rpc_binder: weigh sending a message to a TA more heavily in `trusty_tipc_fuzzer`
Instead of equally weighing
1. adding a new TA
2. removing a TA
3. sending a message to a TA
weigh 3. more heavily, 20%-20%-60% so that
more time is spent fuzzing sending actual messages.
Test: build.py qemu-generic-arm64-fuzz-test-debug &&
./build-root/build-qemu-generic-arm64-fuzz-test-debug/run.py &&
lunch qemu_trusty_arm64-trunk_staging-userdebug &&
m trusty_binder_fuzzer_multi_connection &&
adb root &&
adb sync data &&
adb shell /data/fuzz/arm64/trusty_binder_fuzzer_multi_connection/trusty_binder_fuzzer_multi_connection
Change-Id: I5a24fef059ded2a706d5c9229469f89ce90d6c5e
diff --git a/trusty/fuzz/tipc_fuzzer.cpp b/trusty/fuzz/tipc_fuzzer.cpp
index d5e23e0..f9f6c8c 100644
--- a/trusty/fuzz/tipc_fuzzer.cpp
+++ b/trusty/fuzz/tipc_fuzzer.cpp
@@ -97,48 +97,47 @@
static_assert(MAX_CONNECTIONS >= 1);
// Either
- // 1. Add a new TA and connect.
- // 2. Remove a TA.
- // 3. Send a random message to a random TA.
+ // 1. (20%) Add a new TA and connect.
+ // 2. (20%) Remove a TA.
+ // 3. (60%) Send a random message to a random TA.
+ auto add_ta = [&]() {
+ if (trustyApps.size() >= MAX_CONNECTIONS) {
+ return;
+ }
+ auto& ta = trustyApps.emplace_back(TIPC_DEV, TRUSTY_APP_PORT);
+ abortResult(ta.Connect());
+ };
+ auto remove_ta = [&]() {
+ if (trustyApps.empty()) {
+ return;
+ }
+ trustyApps.pop_back();
+ };
+ auto send_message = [&]() {
+ if (trustyApps.empty()) {
+ return;
+ }
+
+ // Choose a random TA.
+ const auto i = provider.ConsumeIntegralInRange<size_t>(0, trustyApps.size() - 1);
+ std::swap(trustyApps[i], trustyApps.back());
+ auto& ta = trustyApps.back();
+
+ // Send a random message.
+ const auto data = provider.ConsumeRandomLengthString();
+ abortResult(ta.Write(data.data(), data.size()));
+
+ std::array<uint8_t, TIPC_MAX_MSG_SIZE> buf;
+ abortResult(ta.Read(buf.data(), buf.size()));
+
+ // Reconnect to ensure that the service is still up.
+ ta.Disconnect();
+ abortResult(ta.Connect());
+ };
const std::function<void()> options[] = {
- // Add a new TA and connect.
- [&]() {
- if (trustyApps.size() >= MAX_CONNECTIONS) {
- return;
- }
- auto& ta = trustyApps.emplace_back(TIPC_DEV, TRUSTY_APP_PORT);
- abortResult(ta.Connect());
- },
- // Remove a TA.
- [&]() {
- if (trustyApps.empty()) {
- return;
- }
- trustyApps.pop_back();
- },
- // Send a random message to a random TA.
- [&]() {
- if (trustyApps.empty()) {
- return;
- }
-
- // Choose a random TA.
- const auto i =
- provider.ConsumeIntegralInRange<size_t>(0, trustyApps.size() - 1);
- std::swap(trustyApps[i], trustyApps.back());
- auto& ta = trustyApps.back();
-
- // Send a random message.
- const auto data = provider.ConsumeRandomLengthString();
- abortResult(ta.Write(data.data(), data.size()));
-
- std::array<uint8_t, TIPC_MAX_MSG_SIZE> buf;
- abortResult(ta.Read(buf.data(), buf.size()));
-
- // Reconnect to ensure that the service is still up.
- ta.Disconnect();
- abortResult(ta.Connect());
- },
+ add_ta, // 1x: 20%
+ remove_ta, // 1x: 20%
+ send_message, send_message, send_message, // 3x: 60%
};
provider.PickValueInArray(options)();