1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "faultloggerdunwinder_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #include "dfx_ark.h"
22 #include "dfx_config.h"
23 #include "dfx_hap.h"
24 #include "dfx_regs.h"
25 #include "dfx_xz_utils.h"
26 #include "dwarf_op.h"
27 #include "faultloggerd_fuzzertest_common.h"
28 #include "thread_context.h"
29 #include "unwinder.h"
30 #include "unwind_define.h"
31
32 namespace OHOS {
33 namespace HiviewDFX {
34 const int FAULTLOGGER_FUZZTEST_MAX_STRING_LENGTH = 50;
35
TestDfxConfig()36 void TestDfxConfig()
37 {
38 DfxConfig::GetConfig();
39 }
40
TestStepArkFrame(const uint8_t * data,size_t size)41 void TestStepArkFrame(const uint8_t* data, size_t size)
42 {
43 uintptr_t pc;
44 uintptr_t fp;
45 uintptr_t sp;
46 uintptr_t methodid;
47 int offsetTotalLength = sizeof(pc) + sizeof(fp) + sizeof(sp) + sizeof(methodid);
48 if (offsetTotalLength > size) {
49 return;
50 }
51
52 STREAM_TO_VALUEINFO(data, pc);
53 STREAM_TO_VALUEINFO(data, fp);
54 STREAM_TO_VALUEINFO(data, sp);
55 STREAM_TO_VALUEINFO(data, methodid);
56 bool isJsFrame = methodid % 2;
57
58 DfxMemory dfxMemory;
59 ArkStepParam arkParam(&fp, &sp, &pc, &isJsFrame);
60 DfxArk::Instance().StepArkFrame(&dfxMemory, &(Unwinder::AccessMem), &arkParam);
61 }
62
TestStepArkFrameWithJit(const uint8_t * data,size_t size)63 void TestStepArkFrameWithJit(const uint8_t* data, size_t size)
64 {
65 uintptr_t fp;
66 uintptr_t pc;
67 uintptr_t sp;
68 uintptr_t methodid;
69 int offsetTotalLength = sizeof(pc) + sizeof(fp) + sizeof(sp) + sizeof(methodid);
70 if (offsetTotalLength > size) {
71 return;
72 }
73
74 STREAM_TO_VALUEINFO(data, pc);
75 STREAM_TO_VALUEINFO(data, fp);
76 STREAM_TO_VALUEINFO(data, sp);
77 STREAM_TO_VALUEINFO(data, methodid);
78 bool isJsFrame = methodid % 2;
79
80 std::vector<uintptr_t> jitCache_ = {};
81 DfxMemory dfxMemory;
82 ArkUnwindParam arkParam(&dfxMemory, &(Unwinder::AccessMem), &fp, &sp, &pc, &methodid, &isJsFrame, jitCache_);
83 DfxArk::Instance().StepArkFrameWithJit(&arkParam);
84 }
85
TestJitCodeWriteFile(const uint8_t * data,size_t size)86 void TestJitCodeWriteFile(const uint8_t* data, size_t size)
87 {
88 int fd;
89 uintptr_t jitCacheData;
90 int offsetTotalLength = sizeof(fd) + sizeof(jitCacheData);
91 if (offsetTotalLength > size) {
92 return;
93 }
94
95 STREAM_TO_VALUEINFO(data, fd);
96 STREAM_TO_VALUEINFO(data, jitCacheData);
97
98 std::vector<uintptr_t> jitCache = {};
99 jitCache.push_back(jitCacheData);
100 DfxMemory dfxMemory;
101 DfxArk::Instance().JitCodeWriteFile(&dfxMemory, &(Unwinder::AccessMem), fd, jitCache.data(), jitCache.size());
102 }
103
TestParseArkFrameInfoLocal(const uint8_t * data,size_t size)104 void TestParseArkFrameInfoLocal(const uint8_t* data, size_t size)
105 {
106 uintptr_t pc;
107 uintptr_t mapBegin;
108 uintptr_t offset;
109 int offsetTotalLength = sizeof(pc) + sizeof(mapBegin) + sizeof(offset);
110 if (offsetTotalLength > size) {
111 return;
112 }
113
114 STREAM_TO_VALUEINFO(data, pc);
115 STREAM_TO_VALUEINFO(data, mapBegin);
116 STREAM_TO_VALUEINFO(data, offset);
117
118 JsFunction jsFunction;
119 DfxArk::Instance().ParseArkFrameInfoLocal(static_cast<uintptr_t>(pc),
120 static_cast<uintptr_t>(mapBegin), static_cast<uintptr_t>(offset), &jsFunction);
121 }
122
TestArkCreateJsSymbolExtractor(const uint8_t * data,size_t size)123 void TestArkCreateJsSymbolExtractor(const uint8_t* data, size_t size)
124 {
125 uintptr_t extractorPtr;
126 if (size < sizeof(extractorPtr)) {
127 return;
128 }
129
130 STREAM_TO_VALUEINFO(data, extractorPtr);
131
132 DfxArk::Instance().ArkCreateJsSymbolExtractor(&extractorPtr);
133 }
134
TestArkDestoryJsSymbolExtractor(const uint8_t * data,size_t size)135 void TestArkDestoryJsSymbolExtractor(const uint8_t* data, size_t size)
136 {
137 uintptr_t extractorPtr;
138 if (size < sizeof(extractorPtr)) {
139 return;
140 }
141
142 STREAM_TO_VALUEINFO(data, extractorPtr);
143
144 DfxArk::Instance().ArkDestoryJsSymbolExtractor(extractorPtr);
145 }
146
TestDfxArk(const uint8_t * data,size_t size)147 void TestDfxArk(const uint8_t* data, size_t size)
148 {
149 TestStepArkFrame(data, size);
150 TestStepArkFrameWithJit(data, size);
151 TestJitCodeWriteFile(data, size);
152 TestParseArkFrameInfoLocal(data, size);
153 TestArkCreateJsSymbolExtractor(data, size);
154 }
155
TestDfxHap(const uint8_t * data,size_t size)156 void TestDfxHap(const uint8_t* data, size_t size)
157 {
158 pid_t pid;
159 uint64_t pc;
160 uintptr_t offset;
161 unsigned int offsetTotalLength = sizeof(pid) + sizeof(pc) + sizeof(offset);
162 if (offsetTotalLength > size) {
163 return;
164 }
165
166 STREAM_TO_VALUEINFO(data, pid);
167 STREAM_TO_VALUEINFO(data, pc);
168 STREAM_TO_VALUEINFO(data, offset);
169
170 auto map = std::make_shared<DfxMap>();
171 JsFunction jsFunction;
172 DfxHap dfxHap;
173 dfxHap.ParseHapInfo(pid, pc, map, &jsFunction);
174 }
175
176 #if defined(__aarch64__)
TestSetFromFpMiniRegs(const uint8_t * data,size_t size)177 void TestSetFromFpMiniRegs(const uint8_t* data, size_t size)
178 {
179 uintptr_t regs[FP_MINI_REGS_SIZE];
180 if (size < sizeof(regs)) {
181 return;
182 }
183
184 STREAM_TO_VALUEINFO(data, regs);
185
186 auto dfxregs = std::make_shared<DfxRegsArm64>();
187 dfxregs->SetFromFpMiniRegs(regs, FP_MINI_REGS_SIZE);
188 }
189 #endif
190
191 #if defined(__aarch64__)
TestSetFromQutMiniRegs(const uint8_t * data,size_t size)192 void TestSetFromQutMiniRegs(const uint8_t* data, size_t size)
193 {
194 uintptr_t regs[QUT_MINI_REGS_SIZE];
195 if (size < sizeof(regs)) {
196 return;
197 }
198
199 STREAM_TO_VALUEINFO(data, regs);
200
201 auto dfxregs = std::make_shared<DfxRegsArm64>();
202 dfxregs->SetFromQutMiniRegs(regs, QUT_MINI_REGS_SIZE);
203 }
204 #endif
205
206 #if defined(__aarch64__)
TestDfxRegsArm64(const uint8_t * data,size_t size)207 void TestDfxRegsArm64(const uint8_t* data, size_t size)
208 {
209 TestSetFromFpMiniRegs(data, size);
210 TestSetFromQutMiniRegs(data, size);
211 }
212 #endif
213
TestThreadContext(const uint8_t * data,size_t size)214 void TestThreadContext(const uint8_t* data, size_t size)
215 {
216 int32_t tid;
217 uintptr_t stackBottom;
218 uintptr_t stackTop;
219 unsigned int offsetTotalLength = sizeof(tid) + sizeof(stackBottom) + sizeof(stackTop);
220 if (offsetTotalLength > size) {
221 return;
222 }
223
224 STREAM_TO_VALUEINFO(data, tid);
225 STREAM_TO_VALUEINFO(data, stackBottom);
226 STREAM_TO_VALUEINFO(data, stackTop);
227
228 LocalThreadContext& context = LocalThreadContext::GetInstance();
229 context.GetStackRange(tid, stackBottom, stackTop);
230 context.CollectThreadContext(tid);
231 context.GetThreadContext(tid);
232 context.ReleaseThread(tid);
233 }
234
TestDfxInstrStatistic(const uint8_t * data,size_t size)235 void TestDfxInstrStatistic(const uint8_t* data, size_t size)
236 {
237 uint32_t type;
238 uint64_t val;
239 uint64_t errInfo;
240 unsigned int offsetTotalLength = sizeof(type) + sizeof(val) + sizeof(errInfo) +
241 FAULTLOGGER_FUZZTEST_MAX_STRING_LENGTH;
242 if (offsetTotalLength > size) {
243 return;
244 }
245
246 STREAM_TO_VALUEINFO(data, type);
247 type = type % 10; // 10 : get the last digit of the number
248 STREAM_TO_VALUEINFO(data, val);
249 STREAM_TO_VALUEINFO(data, errInfo);
250
251 std::string soName(reinterpret_cast<const char*>(data), FAULTLOGGER_FUZZTEST_MAX_STRING_LENGTH);
252 data += FAULTLOGGER_FUZZTEST_MAX_STRING_LENGTH;
253
254 InstrStatisticType statisticType;
255 if (type == 0) {
256 statisticType = InstrStatisticType::InstructionEntriesArmExidx;
257 } else {
258 statisticType = InstrStatisticType::UnsupportedArmExidx;
259 }
260 DfxInstrStatistic& statistic = DfxInstrStatistic::GetInstance();
261 statistic.SetCurrentStatLib(soName);
262 statistic.AddInstrStatistic(statisticType, val, errInfo);
263 std::vector<std::pair<uint32_t, uint32_t>> result;
264 statistic.DumpInstrStatResult(result);
265 }
266
TestDfxXzUtils(const uint8_t * data,size_t size)267 void TestDfxXzUtils(const uint8_t* data, size_t size)
268 {
269 std::shared_ptr<std::vector<uint8_t>> out = std::make_shared<std::vector<uint8_t>>();
270 XzDecompress(data, size, out);
271 }
272
FaultloggerdUnwinderTest(const uint8_t * data,size_t size)273 void FaultloggerdUnwinderTest(const uint8_t* data, size_t size)
274 {
275 TestDfxConfig();
276 TestDfxArk(data, size);
277 TestDfxHap(data, size);
278 #if defined(__aarch64__)
279 TestDfxRegsArm64(data, size);
280 #endif
281 TestThreadContext(data, size);
282 TestDfxInstrStatistic(data, size);
283 #if defined(ENABLE_XZUTIL)
284 TestDfxXzUtils(data, size);
285 #endif
286 sleep(1);
287 }
288 } // namespace HiviewDFX
289 } // namespace OHOS
290
291 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)292 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
293 {
294 if (data == nullptr || size == 0) {
295 return 0;
296 }
297
298 /* Run your code on data */
299 OHOS::HiviewDFX::FaultloggerdUnwinderTest(data, size);
300 return 0;
301 }
302