search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cygprofile: increase timeouts to allow showing web contents
[chromium-blink-merge.git] / tools / ipc_fuzzer / fuzzer / fuzzer.cc
blob6f490669bc9e8898e68123d94e147ae5bb038088
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <iostream>
6 #include <set>
7 #include <string>
8 #include <utility>
9 #include <vector>
10
11 #include "base/strings/string_util.h"
12 #include "ipc/ipc_message.h"
13 #include "ipc/ipc_message_utils.h"
14 #include "ipc/ipc_switches.h"
15 #include "ipc/ipc_sync_channel.h"
16 #include "ipc/ipc_sync_message.h"
17 #include "tools/ipc_fuzzer/fuzzer/fuzzer.h"
18 #include "tools/ipc_fuzzer/fuzzer/rand_util.h"
19 #include "tools/ipc_fuzzer/message_lib/message_cracker.h"
20 #include "tools/ipc_fuzzer/message_lib/message_file.h"
21
22 #if defined(OS_POSIX)
23 #include <unistd.h>
24 #endif
25
26 // First include of all message files to provide basic types.
27 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
28 #include "tools/ipc_fuzzer/message_lib/all_message_null_macros.h"
29
30 #if defined(COMPILER_GCC)
31 #define PRETTY_FUNCTION __PRETTY_FUNCTION__
32 #elif defined(COMPILER_MSVC)
33 #define PRETTY_FUNCTION __FUNCSIG__
34 #else
35 #define PRETTY_FUNCTION __FUNCTION__
36 #endif
37
38 namespace IPC {
39 class Message;
40 } // namespace IPC
41
42 namespace {
43 // For breaking deep recursion.
44 int g_depth = 0;
45 } // namespace
46
47 namespace ipc_fuzzer {
48
49 FuzzerFunctionVector g_function_vector;
50
51 bool Fuzzer::ShouldGenerate() {
52 return false;
53 }
54
55 // Partially-specialized class that knows how to handle a given type.
56 template <class P>
57 struct FuzzTraits {
58 static bool Fuzz(P* p, Fuzzer *fuzzer) {
59 // This is the catch-all for types we don't have enough information
60 // to generate.
61 std::cerr << "Can't handle " << PRETTY_FUNCTION << "\n";
62 return false;
63 }
64 };
65
66 // Template function to invoke partially-specialized class method.
67 template <class P>
68 static bool FuzzParam(P* p, Fuzzer* fuzzer) {
69 return FuzzTraits<P>::Fuzz(p, fuzzer);
70 }
71
72 template <class P>
73 static bool FuzzParamArray(P* p, size_t length, Fuzzer* fuzzer) {
74 for (size_t i = 0; i < length; i++, p++) {
75 if (!FuzzTraits<P>::Fuzz(p, fuzzer))
76 return false;
77 }
78 return true;
79 }
80
81 // Specializations to generate primitive types.
82 template <>
83 struct FuzzTraits<bool> {
84 static bool Fuzz(bool* p, Fuzzer* fuzzer) {
85 fuzzer->FuzzBool(p);
86 return true;
87 }
88 };
89
90 template <>
91 struct FuzzTraits<int> {
92 static bool Fuzz(int* p, Fuzzer* fuzzer) {
93 fuzzer->FuzzInt(p);
94 return true;
95 }
96 };
97
98 template <>
99 struct FuzzTraits<unsigned int> {
100 static bool Fuzz(unsigned int* p, Fuzzer* fuzzer) {
101 fuzzer->FuzzInt(reinterpret_cast<int*>(p));
102 return true;
103 }
104 };
105
106 template <>
107 struct FuzzTraits<long> {
108 static bool Fuzz(long* p, Fuzzer* fuzzer) {
109 fuzzer->FuzzLong(p);
110 return true;
111 }
112 };
113
114 template <>
115 struct FuzzTraits<unsigned long> {
116 static bool Fuzz(unsigned long* p, Fuzzer* fuzzer) {
117 fuzzer->FuzzLong(reinterpret_cast<long*>(p));
118 return true;
119 }
120 };
121
122 template <>
123 struct FuzzTraits<long long> {
124 static bool Fuzz(long long* p, Fuzzer* fuzzer) {
125 fuzzer->FuzzInt64(reinterpret_cast<int64*>(p));
126 return true;
127 }
128 };
129
130 template <>
131 struct FuzzTraits<unsigned long long> {
132 static bool Fuzz(unsigned long long* p, Fuzzer* fuzzer) {
133 fuzzer->FuzzInt64(reinterpret_cast<int64*>(p));
134 return true;
135 }
136 };
137
138 template <>
139 struct FuzzTraits<short> {
140 static bool Fuzz(short* p, Fuzzer* fuzzer) {
141 fuzzer->FuzzUInt16(reinterpret_cast<uint16*>(p));
142 return true;
143 }
144 };
145
146 template <>
147 struct FuzzTraits<unsigned short> {
148 static bool Fuzz(unsigned short* p, Fuzzer* fuzzer) {
149 fuzzer->FuzzUInt16(reinterpret_cast<uint16*>(p));
150 return true;
151 }
152 };
153
154 template <>
155 struct FuzzTraits<char> {
156 static bool Fuzz(char* p, Fuzzer* fuzzer) {
157 fuzzer->FuzzUChar(reinterpret_cast<unsigned char*>(p));
158 return true;
159 }
160 };
161
162 template <>
163 struct FuzzTraits<unsigned char> {
164 static bool Fuzz(unsigned char* p, Fuzzer* fuzzer) {
165 fuzzer->FuzzUChar(p);
166 return true;
167 }
168 };
169
170 template <>
171 struct FuzzTraits<wchar_t> {
172 static bool Fuzz(wchar_t* p, Fuzzer* fuzzer) {
173 fuzzer->FuzzWChar(p);
174 return true;
175 }
176 };
177
178 template <>
179 struct FuzzTraits<float> {
180 static bool Fuzz(float* p, Fuzzer* fuzzer) {
181 fuzzer->FuzzFloat(p);
182 return true;
183 }
184 };
185
186 template <>
187 struct FuzzTraits<double> {
188 static bool Fuzz(double* p, Fuzzer* fuzzer) {
189 fuzzer->FuzzDouble(p);
190 return true;
191 }
192 };
193
194 template <>
195 struct FuzzTraits<std::string> {
196 static bool Fuzz(std::string* p, Fuzzer* fuzzer) {
197 fuzzer->FuzzString(p);
198 return true;
199 }
200 };
201
202 template <>
203 struct FuzzTraits<base::string16> {
204 static bool Fuzz(base::string16* p, Fuzzer* fuzzer) {
205 fuzzer->FuzzString16(p);
206 return true;
207 }
208 };
209
210 // Specializations for tuples.
211 template <>
212 struct FuzzTraits<base::Tuple<>> {
213 static bool Fuzz(base::Tuple<>* p, Fuzzer* fuzzer) {
214 return true;
215 }
216 };
217
218 template <class A>
219 struct FuzzTraits<base::Tuple<A>> {
220 static bool Fuzz(base::Tuple<A>* p, Fuzzer* fuzzer) {
221 return FuzzParam(&base::get<0>(*p), fuzzer);
222 }
223 };
224
225 template <class A, class B>
226 struct FuzzTraits<base::Tuple<A, B>> {
227 static bool Fuzz(base::Tuple<A, B>* p, Fuzzer* fuzzer) {
228 return
229 FuzzParam(&base::get<0>(*p), fuzzer) &&
230 FuzzParam(&base::get<1>(*p), fuzzer);
231 }
232 };
233
234 template <class A, class B, class C>
235 struct FuzzTraits<base::Tuple<A, B, C>> {
236 static bool Fuzz(base::Tuple<A, B, C>* p, Fuzzer* fuzzer) {
237 return
238 FuzzParam(&base::get<0>(*p), fuzzer) &&
239 FuzzParam(&base::get<1>(*p), fuzzer) &&
240 FuzzParam(&base::get<2>(*p), fuzzer);
241 }
242 };
243
244 template <class A, class B, class C, class D>
245 struct FuzzTraits<base::Tuple<A, B, C, D>> {
246 static bool Fuzz(base::Tuple<A, B, C, D>* p, Fuzzer* fuzzer) {
247 return
248 FuzzParam(&base::get<0>(*p), fuzzer) &&
249 FuzzParam(&base::get<1>(*p), fuzzer) &&
250 FuzzParam(&base::get<2>(*p), fuzzer) &&
251 FuzzParam(&base::get<3>(*p), fuzzer);
252 }
253 };
254
255 template <class A, class B, class C, class D, class E>
256 struct FuzzTraits<base::Tuple<A, B, C, D, E>> {
257 static bool Fuzz(base::Tuple<A, B, C, D, E>* p, Fuzzer* fuzzer) {
258 return
259 FuzzParam(&base::get<0>(*p), fuzzer) &&
260 FuzzParam(&base::get<1>(*p), fuzzer) &&
261 FuzzParam(&base::get<2>(*p), fuzzer) &&
262 FuzzParam(&base::get<3>(*p), fuzzer) &&
263 FuzzParam(&base::get<4>(*p), fuzzer);
264 }
265 };
266
267 // Specializations for containers.
268 template <class A>
269 struct FuzzTraits<std::vector<A> > {
270 static bool Fuzz(std::vector<A>* p, Fuzzer* fuzzer) {
271 ++g_depth;
272 size_t count = p->size();
273 if (fuzzer->ShouldGenerate()) {
274 count = g_depth > 3 ? 0 : RandElementCount();
275 p->resize(count);
276 }
277 for (size_t i = 0; i < count; ++i) {
278 if (!FuzzParam(&p->at(i), fuzzer)) {
279 --g_depth;
280 return false;
281 }
282 }
283 --g_depth;
284 return true;
285 }
286 };
287
288 template <class A>
289 struct FuzzTraits<std::set<A> > {
290 static bool Fuzz(std::set<A>* p, Fuzzer* fuzzer) {
291 if (!fuzzer->ShouldGenerate()) {
292 std::set<A> result;
293 typename std::set<A>::iterator it;
294 for (it = p->begin(); it != p->end(); ++it) {
295 A item = *it;
296 if (!FuzzParam(&item, fuzzer))
297 return false;
298 result.insert(item);
299 }
300 *p = result;
301 return true;
302 }
303
304 static int g_depth = 0;
305 size_t count = ++g_depth > 3 ? 0 : RandElementCount();
306 A a;
307 for (size_t i = 0; i < count; ++i) {
308 if (!FuzzParam(&a, fuzzer)) {
309 --g_depth;
310 return false;
311 }
312 p->insert(a);
313 }
314 --g_depth;
315 return true;
316 }
317 };
318
319 template <class A, class B>
320 struct FuzzTraits<std::map<A, B> > {
321 static bool Fuzz(std::map<A, B>* p, Fuzzer* fuzzer) {
322 if (!fuzzer->ShouldGenerate()) {
323 typename std::map<A, B>::iterator it;
324 for (it = p->begin(); it != p->end(); ++it) {
325 if (!FuzzParam(&it->second, fuzzer))
326 return false;
327 }
328 return true;
329 }
330
331 static int g_depth = 0;
332 size_t count = ++g_depth > 3 ? 0 : RandElementCount();
333 std::pair<A, B> place_holder;
334 for (size_t i = 0; i < count; ++i) {
335 if (!FuzzParam(&place_holder, fuzzer)) {
336 --g_depth;
337 return false;
338 }
339 p->insert(place_holder);
340 }
341 --g_depth;
342 return true;
343 }
344 };
345
346 template <class A, class B, class C, class D>
347 struct FuzzTraits<std::map<A, B, C, D>> {
348 static bool Fuzz(std::map<A, B, C, D>* p, Fuzzer* fuzzer) {
349 if (!fuzzer->ShouldGenerate()) {
350 typename std::map<A, B, C, D>::iterator it;
351 for (it = p->begin(); it != p->end(); ++it) {
352 if (!FuzzParam(&it->second, fuzzer))
353 return false;
354 }
355 return true;
356 }
357
358 static int g_depth = 0;
359 size_t count = ++g_depth > 3 ? 0 : RandElementCount();
360 std::pair<A, B> place_holder;
361 for (size_t i = 0; i < count; ++i) {
362 if (!FuzzParam(&place_holder, fuzzer)) {
363 --g_depth;
364 return false;
365 }
366 p->insert(place_holder);
367 }
368 --g_depth;
369 return true;
370 }
371 };
372
373 template <class A, class B>
374 struct FuzzTraits<std::pair<A, B> > {
375 static bool Fuzz(std::pair<A, B>* p, Fuzzer* fuzzer) {
376 return
377 FuzzParam(&p->first, fuzzer) &&
378 FuzzParam(&p->second, fuzzer);
379 }
380 };
381
382 // Specializations for hand-coded types.
383
384 template <>
385 struct FuzzTraits<base::FilePath> {
386 static bool Fuzz(base::FilePath* p, Fuzzer* fuzzer) {
387 if (!fuzzer->ShouldGenerate()) {
388 base::FilePath::StringType path = p->value();
389 if(!FuzzParam(&path, fuzzer))
390 return false;
391 *p = base::FilePath(path);
392 return true;
393 }
394
395 const char path_chars[] = "ACz0/.~:";
396 size_t count = RandInRange(60);
397 base::FilePath::StringType random_path;
398 for (size_t i = 0; i < count; ++i)
399 random_path += path_chars[RandInRange(sizeof(path_chars) - 1)];
400 *p = base::FilePath(random_path);
401 return true;
402 }
403 };
404
405 template <>
406 struct FuzzTraits<base::File::Error> {
407 static bool Fuzz(base::File::Error* p, Fuzzer* fuzzer) {
408 int value = static_cast<int>(*p);
409 if (!FuzzParam(&value, fuzzer))
410 return false;
411 *p = static_cast<base::File::Error>(value);
412 return true;
413 }
414 };
415
416 template <>
417 struct FuzzTraits<base::File::Info> {
418 static bool Fuzz(base::File::Info* p, Fuzzer* fuzzer) {
419 double last_modified = p->last_modified.ToDoubleT();
420 double last_accessed = p->last_accessed.ToDoubleT();
421 double creation_time = p->creation_time.ToDoubleT();
422 if (!FuzzParam(&p->size, fuzzer))
423 return false;
424 if (!FuzzParam(&p->is_directory, fuzzer))
425 return false;
426 if (!FuzzParam(&last_modified, fuzzer))
427 return false;
428 if (!FuzzParam(&last_accessed, fuzzer))
429 return false;
430 if (!FuzzParam(&creation_time, fuzzer))
431 return false;
432 p->last_modified = base::Time::FromDoubleT(last_modified);
433 p->last_accessed = base::Time::FromDoubleT(last_accessed);
434 p->creation_time = base::Time::FromDoubleT(creation_time);
435 return true;
436 }
437 };
438
439 template <>
440 struct FuzzTraits<base::NullableString16> {
441 static bool Fuzz(base::NullableString16* p, Fuzzer* fuzzer) {
442 base::string16 string = p->string();
443 bool is_null = p->is_null();
444 if (!FuzzParam(&string, fuzzer))
445 return false;
446 if (!FuzzParam(&is_null, fuzzer))
447 return false;
448 *p = base::NullableString16(string, is_null);
449 return true;
450 }
451 };
452
453 template <>
454 struct FuzzTraits<base::Time> {
455 static bool Fuzz(base::Time* p, Fuzzer* fuzzer) {
456 int64 internal_value = p->ToInternalValue();
457 if (!FuzzParam(&internal_value, fuzzer))
458 return false;
459 *p = base::Time::FromInternalValue(internal_value);
460 return true;
461 }
462 };
463
464 template <>
465 struct FuzzTraits<base::TimeDelta> {
466 static bool Fuzz(base::TimeDelta* p, Fuzzer* fuzzer) {
467 int64 internal_value = p->ToInternalValue();
468 if (!FuzzParam(&internal_value, fuzzer))
469 return false;
470 *p = base::TimeDelta::FromInternalValue(internal_value);
471 return true;
472 }
473 };
474
475 template <>
476 struct FuzzTraits<base::TimeTicks> {
477 static bool Fuzz(base::TimeTicks* p, Fuzzer* fuzzer) {
478 int64 internal_value = p->ToInternalValue();
479 if (!FuzzParam(&internal_value, fuzzer))
480 return false;
481 *p = base::TimeTicks::FromInternalValue(internal_value);
482 return true;
483 }
484 };
485
486 template <>
487 struct FuzzTraits<base::ListValue> {
488 static bool Fuzz(base::ListValue* p, Fuzzer* fuzzer) {
489 // TODO(mbarbella): Support mutation.
490 if (!fuzzer->ShouldGenerate())
491 return true;
492
493 ++g_depth;
494 size_t list_length = p->GetSize();
495 if (fuzzer->ShouldGenerate())
496 list_length = g_depth > 3 ? 0 : RandInRange(8);
497 for (size_t index = 0; index < list_length; ++index) {
498 switch (RandInRange(8)) {
499 case base::Value::TYPE_BOOLEAN: {
500 bool tmp;
501 p->GetBoolean(index, &tmp);
502 fuzzer->FuzzBool(&tmp);
503 p->Set(index, new base::FundamentalValue(tmp));
504 break;
505 }
506 case base::Value::TYPE_INTEGER: {
507 int tmp;
508 p->GetInteger(index, &tmp);
509 fuzzer->FuzzInt(&tmp);
510 p->Set(index, new base::FundamentalValue(tmp));
511 break;
512 }
513 case base::Value::TYPE_DOUBLE: {
514 double tmp;
515 p->GetDouble(index, &tmp);
516 fuzzer->FuzzDouble(&tmp);
517 p->Set(index, new base::FundamentalValue(tmp));
518 break;
519 }
520 case base::Value::TYPE_STRING: {
521 std::string tmp;
522 p->GetString(index, &tmp);
523 fuzzer->FuzzString(&tmp);
524 p->Set(index, new base::StringValue(tmp));
525 break;
526 }
527 case base::Value::TYPE_BINARY: {
528 char tmp[200];
529 size_t bin_length = RandInRange(sizeof(tmp));
530 fuzzer->FuzzData(tmp, bin_length);
531 p->Set(index,
532 base::BinaryValue::CreateWithCopiedBuffer(tmp, bin_length));
533 break;
534 }
535 case base::Value::TYPE_DICTIONARY: {
536 base::DictionaryValue* tmp = new base::DictionaryValue();
537 p->GetDictionary(index, &tmp);
538 FuzzParam(tmp, fuzzer);
539 p->Set(index, tmp);
540 break;
541 }
542 case base::Value::TYPE_LIST: {
543 base::ListValue* tmp = new base::ListValue();
544 p->GetList(index, &tmp);
545 FuzzParam(tmp, fuzzer);
546 p->Set(index, tmp);
547 break;
548 }
549 case base::Value::TYPE_NULL:
550 default:
551 break;
552 }
553 }
554 --g_depth;
555 return true;
556 }
557 };
558
559 template <>
560 struct FuzzTraits<base::DictionaryValue> {
561 static bool Fuzz(base::DictionaryValue* p, Fuzzer* fuzzer) {
562 // TODO(mbarbella): Support mutation.
563 if (!fuzzer->ShouldGenerate())
564 return true;
565
566 ++g_depth;
567 size_t dict_length = g_depth > 3 ? 0 : RandInRange(8);
568 for (size_t index = 0; index < dict_length; ++index) {
569 std::string property;
570 fuzzer->FuzzString(&property);
571 switch (RandInRange(8)) {
572 case base::Value::TYPE_BOOLEAN: {
573 bool tmp;
574 fuzzer->FuzzBool(&tmp);
575 p->SetWithoutPathExpansion(property, new base::FundamentalValue(tmp));
576 break;
577 }
578 case base::Value::TYPE_INTEGER: {
579 int tmp;
580 fuzzer->FuzzInt(&tmp);
581 p->SetWithoutPathExpansion(property, new base::FundamentalValue(tmp));
582 break;
583 }
584 case base::Value::TYPE_DOUBLE: {
585 double tmp;
586 fuzzer->FuzzDouble(&tmp);
587 p->SetWithoutPathExpansion(property, new base::FundamentalValue(tmp));
588 break;
589 }
590 case base::Value::TYPE_STRING: {
591 std::string tmp;
592 fuzzer->FuzzString(&tmp);
593 p->SetWithoutPathExpansion(property, new base::StringValue(tmp));
594 break;
595 }
596 case base::Value::TYPE_BINARY: {
597 char tmp[200];
598 size_t bin_length = RandInRange(sizeof(tmp));
599 fuzzer->FuzzData(tmp, bin_length);
600 p->SetWithoutPathExpansion(
601 property,
602 base::BinaryValue::CreateWithCopiedBuffer(tmp, bin_length));
603 break;
604 }
605 case base::Value::TYPE_DICTIONARY: {
606 base::DictionaryValue* tmp = new base::DictionaryValue();
607 FuzzParam(tmp, fuzzer);
608 p->SetWithoutPathExpansion(property, tmp);
609 break;
610 }
611 case base::Value::TYPE_LIST: {
612 base::ListValue* tmp = new base::ListValue();
613 FuzzParam(tmp, fuzzer);
614 p->SetWithoutPathExpansion(property, tmp);
615 break;
616 }
617 case base::Value::TYPE_NULL:
618 default:
619 break;
620 }
621 }
622 --g_depth;
623 return true;
624 }
625 };
626
627 template <>
628 struct FuzzTraits<blink::WebGamepad> {
629 static bool Fuzz(blink::WebGamepad* p, Fuzzer* fuzzer) {
630 if (!FuzzParam(&p->connected, fuzzer))
631 return false;
632 if (!FuzzParam(&p->timestamp, fuzzer))
633 return false;
634 unsigned idLength = static_cast<unsigned>(
635 RandInRange(blink::WebGamepad::idLengthCap + 1));
636 if (!FuzzParamArray(&p->id[0], idLength, fuzzer))
637 return false;
638 p->axesLength = static_cast<unsigned>(
639 RandInRange(blink::WebGamepad::axesLengthCap + 1));
640 if (!FuzzParamArray(&p->axes[0], p->axesLength, fuzzer))
641 return false;
642 p->buttonsLength = static_cast<unsigned>(
643 RandInRange(blink::WebGamepad::buttonsLengthCap + 1));
644 if (!FuzzParamArray(&p->buttons[0], p->buttonsLength, fuzzer))
645 return false;
646 unsigned mappingsLength = static_cast<unsigned>(
647 RandInRange(blink::WebGamepad::mappingLengthCap + 1));
648 if (!FuzzParamArray(&p->mapping[0], mappingsLength, fuzzer))
649 return false;
650 return true;
651 }
652 };
653
654 template <>
655 struct FuzzTraits<blink::WebGamepadButton> {
656 static bool Fuzz(blink::WebGamepadButton* p, Fuzzer* fuzzer) {
657 if (!FuzzParam(&p->pressed, fuzzer))
658 return false;
659 if (!FuzzParam(&p->value, fuzzer))
660 return false;
661 return true;
662 }
663 };
664
665 template <>
666 struct FuzzTraits<cc::CompositorFrame> {
667 static bool Fuzz(cc::CompositorFrame* p, Fuzzer* fuzzer) {
668 // TODO(mbarbella): Support mutation.
669 if (!fuzzer->ShouldGenerate())
670 return true;
671
672 if (!FuzzParam(&p->metadata, fuzzer))
673 return false;
674
675 switch (RandInRange(3)) {
676 case 0: {
677 p->delegated_frame_data.reset(new cc::DelegatedFrameData());
678 if (!FuzzParam(p->delegated_frame_data.get(), fuzzer))
679 return false;
680 return true;
681 }
682 case 1: {
683 p->gl_frame_data.reset(new cc::GLFrameData());
684 if (!FuzzParam(p->gl_frame_data.get(), fuzzer))
685 return false;
686 return true;
687 }
688 default:
689 // Fuzz nothing to handle the no frame case.
690 return true;
691 }
692 }
693 };
694
695 template <>
696 struct FuzzTraits<cc::CompositorFrameAck> {
697 static bool Fuzz(cc::CompositorFrameAck* p, Fuzzer* fuzzer) {
698 if (!FuzzParam(&p->resources, fuzzer))
699 return false;
700
701 if (!p->gl_frame_data)
702 p->gl_frame_data.reset(new cc::GLFrameData);
703 if (!FuzzParam(p->gl_frame_data.get(), fuzzer))
704 return false;
705 return true;
706 }
707 };
708
709 template <>
710 struct FuzzTraits<cc::DelegatedFrameData> {
711 static bool Fuzz(cc::DelegatedFrameData* p, Fuzzer* fuzzer) {
712 if (!FuzzParam(&p->device_scale_factor, fuzzer))
713 return false;
714 if (!FuzzParam(&p->resource_list, fuzzer))
715 return false;
716 if (!FuzzParam(&p->render_pass_list, fuzzer))
717 return false;
718 return true;
719 }
720 };
721
722 template <class A>
723 struct FuzzTraits<cc::ListContainer<A>> {
724 static bool Fuzz(cc::ListContainer<A>* p, Fuzzer* fuzzer) {
725 // TODO(mbarbella): This should actually do something.
726 return true;
727 }
728 };
729
730 template <>
731 struct FuzzTraits<cc::QuadList> {
732 static bool Fuzz(cc::QuadList* p, Fuzzer* fuzzer) {
733 // TODO(mbarbella): This should actually do something.
734 return true;
735 }
736 };
737
738 template <>
739 struct FuzzTraits<cc::RenderPass> {
740 static bool Fuzz(cc::RenderPass* p, Fuzzer* fuzzer) {
741 if (!FuzzParam(&p->id, fuzzer))
742 return false;
743 if (!FuzzParam(&p->output_rect, fuzzer))
744 return false;
745 if (!FuzzParam(&p->damage_rect, fuzzer))
746 return false;
747 if (!FuzzParam(&p->transform_to_root_target, fuzzer))
748 return false;
749 if (!FuzzParam(&p->has_transparent_background, fuzzer))
750 return false;
751 if (!FuzzParam(&p->quad_list, fuzzer))
752 return false;
753 if (!FuzzParam(&p->shared_quad_state_list, fuzzer))
754 return false;
755 // Omitting |copy_requests| as it is not sent over IPC.
756 return true;
757 }
758 };
759
760 template <>
761 struct FuzzTraits<cc::RenderPassList> {
762 static bool Fuzz(cc::RenderPassList* p, Fuzzer* fuzzer) {
763 if (!fuzzer->ShouldGenerate()) {
764 for (size_t i = 0; i < p->size(); ++i) {
765 if (!FuzzParam(p->at(i), fuzzer))
766 return false;
767 }
768 return true;
769 }
770
771 size_t count = RandElementCount();
772 for (size_t i = 0; i < count; ++i) {
773 scoped_ptr<cc::RenderPass> render_pass = cc::RenderPass::Create();
774 if (!FuzzParam(render_pass.get(), fuzzer))
775 return false;
776 p->push_back(render_pass.Pass());
777 }
778 return true;
779 }
780 };
781
782 template <>
783 struct FuzzTraits<content::IndexedDBKey> {
784 static bool Fuzz(content::IndexedDBKey* p, Fuzzer* fuzzer) {
785 // TODO(mbarbella): Support mutation.
786 if (!fuzzer->ShouldGenerate())
787 return true;
788
789 ++g_depth;
790 blink::WebIDBKeyType web_type =
791 static_cast<blink::WebIDBKeyType>(RandInRange(7));
792 switch (web_type) {
793 case blink::WebIDBKeyTypeArray: {
794 size_t length = g_depth > 3 ? 0 : RandInRange(4);
795 std::vector<content::IndexedDBKey> array;
796 array.resize(length);
797 for (size_t i = 0; i < length; ++i) {
798 if (!FuzzParam(&array[i], fuzzer)) {
799 --g_depth;
800 return false;
801 }
802 }
803 *p = content::IndexedDBKey(array);
804 return true;
805 }
806 case blink::WebIDBKeyTypeBinary: {
807 std::string binary;
808 if (!FuzzParam(&binary, fuzzer)) {
809 --g_depth;
810 return false;
811 }
812 *p = content::IndexedDBKey(binary);
813 return true;
814 }
815 case blink::WebIDBKeyTypeString: {
816 base::string16 string;
817 if (!FuzzParam(&string, fuzzer))
818 return false;
819 *p = content::IndexedDBKey(string);
820 return true;
821 }
822 case blink::WebIDBKeyTypeDate:
823 case blink::WebIDBKeyTypeNumber: {
824 double number;
825 if (!FuzzParam(&number, fuzzer)) {
826 --g_depth;
827 return false;
828 }
829 *p = content::IndexedDBKey(number, web_type);
830 return true;
831 }
832 case blink::WebIDBKeyTypeInvalid:
833 case blink::WebIDBKeyTypeNull: {
834 *p = content::IndexedDBKey(web_type);
835 return true;
836 }
837 default: {
838 NOTREACHED();
839 --g_depth;
840 return false;
841 }
842 }
843 }
844 };
845
846 template <>
847 struct FuzzTraits<content::IndexedDBKeyRange> {
848 static bool Fuzz(content::IndexedDBKeyRange* p, Fuzzer* fuzzer) {
849 content::IndexedDBKey lower = p->lower();
850 content::IndexedDBKey upper = p->upper();
851 bool lower_open = p->lower_open();
852 bool upper_open = p->upper_open();
853 if (!FuzzParam(&lower, fuzzer))
854 return false;
855 if (!FuzzParam(&upper, fuzzer))
856 return false;
857 if (!FuzzParam(&lower_open, fuzzer))
858 return false;
859 if (!FuzzParam(&upper_open, fuzzer))
860 return false;
861 *p = content::IndexedDBKeyRange(lower, upper, lower_open, upper_open);
862 return true;
863 }
864 };
865
866 template <>
867 struct FuzzTraits<content::IndexedDBKeyPath> {
868 static bool Fuzz(content::IndexedDBKeyPath* p, Fuzzer* fuzzer) {
869 // TODO(mbarbella): Support mutation.
870 if (!fuzzer->ShouldGenerate())
871 return true;
872
873 switch (RandInRange(3)) {
874 case 0: {
875 std::vector<base::string16> array;
876 if (!FuzzParam(&array, fuzzer))
877 return false;
878 *p = content::IndexedDBKeyPath(array);
879 break;
880 }
881 case 1: {
882 base::string16 string;
883 if (!FuzzParam(&string, fuzzer))
884 return false;
885 *p = content::IndexedDBKeyPath(string);
886 break;
887 }
888 case 2: {
889 *p = content::IndexedDBKeyPath();
890 break;
891 }
892 }
893 return true;
894 }
895 };
896
897 template <>
898 struct FuzzTraits<content::NPIdentifier_Param> {
899 static bool Fuzz(content::NPIdentifier_Param* p, Fuzzer* fuzzer) {
900 // TODO(mbarbella): This should actually do something.
901 return true;
902 }
903 };
904
905 template <>
906 struct FuzzTraits<content::NPVariant_Param> {
907 static bool Fuzz(content::NPVariant_Param* p, Fuzzer* fuzzer) {
908 // TODO(mbarbella): This should actually do something.
909 return true;
910 }
911 };
912
913 template <>
914 struct FuzzTraits<content::PageState> {
915 static bool Fuzz(content::PageState* p, Fuzzer* fuzzer) {
916 std::string data = p->ToEncodedData();
917 if (!FuzzParam(&data, fuzzer))
918 return false;
919 *p = content::PageState::CreateFromEncodedData(data);
920 return true;
921 }
922 };
923
924 template <>
925 struct FuzzTraits<content::SyntheticGesturePacket> {
926 static bool Fuzz(content::SyntheticGesturePacket* p,
927 Fuzzer* fuzzer) {
928 // TODO(mbarbella): Support mutation.
929 if (!fuzzer->ShouldGenerate())
930 return true;
931
932 scoped_ptr<content::SyntheticGestureParams> gesture_params;
933 switch (RandInRange(
934 content::SyntheticGestureParams::SYNTHETIC_GESTURE_TYPE_MAX + 1)) {
935 case content::SyntheticGestureParams::GestureType::
936 SMOOTH_SCROLL_GESTURE: {
937 content::SyntheticSmoothScrollGestureParams* params =
938 new content::SyntheticSmoothScrollGestureParams();
939 if (!FuzzParam(&params->anchor, fuzzer))
940 return false;
941 if (!FuzzParam(&params->distances, fuzzer))
942 return false;
943 if (!FuzzParam(&params->prevent_fling, fuzzer))
944 return false;
945 if (!FuzzParam(&params->speed_in_pixels_s, fuzzer))
946 return false;
947 gesture_params.reset(params);
948 break;
949 }
950 case content::SyntheticGestureParams::GestureType::SMOOTH_DRAG_GESTURE: {
951 content::SyntheticSmoothDragGestureParams* params =
952 new content::SyntheticSmoothDragGestureParams();
953 if (!FuzzParam(&params->start_point, fuzzer))
954 return false;
955 if (!FuzzParam(&params->distances, fuzzer))
956 return false;
957 if (!FuzzParam(&params->speed_in_pixels_s, fuzzer))
958 return false;
959 gesture_params.reset(params);
960 break;
961 }
962 case content::SyntheticGestureParams::GestureType::PINCH_GESTURE: {
963 content::SyntheticPinchGestureParams* params =
964 new content::SyntheticPinchGestureParams();
965 if (!FuzzParam(&params->scale_factor, fuzzer))
966 return false;
967 if (!FuzzParam(&params->anchor, fuzzer))
968 return false;
969 if (!FuzzParam(&params->relative_pointer_speed_in_pixels_s,
970 fuzzer))
971 return false;
972 gesture_params.reset(params);
973 break;
974 }
975 case content::SyntheticGestureParams::GestureType::TAP_GESTURE: {
976 content::SyntheticTapGestureParams* params =
977 new content::SyntheticTapGestureParams();
978 if (!FuzzParam(&params->position, fuzzer))
979 return false;
980 if (!FuzzParam(&params->duration_ms, fuzzer))
981 return false;
982 gesture_params.reset(params);
983 break;
984 }
985 }
986 p->set_gesture_params(gesture_params.Pass());
987 return true;
988 }
989 };
990
991 template <>
992 struct FuzzTraits<content::WebCursor> {
993 static bool Fuzz(content::WebCursor* p, Fuzzer* fuzzer) {
994 content::WebCursor::CursorInfo info;
995 p->GetCursorInfo(&info);
996
997 // |type| enum is not validated on de-serialization, so pick random value.
998 if (!FuzzParam(reinterpret_cast<int*>(&info.type), fuzzer))
999 return false;
1000 if (!FuzzParam(&info.hotspot, fuzzer))
1001 return false;
1002 if (!FuzzParam(&info.image_scale_factor, fuzzer))
1003 return false;
1004 if (!FuzzParam(&info.custom_image, fuzzer))
1005 return false;
1006 // Omitting |externalHandle| since it is not serialized.
1007
1008 // Scale factor is expected to be greater than 0, otherwise we hit
1009 // a check failure.
1010 info.image_scale_factor = fabs(info.image_scale_factor);
1011 if (!(info.image_scale_factor > 0.0))
1012 info.image_scale_factor = 1;
1013
1014 *p = content::WebCursor(info);
1015 return true;
1016 }
1017 };
1018
1019 template <>
1020 struct FuzzTraits<ContentSettingsPattern> {
1021 static bool Fuzz(ContentSettingsPattern* p, Fuzzer* fuzzer) {
1022 // TODO(mbarbella): This can crash if a pattern is generated from a random
1023 // string. We could carefully generate a pattern or fix pattern generation.
1024 return true;
1025 }
1026 };
1027
1028 template <>
1029 struct FuzzTraits<ExtensionMsg_PermissionSetStruct> {
1030 static bool Fuzz(ExtensionMsg_PermissionSetStruct* p,
1031 Fuzzer* fuzzer) {
1032 // TODO(mbarbella): This should actually do something.
1033 return true;
1034 }
1035 };
1036
1037 template <>
1038 struct FuzzTraits<extensions::URLPatternSet> {
1039 static bool Fuzz(extensions::URLPatternSet* p, Fuzzer* fuzzer) {
1040 std::set<URLPattern> patterns = p->patterns();
1041 if (!FuzzParam(&patterns, fuzzer))
1042 return false;
1043 *p = extensions::URLPatternSet(patterns);
1044 return true;
1045 }
1046 };
1047
1048 template <>
1049 struct FuzzTraits<gfx::Point> {
1050 static bool Fuzz(gfx::Point* p, Fuzzer* fuzzer) {
1051 int x = p->x();
1052 int y = p->y();
1053 if (!FuzzParam(&x, fuzzer))
1054 return false;
1055 if (!FuzzParam(&y, fuzzer))
1056 return false;
1057 p->SetPoint(x, y);
1058 return true;
1059 }
1060 };
1061
1062 template <>
1063 struct FuzzTraits<gfx::PointF> {
1064 static bool Fuzz(gfx::PointF* p, Fuzzer* fuzzer) {
1065 float x = p->x();
1066 float y = p->y();
1067 if (!FuzzParam(&x, fuzzer))
1068 return false;
1069 if (!FuzzParam(&y, fuzzer))
1070 return false;
1071 p->SetPoint(x, y);
1072 return true;
1073 }
1074 };
1075
1076 template <>
1077 struct FuzzTraits<gfx::Rect> {
1078 static bool Fuzz(gfx::Rect* p, Fuzzer* fuzzer) {
1079 gfx::Point origin = p->origin();
1080 gfx::Size size = p->size();
1081 if (!FuzzParam(&origin, fuzzer))
1082 return false;
1083 if (!FuzzParam(&size, fuzzer))
1084 return false;
1085 p->set_origin(origin);
1086 p->set_size(size);
1087 return true;
1088 }
1089 };
1090
1091 template <>
1092 struct FuzzTraits<gfx::RectF> {
1093 static bool Fuzz(gfx::RectF* p, Fuzzer* fuzzer) {
1094 gfx::PointF origin = p->origin();
1095 gfx::SizeF size = p->size();
1096 if (!FuzzParam(&origin, fuzzer))
1097 return false;
1098 if (!FuzzParam(&size, fuzzer))
1099 return false;
1100 p->set_origin(origin);
1101 p->set_size(size);
1102 return true;
1103 }
1104 };
1105
1106 template <>
1107 struct FuzzTraits<gfx::Range> {
1108 static bool Fuzz(gfx::Range* p, Fuzzer* fuzzer) {
1109 size_t start = p->start();
1110 size_t end = p->end();
1111 if (!FuzzParam(&start, fuzzer))
1112 return false;
1113 if (!FuzzParam(&end, fuzzer))
1114 return false;
1115 *p = gfx::Range(start, end);
1116 return true;
1117 }
1118 };
1119
1120 template <>
1121 struct FuzzTraits<gfx::Size> {
1122 static bool Fuzz(gfx::Size* p, Fuzzer* fuzzer) {
1123 int width = p->width();
1124 int height = p->height();
1125 if (!FuzzParam(&width, fuzzer))
1126 return false;
1127 if (!FuzzParam(&height, fuzzer))
1128 return false;
1129 p->SetSize(width, height);
1130 return true;
1131 }
1132 };
1133
1134 template <>
1135 struct FuzzTraits<gfx::SizeF> {
1136 static bool Fuzz(gfx::SizeF* p, Fuzzer* fuzzer) {
1137 float w;
1138 float h;
1139 if (!FuzzParam(&w, fuzzer))
1140 return false;
1141 if (!FuzzParam(&h, fuzzer))
1142 return false;
1143 p->SetSize(w, h);
1144 return true;
1145 }
1146 };
1147
1148 template <>
1149 struct FuzzTraits<gfx::Transform> {
1150 static bool Fuzz(gfx::Transform* p, Fuzzer* fuzzer) {
1151 SkMScalar matrix[16];
1152 for (size_t i = 0; i < arraysize(matrix); i++) {
1153 matrix[i] = p->matrix().get(i / 4, i % 4);
1154 }
1155 if (!FuzzParamArray(&matrix[0], arraysize(matrix), fuzzer))
1156 return false;
1157 *p = gfx::Transform(matrix[0], matrix[1], matrix[2], matrix[3], matrix[4],
1158 matrix[5], matrix[6], matrix[7], matrix[8], matrix[9],
1159 matrix[10], matrix[11], matrix[12], matrix[13],
1160 matrix[14], matrix[15]);
1161 return true;
1162 }
1163 };
1164
1165 template <>
1166 struct FuzzTraits<gfx::Vector2d> {
1167 static bool Fuzz(gfx::Vector2d* p, Fuzzer* fuzzer) {
1168 int x = p->x();
1169 int y = p->y();
1170 if (!FuzzParam(&x, fuzzer))
1171 return false;
1172 if (!FuzzParam(&y, fuzzer))
1173 return false;
1174 *p = gfx::Vector2d(x, y);
1175 return true;
1176 }
1177 };
1178
1179 template <>
1180 struct FuzzTraits<gfx::Vector2dF> {
1181 static bool Fuzz(gfx::Vector2dF* p, Fuzzer* fuzzer) {
1182 float x = p->x();
1183 float y = p->y();
1184 if (!FuzzParam(&x, fuzzer))
1185 return false;
1186 if (!FuzzParam(&y, fuzzer))
1187 return false;
1188 *p = gfx::Vector2dF(x, y);
1189 return true;
1190 }
1191 };
1192
1193 template <>
1194 struct FuzzTraits<gpu::Mailbox> {
1195 static bool Fuzz(gpu::Mailbox* p, Fuzzer* fuzzer) {
1196 fuzzer->FuzzBytes(p->name, sizeof(p->name));
1197 return true;
1198 }
1199 };
1200
1201 template <>
1202 struct FuzzTraits<gpu::MailboxHolder> {
1203 static bool Fuzz(gpu::MailboxHolder* p, Fuzzer* fuzzer) {
1204 if (!FuzzParam(&p->mailbox, fuzzer))
1205 return false;
1206 if (!FuzzParam(&p->texture_target, fuzzer))
1207 return false;
1208 if (!FuzzParam(&p->sync_point, fuzzer))
1209 return false;
1210 return true;
1211 }
1212 };
1213
1214 template <>
1215 struct FuzzTraits<gpu::ValueState> {
1216 static bool Fuzz(gpu::ValueState* p, Fuzzer* fuzzer) {
1217 if (!FuzzParamArray(&p->float_value[0], 4, fuzzer))
1218 return false;
1219 if (!FuzzParamArray(&p->int_value[0], 4, fuzzer))
1220 return false;
1221 return true;
1222 }
1223 };
1224
1225 template <>
1226 struct FuzzTraits<GURL> {
1227 static bool Fuzz(GURL* p, Fuzzer* fuzzer) {
1228 if (!fuzzer->ShouldGenerate()) {
1229 std::string spec = p->possibly_invalid_spec();
1230 if (!FuzzParam(&spec, fuzzer))
1231 return false;
1232 if (spec != p->possibly_invalid_spec())
1233 *p = GURL(spec);
1234 return true;
1235 }
1236
1237 const char url_chars[] = "Ahtp0:/.?+\\%&#";
1238 size_t count = RandInRange(100);
1239 std::string random_url;
1240 for (size_t i = 0; i < count; ++i)
1241 random_url += url_chars[RandInRange(sizeof(url_chars) - 1)];
1242 int selector = RandInRange(10);
1243 if (selector == 0)
1244 random_url = std::string("http://") + random_url;
1245 else if (selector == 1)
1246 random_url = std::string("file://") + random_url;
1247 else if (selector == 2)
1248 random_url = std::string("javascript:") + random_url;
1249 else if (selector == 2)
1250 random_url = std::string("data:") + random_url;
1251 *p = GURL(random_url);
1252 return true;
1253 }
1254 };
1255
1256 template <>
1257 struct FuzzTraits<HostID> {
1258 static bool Fuzz(HostID* p, Fuzzer* fuzzer) {
1259 HostID::HostType type = p->type();
1260 std::string id = p->id();
1261 if (!FuzzParam(&type, fuzzer))
1262 return false;
1263 if (!FuzzParam(&id, fuzzer))
1264 return false;
1265 *p = HostID(type, id);
1266 return true;
1267 }
1268 };
1269
1270 #if defined(OS_WIN)
1271 template <>
1272 struct FuzzTraits<HWND> {
1273 static bool Fuzz(HWND* p, Fuzzer* fuzzer) {
1274 // TODO(aarya): This should actually do something.
1275 return true;
1276 }
1277 };
1278 #endif
1279
1280 template <>
1281 struct FuzzTraits<IPC::Message> {
1282 static bool Fuzz(IPC::Message* p, Fuzzer* fuzzer) {
1283 // TODO(mbarbella): Support mutation.
1284 if (!fuzzer->ShouldGenerate())
1285 return true;
1286
1287 if (g_function_vector.empty())
1288 return false;
1289 size_t index = RandInRange(g_function_vector.size());
1290 IPC::Message* ipc_message = (*g_function_vector[index])(NULL, fuzzer);
1291 if (!ipc_message)
1292 return false;
1293 p = ipc_message;
1294 return true;
1295 }
1296 };
1297
1298 template <>
1299 struct FuzzTraits<IPC::PlatformFileForTransit> {
1300 static bool Fuzz(IPC::PlatformFileForTransit* p, Fuzzer* fuzzer) {
1301 // TODO(inferno): I don't think we can generate real ones due to check on
1302 // construct.
1303 return true;
1304 }
1305 };
1306
1307 template <>
1308 struct FuzzTraits<IPC::ChannelHandle> {
1309 static bool Fuzz(IPC::ChannelHandle* p, Fuzzer* fuzzer) {
1310 // TODO(mbarbella): Support mutation.
1311 if (!fuzzer->ShouldGenerate())
1312 return true;
1313
1314 // TODO(inferno): Add way to generate real channel handles.
1315 #if defined(OS_WIN)
1316 HANDLE fake_handle = (HANDLE)(RandU64());
1317 p->pipe = IPC::ChannelHandle::PipeHandle(fake_handle);
1318 return true;
1319 #elif defined(OS_POSIX)
1320 return
1321 FuzzParam(&p->name, fuzzer) &&
1322 FuzzParam(&p->socket, fuzzer);
1323 #endif
1324 }
1325 };
1326
1327 #if defined(OS_WIN)
1328 template <>
1329 struct FuzzTraits<LOGFONT> {
1330 static bool Fuzz(LOGFONT* p, Fuzzer* fuzzer) {
1331 // TODO(aarya): This should actually do something.
1332 return true;
1333 }
1334 };
1335 #endif
1336
1337 template <>
1338 struct FuzzTraits<media::AudioParameters> {
1339 static bool Fuzz(media::AudioParameters* p, Fuzzer* fuzzer) {
1340 int format = p->format();
1341 int channel_layout = p->channel_layout();
1342 int sample_rate = p->sample_rate();
1343 int bits_per_sample = p->bits_per_sample();
1344 int frames_per_buffer = p->frames_per_buffer();
1345 int channels = p->channels();
1346 int effects = p->effects();
1347 if (!FuzzParam(&format, fuzzer))
1348 return false;
1349 if (!FuzzParam(&channel_layout, fuzzer))
1350 return false;
1351 if (!FuzzParam(&sample_rate, fuzzer))
1352 return false;
1353 if (!FuzzParam(&bits_per_sample, fuzzer))
1354 return false;
1355 if (!FuzzParam(&frames_per_buffer, fuzzer))
1356 return false;
1357 if (!FuzzParam(&channels, fuzzer))
1358 return false;
1359 if (!FuzzParam(&effects, fuzzer))
1360 return false;
1361 media::AudioParameters params(
1362 static_cast<media::AudioParameters::Format>(format),
1363 static_cast<media::ChannelLayout>(channel_layout), channels,
1364 sample_rate, bits_per_sample, frames_per_buffer, effects);
1365 *p = params;
1366 return true;
1367 }
1368 };
1369
1370 template <>
1371 struct FuzzTraits<media::VideoCaptureFormat> {
1372 static bool Fuzz(media::VideoCaptureFormat* p, Fuzzer* fuzzer) {
1373 if (!FuzzParam(&p->frame_size, fuzzer))
1374 return false;
1375 if (!FuzzParam(&p->frame_rate, fuzzer))
1376 return false;
1377 if (!FuzzParam(reinterpret_cast<int*>(&p->pixel_format), fuzzer))
1378 return false;
1379 return true;
1380 }
1381 };
1382
1383 template <>
1384 struct FuzzTraits<net::LoadTimingInfo> {
1385 static bool Fuzz(net::LoadTimingInfo* p, Fuzzer* fuzzer) {
1386 return FuzzParam(&p->socket_log_id, fuzzer) &&
1387 FuzzParam(&p->socket_reused, fuzzer) &&
1388 FuzzParam(&p->request_start_time, fuzzer) &&
1389 FuzzParam(&p->request_start, fuzzer) &&
1390 FuzzParam(&p->proxy_resolve_start, fuzzer) &&
1391 FuzzParam(&p->proxy_resolve_end, fuzzer) &&
1392 FuzzParam(&p->connect_timing.dns_start, fuzzer) &&
1393 FuzzParam(&p->connect_timing.dns_end, fuzzer) &&
1394 FuzzParam(&p->connect_timing.connect_start, fuzzer) &&
1395 FuzzParam(&p->connect_timing.connect_end, fuzzer) &&
1396 FuzzParam(&p->connect_timing.ssl_start, fuzzer) &&
1397 FuzzParam(&p->connect_timing.ssl_end, fuzzer) &&
1398 FuzzParam(&p->send_start, fuzzer) &&
1399 FuzzParam(&p->send_end, fuzzer) &&
1400 FuzzParam(&p->receive_headers_end, fuzzer);
1401 }
1402 };
1403
1404 template <>
1405 struct FuzzTraits<net::HostPortPair> {
1406 static bool Fuzz(net::HostPortPair* p, Fuzzer* fuzzer) {
1407 std::string host = p->host();
1408 uint16 port = p->port();
1409 if (!FuzzParam(&host, fuzzer))
1410 return false;
1411 if (!FuzzParam(&port, fuzzer))
1412 return false;
1413 p->set_host(host);
1414 p->set_port(port);
1415 return true;
1416 }
1417 };
1418
1419 template <>
1420 struct FuzzTraits<net::IPEndPoint> {
1421 static bool Fuzz(net::IPEndPoint* p, Fuzzer* fuzzer) {
1422 net::IPAddressNumber address = p->address();
1423 int port = p->port();
1424 if (!FuzzParam(&address, fuzzer))
1425 return false;
1426 if (!FuzzParam(&port, fuzzer))
1427 return false;
1428 net::IPEndPoint ip_endpoint(address, port);
1429 *p = ip_endpoint;
1430 return true;
1431 }
1432 };
1433
1434 template <>
1435 struct FuzzTraits<network_hints::LookupRequest> {
1436 static bool Fuzz(network_hints::LookupRequest* p, Fuzzer* fuzzer) {
1437 if (!FuzzParam(&p->hostname_list, fuzzer))
1438 return false;
1439 return true;
1440 }
1441 };
1442
1443 // PP_ traits.
1444 template <>
1445 struct FuzzTraits<PP_Bool> {
1446 static bool Fuzz(PP_Bool* p, Fuzzer* fuzzer) {
1447 bool tmp = PP_ToBool(*p);
1448 if (!FuzzParam(&tmp, fuzzer))
1449 return false;
1450 *p = PP_FromBool(tmp);
1451 return true;
1452 }
1453 };
1454
1455 template <>
1456 struct FuzzTraits<PP_KeyInformation> {
1457 static bool Fuzz(PP_KeyInformation* p, Fuzzer* fuzzer) {
1458 // TODO(mbarbella): This should actually do something.
1459 return true;
1460 }
1461 };
1462
1463 template <>
1464 struct FuzzTraits<PP_NetAddress_Private> {
1465 static bool Fuzz(PP_NetAddress_Private* p, Fuzzer* fuzzer) {
1466 p->size = RandInRange(sizeof(p->data) + 1);
1467 fuzzer->FuzzBytes(&p->data, p->size);
1468 return true;
1469 }
1470 };
1471
1472 template <>
1473 struct FuzzTraits<ppapi::PPB_X509Certificate_Fields> {
1474 static bool Fuzz(ppapi::PPB_X509Certificate_Fields* p,
1475 Fuzzer* fuzzer) {
1476 // TODO(mbarbella): This should actually do something.
1477 return true;
1478 }
1479 };
1480
1481 template <>
1482 struct FuzzTraits<ppapi::proxy::PPBFlash_DrawGlyphs_Params> {
1483 static bool Fuzz(ppapi::proxy::PPBFlash_DrawGlyphs_Params* p,
1484 Fuzzer* fuzzer) {
1485 // TODO(mbarbella): This should actually do something.
1486 return true;
1487 }
1488 };
1489
1490 template <>
1491 struct FuzzTraits<ppapi::proxy::ResourceMessageCallParams> {
1492 static bool Fuzz(
1493 ppapi::proxy::ResourceMessageCallParams* p, Fuzzer* fuzzer) {
1494 // TODO(mbarbella): Support mutation.
1495 if (!fuzzer->ShouldGenerate())
1496 return true;
1497
1498 PP_Resource resource;
1499 int32_t sequence;
1500 bool has_callback;
1501 if (!FuzzParam(&resource, fuzzer))
1502 return false;
1503 if (!FuzzParam(&sequence, fuzzer))
1504 return false;
1505 if (!FuzzParam(&has_callback, fuzzer))
1506 return false;
1507 *p = ppapi::proxy::ResourceMessageCallParams(resource, sequence);
1508 if (has_callback)
1509 p->set_has_callback();
1510 return true;
1511 }
1512 };
1513
1514 template <>
1515 struct FuzzTraits<ppapi::proxy::ResourceMessageReplyParams> {
1516 static bool Fuzz(
1517 ppapi::proxy::ResourceMessageReplyParams* p, Fuzzer* fuzzer) {
1518 // TODO(mbarbella): Support mutation.
1519 if (!fuzzer->ShouldGenerate())
1520 return true;
1521
1522 PP_Resource resource;
1523 int32_t sequence;
1524 int32_t result;
1525 if (!FuzzParam(&resource, fuzzer))
1526 return false;
1527 if (!FuzzParam(&sequence, fuzzer))
1528 return false;
1529 if (!FuzzParam(&result, fuzzer))
1530 return false;
1531 *p = ppapi::proxy::ResourceMessageReplyParams(resource, sequence);
1532 p->set_result(result);
1533 return true;
1534 }
1535 };
1536
1537 template <>
1538 struct FuzzTraits<ppapi::proxy::SerializedHandle> {
1539 static bool Fuzz(ppapi::proxy::SerializedHandle* p,
1540 Fuzzer* fuzzer) {
1541 // TODO(mbarbella): This should actually do something.
1542 return true;
1543 }
1544 };
1545
1546 template <>
1547 struct FuzzTraits<ppapi::proxy::SerializedFontDescription> {
1548 static bool Fuzz(ppapi::proxy::SerializedFontDescription* p,
1549 Fuzzer* fuzzer) {
1550 // TODO(mbarbella): This should actually do something.
1551 return true;
1552 }
1553 };
1554
1555 template <>
1556 struct FuzzTraits<ppapi::proxy::SerializedTrueTypeFontDesc> {
1557 static bool Fuzz(ppapi::proxy::SerializedTrueTypeFontDesc* p,
1558 Fuzzer* fuzzer) {
1559 // TODO(mbarbella): This should actually do something.
1560 return true;
1561 }
1562 };
1563
1564 template <>
1565 struct FuzzTraits<ppapi::proxy::SerializedVar> {
1566 static bool Fuzz(ppapi::proxy::SerializedVar* p, Fuzzer* fuzzer) {
1567 // TODO(mbarbella): This should actually do something.
1568 return true;
1569 }
1570 };
1571
1572 template <>
1573 struct FuzzTraits<ppapi::HostResource> {
1574 static bool Fuzz(ppapi::HostResource* p, Fuzzer* fuzzer) {
1575 // TODO(mbarbella): Support mutation.
1576 if (!fuzzer->ShouldGenerate())
1577 return true;
1578
1579 PP_Instance instance;
1580 PP_Resource resource;
1581 if (!FuzzParam(&instance, fuzzer))
1582 return false;
1583 if (!FuzzParam(&resource, fuzzer))
1584 return false;
1585 p->SetHostResource(instance, resource);
1586 return true;
1587 }
1588 };
1589
1590 template <>
1591 struct FuzzTraits<ppapi::PepperFilePath> {
1592 static bool Fuzz(ppapi::PepperFilePath *p, Fuzzer* fuzzer) {
1593 // TODO(mbarbella): Support mutation.
1594 if (!fuzzer->ShouldGenerate())
1595 return true;
1596
1597 unsigned domain = RandInRange(ppapi::PepperFilePath::DOMAIN_MAX_VALID+1);
1598 base::FilePath path;
1599 if (!FuzzParam(&path, fuzzer))
1600 return false;
1601 *p = ppapi::PepperFilePath(
1602 static_cast<ppapi::PepperFilePath::Domain>(domain), path);
1603 return true;
1604 }
1605 };
1606
1607 template <>
1608 struct FuzzTraits<ppapi::PpapiPermissions> {
1609 static bool Fuzz(ppapi::PpapiPermissions* p, Fuzzer* fuzzer) {
1610 uint32_t bits = p->GetBits();
1611 if (!FuzzParam(&bits, fuzzer))
1612 return false;
1613 *p = ppapi::PpapiPermissions(bits);
1614 return true;
1615 }
1616 };
1617
1618 template <>
1619 struct FuzzTraits<ppapi::SocketOptionData> {
1620 static bool Fuzz(ppapi::SocketOptionData* p, Fuzzer* fuzzer) {
1621 // TODO(mbarbella): This can be improved.
1622 int32 tmp;
1623 p->GetInt32(&tmp);
1624 if (!FuzzParam(&tmp, fuzzer))
1625 return false;
1626 p->SetInt32(tmp);
1627 return true;
1628 }
1629 };
1630
1631 template <>
1632 struct FuzzTraits<printing::PdfRenderSettings> {
1633 static bool Fuzz(printing::PdfRenderSettings* p, Fuzzer* fuzzer) {
1634 gfx::Rect area = p->area();
1635 int dpi = p->dpi();
1636 bool autorotate = p->autorotate();
1637 if (!FuzzParam(&area, fuzzer))
1638 return false;
1639 if (!FuzzParam(&dpi, fuzzer))
1640 return false;
1641 if (!FuzzParam(&autorotate, fuzzer))
1642 return false;
1643 *p = printing::PdfRenderSettings(area, dpi, autorotate);
1644 return true;
1645 }
1646 };
1647
1648 template <>
1649 struct FuzzTraits<remoting::ScreenResolution> {
1650 static bool Fuzz(remoting::ScreenResolution* p, Fuzzer* fuzzer) {
1651 webrtc::DesktopSize dimensions = p->dimensions();
1652 webrtc::DesktopVector dpi = p->dpi();
1653 if (!FuzzParam(&dimensions, fuzzer))
1654 return false;
1655 if (!FuzzParam(&dpi, fuzzer))
1656 return false;
1657 *p = remoting::ScreenResolution(dimensions, dpi);
1658 return true;
1659 }
1660 };
1661
1662 template <>
1663 struct FuzzTraits<SkBitmap> {
1664 static bool Fuzz(SkBitmap* p, Fuzzer* fuzzer) {
1665 // TODO(mbarbella): This should actually do something.
1666 return true;
1667 }
1668 };
1669
1670 template <>
1671 struct FuzzTraits<storage::DataElement> {
1672 static bool Fuzz(storage::DataElement* p, Fuzzer* fuzzer) {
1673 // TODO(mbarbella): Support mutation.
1674 if (!fuzzer->ShouldGenerate())
1675 return true;
1676
1677 switch (RandInRange(4)) {
1678 case storage::DataElement::Type::TYPE_BYTES: {
1679 if (RandEvent(2)) {
1680 p->SetToEmptyBytes();
1681 } else {
1682 char data[256];
1683 int data_len = RandInRange(sizeof(data));
1684 fuzzer->FuzzBytes(&data[0], data_len);
1685 p->SetToBytes(&data[0], data_len);
1686 }
1687 return true;
1688 }
1689 case storage::DataElement::Type::TYPE_FILE: {
1690 base::FilePath path;
1691 uint64 offset;
1692 uint64 length;
1693 base::Time modification_time;
1694 if (!FuzzParam(&path, fuzzer))
1695 return false;
1696 if (!FuzzParam(&offset, fuzzer))
1697 return false;
1698 if (!FuzzParam(&length, fuzzer))
1699 return false;
1700 if (!FuzzParam(&modification_time, fuzzer))
1701 return false;
1702 p->SetToFilePathRange(path, offset, length, modification_time);
1703 return true;
1704 }
1705 case storage::DataElement::Type::TYPE_BLOB: {
1706 std::string uuid;
1707 uint64 offset;
1708 uint64 length;
1709 if (!FuzzParam(&uuid, fuzzer))
1710 return false;
1711 if (!FuzzParam(&offset, fuzzer))
1712 return false;
1713 if (!FuzzParam(&length, fuzzer))
1714 return false;
1715 p->SetToBlobRange(uuid, offset, length);
1716 return true;
1717 }
1718 case storage::DataElement::Type::TYPE_FILE_FILESYSTEM: {
1719 GURL url;
1720 uint64 offset;
1721 uint64 length;
1722 base::Time modification_time;
1723 if (!FuzzParam(&url, fuzzer))
1724 return false;
1725 if (!FuzzParam(&offset, fuzzer))
1726 return false;
1727 if (!FuzzParam(&length, fuzzer))
1728 return false;
1729 if (!FuzzParam(&modification_time, fuzzer))
1730 return false;
1731 p->SetToFileSystemUrlRange(url, offset, length, modification_time);
1732 return true;
1733 }
1734 default: {
1735 NOTREACHED();
1736 return false;
1737 }
1738 }
1739 }
1740 };
1741
1742 template <>
1743 struct FuzzTraits<ui::LatencyInfo> {
1744 static bool Fuzz(ui::LatencyInfo* p, Fuzzer* fuzzer) {
1745 // TODO(inferno): Add param traits for |latency_components|.
1746 int64 trace_id = p->trace_id();
1747 bool terminated = p->terminated();
1748 uint32 input_coordinates_size = static_cast<uint32>(
1749 RandInRange(ui::LatencyInfo::kMaxInputCoordinates + 1));
1750 ui::LatencyInfo::InputCoordinate
1751 input_coordinates[ui::LatencyInfo::kMaxInputCoordinates];
1752 uint32 event_timestamps_size = static_cast<uint32>(
1753 RandInRange(ui::LatencyInfo::kMaxCoalescedEventTimestamps + 1));
1754 double event_timestamps[ui::LatencyInfo::kMaxCoalescedEventTimestamps];
1755 if (!FuzzParamArray(
1756 input_coordinates, input_coordinates_size, fuzzer))
1757 return false;
1758 if (!FuzzParamArray(event_timestamps, event_timestamps_size, fuzzer))
1759 return false;
1760 if (!FuzzParam(&trace_id, fuzzer))
1761 return false;
1762 if (!FuzzParam(&terminated, fuzzer))
1763 return false;
1764
1765 ui::LatencyInfo latency(trace_id, terminated);
1766 for (size_t i = 0; i < input_coordinates_size; i++) {
1767 latency.AddInputCoordinate(input_coordinates[i]);
1768 }
1769 for (size_t i = 0; i < event_timestamps_size; i++) {
1770 latency.AddCoalescedEventTimestamp(event_timestamps[i]);
1771 }
1772 *p = latency;
1773
1774 return true;
1775 }
1776 };
1777
1778 template <>
1779 struct FuzzTraits<ui::LatencyInfo::InputCoordinate> {
1780 static bool Fuzz(
1781 ui::LatencyInfo::InputCoordinate* p, Fuzzer* fuzzer) {
1782 if (!FuzzParam(&p->x, fuzzer))
1783 return false;
1784 if (!FuzzParam(&p->y, fuzzer))
1785 return false;
1786 return true;
1787 }
1788 };
1789
1790 template <>
1791 struct FuzzTraits<url::Origin> {
1792 static bool Fuzz(url::Origin* p, Fuzzer* fuzzer) {
1793 std::string scheme = p->scheme();
1794 std::string host = p->host();
1795 uint16 port = p->port();
1796 if (!FuzzParam(&scheme, fuzzer))
1797 return false;
1798 if (!FuzzParam(&host, fuzzer))
1799 return false;
1800 if (!FuzzParam(&port, fuzzer))
1801 return false;
1802 *p = url::Origin::UnsafelyCreateOriginWithoutNormalization(scheme, host,
1803 port);
1804
1805 // Force a unique origin 1% of the time:
1806 if (RandInRange(100) == 1)
1807 *p = url::Origin();
1808 return true;
1809 }
1810 };
1811
1812 template <>
1813 struct FuzzTraits<URLPattern> {
1814 static bool Fuzz(URLPattern* p, Fuzzer* fuzzer) {
1815 int valid_schemes = p->valid_schemes();
1816 std::string host = p->host();
1817 std::string port = p->port();
1818 std::string path = p->path();
1819 if (!FuzzParam(&valid_schemes, fuzzer))
1820 return false;
1821 if (!FuzzParam(&host, fuzzer))
1822 return false;
1823 if (!FuzzParam(&port, fuzzer))
1824 return false;
1825 if (!FuzzParam(&path, fuzzer))
1826 return false;
1827 *p = URLPattern(valid_schemes);
1828 p->SetHost(host);
1829 p->SetPort(port);
1830 p->SetPath(path);
1831 return true;
1832 }
1833 };
1834
1835 template <>
1836 struct FuzzTraits<webrtc::DesktopSize> {
1837 static bool Fuzz(webrtc::DesktopSize* p, Fuzzer* fuzzer) {
1838 int32_t width = p->width();
1839 int32_t height = p->height();
1840 if (!FuzzParam(&width, fuzzer))
1841 return false;
1842 if (!FuzzParam(&height, fuzzer))
1843 return false;
1844 *p = webrtc::DesktopSize(width, height);
1845 return true;
1846 }
1847 };
1848
1849 template <>
1850 struct FuzzTraits<webrtc::DesktopVector> {
1851 static bool Fuzz(webrtc::DesktopVector* p, Fuzzer* fuzzer) {
1852 int32_t x = p->x();
1853 int32_t y = p->y();
1854 if (!FuzzParam(&x, fuzzer))
1855 return false;
1856 if (!FuzzParam(&y, fuzzer))
1857 return false;
1858 p->set(x, y);
1859 return true;
1860 }
1861 };
1862
1863 template <>
1864 struct FuzzTraits<webrtc::DesktopRect> {
1865 static bool Fuzz(webrtc::DesktopRect* p, Fuzzer* fuzzer) {
1866 int32_t left = p->left();
1867 int32_t top = p->top();
1868 int32_t right = p->right();
1869 int32_t bottom = p->bottom();
1870 if (!FuzzParam(&left, fuzzer))
1871 return false;
1872 if (!FuzzParam(&top, fuzzer))
1873 return false;
1874 if (!FuzzParam(&right, fuzzer))
1875 return false;
1876 if (!FuzzParam(&bottom, fuzzer))
1877 return false;
1878 *p = webrtc::DesktopRect::MakeLTRB(left, top, right, bottom);
1879 return true;
1880 }
1881 };
1882
1883 template <>
1884 struct FuzzTraits<webrtc::MouseCursor> {
1885 static bool Fuzz(webrtc::MouseCursor* p, Fuzzer* fuzzer) {
1886 webrtc::DesktopVector hotspot = p->hotspot();
1887 if (!FuzzParam(&hotspot, fuzzer))
1888 return false;
1889 p->set_hotspot(hotspot);
1890
1891 // TODO(mbarbella): Find a way to handle the size mutation properly.
1892 if (!fuzzer->ShouldGenerate())
1893 return false;
1894
1895 // Using a small size here to avoid OOM or overflow on image allocation.
1896 webrtc::DesktopSize size(RandInRange(100), RandInRange(100));
1897 p->set_image(new webrtc::BasicDesktopFrame(size));
1898 return true;
1899 }
1900 };
1901
1902 // Redefine macros to generate generating from traits declarations.
1903 // STRUCT declarations cause corresponding STRUCT_TRAITS declarations to occur.
1904 #undef IPC_STRUCT_BEGIN
1905 #undef IPC_STRUCT_BEGIN_WITH_PARENT
1906 #undef IPC_STRUCT_MEMBER
1907 #undef IPC_STRUCT_END
1908 #define IPC_STRUCT_BEGIN_WITH_PARENT(struct_name, parent) \
1909 IPC_STRUCT_BEGIN(struct_name)
1910 #define IPC_STRUCT_BEGIN(struct_name) IPC_STRUCT_TRAITS_BEGIN(struct_name)
1911 #define IPC_STRUCT_MEMBER(type, name, ...) IPC_STRUCT_TRAITS_MEMBER(name)
1912 #define IPC_STRUCT_END() IPC_STRUCT_TRAITS_END()
1913
1914 // Set up so next include will generate generate trait classes.
1915 #undef IPC_STRUCT_TRAITS_BEGIN
1916 #undef IPC_STRUCT_TRAITS_MEMBER
1917 #undef IPC_STRUCT_TRAITS_PARENT
1918 #undef IPC_STRUCT_TRAITS_END
1919 #define IPC_STRUCT_TRAITS_BEGIN(struct_name) \
1920 template <> \
1921 struct FuzzTraits<struct_name> { \
1922 static bool Fuzz(struct_name *p, Fuzzer* fuzzer) {
1923
1924 #define IPC_STRUCT_TRAITS_MEMBER(name) \
1925 if (!FuzzParam(&p->name, fuzzer)) \
1926 return false;
1927
1928 #define IPC_STRUCT_TRAITS_PARENT(type) \
1929 if (!FuzzParam(static_cast<type*>(p), fuzzer)) \
1930 return false;
1931
1932 #define IPC_STRUCT_TRAITS_END() \
1933 return true; \
1934 } \
1935 };
1936
1937 // If |condition| isn't met, the messsge will fail to serialize. Try
1938 // increasingly smaller ranges until we find one that happens to meet
1939 // the condition, or fail trying.
1940 // TODO(mbarbella): Attempt to validate even in the mutation case.
1941 #undef IPC_ENUM_TRAITS_VALIDATE
1942 #define IPC_ENUM_TRAITS_VALIDATE(enum_name, condition) \
1943 template <> \
1944 struct FuzzTraits<enum_name> { \
1945 static bool Fuzz(enum_name* p, Fuzzer* fuzzer) { \
1946 if (!fuzzer->ShouldGenerate()) { \
1947 return FuzzParam(reinterpret_cast<int*>(p), fuzzer); \
1948 } \
1949 for (int shift = 30; shift; --shift) { \
1950 for (int tries = 0; tries < 2; ++tries) { \
1951 int value = RandInRange(1 << shift); \
1952 if (condition) { \
1953 *reinterpret_cast<int*>(p) = value; \
1954 return true; \
1955 } \
1956 } \
1957 } \
1958 std::cerr << "failed to satisfy " << #condition << "\n"; \
1959 return false; \
1960 } \
1961 };
1962
1963 // Bring them into existence.
1964 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
1965 #include "tools/ipc_fuzzer/message_lib/all_message_null_macros.h"
1966
1967 // Redefine macros to generate generating funtions
1968 #undef IPC_MESSAGE_DECL
1969 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \
1970 IPC_##kind##_##type##_FUZZ(name, in, out, ilist, olist)
1971
1972 #define IPC_EMPTY_CONTROL_FUZZ(name, in, out, ilist, olist) \
1973 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1974 if (msg) { \
1975 return NULL; \
1976 } \
1977 return new name(); \
1978 }
1979
1980 #define IPC_EMPTY_ROUTED_FUZZ(name, in, out, ilist, olist) \
1981 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1982 if (msg) { \
1983 return NULL; \
1984 } \
1985 return new name(RandInRange(MAX_FAKE_ROUTING_ID)); \
1986 }
1987
1988 #define IPC_ASYNC_CONTROL_FUZZ(name, in, out, ilist, olist) \
1989 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
1990 IPC_TUPLE_IN_##in ilist p; \
1991 if (msg) { \
1992 name::Read(static_cast<name*>(msg), &p); \
1993 } \
1994 if (FuzzParam(&p, fuzzer)) { \
1995 return new name(IPC_MEMBERS_IN_##in(p)); \
1996 } \
1997 std::cerr << "Don't know how to handle " << #name << "\n"; \
1998 return 0; \
1999 }
2000
2001 #define IPC_ASYNC_ROUTED_FUZZ(name, in, out, ilist, olist) \
2002 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
2003 IPC_TUPLE_IN_##in ilist p; \
2004 if (msg) { \
2005 name::Read(static_cast<name*>(msg), &p); \
2006 } \
2007 if (FuzzParam(&p, fuzzer)) { \
2008 return new name(RandInRange(MAX_FAKE_ROUTING_ID) \
2009 IPC_COMMA_##in \
2010 IPC_MEMBERS_IN_##in(p)); \
2011 } \
2012 std::cerr << "Don't know how to handle " << #name << "\n"; \
2013 return 0; \
2014 }
2015
2016 #define IPC_SYNC_CONTROL_FUZZ(name, in, out, ilist, olist) \
2017 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
2018 IPC_TUPLE_IN_##in ilist p; \
2019 name* real_msg = static_cast<name*>(msg); \
2020 name* new_msg = NULL; \
2021 if (real_msg) { \
2022 name::ReadSendParam(real_msg, &p); \
2023 } \
2024 if (FuzzParam(&p, fuzzer)) { \
2025 new_msg = new name(IPC_MEMBERS_IN_##in(p) \
2026 IPC_COMMA_AND_##out(IPC_COMMA_##in) \
2027 IPC_MEMBERS_OUT_##out()); \
2028 } \
2029 if (real_msg && new_msg) { \
2030 MessageCracker::CopyMessageID(new_msg, real_msg); \
2031 } \
2032 else if (!new_msg) { \
2033 std::cerr << "Don't know how to handle " << #name << "\n"; \
2034 } \
2035 return new_msg; \
2036 }
2037
2038 #define IPC_SYNC_ROUTED_FUZZ(name, in, out, ilist, olist) \
2039 IPC::Message* fuzzer_for_##name(IPC::Message* msg, Fuzzer* fuzzer) { \
2040 IPC_TUPLE_IN_##in ilist p; \
2041 name* real_msg = static_cast<name*>(msg); \
2042 name* new_msg = NULL; \
2043 if (real_msg) { \
2044 name::ReadSendParam(real_msg, &p); \
2045 } \
2046 if (FuzzParam(&p, fuzzer)) { \
2047 new_msg = new name(RandInRange(MAX_FAKE_ROUTING_ID) \
2048 IPC_COMMA_OR_##out(IPC_COMMA_##in) \
2049 IPC_MEMBERS_IN_##in(p) \
2050 IPC_COMMA_AND_##out(IPC_COMMA_##in) \
2051 IPC_MEMBERS_OUT_##out()); \
2052 } \
2053 if (real_msg && new_msg) { \
2054 MessageCracker::CopyMessageID(new_msg, real_msg); \
2055 } \
2056 else if (!new_msg) { \
2057 std::cerr << "Don't know how to handle " << #name << "\n"; \
2058 } \
2059 return new_msg; \
2060 }
2061
2062 #define MAX_FAKE_ROUTING_ID 15
2063
2064 #define IPC_MEMBERS_IN_0(p)
2065 #define IPC_MEMBERS_IN_1(p) base::get<0>(p)
2066 #define IPC_MEMBERS_IN_2(p) base::get<0>(p), base::get<1>(p)
2067 #define IPC_MEMBERS_IN_3(p) base::get<0>(p), base::get<1>(p), base::get<2>(p)
2068 #define IPC_MEMBERS_IN_4(p) base::get<0>(p), base::get<1>(p), base::get<2>(p), \
2069 base::get<3>(p)
2070 #define IPC_MEMBERS_IN_5(p) base::get<0>(p), base::get<1>(p), base::get<2>(p), \
2071 base::get<3>(p), base::get<4>(p)
2072
2073 #define IPC_MEMBERS_OUT_0()
2074 #define IPC_MEMBERS_OUT_1() NULL
2075 #define IPC_MEMBERS_OUT_2() NULL, NULL
2076 #define IPC_MEMBERS_OUT_3() NULL, NULL, NULL
2077 #define IPC_MEMBERS_OUT_4() NULL, NULL, NULL, NULL
2078 #define IPC_MEMBERS_OUT_5() NULL, NULL, NULL, NULL, NULL
2079
2080 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
2081 #include "tools/ipc_fuzzer/message_lib/all_message_null_macros.h"
2082
2083 void PopulateFuzzerFunctionVector(
2084 FuzzerFunctionVector* function_vector) {
2085 #undef IPC_MESSAGE_DECL
2086 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \
2087 function_vector->push_back(fuzzer_for_##name);
2088 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
2089 }
2090
2091 // Redefine macros to register fuzzing functions into map.
2092 #include "tools/ipc_fuzzer/message_lib/all_message_null_macros.h"
2093 #undef IPC_MESSAGE_DECL
2094 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \
2095 (*map)[static_cast<uint32>(name::ID)] = fuzzer_for_##name;
2096
2097 void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map) {
2098 #include "tools/ipc_fuzzer/message_lib/all_messages.h"
2099 }
2100
2101 } // namespace ipc_fuzzer