tools/ipc_fuzzer/fuzzer/generator.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <string>
   6
   7 #include "base/basictypes.h"
   8 #include "base/strings/string_util.h"
   9 #include "tools/ipc_fuzzer/fuzzer/generator.h"
  10 #include "tools/ipc_fuzzer/fuzzer/rand_util.h"
  11
  12 namespace ipc_fuzzer {
  13
  14 template <typename T>
  15 void GenerateIntegralType(T* value) {
  16   switch (RandInRange(16)) {
  17     case 0:
  18       *value = static_cast<T>(0);
  19       break;
  20     case 1:
  21       *value = static_cast<T>(1);
  22       break;
  23     case 2:
  24       *value = static_cast<T>(-1);
  25       break;
  26     case 3:
  27       *value = static_cast<T>(2);
  28       break;
  29     default:
  30       *value = static_cast<T>(RandU64());
  31       break;
  32   }
  33 }
  34
  35 template <typename T>
  36 void GenerateFloatingType(T* value) {
  37   *value = RandDouble();
  38 }
  39
  40 template <typename T>
  41 void GenerateStringType(T* value) {
  42   T temp_string;
  43   size_t length = RandInRange(300);
  44   for (size_t i = 0; i < length; ++i)
  45     temp_string += RandInRange(256);
  46   *value = temp_string;
  47 }
  48
  49 void Generator::FuzzBool(bool* value) {
  50   *value = RandInRange(2) ? true: false;
  51 }
  52
  53 void Generator::FuzzInt(int* value) {
  54   GenerateIntegralType<int>(value);
  55 }
  56
  57 void Generator::FuzzLong(long* value) {
  58   GenerateIntegralType<long>(value);
  59 }
  60
  61 void Generator::FuzzSize(size_t* value) {
  62   GenerateIntegralType<size_t>(value);
  63 }
  64
  65 void Generator::FuzzUChar(unsigned char* value) {
  66   GenerateIntegralType<unsigned char>(value);
  67 }
  68
  69 void Generator::FuzzWChar(wchar_t* value) {
  70   GenerateIntegralType<wchar_t>(value);
  71 }
  72
  73 void Generator::FuzzUInt16(uint16* value) {
  74   GenerateIntegralType<uint16>(value);
  75 }
  76
  77 void Generator::FuzzUInt32(uint32* value) {
  78   GenerateIntegralType<uint32>(value);
  79 }
  80
  81 void Generator::FuzzInt64(int64* value) {
  82   GenerateIntegralType<int64>(value);
  83 }
  84
  85 void Generator::FuzzUInt64(uint64* value) {
  86   GenerateIntegralType<uint64>(value);
  87 }
  88
  89 void Generator::FuzzFloat(float* value) {
  90   GenerateFloatingType<float>(value);
  91 }
  92
  93 void Generator::FuzzDouble(double* value) {
  94   GenerateFloatingType<double>(value);
  95 }
  96
  97 void Generator::FuzzString(std::string* value) {
  98   GenerateStringType<std::string>(value);
  99 }
 100
 101 void Generator::FuzzString16(base::string16* value) {
 102   GenerateStringType<base::string16>(value);
 103 }
 104
 105 void Generator::FuzzData(char* data, int length) {
 106   for (int i = 0; i < length; ++i) {
 107     GenerateIntegralType<char>(&data[i]);
 108   }
 109 }
 110
 111 void Generator::FuzzBytes(void* data, int data_len) {
 112   FuzzData(static_cast<char*>(data), data_len);
 113 }
 114
 115 bool Generator::ShouldGenerate() {
 116   // The generator fuzzer should always generate new values.
 117   return true;
 118 }
 119
 120 }  // namespace ipc_fuzzer