Merge "Add second batch of fuzzers for libutils" am: 2cfea97b

    shared_libs: [

        "libutils",

        "libbase",

        "liblog",

    ],

}

    srcs: ["Vector_fuzz.cpp"],

}

cc_fuzz {

    name: "libutils_fuzz_printer",

    defaults: ["libutils_fuzz_defaults"],

    srcs: ["Printer_fuzz.cpp"],

}

cc_fuzz {

    name: "libutils_fuzz_callstack",

    defaults: ["libutils_fuzz_defaults"],

    srcs: ["CallStack_fuzz.cpp"],

    shared_libs: [

        "libutilscallstack",

    ],

}

cc_fuzz {

    name: "libutils_fuzz_process_callstack",

    defaults: ["libutils_fuzz_defaults"],

    srcs: ["ProcessCallStack_fuzz.cpp"],

    shared_libs: [

        "libutilscallstack",

    ],

}

cc_fuzz {

    name: "libutils_fuzz_stopwatch",

    defaults: ["libutils_fuzz_defaults"],

    srcs: ["StopWatch_fuzz.cpp"],

}

cc_fuzz {

    name: "libutils_fuzz_propertymap",

    defaults: ["libutils_fuzz_defaults"],

    srcs: ["PropertyMap_fuzz.cpp"],

}

cc_fuzz {

    name: "libutils_fuzz_rwlock",

    defaults: ["libutils_fuzz_defaults"],

    srcs: ["RWLock_fuzz.cpp"],

}

cc_fuzz {

    name: "libutils_fuzz_refbase",

    defaults: ["libutils_fuzz_defaults"],

    srcs: ["RefBase_fuzz.cpp"],

}

cc_fuzz {

    name: "libutils_fuzz_lrucache",

    defaults: ["libutils_fuzz_defaults"],

    srcs: ["LruCache_fuzz.cpp"],

}

cc_fuzz {

    name: "libutils_fuzz_looper",

    defaults: ["libutils_fuzz_defaults"],

    srcs: ["Looper_fuzz.cpp"],

}

cc_test {

    name: "libutils_test",

    host_supported: true,

/*

 * Copyright 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#include <memory.h>

#include "fuzzer/FuzzedDataProvider.h"

#include "utils/CallStack.h"

static constexpr int MAX_STRING_SIZE = 500;

static constexpr int MAX_IGNORE_DEPTH = 200;

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

    FuzzedDataProvider dataProvider(data, size);

    size_t ignoreDepth = dataProvider.ConsumeIntegralInRange<size_t>(0, MAX_IGNORE_DEPTH);

    int logPriority = dataProvider.ConsumeIntegral<int>();

    pid_t tid = dataProvider.ConsumeIntegral<pid_t>();

    std::string logTag = dataProvider.ConsumeRandomLengthString(MAX_STRING_SIZE);

    std::string prefix = dataProvider.ConsumeRandomLengthString(MAX_STRING_SIZE);

    const char* logTagChars = logTag.c_str();

    const char* prefixChars = prefix.c_str();

    android::CallStack::CallStackUPtr callStack = android::CallStack::getCurrent(ignoreDepth);

    android::CallStack* callstackPtr = callStack.get();

    android::CallStack::logStack(logTagChars, callstackPtr,

                                 static_cast<android_LogPriority>(logPriority));

    android::CallStack::stackToString(prefixChars);

    callstackPtr->log(logTagChars, static_cast<android_LogPriority>(logPriority), prefixChars);

    callstackPtr->clear();

    callstackPtr->getCurrent(ignoreDepth);

    callstackPtr->log(logTagChars, static_cast<android_LogPriority>(logPriority), prefixChars);

    callstackPtr->update(ignoreDepth, tid);

    callstackPtr->log(logTagChars, static_cast<android_LogPriority>(logPriority), prefixChars);

    return 0;

}

/*

 * Copyright 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#include <sys/select.h>

#include <iostream>

#include <utils/Looper.h>

#include "Looper_test_pipe.h"

#include "fuzzer/FuzzedDataProvider.h"

using android::Looper;

using android::sp;

// We don't want this to bog down fuzzing

static constexpr int MAX_POLL_DELAY = 50;

static constexpr int MAX_OPERATIONS = 500;

void doNothing() {}

void* doNothingPointer = reinterpret_cast<void*>(doNothing);

static int noopCallback(int, int, void*) {

    return 0;

}

std::vector<std::function<void(FuzzedDataProvider*, sp<Looper>, Pipe)>> operations = {

        [](FuzzedDataProvider* dataProvider, sp<Looper> looper, Pipe) -> void {

            looper->pollOnce(dataProvider->ConsumeIntegralInRange<int>(0, MAX_POLL_DELAY));

        },

        [](FuzzedDataProvider* dataProvider, sp<Looper> looper, Pipe) -> void {

            looper->pollAll(dataProvider->ConsumeIntegralInRange<int>(0, MAX_POLL_DELAY));

        },

        // events and callback are nullptr

        [](FuzzedDataProvider* dataProvider, sp<Looper> looper, Pipe pipeObj) -> void {

            looper->addFd(pipeObj.receiveFd, dataProvider->ConsumeIntegral<int>(),

                          dataProvider->ConsumeIntegral<int>(), nullptr, nullptr);

        },

        // Events is nullptr

        [](FuzzedDataProvider* dataProvider, sp<Looper> looper, Pipe pipeObj) -> void {

            looper->addFd(pipeObj.receiveFd, dataProvider->ConsumeIntegral<int>(),

                          dataProvider->ConsumeIntegral<int>(), noopCallback, nullptr);

        },

        // callback is nullptr

        [](FuzzedDataProvider* dataProvider, sp<Looper> looper, Pipe pipeObj) -> void {

            looper->addFd(pipeObj.receiveFd, dataProvider->ConsumeIntegral<int>(),

                          dataProvider->ConsumeIntegral<int>(), nullptr, doNothingPointer);

        },

        // callback and events both set

        [](FuzzedDataProvider* dataProvider, sp<Looper> looper, Pipe pipeObj) -> void {

            looper->addFd(pipeObj.receiveFd, dataProvider->ConsumeIntegral<int>(),

                          dataProvider->ConsumeIntegral<int>(), noopCallback, doNothingPointer);

        },

        [](FuzzedDataProvider*, sp<Looper> looper, Pipe) -> void { looper->wake(); },

        [](FuzzedDataProvider*, sp<Looper>, Pipe pipeObj) -> void { pipeObj.writeSignal(); }};

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

    Pipe pipeObj;

    FuzzedDataProvider dataProvider(data, size);

    sp<Looper> looper = new Looper(dataProvider.ConsumeBool());

    size_t opsRun = 0;

    while (dataProvider.remaining_bytes() > 0 && opsRun++ < MAX_OPERATIONS) {

        uint8_t op = dataProvider.ConsumeIntegralInRange<uint8_t>(0, operations.size() - 1);

        operations[op](&dataProvider, looper, pipeObj);

    }

    // Clear our pointer

    looper.clear();

    return 0;

}

// Copyright 2010 The Android Open Source Project

//

#include <utils/Looper.h>

#include <utils/Timers.h>

#include <utils/StopWatch.h>

#include <gtest/gtest.h>

#include <unistd.h>

#include <time.h>

#include <unistd.h>

#include <utils/Looper.h>

#include <utils/StopWatch.h>

#include <utils/Timers.h>

#include "Looper_test_pipe.h"

#include <utils/threads.h>

    MSG_TEST4 = 4,

};

class Pipe {

public:

    int sendFd;

    int receiveFd;

    Pipe() {

        int fds[2];

        ::pipe(fds);

        receiveFd = fds[0];

        sendFd = fds[1];

    }

    ~Pipe() {

        if (sendFd != -1) {

            ::close(sendFd);

        }

        if (receiveFd != -1) {

            ::close(receiveFd);

        }

    }

    status_t writeSignal() {

        ssize_t nWritten = ::write(sendFd, "*", 1);

        return nWritten == 1 ? 0 : -errno;

    }

    status_t readSignal() {

        char buf[1];

        ssize_t nRead = ::read(receiveFd, buf, 1);

        return nRead == 1 ? 0 : nRead == 0 ? -EPIPE : -errno;

    }

};

class DelayedTask : public Thread {

    int mDelayMillis;

/*

 * Copyright 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#pragma once

#include <unistd.h>

/**

 * A pipe class for use when testing or fuzzing Looper

 */

class Pipe {

  public:

    int sendFd;

    int receiveFd;

    Pipe() {

        int fds[2];

        ::pipe(fds);

        receiveFd = fds[0];

        sendFd = fds[1];

    }

    ~Pipe() {

        if (sendFd != -1) {

            ::close(sendFd);

        }

        if (receiveFd != -1) {

            ::close(receiveFd);

        }

    }

    android::status_t writeSignal() {

        ssize_t nWritten = ::write(sendFd, "*", 1);

        return nWritten == 1 ? 0 : -errno;

    }

    android::status_t readSignal() {

        char buf[1];

        ssize_t nRead = ::read(receiveFd, buf, 1);

        return nRead == 1 ? 0 : nRead == 0 ? -EPIPE : -errno;

    }

};