init creat fuzz driver Signed-off-by: lxjgitcode<lxj715@ruc.edu.cn>

Change-Id: Id681bdffabd6faba887c339980cac5fe9abc003c
This commit is contained in:
维基亚传令兵
2025-11-30 11:39:25 +00:00
parent c51a6309bb
commit 9d8b28f99d
6 changed files with 567 additions and 5 deletions
+8 -5
View File
@@ -13,7 +13,9 @@
"name": "soc_perf",
"subsystem": "resourceschedule",
"syscap": [],
"features": [ "soc_perf_device_enable" ],
"features": [
"soc_perf_device_enable"
],
"adapted_system_type": [
"standard"
],
@@ -42,13 +44,13 @@
},
"build": {
"group_type": {
"base_group" : [
"base_group": [
"//foundation/resourceschedule/soc_perf:base_group_soc_perf_all"
],
"fwk_group" : [
"fwk_group": [
"//foundation/resourceschedule/soc_perf:fwk_group_socperf_client_all"
],
"service_group" : [
"service_group": [
"//foundation/resourceschedule/soc_perf:service_group_soc_perf_all"
]
},
@@ -67,7 +69,8 @@
],
"test": [
"//foundation/resourceschedule/soc_perf:test_soc_perf_all",
"//foundation/resourceschedule/soc_perf/test/fuzztest:fuzztest"
"//foundation/resourceschedule/soc_perf/test/fuzztest:fuzztest",
"//foundation/resourceschedule/soc_perf/test/fuzztest/lxjRUC_fuzzer:fuzztest"
]
}
}
+50
View File
@@ -0,0 +1,50 @@
# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#####################hydra-fuzz###################
import("../../../soc_perf.gni")
import("//build/config/features.gni")
import("//build/test.gni")
##############################fuzztest##########################################
ohos_fuzztest("LxjRUCFuzzer") {
module_out_path = "soc_perf/soc_perf"
include_dirs = [
"//foundation/resourceschedule/soc_perf/interfaces/inner_api/socperf_client/include",
"//foundation/resourceschedule/soc_perf/common/include",
]
cflags = ["-g","-O0","-Wno-unused-variable","-fno-omit-frame-pointer"]
sources = [
"lxjRUC_fuzzer.cpp",
]
deps = [
"//foundation/resourceschedule/soc_perf/interfaces/inner_api/socperf_client:socperf_client",
]
external_deps = [
"c_utils:utils",
"bounds_checking_function:libsec_shared",
]
}
###############################################################################
group("fuzztest") {
testonly = true
deps = []
deps += [
# deps file
":LxjRUCFuzzer",
]
}
###############################################################################
+1
View File
@@ -0,0 +1 @@
FUZZ
@@ -0,0 +1,455 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "lxjRUC_fuzzer.h"
#define private public
#define protected public
#include "socperf_client.h"
#undef private
#undef protected
#include "socperf_action_type.h"
#include "securec.h"
#include <cstdio>
#include <stddef.h>
#include <stdint.h>
#include <cstring>
#include <cstdlib>
#include <string>
#include <vector>
#include <memory>
#include <mutex>
#include <unordered_map>
namespace FuzzUtils {
// ============================================================================
// Constants and Macros
// ============================================================================
constexpr int32_t MIN_FUZZ_INPUT_SIZE = 4;
constexpr int32_t MAX_FUZZ_INPUT_SIZE = 4096;
constexpr int32_t DEFAULT_STRING_LENGTH = 256;
constexpr int32_t DEFAULT_MODE_STRING_LENGTH = 128;
constexpr int32_t DEFAULT_VECTOR_SIZE = 10;
constexpr int32_t MAX_STRING_LENGTH = 1024;
constexpr int32_t MAX_VECTOR_SIZE = 100;
// ============================================================================
// Inline Validation Functions
// ============================================================================
inline bool FuzzCheckSize(size_t size, size_t minSize)
{
return size >= minSize;
}
inline bool FuzzCheckPointer(const void* ptr)
{
return ptr != nullptr;
}
inline bool FuzzCheckOffset(size_t offset, size_t size, size_t typeSize)
{
return offset + typeSize <= size;
}
// ============================================================================
// DataExtractor Class
// ============================================================================
class DataExtractor {
public:
DataExtractor(const uint8_t *data, size_t size);
~DataExtractor() = default;
uint8_t ExtractUInt8();
int8_t ExtractInt8();
uint16_t ExtractUInt16();
int16_t ExtractInt16();
int32_t ExtractInt32();
int64_t ExtractInt64();
bool ExtractBool();
float ExtractFloat();
std::string ExtractString(size_t maxLen = DEFAULT_STRING_LENGTH);
std::vector<int32_t> ExtractInt32Vector(size_t maxElements = DEFAULT_VECTOR_SIZE);
std::vector<int64_t> ExtractInt64Vector(size_t maxElements = DEFAULT_VECTOR_SIZE);
std::vector<std::string> ExtractStringVector(size_t maxStrings = 5, size_t maxLen = 100);
bool HasMore() const
{
return offset_ < size_;
}
size_t Remaining() const
{
return size_ - offset_;
}
void Reset()
{
offset_ = 0;
}
size_t GetOffset() const
{
return offset_;
}
DataExtractor(const DataExtractor &) = delete;
DataExtractor &operator=(const DataExtractor &) = delete;
DataExtractor(DataExtractor &&) = delete;
DataExtractor &operator=(DataExtractor &&) = delete;
private:
bool CanExtract(size_t size) const
{
return offset_ + size <= size_;
}
const uint8_t *SafeRead(size_t size);
const uint8_t *data_;
size_t size_;
size_t offset_;
};
DataExtractor::DataExtractor(const uint8_t *data, size_t size)
: data_(data), size_(size), offset_(0) {}
const uint8_t *DataExtractor::SafeRead(size_t size)
{
if (!CanExtract(size)) {
return nullptr;
}
const uint8_t *ptr = data_ + offset_;
offset_ += size;
return ptr;
}
uint8_t DataExtractor::ExtractUInt8()
{
const uint8_t *ptr = SafeRead(sizeof(uint8_t));
if (ptr == nullptr) {
return 0;
}
uint8_t value = 0;
int ret = memcpy_s(&value, sizeof(value), ptr, sizeof(uint8_t));
if (ret != 0) {
printf("memcpy_s failed in ExtractUInt8\n");
}
return value;
}
int8_t DataExtractor::ExtractInt8()
{
const uint8_t *ptr = SafeRead(sizeof(int8_t));
if (ptr == nullptr) {
return 0;
}
int8_t value = 0;
int ret = memcpy_s(&value, sizeof(value), ptr, sizeof(int8_t));
if (ret != 0) {
printf("memcpy_s failed in ExtractInt8\n");
}
return value;
}
uint16_t DataExtractor::ExtractUInt16()
{
const uint8_t *ptr = SafeRead(sizeof(uint16_t));
if (ptr == nullptr) {
return 0;
}
uint16_t value = 0;
int ret = memcpy_s(&value, sizeof(value), ptr, sizeof(uint16_t));
if (ret != 0) {
printf("memcpy_s failed in ExtractUInt16\n");
}
return value;
}
int16_t DataExtractor::ExtractInt16()
{
const uint8_t *ptr = SafeRead(sizeof(int16_t));
if (ptr == nullptr) {
return 0;
}
int16_t value = 0;
int ret = memcpy_s(&value, sizeof(value), ptr, sizeof(int16_t));
if (ret != 0) {
printf("memcpy_s failed in ExtractInt16\n");
}
return value;
}
int32_t DataExtractor::ExtractInt32()
{
const uint8_t *ptr = SafeRead(sizeof(int32_t));
if (ptr == nullptr) {
return 0;
}
int32_t value = 0;
int ret = memcpy_s(&value, sizeof(value), ptr, sizeof(int32_t));
if (ret != 0) {
printf("memcpy_s failed in ExtractInt32\n");
}
return value;
}
int64_t DataExtractor::ExtractInt64()
{
const uint8_t *ptr = SafeRead(sizeof(int64_t));
if (ptr == nullptr) {
return 0;
}
int64_t value = 0;
int ret = memcpy_s(&value, sizeof(value), ptr, sizeof(int64_t));
if (ret != 0) {
printf("memcpy_s failed in ExtractInt64\n");
}
return value;
}
bool DataExtractor::ExtractBool()
{
const uint8_t *ptr = SafeRead(sizeof(uint8_t));
if (ptr == nullptr) {
return false;
}
return *ptr != 0;
}
float DataExtractor::ExtractFloat()
{
const uint8_t *ptr = SafeRead(sizeof(float));
if (ptr == nullptr) {
return 0.0f;
}
float value = 0.0f;
int ret = memcpy_s(&value, sizeof(value), ptr, sizeof(float));
if (ret != 0) {
printf("memcpy_s failed in ExtractInt64\n");
}
return value;
}
std::string DataExtractor::ExtractString(size_t maxLen)
{
if (maxLen == 0 || maxLen > MAX_STRING_LENGTH) {
maxLen = MAX_STRING_LENGTH;
}
if (offset_ >= size_) {
return "";
}
size_t len = data_[offset_] % (maxLen + 1);
const uint8_t *ptr = SafeRead(len + 1);
if (ptr == nullptr) {
return "";
}
if (len > 0) {
return std::string(reinterpret_cast<const char *>(ptr + 1), len);
}
return "";
}
std::vector<int32_t> DataExtractor::ExtractInt32Vector(size_t maxElements)
{
std::vector<int32_t> result;
if (maxElements == 0 || maxElements > MAX_VECTOR_SIZE) {
maxElements = MAX_VECTOR_SIZE;
}
if (!CanExtract(sizeof(int32_t))) {
return result;
}
int32_t numElements = ExtractInt32();
if (numElements < 0) {
numElements = -numElements;
}
if (numElements > static_cast<int32_t>(maxElements)) {
numElements = maxElements;
}
for (int32_t i = 0; i < numElements; ++i) {
if (!CanExtract(sizeof(int32_t))) {
break;
}
result.push_back(ExtractInt32());
}
return result;
}
std::vector<int64_t> DataExtractor::ExtractInt64Vector(size_t maxElements)
{
std::vector<int64_t> result;
if (maxElements == 0 || maxElements > MAX_VECTOR_SIZE) {
maxElements = MAX_VECTOR_SIZE;
}
if (!CanExtract(sizeof(int32_t))) {
return result;
}
int32_t numElements = ExtractInt32();
if (numElements < 0) {
numElements = -numElements;
}
if (numElements > static_cast<int32_t>(maxElements)) {
numElements = maxElements;
}
for (int32_t i = 0; i < numElements; ++i) {
if (!CanExtract(sizeof(int64_t))) {
break;
}
result.push_back(ExtractInt64());
}
return result;
}
std::vector<std::string> DataExtractor::ExtractStringVector(size_t maxStrings, size_t maxLen)
{
std::vector<std::string> result;
if (maxStrings == 0) {
return result;
}
for (size_t i = 0; i < maxStrings && HasMore(); ++i) {
result.push_back(ExtractString(maxLen));
}
return result;
}
} // namespace FuzzUtils
using namespace FuzzUtils;
using namespace OHOS::SOCPERF;
namespace OHOS {
bool TestSocPerfClientAPI(const uint8_t* data, size_t size)
{
SocPerfClient& client=SocPerfClient::GetInstance();
DataExtractor det=DataExtractor(data,size);
uint8_t choice=det.ExtractUInt8();
choice = choice % 10;
switch(choice){
case 0:{
int32_t cmdid=det.ExtractInt32();
int32_t len=det.ExtractUInt16();
if(len>MAX_STRING_LENGTH) len=DEFAULT_STRING_LENGTH;
std::string msg=det.ExtractString(len);
client.PerfRequest(cmdid,msg);
break;
}
case 1:{
int32_t cmdid=det.ExtractInt32();
bool onOffTag=det.ExtractBool();
int32_t len=det.ExtractUInt16();
if(len>MAX_STRING_LENGTH) len=DEFAULT_STRING_LENGTH;
std::string msg=det.ExtractString(len);
client.PerfRequestEx(cmdid,onOffTag,msg);
break;
}
case 2:{
bool onOffTag=det.ExtractBool();
int32_t len=det.ExtractUInt16();
if(len>MAX_STRING_LENGTH) len=DEFAULT_STRING_LENGTH;
std::string msg=det.ExtractString(len);
client.PowerLimitBoost(onOffTag,msg);
break;
}
case 3:{
bool onOffTag=det.ExtractBool();
int32_t len=det.ExtractUInt16();
if(len>MAX_STRING_LENGTH) len=DEFAULT_STRING_LENGTH;
std::string msg=det.ExtractString(len);
client.ThermalLimitBoost(onOffTag,msg);
break;
}
case 4:{
int32_t clientId=det.ExtractInt32();
int32_t vec_len=det.ExtractInt8();
if(vec_len>MAX_VECTOR_SIZE) vec_len=DEFAULT_VECTOR_SIZE;
std::vector<int32_t> tags=det.ExtractInt32Vector(vec_len);
std::vector<int64_t> configs=det.ExtractInt64Vector(vec_len);
int32_t str_len=det.ExtractUInt16();
if(str_len>MAX_STRING_LENGTH) str_len=DEFAULT_STRING_LENGTH;
std::string msg=det.ExtractString(str_len);
client.LimitRequest(clientId,tags,configs,msg);
break;
}
case 5:{
bool status=det.ExtractBool();
int32_t str_len=det.ExtractUInt16();
if(str_len>MAX_STRING_LENGTH) str_len=DEFAULT_STRING_LENGTH;
std::string msg=det.ExtractString(str_len);
client.SetRequestStatus(status,msg);
break;
}
case 6:{
int32_t level=det.ExtractInt32();
client.SetThermalLevel(level);
break;
}
case 7:{
int32_t str_len=det.ExtractUInt16();
if(str_len>MAX_STRING_LENGTH) str_len=DEFAULT_MODE_STRING_LENGTH;
std::string mode=det.ExtractString(str_len);
bool status = det.ExtractBool();
client.RequestDeviceMode(mode,status);
break;
}
case 8:{
int32_t str_len=det.ExtractUInt16();
if(str_len>MAX_STRING_LENGTH) str_len=DEFAULT_STRING_LENGTH;
std::string msg=det.ExtractString(str_len);
client.RequestCmdIdCount(msg);
break;
}
// case 9:{
// auto recipient = new (std::nothrow) SocPerfClient::SocPerfDeathRecipient(client);
// if (recipient != nullptr) {
// OHOS::wptr<OHOS::IRemoteObject> remoteObject = nullptr;
// // recipient->OnRemoteDied(remoteObject);
// OHOS::sptr<SocPerfClient::SocPerfDeathRecipient> sptrRecipient = recipient;
// sptrRecipient->OnRemoteDied(remoteObject);
// }
// break;
// }
default:
break;
}
if(choice%2==0) client.ResetClient();
return true;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
/* Run your code on data */
if( data==nullptr || size<MIN_FUZZ_INPUT_SIZE ) return 0;
if( size > MAX_FUZZ_INPUT_SIZE) return 0;
OHOS::TestSocPerfClientAPI(data,size);
return 0;
}
@@ -0,0 +1,28 @@
/*
* Copyright (c) 2021 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef LXJRUC_FUZZER_H
#define LXJRUC_FUZZER_H
#include <cstdint>
#include <unistd.h>
#include <climits>
#include <cstdio>
#include <cstdlib>
#include <fcntl.h>
#define FUZZ_PROJECT_NAME "lxjRUC_fuzzer"
#endif
+25
View File
@@ -0,0 +1,25 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2021 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>1000</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>300</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>4096</rss_limit_mb>
</fuzztest>
</fuzz_config>