Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(90)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tools/ipc_fuzzer/mutate/fuzzer.cc

Issue 1000373004: Combine traits for IPC mutation and generation fuzzing plus other refactoring. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Add mutation support for more types. Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« tools/ipc_fuzzer/mutate/fuzzer.h ('K') | « tools/ipc_fuzzer/mutate/fuzzer.h ('k') | tools/ipc_fuzzer/mutate/generate.cc » ('j') | tools/ipc_fuzzer/mutate/mutator.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <iostream>
6 #include <set>
7 #include <string>
8 #include <utility>
9 #include <vector>
10
11 #include "base/strings/string_util.h"
12 #include "ipc/ipc_message.h"
13 #include "ipc/ipc_message_utils.h"
14 #include "ipc/ipc_switches.h"
15 #include "ipc/ipc_sync_channel.h"
16 #include "ipc/ipc_sync_message.h"
17 #include "tools/ipc_fuzzer/message_lib/message_file.h"
18 #include "tools/ipc_fuzzer/mutate/fuzzer.h"
19 #include "tools/ipc_fuzzer/mutate/rand_util.h"
20
21 #if defined(OS_POSIX)
22 #include <unistd.h>
23 #endif
24
25 // First include of message files to provide basic type.
inferno 2015/03/16 18:56:34 s/of/all s/type/types
26 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
27 #include "ipc/ipc_message_null_macros.h"
inferno 2015/03/16 18:56:34 newline before this, with comment https://code.goo
Martin Barbella 2015/03/18 17:59:06 That's actually much later (line 2037 on this patc
28
29 #if defined(COMPILER_GCC)
30 #define PRETTY_FUNCTION __PRETTY_FUNCTION__
31 #elif defined(COMPILER_MSVC)
32 #define PRETTY_FUNCTION __FUNCSIG__
33 #else
34 #define PRETTY_FUNCTION __FUNCTION__
35 #endif
36
37 namespace IPC {
38 class Message;
39 } // namespace IPC
40
41 namespace {
42 // For breaking deep recursion.
43 int g_depth = 0;
44 } // namespace
45
46 namespace ipc_fuzzer {
47
48 FuzzerFunctionVector g_function_vector;
49
50 bool Fuzzer::ShouldGenerate() {
inferno 2015/03/16 18:56:34 Why is this defined here ? shouldn't this only be
Martin Barbella 2015/03/16 19:19:55 It shouldn't only be in those places, but maybe it
51 return false;
52 }
53
54 // Partially-specialized class that knows how to handle a given type.
55 template <class P>
56 struct FuzzTraits {
57 static bool Fuzz(P* p, Fuzzer *fuzzer) {
58 // This is the catch-all for types we don't have enough information
59 // to generate.
60 std::cerr << "Can't handle " << PRETTY_FUNCTION << "\n";
61 return false;
62 }
63 };
64
65 // Template function to invoke partially-specialized class method.
66 template <class P>
67 static bool FuzzParam(P* p, Fuzzer* fuzzer) {
68 return FuzzTraits<P>::Fuzz(p, fuzzer);
69 }
70
71 template <class P>
72 static bool FuzzParamArray(P* p, size_t length, Fuzzer* fuzzer) {
73 for (size_t i = 0; i < length; i++, p++) {
74 if (!FuzzTraits<P>::Fuzz(p, fuzzer))
75 return false;
76 }
77 return true;
78 }
79
80 // Specializations to generate primitive types.
81 template <>
82 struct FuzzTraits<bool> {
83 static bool Fuzz(bool* p, Fuzzer* fuzzer) {
84 fuzzer->FuzzBool(p);
85 return true;
86 }
87 };
88
89 template <>
90 struct FuzzTraits<int> {
91 static bool Fuzz(int* p, Fuzzer* fuzzer) {
92 fuzzer->FuzzInt(p);
93 return true;
94 }
95 };
96
97 template <>
98 struct FuzzTraits<unsigned int> {
99 static bool Fuzz(unsigned int* p, Fuzzer* fuzzer) {
100 fuzzer->FuzzInt(reinterpret_cast<int*>(p));
101 return true;
102 }
103 };
104
105 template <>
106 struct FuzzTraits<long> {
107 static bool Fuzz(long* p, Fuzzer* fuzzer) {
108 fuzzer->FuzzLong(p);
109 return true;
110 }
111 };
112
113 template <>
114 struct FuzzTraits<unsigned long> {
115 static bool Fuzz(unsigned long* p, Fuzzer* fuzzer) {
116 fuzzer->FuzzLong(reinterpret_cast<long*>(p));
117 return true;
118 }
119 };
120
121 template <>
122 struct FuzzTraits<long long> {
123 static bool Fuzz(long long* p, Fuzzer* fuzzer) {
124 fuzzer->FuzzInt64(reinterpret_cast<int64*>(p));
125 return true;
126 }
127 };
128
129 template <>
130 struct FuzzTraits<unsigned long long> {
131 static bool Fuzz(unsigned long long* p, Fuzzer* fuzzer) {
132 fuzzer->FuzzInt64(reinterpret_cast<int64*>(p));
133 return true;
134 }
135 };
136
137 template <>
138 struct FuzzTraits<short> {
139 static bool Fuzz(short* p, Fuzzer* fuzzer) {
140 fuzzer->FuzzUInt16(reinterpret_cast<uint16*>(p));
141 return true;
142 }
143 };
144
145 template <>
146 struct FuzzTraits<unsigned short> {
147 static bool Fuzz(unsigned short* p, Fuzzer* fuzzer) {
148 fuzzer->FuzzUInt16(reinterpret_cast<uint16*>(p));
149 return true;
150 }
151 };
152
153 template <>
154 struct FuzzTraits<char> {
155 static bool Fuzz(char* p, Fuzzer* fuzzer) {
156 fuzzer->FuzzUChar(reinterpret_cast<unsigned char*>(p));
157 return true;
158 }
159 };
160
161 template <>
162 struct FuzzTraits<unsigned char> {
163 static bool Fuzz(unsigned char* p, Fuzzer* fuzzer) {
164 fuzzer->FuzzUChar(p);
165 return true;
166 }
167 };
168
169 template <>
170 struct FuzzTraits<wchar_t> {
171 static bool Fuzz(wchar_t* p, Fuzzer* fuzzer) {
172 fuzzer->FuzzWChar(p);
173 return true;
174 }
175 };
176
177 template <>
178 struct FuzzTraits<float> {
179 static bool Fuzz(float* p, Fuzzer* fuzzer) {
180 fuzzer->FuzzFloat(p);
181 return true;
182 }
183 };
184
185 template <>
186 struct FuzzTraits<double> {
187 static bool Fuzz(double* p, Fuzzer* fuzzer) {
188 fuzzer->FuzzDouble(p);
189 return true;
190 }
191 };
192
193 template <>
194 struct FuzzTraits<std::string> {
195 static bool Fuzz(std::string* p, Fuzzer* fuzzer) {
196 fuzzer->FuzzString(p);
197 return true;
198 }
199 };
200
201 template <>
202 struct FuzzTraits<base::string16> {
203 static bool Fuzz(base::string16* p, Fuzzer* fuzzer) {
204 fuzzer->FuzzString16(p);
205 return true;
206 }
207 };
208
209 // Specializations for tuples.
210 template <>
211 struct FuzzTraits<Tuple<>> {
212 static bool Fuzz(Tuple<>* p, Fuzzer* fuzzer) {
213 return true;
214 }
215 };
216
217 template <class A>
218 struct FuzzTraits<Tuple<A>> {
219 static bool Fuzz(Tuple<A>* p, Fuzzer* fuzzer) {
220 return FuzzParam(&get<0>(*p), fuzzer);
221 }
222 };
223
224 template <class A, class B>
225 struct FuzzTraits<Tuple<A, B>> {
226 static bool Fuzz(Tuple<A, B>* p, Fuzzer* fuzzer) {
227 return
228 FuzzParam(&get<0>(*p), fuzzer) &&
229 FuzzParam(&get<1>(*p), fuzzer);
230 }
231 };
232
233 template <class A, class B, class C>
234 struct FuzzTraits<Tuple<A, B, C>> {
235 static bool Fuzz(Tuple<A, B, C>* p, Fuzzer* fuzzer) {
236 return
237 FuzzParam(&get<0>(*p), fuzzer) &&
238 FuzzParam(&get<1>(*p), fuzzer) &&
239 FuzzParam(&get<2>(*p), fuzzer);
240 }
241 };
242
243 template <class A, class B, class C, class D>
244 struct FuzzTraits<Tuple<A, B, C, D>> {
245 static bool Fuzz(Tuple<A, B, C, D>* p, Fuzzer* fuzzer) {
246 return
247 FuzzParam(&get<0>(*p), fuzzer) &&
248 FuzzParam(&get<1>(*p), fuzzer) &&
249 FuzzParam(&get<2>(*p), fuzzer) &&
250 FuzzParam(&get<3>(*p), fuzzer);
251 }
252 };
253
254 template <class A, class B, class C, class D, class E>
255 struct FuzzTraits<Tuple<A, B, C, D, E>> {
256 static bool Fuzz(Tuple<A, B, C, D, E>* p, Fuzzer* fuzzer) {
257 return
258 FuzzParam(&get<0>(*p), fuzzer) &&
259 FuzzParam(&get<1>(*p), fuzzer) &&
260 FuzzParam(&get<2>(*p), fuzzer) &&
261 FuzzParam(&get<3>(*p), fuzzer) &&
262 FuzzParam(&get<4>(*p), fuzzer);
263 }
264 };
265
266 // Specializations for containers.
267 template <class A>
268 struct FuzzTraits<std::vector<A> > {
269 static bool Fuzz(std::vector<A>* p, Fuzzer* fuzzer) {
270 ++g_depth;
271 size_t count = p->size();
272 if (fuzzer->ShouldGenerate()) {
273 count = g_depth > 3 ? 0 : RandElementCount();
274 p->resize(count);
275 }
276 for (size_t i = 0; i < count; ++i) {
277 if (!FuzzParam(&p->at(i), fuzzer)) {
278 --g_depth;
279 return false;
280 }
281 }
282 --g_depth;
283 return true;
284 }
285 };
286
287 template <class A>
288 struct FuzzTraits<std::set<A> > {
289 static bool Fuzz(std::set<A>* p, Fuzzer* fuzzer) {
290 if (!fuzzer->ShouldGenerate()) {
291 typename std::set<A>::iterator it;
292 for (it = p->begin(); it != p->end(); ++it) {
293 if (!FuzzParam(&*it, fuzzer))
294 return false;
295 }
296 return true;
297 }
298
299 static int g_depth = 0;
300 size_t count = ++g_depth > 3 ? 0 : RandElementCount();
301 A a;
302 for (size_t i = 0; i < count; ++i) {
303 if (!FuzzParam(&a, fuzzer)) {
304 --g_depth;
305 return false;
306 }
307 p->insert(a);
308 }
309 --g_depth;
310 return true;
311 }
312 };
313
314 template <class A, class B>
315 struct FuzzTraits<std::map<A, B> > {
316 static bool Fuzz(std::map<A, B>* p, Fuzzer* fuzzer) {
317 if (!fuzzer->ShouldGenerate()) {
318 typename std::map<A, B>::iterator it;
319 for (it = p->begin(); it != p->end(); ++it) {
320 if (!FuzzParam(&it->second, fuzzer))
321 return false;
322 }
323 return true;
324 }
325
326 static int g_depth = 0;
327 size_t count = ++g_depth > 3 ? 0 : RandElementCount();
328 std::pair<A, B> place_holder;
329 for (size_t i = 0; i < count; ++i) {
330 if (!FuzzParam(&place_holder, fuzzer)) {
331 --g_depth;
332 return false;
333 }
334 p->insert(place_holder);
335 }
336 --g_depth;
337 return true;
338 }
339 };
340
341 template <class A, class B, class C, class D>
342 struct FuzzTraits<std::map<A, B, C, D>> {
343 static bool Fuzz(std::map<A, B, C, D>* p, Fuzzer* fuzzer) {
344 if (!fuzzer->ShouldGenerate()) {
345 typename std::map<A, B, C, D>::iterator it;
346 for (it = p->begin(); it != p->end(); ++it) {
347 if (!FuzzParam(&it->second, fuzzer))
348 return false;
349 }
350 return true;
351 }
352
353 static int g_depth = 0;
354 size_t count = ++g_depth > 3 ? 0 : RandElementCount();
355 std::pair<A, B> place_holder;
356 for (size_t i = 0; i < count; ++i) {
357 if (!FuzzParam(&place_holder, fuzzer)) {
358 --g_depth;
359 return false;
360 }
361 p->insert(place_holder);
362 }
363 --g_depth;
364 return true;
365 }
366 };
367
368 template <class A, class B>
369 struct FuzzTraits<std::pair<A, B> > {
370 static bool Fuzz(std::pair<A, B>* p, Fuzzer* fuzzer) {
371 return
372 FuzzParam(&p->first, fuzzer) &&
373 FuzzParam(&p->second, fuzzer);
374 }
375 };
376
377 // Specializations for hand-coded types.
378
379 template <>
380 struct FuzzTraits<base::FilePath> {
381 static bool Fuzz(base::FilePath* p, Fuzzer* fuzzer) {
382 if (!fuzzer->ShouldGenerate()) {
383 return FuzzParam(&p->value(), fuzzer);
384 }
385
386 const char path_chars[] = "ACz0/.~:";
387 size_t count = RandInRange(60);
388 base::FilePath::StringType random_path;
389 for (size_t i = 0; i < count; ++i)
390 random_path += path_chars[RandInRange(sizeof(path_chars) - 1)];
391 *p = base::FilePath(random_path);
392 return true;
393 }
394 };
395
396 template <>
397 struct FuzzTraits<base::File::Error> {
398 static bool Fuzz(base::File::Error* p, Fuzzer* fuzzer) {
399 int value = static_cast<int>(*p);
400 if (!FuzzParam(&value, fuzzer))
401 return false;
402 *p = static_cast<base::File::Error>(value);
403 return true;
404 }
405 };
406
407 template <>
408 struct FuzzTraits<base::File::Info> {
409 static bool Fuzz(base::File::Info* p, Fuzzer* fuzzer) {
410 double last_modified = p->last_modified.ToDoubleT();
411 double last_accessed = p->last_accessed.ToDoubleT();
412 double creation_time = p->creation_time.ToDoubleT();
413 if (!FuzzParam(&p->size, fuzzer))
414 return false;
415 if (!FuzzParam(&p->is_directory, fuzzer))
416 return false;
417 if (!FuzzParam(&last_modified, fuzzer))
418 return false;
419 if (!FuzzParam(&last_accessed, fuzzer))
420 return false;
421 if (!FuzzParam(&creation_time, fuzzer))
422 return false;
423 p->last_modified = base::Time::FromDoubleT(last_modified);
424 p->last_accessed = base::Time::FromDoubleT(last_accessed);
425 p->creation_time = base::Time::FromDoubleT(creation_time);
426 return true;
427 }
428 };
429
430 template <>
431 struct FuzzTraits<base::NullableString16> {
432 static bool Fuzz(base::NullableString16* p, Fuzzer* fuzzer) {
433 base::string16 string = p->string();
434 bool is_null = p->is_null();
435 if (!FuzzParam(&string, fuzzer))
436 return false;
437 if (!FuzzParam(&is_null, fuzzer))
438 return false;
439 *p = base::NullableString16(string, is_null);
440 return true;
441 }
442 };
443
444 template <>
445 struct FuzzTraits<base::Time> {
446 static bool Fuzz(base::Time* p, Fuzzer* fuzzer) {
447 int64 internal_value = p->ToInternalValue();
448 if (!FuzzParam(&internal_value, fuzzer))
449 return false;
450 *p = base::Time::FromInternalValue(internal_value);
451 return true;
452 }
453 };
454
455 template <>
456 struct FuzzTraits<base::TimeDelta> {
457 static bool Fuzz(base::TimeDelta* p, Fuzzer* fuzzer) {
458 int64 internal_value = p->ToInternalValue();
459 if (!FuzzParam(&internal_value, fuzzer))
460 return false;
461 *p = base::TimeDelta::FromInternalValue(internal_value);
462 return true;
463 }
464 };
465
466 template <>
467 struct FuzzTraits<base::TimeTicks> {
468 static bool Fuzz(base::TimeTicks* p, Fuzzer* fuzzer) {
469 int64 internal_value = p->ToInternalValue();
470 if (!FuzzParam(&internal_value, fuzzer))
471 return false;
472 *p = base::TimeTicks::FromInternalValue(internal_value);
473 return true;
474 }
475 };
476
477 template <>
478 struct FuzzTraits<base::ListValue> {
479 static bool Fuzz(base::ListValue* p, Fuzzer* fuzzer) {
480 ++g_depth;
481 size_t list_length = p->GetSize();
482 if (fuzzer->ShouldGenerate())
483 list_length = g_depth > 3 ? 0 : RandInRange(8);
484 for (size_t index = 0; index < list_length; ++index) {
485 switch (RandInRange(8)) {
486 case base::Value::TYPE_BOOLEAN: {
487 bool tmp;
488 p->GetBoolean(index, &tmp);
489 fuzzer->FuzzBool(&tmp);
490 p->Set(index, new base::FundamentalValue(tmp));
491 break;
492 }
493 case base::Value::TYPE_INTEGER: {
494 int tmp;
495 p->GetInteger(index, &tmp);
496 fuzzer->FuzzInt(&tmp);
497 p->Set(index, new base::FundamentalValue(tmp));
498 break;
499 }
500 case base::Value::TYPE_DOUBLE: {
501 double tmp;
502 p->GetDouble(index, &tmp);
503 fuzzer->FuzzDouble(&tmp);
504 p->Set(index, new base::FundamentalValue(tmp));
505 break;
506 }
507 case base::Value::TYPE_STRING: {
508 std::string tmp;
509 p->GetString(index, &tmp);
510 fuzzer->FuzzString(&tmp);
511 p->Set(index, new base::StringValue(tmp));
512 break;
513 }
514 case base::Value::TYPE_BINARY: {
515 // TODO(mbarbella): Support mutation for this type.
516 if (!fuzzer->ShouldGenerate())
517 break;
518
519 char tmp[200];
520 size_t bin_length = RandInRange(sizeof(tmp));
521 fuzzer->FuzzData(tmp, bin_length);
522 p->Set(index,
523 base::BinaryValue::CreateWithCopiedBuffer(tmp, bin_length));
524 break;
525 }
526 case base::Value::TYPE_DICTIONARY: {
527 base::DictionaryValue* tmp = new base::DictionaryValue();
528 p->GetDictionary(index, &tmp);
529 FuzzParam(tmp, fuzzer);
530 p->Set(index, tmp);
531 break;
532 }
533 case base::Value::TYPE_LIST: {
534 base::ListValue* tmp = new base::ListValue();
535 p->GetList(index, &tmp);
536 FuzzParam(tmp, fuzzer);
537 p->Set(index, tmp);
538 break;
539 }
540 case base::Value::TYPE_NULL:
541 default:
542 break;
543 }
544 }
545 --g_depth;
546 return true;
547 }
548 };
549
550 template <>
551 struct FuzzTraits<base::DictionaryValue> {
552 static bool Fuzz(base::DictionaryValue* p, Fuzzer* fuzzer) {
553 // TODO(mbarbella): Support mutation.
554 if (!fuzzer->ShouldGenerate())
555 return true;
556
557 ++g_depth;
558 size_t dict_length = g_depth > 3 ? 0 : RandInRange(8);
559 for (size_t index = 0; index < dict_length; ++index) {
560 std::string property;
561 fuzzer->FuzzString(&property);
562 switch (RandInRange(8)) {
563 case base::Value::TYPE_BOOLEAN: {
564 bool tmp;
565 fuzzer->FuzzBool(&tmp);
566 p->SetWithoutPathExpansion(property, new base::FundamentalValue(tmp));
567 break;
568 }
569 case base::Value::TYPE_INTEGER: {
570 int tmp;
571 fuzzer->FuzzInt(&tmp);
572 p->SetWithoutPathExpansion(property, new base::FundamentalValue(tmp));
573 break;
574 }
575 case base::Value::TYPE_DOUBLE: {
576 double tmp;
577 fuzzer->FuzzDouble(&tmp);
578 p->SetWithoutPathExpansion(property, new base::FundamentalValue(tmp));
579 break;
580 }
581 case base::Value::TYPE_STRING: {
582 std::string tmp;
583 fuzzer->FuzzString(&tmp);
584 p->SetWithoutPathExpansion(property, new base::StringValue(tmp));
585 break;
586 }
587 case base::Value::TYPE_BINARY: {
588 char tmp[200];
589 size_t bin_length = RandInRange(sizeof(tmp));
590 fuzzer->FuzzData(tmp, bin_length);
591 p->SetWithoutPathExpansion(
592 property,
593 base::BinaryValue::CreateWithCopiedBuffer(tmp, bin_length));
594 break;
595 }
596 case base::Value::TYPE_DICTIONARY: {
597 base::DictionaryValue* tmp = new base::DictionaryValue();
598 FuzzParam(tmp, fuzzer);
599 p->SetWithoutPathExpansion(property, tmp);
600 break;
601 }
602 case base::Value::TYPE_LIST: {
603 base::ListValue* tmp = new base::ListValue();
604 FuzzParam(tmp, fuzzer);
605 p->SetWithoutPathExpansion(property, tmp);
606 break;
607 }
608 case base::Value::TYPE_NULL:
609 default:
610 break;
611 }
612 }
613 --g_depth;
614 return true;
615 }
616 };
617
618 template <>
619 struct FuzzTraits<blink::WebGamepad> {
620 static bool Fuzz(blink::WebGamepad* p, Fuzzer* fuzzer) {
621 if (!FuzzParam(&p->connected, fuzzer))
622 return false;
623 if (!FuzzParam(&p->timestamp, fuzzer))
624 return false;
625 unsigned idLength = static_cast<unsigned>(
626 RandInRange(blink::WebGamepad::idLengthCap + 1));
627 if (!FuzzParamArray(&p->id[0], idLength, fuzzer))
628 return false;
629 p->axesLength = static_cast<unsigned>(
630 RandInRange(blink::WebGamepad::axesLengthCap + 1));
631 if (!FuzzParamArray(&p->axes[0], p->axesLength, fuzzer))
632 return false;
633 p->buttonsLength = static_cast<unsigned>(
634 RandInRange(blink::WebGamepad::buttonsLengthCap + 1));
635 if (!FuzzParamArray(&p->buttons[0], p->buttonsLength, fuzzer))
636 return false;
637 unsigned mappingsLength = static_cast<unsigned>(
638 RandInRange(blink::WebGamepad::mappingLengthCap + 1));
639 if (!FuzzParamArray(&p->mapping[0], mappingsLength, fuzzer))
640 return false;
641 return true;
642 }
643 };
644
645 template <>
646 struct FuzzTraits<blink::WebGamepadButton> {
647 static bool Fuzz(blink::WebGamepadButton* p, Fuzzer* fuzzer) {
648 if (!FuzzParam(&p->pressed, fuzzer))
649 return false;
650 if (!FuzzParam(&p->value, fuzzer))
651 return false;
652 return true;
653 }
654 };
655
656 template <>
657 struct FuzzTraits<cc::CompositorFrame> {
658 static bool Fuzz(cc::CompositorFrame* p, Fuzzer* fuzzer) {
659 // TODO(mbarbella): Support mutation.
660 if (!fuzzer->ShouldGenerate())
661 return true;
662
663 if (!FuzzParam(&p->metadata, fuzzer))
664 return false;
665
666 switch (RandInRange(4)) {
667 case 0: {
668 p->delegated_frame_data.reset(new cc::DelegatedFrameData());
669 if (!FuzzParam(p->delegated_frame_data.get(), fuzzer))
670 return false;
671 return true;
672 }
673 case 1: {
674 p->gl_frame_data.reset(new cc::GLFrameData());
675 if (!FuzzParam(p->gl_frame_data.get(), fuzzer))
676 return false;
677 return true;
678 }
679 case 2: {
680 p->software_frame_data.reset(new cc::SoftwareFrameData());
681 if (!FuzzParam(p->software_frame_data.get(), fuzzer))
682 return false;
683 return true;
684 }
685 default:
686 // Fuzz nothing to handle the no frame case.
687 return true;
688 }
689 }
690 };
691
692 template <>
693 struct FuzzTraits<cc::CompositorFrameAck> {
694 static bool Fuzz(cc::CompositorFrameAck* p, Fuzzer* fuzzer) {
695 if (!FuzzParam(&p->resources, fuzzer))
696 return false;
697 if (!FuzzParam(&p->last_software_frame_id, fuzzer))
698 return false;
699
700 if (!p->gl_frame_data)
701 p->gl_frame_data.reset(new cc::GLFrameData);
702 if (!FuzzParam(p->gl_frame_data.get(), fuzzer))
703 return false;
704 return true;
705 }
706 };
707
708 template <>
709 struct FuzzTraits<cc::DelegatedFrameData> {
710 static bool Fuzz(cc::DelegatedFrameData* p, Fuzzer* fuzzer) {
711 if (!FuzzParam(&p->device_scale_factor, fuzzer))
712 return false;
713 if (!FuzzParam(&p->resource_list, fuzzer))
714 return false;
715 if (!FuzzParam(&p->render_pass_list, fuzzer))
716 return false;
717 return true;
718 }
719 };
720
721 template <class A>
722 struct FuzzTraits<cc::ListContainer<A>> {
723 static bool Fuzz(cc::ListContainer<A>* p, Fuzzer* fuzzer) {
724 // TODO(mbarbella): This should actually do something.
725 return true;
726 }
727 };
728
729 template <>
730 struct FuzzTraits<cc::QuadList> {
731 static bool Fuzz(cc::QuadList* p, Fuzzer* fuzzer) {
732 // TODO(mbarbella): This should actually do something.
733 return true;
734 }
735 };
736
737 template <>
738 struct FuzzTraits<cc::RenderPass> {
739 static bool Fuzz(cc::RenderPass* p, Fuzzer* fuzzer) {
740 if (!FuzzParam(&p->id, fuzzer))
741 return false;
742 if (!FuzzParam(&p->output_rect, fuzzer))
743 return false;
744 if (!FuzzParam(&p->damage_rect, fuzzer))
745 return false;
746 if (!FuzzParam(&p->transform_to_root_target, fuzzer))
747 return false;
748 if (!FuzzParam(&p->has_transparent_background, fuzzer))
749 return false;
750 if (!FuzzParam(&p->quad_list, fuzzer))
751 return false;
752 if (!FuzzParam(&p->shared_quad_state_list, fuzzer))
753 return false;
754 // Omitting |copy_requests| as it is not sent over IPC.
755 return true;
756 }
757 };
758
759 template <>
760 struct FuzzTraits<cc::RenderPassList> {
761 static bool Fuzz(cc::RenderPassList* p, Fuzzer* fuzzer) {
762 if (!fuzzer->ShouldGenerate()) {
763 for (size_t i = 0; i < p->size(); ++i) {
764 if (!FuzzParam(p->at(i), fuzzer))
765 return false;
766 }
767 return true;
768 }
769
770 size_t count = RandElementCount();
771 for (size_t i = 0; i < count; ++i) {
772 scoped_ptr<cc::RenderPass> render_pass = cc::RenderPass::Create();
773 if (!FuzzParam(render_pass.get(), fuzzer))
774 return false;
775 p->push_back(render_pass.Pass());
776 }
777 return true;
778 }
779 };
780
781 template <>
782 struct FuzzTraits<cc::SoftwareFrameData> {
783 static bool Fuzz(cc::SoftwareFrameData* p, Fuzzer* fuzzer) {
784 if (!FuzzParam(&p->id, fuzzer))
785 return false;
786 if (!FuzzParam(&p->size, fuzzer))
787 return false;
788 if (!FuzzParam(&p->damage_rect, fuzzer))
789 return false;
790 if (!FuzzParam(&p->bitmap_id, fuzzer))
791 return false;
792 return true;
793 }
794 };
795
796 template <>
797 struct FuzzTraits<content::IndexedDBKey> {
798 static bool Fuzz(content::IndexedDBKey* p, Fuzzer* fuzzer) {
799 // TODO(mbarbella): Support mutation.
800 if (!fuzzer->ShouldGenerate())
801 return true;
802
803 ++g_depth;
804 blink::WebIDBKeyType web_type =
805 static_cast<blink::WebIDBKeyType>(RandInRange(7));
806 switch (web_type) {
807 case blink::WebIDBKeyTypeArray: {
808 size_t length = g_depth > 3 ? 0 : RandInRange(4);
809 std::vector<content::IndexedDBKey> array;
810 array.resize(length);
811 for (size_t i = 0; i < length; ++i) {
812 if (!FuzzParam(&array[i], fuzzer)) {
813 --g_depth;
814 return false;
815 }
816 }
817 *p = content::IndexedDBKey(array);
818 return true;
819 }
820 case blink::WebIDBKeyTypeBinary: {
821 std::string binary;
822 if (!FuzzParam(&binary, fuzzer)) {
823 --g_depth;
824 return false;
825 }
826 *p = content::IndexedDBKey(binary);
827 return true;
828 }
829 case blink::WebIDBKeyTypeString: {
830 base::string16 string;
831 if (!FuzzParam(&string, fuzzer))
832 return false;
833 *p = content::IndexedDBKey(string);
834 return true;
835 }
836 case blink::WebIDBKeyTypeDate:
837 case blink::WebIDBKeyTypeNumber: {
838 double number;
839 if (!FuzzParam(&number, fuzzer)) {
840 --g_depth;
841 return false;
842 }
843 *p = content::IndexedDBKey(number, web_type);
844 return true;
845 }
846 case blink::WebIDBKeyTypeInvalid:
847 case blink::WebIDBKeyTypeNull: {
848 *p = content::IndexedDBKey(web_type);
849 return true;
850 }
851 default: {
852 NOTREACHED();
853 --g_depth;
854 return false;
855 }
856 }
857 }
858 };
859
860 template <>
861 struct FuzzTraits<content::IndexedDBKeyRange> {
862 static bool Fuzz(content::IndexedDBKeyRange* p, Fuzzer* fuzzer) {
863 content::IndexedDBKey lower = p->lower();
864 content::IndexedDBKey upper = p->upper();
865 bool lower_open = p->lower_open();
866 bool upper_open = p->upper_open();
867 if (!FuzzParam(&lower, fuzzer))
868 return false;
869 if (!FuzzParam(&upper, fuzzer))
870 return false;
871 if (!FuzzParam(&lower_open, fuzzer))
872 return false;
873 if (!FuzzParam(&upper_open, fuzzer))
874 return false;
875 *p = content::IndexedDBKeyRange(lower, upper, lower_open, upper_open);
876 return true;
877 }
878 };
879
880 template <>
881 struct FuzzTraits<content::IndexedDBKeyPath> {
882 static bool Fuzz(content::IndexedDBKeyPath* p, Fuzzer* fuzzer) {
883 // TODO(mbarbella): Support mutation.
884 if (!fuzzer->ShouldGenerate())
885 return true;
886
887 switch (RandInRange(3)) {
888 case 0: {
889 std::vector<base::string16> array;
890 if (!FuzzParam(&array, fuzzer))
891 return false;
892 *p = content::IndexedDBKeyPath(array);
893 break;
894 }
895 case 1: {
896 base::string16 string;
897 if (!FuzzParam(&string, fuzzer))
898 return false;
899 *p = content::IndexedDBKeyPath(string);
900 break;
901 }
902 case 2: {
903 *p = content::IndexedDBKeyPath();
904 break;
905 }
906 }
907 return true;
908 }
909 };
910
911 template <>
912 struct FuzzTraits<content::NPIdentifier_Param> {
913 static bool Fuzz(content::NPIdentifier_Param* p, Fuzzer* fuzzer) {
914 // TODO(mbarbella): This should actually do something.
915 return true;
916 }
917 };
918
919 template <>
920 struct FuzzTraits<content::NPVariant_Param> {
921 static bool Fuzz(content::NPVariant_Param* p, Fuzzer* fuzzer) {
922 // TODO(mbarbella): This should actually do something.
923 return true;
924 }
925 };
926
927 template <>
928 struct FuzzTraits<content::PageState> {
929 static bool Fuzz(content::PageState* p, Fuzzer* fuzzer) {
930 std::string data = p->ToEncodedData();
931 if (!FuzzParam(&data, fuzzer))
932 return false;
933 *p = content::PageState::CreateFromEncodedData(data);
934 return true;
935 }
936 };
937
938 template <>
939 struct FuzzTraits<content::SyntheticGesturePacket> {
940 static bool Fuzz(content::SyntheticGesturePacket* p,
941 Fuzzer* fuzzer) {
942 // TODO(mbarbella): Support mutation.
943 if (!fuzzer->ShouldGenerate())
944 return true;
945
946 scoped_ptr<content::SyntheticGestureParams> gesture_params;
947 switch (RandInRange(
948 content::SyntheticGestureParams::SYNTHETIC_GESTURE_TYPE_MAX + 1)) {
949 case content::SyntheticGestureParams::GestureType::
950 SMOOTH_SCROLL_GESTURE: {
951 content::SyntheticSmoothScrollGestureParams* params =
952 new content::SyntheticSmoothScrollGestureParams();
953 if (!FuzzParam(&params->anchor, fuzzer))
954 return false;
955 if (!FuzzParam(&params->distances, fuzzer))
956 return false;
957 if (!FuzzParam(&params->prevent_fling, fuzzer))
958 return false;
959 if (!FuzzParam(&params->speed_in_pixels_s, fuzzer))
960 return false;
961 gesture_params.reset(params);
962 break;
963 }
964 case content::SyntheticGestureParams::GestureType::SMOOTH_DRAG_GESTURE: {
965 content::SyntheticSmoothDragGestureParams* params =
966 new content::SyntheticSmoothDragGestureParams();
967 if (!FuzzParam(&params->start_point, fuzzer))
968 return false;
969 if (!FuzzParam(&params->distances, fuzzer))
970 return false;
971 if (!FuzzParam(&params->speed_in_pixels_s, fuzzer))
972 return false;
973 gesture_params.reset(params);
974 break;
975 }
976 case content::SyntheticGestureParams::GestureType::PINCH_GESTURE: {
977 content::SyntheticPinchGestureParams* params =
978 new content::SyntheticPinchGestureParams();
979 if (!FuzzParam(&params->scale_factor, fuzzer))
980 return false;
981 if (!FuzzParam(&params->anchor, fuzzer))
982 return false;
983 if (!FuzzParam(&params->relative_pointer_speed_in_pixels_s,
984 fuzzer))
985 return false;
986 gesture_params.reset(params);
987 break;
988 }
989 case content::SyntheticGestureParams::GestureType::TAP_GESTURE: {
990 content::SyntheticTapGestureParams* params =
991 new content::SyntheticTapGestureParams();
992 if (!FuzzParam(&params->position, fuzzer))
993 return false;
994 if (!FuzzParam(&params->duration_ms, fuzzer))
995 return false;
996 gesture_params.reset(params);
997 break;
998 }
999 }
1000 p->set_gesture_params(gesture_params.Pass());
1001 return true;
1002 }
1003 };
1004
1005 template <>
1006 struct FuzzTraits<content::WebCursor> {
1007 static bool Fuzz(content::WebCursor* p, Fuzzer* fuzzer) {
1008 content::WebCursor::CursorInfo info;
1009 p->GetCursorInfo(&info);
1010
1011 // |type| enum is not validated on de-serialization, so pick random value.
1012 if (!FuzzParam(reinterpret_cast<int *>(&info.type), fuzzer))
1013 return false;
1014 if (!FuzzParam(&info.hotspot, fuzzer))
1015 return false;
1016 if (!FuzzParam(&info.image_scale_factor, fuzzer))
1017 return false;
1018 if (!FuzzParam(&info.custom_image, fuzzer))
1019 return false;
1020 // Omitting |externalHandle| since it is not serialized.
1021
1022 // Scale factor is expected to be greater than 0, otherwise we hit
1023 // a check failure.
1024 info.image_scale_factor = fabs(info.image_scale_factor) + 0.001;
1025
1026 *p = content::WebCursor(info);
1027 return true;
1028 }
1029 };
1030
1031 template <>
1032 struct FuzzTraits<ContentSettingsPattern> {
1033 static bool Fuzz(ContentSettingsPattern* p, Fuzzer* fuzzer) {
1034 // TODO(mbarbella): This can crash if a pattern is generated from a random
1035 // string. We could carefully generate a pattern or fix pattern generation.
1036 return true;
1037 }
1038 };
1039
1040 template <>
1041 struct FuzzTraits<ExtensionMsg_PermissionSetStruct> {
1042 static bool Fuzz(ExtensionMsg_PermissionSetStruct* p,
1043 Fuzzer* fuzzer) {
1044 // TODO(mbarbella): This should actually do something.
1045 return true;
1046 }
1047 };
1048
1049 template <>
1050 struct FuzzTraits<extensions::URLPatternSet> {
1051 static bool Fuzz(extensions::URLPatternSet* p, Fuzzer* fuzzer) {
1052 std::set<URLPattern> patterns = p->patterns();
1053 if (!FuzzParam(&patterns, fuzzer))
1054 return false;
1055 *p = extensions::URLPatternSet(patterns);
1056 return true;
1057 }
1058 };
1059
1060 template <>
1061 struct FuzzTraits<gfx::Point> {
1062 static bool Fuzz(gfx::Point* p, Fuzzer* fuzzer) {
1063 int x = p->x();
1064 int y = p->y();
1065 if (!FuzzParam(&x, fuzzer))
1066 return false;
1067 if (!FuzzParam(&y, fuzzer))
1068 return false;
1069 p->SetPoint(x, y);
1070 return true;
1071 }
1072 };
1073
1074 template <>
1075 struct FuzzTraits<gfx::PointF> {
1076 static bool Fuzz(gfx::PointF* p, Fuzzer* fuzzer) {
1077 float x = p->x();
1078 float y = p->y();
1079 if (!FuzzParam(&x, fuzzer))
1080 return false;
1081 if (!FuzzParam(&y, fuzzer))
1082 return false;
1083 p->SetPoint(x, y);
1084 return true;
1085 }
1086 };
1087
1088 template <>
1089 struct FuzzTraits<gfx::Rect> {
1090 static bool Fuzz(gfx::Rect* p, Fuzzer* fuzzer) {
1091 gfx::Point origin = p->origin();
1092 gfx::Size size = p->size();
1093 if (!FuzzParam(&origin, fuzzer))
1094 return false;
1095 if (!FuzzParam(&size, fuzzer))
1096 return false;
1097 p->set_origin(origin);
1098 p->set_size(size);
1099 return true;
1100 }
1101 };
1102
1103 template <>
1104 struct FuzzTraits<gfx::RectF> {
1105 static bool Fuzz(gfx::RectF* p, Fuzzer* fuzzer) {
1106 gfx::PointF origin = p->origin();
1107 gfx::SizeF size = p->size();
1108 if (!FuzzParam(&origin, fuzzer))
1109 return false;
1110 if (!FuzzParam(&size, fuzzer))
1111 return false;
1112 p->set_origin(origin);
1113 p->set_size(size);
1114 return true;
1115 }
1116 };
1117
1118 template <>
1119 struct FuzzTraits<gfx::Range> {
1120 static bool Fuzz(gfx::Range* p, Fuzzer* fuzzer) {
1121 size_t start = p->start();
1122 size_t end = p->end();
1123 if (!FuzzParam(&start, fuzzer))
1124 return false;
1125 if (!FuzzParam(&end, fuzzer))
1126 return false;
1127 *p = gfx::Range(start, end);
1128 return true;
1129 }
1130 };
1131
1132 template <>
1133 struct FuzzTraits<gfx::Size> {
1134 static bool Fuzz(gfx::Size* p, Fuzzer* fuzzer) {
1135 int width = p->width();
1136 int height = p->height();
1137 if (!FuzzParam(&width, fuzzer))
1138 return false;
1139 if (!FuzzParam(&height, fuzzer))
1140 return false;
1141 p->SetSize(width, height);
1142 return true;
1143 }
1144 };
1145
1146 template <>
1147 struct FuzzTraits<gfx::SizeF> {
1148 static bool Fuzz(gfx::SizeF* p, Fuzzer* fuzzer) {
1149 float w;
1150 float h;
1151 if (!FuzzParam(&w, fuzzer))
1152 return false;
1153 if (!FuzzParam(&h, fuzzer))
1154 return false;
1155 p->SetSize(w, h);
1156 return true;
1157 }
1158 };
1159
1160 template <>
1161 struct FuzzTraits<gfx::Transform> {
1162 static bool Fuzz(gfx::Transform* p, Fuzzer* fuzzer) {
1163 SkMScalar matrix[16];
1164 for (size_t i = 0; i < arraysize(matrix); i++) {
1165 matrix[i] = p->matrix().get(i / 4, i % 4);
1166 }
1167 if (!FuzzParamArray(&matrix[0], arraysize(matrix), fuzzer))
1168 return false;
1169 *p = gfx::Transform(matrix[0], matrix[1], matrix[2], matrix[3], matrix[4],
1170 matrix[5], matrix[6], matrix[7], matrix[8], matrix[9],
1171 matrix[10], matrix[11], matrix[12], matrix[13],
1172 matrix[14], matrix[15]);
1173 return true;
1174 }
1175 };
1176
1177 template <>
1178 struct FuzzTraits<gfx::Vector2d> {
1179 static bool Fuzz(gfx::Vector2d* p, Fuzzer* fuzzer) {
1180 int x = p->x();
1181 int y = p->y();
1182 if (!FuzzParam(&x, fuzzer))
1183 return false;
1184 if (!FuzzParam(&y, fuzzer))
1185 return false;
1186 *p = gfx::Vector2d(x, y);
1187 return true;
1188 }
1189 };
1190
1191 template <>
1192 struct FuzzTraits<gfx::Vector2dF> {
1193 static bool Fuzz(gfx::Vector2dF* p, Fuzzer* fuzzer) {
1194 float x = p->x();
1195 float y = p->y();
1196 if (!FuzzParam(&x, fuzzer))
1197 return false;
1198 if (!FuzzParam(&y, fuzzer))
1199 return false;
1200 *p = gfx::Vector2dF(x, y);
1201 return true;
1202 }
1203 };
1204
1205 template <>
1206 struct FuzzTraits<gpu::Mailbox> {
1207 static bool Fuzz(gpu::Mailbox* p, Fuzzer* fuzzer) {
1208 fuzzer->FuzzBytes(p->name, sizeof(p->name));
1209 return true;
1210 }
1211 };
1212
1213 template <>
1214 struct FuzzTraits<gpu::MailboxHolder> {
1215 static bool Fuzz(gpu::MailboxHolder* p, Fuzzer* fuzzer) {
1216 if (!FuzzParam(&p->mailbox, fuzzer))
1217 return false;
1218 if (!FuzzParam(&p->texture_target, fuzzer))
1219 return false;
1220 if (!FuzzParam(&p->sync_point, fuzzer))
1221 return false;
1222 return true;
1223 }
1224 };
1225
1226 template <>
1227 struct FuzzTraits<gpu::ValueState> {
1228 static bool Fuzz(gpu::ValueState* p, Fuzzer* fuzzer) {
1229 if (!FuzzParamArray(&p->float_value[0], 4, fuzzer))
1230 return false;
1231 if (!FuzzParamArray(&p->int_value[0], 4, fuzzer))
1232 return false;
1233 return true;
1234 }
1235 };
1236
1237 template <>
1238 struct FuzzTraits<GURL> {
1239 static bool Fuzz(GURL* p, Fuzzer* fuzzer) {
1240 if (!fuzzer->ShouldGenerate()) {
1241 return FuzzParam(&p->possibly_invalid_spec(), fuzzer);
1242 }
1243
1244 const char url_chars[] = "Ahtp0:/.?+\\%&#";
1245 size_t count = RandInRange(100);
1246 std::string random_url;
1247 for (size_t i = 0; i < count; ++i)
1248 random_url += url_chars[RandInRange(sizeof(url_chars) - 1)];
1249 int selector = RandInRange(10);
1250 if (selector == 0)
1251 random_url = std::string("http://") + random_url;
1252 else if (selector == 1)
1253 random_url = std::string("file://") + random_url;
1254 else if (selector == 2)
1255 random_url = std::string("javascript:") + random_url;
1256 else if (selector == 2)
1257 random_url = std::string("data:") + random_url;
1258 *p = GURL(random_url);
1259 return true;
1260 }
1261 };
1262
1263 #if defined(OS_WIN)
1264 template <>
1265 struct FuzzTraits<HWND> {
1266 static bool Fuzz(HWND* p, Fuzzer* fuzzer) {
1267 // TODO(aarya): This should actually do something.
1268 return true;
1269 }
1270 };
1271 #endif
1272
1273 template <>
1274 struct FuzzTraits<IPC::Message> {
1275 static bool Fuzz(IPC::Message* p, Fuzzer* fuzzer) {
1276 // TODO(mbarbella): Support mutation.
1277 if (!fuzzer->ShouldGenerate())
1278 return true;
1279
1280 if (g_function_vector.empty())
1281 return false;
1282 size_t index = RandInRange(g_function_vector.size());
1283 IPC::Message* ipc_message = (*g_function_vector[index])(NULL, fuzzer);
1284 if (!ipc_message)
1285 return false;
1286 p = ipc_message;
1287 return true;
1288 }
1289 };
1290
1291 template <>
1292 struct FuzzTraits<IPC::PlatformFileForTransit> {
1293 static bool Fuzz(IPC::PlatformFileForTransit* p, Fuzzer* fuzzer) {
1294 // TODO(inferno): I don't think we can generate real ones due to check on
1295 // construct.
1296 return true;
1297 }
1298 };
1299
1300 template <>
1301 struct FuzzTraits<IPC::ChannelHandle> {
1302 static bool Fuzz(IPC::ChannelHandle* p, Fuzzer* fuzzer) {
1303 // TODO(mbarbella): Support mutation.
1304 if (!fuzzer->ShouldGenerate())
1305 return true;
1306
1307 // TODO(inferno): Add way to generate real channel handles.
1308 #if defined(OS_WIN)
1309 HANDLE fake_handle = (HANDLE)(RandU64());
1310 p->pipe = IPC::ChannelHandle::PipeHandle(fake_handle);
1311 return true;
1312 #elif defined(OS_POSIX)
1313 return
1314 FuzzParam(&p->name, fuzzer) &&
1315 FuzzParam(&p->socket, fuzzer);
1316 #endif
1317 }
1318 };
1319
1320 #if defined(OS_WIN)
1321 template <>
1322 struct FuzzTraits<LOGFONT> {
1323 static bool Fuzz(LOGFONT* p, Fuzzer* fuzzer) {
1324 // TODO(aarya): This should actually do something.
1325 return true;
1326 }
1327 };
1328 #endif
1329
1330 template <>
1331 struct FuzzTraits<media::AudioParameters> {
1332 static bool Fuzz(media::AudioParameters* p, Fuzzer* fuzzer) {
1333 int format = p->format();
1334 int channel_layout = p->channel_layout();
1335 int sample_rate = p->sample_rate();
1336 int bits_per_sample = p->bits_per_sample();
1337 int frames_per_buffer = p->frames_per_buffer();
1338 int channels = p->channels();
1339 int effects = p->effects();
1340 if (!FuzzParam(&format, fuzzer))
1341 return false;
1342 if (!FuzzParam(&channel_layout, fuzzer))
1343 return false;
1344 if (!FuzzParam(&sample_rate, fuzzer))
1345 return false;
1346 if (!FuzzParam(&bits_per_sample, fuzzer))
1347 return false;
1348 if (!FuzzParam(&frames_per_buffer, fuzzer))
1349 return false;
1350 if (!FuzzParam(&channels, fuzzer))
1351 return false;
1352 if (!FuzzParam(&effects, fuzzer))
1353 return false;
1354 media::AudioParameters params(
1355 static_cast<media::AudioParameters::Format>(format),
1356 static_cast<media::ChannelLayout>(channel_layout), channels,
1357 sample_rate, bits_per_sample, frames_per_buffer, effects);
1358 *p = params;
1359 return true;
1360 }
1361 };
1362
1363 template <>
1364 struct FuzzTraits<media::VideoCaptureFormat> {
1365 static bool Fuzz(media::VideoCaptureFormat* p, Fuzzer* fuzzer) {
1366 if (!FuzzParam(&p->frame_size, fuzzer))
1367 return false;
1368 if (!FuzzParam(&p->frame_rate, fuzzer))
1369 return false;
1370 int new_format = static_cast<int>(p->pixel_format);
1371 if (!FuzzParam(&new_format, fuzzer))
1372 return false;
1373 p->pixel_format = static_cast<media::VideoPixelFormat>(new_format);
1374 return true;
1375 }
1376 };
1377
1378 template <>
1379 struct FuzzTraits<net::LoadTimingInfo> {
1380 static bool Fuzz(net::LoadTimingInfo* p, Fuzzer* fuzzer) {
1381 return FuzzParam(&p->socket_log_id, fuzzer) &&
1382 FuzzParam(&p->socket_reused, fuzzer) &&
1383 FuzzParam(&p->request_start_time, fuzzer) &&
1384 FuzzParam(&p->request_start, fuzzer) &&
1385 FuzzParam(&p->proxy_resolve_start, fuzzer) &&
1386 FuzzParam(&p->proxy_resolve_end, fuzzer) &&
1387 FuzzParam(&p->connect_timing.dns_start, fuzzer) &&
1388 FuzzParam(&p->connect_timing.dns_end, fuzzer) &&
1389 FuzzParam(&p->connect_timing.connect_start, fuzzer) &&
1390 FuzzParam(&p->connect_timing.connect_end, fuzzer) &&
1391 FuzzParam(&p->connect_timing.ssl_start, fuzzer) &&
1392 FuzzParam(&p->connect_timing.ssl_end, fuzzer) &&
1393 FuzzParam(&p->send_start, fuzzer) &&
1394 FuzzParam(&p->send_end, fuzzer) &&
1395 FuzzParam(&p->receive_headers_end, fuzzer);
1396 }
1397 };
1398
1399 template <>
1400 struct FuzzTraits<net::HostPortPair> {
1401 static bool Fuzz(net::HostPortPair* p, Fuzzer* fuzzer) {
1402 std::string host = p->host();
1403 uint16 port = p->port();
1404 if (!FuzzParam(&host, fuzzer))
1405 return false;
1406 if (!FuzzParam(&port, fuzzer))
1407 return false;
1408 p->set_host(host);
1409 p->set_port(port);
1410 return true;
1411 }
1412 };
1413
1414 template <>
1415 struct FuzzTraits<net::IPEndPoint> {
1416 static bool Fuzz(net::IPEndPoint* p, Fuzzer* fuzzer) {
1417 net::IPAddressNumber address = p->address();
1418 int port = p->port();
1419 if (!FuzzParam(&address, fuzzer))
1420 return false;
1421 if (!FuzzParam(&port, fuzzer))
1422 return false;
1423 net::IPEndPoint ip_endpoint(address, port);
1424 *p = ip_endpoint;
1425 return true;
1426 }
1427 };
1428
1429 template <>
1430 struct FuzzTraits<network_hints::LookupRequest> {
1431 static bool Fuzz(network_hints::LookupRequest* p, Fuzzer* fuzzer) {
1432 if (!FuzzParam(&p->hostname_list, fuzzer))
1433 return false;
1434 return true;
1435 }
1436 };
1437
1438 // PP_ traits.
1439 template <>
1440 struct FuzzTraits<PP_Bool> {
1441 static bool Fuzz(PP_Bool* p, Fuzzer* fuzzer) {
1442 bool tmp = PP_ToBool(*p);
1443 if (!FuzzParam(&tmp, fuzzer))
1444 return false;
1445 *p = PP_FromBool(tmp);
1446 return true;
1447 }
1448 };
1449
1450 template <>
1451 struct FuzzTraits<PP_KeyInformation> {
1452 static bool Fuzz(PP_KeyInformation* p, Fuzzer* fuzzer) {
1453 // TODO(mbarbella): This should actually do something.
1454 return true;
1455 }
1456 };
1457
1458 template <>
1459 struct FuzzTraits<PP_NetAddress_Private> {
1460 static bool Fuzz(PP_NetAddress_Private* p, Fuzzer* fuzzer) {
1461 p->size = RandInRange(sizeof(p->data) + 1);
1462 fuzzer->FuzzBytes(&p->data, p->size);
1463 return true;
1464 }
1465 };
1466
1467 template <>
1468 struct FuzzTraits<ppapi::PPB_X509Certificate_Fields> {
1469 static bool Fuzz(ppapi::PPB_X509Certificate_Fields* p,
1470 Fuzzer* fuzzer) {
1471 // TODO(mbarbella): This should actually do something.
1472 return true;
1473 }
1474 };
1475
1476 template <>
1477 struct FuzzTraits<ppapi::proxy::PPBFlash_DrawGlyphs_Params> {
1478 static bool Fuzz(ppapi::proxy::PPBFlash_DrawGlyphs_Params* p,
1479 Fuzzer* fuzzer) {
1480 // TODO(mbarbella): This should actually do something.
1481 return true;
1482 }
1483 };
1484
1485 template <>
1486 struct FuzzTraits<ppapi::proxy::ResourceMessageCallParams> {
1487 static bool Fuzz(
1488 ppapi::proxy::ResourceMessageCallParams* p, Fuzzer* fuzzer) {
1489 // TODO(mbarbella): Support mutation.
1490 if (!fuzzer->ShouldGenerate())
1491 return true;
1492
1493 PP_Resource resource;
1494 int32_t sequence;
1495 bool has_callback;
1496 if (!FuzzParam(&resource, fuzzer))
1497 return false;
1498 if (!FuzzParam(&sequence, fuzzer))
1499 return false;
1500 if (!FuzzParam(&has_callback, fuzzer))
1501 return false;
1502 *p = ppapi::proxy::ResourceMessageCallParams(resource, sequence);
1503 if (has_callback)
1504 p->set_has_callback();
1505 return true;
1506 }
1507 };
1508
1509 template <>
1510 struct FuzzTraits<ppapi::proxy::ResourceMessageReplyParams> {
1511 static bool Fuzz(
1512 ppapi::proxy::ResourceMessageReplyParams* p, Fuzzer* fuzzer) {
1513 // TODO(mbarbella): Support mutation.
1514 if (!fuzzer->ShouldGenerate())
1515 return true;
1516
1517 PP_Resource resource;
1518 int32_t sequence;
1519 int32_t result;
1520 if (!FuzzParam(&resource, fuzzer))
1521 return false;
1522 if (!FuzzParam(&sequence, fuzzer))
1523 return false;
1524 if (!FuzzParam(&result, fuzzer))
1525 return false;
1526 *p = ppapi::proxy::ResourceMessageReplyParams(resource, sequence);
1527 p->set_result(result);
1528 return true;
1529 }
1530 };
1531
1532 template <>
1533 struct FuzzTraits<ppapi::proxy::SerializedHandle> {
1534 static bool Fuzz(ppapi::proxy::SerializedHandle* p,
1535 Fuzzer* fuzzer) {
1536 // TODO(mbarbella): This should actually do something.
1537 return true;
1538 }
1539 };
1540
1541 template <>
1542 struct FuzzTraits<ppapi::proxy::SerializedFontDescription> {
1543 static bool Fuzz(ppapi::proxy::SerializedFontDescription* p,
1544 Fuzzer* fuzzer) {
1545 // TODO(mbarbella): This should actually do something.
1546 return true;
1547 }
1548 };
1549
1550 template <>
1551 struct FuzzTraits<ppapi::proxy::SerializedTrueTypeFontDesc> {
1552 static bool Fuzz(ppapi::proxy::SerializedTrueTypeFontDesc* p,
1553 Fuzzer* fuzzer) {
1554 // TODO(mbarbella): This should actually do something.
1555 return true;
1556 }
1557 };
1558
1559 template <>
1560 struct FuzzTraits<ppapi::proxy::SerializedVar> {
1561 static bool Fuzz(ppapi::proxy::SerializedVar* p, Fuzzer* fuzzer) {
1562 // TODO(mbarbella): This should actually do something.
1563 return true;
1564 }
1565 };
1566
1567 template <>
1568 struct FuzzTraits<ppapi::HostResource> {
1569 static bool Fuzz(ppapi::HostResource* p, Fuzzer* fuzzer) {
1570 // TODO(mbarbella): Support mutation.
1571 if (!fuzzer->ShouldGenerate())
1572 return true;
1573
1574 PP_Instance instance;
1575 PP_Resource resource;
1576 if (!FuzzParam(&instance, fuzzer))
1577 return false;
1578 if (!FuzzParam(&resource, fuzzer))
1579 return false;
1580 p->SetHostResource(instance, resource);
1581 return true;
1582 }
1583 };
1584
1585 template <>
1586 struct FuzzTraits<ppapi::PepperFilePath> {
1587 static bool Fuzz(ppapi::PepperFilePath *p, Fuzzer* fuzzer) {
1588 // TODO(mbarbella): Support mutation.
1589 if (!fuzzer->ShouldGenerate())
1590 return true;
1591
1592 unsigned domain = RandInRange(ppapi::PepperFilePath::DOMAIN_MAX_VALID+1);
1593 base::FilePath path;
1594 if (!FuzzParam(&path, fuzzer))
1595 return false;
1596 *p = ppapi::PepperFilePath(
1597 static_cast<ppapi::PepperFilePath::Domain>(domain), path);
1598 return true;
1599 }
1600 };
1601
1602 template <>
1603 struct FuzzTraits<ppapi::PpapiPermissions> {
1604 static bool Fuzz(ppapi::PpapiPermissions* p, Fuzzer* fuzzer) {
1605 uint32_t bits = p->GetBits();
1606 if (!FuzzParam(&bits, fuzzer))
1607 return false;
1608 *p = ppapi::PpapiPermissions(bits);
1609 return true;
1610 }
1611 };
1612
1613 template <>
1614 struct FuzzTraits<ppapi::SocketOptionData> {
1615 static bool Fuzz(ppapi::SocketOptionData* p, Fuzzer* fuzzer) {
1616 // TODO(mbarbella): This can be improved.
1617 int32 tmp;
1618 p->GetInt32(&tmp);
1619 if (!FuzzParam(&tmp, fuzzer))
1620 return false;
1621 p->SetInt32(tmp);
1622 return true;
1623 }
1624 };
1625
1626 template <>
1627 struct FuzzTraits<printing::PdfRenderSettings> {
1628 static bool Fuzz(printing::PdfRenderSettings* p, Fuzzer* fuzzer) {
1629 gfx::Rect area = p->area();
1630 int dpi = p->dpi();
1631 bool autorotate = p->autorotate();
1632 if (!FuzzParam(&area, fuzzer))
1633 return false;
1634 if (!FuzzParam(&dpi, fuzzer))
1635 return false;
1636 if (!FuzzParam(&autorotate, fuzzer))
1637 return false;
1638 *p = printing::PdfRenderSettings(area, dpi, autorotate);
1639 return true;
1640 }
1641 };
1642
1643 template <>
1644 struct FuzzTraits<remoting::ScreenResolution> {
1645 static bool Fuzz(remoting::ScreenResolution* p, Fuzzer* fuzzer) {
1646 webrtc::DesktopSize dimensions = p->dimensions();
1647 webrtc::DesktopVector dpi = p->dpi();
1648 if (!FuzzParam(&dimensions, fuzzer))
1649 return false;
1650 if (!FuzzParam(&dpi, fuzzer))
1651 return false;
1652 *p = remoting::ScreenResolution(dimensions, dpi);
1653 return true;
1654 }
1655 };
1656
1657 template <>
1658 struct FuzzTraits<SkBitmap> {
1659 static bool Fuzz(SkBitmap* p, Fuzzer* fuzzer) {
1660 // TODO(mbarbella): This should actually do something.
1661 return true;
1662 }
1663 };
1664
1665 template <>
1666 struct FuzzTraits<storage::DataElement> {
1667 static bool Fuzz(storage::DataElement* p, Fuzzer* fuzzer) {
1668 // TODO(mbarbella): Support mutation.
inferno 2015/03/16 18:56:34 If we can't mutate [for todos], should be not gene
Martin Barbella 2015/03/16 19:19:55 I'm planning to handle this by updating the mutato
1669 if (!fuzzer->ShouldGenerate())
1670 return true;
1671
1672 switch (RandInRange(4)) {
1673 case storage::DataElement::Type::TYPE_BYTES: {
1674 if (RandEvent(2)) {
1675 p->SetToEmptyBytes();
1676 } else {
1677 char data[256];
1678 int data_len = RandInRange(sizeof(data));
1679 fuzzer->FuzzBytes(&data[0], data_len);
1680 p->SetToBytes(&data[0], data_len);
1681 }
1682 return true;
1683 }
1684 case storage::DataElement::Type::TYPE_FILE: {
1685 base::FilePath path;
1686 uint64 offset;
1687 uint64 length;
1688 base::Time modification_time;
1689 if (!FuzzParam(&path, fuzzer))
1690 return false;
1691 if (!FuzzParam(&offset, fuzzer))
1692 return false;
1693 if (!FuzzParam(&length, fuzzer))
1694 return false;
1695 if (!FuzzParam(&modification_time, fuzzer))
1696 return false;
1697 p->SetToFilePathRange(path, offset, length, modification_time);
1698 return true;
1699 }
1700 case storage::DataElement::Type::TYPE_BLOB: {
1701 std::string uuid;
1702 uint64 offset;
1703 uint64 length;
1704 if (!FuzzParam(&uuid, fuzzer))
1705 return false;
1706 if (!FuzzParam(&offset, fuzzer))
1707 return false;
1708 if (!FuzzParam(&length, fuzzer))
1709 return false;
1710 p->SetToBlobRange(uuid, offset, length);
1711 return true;
1712 }
1713 case storage::DataElement::Type::TYPE_FILE_FILESYSTEM: {
1714 GURL url;
1715 uint64 offset;
1716 uint64 length;
1717 base::Time modification_time;
1718 if (!FuzzParam(&url, fuzzer))
1719 return false;
1720 if (!FuzzParam(&offset, fuzzer))
1721 return false;
1722 if (!FuzzParam(&length, fuzzer))
1723 return false;
1724 if (!FuzzParam(&modification_time, fuzzer))
1725 return false;
1726 p->SetToFileSystemUrlRange(url, offset, length, modification_time);
1727 return true;
1728 }
1729 default: {
1730 NOTREACHED();
1731 return false;
1732 }
1733 }
1734 }
1735 };
1736
1737 template <>
1738 struct FuzzTraits<ui::LatencyInfo> {
1739 static bool Fuzz(ui::LatencyInfo* p, Fuzzer* fuzzer) {
1740 // TODO(inferno): Add param traits for |latency_components|.
1741 p->input_coordinates_size = static_cast<uint32>(
1742 RandInRange(ui::LatencyInfo::kMaxInputCoordinates + 1));
1743 if (!FuzzParamArray(
1744 &p->input_coordinates[0], p->input_coordinates_size, fuzzer))
1745 return false;
1746 if (!FuzzParam(&p->trace_id, fuzzer))
1747 return false;
1748 if (!FuzzParam(&p->terminated, fuzzer))
1749 return false;
1750 return true;
1751 }
1752 };
1753
1754 template <>
1755 struct FuzzTraits<ui::LatencyInfo::InputCoordinate> {
1756 static bool Fuzz(
1757 ui::LatencyInfo::InputCoordinate* p, Fuzzer* fuzzer) {
1758 if (!FuzzParam(&p->x, fuzzer))
1759 return false;
1760 if (!FuzzParam(&p->y, fuzzer))
1761 return false;
1762 return true;
1763 }
1764 };
1765
1766 template <>
1767 struct FuzzTraits<url::Origin> {
1768 static bool Fuzz(url::Origin* p, Fuzzer* fuzzer) {
1769 std::string origin = p->string();
1770 if (!FuzzParam(&origin, fuzzer))
1771 return false;
1772 *p = url::Origin(origin);
1773 return true;
1774 }
1775 };
1776
1777 template <>
1778 struct FuzzTraits<URLPattern> {
1779 static bool Fuzz(URLPattern* p, Fuzzer* fuzzer) {
1780 int valid_schemes = p->valid_schemes();
1781 std::string host = p->host();
1782 std::string port = p->port();
1783 std::string path = p->path();
1784 if (!FuzzParam(&valid_schemes, fuzzer))
1785 return false;
1786 if (!FuzzParam(&host, fuzzer))
1787 return false;
1788 if (!FuzzParam(&port, fuzzer))
1789 return false;
1790 if (!FuzzParam(&path, fuzzer))
1791 return false;
1792 *p = URLPattern(valid_schemes);
1793 p->SetHost(host);
1794 p->SetPort(port);
1795 p->SetPath(path);
1796 return true;
1797 }
1798 };
1799
1800 template <>
1801 struct FuzzTraits<webrtc::DesktopSize> {
1802 static bool Fuzz(webrtc::DesktopSize* p, Fuzzer* fuzzer) {
1803 int32_t width = p->width();
1804 int32_t height = p->height();
1805 if (!FuzzParam(&width, fuzzer))
1806 return false;
1807 if (!FuzzParam(&height, fuzzer))
1808 return false;
1809 *p = webrtc::DesktopSize(width, height);
1810 return true;
1811 }
1812 };
1813
1814 template <>
1815 struct FuzzTraits<webrtc::DesktopVector> {
1816 static bool Fuzz(webrtc::DesktopVector* p, Fuzzer* fuzzer) {
1817 int32_t x = p->x();
1818 int32_t y = p->y();
1819 if (!FuzzParam(&x, fuzzer))
1820 return false;
1821 if (!FuzzParam(&y, fuzzer))
1822 return false;
1823 p->set(x, y);
1824 return true;
1825 }
1826 };
1827
1828 template <>
1829 struct FuzzTraits<webrtc::DesktopRect> {
1830 static bool Fuzz(webrtc::DesktopRect* p, Fuzzer* fuzzer) {
1831 int32_t left = p->left();
1832 int32_t top = p->top();
1833 int32_t right = p->right();
1834 int32_t bottom = p->bottom();
1835 if (!FuzzParam(&left, fuzzer))
1836 return false;
1837 if (!FuzzParam(&top, fuzzer))
1838 return false;
1839 if (!FuzzParam(&right, fuzzer))
1840 return false;
1841 if (!FuzzParam(&bottom, fuzzer))
1842 return false;
1843 *p = webrtc::DesktopRect::MakeLTRB(left, top, right, bottom);
1844 return true;
1845 }
1846 };
1847
1848 template <>
1849 struct FuzzTraits<webrtc::MouseCursor> {
1850 static bool Fuzz(webrtc::MouseCursor* p, Fuzzer* fuzzer) {
1851 webrtc::DesktopVector hotspot = p->hotspot();
1852 if (!FuzzParam(&hotspot, fuzzer))
1853 return false;
1854 p->set_hotspot(hotspot);
1855
1856 // TODO(mbarbella): Find a way to handle the size mutation properly.
inferno 2015/03/16 18:56:34 TODO is fine, but we shouldn't just bailout, it ca
Martin Barbella 2015/03/16 19:19:55 The complication is that we still need to make sur
1857 if (!fuzzer->ShouldGenerate())
1858 return true;
1859
1860 // Using a small size here to avoid OOM or overflow on image allocation.
1861 webrtc::DesktopSize size(RandInRange(100), RandInRange(100));
1862 p->set_image(new webrtc::BasicDesktopFrame(size));
1863 return true;
1864 }
1865 };
1866
1867 // Redefine macros to generate generating from traits declarations.
1868 // STRUCT declarations cause corresponding STRUCT_TRAITS declarations to occur.
1869 #undef IPC_STRUCT_BEGIN
1870 #undef IPC_STRUCT_BEGIN_WITH_PARENT
1871 #undef IPC_STRUCT_MEMBER
1872 #undef IPC_STRUCT_END
1873 #define IPC_STRUCT_BEGIN_WITH_PARENT(struct_name, parent) \
1874 IPC_STRUCT_BEGIN(struct_name)
1875 #define IPC_STRUCT_BEGIN(struct_name) IPC_STRUCT_TRAITS_BEGIN(struct_name)
1876 #define IPC_STRUCT_MEMBER(type, name, ...) IPC_STRUCT_TRAITS_MEMBER(name)
1877 #define IPC_STRUCT_END() IPC_STRUCT_TRAITS_END()
1878
1879 // Set up so next include will generate generate trait classes.
1880 #undef IPC_STRUCT_TRAITS_BEGIN
1881 #undef IPC_STRUCT_TRAITS_MEMBER
1882 #undef IPC_STRUCT_TRAITS_PARENT
1883 #undef IPC_STRUCT_TRAITS_END
1884 #define IPC_STRUCT_TRAITS_BEGIN(struct_name) \
1885 template <> \
1886 struct FuzzTraits<struct_name> { \
1887 static bool Fuzz(struct_name *p, Fuzzer* fuzzer) {
1888
1889 #define IPC_STRUCT_TRAITS_MEMBER(name) \
1890 if (!FuzzParam(&p->name, fuzzer)) \
1891 return false;
1892
1893 #define IPC_STRUCT_TRAITS_PARENT(type) \
1894 if (!FuzzParam(static_cast<type*>(p), fuzzer)) \
1895 return false;
1896
1897 #define IPC_STRUCT_TRAITS_END() \
1898 return true; \
1899 } \
1900 };
1901
1902 // If |condition| isn't met, the messsge will fail to serialize. Try
1903 // increasingly smaller ranges until we find one that happens to meet
1904 // the condition, or fail trying.
1905 #undef IPC_ENUM_TRAITS_VALIDATE
1906 #define IPC_ENUM_TRAITS_VALIDATE(enum_name, condition) \
1907 template <> \
1908 struct FuzzTraits<enum_name> { \
1909 static bool Fuzz(enum_name* p, Fuzzer* fuzzer) { \
1910 for (int shift = 30; shift; --shift) { \
1911 for (int tries = 0; tries < 2; ++tries) { \
1912 int value = RandInRange(1 << shift); \
1913 if (condition) { \
1914 *reinterpret_cast<int*>(p) = value; \
1915 return true; \
1916 } \
1917 } \
1918 } \
1919 std::cerr << "failed to satisfy " << #condition << "\n"; \
1920 return false; \
1921 } \
1922 };
1923
1924 // Bring them into existence.
1925 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
1926 #include "ipc/ipc_message_null_macros.h"
1927
1928 // Redefine macros to generate generating funtions
1929 #undef IPC_MESSAGE_DECL
1930 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \
1931 IPC_##kind##_##type##_FUZZ(name, in, out, ilist, olist)
1932
1933 #define IPC_EMPTY_CONTROL_FUZZ(name, in, out, ilist, olist) \
1934 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1935 if (msg) { \
1936 return NULL; \
1937 } \
1938 return new name(); \
1939 }
1940
1941 #define IPC_EMPTY_ROUTED_FUZZ(name, in, out, ilist, olist) \
1942 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1943 if (msg) { \
1944 return NULL; \
1945 } \
1946 return new name(RandInRange(MAX_FAKE_ROUTING_ID)); \
1947 }
1948
1949 #define IPC_ASYNC_CONTROL_FUZZ(name, in, out, ilist, olist) \
1950 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1951 IPC_TUPLE_IN_##in ilist p; \
1952 if (msg) { \
1953 name::Read(static_cast<name*>(msg), &p); \
1954 } \
1955 if (FuzzParam(&p, fuzzer)) { \
1956 return new name(IPC_MEMBERS_IN_##in(p)); \
1957 } \
1958 std::cerr << "Don't know how to handle " << #name << "\n"; \
1959 return 0; \
1960 }
1961
1962 #define IPC_ASYNC_ROUTED_FUZZ(name, in, out, ilist, olist) \
1963 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1964 IPC_TUPLE_IN_##in ilist p; \
1965 if (msg) { \
1966 name::Read(static_cast<name*>(msg), &p); \
1967 } \
1968 if (FuzzParam(&p, fuzzer)) { \
1969 return new name(RandInRange(MAX_FAKE_ROUTING_ID) \
1970 IPC_COMMA_##in \
1971 IPC_MEMBERS_IN_##in(p)); \
1972 } \
1973 std::cerr << "Don't know how to handle " << #name << "\n"; \
1974 return 0; \
1975 }
1976
1977 #define IPC_SYNC_CONTROL_FUZZ(name, in, out, ilist, olist) \
1978 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1979 IPC_TUPLE_IN_##in ilist p; \
1980 if (msg) { \
1981 name::ReadSendParam(static_cast<name*>(msg), &p); \
1982 } \
1983 if (FuzzParam(&p, fuzzer)) { \
1984 return new name(IPC_MEMBERS_IN_##in(p) \
1985 IPC_COMMA_AND_##out(IPC_COMMA_##in) \
1986 IPC_MEMBERS_OUT_##out()); \
1987 } \
1988 std::cerr << "Don't know how to handle " << #name << "\n"; \
1989 return 0; \
1990 }
1991
1992 #define IPC_SYNC_ROUTED_FUZZ(name, in, out, ilist, olist) \
1993 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1994 IPC_TUPLE_IN_##in ilist p; \
1995 if (msg) { \
1996 name::ReadSendParam(static_cast<name*>(msg), &p); \
1997 } \
1998 if (FuzzParam(&p, fuzzer)) { \
1999 return new name(RandInRange(MAX_FAKE_ROUTING_ID) \
2000 IPC_COMMA_OR_##out(IPC_COMMA_##in) \
2001 IPC_MEMBERS_IN_##in(p) \
2002 IPC_COMMA_AND_##out(IPC_COMMA_##in) \
2003 IPC_MEMBERS_OUT_##out()); \
2004 } \
2005 std::cerr << "Don't know how to handle " << #name << "\n"; \
2006 return 0; \
2007 }
2008
2009 #define MAX_FAKE_ROUTING_ID 15
2010
2011 #define IPC_MEMBERS_IN_0(p)
2012 #define IPC_MEMBERS_IN_1(p) get<0>(p)
2013 #define IPC_MEMBERS_IN_2(p) get<0>(p), get<1>(p)
2014 #define IPC_MEMBERS_IN_3(p) get<0>(p), get<1>(p), get<2>(p)
2015 #define IPC_MEMBERS_IN_4(p) get<0>(p), get<1>(p), get<2>(p), get<3>(p)
2016 #define IPC_MEMBERS_IN_5(p) get<0>(p), get<1>(p), get<2>(p), get<3>(p), \
2017 get<4>(p)
2018
2019 #define IPC_MEMBERS_OUT_0()
2020 #define IPC_MEMBERS_OUT_1() NULL
2021 #define IPC_MEMBERS_OUT_2() NULL, NULL
2022 #define IPC_MEMBERS_OUT_3() NULL, NULL, NULL
2023 #define IPC_MEMBERS_OUT_4() NULL, NULL, NULL, NULL
2024 #define IPC_MEMBERS_OUT_5() NULL, NULL, NULL, NULL, NULL
2025
2026 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
2027 #include "ipc/ipc_message_null_macros.h"
2028
2029 void PopulateFuzzerFunctionVector(
2030 FuzzerFunctionVector* function_vector) {
2031 #undef IPC_MESSAGE_DECL
2032 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \
2033 function_vector->push_back(fuzzer_for_##name);
2034 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
2035 }
2036
2037 // Redefine macros to register fuzzing functions into map.
2038 #include "ipc/ipc_message_null_macros.h"
2039 #undef IPC_MESSAGE_DECL
2040 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \
2041 (*map)[static_cast<uint32>(name::ID)] = fuzzer_for_##name;
2042
2043 void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map) {
2044 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
2045 }
2046
2047 } // namespace ipc_fuzzer
OLDNEW
« tools/ipc_fuzzer/mutate/fuzzer.h ('K') | « tools/ipc_fuzzer/mutate/fuzzer.h ('k') | tools/ipc_fuzzer/mutate/generate.cc » ('j') | tools/ipc_fuzzer/mutate/mutator.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698