1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <stddef.h>
16
17 #include <algorithm>
18 #include <map>
19 #include <memory>
20 #include <utility>
21 #include <vector>
22
23 #include <grpc/event_engine/memory_allocator.h>
24 #include <grpc/support/log.h>
25
26 #include "src/core/lib/gprpp/chunked_vector.h"
27 #include "src/core/lib/gprpp/ref_counted_ptr.h"
28 #include "src/core/lib/resource_quota/arena.h"
29 #include "src/core/lib/resource_quota/memory_quota.h"
30 #include "src/core/lib/resource_quota/resource_quota.h"
31 #include "src/libfuzzer/libfuzzer_macro.h"
32 #include "test/core/gprpp/chunked_vector_fuzzer.pb.h"
33
34 bool squelch = true;
35 bool leak_check = true;
36
37 static constexpr size_t kChunkSize = 17;
38 using IntHdl = std::shared_ptr<int>;
39
40 namespace grpc_core {
41 struct Comparison {
Comparisongrpc_core::Comparison42 explicit Comparison(Arena* arena) : chunked(arena) {}
43
44 ChunkedVector<IntHdl, kChunkSize> chunked;
45 std::vector<IntHdl> std;
46
47 // Check that both chunked and std are equivalent.
AssertOkgrpc_core::Comparison48 void AssertOk() const {
49 GPR_ASSERT(std.size() == chunked.size());
50 auto it_chunked = chunked.cbegin();
51 auto it_std = std.cbegin();
52 while (it_std != std.cend()) {
53 GPR_ASSERT(**it_std == **it_chunked);
54 ++it_chunked;
55 ++it_std;
56 }
57 GPR_ASSERT(it_chunked == chunked.cend());
58 }
59 };
60
61 class Fuzzer {
62 public:
63 Fuzzer() = default;
64 ~Fuzzer() = default;
65
Act(const chunked_vector_fuzzer::Action & action)66 void Act(const chunked_vector_fuzzer::Action& action) {
67 switch (action.action_type_case()) {
68 case chunked_vector_fuzzer::Action::kEmplaceBack: {
69 // Add some value to the back of a comparison, assert that both vectors
70 // are equivalent.
71 auto* c = Mutate(action.emplace_back().vector());
72 c->chunked.EmplaceBack(
73 std::make_shared<int>(action.emplace_back().value()));
74 c->std.emplace_back(
75 std::make_shared<int>(action.emplace_back().value()));
76 c->AssertOk();
77 } break;
78 case chunked_vector_fuzzer::Action::kPopBack: {
79 // Remove some value to the back of a comparison, assert that both
80 // vectors are equivalent.
81 auto* c = Mutate(action.pop_back().vector());
82 if (!c->chunked.empty()) {
83 c->chunked.PopBack();
84 c->std.pop_back();
85 c->AssertOk();
86 }
87 } break;
88 case chunked_vector_fuzzer::Action::kCopy: {
89 // Copy one vector into another, assert both everything stays
90 // equivalent.
91 auto it_from = vectors_.find(action.copy().from());
92 if (it_from == vectors_.end()) {
93 it_from =
94 vectors_.emplace(action.copy().from(), Comparison(arena_.get()))
95 .first;
96 }
97 auto it_to = vectors_.find(action.copy().to());
98 if (it_to == vectors_.end()) {
99 it_to = vectors_.emplace(action.copy().to(), it_from->second).first;
100 } else {
101 it_to->second = it_from->second;
102 }
103 it_from->second.AssertOk();
104 it_to->second.AssertOk();
105 } break;
106 case chunked_vector_fuzzer::Action::kMove: {
107 // Move one vector into another, assert both everything stays
108 // equivalent.
109 auto it_from = vectors_.find(action.move().from());
110 if (it_from == vectors_.end()) {
111 it_from =
112 vectors_.emplace(action.move().from(), Comparison(arena_.get()))
113 .first;
114 }
115 auto it_to = vectors_.find(action.move().to());
116 if (it_to == vectors_.end()) {
117 it_to =
118 vectors_.emplace(action.move().to(), std::move(it_from->second))
119 .first;
120 } else {
121 it_to->second = it_from->second;
122 }
123 it_from->second.AssertOk();
124 it_to->second.AssertOk();
125 } break;
126 case chunked_vector_fuzzer::Action::kClear: {
127 // Clear a vector, assert that both underlying vectors are equivalent.
128 auto* c = Mutate(action.clear().vector());
129 c->chunked.Clear();
130 c->std.clear();
131 c->AssertOk();
132 } break;
133 case chunked_vector_fuzzer::Action::kSwap: {
134 // Swap two vectors, assert that both underlying vectors are equivalent.
135 auto* from = Mutate(action.swap().from());
136 auto* to = Mutate(action.swap().to());
137 from->chunked.Swap(&to->chunked);
138 from->std.swap(to->std);
139 from->AssertOk();
140 } break;
141 case chunked_vector_fuzzer::Action::kRemoveIf: {
142 // Apply std::remove_if to a vector, assert that underlying vectors
143 // remain equivalent.
144 auto cond = [&](const IntHdl& hdl) {
145 return *hdl == action.remove_if().value();
146 };
147 auto* c = Mutate(action.remove_if().vector());
148 c->chunked.SetEnd(
149 std::remove_if(c->chunked.begin(), c->chunked.end(), cond));
150 c->std.erase(std::remove_if(c->std.begin(), c->std.end(), cond),
151 c->std.end());
152 c->AssertOk();
153 } break;
154 case chunked_vector_fuzzer::Action::ACTION_TYPE_NOT_SET:
155 break;
156 }
157 }
158
159 private:
Mutate(int index)160 Comparison* Mutate(int index) {
161 auto it = vectors_.find(index);
162 if (it != vectors_.end()) {
163 return &it->second;
164 }
165 return &vectors_.emplace(index, Comparison(arena_.get())).first->second;
166 }
167
168 MemoryAllocator memory_allocator_ = MemoryAllocator(
169 ResourceQuota::Default()->memory_quota()->CreateMemoryAllocator("test"));
170 ScopedArenaPtr arena_ = MakeScopedArena(128, &memory_allocator_);
171 std::map<int, Comparison> vectors_;
172 };
173 } // namespace grpc_core
174
DEFINE_PROTO_FUZZER(const chunked_vector_fuzzer::Msg & msg)175 DEFINE_PROTO_FUZZER(const chunked_vector_fuzzer::Msg& msg) {
176 grpc_core::Fuzzer fuzzer;
177 for (int i = 0; i < msg.actions_size(); i++) {
178 fuzzer.Act(msg.actions(i));
179 }
180 }
181