| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stddef.h> | 5 #include <stddef.h> |
| 6 #include <stdint.h> | 6 #include <stdint.h> |
| 7 | 7 |
| 8 #include <iostream> | 8 #include <iostream> |
| 9 #include <set> | 9 #include <set> |
| 10 #include <utility> |
| 10 #include <vector> | 11 #include <vector> |
| 11 | 12 |
| 12 #include "base/command_line.h" | 13 #include "base/command_line.h" |
| 13 #include "base/strings/string_split.h" | 14 #include "base/strings/string_split.h" |
| 14 #include "ipc/ipc_message_macros.h" | 15 #include "ipc/ipc_message_macros.h" |
| 15 #include "tools/ipc_fuzzer/fuzzer/fuzzer.h" | 16 #include "tools/ipc_fuzzer/fuzzer/fuzzer.h" |
| 16 #include "tools/ipc_fuzzer/fuzzer/generator.h" | 17 #include "tools/ipc_fuzzer/fuzzer/generator.h" |
| 17 #include "tools/ipc_fuzzer/fuzzer/mutator.h" | 18 #include "tools/ipc_fuzzer/fuzzer/mutator.h" |
| 18 #include "tools/ipc_fuzzer/fuzzer/rand_util.h" | 19 #include "tools/ipc_fuzzer/fuzzer/rand_util.h" |
| 19 #include "tools/ipc_fuzzer/message_lib/message_file.h" | 20 #include "tools/ipc_fuzzer/message_lib/message_file.h" |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 86 return new Mutator(frequency); | 87 return new Mutator(frequency); |
| 87 | 88 |
| 88 if (name == "no-op") | 89 if (name == "no-op") |
| 89 return new NoOpFuzzer(); | 90 return new NoOpFuzzer(); |
| 90 | 91 |
| 91 std::cerr << "No such fuzzer: " << name << "\n"; | 92 std::cerr << "No such fuzzer: " << name << "\n"; |
| 92 return 0; | 93 return 0; |
| 93 } | 94 } |
| 94 }; | 95 }; |
| 95 | 96 |
| 96 static IPC::Message* RewriteMessage( | 97 static std::unique_ptr<IPC::Message> RewriteMessage(IPC::Message* message, |
| 97 IPC::Message* message, | 98 Fuzzer* fuzzer, |
| 98 Fuzzer* fuzzer, | 99 FuzzerFunctionMap* map) { |
| 99 FuzzerFunctionMap* map) { | |
| 100 FuzzerFunctionMap::iterator it = map->find(message->type()); | 100 FuzzerFunctionMap::iterator it = map->find(message->type()); |
| 101 if (it == map->end()) { | 101 if (it == map->end()) { |
| 102 // This usually indicates a missing message file in all_messages.h, or | 102 // This usually indicates a missing message file in all_messages.h, or |
| 103 // that the message dump file is taken from a different revision of | 103 // that the message dump file is taken from a different revision of |
| 104 // chromium from this executable. | 104 // chromium from this executable. |
| 105 std::cerr << "Unknown message type: [" | 105 std::cerr << "Unknown message type: [" |
| 106 << IPC_MESSAGE_ID_CLASS(message->type()) << ", " | 106 << IPC_MESSAGE_ID_CLASS(message->type()) << ", " |
| 107 << IPC_MESSAGE_ID_LINE(message->type()) << "].\n"; | 107 << IPC_MESSAGE_ID_LINE(message->type()) << "].\n"; |
| 108 return 0; | 108 return 0; |
| 109 } | 109 } |
| (...skipping 11 matching lines...) Expand all Loading... |
| 121 | 121 |
| 122 int message_count = 1000; | 122 int message_count = 1000; |
| 123 if (cmd->HasSwitch(kCountSwitch)) | 123 if (cmd->HasSwitch(kCountSwitch)) |
| 124 message_count = atoi(cmd->GetSwitchValueASCII(kCountSwitch).c_str()); | 124 message_count = atoi(cmd->GetSwitchValueASCII(kCountSwitch).c_str()); |
| 125 | 125 |
| 126 MessageVector message_vector; | 126 MessageVector message_vector; |
| 127 int bad_count = 0; | 127 int bad_count = 0; |
| 128 if (message_count < 0) { | 128 if (message_count < 0) { |
| 129 // Enumerate them all. | 129 // Enumerate them all. |
| 130 for (size_t i = 0; i < g_function_vector.size(); ++i) { | 130 for (size_t i = 0; i < g_function_vector.size(); ++i) { |
| 131 if (IPC::Message* new_message = (*g_function_vector[i])(NULL, fuzzer)) | 131 std::unique_ptr<IPC::Message> new_message = |
| 132 message_vector.push_back(new_message); | 132 (*g_function_vector[i])(nullptr, fuzzer); |
| 133 if (new_message) |
| 134 message_vector.push_back(std::move(new_message)); |
| 133 else | 135 else |
| 134 bad_count += 1; | 136 bad_count += 1; |
| 135 } | 137 } |
| 136 } else { | 138 } else { |
| 137 // Fuzz a random batch. | 139 // Fuzz a random batch. |
| 138 for (int i = 0; i < message_count; ++i) { | 140 for (int i = 0; i < message_count; ++i) { |
| 139 size_t index = RandInRange(g_function_vector.size()); | 141 size_t index = RandInRange(g_function_vector.size()); |
| 140 if (IPC::Message* new_message = (*g_function_vector[index])(NULL, fuzzer)) | 142 std::unique_ptr<IPC::Message> new_message = |
| 141 message_vector.push_back(new_message); | 143 (*g_function_vector[index])(nullptr, fuzzer); |
| 144 if (new_message) |
| 145 message_vector.push_back(std::move(new_message)); |
| 142 else | 146 else |
| 143 bad_count += 1; | 147 bad_count += 1; |
| 144 } | 148 } |
| 145 } | 149 } |
| 146 | 150 |
| 147 std::cerr << "Failed to generate " << bad_count << " messages.\n"; | 151 std::cerr << "Failed to generate " << bad_count << " messages.\n"; |
| 148 if (!MessageFile::Write(base::FilePath(output_file_name), message_vector)) | 152 if (!MessageFile::Write(base::FilePath(output_file_name), message_vector)) |
| 149 return EXIT_FAILURE; | 153 return EXIT_FAILURE; |
| 150 return EXIT_SUCCESS; | 154 return EXIT_SUCCESS; |
| 151 } | 155 } |
| (...skipping 18 matching lines...) Expand all Loading... |
| 170 } | 174 } |
| 171 | 175 |
| 172 FuzzerFunctionMap fuzz_function_map; | 176 FuzzerFunctionMap fuzz_function_map; |
| 173 PopulateFuzzerFunctionMap(&fuzz_function_map); | 177 PopulateFuzzerFunctionMap(&fuzz_function_map); |
| 174 | 178 |
| 175 MessageVector message_vector; | 179 MessageVector message_vector; |
| 176 if (!MessageFile::Read(base::FilePath(input_file_name), &message_vector)) | 180 if (!MessageFile::Read(base::FilePath(input_file_name), &message_vector)) |
| 177 return EXIT_FAILURE; | 181 return EXIT_FAILURE; |
| 178 | 182 |
| 179 for (size_t i = 0; i < message_vector.size(); ++i) { | 183 for (size_t i = 0; i < message_vector.size(); ++i) { |
| 180 IPC::Message* msg = message_vector[i]; | 184 IPC::Message* msg = message_vector[i].get(); |
| 181 // If an explicit type set is specified, make sure we should be mutating | 185 // If an explicit type set is specified, make sure we should be mutating |
| 182 // this message type on this run. | 186 // this message type on this run. |
| 183 if (!type_set.empty() && type_set.end() == std::find( | 187 if (!type_set.empty() && type_set.end() == std::find( |
| 184 type_set.begin(), type_set.end(), msg->type())) { | 188 type_set.begin(), type_set.end(), msg->type())) { |
| 185 continue; | 189 continue; |
| 186 } | 190 } |
| 187 IPC::Message* new_message = RewriteMessage(msg, fuzzer, &fuzz_function_map); | 191 std::unique_ptr<IPC::Message> new_message = |
| 188 if (new_message) { | 192 RewriteMessage(msg, fuzzer, &fuzz_function_map); |
| 189 IPC::Message* old_message = message_vector[i]; | 193 if (new_message) |
| 190 delete old_message; | 194 message_vector[i] = std::move(new_message); |
| 191 message_vector[i] = new_message; | |
| 192 } | |
| 193 } | 195 } |
| 194 | 196 |
| 195 if (permute) { | 197 if (permute) { |
| 196 std::random_shuffle(message_vector.begin(), message_vector.end(), | 198 std::random_shuffle(message_vector.begin(), message_vector.end(), |
| 197 RandInRange); | 199 RandInRange); |
| 198 } | 200 } |
| 199 | 201 |
| 200 if (!MessageFile::Write(base::FilePath(output_file_name), message_vector)) | 202 if (!MessageFile::Write(base::FilePath(output_file_name), message_vector)) |
| 201 return EXIT_FAILURE; | 203 return EXIT_FAILURE; |
| 202 return EXIT_SUCCESS; | 204 return EXIT_SUCCESS; |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 239 } | 241 } |
| 240 | 242 |
| 241 return result; | 243 return result; |
| 242 } | 244 } |
| 243 | 245 |
| 244 } // namespace ipc_fuzzer | 246 } // namespace ipc_fuzzer |
| 245 | 247 |
| 246 int main(int argc, char** argv) { | 248 int main(int argc, char** argv) { |
| 247 return ipc_fuzzer::FuzzerMain(argc, argv); | 249 return ipc_fuzzer::FuzzerMain(argc, argv); |
| 248 } | 250 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2972773004:
Remove ScopedVector from tools/ipc_fuzzer/. (Closed)
