| Dylan Katz | 9d5845b | 2020-05-11 15:44:01 -0700 | [diff] [blame] | 1 | /* | 
|  | 2 | * Copyright 2020 The Android Open Source Project | 
|  | 3 | * | 
|  | 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | 
|  | 5 | * you may not use this file except in compliance with the License. | 
|  | 6 | * You may obtain a copy of the License at | 
|  | 7 | * | 
|  | 8 | *      http://www.apache.org/licenses/LICENSE-2.0 | 
|  | 9 | * | 
|  | 10 | * Unless required by applicable law or agreed to in writing, software | 
|  | 11 | * distributed under the License is distributed on an "AS IS" BASIS, | 
|  | 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
|  | 13 | * See the License for the specific language governing permissions and | 
|  | 14 | * limitations under the License. | 
|  | 15 | */ | 
|  | 16 | #include <functional> | 
|  | 17 |  | 
|  | 18 | #include "fuzzer/FuzzedDataProvider.h" | 
|  | 19 | #include "utils/BitSet.h" | 
|  | 20 | static constexpr uint8_t MAX_OPERATIONS = 50; | 
|  | 21 |  | 
|  | 22 | // We need to handle both 32 and 64 bit bitsets, so we use a function template | 
|  | 23 | // here. Sadly, std::function can't be generic, so we generate a vector of | 
|  | 24 | // std::functions using this function. | 
|  | 25 | template <typename T> | 
|  | 26 | std::vector<std::function<void(T, uint32_t)>> getOperationsForType() { | 
|  | 27 | return { | 
|  | 28 | [](T bs, uint32_t val) -> void { bs.markBit(val); }, | 
|  | 29 | [](T bs, uint32_t val) -> void { bs.valueForBit(val); }, | 
|  | 30 | [](T bs, uint32_t val) -> void { bs.hasBit(val); }, | 
|  | 31 | [](T bs, uint32_t val) -> void { bs.clearBit(val); }, | 
|  | 32 | [](T bs, uint32_t val) -> void { bs.getIndexOfBit(val); }, | 
|  | 33 | [](T bs, uint32_t) -> void { bs.clearFirstMarkedBit(); }, | 
|  | 34 | [](T bs, uint32_t) -> void { bs.markFirstUnmarkedBit(); }, | 
|  | 35 | [](T bs, uint32_t) -> void { bs.clearLastMarkedBit(); }, | 
|  | 36 | [](T bs, uint32_t) -> void { bs.clear(); }, | 
|  | 37 | [](T bs, uint32_t) -> void { bs.count(); }, | 
|  | 38 | [](T bs, uint32_t) -> void { bs.isEmpty(); }, | 
|  | 39 | [](T bs, uint32_t) -> void { bs.isFull(); }, | 
|  | 40 | [](T bs, uint32_t) -> void { bs.firstMarkedBit(); }, | 
|  | 41 | [](T bs, uint32_t) -> void { bs.lastMarkedBit(); }, | 
|  | 42 | }; | 
|  | 43 | } | 
|  | 44 |  | 
|  | 45 | // Our operations for 32 and 64 bit bitsets | 
|  | 46 | static const std::vector<std::function<void(android::BitSet32, uint32_t)>> thirtyTwoBitOps = | 
|  | 47 | getOperationsForType<android::BitSet32>(); | 
|  | 48 | static const std::vector<std::function<void(android::BitSet64, uint32_t)>> sixtyFourBitOps = | 
|  | 49 | getOperationsForType<android::BitSet64>(); | 
|  | 50 |  | 
|  | 51 | void runOperationFor32Bit(android::BitSet32 bs, uint32_t bit, uint8_t operation) { | 
|  | 52 | thirtyTwoBitOps[operation](bs, bit); | 
|  | 53 | } | 
|  | 54 |  | 
|  | 55 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | 
|  | 56 | FuzzedDataProvider dataProvider(data, size); | 
|  | 57 | uint32_t thirty_two_base = dataProvider.ConsumeIntegral<uint32_t>(); | 
|  | 58 | uint64_t sixty_four_base = dataProvider.ConsumeIntegral<uint64_t>(); | 
|  | 59 | android::BitSet32 b1 = android::BitSet32(thirty_two_base); | 
|  | 60 | android::BitSet64 b2 = android::BitSet64(sixty_four_base); | 
|  | 61 |  | 
|  | 62 | size_t opsRun = 0; | 
|  | 63 | while (dataProvider.remaining_bytes() > 0 && opsRun++ < MAX_OPERATIONS) { | 
|  | 64 | uint32_t bit = dataProvider.ConsumeIntegral<uint32_t>(); | 
|  | 65 | uint8_t op = dataProvider.ConsumeIntegral<uint8_t>(); | 
|  | 66 | thirtyTwoBitOps[op % thirtyTwoBitOps.size()](b1, bit); | 
|  | 67 | sixtyFourBitOps[op % sixtyFourBitOps.size()](b2, bit); | 
|  | 68 | } | 
|  | 69 | return 0; | 
|  | 70 | } |