/src/fuzz_list.c

Source (jump to first uncovered line)
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include "config.h"
#include "syshead.h"
#include "list.h"

#include "fuzz_randomizer.h"

#define KEY_SIZE 23

/* Required for hash_init() */
static uint32_t word_hash_function(const void *key, uint32_t iv) {
  return hash_func(key, KEY_SIZE, iv);
}

/* Required for hash_init() */
static bool word_compare_function(const void *key1, const void *key2) {
  return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  struct gc_arena gc;
  struct hash *hash = NULL;
  ssize_t generic_ssizet, generic_ssizet2, num_loops;

  fuzz_random_init(data, size);

  gc = gc_new();

  int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
  for (int i = 0; i < total_to_fuzz; i++) {
    generic_ssizet = fuzz_randomizer_get_int(0, 8);

    switch (generic_ssizet) {
    case 0:
      if (hash == NULL) {
        int n_buckets = fuzz_randomizer_get_int(1, 1000);
        uint32_t iv;

        hash =
            hash_init(n_buckets, iv, word_hash_function, word_compare_function);
      }
      break;
    case 1:
      if (hash) {
        hash_free(hash);
        hash = NULL;
      }
      break;
    case 2:
      if (hash) {
        struct hash_iterator hi;
        struct hash_element *he;
        hash_iterator_init(hash, &hi);
        while ((he = hash_iterator_next(&hi))) {
          void *w = he->value;
        }
        hash_iterator_free(&hi);
      }
      break;
    case 3:
      if (hash) {
        void *key;
        void *value;
        char arr[KEY_SIZE];
        memset(arr, 0, KEY_SIZE);
        fuzz_get_random_data(arr, KEY_SIZE);
        key = (void *)arr;
        if (!hash_lookup(hash, key)) {
          generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
          value = (void *)generic_ssizet;
          hash_add(hash, key, value, false);
        }
      }
      break;
    case 4:
      if (hash) {
        hash_n_elements(hash);
      }
      break;
    case 5:
      if (hash) {
        hash_n_buckets(hash);
      }
      break;
    case 6:
      if (hash) {
        uint32_t hv;
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
        hv = generic_ssizet;
        hash_bucket(hash, hv);
      }
      break;
    case 7:
      if (hash) {
        void *key;
        char arr[KEY_SIZE];
        memset(arr, 0, KEY_SIZE);
        fuzz_get_random_data(arr, KEY_SIZE);
        key = (void *)arr;
        hash_remove(hash, key);
      }
      break;
    case 8:
      if (hash) {
        void *value;
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
        value = (void *)generic_ssizet;
        hash_remove_by_value(hash, value);
      }
    default:
      break;
    }
  }

  if (hash) {
    hash_free(hash);
  }

  gc_free(&gc);

  fuzz_random_destroy();

  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		#include "config.h"
14		#include "syshead.h"
15		#include "list.h"
16
17		#include "fuzz_randomizer.h"
18
19	6.28k	#define KEY_SIZE 23
20
21		/* Required for hash_init() */
22	2.88k	static uint32_t word_hash_function(const void *key, uint32_t iv) {
23	2.88k	return hash_func(key, KEY_SIZE, iv);
24	2.88k	}
25
26		/* Required for hash_init() */
27	288	static bool word_compare_function(const void key1, const void key2) {
28	288	return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
29	288	}
30
31	467	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
32	467	struct gc_arena gc;
33	467	struct hash *hash = NULL;
34	467	ssize_t generic_ssizet, generic_ssizet2, num_loops;
35
36	467	fuzz_random_init(data, size);
37
38	467	gc = gc_new();
39
40	467	int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
41	7.94k	for (int i = 0; i < total_to_fuzz; i++) {
42	7.48k	generic_ssizet = fuzz_randomizer_get_int(0, 8);
43
44	7.48k	switch (generic_ssizet) {
45	4.43k	case 0:
46	4.43k	if (hash == NULL) {
47	525	int n_buckets = fuzz_randomizer_get_int(1, 1000);
48	525	uint32_t iv;
49
50	525	hash =
51	525	hash_init(n_buckets, iv, word_hash_function, word_compare_function);
52	525	}
53	4.43k	break;
54	121	case 1:
55	121	if (hash) {
56	78	hash_free(hash);
57	78	hash = NULL;
58	78	}
59	121	break;
60	263	case 2:
61	263	if (hash) {
62	222	struct hash_iterator hi;
63	222	struct hash_element *he;
64	222	hash_iterator_init(hash, &hi);
65	581	while ((he = hash_iterator_next(&hi))) {
66	359	void *w = he->value;
67	359	}
68	222	hash_iterator_free(&hi);
69	222	}
70	263	break;
71	1.42k	case 3:
72	1.42k	if (hash) {
73	1.32k	void *key;
74	1.32k	void *value;
75	1.32k	char arr[KEY_SIZE];
76	1.32k	memset(arr, 0, KEY_SIZE);
77	1.32k	fuzz_get_random_data(arr, KEY_SIZE);
78	1.32k	key = (void *)arr;
79	1.32k	if (!hash_lookup(hash, key)) {
80	1.19k	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
81	1.19k	value = (void *)generic_ssizet;
82	1.19k	hash_add(hash, key, value, false);
83	1.19k	}
84	1.32k	}
85	1.42k	break;
86	94	case 4:
87	94	if (hash) {
88	47	hash_n_elements(hash);
89	47	}
90	94	break;
91	100	case 5:
92	100	if (hash) {
93	56	hash_n_buckets(hash);
94	56	}
95	100	break;
96	104	case 6:
97	104	if (hash) {
98	64	uint32_t hv;
99	64	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
100	64	hv = generic_ssizet;
101	64	hash_bucket(hash, hv);
102	64	}
103	104	break;
104	448	case 7:
105	448	if (hash) {
106	373	void *key;
107	373	char arr[KEY_SIZE];
108	373	memset(arr, 0, KEY_SIZE);
109	373	fuzz_get_random_data(arr, KEY_SIZE);
110	373	key = (void *)arr;
111	373	hash_remove(hash, key);
112	373	}
113	448	break;
114	499	case 8:
115	499	if (hash) {
116	449	void *value;
117	449	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
118	449	value = (void *)generic_ssizet;
119	449	hash_remove_by_value(hash, value);
120	449	}
121	499	default:
122	499	break;
123	7.48k	}
124	7.48k	}
125
126	467	if (hash) {
127	447	hash_free(hash);
128	447	}
129
130	467	gc_free(&gc);
131
132	467	fuzz_random_destroy();
133
134	467	return 0;
135	467	}

Coverage Report

Created: 2023-05-30 07:03