1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <grpc/event_engine/memory_allocator.h>
16 #include <stddef.h>
17
18 #include <algorithm>
19 #include <map>
20 #include <memory>
21 #include <utility>
22 #include <vector>
23
24 #include "absl/log/check.h"
25 #include "src/core/lib/resource_quota/arena.h"
26 #include "src/core/lib/resource_quota/memory_quota.h"
27 #include "src/core/lib/resource_quota/resource_quota.h"
28 #include "src/core/util/chunked_vector.h"
29 #include "src/core/util/ref_counted_ptr.h"
30 #include "src/libfuzzer/libfuzzer_macro.h"
31 #include "test/core/util/chunked_vector_fuzzer.pb.h"
32
33 bool squelch = true;
34 bool leak_check = true;
35
36 static constexpr size_t kChunkSize = 17;
37 using IntHdl = std::shared_ptr<int>;
38
39 namespace grpc_core {
40 struct Comparison {
Comparisongrpc_core::Comparison41 explicit Comparison(Arena* arena) : chunked(arena) {}
42
43 ChunkedVector<IntHdl, kChunkSize> chunked;
44 std::vector<IntHdl> std;
45
46 // Check that both chunked and std are equivalent.
AssertOkgrpc_core::Comparison47 void AssertOk() const {
48 CHECK(std.size() == chunked.size());
49 auto it_chunked = chunked.cbegin();
50 auto it_std = std.cbegin();
51 while (it_std != std.cend()) {
52 CHECK(**it_std == **it_chunked);
53 ++it_chunked;
54 ++it_std;
55 }
56 CHECK(it_chunked == chunked.cend());
57 }
58 };
59
60 class Fuzzer {
61 public:
62 Fuzzer() = default;
63 ~Fuzzer() = default;
64
Act(const chunked_vector_fuzzer::Action & action)65 void Act(const chunked_vector_fuzzer::Action& action) {
66 switch (action.action_type_case()) {
67 case chunked_vector_fuzzer::Action::kEmplaceBack: {
68 // Add some value to the back of a comparison, assert that both vectors
69 // are equivalent.
70 auto* c = Mutate(action.emplace_back().vector());
71 c->chunked.EmplaceBack(
72 std::make_shared<int>(action.emplace_back().value()));
73 c->std.emplace_back(
74 std::make_shared<int>(action.emplace_back().value()));
75 c->AssertOk();
76 } break;
77 case chunked_vector_fuzzer::Action::kPopBack: {
78 // Remove some value to the back of a comparison, assert that both
79 // vectors are equivalent.
80 auto* c = Mutate(action.pop_back().vector());
81 if (!c->chunked.empty()) {
82 c->chunked.PopBack();
83 c->std.pop_back();
84 c->AssertOk();
85 }
86 } break;
87 case chunked_vector_fuzzer::Action::kCopy: {
88 // Copy one vector into another, assert both everything stays
89 // equivalent.
90 auto it_from = vectors_.find(action.copy().from());
91 if (it_from == vectors_.end()) {
92 it_from =
93 vectors_.emplace(action.copy().from(), Comparison(arena_.get()))
94 .first;
95 }
96 auto it_to = vectors_.find(action.copy().to());
97 if (it_to == vectors_.end()) {
98 it_to = vectors_.emplace(action.copy().to(), it_from->second).first;
99 } else {
100 it_to->second = it_from->second;
101 }
102 it_from->second.AssertOk();
103 it_to->second.AssertOk();
104 } break;
105 case chunked_vector_fuzzer::Action::kMove: {
106 // Move one vector into another, assert both everything stays
107 // equivalent.
108 auto it_from = vectors_.find(action.move().from());
109 if (it_from == vectors_.end()) {
110 it_from =
111 vectors_.emplace(action.move().from(), Comparison(arena_.get()))
112 .first;
113 }
114 auto it_to = vectors_.find(action.move().to());
115 if (it_to == vectors_.end()) {
116 it_to =
117 vectors_.emplace(action.move().to(), std::move(it_from->second))
118 .first;
119 } else {
120 it_to->second = it_from->second;
121 }
122 it_from->second.AssertOk();
123 it_to->second.AssertOk();
124 } break;
125 case chunked_vector_fuzzer::Action::kClear: {
126 // Clear a vector, assert that both underlying vectors are equivalent.
127 auto* c = Mutate(action.clear().vector());
128 c->chunked.Clear();
129 c->std.clear();
130 c->AssertOk();
131 } break;
132 case chunked_vector_fuzzer::Action::kSwap: {
133 // Swap two vectors, assert that both underlying vectors are equivalent.
134 auto* from = Mutate(action.swap().from());
135 auto* to = Mutate(action.swap().to());
136 from->chunked.Swap(&to->chunked);
137 from->std.swap(to->std);
138 from->AssertOk();
139 } break;
140 case chunked_vector_fuzzer::Action::kRemoveIf: {
141 // Apply std::remove_if to a vector, assert that underlying vectors
142 // remain equivalent.
143 auto cond = [&](const IntHdl& hdl) {
144 return *hdl == action.remove_if().value();
145 };
146 auto* c = Mutate(action.remove_if().vector());
147 c->chunked.SetEnd(
148 std::remove_if(c->chunked.begin(), c->chunked.end(), cond));
149 c->std.erase(std::remove_if(c->std.begin(), c->std.end(), cond),
150 c->std.end());
151 c->AssertOk();
152 } break;
153 case chunked_vector_fuzzer::Action::ACTION_TYPE_NOT_SET:
154 break;
155 }
156 }
157
158 private:
Mutate(int index)159 Comparison* Mutate(int index) {
160 auto it = vectors_.find(index);
161 if (it != vectors_.end()) {
162 return &it->second;
163 }
164 return &vectors_.emplace(index, Comparison(arena_.get())).first->second;
165 }
166
167 MemoryAllocator memory_allocator_ = MemoryAllocator(
168 ResourceQuota::Default()->memory_quota()->CreateMemoryAllocator("test"));
169 RefCountedPtr<Arena> arena_ = SimpleArenaAllocator(128)->MakeArena();
170 std::map<int, Comparison> vectors_;
171 };
172 } // namespace grpc_core
173
DEFINE_PROTO_FUZZER(const chunked_vector_fuzzer::Msg & msg)174 DEFINE_PROTO_FUZZER(const chunked_vector_fuzzer::Msg& msg) {
175 grpc_core::Fuzzer fuzzer;
176 for (int i = 0; i < msg.actions_size(); i++) {
177 fuzzer.Act(msg.actions(i));
178 }
179 }
180