2016-01-13 20:57:57 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright 2016 Google Inc.
|
|
|
|
|
*
|
|
|
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
|
|
|
* found in the LICENSE file.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef Fuzz_DEFINED
|
|
|
|
|
#define Fuzz_DEFINED
|
|
|
|
|
|
|
|
|
|
#include "SkData.h"
|
|
|
|
|
#include "SkTRegistry.h"
|
|
|
|
|
#include "SkTypes.h"
|
|
|
|
|
|
2016-10-25 13:11:05 +00:00
|
|
|
#include <vector>
|
|
|
|
|
|
2016-01-13 20:57:57 +00:00
|
|
|
class Fuzz : SkNoncopyable {
|
|
|
|
|
public:
|
2016-09-12 19:01:44 +00:00
|
|
|
explicit Fuzz(sk_sp<SkData>);
|
2016-01-13 20:57:57 +00:00
|
|
|
|
2016-07-19 23:50:03 +00:00
|
|
|
// Returns the total number of "random" bytes available.
|
|
|
|
|
size_t size();
|
|
|
|
|
// Returns the total number of "random" bytes remaining for randomness.
|
|
|
|
|
size_t remaining();
|
|
|
|
|
|
|
|
|
|
template <typename T>
|
2016-10-25 13:11:05 +00:00
|
|
|
bool SK_WARN_UNUSED_RESULT next(T* n);
|
2016-07-19 23:50:03 +00:00
|
|
|
|
2016-10-24 18:53:35 +00:00
|
|
|
// UBSAN reminds us that bool can only legally hold 0 or 1.
|
2016-10-25 13:11:05 +00:00
|
|
|
bool SK_WARN_UNUSED_RESULT next(bool* b) {
|
2016-10-24 18:53:35 +00:00
|
|
|
uint8_t byte;
|
|
|
|
|
if (!this->next(&byte)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
*b = (byte & 1) == 1;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The nextFoo methods are deprecated.
|
|
|
|
|
// TODO(kjlubick): replace existing uses with next() and remove these.
|
2016-02-18 14:27:38 +00:00
|
|
|
bool nextBool();
|
2016-01-14 12:59:42 +00:00
|
|
|
uint8_t nextB();
|
2016-01-13 20:57:57 +00:00
|
|
|
uint32_t nextU();
|
2016-02-18 14:27:38 +00:00
|
|
|
// This can be nan, +- infinity, 0, anything.
|
2016-01-13 20:57:57 +00:00
|
|
|
float nextF();
|
2016-04-05 19:48:47 +00:00
|
|
|
// Returns a float between [0..1) as a IEEE float
|
|
|
|
|
float nextF1();
|
2016-01-13 20:57:57 +00:00
|
|
|
|
2016-02-18 14:27:38 +00:00
|
|
|
// Return the next fuzzed value [min, max) as an unsigned 32bit integer.
|
|
|
|
|
uint32_t nextRangeU(uint32_t min, uint32_t max);
|
|
|
|
|
/**
|
|
|
|
|
* Returns next fuzzed value [min...max) as a float.
|
|
|
|
|
* Will not be Infinity or NaN.
|
|
|
|
|
*/
|
|
|
|
|
float nextRangeF(float min, float max);
|
|
|
|
|
|
2016-01-15 13:46:54 +00:00
|
|
|
void signalBug (); // Tell afl-fuzz these inputs found a bug.
|
|
|
|
|
void signalBoring(); // Tell afl-fuzz these inputs are not worth testing.
|
|
|
|
|
|
2016-01-13 20:57:57 +00:00
|
|
|
private:
|
2016-01-15 13:46:54 +00:00
|
|
|
template <typename T>
|
|
|
|
|
T nextT();
|
|
|
|
|
|
2016-08-03 20:32:32 +00:00
|
|
|
sk_sp<SkData> fBytes;
|
2016-01-14 12:59:42 +00:00
|
|
|
int fNextByte;
|
2016-01-13 20:57:57 +00:00
|
|
|
};
|
|
|
|
|
|
2016-07-19 23:50:03 +00:00
|
|
|
template <typename T>
|
|
|
|
|
bool Fuzz::next(T* n) {
|
|
|
|
|
if (fNextByte + sizeof(T) > fBytes->size()) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memcpy(n, fBytes->bytes() + fNextByte, sizeof(T));
|
|
|
|
|
fNextByte += sizeof(T);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-13 20:57:57 +00:00
|
|
|
struct Fuzzable {
|
|
|
|
|
const char* name;
|
|
|
|
|
void (*fn)(Fuzz*);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define DEF_FUZZ(name, f) \
|
|
|
|
|
static void fuzz_##name(Fuzz*); \
|
|
|
|
|
SkTRegistry<Fuzzable> register_##name({#name, fuzz_##name}); \
|
|
|
|
|
static void fuzz_##name(Fuzz* f)
|
|
|
|
|
|
|
|
|
|
#endif//Fuzz_DEFINED
|
