlopen(driver_name);
 
-  std::shared_ptr<FuzzerBase> hal{LoadInterface(*comp_spec)};
+  std::shared_ptr<DriverBase> hal{LoadInterface(*comp_spec)};
   string service_name = GetServiceName(*comp_spec);
   cerr << "HAL name: " << comp_spec->package() << endl
        << "Interface name: " << comp_spec->component_name() << endl
@@ -172,6 +172,7 @@
 
 void ProtoFuzzerRunner::Execute(const ExecSpec &exec_spec) {
   for (const auto &func_call : exec_spec.function_call()) {
+    cout << func_call.DebugString() << endl;
     Execute(func_call);
   }
 }
@@ -185,7 +186,6 @@
     cerr << "Interface is not open: " << iface_name << endl;
     exit(1);
   }
-  cout << func_call.DebugString() << endl;
 
   FuncSpec result{};
   iface_desc->second.hal_->CallFunction(func_spec, "", &result);
@@ -209,7 +209,7 @@
       string iface_name = StripNamespace(type);
 
       const CompSpec *comp_spec = FindCompSpec(iface_name);
-      std::shared_ptr<FuzzerBase> hal{LoadInterface(*comp_spec, hidl_service)};
+      std::shared_ptr<DriverBase> hal{LoadInterface(*comp_spec, hidl_service)};
 
       // Register this interface as opened by the runner.
       opened_ifaces_[iface_name] = {

diff --git a/iface_fuzzer/ProtoFuzzerUtils.cpp b/iface_fuzzer/ProtoFuzzerUtils.cpp
index 44f8c9d..6dbdb0a 100644
--- a/iface_fuzzer/ProtoFuzzerUtils.cpp
+++ b/iface_fuzzer/ProtoFuzzerUtils.cpp

@@ -21,7 +21,6 @@
 #include <algorithm>
 #include <sstream>
 
-#include "specification_parser/InterfaceSpecificationParser.h"
 #include "utils/InterfaceSpecUtil.h"
 
 using std::cout;
@@ -95,7 +94,7 @@
         cout << "Loading: " << vts_spec_name << endl;
         string vts_spec_path = dir_path + "/" + vts_spec_name;
         CompSpec comp_spec{};
-        InterfaceSpecificationParser::parse(vts_spec_path.c_str(), &comp_spec);
+        ParseInterfaceSpec(vts_spec_path.c_str(), &comp_spec);
         TrimCompSpec(&comp_spec);
         result.emplace_back(std::move(comp_spec));
       }
@@ -156,6 +155,19 @@
   return predefined_types;
 }
 
+bool FromArray(const uint8_t *data, size_t size, ExecSpec *exec_spec) {
+  // TODO(b/63136690): Use checksum to validate exec_spec more reliably.
+  return exec_spec->ParseFromArray(data, size) && exec_spec->has_valid() &&
+         exec_spec->valid();
+}
+
+size_t ToArray(uint8_t *data, size_t size, ExecSpec *exec_spec) {
+  exec_spec->set_valid(true);
+  size_t exec_size = exec_spec->ByteSize();
+  exec_spec->SerializeToArray(data, exec_size);
+  return exec_size;
+}
+
 }  // namespace fuzzer
 }  // namespace vts
 }  // namespace android

diff --git a/iface_fuzzer/include/ProtoFuzzerRunner.h b/iface_fuzzer/include/ProtoFuzzerRunner.h
index 124b2b9..179b059 100644
--- a/iface_fuzzer/include/ProtoFuzzerRunner.h
+++ b/iface_fuzzer/include/ProtoFuzzerRunner.h

@@ -30,7 +30,7 @@
   // VTS spec of the interface.
   const CompSpec *comp_spec_;
   // Handle to an interface instance.
-  std::shared_ptr<FuzzerBase> hal_;
+  std::shared_ptr<DriverBase> hal_;
 };
 
 using IfaceDescTbl = std::unordered_map<std::string, IfaceDesc>;
@@ -58,7 +58,7 @@
   void ProcessReturnValue(const FuncSpec &result);
   // Loads the interface corresponding to the given VTS spec. Interface is
   // constructed with the given argument.
-  FuzzerBase *LoadInterface(const CompSpec &, uint64_t);
+  DriverBase *LoadInterface(const CompSpec &, uint64_t);
 
   // Keeps track of opened interfaces.
   IfaceDescTbl opened_ifaces_;

diff --git a/iface_fuzzer/include/ProtoFuzzerUtils.h b/iface_fuzzer/include/ProtoFuzzerUtils.h
index 9f37401..85af37f 100644
--- a/iface_fuzzer/include/ProtoFuzzerUtils.h
+++ b/iface_fuzzer/include/ProtoFuzzerUtils.h

@@ -23,7 +23,7 @@
 #include <unordered_map>
 #include <vector>
 
-#include "fuzz_tester/FuzzerBase.h"
+#include "driver_base/DriverBase.h"
 #include "test/vts/proto/ExecutionSpecificationMessage.pb.h"
 
 namespace android {
@@ -88,6 +88,13 @@
 std::unordered_map<std::string, TypeSpec> ExtractPredefinedTypes(
     const std::vector<CompSpec> &);
 
+// Serializes ExecSpec into byte form and writes it to buffer. Returns number of
+// written bytes.
+size_t ToArray(uint8_t *, size_t, ExecSpec *);
+
+// Deserializes given buffer to an ExecSpec. Returns true on success.
+bool FromArray(const uint8_t *, size_t, ExecSpec *);
+
 }  // namespace fuzzer
 }  // namespace vts
 }  // namespace android