| Dylan Katz | 9d5845b | 2020-05-11 15:44:01 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2020 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | #include <functional> |
| 17 | |
| 18 | #include "fuzzer/FuzzedDataProvider.h" |
| 19 | #include "utils/BitSet.h" |
| 20 | static constexpr uint8_t MAX_OPERATIONS = 50; |
| 21 | |
| 22 | // We need to handle both 32 and 64 bit bitsets, so we use a function template |
| 23 | // here. Sadly, std::function can't be generic, so we generate a vector of |
| 24 | // std::functions using this function. |
| 25 | template <typename T> |
| 26 | std::vector<std::function<void(T, uint32_t)>> getOperationsForType() { |
| 27 | return { |
| 28 | [](T bs, uint32_t val) -> void { bs.markBit(val); }, |
| 29 | [](T bs, uint32_t val) -> void { bs.valueForBit(val); }, |
| 30 | [](T bs, uint32_t val) -> void { bs.hasBit(val); }, |
| 31 | [](T bs, uint32_t val) -> void { bs.clearBit(val); }, |
| 32 | [](T bs, uint32_t val) -> void { bs.getIndexOfBit(val); }, |
| 33 | [](T bs, uint32_t) -> void { bs.clearFirstMarkedBit(); }, |
| 34 | [](T bs, uint32_t) -> void { bs.markFirstUnmarkedBit(); }, |
| 35 | [](T bs, uint32_t) -> void { bs.clearLastMarkedBit(); }, |
| 36 | [](T bs, uint32_t) -> void { bs.clear(); }, |
| 37 | [](T bs, uint32_t) -> void { bs.count(); }, |
| 38 | [](T bs, uint32_t) -> void { bs.isEmpty(); }, |
| 39 | [](T bs, uint32_t) -> void { bs.isFull(); }, |
| 40 | [](T bs, uint32_t) -> void { bs.firstMarkedBit(); }, |
| 41 | [](T bs, uint32_t) -> void { bs.lastMarkedBit(); }, |
| 42 | }; |
| 43 | } |
| 44 | |
| 45 | // Our operations for 32 and 64 bit bitsets |
| 46 | static const std::vector<std::function<void(android::BitSet32, uint32_t)>> thirtyTwoBitOps = |
| 47 | getOperationsForType<android::BitSet32>(); |
| 48 | static const std::vector<std::function<void(android::BitSet64, uint32_t)>> sixtyFourBitOps = |
| 49 | getOperationsForType<android::BitSet64>(); |
| 50 | |
| 51 | void runOperationFor32Bit(android::BitSet32 bs, uint32_t bit, uint8_t operation) { |
| 52 | thirtyTwoBitOps[operation](bs, bit); |
| 53 | } |
| 54 | |
| 55 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| 56 | FuzzedDataProvider dataProvider(data, size); |
| 57 | uint32_t thirty_two_base = dataProvider.ConsumeIntegral<uint32_t>(); |
| 58 | uint64_t sixty_four_base = dataProvider.ConsumeIntegral<uint64_t>(); |
| 59 | android::BitSet32 b1 = android::BitSet32(thirty_two_base); |
| 60 | android::BitSet64 b2 = android::BitSet64(sixty_four_base); |
| 61 | |
| 62 | size_t opsRun = 0; |
| 63 | while (dataProvider.remaining_bytes() > 0 && opsRun++ < MAX_OPERATIONS) { |
| 64 | uint32_t bit = dataProvider.ConsumeIntegral<uint32_t>(); |
| 65 | uint8_t op = dataProvider.ConsumeIntegral<uint8_t>(); |
| 66 | thirtyTwoBitOps[op % thirtyTwoBitOps.size()](b1, bit); |
| 67 | sixtyFourBitOps[op % sixtyFourBitOps.size()](b2, bit); |
| 68 | } |
| 69 | return 0; |
| 70 | } |