diff --git a/services/include/concurrent_task_service_ability.h b/services/include/concurrent_task_service_ability.h
index 8a9a33b..76e7075 100644
--- a/services/include/concurrent_task_service_ability.h
+++ b/services/include/concurrent_task_service_ability.h
@@ -28,6 +28,13 @@ public:
ConcurrentTaskServiceAbility(int32_t sysAbilityId, bool runOnCreate) : SystemAbility(sysAbilityId, runOnCreate) {}
~ConcurrentTaskServiceAbility() override = default;
+#if defined(QOS_MANAGER_FUZZTEST)
+ void FuzzOnStart();
+ void FuzzOnStop();
+ void FuzzOnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId);
+ void FuzzOnRemoveSystemAbility(int32_t systemAbilityId, const std::string& deviceId);
+#endif
+
private:
void OnStart() override;
@@ -41,6 +48,30 @@ private:
DISALLOW_COPY_AND_MOVE(ConcurrentTaskServiceAbility);
};
+
+#if defined(QOS_MANAGER_FUZZTEST)
+inline void ConcurrentTaskServiceAbility::FuzzOnStart()
+{
+ OnStart();
+}
+
+inline void ConcurrentTaskServiceAbility::FuzzOnStop()
+{
+ OnStop();
+}
+
+inline void ConcurrentTaskServiceAbility::FuzzOnAddSystemAbility(int32_t systemAbilityId,
+ const std::string& deviceId)
+{
+ OnAddSystemAbility(systemAbilityId, deviceId);
+}
+
+inline void ConcurrentTaskServiceAbility::FuzzOnRemoveSystemAbility(int32_t systemAbilityId,
+ const std::string& deviceId)
+{
+ OnRemoveSystemAbility(systemAbilityId, deviceId);
+}
+#endif
} // namespace ConcurrentTask
} // namespace OHOS
diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn
index f05cc95..6816eea 100644
--- a/test/fuzztest/BUILD.gn
+++ b/test/fuzztest/BUILD.gn
@@ -15,6 +15,7 @@ group("fuzztest") {
testonly = true
deps = [
"concurrent_fuzzer:ConcurrentFuzzTest",
+ "template_fuzzer:fuzztest",
"qos_fuzzer:QosFuzzTest",
"qos_policy_fuzzer:QosPolicyFuzzTest",
"rtg_operations_fuzzer:RtgOperationsFuzzTest",
diff --git a/test/fuzztest/template_fuzzer/BUILD.gn b/test/fuzztest/template_fuzzer/BUILD.gn
new file mode 100644
index 0000000..5932b4c
--- /dev/null
+++ b/test/fuzztest/template_fuzzer/BUILD.gn
@@ -0,0 +1,65 @@
+# Copyright (c) 2026 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+
+##############################fuzztest##########################################
+ohos_fuzztest("TemplateFuzzTest") {
+ module_out_path = "qos_manager/qos_manager/"
+
+ include_dirs = [
+ "../../../include/",
+ "../../../interfaces/inner_api/",
+ "../../../frameworks/concurrent_task_client/include/",
+ "../../../services/include/",
+ ]
+ cflags = [
+ "-g",
+ "-O0",
+ "-Wno-unused-variable",
+ "-fno-omit-frame-pointer",
+ ]
+ fuzz_config_file = "../../../test/fuzztest/template_fuzzer"
+ sources = [
+ "template_fuzzer.cpp",
+ ]
+ defines = [ "QOS_MANAGER_FUZZTEST" ]
+ deps = [
+ "../../../frameworks/concurrent_task_client:concurrent_task_client",
+ "../../../qos:qos",
+ "../../../services:concurrentsvc",
+ ]
+ external_deps = [
+ "access_token:libaccesstoken_sdk",
+ "c_utils:utils",
+ "frame_aware_sched:rtg_interface",
+ "hilog:libhilog",
+ "hitrace:hitrace_meter",
+ "init:libbegetutil",
+ "ipc:ipc_single",
+ "safwk:system_ability_fwk",
+ "samgr:samgr_proxy",
+ ]
+}
+###############################################################################
+group("fuzztest") {
+ testonly = true
+ deps = []
+ deps += [
+ # deps file
+ ":TemplateFuzzTest",
+ ]
+}
+###############################################################################
diff --git a/test/fuzztest/template_fuzzer/corpus/init b/test/fuzztest/template_fuzzer/corpus/init
new file mode 100644
index 0000000..6ff2572
--- /dev/null
+++ b/test/fuzztest/template_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/template_fuzzer/project.xml b/test/fuzztest/template_fuzzer/project.xml
new file mode 100644
index 0000000..85e7ef2
--- /dev/null
+++ b/test/fuzztest/template_fuzzer/project.xml
@@ -0,0 +1,25 @@
+
+
+
+
+
+ 1000
+
+ 300
+
+ 4096
+
+
diff --git a/test/fuzztest/template_fuzzer/template_fuzzer.cpp b/test/fuzztest/template_fuzzer/template_fuzzer.cpp
new file mode 100644
index 0000000..1eeb03e
--- /dev/null
+++ b/test/fuzztest/template_fuzzer/template_fuzzer.cpp
@@ -0,0 +1,327 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "concurrent_task_client.h"
+#include "concurrent_task_controller_interface.h"
+#include "concurrent_task_service.h"
+#include "concurrent_task_service_ability.h"
+#include "func_loader.h"
+#include "message_option.h"
+#include "message_parcel.h"
+#include "qos.h"
+#include "qos_interface.h"
+#include "qos_policy.h"
+
+using namespace OHOS::ConcurrentTask;
+using namespace OHOS::QOS;
+
+namespace OHOS {
+namespace QOS {
+int AddThreadsToProcRtg(int tid[], int size);
+} // namespace QOS
+} // namespace OHOS
+
+namespace OHOS {
+namespace {
+constexpr size_t MIN_FUZZ_BYTES = 4;
+constexpr int MAX_QOS_LEVEL = static_cast(QosLevel::QOS_MAX);
+constexpr int MAX_DISPATCH_INDEX = 8;
+constexpr int MAX_TID_RANGE = 4096;
+constexpr int RT_PRIORITY_LIMIT = 128;
+constexpr int MAX_IPC_STRING = 32;
+constexpr int MAX_PAYLOAD_STRING = 64;
+constexpr int MIN_IPC_BYTES = 8;
+constexpr int SA_TEST_ID = 5204; // arbitrary system ability id for fuzzing
+constexpr size_t PROC_RTG_TID_COUNT = 5;
+constexpr size_t MAX_FUZZ_SHORT_STRING_LENGTH = 8;
+
+enum class QosOp : int {
+ CONTROLLER = 0,
+ RAW_INTERFACE,
+ POLICY_SET,
+ RTG_ENABLE,
+ PROC_RTG,
+ CLIENT_API,
+ SERVICE_IPC,
+ FUNC_LOADER,
+ TASK_CONTROLLER,
+};
+} // namespace
+
+static QosLevel ConsumeQosLevel(FuzzedDataProvider &fdp)
+{
+ int rawLevel = fdp.ConsumeIntegralInRange(-1, MAX_QOS_LEVEL + 1);
+ return static_cast(rawLevel);
+}
+
+static int ConsumeTid(FuzzedDataProvider &fdp)
+{
+ return fdp.ConsumeIntegralInRange(-MAX_TID_RANGE, MAX_TID_RANGE);
+}
+
+static void ExerciseQosController(FuzzedDataProvider &fdp)
+{
+ QosLevel level = ConsumeQosLevel(fdp);
+ int tid = ConsumeTid(fdp);
+
+ QosController::GetInstance().SetThreadQosForOtherThread(level, tid);
+ QosController::GetInstance().GetThreadQosForOtherThread(level, tid);
+ QosController::GetInstance().ResetThreadQosForOtherThread(tid);
+
+ SetThreadQos(level);
+ SetQosForOtherThread(level, tid);
+ ResetThreadQos();
+ ResetQosForOtherThread(tid);
+ GetThreadQos(level);
+ GetQosForOtherThread(level, tid);
+}
+
+static void ExerciseQosInterface(FuzzedDataProvider &fdp)
+{
+ unsigned int rawLevel = fdp.ConsumeIntegral();
+ int tid = ConsumeTid(fdp);
+ bool enableRtg = fdp.ConsumeBool();
+
+ EnableRtg(enableRtg);
+ QosApply(rawLevel);
+ QosApplyForOther(rawLevel, tid);
+ QosLeave();
+ QosLeaveForOther(tid);
+
+ int queriedLevel = -1;
+ QosGet(queriedLevel);
+ QosGetForOther(tid, queriedLevel);
+}
+
+static void PopulatePolicyEntry(QosPolicyData &entry, FuzzedDataProvider &fdp)
+{
+ entry.nice = fdp.ConsumeIntegral();
+ entry.latencyNice = fdp.ConsumeIntegral();
+ entry.uclampMin = fdp.ConsumeIntegral();
+ entry.uclampMax = fdp.ConsumeIntegral();
+ entry.rtSchedPriority = fdp.ConsumeIntegralInRange(-RT_PRIORITY_LIMIT, RT_PRIORITY_LIMIT);
+ entry.policy = fdp.PickValueInArray({
+ SchedPolicy::SCHED_POLICY_OTHER,
+ SchedPolicy::SCHED_POLICY_FIFO,
+ SchedPolicy::SCHED_POLICY_RR,
+ SchedPolicy::SCHED_POLICY_RT_EX,
+ });
+}
+
+static void ExerciseQosPolicy(FuzzedDataProvider &fdp)
+{
+ QosPolicyDatas policyDatas {};
+ policyDatas.policyType = fdp.ConsumeIntegral();
+ policyDatas.policyFlag = fdp.ConsumeIntegral();
+
+ for (int i = 0; i < NR_QOS; i++) {
+ PopulatePolicyEntry(policyDatas.policys[i], fdp);
+ }
+
+ QosPolicy policyClient;
+ policyClient.SetQosPolicy(&policyDatas);
+}
+
+static void ExerciseProcRtg(FuzzedDataProvider &fdp)
+{
+ int tid = ConsumeTid(fdp);
+ std::array tids {};
+ for (auto &item : tids) {
+ item = ConsumeTid(fdp);
+ }
+
+ AddThreadToProcRtg(tid);
+ AddThreadsToProcRtg(tids.data(), static_cast(tids.size()));
+ RemoveThreadFromProcRtg(tid);
+ RemoveThreadsFromProcRtg(tids.data(), static_cast(tids.size()));
+}
+
+static std::unordered_map BuildStringPayload(FuzzedDataProvider &fdp)
+{
+ std::unordered_map payload;
+ payload["k"] = fdp.ConsumeRandomLengthString(MAX_PAYLOAD_STRING);
+ payload[fdp.ConsumeRandomLengthString(MAX_FUZZ_SHORT_STRING_LENGTH)] =
+ fdp.ConsumeRandomLengthString(MAX_PAYLOAD_STRING);
+ return payload;
+}
+
+static std::unordered_map BuildPidPayload(FuzzedDataProvider &fdp)
+{
+ std::unordered_map payload;
+ payload[fdp.ConsumeIntegral()] = fdp.ConsumeIntegral();
+ return payload;
+}
+
+static void ExerciseClientApi(FuzzedDataProvider &fdp)
+{
+ ConcurrentTaskClient &client = ConcurrentTaskClient::GetInstance();
+ auto payload = BuildStringPayload(fdp);
+ IntervalReply intervalReply;
+ DeadlineReply deadlineReply;
+
+ client.ReportData(fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), payload);
+ client.ReportSceneInfo(fdp.ConsumeIntegral(), payload);
+ client.QueryInterval(fdp.ConsumeIntegral(), intervalReply);
+ client.QueryDeadline(fdp.ConsumeIntegral(), deadlineReply, BuildPidPayload(fdp));
+ client.QueryDeadline(fdp.ConsumeIntegral(), deadlineReply, BuildStringPayload(fdp));
+ client.SetAudioDeadline(fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), fdp.ConsumeIntegral(),
+ intervalReply);
+ client.RequestAuth(payload);
+ client.SetSystemQoS(fdp.ConsumeIntegral(), fdp.ConsumeIntegral());
+ client.StopRemoteObject();
+ client.ReportSceneInfo(fdp.ConsumeIntegral(), payload); // trigger post-stop path
+}
+
+static void ExerciseServiceIpc(FuzzedDataProvider &fdp)
+{
+ if (fdp.remaining_bytes() < MIN_IPC_BYTES) {
+ return;
+ }
+ static const uint32_t kCodes[] = {
+ 0, 1, 2, 3, 4, 5
+ };
+
+ MessageParcel data;
+ MessageParcel reply;
+ MessageOption option;
+ data.WriteInt32(fdp.ConsumeIntegral());
+ data.WriteInt32(fdp.ConsumeIntegral());
+ data.WriteString(fdp.ConsumeRandomLengthString(MAX_IPC_STRING));
+
+ uint32_t code = fdp.PickValueInArray(kCodes);
+ ConcurrentTaskService service;
+ service.OnRemoteRequest(code, data, reply, option);
+}
+
+static void ExerciseFuncLoader(FuzzedDataProvider &fdp)
+{
+ std::string path = fdp.ConsumeRandomLengthString(MAX_IPC_STRING);
+ FuncLoader loader(path);
+ loader.LoadSymbol(fdp.ConsumeRandomLengthString(MAX_FUZZ_SHORT_STRING_LENGTH).c_str());
+ loader.LoadSymbol("");
+ loader.LoadSymbol("nonexistent_symbol");
+ loader.GetLoadSuccess();
+}
+
+static void ExerciseServiceDirect(FuzzedDataProvider &fdp)
+{
+ ConcurrentTaskService svc;
+ auto payload = BuildStringPayload(fdp);
+ IpcIntervalReply ipcInterval {};
+ IpcDeadlineReply ipcDdl {};
+
+ svc.ReportData(fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), payload);
+ svc.ReportSceneInfo(fdp.ConsumeIntegral(), payload);
+ svc.QueryInterval(fdp.ConsumeIntegral(), ipcInterval);
+ svc.QueryDeadline(fdp.ConsumeIntegral(), ipcDdl, payload);
+ svc.SetAudioDeadline(
+ fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), ipcInterval);
+ svc.RequestAuth(payload);
+}
+
+static void ExerciseServiceAbility(FuzzedDataProvider &fdp)
+{
+ ConcurrentTaskServiceAbility ability(SA_TEST_ID, fdp.ConsumeBool());
+ ability.FuzzOnStart();
+ ability.FuzzOnAddSystemAbility(
+ fdp.ConsumeIntegral(), fdp.ConsumeRandomLengthString(MAX_FUZZ_SHORT_STRING_LENGTH));
+ ability.FuzzOnRemoveSystemAbility(
+ fdp.ConsumeIntegral(), fdp.ConsumeRandomLengthString(MAX_FUZZ_SHORT_STRING_LENGTH));
+ ability.GetClassName();
+ if (fdp.ConsumeBool()) {
+ ability.FuzzOnStart(); // repeat to trigger duplicate start branch
+ }
+ ability.FuzzOnStop();
+}
+
+static void ExerciseTaskController(FuzzedDataProvider &fdp)
+{
+ TaskControllerInterface &controller = TaskControllerInterface::GetInstance();
+ controller.Init();
+
+ auto payload = BuildStringPayload(fdp);
+ IntervalReply intervalReply;
+ DeadlineReply ddlReply;
+
+ controller.ReportData(fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), payload);
+ controller.ReportSceneInfo(fdp.ConsumeIntegral(), payload);
+ controller.QueryInterval(fdp.ConsumeIntegral(), intervalReply);
+ controller.QueryDeadline(fdp.ConsumeIntegral(), ddlReply, payload);
+ controller.SetAudioDeadline(
+ fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), intervalReply);
+ controller.RequestAuth(payload);
+ controller.Release();
+ controller.ReportData(fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), payload);
+}
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+ if (data == nullptr || size < MIN_FUZZ_BYTES) {
+ return 0;
+ }
+
+ FuzzedDataProvider fdp(data, size);
+
+ QosPolicy policyInitializer;
+ policyInitializer.Init();
+
+ while (fdp.remaining_bytes() > 0) {
+ int op = fdp.ConsumeIntegralInRange(0, MAX_DISPATCH_INDEX);
+ switch (static_cast(op)) {
+ case QosOp::CONTROLLER:
+ ExerciseQosController(fdp);
+ break;
+ case QosOp::RAW_INTERFACE:
+ ExerciseQosInterface(fdp);
+ break;
+ case QosOp::POLICY_SET:
+ ExerciseQosPolicy(fdp);
+ break;
+ case QosOp::RTG_ENABLE:
+ EnableRtg(fdp.ConsumeBool());
+ break;
+ case QosOp::PROC_RTG:
+ ExerciseProcRtg(fdp);
+ break;
+ case QosOp::CLIENT_API:
+ ExerciseClientApi(fdp);
+ break;
+ case QosOp::SERVICE_IPC:
+ ExerciseServiceIpc(fdp);
+ break;
+ case QosOp::FUNC_LOADER:
+ ExerciseFuncLoader(fdp);
+ break;
+ case QosOp::TASK_CONTROLLER:
+ ExerciseTaskController(fdp);
+ ExerciseServiceDirect(fdp);
+ ExerciseServiceAbility(fdp);
+ break;
+ default:
+ break;
+ }
+ }
+ return 0;
+}
+} // namespace OHOS
diff --git a/test/fuzztest/template_fuzzer/template_fuzzer.h b/test/fuzztest/template_fuzzer/template_fuzzer.h
new file mode 100644
index 0000000..c4d9937
--- /dev/null
+++ b/test/fuzztest/template_fuzzer/template_fuzzer.h
@@ -0,0 +1,285 @@
+/*
+ * Copyright (c) 2021 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef RESOURCESCHEDULE_QOS_MANAGER_TEST_FUZZTEST_TEMPLATE_FUZZER_TEMPLATE_FUZZER_H
+#define RESOURCESCHEDULE_QOS_MANAGER_TEST_FUZZTEST_TEMPLATE_FUZZER_TEMPLATE_FUZZER_H
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "concurrent_task_client.h"
+#include "concurrent_task_controller_interface.h"
+#include "concurrent_task_service.h"
+#include "func_loader.h"
+#include "message_option.h"
+#include "message_parcel.h"
+#include "qos.h"
+#include "qos_interface.h"
+#include "qos_policy.h"
+
+using namespace OHOS::ConcurrentTask;
+using namespace OHOS::QOS;
+
+namespace OHOS {
+namespace {
+constexpr size_t MIN_FUZZ_BYTES = 4;
+constexpr int MAX_QOS_LEVEL = static_cast(QosLevel::QOS_MAX);
+constexpr int MAX_DISPATCH_INDEX = 8;
+constexpr int MAX_TID_RANGE = 4096;
+constexpr int RT_PRIORITY_LIMIT = 128;
+constexpr int MAX_IPC_STRING = 32;
+constexpr int MAX_PAYLOAD_STRING = 64;
+constexpr int MIN_IPC_BYTES = 8;
+constexpr size_t PROC_RTG_TID_COUNT = 5;
+constexpr size_t MAX_FUZZ_SHORT_STRING_LENGTH = 8;
+
+enum class QosOp : int {
+ CONTROLLER = 0,
+ RAW_INTERFACE,
+ POLICY_SET,
+ RTG_ENABLE,
+ PROC_RTG,
+ CLIENT_API,
+ SERVICE_IPC,
+ FUNC_LOADER,
+ TASK_CONTROLLER,
+};
+} // namespace
+
+static QosLevel ConsumeQosLevel(FuzzedDataProvider &fdp)
+{
+ int rawLevel = fdp.ConsumeIntegralInRange(-1, MAX_QOS_LEVEL + 1);
+ return static_cast(rawLevel);
+}
+
+static int ConsumeTid(FuzzedDataProvider &fdp)
+{
+ return fdp.ConsumeIntegralInRange(-MAX_TID_RANGE, MAX_TID_RANGE);
+}
+
+static void ExerciseQosController(FuzzedDataProvider &fdp)
+{
+ QosLevel level = ConsumeQosLevel(fdp);
+ int tid = ConsumeTid(fdp);
+
+ QosController::GetInstance().SetThreadQosForOtherThread(level, tid);
+ QosController::GetInstance().GetThreadQosForOtherThread(level, tid);
+ QosController::GetInstance().ResetThreadQosForOtherThread(tid);
+
+ SetThreadQos(level);
+ SetQosForOtherThread(level, tid);
+ ResetThreadQos();
+ ResetQosForOtherThread(tid);
+ GetThreadQos(level);
+ GetQosForOtherThread(level, tid);
+}
+
+static void ExerciseQosInterface(FuzzedDataProvider &fdp)
+{
+ unsigned int rawLevel = fdp.ConsumeIntegral();
+ int tid = ConsumeTid(fdp);
+ bool enableRtg = fdp.ConsumeBool();
+
+ EnableRtg(enableRtg);
+ QosApply(rawLevel);
+ QosApplyForOther(rawLevel, tid);
+ QosLeave();
+ QosLeaveForOther(tid);
+
+ int queriedLevel = -1;
+ QosGet(queriedLevel);
+ QosGetForOther(tid, queriedLevel);
+}
+
+static void PopulatePolicyEntry(QosPolicyData &entry, FuzzedDataProvider &fdp)
+{
+ entry.nice = fdp.ConsumeIntegral();
+ entry.latencyNice = fdp.ConsumeIntegral();
+ entry.uclampMin = fdp.ConsumeIntegral();
+ entry.uclampMax = fdp.ConsumeIntegral();
+ entry.rtSchedPriority = fdp.ConsumeIntegralInRange(-RT_PRIORITY_LIMIT, RT_PRIORITY_LIMIT);
+ entry.policy = fdp.PickValueInArray({
+ SchedPolicy::SCHED_POLICY_OTHER,
+ SchedPolicy::SCHED_POLICY_FIFO,
+ SchedPolicy::SCHED_POLICY_RR,
+ SchedPolicy::SCHED_POLICY_RT_EX,
+ });
+}
+
+static void ExerciseQosPolicy(FuzzedDataProvider &fdp)
+{
+ QosPolicyDatas policyDatas {};
+ policyDatas.policyType = fdp.ConsumeIntegral();
+ policyDatas.policyFlag = fdp.ConsumeIntegral();
+
+ for (int i = 0; i < NR_QOS; i++) {
+ PopulatePolicyEntry(policyDatas.policys[i], fdp);
+ }
+
+ QosPolicy policyClient;
+ policyClient.SetQosPolicy(&policyDatas);
+}
+
+static void ExerciseProcRtg(FuzzedDataProvider &fdp)
+{
+ int tid = ConsumeTid(fdp);
+ std::array tids {};
+ for (auto &item : tids) {
+ item = ConsumeTid(fdp);
+ }
+
+ AddThreadToProcRtg(tid);
+ RemoveThreadFromProcRtg(tid);
+ RemoveThreadsFromProcRtg(tids.data(), static_cast(tids.size()));
+}
+
+static std::unordered_map BuildStringPayload(FuzzedDataProvider &fdp)
+{
+ std::unordered_map payload;
+ payload["k"] = fdp.ConsumeRandomLengthString(MAX_PAYLOAD_STRING);
+ payload[fdp.ConsumeRandomLengthString(MAX_FUZZ_SHORT_STRING_LENGTH)] =
+ fdp.ConsumeRandomLengthString(MAX_PAYLOAD_STRING);
+ return payload;
+}
+
+static std::unordered_map BuildPidPayload(FuzzedDataProvider &fdp)
+{
+ std::unordered_map payload;
+ payload[fdp.ConsumeIntegral()] = fdp.ConsumeIntegral();
+ return payload;
+}
+
+static void ExerciseClientApi(FuzzedDataProvider &fdp)
+{
+ ConcurrentTaskClient &client = ConcurrentTaskClient::GetInstance();
+ auto payload = BuildStringPayload(fdp);
+ IntervalReply intervalReply;
+ DeadlineReply deadlineReply;
+
+ client.ReportData(fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), payload);
+ client.ReportSceneInfo(fdp.ConsumeIntegral(), payload);
+ client.QueryInterval(fdp.ConsumeIntegral(), intervalReply);
+ client.QueryDeadline(fdp.ConsumeIntegral(), deadlineReply, BuildPidPayload(fdp));
+ client.SetAudioDeadline(fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), fdp.ConsumeIntegral(),
+ intervalReply);
+ client.RequestAuth(payload);
+ client.SetSystemQoS(fdp.ConsumeIntegral(), fdp.ConsumeIntegral());
+ client.StopRemoteObject();
+}
+
+static void ExerciseServiceIpc(FuzzedDataProvider &fdp)
+{
+ if (fdp.remaining_bytes() < MIN_IPC_BYTES) {
+ return;
+ }
+ static const uint32_t kCodes[] = {
+ 0, 1, 2, 3, 4, 5
+ };
+
+ MessageParcel data;
+ MessageParcel reply;
+ MessageOption option;
+ data.WriteInt32(fdp.ConsumeIntegral());
+ data.WriteInt32(fdp.ConsumeIntegral());
+ data.WriteString(fdp.ConsumeRandomLengthString(MAX_IPC_STRING));
+
+ uint32_t code = fdp.PickValueInArray(kCodes);
+ ConcurrentTaskService service;
+ service.OnRemoteRequest(code, data, reply, option);
+}
+
+static void ExerciseFuncLoader(FuzzedDataProvider &fdp)
+{
+ std::string path = fdp.ConsumeRandomLengthString(MAX_IPC_STRING);
+ FuncLoader loader(path);
+ loader.LoadSymbol(fdp.ConsumeRandomLengthString(MAX_FUZZ_SHORT_STRING_LENGTH).c_str());
+ loader.GetLoadSuccess();
+}
+
+static void ExerciseTaskController(FuzzedDataProvider &fdp)
+{
+ TaskControllerInterface &controller = TaskControllerInterface::GetInstance();
+ controller.Init();
+
+ auto payload = BuildStringPayload(fdp);
+ IntervalReply intervalReply;
+ DeadlineReply ddlReply;
+
+ controller.ReportData(fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), payload);
+ controller.ReportSceneInfo(fdp.ConsumeIntegral(), payload);
+ controller.QueryInterval(fdp.ConsumeIntegral(), intervalReply);
+ controller.QueryDeadline(fdp.ConsumeIntegral(), ddlReply, payload);
+ controller.SetAudioDeadline(
+ fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), fdp.ConsumeIntegral(), intervalReply);
+ controller.RequestAuth(payload);
+ controller.Release();
+}
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+ if (data == nullptr || size < MIN_FUZZ_BYTES) {
+ return 0;
+ }
+
+ FuzzedDataProvider fdp(data, size);
+
+ QosPolicy policyInitializer;
+ policyInitializer.Init();
+
+ while (fdp.remaining_bytes() > 0) {
+ int op = fdp.ConsumeIntegralInRange(0, MAX_DISPATCH_INDEX);
+ switch (static_cast(op)) {
+ case QosOp::CONTROLLER:
+ ExerciseQosController(fdp);
+ break;
+ case QosOp::RAW_INTERFACE:
+ ExerciseQosInterface(fdp);
+ break;
+ case QosOp::POLICY_SET:
+ ExerciseQosPolicy(fdp);
+ break;
+ case QosOp::RTG_ENABLE:
+ EnableRtg(fdp.ConsumeBool());
+ break;
+ case QosOp::PROC_RTG:
+ ExerciseProcRtg(fdp);
+ break;
+ case QosOp::CLIENT_API:
+ ExerciseClientApi(fdp);
+ break;
+ case QosOp::SERVICE_IPC:
+ ExerciseServiceIpc(fdp);
+ break;
+ case QosOp::FUNC_LOADER:
+ ExerciseFuncLoader(fdp);
+ break;
+ case QosOp::TASK_CONTROLLER:
+ ExerciseTaskController(fdp);
+ break;
+ default:
+ break;
+ }
+ }
+ return 0;
+}
+} // namespace OHOS
+
+#endif