xref: /aosp_15_r20/system/extras/simpleperf/libsimpleperf_report_fuzzer.cpp (revision 288bf5226967eb3dac5cce6c939ccc2a7f2b4fe5) 
1*288bf522SAndroid Build Coastguard Worker /*
2*288bf522SAndroid Build Coastguard Worker  * Copyright (C) 2024 The Android Open Source Project
3*288bf522SAndroid Build Coastguard Worker  *
4*288bf522SAndroid Build Coastguard Worker  * Licensed under the Apache License, Version 2.0 (the "License");
5*288bf522SAndroid Build Coastguard Worker  * you may not use this file except in compliance with the License.
6*288bf522SAndroid Build Coastguard Worker  * You may obtain a copy of the License at:
7*288bf522SAndroid Build Coastguard Worker  *
8*288bf522SAndroid Build Coastguard Worker  * http://www.apache.org/licenses/LICENSE-2.0
9*288bf522SAndroid Build Coastguard Worker  *
10*288bf522SAndroid Build Coastguard Worker  * Unless required by applicable law or agreed to in writing, software
11*288bf522SAndroid Build Coastguard Worker  * distributed under the License is distributed on an "AS IS" BASIS,
12*288bf522SAndroid Build Coastguard Worker  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*288bf522SAndroid Build Coastguard Worker  * See the License for the specific language governing permissions and
14*288bf522SAndroid Build Coastguard Worker  * limitations under the License.
15*288bf522SAndroid Build Coastguard Worker  *
16*288bf522SAndroid Build Coastguard Worker  */
17*288bf522SAndroid Build Coastguard Worker 
18*288bf522SAndroid Build Coastguard Worker #include <record_file.h>
19*288bf522SAndroid Build Coastguard Worker #include "command.h"
20*288bf522SAndroid Build Coastguard Worker #include "fuzzer/FuzzedDataProvider.h"
21*288bf522SAndroid Build Coastguard Worker #include "test_util.h"
22*288bf522SAndroid Build Coastguard Worker 
23*288bf522SAndroid Build Coastguard Worker using namespace simpleperf;
24*288bf522SAndroid Build Coastguard Worker using namespace std;
25*288bf522SAndroid Build Coastguard Worker using namespace android;
26*288bf522SAndroid Build Coastguard Worker 
27*288bf522SAndroid Build Coastguard Worker class SimplePerfReportFuzzer {
28*288bf522SAndroid Build Coastguard Worker  public:
SimplePerfReportFuzzer(const uint8_t * data,size_t size)29*288bf522SAndroid Build Coastguard Worker   SimplePerfReportFuzzer(const uint8_t* data, size_t size) : mFdp(data, size) {
30*288bf522SAndroid Build Coastguard Worker     /**
31*288bf522SAndroid Build Coastguard Worker      * Use maximum of 80% of buffer to write in FD and save at least 20% for fuzzing other APIs
32*288bf522SAndroid Build Coastguard Worker      */
33*288bf522SAndroid Build Coastguard Worker     const int32_t dataSize = mFdp.ConsumeIntegralInRange<int32_t>(0, (size * 80) / 100);
34*288bf522SAndroid Build Coastguard Worker     std::vector<uint8_t> dataPointer = mFdp.ConsumeBytes<uint8_t>(dataSize);
35*288bf522SAndroid Build Coastguard Worker     android::base::WriteFully(mTempfile.fd, dataPointer.data(), dataPointer.size());
36*288bf522SAndroid Build Coastguard Worker     RegisterDumpRecordCommand();
37*288bf522SAndroid Build Coastguard Worker   }
38*288bf522SAndroid Build Coastguard Worker   void process();
39*288bf522SAndroid Build Coastguard Worker 
40*288bf522SAndroid Build Coastguard Worker  private:
41*288bf522SAndroid Build Coastguard Worker   FuzzedDataProvider mFdp;
42*288bf522SAndroid Build Coastguard Worker   TemporaryFile mTempfile;
43*288bf522SAndroid Build Coastguard Worker   void TestDumpCmd();
44*288bf522SAndroid Build Coastguard Worker };
45*288bf522SAndroid Build Coastguard Worker 
TestDumpCmd()46*288bf522SAndroid Build Coastguard Worker void SimplePerfReportFuzzer::TestDumpCmd() {
47*288bf522SAndroid Build Coastguard Worker   std::unique_ptr<Command> dump_cmd = CreateCommandInstance("dump");
48*288bf522SAndroid Build Coastguard Worker   CaptureStdout capture;
49*288bf522SAndroid Build Coastguard Worker   capture.Start();
50*288bf522SAndroid Build Coastguard Worker   dump_cmd->Run({"-i", mTempfile.path, "--dump-etm", "raw,packet,element"});
51*288bf522SAndroid Build Coastguard Worker }
52*288bf522SAndroid Build Coastguard Worker 
process()53*288bf522SAndroid Build Coastguard Worker void SimplePerfReportFuzzer::process() {
54*288bf522SAndroid Build Coastguard Worker   std::unique_ptr<RecordFileReader> reader = RecordFileReader::CreateInstance(mTempfile.path);
55*288bf522SAndroid Build Coastguard Worker   if (!reader.get()) {
56*288bf522SAndroid Build Coastguard Worker     return;
57*288bf522SAndroid Build Coastguard Worker   }
58*288bf522SAndroid Build Coastguard Worker   while (mFdp.remaining_bytes()) {
59*288bf522SAndroid Build Coastguard Worker     auto InvokeReader = mFdp.PickValueInArray<const std::function<void()>>({
60*288bf522SAndroid Build Coastguard Worker         [&]() { reader->ReadCmdlineFeature(); },
61*288bf522SAndroid Build Coastguard Worker         [&]() { reader->ReadBuildIdFeature(); },
62*288bf522SAndroid Build Coastguard Worker         [&]() { reader->ReadFeatureString(mFdp.ConsumeIntegral<int32_t>() /* feature */); },
63*288bf522SAndroid Build Coastguard Worker         [&]() {
64*288bf522SAndroid Build Coastguard Worker           vector<uint8_t> buf;
65*288bf522SAndroid Build Coastguard Worker           bool error;
66*288bf522SAndroid Build Coastguard Worker           reader->ReadAuxData(mFdp.ConsumeIntegral<uint32_t>() /* cpu */,
67*288bf522SAndroid Build Coastguard Worker                               mFdp.ConsumeIntegral<uint64_t>() /* aux_offset */,
68*288bf522SAndroid Build Coastguard Worker                               mFdp.ConsumeIntegral<size_t>() /* size */, buf, error);
69*288bf522SAndroid Build Coastguard Worker         },
70*288bf522SAndroid Build Coastguard Worker         [&]() { reader->ReadDebugUnwindFeature(); },
71*288bf522SAndroid Build Coastguard Worker         [&]() { reader->DataSection(); },
72*288bf522SAndroid Build Coastguard Worker         [&]() {
73*288bf522SAndroid Build Coastguard Worker           ThreadTree thread_tree;
74*288bf522SAndroid Build Coastguard Worker           reader->LoadBuildIdAndFileFeatures(thread_tree);
75*288bf522SAndroid Build Coastguard Worker         },
76*288bf522SAndroid Build Coastguard Worker     });
77*288bf522SAndroid Build Coastguard Worker     InvokeReader();
78*288bf522SAndroid Build Coastguard Worker   }
79*288bf522SAndroid Build Coastguard Worker   TestDumpCmd();
80*288bf522SAndroid Build Coastguard Worker   reader->Close();
81*288bf522SAndroid Build Coastguard Worker }
82*288bf522SAndroid Build Coastguard Worker 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)83*288bf522SAndroid Build Coastguard Worker extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
84*288bf522SAndroid Build Coastguard Worker   SimplePerfReportFuzzer simplePerfReportFuzzer(data, size);
85*288bf522SAndroid Build Coastguard Worker   simplePerfReportFuzzer.process();
86*288bf522SAndroid Build Coastguard Worker   return 0;
87*288bf522SAndroid Build Coastguard Worker }
88