tools/ipc_fuzzer/fuzzer/mutator.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <algorithm>
   6 #include <string>
   7
   8 #include "base/basictypes.h"
   9 #include "base/strings/string_util.h"
  10 #include "base/strings/utf_string_conversions.h"
  11 #include "tools/ipc_fuzzer/fuzzer/mutator.h"
  12 #include "tools/ipc_fuzzer/fuzzer/rand_util.h"
  13
  14 namespace ipc_fuzzer {
  15
  16 template <typename T>
  17 void FuzzIntegralType(T* value, unsigned int frequency) {
  18   if (RandEvent(frequency)) {
  19     switch (RandInRange(4)) {
  20       case 0: (*value) = 0; break;
  21       case 1: (*value)--; break;
  22       case 2: (*value)++; break;
  23       case 3: (*value) = RandU64(); break;
  24     }
  25   }
  26 }
  27
  28 template <typename T>
  29 void FuzzStringType(T* value, unsigned int frequency,
  30                     const T& literal1, const T& literal2) {
  31   if (RandEvent(frequency)) {
  32     switch (RandInRange(5)) {
  33       case 4: (*value) = (*value) + (*value);   // FALLTHROUGH
  34       case 3: (*value) = (*value) + (*value);   // FALLTHROUGH
  35       case 2: (*value) = (*value) + (*value); break;
  36       case 1: (*value) += literal1; break;
  37       case 0: (*value) = literal2; break;
  38     }
  39   }
  40 }
  41
  42 void Mutator::FuzzBool(bool* value) {
  43   if (RandEvent(frequency_))
  44     (*value) = !(*value);
  45 }
  46
  47 void Mutator::FuzzInt(int* value) {
  48   FuzzIntegralType<int>(value, frequency_);
  49 }
  50
  51 void Mutator::FuzzLong(long* value) {
  52   FuzzIntegralType<long>(value, frequency_);
  53 }
  54
  55 void Mutator::FuzzSize(size_t* value) {
  56   FuzzIntegralType<size_t>(value, frequency_);
  57 }
  58
  59 void Mutator::FuzzUChar(unsigned char* value) {
  60   FuzzIntegralType<unsigned char>(value, frequency_);
  61 }
  62
  63 void Mutator::FuzzWChar(wchar_t* value) {
  64   FuzzIntegralType<wchar_t>(value, frequency_);
  65 }
  66
  67 void Mutator::FuzzUInt16(uint16* value) {
  68   FuzzIntegralType<uint16>(value, frequency_);
  69 }
  70
  71 void Mutator::FuzzUInt32(uint32* value) {
  72   FuzzIntegralType<uint32>(value, frequency_);
  73 }
  74
  75 void Mutator::FuzzInt64(int64* value) {
  76   FuzzIntegralType<int64>(value, frequency_);
  77 }
  78
  79 void Mutator::FuzzUInt64(uint64* value) {
  80   FuzzIntegralType<uint64>(value, frequency_);
  81 }
  82
  83 void Mutator::FuzzFloat(float* value) {
  84   if (RandEvent(frequency_))
  85     *value = RandDouble();
  86 }
  87
  88 void Mutator::FuzzDouble(double* value) {
  89   if (RandEvent(frequency_))
  90     *value = RandDouble();
  91 }
  92
  93 void Mutator:: FuzzString(std::string* value) {
  94   FuzzStringType<std::string>(value, frequency_, "BORKED", std::string());
  95 }
  96
  97 void Mutator::FuzzString16(base::string16* value) {
  98   FuzzStringType<base::string16>(value, frequency_,
  99                                  base::WideToUTF16(L"BORKED"),
 100                                  base::WideToUTF16(L""));
 101 }
 102
 103 void Mutator::FuzzData(char* data, int length) {
 104   if (RandEvent(frequency_)) {
 105     for (int i = 0; i < length; ++i) {
 106       FuzzIntegralType<char>(&data[i], frequency_);
 107     }
 108   }
 109 }
 110
 111 void Mutator::FuzzBytes(void* data, int data_len) {
 112   FuzzData(static_cast<char*>(data), data_len);
 113 }
 114
 115 bool Mutator::ShouldGenerate() {
 116   // TODO(mbarbella): With a low probability, allow something to be fully
 117   // rewritten while mutating instead of always changing the existing value.
 118   return false;
 119 }
 120
 121 }  // namespace ipc_fuzzer