| Index: tools/ipc_fuzzer/mutate/fuzzer.h
|
| diff --git a/tools/ipc_fuzzer/mutate/fuzzer.h b/tools/ipc_fuzzer/mutate/fuzzer.h
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..4169598295f1f3e60d0e31080a57c583c08df4f8
|
| --- /dev/null
|
| +++ b/tools/ipc_fuzzer/mutate/fuzzer.h
|
| @@ -0,0 +1,81 @@
|
| +// Copyright 2015 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#ifndef TOOLS_IPC_FUZZER_MUTATE_FUZZER_H_
|
| +#define TOOLS_IPC_FUZZER_MUTATE_FUZZER_H_
|
| +
|
| +#include <set>
|
| +#include <string>
|
| +#include <vector>
|
| +
|
| +#include "base/basictypes.h"
|
| +#include "base/strings/string_util.h"
|
| +#include "ipc/ipc_message.h"
|
| +#include "tools/ipc_fuzzer/message_lib/message_file.h"
|
| +
|
| +namespace ipc_fuzzer {
|
| +
|
| +// Interface implemented by those who generate basic types. The types all
|
| +// correspond to the types which a pickle from base/pickle.h can pickle,
|
| +// plus the floating point types.
|
| +class Fuzzer {
|
| + public:
|
| + // Functions for various data types.
|
| + virtual void FuzzBool(bool* value) = 0;
|
| + virtual void FuzzInt(int* value) = 0;
|
| + virtual void FuzzLong(long* value) = 0;
|
| + virtual void FuzzSize(size_t* value) = 0;
|
| + virtual void FuzzUChar(unsigned char* value) = 0;
|
| + virtual void FuzzWChar(wchar_t* value) = 0;
|
| + virtual void FuzzUInt16(uint16* value) = 0;
|
| + virtual void FuzzUInt32(uint32* value) = 0;
|
| + virtual void FuzzInt64(int64* value) = 0;
|
| + virtual void FuzzUInt64(uint64* value) = 0;
|
| + virtual void FuzzFloat(float* value) = 0;
|
| + virtual void FuzzDouble(double *value) = 0;
|
| + virtual void FuzzString(std::string* value) = 0;
|
| + virtual void FuzzString16(base::string16* value) = 0;
|
| + virtual void FuzzData(char* data, int length) = 0;
|
| + virtual void FuzzBytes(void* data, int data_len) = 0;
|
| +
|
| + // Used to determine if a completely new value should be generated for
|
| + // certain types instead of attempting to modify the existing one.
|
| + virtual bool ShouldGenerate();
|
| +};
|
| +
|
| +class NoOpFuzzer : public Fuzzer {
|
| + public:
|
| + NoOpFuzzer() {}
|
| + virtual ~NoOpFuzzer() {}
|
| +
|
| + void FuzzBool(bool* value) override {}
|
| + void FuzzInt(int* value) override {}
|
| + void FuzzLong(long* value) override {}
|
| + void FuzzSize(size_t* value) override {}
|
| + void FuzzUChar(unsigned char* value) override {}
|
| + void FuzzWChar(wchar_t* value) override {}
|
| + void FuzzUInt16(uint16* value) override {}
|
| + void FuzzUInt32(uint32* value) override {}
|
| + void FuzzInt64(int64* value) override {}
|
| + void FuzzUInt64(uint64* value) override {}
|
| + void FuzzFloat(float* value) override {}
|
| + void FuzzDouble(double* value) override {}
|
| + void FuzzString(std::string* value) override {}
|
| + void FuzzString16(base::string16* value) override {}
|
| + void FuzzData(char* data, int length) override {}
|
| + void FuzzBytes(void* data, int data_len) override {}
|
| +};
|
| +
|
| +typedef IPC::Message* (*FuzzerFunction)(IPC::Message*, Fuzzer*);
|
| +typedef std::vector<FuzzerFunction> FuzzerFunctionVector;
|
| +typedef base::hash_map<uint32, FuzzerFunction> FuzzerFunctionMap;
|
| +
|
| +void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map);
|
| +void PopulateFuzzerFunctionVector(FuzzerFunctionVector* function_vector);
|
| +
|
| +extern FuzzerFunctionVector g_function_vector;
|
| +
|
| +} // namespace ipc_fuzzer
|
| +
|
| +#endif // TOOLS_IPC_FUZZER_MUTATE_FUZZER_H_
|
|
|
Chromium Code Reviews
Issue 1000373004:
Combine traits for IPC mutation and generation fuzzing plus other refactoring. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master