VirtualBox

source: vbox/trunk/src/VBox/Devices/testcase/tstDeviceSsmFuzz.cpp@ 85561

Last change on this file since 85561 was 83427, checked in by vboxsync, 5 years ago

Devices/testcase/tstDeviceSsmFuzz: Use new fuzzing config API

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 6.9 KB
Line 
1/* $Id: tstDeviceSsmFuzz.cpp 83427 2020-03-25 19:40:59Z vboxsync $ */
2/** @file
3 * tstDeviceSsmFuzz - SSM fuzzing testcase.
4 */
5
6/*
7 * Copyright (C) 2020 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*********************************************************************************************************************************
20* Header Files *
21*********************************************************************************************************************************/
22#define LOG_GROUP LOG_GROUP_DEFAULT /** @todo */
23#include <VBox/types.h>
24#include <iprt/errcore.h>
25#include <iprt/mem.h>
26#include <iprt/fuzz.h>
27#include <iprt/time.h>
28#include <iprt/string.h>
29
30#include "tstDeviceBuiltin.h"
31#include "tstDeviceCfg.h"
32#include "tstDeviceInternal.h"
33
34
35/*********************************************************************************************************************************
36* Defined Constants And Macros *
37*********************************************************************************************************************************/
38
39
40/*********************************************************************************************************************************
41* Structures and Typedefs *
42*********************************************************************************************************************************/
43
44
45static PCTSTDEVCFGITEM tstDevSsmFuzzGetCfgItem(PCTSTDEVCFGITEM paCfg, uint32_t cCfgItems, const char *pszName)
46{
47 for (uint32_t i = 0; i < cCfgItems; i++)
48 {
49 if (!RTStrCmp(paCfg[i].pszKey, pszName))
50 return &paCfg[i];
51 }
52
53 return NULL;
54}
55
56
57static const char *tstDevSsmFuzzGetCfgString(PCTSTDEVCFGITEM paCfg, uint32_t cCfgItems, const char *pszName)
58{
59 PCTSTDEVCFGITEM pCfgItem = tstDevSsmFuzzGetCfgItem(paCfg, cCfgItems, pszName);
60 if ( pCfgItem
61 && pCfgItem->enmType == TSTDEVCFGITEMTYPE_STRING)
62 return pCfgItem->u.psz;
63
64 return NULL;
65}
66
67
68static uint64_t tstDevSsmFuzzGetCfgU64(PCTSTDEVCFGITEM paCfg, uint32_t cCfgItems, const char *pszName)
69{
70 PCTSTDEVCFGITEM pCfgItem = tstDevSsmFuzzGetCfgItem(paCfg, cCfgItems, pszName);
71 if ( pCfgItem
72 && pCfgItem->enmType == TSTDEVCFGITEMTYPE_INTEGER)
73 return (uint64_t)pCfgItem->u.i64;
74
75 return 0;
76}
77
78
79static uint32_t tstDevSsmFuzzGetCfgU32(PCTSTDEVCFGITEM paCfg, uint32_t cCfgItems, const char *pszName)
80{
81 PCTSTDEVCFGITEM pCfgItem = tstDevSsmFuzzGetCfgItem(paCfg, cCfgItems, pszName);
82 if ( pCfgItem
83 && pCfgItem->enmType == TSTDEVCFGITEMTYPE_INTEGER)
84 return (uint32_t)pCfgItem->u.i64;
85
86 return 0;
87}
88
89
90/**
91 * Entry point for the SSM fuzzer.
92 *
93 * @returns VBox status code.
94 * @param hDut The device under test.
95 * @param paCfg The testcase config.
96 * @param cCfgItems Number of config items.
97 */
98static DECLCALLBACK(int) tstDevSsmFuzzEntry(TSTDEVDUT hDut, PCTSTDEVCFGITEM paCfg, uint32_t cCfgItems)
99{
100 RT_NOREF(hDut, paCfg);
101
102 RTFUZZCTX hFuzzCtx;
103 int rc = RTFuzzCtxCreate(&hFuzzCtx, RTFUZZCTXTYPE_BLOB);
104 if (RT_SUCCESS(rc))
105 {
106 RTFUZZCFG hFuzzCfg;
107 rc = RTFuzzCfgCreateFromFile(&hFuzzCfg, tstDevSsmFuzzGetCfgString(paCfg, cCfgItems, "CorpusPath"), NULL);
108 if (RT_SUCCESS(rc))
109 {
110 rc = RTFuzzCfgImport(hFuzzCfg, hFuzzCtx, RTFUZZCFG_IMPORT_F_DEFAULT);
111 RTFuzzCfgRelease(hFuzzCfg);
112 }
113
114 if (RT_SUCCESS(rc))
115 {
116 /* Create a new SSM handle to use. */
117 PSSMHANDLE pSsm = (PSSMHANDLE)RTMemAllocZ(sizeof(*pSsm));
118 if (RT_LIKELY(pSsm))
119 {
120 pSsm->pDut = hDut;
121 pSsm->pbSavedState = NULL;
122 pSsm->cbSavedState = 0;
123 pSsm->offDataBuffer = 0;
124 pSsm->uCurUnitVer = tstDevSsmFuzzGetCfgU32(paCfg, cCfgItems, "UnitVersion");
125 pSsm->rc = VINF_SUCCESS;
126
127 uint64_t cRuntimeMs = tstDevSsmFuzzGetCfgU64(paCfg, cCfgItems, "RuntimeSec") * RT_MS_1SEC_64;
128 uint64_t tsStart = RTTimeMilliTS();
129 uint64_t cFuzzedInputs = 0;
130 do
131 {
132 RTFUZZINPUT hFuzzInp;
133 rc = RTFuzzCtxInputGenerate(hFuzzCtx, &hFuzzInp);
134 if (RT_SUCCESS(rc))
135 {
136 void *pvBlob = NULL;
137 size_t cbBlob = 0;
138
139 rc = RTFuzzInputQueryBlobData(hFuzzInp, &pvBlob, &cbBlob);
140 if (RT_SUCCESS(rc))
141 {
142 pSsm->pbSavedState = (uint8_t *)pvBlob;
143 pSsm->cbSavedState = cbBlob;
144 pSsm->offDataBuffer = 0;
145 pSsm->rc = VINF_SUCCESS;
146
147 /* Get the SSM handler from the device. */
148 int rcDut = VINF_SUCCESS;
149 PTSTDEVDUTSSM pSsmClbks = RTListGetFirst(&hDut->LstSsmHandlers, TSTDEVDUTSSM, NdSsm);
150 if (pSsmClbks)
151 {
152 /* Load preparations. */
153 if (pSsmClbks->pfnLoadPrep)
154 rcDut = pSsmClbks->pfnLoadPrep(hDut->pDevIns, pSsm);
155 if (RT_SUCCESS(rcDut))
156 rcDut = pSsmClbks->pfnLoadExec(hDut->pDevIns, pSsm, pSsm->uCurUnitVer, SSM_PASS_FINAL);
157
158 cFuzzedInputs++;
159 }
160 if (RT_SUCCESS(rcDut))
161 RTFuzzInputAddToCtxCorpus(hFuzzInp);
162 }
163 RTFuzzInputRelease(hFuzzInp);
164 }
165 } while ( RT_SUCCESS(rc)
166 && RTTimeMilliTS() - tsStart < cRuntimeMs);
167
168 RTMemFree(pSsm);
169 }
170 else
171 rc = VERR_NO_MEMORY;
172 }
173
174 RTFuzzCtxRelease(hFuzzCtx);
175 }
176
177 return rc;
178}
179
180
181const TSTDEVTESTCASEREG g_TestcaseSsmFuzz =
182{
183 /** szName */
184 "SsmFuzz",
185 /** pszDesc */
186 "Fuzzes devices SSM state loaders",
187 /** fFlags */
188 0,
189 /** pfnTestEntry */
190 tstDevSsmFuzzEntry
191};
192
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette