Port Android relocation packer to chromium build
[chromium-blink-merge.git] / tools / ipc_fuzzer / fuzzer / fuzzer.h
blob047b47b7820e710af884efc2ca7497e0ac10cba0
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef TOOLS_IPC_FUZZER_MUTATE_FUZZER_H_
6 #define TOOLS_IPC_FUZZER_MUTATE_FUZZER_H_
8 #include <string>
9 #include <vector>
11 #include "base/basictypes.h"
12 #include "base/strings/string_util.h"
13 #include "ipc/ipc_message.h"
15 namespace ipc_fuzzer {
17 // Interface implemented by those who generate basic types. The types all
18 // correspond to the types which a pickle from base/pickle.h can pickle,
19 // plus the floating point types.
20 class Fuzzer {
21 public:
22 // Functions for various data types.
23 virtual void FuzzBool(bool* value) = 0;
24 virtual void FuzzInt(int* value) = 0;
25 virtual void FuzzLong(long* value) = 0;
26 virtual void FuzzSize(size_t* value) = 0;
27 virtual void FuzzUChar(unsigned char* value) = 0;
28 virtual void FuzzWChar(wchar_t* value) = 0;
29 virtual void FuzzUInt16(uint16* value) = 0;
30 virtual void FuzzUInt32(uint32* value) = 0;
31 virtual void FuzzInt64(int64* value) = 0;
32 virtual void FuzzUInt64(uint64* value) = 0;
33 virtual void FuzzFloat(float* value) = 0;
34 virtual void FuzzDouble(double *value) = 0;
35 virtual void FuzzString(std::string* value) = 0;
36 virtual void FuzzString16(base::string16* value) = 0;
37 virtual void FuzzData(char* data, int length) = 0;
38 virtual void FuzzBytes(void* data, int data_len) = 0;
40 // Used to determine if a completely new value should be generated for
41 // certain types instead of attempting to modify the existing one.
42 virtual bool ShouldGenerate();
45 class NoOpFuzzer : public Fuzzer {
46 public:
47 NoOpFuzzer() {}
48 virtual ~NoOpFuzzer() {}
50 void FuzzBool(bool* value) override {}
51 void FuzzInt(int* value) override {}
52 void FuzzLong(long* value) override {}
53 void FuzzSize(size_t* value) override {}
54 void FuzzUChar(unsigned char* value) override {}
55 void FuzzWChar(wchar_t* value) override {}
56 void FuzzUInt16(uint16* value) override {}
57 void FuzzUInt32(uint32* value) override {}
58 void FuzzInt64(int64* value) override {}
59 void FuzzUInt64(uint64* value) override {}
60 void FuzzFloat(float* value) override {}
61 void FuzzDouble(double* value) override {}
62 void FuzzString(std::string* value) override {}
63 void FuzzString16(base::string16* value) override {}
64 void FuzzData(char* data, int length) override {}
65 void FuzzBytes(void* data, int data_len) override {}
68 typedef IPC::Message* (*FuzzerFunction)(IPC::Message*, Fuzzer*);
70 // Used for mutating messages. Once populated, the map associates a message ID
71 // with a FuzzerFunction used for mutation of that message type.
72 typedef base::hash_map<uint32, FuzzerFunction> FuzzerFunctionMap;
73 void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map);
75 // Used for generating new messages. Once populated, the vector contains
76 // FuzzerFunctions for all message types that we know how to generate.
77 typedef std::vector<FuzzerFunction> FuzzerFunctionVector;
78 void PopulateFuzzerFunctionVector(FuzzerFunctionVector* function_vector);
80 // Since IPC::Message can be serialized, we also track a global function vector
81 // to handle generation of new messages while fuzzing.
82 extern FuzzerFunctionVector g_function_vector;
84 } // namespace ipc_fuzzer
86 #endif // TOOLS_IPC_FUZZER_MUTATE_FUZZER_H_