Coverage Report

Created: 2025-11-24 06:47

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/exprtk_fuzzer.cpp
Line
Count
Source
1
// Copyright 2020 Google LLC
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
6
//
7
//      http://www.apache.org/licenses/LICENSE-2.0
8
//
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
14
15
16
#include <chrono>
17
#include <cstdint>
18
#include <string>
19
20
#define exprtk_enable_range_runtime_checks
21
#include "exprtk.hpp"
22
23
24
constexpr auto max_test_duration = std::chrono::seconds(58); // OSSFuzz test time is 60seconds
25
const     auto global_timeout_tp = std::chrono::steady_clock::now() + max_test_duration;
26
27
struct timeout_rtc_handler : public exprtk::loop_runtime_check
28
{
29
   timeout_rtc_handler()
30
9.12k
   : exprtk::loop_runtime_check()
31
9.12k
   {}
32
33
   class timeout_exception : public std::runtime_error
34
   {
35
   public:
36
       timeout_exception(const std::string& what = "")
37
0
       : std::runtime_error(what)
38
0
       {}
39
   };
40
41
   static constexpr std::size_t max_iterations = 5000000;
42
43
   using time_point_t = std::chrono::time_point<std::chrono::steady_clock>;
44
45
   void set_timeout_time(const time_point_t& timeout_tp)
46
3.68k
   {
47
3.68k
      timeout_tp_ = timeout_tp;
48
3.68k
   }
49
50
   bool check() override
51
0
   {
52
0
      if (++iterations_ >= max_iterations)
53
0
      {
54
0
         if (std::chrono::steady_clock::now() >= timeout_tp_)
55
0
         {
56
0
            return false;
57
0
         }
58
59
0
         iterations_ = 0;
60
0
      }
61
62
0
      return true;
63
0
   }
64
65
   void handle_runtime_violation(const violation_context& /*context*/) override
66
0
   {
67
0
      throw timeout_exception("ExprTk Loop run-time timeout violation.");
68
0
   }
69
70
   std::size_t iterations_ = 0;
71
   time_point_t timeout_tp_;
72
};
73
74
struct compilation_timeout_check final : public exprtk::compilation_check
75
{
76
   static constexpr std::size_t max_iters_per_check = 500;
77
78
   bool continue_compilation(compilation_context& context) override
79
300k
   {
80
300k
      if (++iterations_ >= max_iters_per_check)
81
7.48k
      {
82
7.48k
         if (std::chrono::steady_clock::now() >= timeout_tp_)
83
22
         {
84
22
            context.error_message = "Compilation has timed-out";
85
22
            return false;
86
22
         }
87
88
7.46k
         iterations_ = 0;
89
7.46k
      }
90
91
300k
      return true;
92
300k
   }
93
94
   using time_point_t = std::chrono::time_point<std::chrono::steady_clock>;
95
96
   void set_timeout_time(const time_point_t& timeout_tp)
97
9.12k
   {
98
9.12k
      timeout_tp_ = timeout_tp;
99
9.12k
   }
100
101
   std::size_t iterations_ = max_iters_per_check;
102
   time_point_t timeout_tp_;
103
};
104
105
struct vector_access_rtc final : public exprtk::vector_access_runtime_check
106
{
107
   bool handle_runtime_violation(violation_context& /*context*/) override
108
0
   {
109
0
      throw std::runtime_error("Runtime vector access violation.");
110
0
      return false;
111
0
   }
112
};
113
114
struct assert_handler final : public exprtk::assert_check
115
{
116
   void handle_assert(const assert_context& /*context*/) override
117
0
   {
118
0
      throw std::runtime_error("assert: vector access violation.");
119
0
   }
120
};
121
122
template <typename T>
123
void run(const std::string& expression_string)
124
9.12k
{
125
9.12k
   using symbol_table_t       = exprtk::symbol_table<T>;
126
9.12k
   using expression_t         = exprtk::expression<T>;
127
9.12k
   using parser_t             = exprtk::parser<T>;
128
9.12k
   using loop_runtime_check_t = exprtk::loop_runtime_check;
129
130
9.12k
   T x = T(1.2345);
131
9.12k
   T y = T(2.2345);
132
9.12k
   T z = T(3.2345);
133
9.12k
   T w = T(4.2345);
134
135
9.12k
   symbol_table_t symbol_table;
136
9.12k
   symbol_table.add_variable("x",x);
137
9.12k
   symbol_table.add_variable("y",y);
138
9.12k
   symbol_table.add_variable("z",z);
139
9.12k
   symbol_table.add_variable("w",w);
140
9.12k
   symbol_table.add_constants();
141
142
9.12k
   expression_t expression;
143
9.12k
   expression.register_symbol_table(symbol_table);
144
145
9.12k
   timeout_rtc_handler loop_runtime_check;
146
9.12k
   loop_runtime_check.loop_set = loop_runtime_check_t::e_all_loops;
147
9.12k
   loop_runtime_check.max_loop_iterations = 100000;
148
149
9.12k
   compilation_timeout_check compilation_timeout_chck;
150
9.12k
   vector_access_rtc         vector_rtc;
151
9.12k
   assert_handler            asrt_handler;
152
153
9.12k
   parser_t parser;
154
155
9.12k
   parser.settings().set_max_stack_depth(400);
156
9.12k
   parser.settings().set_max_node_depth (400);
157
9.12k
   parser.settings().set_max_local_vector_size(10000000); // double: 80MB float: 40MB
158
159
9.12k
   parser.register_compilation_timeout_check  (compilation_timeout_chck);
160
9.12k
   parser.register_loop_runtime_check         (loop_runtime_check      );
161
9.12k
   parser.register_vector_access_runtime_check(vector_rtc              );
162
9.12k
   parser.register_assert_check               (asrt_handler            );
163
164
9.12k
   compilation_timeout_chck.set_timeout_time(global_timeout_tp);
165
166
9.12k
   if (parser.compile(expression_string, expression))
167
3.69k
   {
168
3.69k
      const std::size_t max_expression_size = 64 * 1024;
169
170
3.69k
      if (expression_string.size() <= max_expression_size)
171
3.68k
      {
172
3.68k
         loop_runtime_check.set_timeout_time(global_timeout_tp);
173
174
3.68k
         try
175
3.68k
         {
176
3.68k
            expression.value();
177
3.68k
         }
178
3.68k
         catch (std::runtime_error& rte)
179
3.68k
         {}
180
3.68k
         catch (...)
181
3.68k
         {}
182
183
3.68k
         parser.clear_loop_runtime_check();
184
3.68k
      }
185
3.69k
   }
186
9.12k
}
void run<double>(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)
Line
Count
Source
124
4.56k
{
125
4.56k
   using symbol_table_t       = exprtk::symbol_table<T>;
126
4.56k
   using expression_t         = exprtk::expression<T>;
127
4.56k
   using parser_t             = exprtk::parser<T>;
128
4.56k
   using loop_runtime_check_t = exprtk::loop_runtime_check;
129
130
4.56k
   T x = T(1.2345);
131
4.56k
   T y = T(2.2345);
132
4.56k
   T z = T(3.2345);
133
4.56k
   T w = T(4.2345);
134
135
4.56k
   symbol_table_t symbol_table;
136
4.56k
   symbol_table.add_variable("x",x);
137
4.56k
   symbol_table.add_variable("y",y);
138
4.56k
   symbol_table.add_variable("z",z);
139
4.56k
   symbol_table.add_variable("w",w);
140
4.56k
   symbol_table.add_constants();
141
142
4.56k
   expression_t expression;
143
4.56k
   expression.register_symbol_table(symbol_table);
144
145
4.56k
   timeout_rtc_handler loop_runtime_check;
146
4.56k
   loop_runtime_check.loop_set = loop_runtime_check_t::e_all_loops;
147
4.56k
   loop_runtime_check.max_loop_iterations = 100000;
148
149
4.56k
   compilation_timeout_check compilation_timeout_chck;
150
4.56k
   vector_access_rtc         vector_rtc;
151
4.56k
   assert_handler            asrt_handler;
152
153
4.56k
   parser_t parser;
154
155
4.56k
   parser.settings().set_max_stack_depth(400);
156
4.56k
   parser.settings().set_max_node_depth (400);
157
4.56k
   parser.settings().set_max_local_vector_size(10000000); // double: 80MB float: 40MB
158
159
4.56k
   parser.register_compilation_timeout_check  (compilation_timeout_chck);
160
4.56k
   parser.register_loop_runtime_check         (loop_runtime_check      );
161
4.56k
   parser.register_vector_access_runtime_check(vector_rtc              );
162
4.56k
   parser.register_assert_check               (asrt_handler            );
163
164
4.56k
   compilation_timeout_chck.set_timeout_time(global_timeout_tp);
165
166
4.56k
   if (parser.compile(expression_string, expression))
167
1.85k
   {
168
1.85k
      const std::size_t max_expression_size = 64 * 1024;
169
170
1.85k
      if (expression_string.size() <= max_expression_size)
171
1.84k
      {
172
1.84k
         loop_runtime_check.set_timeout_time(global_timeout_tp);
173
174
1.84k
         try
175
1.84k
         {
176
1.84k
            expression.value();
177
1.84k
         }
178
1.84k
         catch (std::runtime_error& rte)
179
1.84k
         {}
180
1.84k
         catch (...)
181
1.84k
         {}
182
183
1.84k
         parser.clear_loop_runtime_check();
184
1.84k
      }
185
1.85k
   }
186
4.56k
}
void run<float>(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)
Line
Count
Source
124
4.56k
{
125
4.56k
   using symbol_table_t       = exprtk::symbol_table<T>;
126
4.56k
   using expression_t         = exprtk::expression<T>;
127
4.56k
   using parser_t             = exprtk::parser<T>;
128
4.56k
   using loop_runtime_check_t = exprtk::loop_runtime_check;
129
130
4.56k
   T x = T(1.2345);
131
4.56k
   T y = T(2.2345);
132
4.56k
   T z = T(3.2345);
133
4.56k
   T w = T(4.2345);
134
135
4.56k
   symbol_table_t symbol_table;
136
4.56k
   symbol_table.add_variable("x",x);
137
4.56k
   symbol_table.add_variable("y",y);
138
4.56k
   symbol_table.add_variable("z",z);
139
4.56k
   symbol_table.add_variable("w",w);
140
4.56k
   symbol_table.add_constants();
141
142
4.56k
   expression_t expression;
143
4.56k
   expression.register_symbol_table(symbol_table);
144
145
4.56k
   timeout_rtc_handler loop_runtime_check;
146
4.56k
   loop_runtime_check.loop_set = loop_runtime_check_t::e_all_loops;
147
4.56k
   loop_runtime_check.max_loop_iterations = 100000;
148
149
4.56k
   compilation_timeout_check compilation_timeout_chck;
150
4.56k
   vector_access_rtc         vector_rtc;
151
4.56k
   assert_handler            asrt_handler;
152
153
4.56k
   parser_t parser;
154
155
4.56k
   parser.settings().set_max_stack_depth(400);
156
4.56k
   parser.settings().set_max_node_depth (400);
157
4.56k
   parser.settings().set_max_local_vector_size(10000000); // double: 80MB float: 40MB
158
159
4.56k
   parser.register_compilation_timeout_check  (compilation_timeout_chck);
160
4.56k
   parser.register_loop_runtime_check         (loop_runtime_check      );
161
4.56k
   parser.register_vector_access_runtime_check(vector_rtc              );
162
4.56k
   parser.register_assert_check               (asrt_handler            );
163
164
4.56k
   compilation_timeout_chck.set_timeout_time(global_timeout_tp);
165
166
4.56k
   if (parser.compile(expression_string, expression))
167
1.84k
   {
168
1.84k
      const std::size_t max_expression_size = 64 * 1024;
169
170
1.84k
      if (expression_string.size() <= max_expression_size)
171
1.83k
      {
172
1.83k
         loop_runtime_check.set_timeout_time(global_timeout_tp);
173
174
1.83k
         try
175
1.83k
         {
176
1.83k
            expression.value();
177
1.83k
         }
178
1.83k
         catch (std::runtime_error& rte)
179
1.83k
         {}
180
1.83k
         catch (...)
181
1.83k
         {}
182
183
1.83k
         parser.clear_loop_runtime_check();
184
1.83k
      }
185
1.84k
   }
186
4.56k
}
187
188
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
189
4.56k
{
190
4.56k
   const std::string expression(reinterpret_cast<const char*>(data), size);
191
192
4.56k
   run<double>(expression);
193
4.56k
   run<float> (expression);
194
195
4.56k
   return 0;
196
4.56k
}