From 7168f2726eccdc00210ba59563a4ed3b821cca9d Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Thu, 2 Jul 2020 11:51:44 -0700 Subject: Add second batch of fuzzers for libutils This adds fuzzers for: - CallStack - Looper - LruCache - Printer - ProcessCallStack - PropertyMap - RWLock - RefBase - StopWatch. Test: Ran each fuzzer for 10 minutes. Rough coverage est. (likely far below actual value): 10.97% Signed-off-by: Dylan Katz Change-Id: I2f9f35c18b13338c282fb7f9c3ea4099ecb2c56f --- libutils/LruCache_fuzz.cpp | 74 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 libutils/LruCache_fuzz.cpp (limited to 'libutils/LruCache_fuzz.cpp') diff --git a/libutils/LruCache_fuzz.cpp b/libutils/LruCache_fuzz.cpp new file mode 100644 index 000000000..f8bacfcbc --- /dev/null +++ b/libutils/LruCache_fuzz.cpp @@ -0,0 +1,74 @@ +/* + * Copyright 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "fuzzer/FuzzedDataProvider.h" +#include "utils/LruCache.h" +#include "utils/StrongPointer.h" + +typedef android::LruCache FuzzCache; + +static constexpr uint32_t MAX_CACHE_ENTRIES = 800; + +class NoopRemovedCallback : public android::OnEntryRemoved { + public: + void operator()(size_t&, size_t&) { + // noop + } +}; + +static NoopRemovedCallback callback; + +static const std::vector> operations = { + [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->removeOldest(); }, + [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->peekOldestValue(); }, + [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->clear(); }, + [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->size(); }, + [](FuzzedDataProvider*, FuzzCache* cache) -> void { + android::LruCache::Iterator iter(*cache); + while (iter.next()) { + iter.key(); + iter.value(); + } + }, + [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void { + size_t key = dataProvider->ConsumeIntegral(); + size_t val = dataProvider->ConsumeIntegral(); + cache->put(key, val); + }, + [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void { + size_t key = dataProvider->ConsumeIntegral(); + cache->get(key); + }, + [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void { + size_t key = dataProvider->ConsumeIntegral(); + cache->remove(key); + }, + [](FuzzedDataProvider*, FuzzCache* cache) -> void { + cache->setOnEntryRemovedListener(&callback); + }}; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + FuzzedDataProvider dataProvider(data, size); + FuzzCache cache(MAX_CACHE_ENTRIES); + while (dataProvider.remaining_bytes() > 0) { + uint8_t op = dataProvider.ConsumeIntegral() % operations.size(); + operations[op](&dataProvider, &cache); + } + + return 0; +} -- cgit v1.2.3