[automerger skipped] resolve merge conflicts of cf90c3af78e32892ccd48a85ec18f4fda15a63a3 to stage-dr1-aosp-master am: e92943bd3c -s ours am: 1d53d10ef4 -s ours
am: 94a80fa06b -s ours
Change-Id: Ia24e627f37aa1983a3fa4894ed8a7c34d7d83d0f
diff --git a/iface_fuzzer/OWNERS b/iface_fuzzer/OWNERS
new file mode 100644
index 0000000..3bbea12
--- /dev/null
+++ b/iface_fuzzer/OWNERS
@@ -0,0 +1,3 @@
+trong@google.com
+jiwonshin@google.com
+yim@google.com
diff --git a/iface_fuzzer/ProtoFuzzerMain.cpp b/iface_fuzzer/ProtoFuzzerMain.cpp
index c753847..0c4a8c9 100644
--- a/iface_fuzzer/ProtoFuzzerMain.cpp
+++ b/iface_fuzzer/ProtoFuzzerMain.cpp
@@ -129,22 +129,61 @@
mutator->Mutate(runner->GetOpenedIfaces(), &exec_spec);
}
- if ((size_t)exec_spec.ByteSize() > max_size) {
+ if (static_cast<size_t>(exec_spec.ByteSize()) > max_size) {
cerr << "execution specification message exceeded maximum size." << endl;
cerr << max_size << endl;
- cerr << (size_t)exec_spec.ByteSize() << endl;
+ cerr << static_cast<size_t>(exec_spec.ByteSize()) << endl;
std::abort();
}
- return ToArray(data, size, &exec_spec);
+ return ToArray(data, max_size, &exec_spec);
}
-// TODO(trong): implement a meaningful cross-over mechanism.
-size_t LLVMFuzzerCustomCrossOver(const uint8_t *data1, size_t size1,
- const uint8_t *data2, size_t size2,
- uint8_t *out, size_t max_out_size,
- unsigned int seed) {
- memcpy(out, data1, size1);
- return size1;
+extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t *data1, size_t size1,
+ const uint8_t *data2, size_t size2,
+ uint8_t *out, size_t max_out_size,
+ unsigned int seed) {
+ ExecSpec exec_spec1{};
+ FromArray(data1, size1, &exec_spec1);
+ int function_call_size1 = exec_spec1.function_call_size();
+
+ ExecSpec exec_spec2{};
+ FromArray(data2, size2, &exec_spec2);
+ int function_call_size2 = exec_spec2.function_call_size();
+
+ if (function_call_size1 != static_cast<int>(params.exec_size_)) {
+ if (function_call_size2 != static_cast<int>(params.exec_size_)) {
+ cerr << "Both messages were invalid, aborting." << endl;
+ std::abort();
+ } else {
+ cerr << "Message 1 was invalid, copying message 2." << endl;
+ memcpy(out, data2, size2);
+ return size2;
+ }
+ } else if (function_call_size2 != static_cast<int>(params.exec_size_)) {
+ cerr << "Message 2 was invalid, copying message 1." << endl;
+ memcpy(out, data1, size1);
+ return size1;
+ }
+
+ ExecSpec exec_spec_out{};
+ for (int i = 0; i < static_cast<int>(params.exec_size_); i++) {
+ FuncCall temp;
+ int dice = rand() % 2;
+ if (dice == 0) {
+ temp = exec_spec1.function_call(i);
+ } else {
+ temp = exec_spec2.function_call(i);
+ }
+ exec_spec_out.add_function_call()->CopyFrom(temp);
+ }
+
+ if (static_cast<size_t>(exec_spec_out.ByteSize()) > max_out_size) {
+ cerr << "execution specification message exceeded maximum size." << endl;
+ cerr << max_out_size << endl;
+ cerr << static_cast<size_t>(exec_spec_out.ByteSize()) << endl;
+ std::abort();
+ }
+ return ToArray(out, max_out_size, &exec_spec_out);
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
diff --git a/OWNERS b/kernel/OWNERS
similarity index 100%
rename from OWNERS
rename to kernel/OWNERS
diff --git a/kernel/syzkaller/syzkaller_test.py b/kernel/syzkaller/syzkaller_test.py
index 38cfe33..5d30d73 100644
--- a/kernel/syzkaller/syzkaller_test.py
+++ b/kernel/syzkaller/syzkaller_test.py
@@ -107,7 +107,7 @@
"""
test_command = test_case.GetRunCommand()
stdout, stderr, err_code = cmd_utils.ExecuteOneShellCommand(
- test_command, timeout=1800)
+ test_command, timeout=18000)
if err_code:
logging.error(stderr)
else:
diff --git a/template/iface_fuzzer_test/iface_fuzzer_test.py b/template/iface_fuzzer_test/iface_fuzzer_test.py
index 35fd53b..bfdd973 100644
--- a/template/iface_fuzzer_test/iface_fuzzer_test.py
+++ b/template/iface_fuzzer_test/iface_fuzzer_test.py
@@ -37,6 +37,8 @@
"""
_VTS_SPEC_DIR_TARGET = os.path.join(config.FUZZER_TEST_DIR, 'spec')
+ start_vts_agents = False
+
def _PushVtsResources(self, hal_name, hal_version):
"""Pushes resources needed for test to target device.
@@ -75,11 +77,12 @@
string list, directories on target
"""
hal_name_dir = vts_spec_utils.HalNameDir(hal_name)
- spec_dirs = [os.path.join(self._VTS_SPEC_DIR_TARGET, hal_name_dir,
- hal_version)]
+ spec_dirs = [
+ os.path.join(self._VTS_SPEC_DIR_TARGET, hal_name_dir, hal_version)
+ ]
- imported_hals = self._vts_spec_parser.ImportedHals(hal_name,
- hal_version)
+ imported_hals = self._vts_spec_parser.ImportedHals(
+ hal_name, hal_version)
for name, version in imported_hals:
spec_dirs.append(
os.path.join(self._VTS_SPEC_DIR_TARGET,
@@ -93,8 +96,8 @@
hal_name, hal_version = vts_spec_utils.HalPackageToNameAndVersion(
hal_package)
- imported_hals = self._vts_spec_parser.IndirectImportedHals(hal_name,
- hal_version)
+ imported_hals = self._vts_spec_parser.IndirectImportedHals(
+ hal_name, hal_version)
self._PushVtsResources(hal_name, hal_version)
for name, version in imported_hals:
self._PushVtsResources(name, version)
diff --git a/template/libfuzzer_test/libfuzzer_test.py b/template/libfuzzer_test/libfuzzer_test.py
index 8f98a1f..239bc99 100644
--- a/template/libfuzzer_test/libfuzzer_test.py
+++ b/template/libfuzzer_test/libfuzzer_test.py
@@ -38,6 +38,8 @@
_dut: AndroidDevice, the device under test as config.
"""
+ start_vts_agents = False
+
def setUpClass(self):
"""Creates a remote shell instance, and copies data files."""
required_params = [
@@ -181,6 +183,11 @@
self.PushFiles(test_case.bin_host_path)
self.CreateCorpusOut(test_case)
inuse_seed = self.RetrieveCorpusSeed(test_case)
+ if inuse_seed == 'locked':
+ # skip this test case
+ logging.warning('test case locked, skipping testcase %s.', test_case.test_name)
+ return
+
fuzz_cmd = '"%s"' % test_case.GetRunCommand()
result = {}
@@ -206,6 +213,8 @@
self._temp_dir)
except adb.AdbError as e:
logging.exception(e)
+ logging.error('Device failed. Removing lock from GCS.')
+ self._corpus_manager.remove_lock(test_case._test_name)
if inuse_seed is not 'directory':
self.EvaluateTestcase(test_case, result, inuse_seed)