llvm/lib/Fuzzer/FuzzerFnAdapter.h

//===- FuzzerAdapter.h - Arbitrary function Fuzzer adapter -------*- C++ -*===//
//
//                     The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// W A R N I N G :  E X P E R I M E N T A L.
//
// Defines an adapter to fuzz functions with (almost) arbitrary signatures.
//===----------------------------------------------------------------------===//

#ifndef LLVM_FUZZER_ADAPTER_H
#define LLVM_FUZZER_ADAPTER_H

#include <stddef.h>
#include <stdint.h>

#include <algorithm>
#include <string>
#include <tuple>
#include <vector>

namespace fuzzer {

/// Unpacks bytes from \p Data according to \p F argument types
/// and calls the function.
/// Use to automatically adapt LLVMFuzzerTestOneInput interface to
/// a specific function.
/// Supported argument types: primitive types, std::vector<uint8_t>.
template <typename Fn> bool Adapt(Fn F, const uint8_t *Data, size_t Size);

// The implementation performs several steps:
// - function argument types are obtained (Args...)
// - data is unpacked into std::tuple<Args...> one by one
// - function is called with std::tuple<Args...> containing arguments.
namespace impl {

// Single argument unpacking.

template <typename T>
size_t UnpackPrimitive(const uint8_t *Data, size_t Size, T *Value) {
  if (Size < sizeof(T))
    return Size;
  *Value = *reinterpret_cast<const T *>(Data);
  return Size - sizeof(T);
}

/// Unpacks into a given Value and returns the Size - num_consumed_bytes.
/// Return value equal to Size signals inability to unpack the data (typically
/// because there are not enough bytes).
template <typename T>
size_t UnpackSingle(const uint8_t *Data, size_t Size, T *Value);

#define UNPACK_SINGLE_PRIMITIVE(Type)                                          \
  template <>                                                                  \
  size_t UnpackSingle<Type>(const uint8_t *Data, size_t Size, Type *Value) {   \
    return UnpackPrimitive(Data, Size, Value);                                 \
  }

UNPACK_SINGLE_PRIMITIVE(char)
UNPACK_SINGLE_PRIMITIVE(signed char)
UNPACK_SINGLE_PRIMITIVE(unsigned char)

UNPACK_SINGLE_PRIMITIVE(short int)
UNPACK_SINGLE_PRIMITIVE(unsigned short int)

UNPACK_SINGLE_PRIMITIVE(int)
UNPACK_SINGLE_PRIMITIVE(unsigned int)

UNPACK_SINGLE_PRIMITIVE(long int)
UNPACK_SINGLE_PRIMITIVE(unsigned long int)

UNPACK_SINGLE_PRIMITIVE(bool)
UNPACK_SINGLE_PRIMITIVE(wchar_t)

UNPACK_SINGLE_PRIMITIVE(float)
UNPACK_SINGLE_PRIMITIVE(double)
UNPACK_SINGLE_PRIMITIVE(long double)

#undef UNPACK_SINGLE_PRIMITIVE

template <>
size_t UnpackSingle<std::vector<uint8_t>>(const uint8_t *Data, size_t Size,
                                          std::vector<uint8_t> *Value) {
  if (Size < 1)
    return Size;
  size_t Len = std::min(static_cast<size_t>(*Data), Size - 1);
  std::vector<uint8_t> V(Data + 1, Data + 1 + Len);
  Value->swap(V);
  return Size - Len - 1;
}

template <>
size_t UnpackSingle<std::string>(const uint8_t *Data, size_t Size,
    std::string *Value) {
  if (Size < 1)
    return Size;
  size_t Len = std::min(static_cast<size_t>(*Data), Size - 1);
  std::string S(Data + 1, Data + 1 + Len);
  Value->swap(S);
  return Size - Len - 1;
}

// Unpacking into arbitrary tuple.

// Recursion guard.
template <int N, typename TupleT>
typename std::enable_if<N == std::tuple_size<TupleT>::value, bool>::type
UnpackImpl(const uint8_t *Data, size_t Size, TupleT *Tuple) {
  return true;
}

// Unpack tuple elements starting from Nth.
template <int N, typename TupleT>
typename std::enable_if<N < std::tuple_size<TupleT>::value, bool>::type
UnpackImpl(const uint8_t *Data, size_t Size, TupleT *Tuple) {
  size_t NewSize = UnpackSingle(Data, Size, &std::get<N>(*Tuple));
  if (NewSize == Size) {
    return false;
  }

  return UnpackImpl<N + 1, TupleT>(Data + (Size - NewSize), NewSize, Tuple);
}

// Unpacks into arbitrary tuple and returns true if successful.
template <typename... Args>
bool Unpack(const uint8_t *Data, size_t Size, std::tuple<Args...> *Tuple) {
  return UnpackImpl<0, std::tuple<Args...>>(Data, Size, Tuple);
}

// Helper integer sequence templates.

template <int...> struct Seq {};

template <int N, int... S> struct GenSeq : GenSeq<N - 1, N - 1, S...> {};

// GenSeq<N>::type is Seq<0, 1, ..., N-1>
template <int... S> struct GenSeq<0, S...> { typedef Seq<S...> type; };

// Function signature introspection.

template <typename T> struct FnTraits {};

template <typename ReturnType, typename... Args>
struct FnTraits<ReturnType (*)(Args...)> {
  enum { Arity = sizeof...(Args) };
  typedef std::tuple<Args...> ArgsTupleT;
};

// Calling a function with arguments in a tuple.

template <typename Fn, int... S>
void ApplyImpl(Fn F, const typename FnTraits<Fn>::ArgsTupleT &Params,
               Seq<S...>) {
  F(std::get<S>(Params)...);
}

template <typename Fn>
void Apply(Fn F, const typename FnTraits<Fn>::ArgsTupleT &Params) {
  // S is Seq<0, ..., Arity-1>
  auto S = typename GenSeq<FnTraits<Fn>::Arity>::type();
  ApplyImpl(F, Params, S);
}

// Unpacking data into arguments tuple of correct type and calling the function.
template <typename Fn>
bool UnpackAndApply(Fn F, const uint8_t *Data, size_t Size) {
  typename FnTraits<Fn>::ArgsTupleT Tuple;
  if (!Unpack(Data, Size, &Tuple))
    return false;

  Apply(F, Tuple);
  return true;
}

} // namespace impl

template <typename Fn> bool Adapt(Fn F, const uint8_t *Data, size_t Size) {
  return impl::UnpackAndApply(F, Data, Size);
}

} // namespace fuzzer

#endif