diff options
author | Allen Webb <allenwebb@google.com> | 2018-11-21 11:01:37 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-12-03 12:43:23 -0800 |
commit | c60f9f37ab8fe4de7979b3f8e0f4d07cc527fe3e (patch) | |
tree | 2ca2efddd566b4c6de26e0b288bdc1da28b8f842 | |
parent | a5e1a639e55d1c6382b4d690c6b78f6f85e8fbc9 (diff) | |
download | chrome-ec-c60f9f37ab8fe4de7979b3f8e0f4d07cc527fe3e.tar.gz |
cr50_fuzz: Add self test.
This adds an initialization step that sanity checks the fuzz target to
make sure the model is working as intended.
BRANCH=None
BUG=chromium:876582
TEST=sudo emerge libprotobuf-mutator &&
make -j buildfuzztests && ./build/host/cr50_fuzz/cr50_fuzz.exe
Change-Id: I3961a7ff05b4876992af447a2104bcfa0a496562
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1347012
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
-rw-r--r-- | fuzz/cr50_fuzz.cc | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/fuzz/cr50_fuzz.cc b/fuzz/cr50_fuzz.cc index dcd80e93e9..67103ad5b0 100644 --- a/fuzz/cr50_fuzz.cc +++ b/fuzz/cr50_fuzz.cc @@ -6,6 +6,7 @@ #include <unistd.h> +#include <cassert> #include <cstdint> #include <cstring> #include <unordered_map> @@ -66,10 +67,53 @@ void InitializeFuzzerRun() { srand(0); } +// Used to verify the model hasn't become out of sync with the implementation. +// The usefulness of this fuzzer comes from its ability to reach all the code +// paths. +bool SelfTest() { + InitializeFuzzerRun(); + + PinweaverModel pinweaver_model; + alignas(kBufferAlignment) uint8_t buffer[PW_MAX_MESSAGE_SIZE] = {}; + fuzz::span<uint8_t> buffer_view(buffer, sizeof(buffer)); + fuzz::pinweaver::Request request; + + fuzz::pinweaver::ResetTree* reset_tree = request.mutable_reset_tree(); + reset_tree->set_height(2); + reset_tree->set_bits_per_level(2); + assert(pinweaver_model.ApplyRequest(request, buffer_view) == EC_SUCCESS); + + fuzz::pinweaver::InsertLeaf* insert_leaf = request.mutable_insert_leaf(); + constexpr char delay_schedule[] = "\000\000\000\005\377\377\377\377"; + insert_leaf->mutable_delay_schedule()->assign( + delay_schedule, delay_schedule + sizeof(delay_schedule)); + assert(pinweaver_model.ApplyRequest(request, buffer_view) == EC_SUCCESS); + + request.mutable_try_auth(); + assert(pinweaver_model.ApplyRequest(request, buffer_view) == EC_SUCCESS); + + request.mutable_get_log(); + assert(pinweaver_model.ApplyRequest(request, buffer_view) == EC_SUCCESS); + + request.mutable_log_replay(); + assert(pinweaver_model.ApplyRequest(request, buffer_view) == EC_SUCCESS); + + request.mutable_reset_auth(); + assert(pinweaver_model.ApplyRequest(request, buffer_view) == EC_SUCCESS); + + request.mutable_remove_leaf(); + assert(pinweaver_model.ApplyRequest(request, buffer_view) == EC_SUCCESS); + + return true; +} + DEFINE_CUSTOM_PROTO_MUTATOR_IMPL(false, fuzz::Cr50FuzzerInput) DEFINE_CUSTOM_PROTO_CROSSOVER_IMPL(false, fuzz::Cr50FuzzerInput) extern "C" int test_fuzz_one_input(const uint8_t* data, unsigned int size) { + static bool initialized = SelfTest(); + assert(initialized); + fuzz::Cr50FuzzerInput input; if (!LoadProtoInput(false, data, size, &input)) { return 0; |