/src/behaviortreecpp/fuzzing/script_fuzzer.cpp

Source (jump to first uncovered line)
#include <fuzzer/FuzzedDataProvider.h>
#include "behaviortree_cpp/scripting/script_parser.hpp"
#include "behaviortree_cpp/blackboard.h"
#include "behaviortree_cpp/basic_types.h"
#include <cstdint>
#include <string>
#include <iostream>
#include <iomanip>

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
  if(size < 4)
  {
    return 0;
  }

  FuzzedDataProvider fuzz_data(data, size);

  try
  {
    BT::Ast::Environment env;
    env.vars = BT::Blackboard::create();
    env.enums = std::make_shared<BT::EnumsTable>();

    // Add some test variables to the blackboard
    env.vars->set("test_int", 42);
    env.vars->set("test_double", 3.14);
    env.vars->set("test_bool", true);
    env.vars->set("test_string", std::string("test"));

    // Add some test enums
    (*env.enums)["RUNNING"] = 0;
    (*env.enums)["SUCCESS"] = 1;
    (*env.enums)["FAILURE"] = 2;

    std::string script = fuzz_data.ConsumeRandomLengthString();

    auto validation_result = BT::ValidateScript(script);

    if(!validation_result)
    {
      auto parsed_script = BT::ParseScript(script);
      if(parsed_script)
      {
        try
        {
          auto result = parsed_script.value()(env);

          if(result.isNumber())
          {
            volatile auto num = result.cast<double>();
          }

          env.vars->set("result", result);

          BT::Any read_back;
          env.vars->get("result", read_back);
        }
        catch(const BT::RuntimeError&)
        {}
      }
    }

    BT::ParseScriptAndExecute(env, script);
  }
  catch(const std::exception&)
  {}

  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		#include <fuzzer/FuzzedDataProvider.h>
2		#include "behaviortree_cpp/scripting/script_parser.hpp"
3		#include "behaviortree_cpp/blackboard.h"
4		#include "behaviortree_cpp/basic_types.h"
5		#include <cstdint>
6		#include <string>
7		#include <iostream>
8		#include <iomanip>
9
10		extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
11	18	{
12	18	if(size < 4)
13	0	{
14	0	return 0;
15	0	}
16
17	18	FuzzedDataProvider fuzz_data(data, size);
18
19	18	try
20	18	{
21	18	BT::Ast::Environment env;
22	18	env.vars = BT::Blackboard::create();
23	18	env.enums = std::make_shared<BT::EnumsTable>();
24
25		// Add some test variables to the blackboard
26	18	env.vars->set("test_int", 42);
27	18	env.vars->set("test_double", 3.14);
28	18	env.vars->set("test_bool", true);
29	18	env.vars->set("test_string", std::string("test"));
30
31		// Add some test enums
32	18	(*env.enums)["RUNNING"] = 0;
33	18	(*env.enums)["SUCCESS"] = 1;
34	18	(*env.enums)["FAILURE"] = 2;
35
36	18	std::string script = fuzz_data.ConsumeRandomLengthString();
37
38	18	auto validation_result = BT::ValidateScript(script);
39
40	18	if(!validation_result)
41	15	{
42	15	auto parsed_script = BT::ParseScript(script);
43	15	if(parsed_script)
44	0	{
45	0	try
46	0	{
47	0	auto result = parsed_script.value()(env);
48
49	0	if(result.isNumber())
50	0	{
51	0	volatile auto num = result.cast<double>();
52	0	}
53
54	0	env.vars->set("result", result);
55
56	0	BT::Any read_back;
57	0	env.vars->get("result", read_back);
58	0	}
59	0	catch(const BT::RuntimeError&)
60	0	{}
61	0	}
62	15	}
63
64	18	BT::ParseScriptAndExecute(env, script);
65	18	}
66	18	catch(const std::exception&)
67	18	{}
68
69	18	return 0;
70	18	}

Coverage Report

Created: 2025-08-26 06:29