en/html/fuzztest_8h_source.html

#pragma once


#include "zeroerr/internal/config.h"

#include "zeroerr/unittest.h"


#include "zeroerr/domains/aggregate_of.h"

#include "zeroerr/domains/arbitrary.h"

#include "zeroerr/domains/container_of.h"

#include "zeroerr/domains/element_of.h"

#include "zeroerr/domains/in_range.h"

#include "zeroerr/internal/rng.h"


#include <exception>

#include <functional>

#include <string>

#include <tuple>

#include <type_traits>

#include <vector>


ZEROERR_SUPPRESS_COMMON_WARNINGS_PUSH


#define ZEROERR_CREATE_FUZZ_TEST_FUNC(function, name, ...)                                  \

    static void                     function(zeroerr::TestContext*);                        \

    static zeroerr::detail::regTest ZEROERR_NAMEGEN(_zeroerr_reg)(                          \

        {name, __FILE__, __LINE__, function, {__VA_ARGS__}}, zeroerr::TestType::fuzz_test); \

    static void function(ZEROERR_UNUSED(zeroerr::TestContext* _ZEROERR_TEST_CONTEXT))


#define FUZZ_TEST_CASE(name, ...) \

    ZEROERR_CREATE_FUZZ_TEST_FUNC(ZEROERR_NAMEGEN(_zeroerr_testcase), name, __VA_ARGS__)


#define FUZZ_FUNC(func) zeroerr::FuzzFunction(func, _ZEROERR_TEST_CONTEXT)


namespace zeroerr {


namespace detail {


template <typename... Args>


struct FunctionDecomposition {

    static constexpr size_t numOfArgs = sizeof...(Args);

    using ValueType                   = std::tuple<Args...>;

};


template <typename... Args>

FunctionDecomposition<typename std::decay<Args>::type...> FunctionDecompositionImpl(

    void (*)(Args...));


template <typename... Args>

FunctionDecomposition<typename std::decay<Args>::type...> FunctionDecompositionImpl(

    std::function<void(Args...)>);


template <typename T>


struct memfun_type {

    using type = void;

};


template <typename Ret, typename Class, typename... Args>


struct memfun_type<Ret (Class::*)(Args...) const> {

    using ret_type = FunctionDecomposition<typename std::decay<Args>::type...>;

};


template <typename F>

typename memfun_type<decltype(&F::operator())>::ret_type FunctionDecompositionImpl(F);


template <typename T>

using FunctionDecompositionT = decltype(FunctionDecompositionImpl(std::declval<T>()));


}  // namespace detail


template <typename TargetFunction,

          typename FuncType = detail::FunctionDecompositionT<TargetFunction>>

struct FuzzTest;


template <typename TargetFunction, typename FuncType, typename Domain,

          typename Base = FuzzTest<TargetFunction, FuncType>>

struct FuzzTestWithDomain;


struct IFuzzTest {

    virtual void        Run(int count = 1000, int seed = 0)          = 0;

    virtual void        RunOneTime(const uint8_t* data, size_t size) = 0;

    virtual std::string MutateData(const uint8_t* data, size_t size, size_t max_size,

                                   unsigned int seed)                = 0;


    int  count = 0, max_count = 0;

    bool should_stop() { return count == max_count; }

};


class FuzzFinishedException : public std::exception {

public:

    virtual const char* what() const throw() { return "Fuzzing finished"; }

};


// The details are described in the declaration of the class.

template <typename TargetFunction, typename FuncType>


struct FuzzTest : IFuzzTest {

    using ValueType = typename FuncType::ValueType;

    FuzzTest(TargetFunction func, TestContext* context) : func(func), context(context) {}


    FuzzTest(const FuzzTest& other)

        : func(other.func), context(other.context), seeds(other.seeds) {}


    template <typename... T>

    using FuzzTestWithDomainType =

        FuzzTestWithDomain<TargetFunction, FuncType,

                           AggregateOf<std::tuple<typename T::ValueType...>, T...>>;


    template <typename... T>


    FuzzTestWithDomainType<T...> WithDomains(

        AggregateOf<std::tuple<typename T::ValueType...>, T...> domain) {

        return FuzzTestWithDomainType<T...>(*this, domain);

    }


    template <typename... T>


    FuzzTestWithDomainType<T...> WithDomains(T&&... domains) {

        return WithDomains(TupleOf(std::forward<T>(domains)...));

    }


    FuzzTest& WithSeeds(std::vector<ValueType> _seeds) {

        this->seeds.insert(this->seeds.end(), _seeds.begin(), _seeds.end());

        return *this;

    }


    // This should create default domains

    virtual void        Run(int = 1000, int = 0) {}

    virtual void        RunOneTime(const uint8_t*, size_t) {}

    virtual std::string MutateData(const uint8_t*, size_t, size_t, unsigned int) { return ""; }


    TargetFunction         func;

    TestContext*           context;

    std::vector<ValueType> seeds;

};


extern void RunFuzzTest(IFuzzTest& fuzz_test, int seed = 0, int runs = 1000, int max_len = 0,

                        int timeout = 1200, int len_control = 100);


template <typename TargetFunction, typename FuncType, typename Domain, typename Base>


struct FuzzTestWithDomain : public Base {

    FuzzTestWithDomain(const Base& ft, const Domain& domain) : Base(ft), m_domain(domain) {}


    virtual void Run(int _count = 1000, int _seed = 0) override {

        Base::count     = 1;

        Base::max_count = _count;

        m_rng           = new Rng(_seed);

        RunFuzzTest(*this, _seed, _count, 500, 1200, 1);

        delete m_rng;

        m_rng = nullptr;

    }


    typename Domain::CorpusType GetRandomCorpus() {

        Rng& rng = *this->m_rng;

        if (Base::seeds.size() > 0 && rng.bounded(2) == 0) {

            return m_domain.FromValue(Base::seeds[rng() % Base::seeds.size()]);

        }

        return m_domain.GetRandomCorpus(rng);

    }


    typename Domain::CorpusType TryParse(const std::string& input) {

        try {

            IRObject obj = IRObject::FromString(input);

            if (obj.type == IRObject::Type::Undefined) return GetRandomCorpus();

            return m_domain.ParseCorpus(obj);

        } catch (...) {

            return GetRandomCorpus();

        }

    }


    template <typename T, unsigned... I>


    void apply(T args, detail::seq<I...>) {

        this->func(std::get<I>(args)...);

    }


    virtual void RunOneTime(const uint8_t* data, size_t size) override {

        Base::count++;

        std::string                 input  = std::string((const char*)data, size);

        typename Domain::CorpusType corpus = TryParse(input);

        typename Domain::ValueType  value  = m_domain.GetValue(corpus);

        apply(value, detail::gen_seq<std::tuple_size<typename Domain::ValueType>::value>{});

    }


    virtual std::string MutateData(const uint8_t* data, size_t size, size_t max_size,

                                   unsigned int seed) override {

        Rng                         rng(seed);

        std::string                 input  = std::string((const char*)data, size);

        typename Domain::CorpusType corpus = TryParse(input);

        m_domain.Mutate(rng, corpus, false);

        IRObject mutated_obj = m_domain.SerializeCorpus(corpus);

        return IRObject::ToString(mutated_obj);

    }


    Domain m_domain;

    Rng*   m_rng;

};


template <typename T>


FuzzTest<T> FuzzFunction(T func, TestContext* context) {

    return FuzzTest<T>(func, context);

}


template <typename T>

std::vector<T> ReadCorpusFromDir(std::string dir);


}  // namespace zeroerr


ZEROERR_SUPPRESS_COMMON_WARNINGS_POP

aggregate_of.h

arbitrary.h

zeroerr::AggregateOf
AggregateOf is a domain that combines multiple inner domains into a tuple or aggregate type.
Definition aggregate_of.h:41

zeroerr::Domain
Domain class for generating random values of a specific type.
Definition domain.h:21

zeroerr::Domain::GetValue
virtual ValueType GetValue(const CorpusType &v) const =0

zeroerr::Domain::Mutate
virtual void Mutate(Rng &rng, CorpusType &v, bool only_shrink=false) const =0

zeroerr::Domain::GetRandomCorpus
virtual CorpusType GetRandomCorpus(Rng &rng) const =0

zeroerr::Domain::SerializeCorpus
virtual IRObject SerializeCorpus(const CorpusType &v) const
Definition domain.h:32

zeroerr::Domain::FromValue
virtual CorpusType FromValue(const ValueType &v) const =0

zeroerr::Domain::ParseCorpus
virtual CorpusType ParseCorpus(IRObject v) const
Definition domain.h:31

zeroerr::FuzzFinishedException
Definition fuzztest.h:101

zeroerr::FuzzFinishedException::what
virtual const char * what() const
Definition fuzztest.h:103

zeroerr::Rng
Definition rng.h:30

zeroerr::Rng::bounded
uint32_t bounded(uint32_t range) noexcept
Definition rng.h:126

zeroerr::TestContext
TestContext is a class that holds the test results and reporter context. There are 8 different matric...
Definition unittest.h:70

config.h

ZEROERR_SUPPRESS_COMMON_WARNINGS_POP
#define ZEROERR_SUPPRESS_COMMON_WARNINGS_POP
Definition config.h:265

ZEROERR_SUPPRESS_COMMON_WARNINGS_PUSH
#define ZEROERR_SUPPRESS_COMMON_WARNINGS_PUSH
Definition config.h:218

container_of.h

element_of.h

in_range.h

zeroerr::detail::FunctionDecompositionT
decltype(FunctionDecompositionImpl(std::declval< T >())) FunctionDecompositionT
Definition fuzztest.h:73

zeroerr::detail::FunctionDecompositionImpl
FunctionDecomposition< typename std::decay< Args >::type... > FunctionDecompositionImpl(void(*)(Args...))

zeroerr
Definition benchmark.cpp:17

zeroerr::RunFuzzTest
void RunFuzzTest(IFuzzTest &fuzz_test, int seed, int runs, int max_len, int timeout, int len_control)
Definition fuzztest.cpp:32

zeroerr::TupleOf
AggregateOf< std::tuple< typename Inner::ValueType... >, Inner... > TupleOf(Inner &&... inner)
Definition aggregate_of.h:107

zeroerr::fuzz_test
@ fuzz_test
Definition unittest.h:267

zeroerr::timeout
Decorator * timeout(float timeout)
Definition unittest.cpp:850

zeroerr::ReadCorpusFromDir
std::vector< T > ReadCorpusFromDir(std::string dir)

zeroerr::FuzzFunction
FuzzTest< T > FuzzFunction(T func, TestContext *context)
Definition fuzztest.h:224

rng.h

zeroerr::FuzzTestWithDomain
FuzzTestWithDomain implements the Base class with the domain passed into.
Definition fuzztest.h:165

zeroerr::FuzzTestWithDomain::m_domain
Domain m_domain
Definition fuzztest.h:218

zeroerr::FuzzTestWithDomain::FuzzTestWithDomain
FuzzTestWithDomain(const Base &ft, const Domain &domain)
Definition fuzztest.h:166

zeroerr::FuzzTestWithDomain::GetRandomCorpus
Domain::CorpusType GetRandomCorpus()
Definition fuzztest.h:177

zeroerr::FuzzTestWithDomain::RunOneTime
virtual void RunOneTime(const uint8_t *data, size_t size) override
Definition fuzztest.h:200

zeroerr::FuzzTestWithDomain::apply
void apply(T args, detail::seq< I... >)
Definition fuzztest.h:196

zeroerr::FuzzTestWithDomain::MutateData
virtual std::string MutateData(const uint8_t *data, size_t size, size_t max_size, unsigned int seed) override
Definition fuzztest.h:208

zeroerr::FuzzTestWithDomain::m_rng
Rng * m_rng
Definition fuzztest.h:219

zeroerr::FuzzTestWithDomain::Run
virtual void Run(int _count=1000, int _seed=0) override
Definition fuzztest.h:168

zeroerr::FuzzTestWithDomain::TryParse
Domain::CorpusType TryParse(const std::string &input)
Definition fuzztest.h:185

zeroerr::FuzzTest
FuzzTest is a template class to create a fuzz test for the target function.
Definition fuzztest.h:108

zeroerr::FuzzTest::func
TargetFunction func
Definition fuzztest.h:148

zeroerr::FuzzTest::FuzzTest
FuzzTest(TargetFunction func, TestContext *context)
Definition fuzztest.h:110

zeroerr::FuzzTest::seeds
std::vector< ValueType > seeds
Definition fuzztest.h:150

zeroerr::FuzzTest::context
TestContext * context
Definition fuzztest.h:149

zeroerr::FuzzTest::WithDomains
FuzzTestWithDomainType< T... > WithDomains(T &&... domains)
Definition fuzztest.h:134

zeroerr::FuzzTest::Run
virtual void Run(int=1000, int=0)
Definition fuzztest.h:144

zeroerr::FuzzTest::RunOneTime
virtual void RunOneTime(const uint8_t *, size_t)
Definition fuzztest.h:145

zeroerr::FuzzTest::ValueType
typename FuncType::ValueType ValueType
Definition fuzztest.h:109

zeroerr::FuzzTest::WithSeeds
FuzzTest & WithSeeds(std::vector< ValueType > _seeds)
Definition fuzztest.h:138

zeroerr::FuzzTest::FuzzTest
FuzzTest(const FuzzTest &other)
Definition fuzztest.h:111

zeroerr::FuzzTest::MutateData
virtual std::string MutateData(const uint8_t *, size_t, size_t, unsigned int)
Definition fuzztest.h:146

zeroerr::FuzzTest::WithDomains
FuzzTestWithDomainType< T... > WithDomains(AggregateOf< std::tuple< typename T::ValueType... >, T... > domain)
Definition fuzztest.h:123

zeroerr::IFuzzTest
Definition fuzztest.h:91

zeroerr::IFuzzTest::RunOneTime
virtual void RunOneTime(const uint8_t *data, size_t size)=0

zeroerr::IFuzzTest::MutateData
virtual std::string MutateData(const uint8_t *data, size_t size, size_t max_size, unsigned int seed)=0

zeroerr::IFuzzTest::Run
virtual void Run(int count=1000, int seed=0)=0

zeroerr::IFuzzTest::should_stop
bool should_stop()
Definition fuzztest.h:98

zeroerr::IFuzzTest::max_count
int max_count
Definition fuzztest.h:97

zeroerr::IFuzzTest::count
int count
Definition fuzztest.h:97

zeroerr::IRObject
Interface for serializable objects.
Definition serialization.h:43

zeroerr::IRObject::ToString
static std::string ToString(IRObject obj)
Definition serialization.cpp:133

zeroerr::IRObject::FromString
static IRObject FromString(std::string str)
Definition serialization.cpp:139

zeroerr::IRObject::Undefined
@ Undefined
Definition serialization.h:58

zeroerr::IRObject::type
unsigned type
Definition serialization.h:68

zeroerr::detail::FunctionDecomposition
FunctionDecomposition is a meta function to decompose the function type. The ValueType and numOfArgs ...
Definition fuzztest.h:44

zeroerr::detail::FunctionDecomposition::ValueType
std::tuple< Args... > ValueType
Definition fuzztest.h:46

zeroerr::detail::FunctionDecomposition::numOfArgs
static constexpr size_t numOfArgs
Definition fuzztest.h:45

zeroerr::detail::gen_seq
Definition typetraits.h:77

zeroerr::detail::memfun_type
Definition fuzztest.h:59

zeroerr::detail::memfun_type::type
void type
Definition fuzztest.h:60

zeroerr::detail::seq
Definition typetraits.h:74

unittest.h