Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(151)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tools/ipc_fuzzer/mutate/fuzzer.cc

Issue 1000373004: Combine traits for IPC mutation and generation fuzzing plus other refactoring. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Don't rename mutate/ to fuzzer/ Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« tools/ipc_fuzzer/dump/dump.gyp ('K') | « tools/ipc_fuzzer/mutate/fuzzer.h ('k') | tools/ipc_fuzzer/mutate/generate.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <iostream>
6 #include <set>
7 #include <string>
8 #include <utility>
9 #include <vector>
10
11 #include "base/strings/string_util.h"
12 #include "ipc/ipc_message.h"
13 #include "ipc/ipc_message_utils.h"
14 #include "ipc/ipc_switches.h"
15 #include "ipc/ipc_sync_channel.h"
16 #include "ipc/ipc_sync_message.h"
17 #include "tools/ipc_fuzzer/message_lib/message_file.h"
18 #include "tools/ipc_fuzzer/mutate/fuzzer.h"
19 #include "tools/ipc_fuzzer/mutate/rand_util.h"
20
21 #if defined(OS_POSIX)
22 #include <unistd.h>
23 #endif
24
25 // First include of message files to provide basic type.
26 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
27 #include "ipc/ipc_message_null_macros.h"
28
29 #if defined(COMPILER_GCC)
30 #define PRETTY_FUNCTION __PRETTY_FUNCTION__
31 #elif defined(COMPILER_MSVC)
32 #define PRETTY_FUNCTION __FUNCSIG__
33 #else
34 #define PRETTY_FUNCTION __FUNCTION__
35 #endif
36
37 namespace IPC {
38 class Message;
39 } // namespace IPC
40
41 namespace {
42 // For breaking deep recursion.
43 int g_depth = 0;
44 } // namespace
45
46 namespace ipc_fuzzer {
47
48 FuzzerFunctionVector g_function_vector;
49
50 bool Fuzzer::ShouldGenerate() {
51 return false;
52 }
53
54 // Partially-specialized class that knows how to handle a given type.
55 template <class P>
56 struct FuzzTraits {
57 static bool Fuzz(P* p, Fuzzer *fuzzer) {
58 // This is the catch-all for types we don't have enough information
59 // to generate.
60 std::cerr << "Can't handle " << PRETTY_FUNCTION << "\n";
61 return false;
62 }
63 };
64
65 // Template function to invoke partially-specialized class method.
66 template <class P>
67 static bool FuzzParam(P* p, Fuzzer* fuzzer) {
68 return FuzzTraits<P>::Fuzz(p, fuzzer);
69 }
70
71 template <class P>
72 static bool FuzzParamArray(P* p, size_t length, Fuzzer* fuzzer) {
73 for (size_t i = 0; i < length; i++, p++) {
74 if (!FuzzTraits<P>::Fuzz(p, fuzzer))
75 return false;
76 }
77 return true;
78 }
79
80 // Specializations to generate primitive types.
81 template <>
82 struct FuzzTraits<bool> {
83 static bool Fuzz(bool* p, Fuzzer* fuzzer) {
84 fuzzer->FuzzBool(p);
85 return true;
86 }
87 };
88
89 template <>
90 struct FuzzTraits<int> {
91 static bool Fuzz(int* p, Fuzzer* fuzzer) {
92 fuzzer->FuzzInt(p);
93 return true;
94 }
95 };
96
97 template <>
98 struct FuzzTraits<unsigned int> {
99 static bool Fuzz(unsigned int* p, Fuzzer* fuzzer) {
100 fuzzer->FuzzInt(reinterpret_cast<int*>(p));
101 return true;
102 }
103 };
104
105 template <>
106 struct FuzzTraits<long> {
107 static bool Fuzz(long* p, Fuzzer* fuzzer) {
108 fuzzer->FuzzLong(p);
109 return true;
110 }
111 };
112
113 template <>
114 struct FuzzTraits<unsigned long> {
115 static bool Fuzz(unsigned long* p, Fuzzer* fuzzer) {
116 fuzzer->FuzzLong(reinterpret_cast<long*>(p));
117 return true;
118 }
119 };
120
121 template <>
122 struct FuzzTraits<long long> {
123 static bool Fuzz(long long* p, Fuzzer* fuzzer) {
124 fuzzer->FuzzInt64(reinterpret_cast<int64*>(p));
125 return true;
126 }
127 };
128
129 template <>
130 struct FuzzTraits<unsigned long long> {
131 static bool Fuzz(unsigned long long* p, Fuzzer* fuzzer) {
132 fuzzer->FuzzInt64(reinterpret_cast<int64*>(p));
133 return true;
134 }
135 };
136
137 template <>
138 struct FuzzTraits<short> {
139 static bool Fuzz(short* p, Fuzzer* fuzzer) {
140 fuzzer->FuzzUInt16(reinterpret_cast<uint16*>(p));
141 return true;
142 }
143 };
144
145 template <>
146 struct FuzzTraits<unsigned short> {
147 static bool Fuzz(unsigned short* p, Fuzzer* fuzzer) {
148 fuzzer->FuzzUInt16(reinterpret_cast<uint16*>(p));
149 return true;
150 }
151 };
152
153 template <>
154 struct FuzzTraits<char> {
155 static bool Fuzz(char* p, Fuzzer* fuzzer) {
156 fuzzer->FuzzUChar(reinterpret_cast<unsigned char*>(p));
157 return true;
158 }
159 };
160
161 template <>
162 struct FuzzTraits<unsigned char> {
163 static bool Fuzz(unsigned char* p, Fuzzer* fuzzer) {
164 fuzzer->FuzzUChar(p);
165 return true;
166 }
167 };
168
169 template <>
170 struct FuzzTraits<wchar_t> {
171 static bool Fuzz(wchar_t* p, Fuzzer* fuzzer) {
172 fuzzer->FuzzWChar(p);
173 return true;
174 }
175 };
176
177 template <>
178 struct FuzzTraits<float> {
179 static bool Fuzz(float* p, Fuzzer* fuzzer) {
180 fuzzer->FuzzFloat(p);
181 return true;
182 }
183 };
184
185 template <>
186 struct FuzzTraits<double> {
187 static bool Fuzz(double* p, Fuzzer* fuzzer) {
188 fuzzer->FuzzDouble(p);
189 return true;
190 }
191 };
192
193 template <>
194 struct FuzzTraits<std::string> {
195 static bool Fuzz(std::string* p, Fuzzer* fuzzer) {
196 fuzzer->FuzzString(p);
197 return true;
198 }
199 };
200
201 template <>
202 struct FuzzTraits<base::string16> {
203 static bool Fuzz(base::string16* p, Fuzzer* fuzzer) {
204 fuzzer->FuzzString16(p);
205 return true;
206 }
207 };
208
209 // Specializations for tuples.
210 template <>
211 struct FuzzTraits<Tuple<>> {
212 static bool Fuzz(Tuple<>* p, Fuzzer* fuzzer) {
213 return true;
214 }
215 };
216
217 template <class A>
218 struct FuzzTraits<Tuple<A>> {
219 static bool Fuzz(Tuple<A>* p, Fuzzer* fuzzer) {
220 return FuzzParam(&get<0>(*p), fuzzer);
221 }
222 };
223
224 template <class A, class B>
225 struct FuzzTraits<Tuple<A, B>> {
226 static bool Fuzz(Tuple<A, B>* p, Fuzzer* fuzzer) {
227 return
228 FuzzParam(&get<0>(*p), fuzzer) &&
229 FuzzParam(&get<1>(*p), fuzzer);
230 }
231 };
232
233 template <class A, class B, class C>
234 struct FuzzTraits<Tuple<A, B, C>> {
235 static bool Fuzz(Tuple<A, B, C>* p, Fuzzer* fuzzer) {
236 return
237 FuzzParam(&get<0>(*p), fuzzer) &&
238 FuzzParam(&get<1>(*p), fuzzer) &&
239 FuzzParam(&get<2>(*p), fuzzer);
240 }
241 };
242
243 template <class A, class B, class C, class D>
244 struct FuzzTraits<Tuple<A, B, C, D>> {
245 static bool Fuzz(Tuple<A, B, C, D>* p, Fuzzer* fuzzer) {
246 return
247 FuzzParam(&get<0>(*p), fuzzer) &&
248 FuzzParam(&get<1>(*p), fuzzer) &&
249 FuzzParam(&get<2>(*p), fuzzer) &&
250 FuzzParam(&get<3>(*p), fuzzer);
251 }
252 };
253
254 template <class A, class B, class C, class D, class E>
255 struct FuzzTraits<Tuple<A, B, C, D, E>> {
256 static bool Fuzz(Tuple<A, B, C, D, E>* p, Fuzzer* fuzzer) {
257 return
258 FuzzParam(&get<0>(*p), fuzzer) &&
259 FuzzParam(&get<1>(*p), fuzzer) &&
260 FuzzParam(&get<2>(*p), fuzzer) &&
261 FuzzParam(&get<3>(*p), fuzzer) &&
262 FuzzParam(&get<4>(*p), fuzzer);
263 }
264 };
265
266 // Specializations for containers.
267 template <class A>
268 struct FuzzTraits<std::vector<A> > {
269 static bool Fuzz(std::vector<A>* p, Fuzzer* fuzzer) {
270 ++g_depth;
271 size_t count = p->size();
272 if (fuzzer->ShouldGenerate()) {
273 count = g_depth > 3 ? 0 : RandElementCount();
274 p->resize(count);
275 }
276 for (size_t i = 0; i < count; ++i) {
277 if (!FuzzParam(&p->at(i), fuzzer)) {
278 --g_depth;
279 return false;
280 }
281 }
282 --g_depth;
283 return true;
284 }
285 };
286
287 template <class A>
288 struct FuzzTraits<std::set<A> > {
289 static bool Fuzz(std::set<A>* p, Fuzzer* fuzzer) {
290 // TODO(mbarbella): Support mutation.
291 if (!fuzzer->ShouldGenerate())
292 return true;
293
294 static int g_depth = 0;
295 size_t count = ++g_depth > 3 ? 0 : RandElementCount();
296 A a;
297 for (size_t i = 0; i < count; ++i) {
298 if (!FuzzParam(&a, fuzzer)) {
299 --g_depth;
300 return false;
301 }
302 p->insert(a);
303 }
304 --g_depth;
305 return true;
306 }
307 };
308
309 template <class A, class B>
310 struct FuzzTraits<std::map<A, B> > {
311 static bool Fuzz(std::map<A, B>* p, Fuzzer* fuzzer) {
312 if (!fuzzer->ShouldGenerate()) {
313 typename std::map<A, B>::iterator it;
314 for (it = p->begin(); it != p->end(); ++it) {
315 FuzzParam(&it->second, fuzzer);
316 }
317 return true;
318 }
319
320 static int g_depth = 0;
321 size_t count = ++g_depth > 3 ? 0 : RandElementCount();
322 std::pair<A, B> place_holder;
323 for (size_t i = 0; i < count; ++i) {
324 if (!FuzzParam(&place_holder, fuzzer)) {
325 --g_depth;
326 return false;
327 }
328 p->insert(place_holder);
329 }
330 --g_depth;
331 return true;
332 }
333 };
334
335 template <class A, class B, class C, class D>
336 struct FuzzTraits<std::map<A, B, C, D>> {
337 static bool Fuzz(std::map<A, B, C, D>* p, Fuzzer* fuzzer) {
338 if (!fuzzer->ShouldGenerate()) {
339 typename std::map<A, B, C, D>::iterator it;
340 for (it = p->begin(); it != p->end(); ++it) {
341 FuzzParam(&it->second, fuzzer);
342 }
343 return true;
344 }
345
346 static int g_depth = 0;
347 size_t count = ++g_depth > 3 ? 0 : RandElementCount();
348 std::pair<A, B> place_holder;
349 for (size_t i = 0; i < count; ++i) {
350 if (!FuzzParam(&place_holder, fuzzer)) {
351 --g_depth;
352 return false;
353 }
354 p->insert(place_holder);
355 }
356 --g_depth;
357 return true;
358 }
359 };
360
361 template <class A, class B>
362 struct FuzzTraits<std::pair<A, B> > {
363 static bool Fuzz(std::pair<A, B>* p, Fuzzer* fuzzer) {
364 return
365 FuzzParam(&p->first, fuzzer) &&
366 FuzzParam(&p->second, fuzzer);
367 }
368 };
369
370 // Specializations for hand-coded types.
371
372 template <>
373 struct FuzzTraits<base::FilePath> {
374 static bool Fuzz(base::FilePath* p, Fuzzer* fuzzer) {
375 // TODO(mbarbella): Support mutation.
376 if (!fuzzer->ShouldGenerate())
377 return true;
378
379 const char path_chars[] = "ACz0/.~:";
380 size_t count = RandInRange(60);
381 base::FilePath::StringType random_path;
382 for (size_t i = 0; i < count; ++i)
383 random_path += path_chars[RandInRange(sizeof(path_chars) - 1)];
384 *p = base::FilePath(random_path);
385 return true;
386 }
387 };
388
389 template <>
390 struct FuzzTraits<base::File::Error> {
391 static bool Fuzz(base::File::Error* p, Fuzzer* fuzzer) {
392 int value = static_cast<int>(*p);
393 if (!FuzzParam(&value, fuzzer))
394 return false;
395 *p = static_cast<base::File::Error>(value);
396 return true;
397 }
398 };
399
400 template <>
401 struct FuzzTraits<base::File::Info> {
402 static bool Fuzz(base::File::Info* p, Fuzzer* fuzzer) {
403 double last_modified = p->last_modified.ToDoubleT();
404 double last_accessed = p->last_accessed.ToDoubleT();
405 double creation_time = p->creation_time.ToDoubleT();
406 if (!FuzzParam(&p->size, fuzzer))
407 return false;
408 if (!FuzzParam(&p->is_directory, fuzzer))
409 return false;
410 if (!FuzzParam(&last_modified, fuzzer))
411 return false;
412 if (!FuzzParam(&last_accessed, fuzzer))
413 return false;
414 if (!FuzzParam(&creation_time, fuzzer))
415 return false;
416 p->last_modified = base::Time::FromDoubleT(last_modified);
417 p->last_accessed = base::Time::FromDoubleT(last_accessed);
418 p->creation_time = base::Time::FromDoubleT(creation_time);
419 return true;
420 }
421 };
422
423 template <>
424 struct FuzzTraits<base::NullableString16> {
425 static bool Fuzz(base::NullableString16* p, Fuzzer* fuzzer) {
426 base::string16 string = p->string();
427 bool is_null = p->is_null();
428 if (!FuzzParam(&string, fuzzer))
429 return false;
430 if (!FuzzParam(&is_null, fuzzer))
431 return false;
432 *p = base::NullableString16(string, is_null);
433 return true;
434 }
435 };
436
437 template <>
438 struct FuzzTraits<base::Time> {
439 static bool Fuzz(base::Time* p, Fuzzer* fuzzer) {
440 int64 internal_value = p->ToInternalValue();
441 if (!FuzzParam(&internal_value, fuzzer))
442 return false;
443 *p = base::Time::FromInternalValue(internal_value);
444 return true;
445 }
446 };
447
448 template <>
449 struct FuzzTraits<base::TimeDelta> {
450 static bool Fuzz(base::TimeDelta* p, Fuzzer* fuzzer) {
451 int64 internal_value = p->ToInternalValue();
452 if (!FuzzParam(&internal_value, fuzzer))
453 return false;
454 *p = base::TimeDelta::FromInternalValue(internal_value);
455 return true;
456 }
457 };
458
459 template <>
460 struct FuzzTraits<base::TimeTicks> {
461 static bool Fuzz(base::TimeTicks* p, Fuzzer* fuzzer) {
462 int64 internal_value = p->ToInternalValue();
463 if (!FuzzParam(&internal_value, fuzzer))
464 return false;
465 *p = base::TimeTicks::FromInternalValue(internal_value);
466 return true;
467 }
468 };
469
470 template <>
471 struct FuzzTraits<base::ListValue> {
472 static bool Fuzz(base::ListValue* p, Fuzzer* fuzzer) {
473 // TODO(mbarbella): Support mutation.
474 if (!fuzzer->ShouldGenerate())
475 return true;
476
477 ++g_depth;
478 size_t list_length = g_depth > 3 ? 0 : RandInRange(8);
479 for (size_t index = 0; index < list_length; ++index) {
480 switch (RandInRange(8)) {
481 case base::Value::TYPE_BOOLEAN: {
482 bool tmp;
483 fuzzer->FuzzBool(&tmp);
484 p->Set(index, new base::FundamentalValue(tmp));
485 break;
486 }
487 case base::Value::TYPE_INTEGER: {
488 int tmp;
489 fuzzer->FuzzInt(&tmp);
490 p->Set(index, new base::FundamentalValue(tmp));
491 break;
492 }
493 case base::Value::TYPE_DOUBLE: {
494 double tmp;
495 fuzzer->FuzzDouble(&tmp);
496 p->Set(index, new base::FundamentalValue(tmp));
497 break;
498 }
499 case base::Value::TYPE_STRING: {
500 std::string tmp;
501 fuzzer->FuzzString(&tmp);
502 p->Set(index, new base::StringValue(tmp));
503 break;
504 }
505 case base::Value::TYPE_BINARY: {
506 char tmp[200];
507 size_t bin_length = RandInRange(sizeof(tmp));
508 fuzzer->FuzzData(tmp, bin_length);
509 p->Set(index,
510 base::BinaryValue::CreateWithCopiedBuffer(tmp, bin_length));
511 break;
512 }
513 case base::Value::TYPE_DICTIONARY: {
514 base::DictionaryValue* tmp = new base::DictionaryValue();
515 FuzzParam(tmp, fuzzer);
516 p->Set(index, tmp);
517 break;
518 }
519 case base::Value::TYPE_LIST: {
520 base::ListValue* tmp = new base::ListValue();
521 FuzzParam(tmp, fuzzer);
522 p->Set(index, tmp);
523 break;
524 }
525 case base::Value::TYPE_NULL:
526 default:
527 break;
528 }
529 }
530 --g_depth;
531 return true;
532 }
533 };
534
535 template <>
536 struct FuzzTraits<base::DictionaryValue> {
537 static bool Fuzz(base::DictionaryValue* p, Fuzzer* fuzzer) {
538 // TODO(mbarbella): Support mutation.
539 if (!fuzzer->ShouldGenerate())
540 return true;
541
542 ++g_depth;
543 size_t dict_length = g_depth > 3 ? 0 : RandInRange(8);
544 for (size_t index = 0; index < dict_length; ++index) {
545 std::string property;
546 fuzzer->FuzzString(&property);
547 switch (RandInRange(8)) {
548 case base::Value::TYPE_BOOLEAN: {
549 bool tmp;
550 fuzzer->FuzzBool(&tmp);
551 p->SetWithoutPathExpansion(property, new base::FundamentalValue(tmp));
552 break;
553 }
554 case base::Value::TYPE_INTEGER: {
555 int tmp;
556 fuzzer->FuzzInt(&tmp);
557 p->SetWithoutPathExpansion(property, new base::FundamentalValue(tmp));
558 break;
559 }
560 case base::Value::TYPE_DOUBLE: {
561 double tmp;
562 fuzzer->FuzzDouble(&tmp);
563 p->SetWithoutPathExpansion(property, new base::FundamentalValue(tmp));
564 break;
565 }
566 case base::Value::TYPE_STRING: {
567 std::string tmp;
568 fuzzer->FuzzString(&tmp);
569 p->SetWithoutPathExpansion(property, new base::StringValue(tmp));
570 break;
571 }
572 case base::Value::TYPE_BINARY: {
573 char tmp[200];
574 size_t bin_length = RandInRange(sizeof(tmp));
575 fuzzer->FuzzData(tmp, bin_length);
576 p->SetWithoutPathExpansion(
577 property,
578 base::BinaryValue::CreateWithCopiedBuffer(tmp, bin_length));
579 break;
580 }
581 case base::Value::TYPE_DICTIONARY: {
582 base::DictionaryValue* tmp = new base::DictionaryValue();
583 FuzzParam(tmp, fuzzer);
584 p->SetWithoutPathExpansion(property, tmp);
585 break;
586 }
587 case base::Value::TYPE_LIST: {
588 base::ListValue* tmp = new base::ListValue();
589 FuzzParam(tmp, fuzzer);
590 p->SetWithoutPathExpansion(property, tmp);
591 break;
592 }
593 case base::Value::TYPE_NULL:
594 default:
595 break;
596 }
597 }
598 --g_depth;
599 return true;
600 }
601 };
602
603 template <>
604 struct FuzzTraits<blink::WebGamepad> {
605 static bool Fuzz(blink::WebGamepad* p, Fuzzer* fuzzer) {
606 if (!FuzzParam(&p->connected, fuzzer))
607 return false;
608 if (!FuzzParam(&p->timestamp, fuzzer))
609 return false;
610 unsigned idLength = static_cast<unsigned>(
611 RandInRange(blink::WebGamepad::idLengthCap + 1));
612 if (!FuzzParamArray(&p->id[0], idLength, fuzzer))
613 return false;
614 p->axesLength = static_cast<unsigned>(
615 RandInRange(blink::WebGamepad::axesLengthCap + 1));
616 if (!FuzzParamArray(&p->axes[0], p->axesLength, fuzzer))
617 return false;
618 p->buttonsLength = static_cast<unsigned>(
619 RandInRange(blink::WebGamepad::buttonsLengthCap + 1));
620 if (!FuzzParamArray(&p->buttons[0], p->buttonsLength, fuzzer))
621 return false;
622 unsigned mappingsLength = static_cast<unsigned>(
623 RandInRange(blink::WebGamepad::mappingLengthCap + 1));
624 if (!FuzzParamArray(&p->mapping[0], mappingsLength, fuzzer))
625 return false;
626 return true;
627 }
628 };
629
630 template <>
631 struct FuzzTraits<blink::WebGamepadButton> {
632 static bool Fuzz(blink::WebGamepadButton* p, Fuzzer* fuzzer) {
633 if (!FuzzParam(&p->pressed, fuzzer))
634 return false;
635 if (!FuzzParam(&p->value, fuzzer))
636 return false;
637 return true;
638 }
639 };
640
641 template <>
642 struct FuzzTraits<cc::CompositorFrame> {
643 static bool Fuzz(cc::CompositorFrame* p, Fuzzer* fuzzer) {
644 // TODO(mbarbella): Support mutation.
645 if (!fuzzer->ShouldGenerate())
646 return true;
647
648 if (!FuzzParam(&p->metadata, fuzzer))
649 return false;
650
651 switch (RandInRange(4)) {
652 case 0: {
653 p->delegated_frame_data.reset(new cc::DelegatedFrameData());
654 if (!FuzzParam(p->delegated_frame_data.get(), fuzzer))
655 return false;
656 return true;
657 }
658 case 1: {
659 p->gl_frame_data.reset(new cc::GLFrameData());
660 if (!FuzzParam(p->gl_frame_data.get(), fuzzer))
661 return false;
662 return true;
663 }
664 case 2: {
665 p->software_frame_data.reset(new cc::SoftwareFrameData());
666 if (!FuzzParam(p->software_frame_data.get(), fuzzer))
667 return false;
668 return true;
669 }
670 default:
671 // Fuzz nothing to handle the no frame case.
672 return true;
673 }
674 }
675 };
676
677 template <>
678 struct FuzzTraits<cc::CompositorFrameAck> {
679 static bool Fuzz(cc::CompositorFrameAck* p, Fuzzer* fuzzer) {
680 if (!FuzzParam(&p->resources, fuzzer))
681 return false;
682 if (!FuzzParam(&p->last_software_frame_id, fuzzer))
683 return false;
684
685 if (!p->gl_frame_data)
686 p->gl_frame_data.reset(new cc::GLFrameData);
687 if (!FuzzParam(p->gl_frame_data.get(), fuzzer))
688 return false;
689 return true;
690 }
691 };
692
693 template <>
694 struct FuzzTraits<cc::DelegatedFrameData> {
695 static bool Fuzz(cc::DelegatedFrameData* p, Fuzzer* fuzzer) {
696 if (!FuzzParam(&p->device_scale_factor, fuzzer))
697 return false;
698 if (!FuzzParam(&p->resource_list, fuzzer))
699 return false;
700 if (!FuzzParam(&p->render_pass_list, fuzzer))
701 return false;
702 return true;
703 }
704 };
705
706 template <class A>
707 struct FuzzTraits<cc::ListContainer<A>> {
708 static bool Fuzz(cc::ListContainer<A>* p, Fuzzer* fuzzer) {
709 // TODO(mbarbella): This should actually do something.
710 return true;
711 }
712 };
713
714 template <>
715 struct FuzzTraits<cc::QuadList> {
716 static bool Fuzz(cc::QuadList* p, Fuzzer* fuzzer) {
717 // TODO(mbarbella): This should actually do something.
718 return true;
719 }
720 };
721
722 template <>
723 struct FuzzTraits<cc::RenderPass> {
724 static bool Fuzz(cc::RenderPass* p, Fuzzer* fuzzer) {
725 if (!FuzzParam(&p->id, fuzzer))
726 return false;
727 if (!FuzzParam(&p->output_rect, fuzzer))
728 return false;
729 if (!FuzzParam(&p->damage_rect, fuzzer))
730 return false;
731 if (!FuzzParam(&p->transform_to_root_target, fuzzer))
732 return false;
733 if (!FuzzParam(&p->has_transparent_background, fuzzer))
734 return false;
735 if (!FuzzParam(&p->quad_list, fuzzer))
736 return false;
737 if (!FuzzParam(&p->shared_quad_state_list, fuzzer))
738 return false;
739 // Omitting |copy_requests| as it is not sent over IPC.
740 return true;
741 }
742 };
743
744 template <>
745 struct FuzzTraits<cc::RenderPassList> {
746 static bool Fuzz(cc::RenderPassList* p, Fuzzer* fuzzer) {
747 // TODO(mbarbella): Support mutation.
748 if (!fuzzer->ShouldGenerate())
749 return true;
750
751 size_t count = RandElementCount();
752 for (size_t i = 0; i < count; ++i) {
753 scoped_ptr<cc::RenderPass> render_pass = cc::RenderPass::Create();
754 if (!FuzzParam(render_pass.get(), fuzzer))
755 return false;
756 p->push_back(render_pass.Pass());
757 }
758 return true;
759 }
760 };
761
762 template <>
763 struct FuzzTraits<cc::SoftwareFrameData> {
764 static bool Fuzz(cc::SoftwareFrameData* p, Fuzzer* fuzzer) {
765 if (!FuzzParam(&p->id, fuzzer))
766 return false;
767 if (!FuzzParam(&p->size, fuzzer))
768 return false;
769 if (!FuzzParam(&p->damage_rect, fuzzer))
770 return false;
771 if (!FuzzParam(&p->bitmap_id, fuzzer))
772 return false;
773 return true;
774 }
775 };
776
777 template <>
778 struct FuzzTraits<content::IndexedDBKey> {
779 static bool Fuzz(content::IndexedDBKey* p, Fuzzer* fuzzer) {
780 // TODO(mbarbella): Support mutation.
781 if (!fuzzer->ShouldGenerate())
782 return true;
783
784 ++g_depth;
785 blink::WebIDBKeyType web_type =
786 static_cast<blink::WebIDBKeyType>(RandInRange(7));
787 switch (web_type) {
788 case blink::WebIDBKeyTypeArray: {
789 size_t length = g_depth > 3 ? 0 : RandInRange(4);
790 std::vector<content::IndexedDBKey> array;
791 array.resize(length);
792 for (size_t i = 0; i < length; ++i) {
793 if (!FuzzParam(&array[i], fuzzer)) {
794 --g_depth;
795 return false;
796 }
797 }
798 *p = content::IndexedDBKey(array);
799 return true;
800 }
801 case blink::WebIDBKeyTypeBinary: {
802 std::string binary;
803 if (!FuzzParam(&binary, fuzzer)) {
804 --g_depth;
805 return false;
806 }
807 *p = content::IndexedDBKey(binary);
808 return true;
809 }
810 case blink::WebIDBKeyTypeString: {
811 base::string16 string;
812 if (!FuzzParam(&string, fuzzer))
813 return false;
814 *p = content::IndexedDBKey(string);
815 return true;
816 }
817 case blink::WebIDBKeyTypeDate:
818 case blink::WebIDBKeyTypeNumber: {
819 double number;
820 if (!FuzzParam(&number, fuzzer)) {
821 --g_depth;
822 return false;
823 }
824 *p = content::IndexedDBKey(number, web_type);
825 return true;
826 }
827 case blink::WebIDBKeyTypeInvalid:
828 case blink::WebIDBKeyTypeNull: {
829 *p = content::IndexedDBKey(web_type);
830 return true;
831 }
832 default: {
833 NOTREACHED();
834 --g_depth;
835 return false;
836 }
837 }
838 }
839 };
840
841 template <>
842 struct FuzzTraits<content::IndexedDBKeyRange> {
843 static bool Fuzz(content::IndexedDBKeyRange* p, Fuzzer* fuzzer) {
844 // TODO(mbarbella): Support mutation.
845 if (!fuzzer->ShouldGenerate())
846 return true;
847
848 content::IndexedDBKey lower;
849 content::IndexedDBKey upper;
850 bool lower_open;
851 bool upper_open;
852 if (!FuzzParam(&lower, fuzzer))
853 return false;
854 if (!FuzzParam(&upper, fuzzer))
855 return false;
856 if (!FuzzParam(&lower_open, fuzzer))
857 return false;
858 if (!FuzzParam(&upper_open, fuzzer))
859 return false;
860 *p = content::IndexedDBKeyRange(lower, upper, lower_open, upper_open);
861 return true;
862 }
863 };
864
865 template <>
866 struct FuzzTraits<content::IndexedDBKeyPath> {
867 static bool Fuzz(content::IndexedDBKeyPath* p, Fuzzer* fuzzer) {
868 // TODO(mbarbella): Support mutation.
869 if (!fuzzer->ShouldGenerate())
870 return true;
871
872 switch (RandInRange(3)) {
873 case 0: {
874 std::vector<base::string16> array;
875 if (!FuzzParam(&array, fuzzer))
876 return false;
877 *p = content::IndexedDBKeyPath(array);
878 break;
879 }
880 case 1: {
881 base::string16 string;
882 if (!FuzzParam(&string, fuzzer))
883 return false;
884 *p = content::IndexedDBKeyPath(string);
885 break;
886 }
887 case 2: {
888 *p = content::IndexedDBKeyPath();
889 break;
890 }
891 }
892 return true;
893 }
894 };
895
896 template <>
897 struct FuzzTraits<content::NPIdentifier_Param> {
898 static bool Fuzz(content::NPIdentifier_Param* p, Fuzzer* fuzzer) {
899 // TODO(mbarbella): This should actually do something.
900 return true;
901 }
902 };
903
904 template <>
905 struct FuzzTraits<content::NPVariant_Param> {
906 static bool Fuzz(content::NPVariant_Param* p, Fuzzer* fuzzer) {
907 // TODO(mbarbella): This should actually do something.
908 return true;
909 }
910 };
911
912 template <>
913 struct FuzzTraits<content::PageState> {
914 static bool Fuzz(content::PageState* p, Fuzzer* fuzzer) {
915 std::string data = p->ToEncodedData();
916 if (!FuzzParam(&data, fuzzer))
917 return false;
918 *p = content::PageState::CreateFromEncodedData(data);
919 return true;
920 }
921 };
922
923 template <>
924 struct FuzzTraits<content::SyntheticGesturePacket> {
925 static bool Fuzz(content::SyntheticGesturePacket* p,
926 Fuzzer* fuzzer) {
927 // TODO(mbarbella): Support mutation.
928 if (!fuzzer->ShouldGenerate())
929 return true;
930
931 scoped_ptr<content::SyntheticGestureParams> gesture_params;
932 switch (RandInRange(
933 content::SyntheticGestureParams::SYNTHETIC_GESTURE_TYPE_MAX + 1)) {
934 case content::SyntheticGestureParams::GestureType::
935 SMOOTH_SCROLL_GESTURE: {
936 content::SyntheticSmoothScrollGestureParams* params =
937 new content::SyntheticSmoothScrollGestureParams();
938 if (!FuzzParam(&params->anchor, fuzzer))
939 return false;
940 if (!FuzzParam(&params->distances, fuzzer))
941 return false;
942 if (!FuzzParam(&params->prevent_fling, fuzzer))
943 return false;
944 if (!FuzzParam(&params->speed_in_pixels_s, fuzzer))
945 return false;
946 gesture_params.reset(params);
947 break;
948 }
949 case content::SyntheticGestureParams::GestureType::SMOOTH_DRAG_GESTURE: {
950 content::SyntheticSmoothDragGestureParams* params =
951 new content::SyntheticSmoothDragGestureParams();
952 if (!FuzzParam(&params->start_point, fuzzer))
953 return false;
954 if (!FuzzParam(&params->distances, fuzzer))
955 return false;
956 if (!FuzzParam(&params->speed_in_pixels_s, fuzzer))
957 return false;
958 gesture_params.reset(params);
959 break;
960 }
961 case content::SyntheticGestureParams::GestureType::PINCH_GESTURE: {
962 content::SyntheticPinchGestureParams* params =
963 new content::SyntheticPinchGestureParams();
964 if (!FuzzParam(&params->scale_factor, fuzzer))
965 return false;
966 if (!FuzzParam(&params->anchor, fuzzer))
967 return false;
968 if (!FuzzParam(&params->relative_pointer_speed_in_pixels_s,
969 fuzzer))
970 return false;
971 gesture_params.reset(params);
972 break;
973 }
974 case content::SyntheticGestureParams::GestureType::TAP_GESTURE: {
975 content::SyntheticTapGestureParams* params =
976 new content::SyntheticTapGestureParams();
977 if (!FuzzParam(&params->position, fuzzer))
978 return false;
979 if (!FuzzParam(&params->duration_ms, fuzzer))
980 return false;
981 gesture_params.reset(params);
982 break;
983 }
984 }
985 p->set_gesture_params(gesture_params.Pass());
986 return true;
987 }
988 };
989
990 template <>
991 struct FuzzTraits<content::WebCursor> {
992 static bool Fuzz(content::WebCursor* p, Fuzzer* fuzzer) {
993 content::WebCursor::CursorInfo info;
994 p->GetCursorInfo(&info);
995
996 // |type| enum is not validated on de-serialization, so pick random value.
997 if (!FuzzParam(reinterpret_cast<int *>(&info.type), fuzzer))
998 return false;
999 if (!FuzzParam(&info.hotspot, fuzzer))
1000 return false;
1001 if (!FuzzParam(&info.image_scale_factor, fuzzer))
1002 return false;
1003 if (!FuzzParam(&info.custom_image, fuzzer))
1004 return false;
1005 // Omitting |externalHandle| since it is not serialized.
1006
1007 // Scale factor is expected to be greater than 0, otherwise we hit
1008 // a check failure.
1009 info.image_scale_factor = fabs(info.image_scale_factor) + 0.001;
1010
1011 *p = content::WebCursor(info);
1012 return true;
1013 }
1014 };
1015
1016 template <>
1017 struct FuzzTraits<ContentSettingsPattern> {
1018 static bool Fuzz(ContentSettingsPattern* p, Fuzzer* fuzzer) {
1019 // TODO(mbarbella): This can crash if a pattern is generated from a random
1020 // string. We could carefully generate a pattern or fix pattern generation.
1021 return true;
1022 }
1023 };
1024
1025 template <>
1026 struct FuzzTraits<ExtensionMsg_PermissionSetStruct> {
1027 static bool Fuzz(ExtensionMsg_PermissionSetStruct* p,
1028 Fuzzer* fuzzer) {
1029 // TODO(mbarbella): This should actually do something.
1030 return true;
1031 }
1032 };
1033
1034 template <>
1035 struct FuzzTraits<extensions::URLPatternSet> {
1036 static bool Fuzz(extensions::URLPatternSet* p, Fuzzer* fuzzer) {
1037 std::set<URLPattern> patterns = p->patterns();
1038 if (!FuzzParam(&patterns, fuzzer))
1039 return false;
1040 *p = extensions::URLPatternSet(patterns);
1041 return true;
1042 }
1043 };
1044
1045 template <>
1046 struct FuzzTraits<gfx::Point> {
1047 static bool Fuzz(gfx::Point* p, Fuzzer* fuzzer) {
1048 int x = p->x();
1049 int y = p->y();
1050 if (!FuzzParam(&x, fuzzer))
1051 return false;
1052 if (!FuzzParam(&y, fuzzer))
1053 return false;
1054 p->SetPoint(x, y);
1055 return true;
1056 }
1057 };
1058
1059 template <>
1060 struct FuzzTraits<gfx::PointF> {
1061 static bool Fuzz(gfx::PointF* p, Fuzzer* fuzzer) {
1062 float x = p->x();
1063 float y = p->y();
1064 if (!FuzzParam(&x, fuzzer))
1065 return false;
1066 if (!FuzzParam(&y, fuzzer))
1067 return false;
1068 p->SetPoint(x, y);
1069 return true;
1070 }
1071 };
1072
1073 template <>
1074 struct FuzzTraits<gfx::Rect> {
1075 static bool Fuzz(gfx::Rect* p, Fuzzer* fuzzer) {
1076 gfx::Point origin = p->origin();
1077 gfx::Size size = p->size();
1078 if (!FuzzParam(&origin, fuzzer))
1079 return false;
1080 if (!FuzzParam(&size, fuzzer))
1081 return false;
1082 p->set_origin(origin);
1083 p->set_size(size);
1084 return true;
1085 }
1086 };
1087
1088 template <>
1089 struct FuzzTraits<gfx::RectF> {
1090 static bool Fuzz(gfx::RectF* p, Fuzzer* fuzzer) {
1091 gfx::PointF origin = p->origin();
1092 gfx::SizeF size = p->size();
1093 if (!FuzzParam(&origin, fuzzer))
1094 return false;
1095 if (!FuzzParam(&size, fuzzer))
1096 return false;
1097 p->set_origin(origin);
1098 p->set_size(size);
1099 return true;
1100 }
1101 };
1102
1103 template <>
1104 struct FuzzTraits<gfx::Range> {
1105 static bool Fuzz(gfx::Range* p, Fuzzer* fuzzer) {
1106 size_t start = p->start();
1107 size_t end = p->end();
1108 if (!FuzzParam(&start, fuzzer))
1109 return false;
1110 if (!FuzzParam(&end, fuzzer))
1111 return false;
1112 *p = gfx::Range(start, end);
1113 return true;
1114 }
1115 };
1116
1117 template <>
1118 struct FuzzTraits<gfx::Size> {
1119 static bool Fuzz(gfx::Size* p, Fuzzer* fuzzer) {
1120 int width = p->width();
1121 int height = p->height();
1122 if (!FuzzParam(&width, fuzzer))
1123 return false;
1124 if (!FuzzParam(&height, fuzzer))
1125 return false;
1126 p->SetSize(width, height);
1127 return true;
1128 }
1129 };
1130
1131 template <>
1132 struct FuzzTraits<gfx::SizeF> {
1133 static bool Fuzz(gfx::SizeF* p, Fuzzer* fuzzer) {
1134 float w;
1135 float h;
1136 if (!FuzzParam(&w, fuzzer))
1137 return false;
1138 if (!FuzzParam(&h, fuzzer))
1139 return false;
1140 p->SetSize(w, h);
1141 return true;
1142 }
1143 };
1144
1145 template <>
1146 struct FuzzTraits<gfx::Transform> {
1147 static bool Fuzz(gfx::Transform* p, Fuzzer* fuzzer) {
1148 // TODO(mbarbella): Support mutation.
1149 if (!fuzzer->ShouldGenerate())
1150 return true;
1151
1152 SkMScalar matrix[16];
1153 if (!FuzzParamArray(&matrix[0], arraysize(matrix), fuzzer))
1154 return false;
1155 *p = gfx::Transform(matrix[0], matrix[1], matrix[2], matrix[3], matrix[4],
1156 matrix[5], matrix[6], matrix[7], matrix[8], matrix[9],
1157 matrix[10], matrix[11], matrix[12], matrix[13],
1158 matrix[14], matrix[15]);
1159 return true;
1160 }
1161 };
1162
1163 template <>
1164 struct FuzzTraits<gfx::Vector2d> {
1165 static bool Fuzz(gfx::Vector2d* p, Fuzzer* fuzzer) {
1166 int x = p->x();
1167 int y = p->y();
1168 if (!FuzzParam(&x, fuzzer))
1169 return false;
1170 if (!FuzzParam(&y, fuzzer))
1171 return false;
1172 *p = gfx::Vector2d(x, y);
1173 return true;
1174 }
1175 };
1176
1177 template <>
1178 struct FuzzTraits<gfx::Vector2dF> {
1179 static bool Fuzz(gfx::Vector2dF* p, Fuzzer* fuzzer) {
1180 float x = p->x();
1181 float y = p->y();
1182 if (!FuzzParam(&x, fuzzer))
1183 return false;
1184 if (!FuzzParam(&y, fuzzer))
1185 return false;
1186 *p = gfx::Vector2dF(x, y);
1187 return true;
1188 }
1189 };
1190
1191 template <>
1192 struct FuzzTraits<gpu::Mailbox> {
1193 static bool Fuzz(gpu::Mailbox* p, Fuzzer* fuzzer) {
1194 fuzzer->FuzzBytes(p->name, sizeof(p->name));
1195 return true;
1196 }
1197 };
1198
1199 template <>
1200 struct FuzzTraits<gpu::MailboxHolder> {
1201 static bool Fuzz(gpu::MailboxHolder* p, Fuzzer* fuzzer) {
1202 if (!FuzzParam(&p->mailbox, fuzzer))
1203 return false;
1204 if (!FuzzParam(&p->texture_target, fuzzer))
1205 return false;
1206 if (!FuzzParam(&p->sync_point, fuzzer))
1207 return false;
1208 return true;
1209 }
1210 };
1211
1212 template <>
1213 struct FuzzTraits<gpu::ValueState> {
1214 static bool Fuzz(gpu::ValueState* p, Fuzzer* fuzzer) {
1215 if (!FuzzParamArray(&p->float_value[0], 4, fuzzer))
1216 return false;
1217 if (!FuzzParamArray(&p->int_value[0], 4, fuzzer))
1218 return false;
1219 return true;
1220 }
1221 };
1222
1223 template <>
1224 struct FuzzTraits<GURL> {
1225 static bool Fuzz(GURL* p, Fuzzer* fuzzer) {
1226 // TODO(mbarbella): Support mutation.
1227 if (!fuzzer->ShouldGenerate())
1228 return true;
1229
1230 const char url_chars[] = "Ahtp0:/.?+\\%&#";
1231 size_t count = RandInRange(100);
1232 std::string random_url;
1233 for (size_t i = 0; i < count; ++i)
1234 random_url += url_chars[RandInRange(sizeof(url_chars) - 1)];
1235 int selector = RandInRange(10);
1236 if (selector == 0)
1237 random_url = std::string("http://") + random_url;
1238 else if (selector == 1)
1239 random_url = std::string("file://") + random_url;
1240 else if (selector == 2)
1241 random_url = std::string("javascript:") + random_url;
1242 else if (selector == 2)
1243 random_url = std::string("data:") + random_url;
1244 *p = GURL(random_url);
1245 return true;
1246 }
1247 };
1248
1249 #if defined(OS_WIN)
1250 template <>
1251 struct FuzzTraits<HWND> {
1252 static bool Fuzz(HWND* p, Fuzzer* fuzzer) {
1253 // TODO(aarya): This should actually do something.
1254 return true;
1255 }
1256 };
1257 #endif
1258
1259 template <>
1260 struct FuzzTraits<IPC::Message> {
1261 static bool Fuzz(IPC::Message* p, Fuzzer* fuzzer) {
1262 // TODO(mbarbella): Support mutation.
1263 if (!fuzzer->ShouldGenerate())
1264 return true;
1265
1266 if (g_function_vector.empty())
1267 return false;
1268 size_t index = RandInRange(g_function_vector.size());
1269 IPC::Message* ipc_message = (*g_function_vector[index])(NULL, fuzzer);
1270 if (!ipc_message)
1271 return false;
1272 p = ipc_message;
1273 return true;
1274 }
1275 };
1276
1277 template <>
1278 struct FuzzTraits<IPC::PlatformFileForTransit> {
1279 static bool Fuzz(IPC::PlatformFileForTransit* p, Fuzzer* fuzzer) {
1280 // TODO(inferno): I don't think we can generate real ones due to check on
1281 // construct.
1282 return true;
1283 }
1284 };
1285
1286 template <>
1287 struct FuzzTraits<IPC::ChannelHandle> {
1288 static bool Fuzz(IPC::ChannelHandle* p, Fuzzer* fuzzer) {
1289 // TODO(mbarbella): Support mutation.
1290 if (!fuzzer->ShouldGenerate())
1291 return true;
1292
1293 // TODO(inferno): Add way to generate real channel handles.
1294 #if defined(OS_WIN)
1295 HANDLE fake_handle = (HANDLE)(RandU64());
1296 p->pipe = IPC::ChannelHandle::PipeHandle(fake_handle);
1297 return true;
1298 #elif defined(OS_POSIX)
1299 return
1300 FuzzParam(&p->name, fuzzer) &&
1301 FuzzParam(&p->socket, fuzzer);
1302 #endif
1303 }
1304 };
1305
1306 #if defined(OS_WIN)
1307 template <>
1308 struct FuzzTraits<LOGFONT> {
1309 static bool Fuzz(LOGFONT* p, Fuzzer* fuzzer) {
1310 // TODO(aarya): This should actually do something.
1311 return true;
1312 }
1313 };
1314 #endif
1315
1316 template <>
1317 struct FuzzTraits<media::AudioParameters> {
1318 static bool Fuzz(media::AudioParameters* p, Fuzzer* fuzzer) {
1319 int format = p->format();
1320 int channel_layout = p->channel_layout();
1321 int sample_rate = p->sample_rate();
1322 int bits_per_sample = p->bits_per_sample();
1323 int frames_per_buffer = p->frames_per_buffer();
1324 int channels = p->channels();
1325 int effects = p->effects();
1326 if (!FuzzParam(&format, fuzzer))
1327 return false;
1328 if (!FuzzParam(&channel_layout, fuzzer))
1329 return false;
1330 if (!FuzzParam(&sample_rate, fuzzer))
1331 return false;
1332 if (!FuzzParam(&bits_per_sample, fuzzer))
1333 return false;
1334 if (!FuzzParam(&frames_per_buffer, fuzzer))
1335 return false;
1336 if (!FuzzParam(&channels, fuzzer))
1337 return false;
1338 if (!FuzzParam(&effects, fuzzer))
1339 return false;
1340 media::AudioParameters params(
1341 static_cast<media::AudioParameters::Format>(format),
1342 static_cast<media::ChannelLayout>(channel_layout), channels,
1343 sample_rate, bits_per_sample, frames_per_buffer, effects);
1344 *p = params;
1345 return true;
1346 }
1347 };
1348
1349 template <>
1350 struct FuzzTraits<media::VideoCaptureFormat> {
1351 static bool Fuzz(media::VideoCaptureFormat* p, Fuzzer* fuzzer) {
1352 if (!FuzzParam(&p->frame_size, fuzzer))
1353 return false;
1354 if (!FuzzParam(&p->frame_rate, fuzzer))
1355 return false;
1356 // TODO(mbarbella): Fix this or add traits for media::VideoPixelFormat.
1357 if (!FuzzParam(&p->pixel_format, fuzzer))
1358 return false;
1359 return true;
1360 }
1361 };
1362
1363 template <>
1364 struct FuzzTraits<net::LoadTimingInfo> {
1365 static bool Fuzz(net::LoadTimingInfo* p, Fuzzer* fuzzer) {
1366 return FuzzParam(&p->socket_log_id, fuzzer) &&
1367 FuzzParam(&p->socket_reused, fuzzer) &&
1368 FuzzParam(&p->request_start_time, fuzzer) &&
1369 FuzzParam(&p->request_start, fuzzer) &&
1370 FuzzParam(&p->proxy_resolve_start, fuzzer) &&
1371 FuzzParam(&p->proxy_resolve_end, fuzzer) &&
1372 FuzzParam(&p->connect_timing.dns_start, fuzzer) &&
1373 FuzzParam(&p->connect_timing.dns_end, fuzzer) &&
1374 FuzzParam(&p->connect_timing.connect_start, fuzzer) &&
1375 FuzzParam(&p->connect_timing.connect_end, fuzzer) &&
1376 FuzzParam(&p->connect_timing.ssl_start, fuzzer) &&
1377 FuzzParam(&p->connect_timing.ssl_end, fuzzer) &&
1378 FuzzParam(&p->send_start, fuzzer) &&
1379 FuzzParam(&p->send_end, fuzzer) &&
1380 FuzzParam(&p->receive_headers_end, fuzzer);
1381 }
1382 };
1383
1384 template <>
1385 struct FuzzTraits<net::HostPortPair> {
1386 static bool Fuzz(net::HostPortPair* p, Fuzzer* fuzzer) {
1387 std::string host = p->host();
1388 uint16 port = p->port();
1389 if (!FuzzParam(&host, fuzzer))
1390 return false;
1391 if (!FuzzParam(&port, fuzzer))
1392 return false;
1393 p->set_host(host);
1394 p->set_port(port);
1395 return true;
1396 }
1397 };
1398
1399 template <>
1400 struct FuzzTraits<net::IPEndPoint> {
1401 static bool Fuzz(net::IPEndPoint* p, Fuzzer* fuzzer) {
1402 net::IPAddressNumber address = p->address();
1403 int port = p->port();
1404 if (!FuzzParam(&address, fuzzer))
1405 return false;
1406 if (!FuzzParam(&port, fuzzer))
1407 return false;
1408 net::IPEndPoint ip_endpoint(address, port);
1409 *p = ip_endpoint;
1410 return true;
1411 }
1412 };
1413
1414 template <>
1415 struct FuzzTraits<network_hints::LookupRequest> {
1416 static bool Fuzz(network_hints::LookupRequest* p, Fuzzer* fuzzer) {
1417 if (!FuzzParam(&p->hostname_list, fuzzer))
1418 return false;
1419 return true;
1420 }
1421 };
1422
1423 // PP_ traits.
1424 template <>
1425 struct FuzzTraits<PP_Bool> {
1426 static bool Fuzz(PP_Bool* p, Fuzzer* fuzzer) {
1427 bool tmp = PP_ToBool(*p);
1428 if (!FuzzParam(&tmp, fuzzer))
1429 return false;
1430 *p = PP_FromBool(tmp);
1431 return true;
1432 }
1433 };
1434
1435 template <>
1436 struct FuzzTraits<PP_KeyInformation> {
1437 static bool Fuzz(PP_KeyInformation* p, Fuzzer* fuzzer) {
1438 // TODO(mbarbella): This should actually do something.
1439 return true;
1440 }
1441 };
1442
1443 template <>
1444 struct FuzzTraits<PP_NetAddress_Private> {
1445 static bool Fuzz(PP_NetAddress_Private* p, Fuzzer* fuzzer) {
1446 p->size = RandInRange(sizeof(p->data) + 1);
1447 fuzzer->FuzzBytes(&p->data, p->size);
1448 return true;
1449 }
1450 };
1451
1452 template <>
1453 struct FuzzTraits<ppapi::PPB_X509Certificate_Fields> {
1454 static bool Fuzz(ppapi::PPB_X509Certificate_Fields* p,
1455 Fuzzer* fuzzer) {
1456 // TODO(mbarbella): This should actually do something.
1457 return true;
1458 }
1459 };
1460
1461 template <>
1462 struct FuzzTraits<ppapi::proxy::PPBFlash_DrawGlyphs_Params> {
1463 static bool Fuzz(ppapi::proxy::PPBFlash_DrawGlyphs_Params* p,
1464 Fuzzer* fuzzer) {
1465 // TODO(mbarbella): This should actually do something.
1466 return true;
1467 }
1468 };
1469
1470 template <>
1471 struct FuzzTraits<ppapi::proxy::ResourceMessageCallParams> {
1472 static bool Fuzz(
1473 ppapi::proxy::ResourceMessageCallParams* p, Fuzzer* fuzzer) {
1474 // TODO(mbarbella): Support mutation.
1475 if (!fuzzer->ShouldGenerate())
1476 return true;
1477
1478 PP_Resource resource;
1479 int32_t sequence;
1480 bool has_callback;
1481 if (!FuzzParam(&resource, fuzzer))
1482 return false;
1483 if (!FuzzParam(&sequence, fuzzer))
1484 return false;
1485 if (!FuzzParam(&has_callback, fuzzer))
1486 return false;
1487 *p = ppapi::proxy::ResourceMessageCallParams(resource, sequence);
1488 if (has_callback)
1489 p->set_has_callback();
1490 return true;
1491 }
1492 };
1493
1494 template <>
1495 struct FuzzTraits<ppapi::proxy::ResourceMessageReplyParams> {
1496 static bool Fuzz(
1497 ppapi::proxy::ResourceMessageReplyParams* p, Fuzzer* fuzzer) {
1498 // TODO(mbarbella): Support mutation.
1499 if (!fuzzer->ShouldGenerate())
1500 return true;
1501
1502 PP_Resource resource;
1503 int32_t sequence;
1504 int32_t result;
1505 if (!FuzzParam(&resource, fuzzer))
1506 return false;
1507 if (!FuzzParam(&sequence, fuzzer))
1508 return false;
1509 if (!FuzzParam(&result, fuzzer))
1510 return false;
1511 *p = ppapi::proxy::ResourceMessageReplyParams(resource, sequence);
1512 p->set_result(result);
1513 return true;
1514 }
1515 };
1516
1517 template <>
1518 struct FuzzTraits<ppapi::proxy::SerializedHandle> {
1519 static bool Fuzz(ppapi::proxy::SerializedHandle* p,
1520 Fuzzer* fuzzer) {
1521 // TODO(mbarbella): This should actually do something.
1522 return true;
1523 }
1524 };
1525
1526 template <>
1527 struct FuzzTraits<ppapi::proxy::SerializedFontDescription> {
1528 static bool Fuzz(ppapi::proxy::SerializedFontDescription* p,
1529 Fuzzer* fuzzer) {
1530 // TODO(mbarbella): This should actually do something.
1531 return true;
1532 }
1533 };
1534
1535 template <>
1536 struct FuzzTraits<ppapi::proxy::SerializedTrueTypeFontDesc> {
1537 static bool Fuzz(ppapi::proxy::SerializedTrueTypeFontDesc* p,
1538 Fuzzer* fuzzer) {
1539 // TODO(mbarbella): This should actually do something.
1540 return true;
1541 }
1542 };
1543
1544 template <>
1545 struct FuzzTraits<ppapi::proxy::SerializedVar> {
1546 static bool Fuzz(ppapi::proxy::SerializedVar* p, Fuzzer* fuzzer) {
1547 // TODO(mbarbella): This should actually do something.
1548 return true;
1549 }
1550 };
1551
1552 template <>
1553 struct FuzzTraits<ppapi::HostResource> {
1554 static bool Fuzz(ppapi::HostResource* p, Fuzzer* fuzzer) {
1555 // TODO(mbarbella): Support mutation.
1556 if (!fuzzer->ShouldGenerate())
1557 return true;
1558
1559 PP_Instance instance;
1560 PP_Resource resource;
1561 if (!FuzzParam(&instance, fuzzer))
1562 return false;
1563 if (!FuzzParam(&resource, fuzzer))
1564 return false;
1565 p->SetHostResource(instance, resource);
1566 return true;
1567 }
1568 };
1569
1570 template <>
1571 struct FuzzTraits<ppapi::PepperFilePath> {
1572 static bool Fuzz(ppapi::PepperFilePath *p, Fuzzer* fuzzer) {
1573 // TODO(mbarbella): Support mutation.
1574 if (!fuzzer->ShouldGenerate())
1575 return true;
1576
1577 unsigned domain = RandInRange(ppapi::PepperFilePath::DOMAIN_MAX_VALID+1);
1578 base::FilePath path;
1579 if (!FuzzParam(&path, fuzzer))
1580 return false;
1581 *p = ppapi::PepperFilePath(
1582 static_cast<ppapi::PepperFilePath::Domain>(domain), path);
1583 return true;
1584 }
1585 };
1586
1587 template <>
1588 struct FuzzTraits<ppapi::PpapiPermissions> {
1589 static bool Fuzz(ppapi::PpapiPermissions* p, Fuzzer* fuzzer) {
1590 // TODO(mbarbella): Support mutation.
1591 if (!fuzzer->ShouldGenerate())
1592 return true;
1593
1594 uint32_t bits;
1595 if (!FuzzParam(&bits, fuzzer))
1596 return false;
1597 *p = ppapi::PpapiPermissions(bits);
1598 return true;
1599 }
1600 };
1601
1602 template <>
1603 struct FuzzTraits<ppapi::SocketOptionData> {
1604 static bool Fuzz(ppapi::SocketOptionData* p, Fuzzer* fuzzer) {
1605 // TODO(mbarbella): This can be improved.
1606 int32 tmp;
1607 p->GetInt32(&tmp);
1608 if (!FuzzParam(&tmp, fuzzer))
1609 return false;
1610 p->SetInt32(tmp);
1611 return true;
1612 }
1613 };
1614
1615 template <>
1616 struct FuzzTraits<printing::PdfRenderSettings> {
1617 static bool Fuzz(printing::PdfRenderSettings* p, Fuzzer* fuzzer) {
1618 gfx::Rect area = p->area();
1619 int dpi = p->dpi();
1620 bool autorotate = p->autorotate();
1621 if (!FuzzParam(&area, fuzzer))
1622 return false;
1623 if (!FuzzParam(&dpi, fuzzer))
1624 return false;
1625 if (!FuzzParam(&autorotate, fuzzer))
1626 return false;
1627 *p = printing::PdfRenderSettings(area, dpi, autorotate);
1628 return true;
1629 }
1630 };
1631
1632 template <>
1633 struct FuzzTraits<remoting::ScreenResolution> {
1634 static bool Fuzz(remoting::ScreenResolution* p, Fuzzer* fuzzer) {
1635 webrtc::DesktopSize dimensions = p->dimensions();
1636 webrtc::DesktopVector dpi = p->dpi();
1637 if (!FuzzParam(&dimensions, fuzzer))
1638 return false;
1639 if (!FuzzParam(&dpi, fuzzer))
1640 return false;
1641 *p = remoting::ScreenResolution(dimensions, dpi);
1642 return true;
1643 }
1644 };
1645
1646 template <>
1647 struct FuzzTraits<SkBitmap> {
1648 static bool Fuzz(SkBitmap* p, Fuzzer* fuzzer) {
1649 // TODO(mbarbella): This should actually do something.
1650 return true;
1651 }
1652 };
1653
1654 template <>
1655 struct FuzzTraits<storage::DataElement> {
1656 static bool Fuzz(storage::DataElement* p, Fuzzer* fuzzer) {
1657 // TODO(mbarbella): Support mutation.
1658 if (!fuzzer->ShouldGenerate())
1659 return true;
1660
1661 switch (RandInRange(4)) {
1662 case storage::DataElement::Type::TYPE_BYTES: {
1663 if (RandEvent(2)) {
1664 p->SetToEmptyBytes();
1665 } else {
1666 // TODO(mbarbella): Occasionally send more data here.
1667 char data[256];
1668 int data_len = RandInRange(sizeof(data));
1669 fuzzer->FuzzBytes(&data[0], data_len);
1670 p->SetToBytes(&data[0], data_len);
1671 }
1672 return true;
1673 }
1674 case storage::DataElement::Type::TYPE_FILE: {
1675 base::FilePath path;
1676 uint64 offset;
1677 uint64 length;
1678 base::Time modification_time;
1679 if (!FuzzParam(&path, fuzzer))
1680 return false;
1681 if (!FuzzParam(&offset, fuzzer))
1682 return false;
1683 if (!FuzzParam(&length, fuzzer))
1684 return false;
1685 if (!FuzzParam(&modification_time, fuzzer))
1686 return false;
1687 p->SetToFilePathRange(path, offset, length, modification_time);
1688 return true;
1689 }
1690 case storage::DataElement::Type::TYPE_BLOB: {
1691 std::string uuid;
1692 uint64 offset;
1693 uint64 length;
1694 if (!FuzzParam(&uuid, fuzzer))
1695 return false;
1696 if (!FuzzParam(&offset, fuzzer))
1697 return false;
1698 if (!FuzzParam(&length, fuzzer))
1699 return false;
1700 p->SetToBlobRange(uuid, offset, length);
1701 return true;
1702 }
1703 case storage::DataElement::Type::TYPE_FILE_FILESYSTEM: {
1704 GURL url;
1705 uint64 offset;
1706 uint64 length;
1707 base::Time modification_time;
1708 if (!FuzzParam(&url, fuzzer))
1709 return false;
1710 if (!FuzzParam(&offset, fuzzer))
1711 return false;
1712 if (!FuzzParam(&length, fuzzer))
1713 return false;
1714 if (!FuzzParam(&modification_time, fuzzer))
1715 return false;
1716 p->SetToFileSystemUrlRange(url, offset, length, modification_time);
1717 return true;
1718 }
1719 default: {
1720 NOTREACHED();
1721 return false;
1722 }
1723 }
1724 }
1725 };
1726
1727 template <>
1728 struct FuzzTraits<ui::LatencyInfo> {
1729 static bool Fuzz(ui::LatencyInfo* p, Fuzzer* fuzzer) {
1730 // TODO(inferno): Add param traits for |latency_components|.
1731 p->input_coordinates_size = static_cast<uint32>(
1732 RandInRange(ui::LatencyInfo::kMaxInputCoordinates + 1));
1733 if (!FuzzParamArray(
1734 &p->input_coordinates[0], p->input_coordinates_size, fuzzer))
1735 return false;
1736 if (!FuzzParam(&p->trace_id, fuzzer))
1737 return false;
1738 if (!FuzzParam(&p->terminated, fuzzer))
1739 return false;
1740 return true;
1741 }
1742 };
1743
1744 template <>
1745 struct FuzzTraits<ui::LatencyInfo::InputCoordinate> {
1746 static bool Fuzz(
1747 ui::LatencyInfo::InputCoordinate* p, Fuzzer* fuzzer) {
1748 if (!FuzzParam(&p->x, fuzzer))
1749 return false;
1750 if (!FuzzParam(&p->y, fuzzer))
1751 return false;
1752 return true;
1753 }
1754 };
1755
1756 template <>
1757 struct FuzzTraits<url::Origin> {
1758 static bool Fuzz(url::Origin* p, Fuzzer* fuzzer) {
1759 std::string origin = p->string();
1760 if (!FuzzParam(&origin, fuzzer))
1761 return false;
1762 *p = url::Origin(origin);
1763 return true;
1764 }
1765 };
1766
1767 template <>
1768 struct FuzzTraits<URLPattern> {
1769 static bool Fuzz(URLPattern* p, Fuzzer* fuzzer) {
1770 int valid_schemes = p->valid_schemes();
1771 std::string host = p->host();
1772 std::string port = p->port();
1773 std::string path = p->path();
1774 if (!FuzzParam(&valid_schemes, fuzzer))
1775 return false;
1776 if (!FuzzParam(&host, fuzzer))
1777 return false;
1778 if (!FuzzParam(&port, fuzzer))
1779 return false;
1780 if (!FuzzParam(&path, fuzzer))
1781 return false;
1782 *p = URLPattern(valid_schemes);
1783 p->SetHost(host);
1784 p->SetPort(port);
1785 p->SetPath(path);
1786 return true;
1787 }
1788 };
1789
1790 template <>
1791 struct FuzzTraits<webrtc::DesktopSize> {
1792 static bool Fuzz(webrtc::DesktopSize* p, Fuzzer* fuzzer) {
1793 int32_t width = p->width();
1794 int32_t height = p->height();
1795 if (!FuzzParam(&width, fuzzer))
1796 return false;
1797 if (!FuzzParam(&height, fuzzer))
1798 return false;
1799 *p = webrtc::DesktopSize(width, height);
1800 return true;
1801 }
1802 };
1803
1804 template <>
1805 struct FuzzTraits<webrtc::DesktopVector> {
1806 static bool Fuzz(webrtc::DesktopVector* p, Fuzzer* fuzzer) {
1807 int32_t x = p->x();
1808 int32_t y = p->y();
1809 if (!FuzzParam(&x, fuzzer))
1810 return false;
1811 if (!FuzzParam(&y, fuzzer))
1812 return false;
1813 p->set(x, y);
1814 return true;
1815 }
1816 };
1817
1818 template <>
1819 struct FuzzTraits<webrtc::DesktopRect> {
1820 static bool Fuzz(webrtc::DesktopRect* p, Fuzzer* fuzzer) {
1821 int32_t left = p->left();
1822 int32_t top = p->top();
1823 int32_t right = p->right();
1824 int32_t bottom = p->bottom();
1825 if (!FuzzParam(&left, fuzzer))
1826 return false;
1827 if (!FuzzParam(&top, fuzzer))
1828 return false;
1829 if (!FuzzParam(&right, fuzzer))
1830 return false;
1831 if (!FuzzParam(&bottom, fuzzer))
1832 return false;
1833 *p = webrtc::DesktopRect::MakeLTRB(left, top, right, bottom);
1834 return true;
1835 }
1836 };
1837
1838 template <>
1839 struct FuzzTraits<webrtc::MouseCursor> {
1840 static bool Fuzz(webrtc::MouseCursor* p, Fuzzer* fuzzer) {
1841 // TODO(mbarbella): Support mutation.
1842 if (!fuzzer->ShouldGenerate())
1843 return true;
1844
1845 webrtc::DesktopVector hotspot;
1846 if (!FuzzParam(&hotspot, fuzzer))
1847 return false;
1848 // Using a small size here to avoid OOM or overflow on image allocation.
1849 webrtc::DesktopSize size(RandInRange(100), RandInRange(100));
1850 p->set_image(new webrtc::BasicDesktopFrame(size));
1851 p->set_hotspot(hotspot);
1852 return true;
1853 }
1854 };
1855
1856 // Redefine macros to generate generating from traits declarations.
1857 // STRUCT declarations cause corresponding STRUCT_TRAITS declarations to occur.
1858 #undef IPC_STRUCT_BEGIN
1859 #undef IPC_STRUCT_BEGIN_WITH_PARENT
1860 #undef IPC_STRUCT_MEMBER
1861 #undef IPC_STRUCT_END
1862 #define IPC_STRUCT_BEGIN_WITH_PARENT(struct_name, parent) \
1863 IPC_STRUCT_BEGIN(struct_name)
1864 #define IPC_STRUCT_BEGIN(struct_name) IPC_STRUCT_TRAITS_BEGIN(struct_name)
1865 #define IPC_STRUCT_MEMBER(type, name, ...) IPC_STRUCT_TRAITS_MEMBER(name)
1866 #define IPC_STRUCT_END() IPC_STRUCT_TRAITS_END()
1867
1868 // Set up so next include will generate generate trait classes.
1869 #undef IPC_STRUCT_TRAITS_BEGIN
1870 #undef IPC_STRUCT_TRAITS_MEMBER
1871 #undef IPC_STRUCT_TRAITS_PARENT
1872 #undef IPC_STRUCT_TRAITS_END
1873 #define IPC_STRUCT_TRAITS_BEGIN(struct_name) \
1874 template <> \
1875 struct FuzzTraits<struct_name> { \
1876 static bool Fuzz(struct_name *p, Fuzzer* fuzzer) {
1877
1878 #define IPC_STRUCT_TRAITS_MEMBER(name) \
1879 if (!FuzzParam(&p->name, fuzzer)) \
1880 return false;
1881
1882 #define IPC_STRUCT_TRAITS_PARENT(type) \
1883 if (!FuzzParam(static_cast<type*>(p), fuzzer)) \
1884 return false;
1885
1886 #define IPC_STRUCT_TRAITS_END() \
1887 return true; \
1888 } \
1889 };
1890
1891 // If |condition| isn't met, the messsge will fail to serialize. Try
1892 // increasingly smaller ranges until we find one that happens to meet
1893 // the condition, or fail trying.
1894 #undef IPC_ENUM_TRAITS_VALIDATE
1895 #define IPC_ENUM_TRAITS_VALIDATE(enum_name, condition) \
1896 template <> \
1897 struct FuzzTraits<enum_name> { \
1898 static bool Fuzz(enum_name* p, Fuzzer* fuzzer) { \
1899 for (int shift = 30; shift; --shift) { \
1900 for (int tries = 0; tries < 2; ++tries) { \
1901 int value = RandInRange(1 << shift); \
1902 if (condition) { \
1903 *reinterpret_cast<int*>(p) = value; \
1904 return true; \
1905 } \
1906 } \
1907 } \
1908 std::cerr << "failed to satisfy " << #condition << "\n"; \
1909 return false; \
1910 } \
1911 };
1912
1913 // Bring them into existence.
1914 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
1915 #include "ipc/ipc_message_null_macros.h"
1916
1917 // Redefine macros to generate generating funtions
1918 #undef IPC_MESSAGE_DECL
1919 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \
1920 IPC_##kind##_##type##_FUZZ(name, in, out, ilist, olist)
1921
1922 #define IPC_EMPTY_CONTROL_FUZZ(name, in, out, ilist, olist) \
1923 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1924 if (msg) { \
1925 return NULL; \
1926 } \
1927 return new name(); \
1928 }
1929
1930 #define IPC_EMPTY_ROUTED_FUZZ(name, in, out, ilist, olist) \
1931 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1932 if (msg) { \
1933 return NULL; \
1934 } \
1935 return new name(RandInRange(MAX_FAKE_ROUTING_ID)); \
1936 }
1937
1938 #define IPC_ASYNC_CONTROL_FUZZ(name, in, out, ilist, olist) \
1939 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1940 IPC_TUPLE_IN_##in ilist p; \
1941 if (msg) { \
1942 name::Read(static_cast<name*>(msg), &p); \
1943 } \
1944 if (FuzzParam(&p, fuzzer)) { \
1945 return new name(IPC_MEMBERS_IN_##in(p)); \
1946 } \
1947 std::cerr << "Don't know how to handle " << #name << "\n"; \
1948 return 0; \
1949 }
1950
1951 #define IPC_ASYNC_ROUTED_FUZZ(name, in, out, ilist, olist) \
1952 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1953 IPC_TUPLE_IN_##in ilist p; \
1954 if (msg) { \
1955 name::Read(static_cast<name*>(msg), &p); \
1956 } \
1957 if (FuzzParam(&p, fuzzer)) { \
1958 return new name(RandInRange(MAX_FAKE_ROUTING_ID) \
1959 IPC_COMMA_##in \
1960 IPC_MEMBERS_IN_##in(p)); \
1961 } \
1962 std::cerr << "Don't know how to handle " << #name << "\n"; \
1963 return 0; \
1964 }
1965
1966 #define IPC_SYNC_CONTROL_FUZZ(name, in, out, ilist, olist) \
1967 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1968 IPC_TUPLE_IN_##in ilist p; \
1969 if (msg) { \
1970 name::ReadSendParam(static_cast<name*>(msg), &p); \
1971 } \
1972 if (FuzzParam(&p, fuzzer)) { \
1973 return new name(IPC_MEMBERS_IN_##in(p) \
1974 IPC_COMMA_AND_##out(IPC_COMMA_##in) \
1975 IPC_MEMBERS_OUT_##out()); \
1976 } \
1977 std::cerr << "Don't know how to handle " << #name << "\n"; \
1978 return 0; \
1979 }
1980
1981 #define IPC_SYNC_ROUTED_FUZZ(name, in, out, ilist, olist) \
1982 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1983 IPC_TUPLE_IN_##in ilist p; \
1984 if (msg) { \
1985 name::ReadSendParam(static_cast<name*>(msg), &p); \
1986 } \
1987 if (FuzzParam(&p, fuzzer)) { \
1988 return new name(RandInRange(MAX_FAKE_ROUTING_ID) \
1989 IPC_COMMA_OR_##out(IPC_COMMA_##in) \
1990 IPC_MEMBERS_IN_##in(p) \
1991 IPC_COMMA_AND_##out(IPC_COMMA_##in) \
1992 IPC_MEMBERS_OUT_##out()); \
1993 } \
1994 std::cerr << "Don't know how to handle " << #name << "\n"; \
1995 return 0; \
1996 }
1997
1998 #define MAX_FAKE_ROUTING_ID 15
1999
2000 #define IPC_MEMBERS_IN_0(p)
2001 #define IPC_MEMBERS_IN_1(p) get<0>(p)
2002 #define IPC_MEMBERS_IN_2(p) get<0>(p), get<1>(p)
2003 #define IPC_MEMBERS_IN_3(p) get<0>(p), get<1>(p), get<2>(p)
2004 #define IPC_MEMBERS_IN_4(p) get<0>(p), get<1>(p), get<2>(p), get<3>(p)
2005 #define IPC_MEMBERS_IN_5(p) get<0>(p), get<1>(p), get<2>(p), get<3>(p), \
2006 get<4>(p)
2007
2008 #define IPC_MEMBERS_OUT_0()
2009 #define IPC_MEMBERS_OUT_1() NULL
2010 #define IPC_MEMBERS_OUT_2() NULL, NULL
2011 #define IPC_MEMBERS_OUT_3() NULL, NULL, NULL
2012 #define IPC_MEMBERS_OUT_4() NULL, NULL, NULL, NULL
2013 #define IPC_MEMBERS_OUT_5() NULL, NULL, NULL, NULL, NULL
2014
2015 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
2016 #include "ipc/ipc_message_null_macros.h"
2017
2018 void PopulateFuzzerFunctionVector(
2019 FuzzerFunctionVector* function_vector) {
2020 #undef IPC_MESSAGE_DECL
2021 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \
2022 function_vector->push_back(fuzzer_for_##name);
2023 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
2024 }
2025
2026 // Redefine macros to register fuzzing functions into map.
2027 #include "ipc/ipc_message_null_macros.h"
2028 #undef IPC_MESSAGE_DECL
2029 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \
2030 (*map)[static_cast<uint32>(name::ID)] = fuzzer_for_##name;
2031
2032 void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map) {
2033 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
2034 }
2035
2036 } // namespace ipc_fuzzer
OLDNEW
« tools/ipc_fuzzer/dump/dump.gyp ('K') | « tools/ipc_fuzzer/mutate/fuzzer.h ('k') | tools/ipc_fuzzer/mutate/generate.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698