1*fd525a9cSAndroid Build Coastguard Worker // Copyright 2019 Google Inc. All rights reserved.
2*fd525a9cSAndroid Build Coastguard Worker //
3*fd525a9cSAndroid Build Coastguard Worker // Licensed under the Apache License, Version 2.0 (the "License");
4*fd525a9cSAndroid Build Coastguard Worker // you may not use this file except in compliance with the License.
5*fd525a9cSAndroid Build Coastguard Worker // You may obtain a copy of the License at
6*fd525a9cSAndroid Build Coastguard Worker //
7*fd525a9cSAndroid Build Coastguard Worker // http://www.apache.org/licenses/LICENSE-2.0
8*fd525a9cSAndroid Build Coastguard Worker //
9*fd525a9cSAndroid Build Coastguard Worker // Unless required by applicable law or agreed to in writing, software
10*fd525a9cSAndroid Build Coastguard Worker // distributed under the License is distributed on an "AS IS" BASIS,
11*fd525a9cSAndroid Build Coastguard Worker // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*fd525a9cSAndroid Build Coastguard Worker // See the License for the specific language governing permissions and
13*fd525a9cSAndroid Build Coastguard Worker // limitations under the License.
14*fd525a9cSAndroid Build Coastguard Worker
15*fd525a9cSAndroid Build Coastguard Worker #include "port/gtest.h"
16*fd525a9cSAndroid Build Coastguard Worker #include "port/protobuf.h"
17*fd525a9cSAndroid Build Coastguard Worker #include "src/libfuzzer/libfuzzer_macro.h"
18*fd525a9cSAndroid Build Coastguard Worker #include "src/mutator_test_proto2.pb.h"
19*fd525a9cSAndroid Build Coastguard Worker
20*fd525a9cSAndroid Build Coastguard Worker using protobuf_mutator::protobuf::util::MessageDifferencer;
21*fd525a9cSAndroid Build Coastguard Worker using ::testing::_;
22*fd525a9cSAndroid Build Coastguard Worker using ::testing::AllOf;
23*fd525a9cSAndroid Build Coastguard Worker using ::testing::DoAll;
24*fd525a9cSAndroid Build Coastguard Worker using ::testing::Ref;
25*fd525a9cSAndroid Build Coastguard Worker using ::testing::SaveArg;
26*fd525a9cSAndroid Build Coastguard Worker using ::testing::SaveArgPointee;
27*fd525a9cSAndroid Build Coastguard Worker using ::testing::StrictMock;
28*fd525a9cSAndroid Build Coastguard Worker
29*fd525a9cSAndroid Build Coastguard Worker static class MockFuzzer* mock_fuzzer;
30*fd525a9cSAndroid Build Coastguard Worker
31*fd525a9cSAndroid Build Coastguard Worker class MockFuzzer {
32*fd525a9cSAndroid Build Coastguard Worker public:
MockFuzzer()33*fd525a9cSAndroid Build Coastguard Worker MockFuzzer() { mock_fuzzer = this; }
~MockFuzzer()34*fd525a9cSAndroid Build Coastguard Worker ~MockFuzzer() { mock_fuzzer = nullptr; }
35*fd525a9cSAndroid Build Coastguard Worker MOCK_METHOD(void, PostProcess,
36*fd525a9cSAndroid Build Coastguard Worker (protobuf_mutator::Msg * message, unsigned int seed));
37*fd525a9cSAndroid Build Coastguard Worker MOCK_METHOD(void, TestOneInput, (const protobuf_mutator::Msg& message));
38*fd525a9cSAndroid Build Coastguard Worker };
39*fd525a9cSAndroid Build Coastguard Worker
40*fd525a9cSAndroid Build Coastguard Worker protobuf_mutator::libfuzzer::PostProcessorRegistration<protobuf_mutator::Msg>
__anonc751052a0102() 41*fd525a9cSAndroid Build Coastguard Worker reg = {[](protobuf_mutator::Msg* message, unsigned int seed) {
42*fd525a9cSAndroid Build Coastguard Worker mock_fuzzer->PostProcess(message, seed);
43*fd525a9cSAndroid Build Coastguard Worker }};
44*fd525a9cSAndroid Build Coastguard Worker
DEFINE_TEXT_PROTO_FUZZER(const protobuf_mutator::Msg & message)45*fd525a9cSAndroid Build Coastguard Worker DEFINE_TEXT_PROTO_FUZZER(const protobuf_mutator::Msg& message) {
46*fd525a9cSAndroid Build Coastguard Worker mock_fuzzer->TestOneInput(message);
47*fd525a9cSAndroid Build Coastguard Worker }
48*fd525a9cSAndroid Build Coastguard Worker
49*fd525a9cSAndroid Build Coastguard Worker MATCHER_P(IsMessageEq, msg, "") {
50*fd525a9cSAndroid Build Coastguard Worker return MessageDifferencer::Equals(arg, msg.get());
51*fd525a9cSAndroid Build Coastguard Worker }
52*fd525a9cSAndroid Build Coastguard Worker MATCHER(IsInitialized, "") { return arg.IsInitialized(); }
53*fd525a9cSAndroid Build Coastguard Worker
TEST(LibFuzzerTest,LLVMFuzzerTestOneInput)54*fd525a9cSAndroid Build Coastguard Worker TEST(LibFuzzerTest, LLVMFuzzerTestOneInput) {
55*fd525a9cSAndroid Build Coastguard Worker unsigned int seed = 0;
56*fd525a9cSAndroid Build Coastguard Worker testing::StrictMock<MockFuzzer> mock;
57*fd525a9cSAndroid Build Coastguard Worker protobuf_mutator::Msg msg;
58*fd525a9cSAndroid Build Coastguard Worker EXPECT_CALL(mock, PostProcess(_, _))
59*fd525a9cSAndroid Build Coastguard Worker .WillOnce(DoAll(SaveArgPointee<0>(&msg), SaveArg<1>(&seed)));
60*fd525a9cSAndroid Build Coastguard Worker EXPECT_CALL(
61*fd525a9cSAndroid Build Coastguard Worker mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized())));
62*fd525a9cSAndroid Build Coastguard Worker LLVMFuzzerTestOneInput((const uint8_t*)"", 0);
63*fd525a9cSAndroid Build Coastguard Worker
64*fd525a9cSAndroid Build Coastguard Worker EXPECT_CALL(mock, PostProcess(_, seed)).WillOnce(SaveArgPointee<0>(&msg));
65*fd525a9cSAndroid Build Coastguard Worker EXPECT_CALL(
66*fd525a9cSAndroid Build Coastguard Worker mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized())));
67*fd525a9cSAndroid Build Coastguard Worker LLVMFuzzerTestOneInput((const uint8_t*)"", 0);
68*fd525a9cSAndroid Build Coastguard Worker }
69*fd525a9cSAndroid Build Coastguard Worker
TEST(LibFuzzerTest,LLVMFuzzerCustomMutator)70*fd525a9cSAndroid Build Coastguard Worker TEST(LibFuzzerTest, LLVMFuzzerCustomMutator) {
71*fd525a9cSAndroid Build Coastguard Worker testing::StrictMock<MockFuzzer> mock;
72*fd525a9cSAndroid Build Coastguard Worker protobuf_mutator::Msg msg;
73*fd525a9cSAndroid Build Coastguard Worker EXPECT_CALL(mock, PostProcess(_, _)).WillOnce(SaveArgPointee<0>(&msg));
74*fd525a9cSAndroid Build Coastguard Worker EXPECT_CALL(
75*fd525a9cSAndroid Build Coastguard Worker mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized())));
76*fd525a9cSAndroid Build Coastguard Worker
77*fd525a9cSAndroid Build Coastguard Worker uint8_t buff[1024] = {};
78*fd525a9cSAndroid Build Coastguard Worker size_t size = LLVMFuzzerCustomMutator(buff, 0, sizeof(buff), 5);
79*fd525a9cSAndroid Build Coastguard Worker ASSERT_GT(size, 0U);
80*fd525a9cSAndroid Build Coastguard Worker LLVMFuzzerTestOneInput(buff, size);
81*fd525a9cSAndroid Build Coastguard Worker }
82*fd525a9cSAndroid Build Coastguard Worker
TEST(LibFuzzerTest,LLVMFuzzerCustomCrossOver)83*fd525a9cSAndroid Build Coastguard Worker TEST(LibFuzzerTest, LLVMFuzzerCustomCrossOver) {
84*fd525a9cSAndroid Build Coastguard Worker testing::StrictMock<MockFuzzer> mock;
85*fd525a9cSAndroid Build Coastguard Worker protobuf_mutator::Msg msg;
86*fd525a9cSAndroid Build Coastguard Worker EXPECT_CALL(mock, PostProcess(_, _)).WillOnce(SaveArgPointee<0>(&msg));
87*fd525a9cSAndroid Build Coastguard Worker EXPECT_CALL(
88*fd525a9cSAndroid Build Coastguard Worker mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized())));
89*fd525a9cSAndroid Build Coastguard Worker
90*fd525a9cSAndroid Build Coastguard Worker uint8_t buff1[1024] = {};
91*fd525a9cSAndroid Build Coastguard Worker uint8_t buff2[1024] = {};
92*fd525a9cSAndroid Build Coastguard Worker uint8_t buff3[1024] = {};
93*fd525a9cSAndroid Build Coastguard Worker size_t size =
94*fd525a9cSAndroid Build Coastguard Worker LLVMFuzzerCustomCrossOver(buff1, 0, buff2, 0, buff3, sizeof(buff3), 6);
95*fd525a9cSAndroid Build Coastguard Worker ASSERT_GT(size, 0U);
96*fd525a9cSAndroid Build Coastguard Worker LLVMFuzzerTestOneInput(buff3, size);
97*fd525a9cSAndroid Build Coastguard Worker }
98