Move FuzzedDataProvider to //base and expose to blink

Move FuzzedDataProvider to //base and expose to blink

This patch moves FuzzedDataProvider from //net/base to //base. We also
expose a wrapper type in blink platform for use in Blink fuzzers.

This patch also implements a very simple fuzzer for TextResourceDecoder,
which stress tests code operating on a raw byte stream.

BUG=638653
Committed: https://crrev.com/f30fc95f50c3568509541ddb7b527fa5ea1fc201
Cr-Commit-Position: refs/heads/master@{#413253}

[Charlie Harrison, 2016-08-17 18:37:22]

The CQ bit was checked by csharrison@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-17 18:37:47]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Charlie Harrison, 2016-08-17 18:40:51]

Description was changed from

==========
Move FuzzedDataProvider to //base and expose to blink platform

This patch moves FuzzedDataProvider from //net/base to //base. We also
expose a wrapper type in blink platform for use in Blink fuzzers.

This patch also implements a very simple fuzzer for TextResourceDecoder,
which stress tests code operating on a raw byte stream.

BUG=638653
==========

to

==========
Move FuzzedDataProvider to //base and expose to blink

This patch moves FuzzedDataProvider from //net/base to //base. We also
expose a wrapper type in blink platform for use in Blink fuzzers.

This patch also implements a very simple fuzzer for TextResourceDecoder,
which stress tests code operating on a raw byte stream.

BUG=638653
==========

[commit-bot: I haz the power, 2016-08-17 18:41:25]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-17 18:41:27]

Dry run: Try jobs failed on following builders:
  android_arm64_dbg_recipe on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/android_arm6...)
  linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
  cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)
  chromeos_daisy_chromium_compile_only_ng on master.tryserver.chromium.linux
(JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_daisy_...)
  chromeos_x86-generic_chromium_compile_only_ng on
master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_x86-ge...)
  linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux
(JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  linux_chromium_clobber_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[Charlie Harrison, 2016-08-17 18:55:30]

The CQ bit was checked by csharrison@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-17 18:56:06]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-17 18:59:36]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-17 18:59:39]

Dry run: Try jobs failed on following builders:
  cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)
  mac_chromium_compile_dbg_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_comp...)

[Charlie Harrison, 2016-08-17 19:11:42]

The CQ bit was checked by csharrison@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-17 19:12:00]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Charlie Harrison, 2016-08-17 20:19:19]

csharrison@chromium.org changed reviewers:
+ eroman@chromium.org, esprehn@chromium.org, mmoroz@chromium.org,
thestig@chromium.org

[Charlie Harrison, 2016-08-17 20:19:21]

Hi everyone. PTAL at this change. For reference, here is the discussion in
platform-architecture-dev:
https://groups.google.com/a/chromium.org/forum/#!topic/platform-architecture-...

The current plan is to port this class to base, then attempt to make it a
header-only implementation vending std::strings. We'll double check that this
doesn't regress the current net fuzzers.

eroman: net changes
esprehn: blink changes
thestig: base changes
mmoroz: TextResourceDecoderFuzzer implementation

[esprehn, 2016-08-17 20:42:14]

lgtm for blink

https://codereview.chromium.org/2250263003/diff/60001/third_party/WebKit/Sour...
File third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp
(right):

https://codereview.chromium.org/2250263003/diff/60001/third_party/WebKit/Sour...
third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp:17: :
TextResourceDecoder(String::fromUTF8(fuzzedData.ConsumeBytesInRange(0, 16)),
String::fromUTF8(fuzzedData.ConsumeBytesInRange(0, 16)),
FuzzedOption(fuzzedData))
why 16?

https://codereview.chromium.org/2250263003/diff/60001/third_party/WebKit/Sour...
File third_party/WebKit/Source/platform/testing/FuzzedDataProvider.h (right):

https://codereview.chromium.org/2250263003/diff/60001/third_party/WebKit/Sour...
third_party/WebKit/Source/platform/testing/FuzzedDataProvider.h:21:
FuzzedDataProvider(const uint8_t* bytes, size_t);
var name for the size_t

[Lei Zhang, 2016-08-17 20:53:29]

lgtm

[Charlie Harrison, 2016-08-17 21:09:41]

The CQ bit was checked by csharrison@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-17 21:10:25]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Charlie Harrison, 2016-08-17 21:22:14]

Thanks!

https://codereview.chromium.org/2250263003/diff/60001/third_party/WebKit/Sour...
File third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp
(right):

https://codereview.chromium.org/2250263003/diff/60001/third_party/WebKit/Sour...
third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp:17: :
TextResourceDecoder(String::fromUTF8(fuzzedData.ConsumeBytesInRange(0, 16)),
String::fromUTF8(fuzzedData.ConsumeBytesInRange(0, 16)),
FuzzedOption(fuzzedData))
On 2016/08/17 20:42:13, esprehn wrote:
> why 16?

Pretty arbitrary. I'll fix this up and add comments. Comments for mimetype say:
// Per RFCs 3023 and 2045, an XML MIME type is of the form:
// ^[0-9a-zA-Z_\\-+~!$\\^{}|.%'`#&*]+/[0-9a-zA-Z_\\-+~!$\\^{}|.%'`#&*]+\+xml$

that's pretty flexible. Maybe we should give it some more bytes.

For charset, we can also get some big ones like "unicode-1-1-utf-8".

To be safe, I'm upping these to be in range 0,32.

https://codereview.chromium.org/2250263003/diff/60001/third_party/WebKit/Sour...
File third_party/WebKit/Source/platform/testing/FuzzedDataProvider.h (right):

https://codereview.chromium.org/2250263003/diff/60001/third_party/WebKit/Sour...
third_party/WebKit/Source/platform/testing/FuzzedDataProvider.h:21:
FuzzedDataProvider(const uint8_t* bytes, size_t);
On 2016/08/17 20:42:14, esprehn wrote:
> var name for the size_t

presubmit yells at me for "size" name, so I went with "numBytes".

[commit-bot: I haz the power, 2016-08-17 22:26:03]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-17 22:26:05]

Dry run: Try jobs failed on following builders:
  win_chromium_compile_dbg_ng on master.tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_comp...)

[mmoroz, 2016-08-18 11:17:11]

LGTM

[mmenke, 2016-08-18 17:08:20]

mmenke@chromium.org changed reviewers:
+ mmenke@chromium.org

[mmenke, 2016-08-18 17:08:21]

I'm not an eroman, not do I play one on TV, but net/ seems fine.  However...

https://codereview.chromium.org/2250263003/diff/80001/base/BUILD.gn
File base/BUILD.gn (right):

https://codereview.chromium.org/2250263003/diff/80001/base/BUILD.gn#newcode359
base/BUILD.gn:359: "fuzzed_data_provider.h",
Should this really be in base's main sources list?  Seems like at the least, it
should be in base/test:test_support, or possibly a new target.

[Charlie Harrison, 2016-08-18 18:10:20]

The CQ bit was checked by csharrison@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-18 18:10:57]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-18 18:15:09]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-18 18:15:10]

Dry run: Try jobs failed on following builders:
  android_clang_dbg_recipe on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/android_clan...)
  cast_shell_android on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/cast_shell_a...)
  linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[Charlie Harrison, 2016-08-18 19:02:18]

The CQ bit was checked by csharrison@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-18 19:02:52]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-18 19:07:30]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-18 19:07:31]

Dry run: Try jobs failed on following builders:
  cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)
  linux_chromium_asan_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  linux_chromium_chromeos_compile_dbg_ng on master.tryserver.chromium.linux
(JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux
(JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[Charlie Harrison, 2016-08-18 19:30:36]

The CQ bit was checked by csharrison@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-18 19:31:29]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-18 20:02:43]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-18 20:02:44]

Dry run: Try jobs failed on following builders:
  win_chromium_compile_dbg_ng on master.tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_comp...)

[eroman, 2016-08-18 21:37:11]

lgtm after responding to these comments

https://codereview.chromium.org/2250263003/diff/140001/base/test/fuzzed_data_...
File base/test/fuzzed_data_provider.h (right):

https://codereview.chromium.org/2250263003/diff/140001/base/test/fuzzed_data_...
base/test/fuzzed_data_provider.h:5: #ifndef BASE_FUZZED_DATA_PROVIDER_H_
BASE_TEST_....

https://codereview.chromium.org/2250263003/diff/140001/base/test/fuzzed_data_...
base/test/fuzzed_data_provider.h:14: namespace base {
A //base OWNER could advise authoritatively, but should this go inside of
base::test namespace?

That said most stuff in base/test is not in a test namespace, so seems fine
as-is.

https://codereview.chromium.org/2250263003/diff/140001/net/BUILD.gn
File net/BUILD.gn (right):

https://codereview.chromium.org/2250263003/diff/140001/net/BUILD.gn#newcode1668
net/BUILD.gn:1668: "//base/test/fuzzed_data_provider.cc",
Is this change intentional? 
Should be handled by a target instead, i.e. //base/test:test_support

https://codereview.chromium.org/2250263003/diff/140001/third_party/WebKit/Sou...
File third_party/WebKit/Source/platform/testing/FuzzedDataProvider.h (right):

https://codereview.chromium.org/2250263003/diff/140001/third_party/WebKit/Sou...
third_party/WebKit/Source/platform/testing/FuzzedDataProvider.h:15: // This
class simply wraps //base/test/fuzzed_data_provider and vends Blink friendly
"frie" ?

[Charlie Harrison, 2016-08-19 15:08:01]

The CQ bit was checked by csharrison@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-19 15:08:22]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Charlie Harrison, 2016-08-19 15:20:14]

The CQ bit was checked by csharrison@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-19 15:20:36]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-19 16:43:38]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-19 16:43:39]

Dry run: Try jobs failed on following builders:
  win_chromium_compile_dbg_ng on master.tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_comp...)

[Charlie Harrison, 2016-08-19 18:58:17]

https://codereview.chromium.org/2250263003/diff/80001/base/BUILD.gn
File base/BUILD.gn (right):

https://codereview.chromium.org/2250263003/diff/80001/base/BUILD.gn#newcode359
base/BUILD.gn:359: "fuzzed_data_provider.h",
On 2016/08/18 17:08:21, mmenke wrote:
> Should this really be in base's main sources list?  Seems like at the least,
it
> should be in base/test:test_support, or possibly a new target.

Ahh I think you're right. The wrapper in platform went in platform test support
so I suppose that makes the most sense. libfuzzers in general are "like unit
tests" and probably want to share unit testing infrastructure.

https://codereview.chromium.org/2250263003/diff/140001/base/test/fuzzed_data_...
File base/test/fuzzed_data_provider.h (right):

https://codereview.chromium.org/2250263003/diff/140001/base/test/fuzzed_data_...
base/test/fuzzed_data_provider.h:5: #ifndef BASE_FUZZED_DATA_PROVIDER_H_
On 2016/08/18 21:37:10, eroman wrote:
> BASE_TEST_....

Done.

https://codereview.chromium.org/2250263003/diff/140001/net/BUILD.gn
File net/BUILD.gn (right):

https://codereview.chromium.org/2250263003/diff/140001/net/BUILD.gn#newcode1668
net/BUILD.gn:1668: "//base/test/fuzzed_data_provider.cc",
On 2016/08/18 21:37:10, eroman wrote:
> Is this change intentional? 
> Should be handled by a target instead, i.e. //base/test:test_support

Added base/test:test_support to fuzzer_test_supports public deps.

https://codereview.chromium.org/2250263003/diff/140001/third_party/WebKit/Sou...
File third_party/WebKit/Source/platform/testing/FuzzedDataProvider.h (right):

https://codereview.chromium.org/2250263003/diff/140001/third_party/WebKit/Sou...
third_party/WebKit/Source/platform/testing/FuzzedDataProvider.h:15: // This
class simply wraps //base/test/fuzzed_data_provider and vends Blink friendly
On 2016/08/18 21:37:11, eroman wrote:
> "frie" ?

Wrapped to 80 cols.

[Charlie Harrison, 2016-08-19 18:59:51]

The CQ bit was checked by csharrison@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-19 19:00:36]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Charlie Harrison, 2016-08-19 19:50:04]

The CQ bit was unchecked by csharrison@chromium.org

[Charlie Harrison, 2016-08-19 19:50:05]

The CQ bit was checked by csharrison@chromium.org

[Charlie Harrison, 2016-08-19 19:50:05]

The patchset sent to the CQ was uploaded after l-g-t-m from
thestig@chromium.org, esprehn@chromium.org, mmoroz@chromium.org,
eroman@chromium.org
Link to the patchset: https://codereview.chromium.org/2250263003/#ps200001
(title: "... also remove PLATFORM_EXPORT")

[commit-bot: I haz the power, 2016-08-19 19:50:46]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-19 21:44:03]

Description was changed from

==========
Move FuzzedDataProvider to //base and expose to blink

This patch moves FuzzedDataProvider from //net/base to //base. We also
expose a wrapper type in blink platform for use in Blink fuzzers.

This patch also implements a very simple fuzzer for TextResourceDecoder,
which stress tests code operating on a raw byte stream.

BUG=638653
==========

to

==========
Move FuzzedDataProvider to //base and expose to blink

This patch moves FuzzedDataProvider from //net/base to //base. We also
expose a wrapper type in blink platform for use in Blink fuzzers.

This patch also implements a very simple fuzzer for TextResourceDecoder,
which stress tests code operating on a raw byte stream.

BUG=638653
==========

[commit-bot: I haz the power, 2016-08-19 21:44:04]

Committed patchset #11 (id:200001)

[commit-bot: I haz the power, 2016-08-19 21:46:48]

Description was changed from

==========
Move FuzzedDataProvider to //base and expose to blink

This patch moves FuzzedDataProvider from //net/base to //base. We also
expose a wrapper type in blink platform for use in Blink fuzzers.

This patch also implements a very simple fuzzer for TextResourceDecoder,
which stress tests code operating on a raw byte stream.

BUG=638653
==========

to

==========
Move FuzzedDataProvider to //base and expose to blink

This patch moves FuzzedDataProvider from //net/base to //base. We also
expose a wrapper type in blink platform for use in Blink fuzzers.

This patch also implements a very simple fuzzer for TextResourceDecoder,
which stress tests code operating on a raw byte stream.

BUG=638653

Committed: https://crrev.com/f30fc95f50c3568509541ddb7b527fa5ea1fc201
Cr-Commit-Position: refs/heads/master@{#413253}
==========

[commit-bot: I haz the power, 2016-08-19 21:46:50]

Patchset 11 (id:??) landed as
https://crrev.com/f30fc95f50c3568509541ddb7b527fa5ea1fc201
Cr-Commit-Position: refs/heads/master@{#413253}