1 /*
2 * Copyright 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <fuzzer/FuzzedDataProvider.h>
18 #include "dispatcher/LatencyTracker.h"
19
20 namespace android {
21
22 namespace inputdispatcher {
23
24 /**
25 * A processor of InputEventTimelines that does nothing with the provided data.
26 */
27 class EmptyProcessor : public InputEventTimelineProcessor {
28 public:
29 /**
30 * Just ignore the provided timeline
31 */
processTimeline(const InputEventTimeline & timeline)32 void processTimeline(const InputEventTimeline& timeline) override {
33 for (const auto& [token, connectionTimeline] : timeline.connectionTimelines) {
34 connectionTimeline.isComplete();
35 }
36 };
37 };
38
getConnectionToken(FuzzedDataProvider & fdp,std::array<sp<IBinder>,10> & tokens)39 static sp<IBinder> getConnectionToken(FuzzedDataProvider& fdp,
40 std::array<sp<IBinder>, 10>& tokens) {
41 const bool useExistingToken = fdp.ConsumeBool();
42 if (useExistingToken) {
43 return tokens[fdp.ConsumeIntegralInRange<size_t>(0ul, tokens.size() - 1)];
44 }
45 return new BBinder();
46 }
47
LLVMFuzzerTestOneInput(uint8_t * data,size_t size)48 extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
49 FuzzedDataProvider fdp(data, size);
50
51 EmptyProcessor emptyProcessor;
52 LatencyTracker tracker(&emptyProcessor);
53
54 // Make some pre-defined tokens to ensure that some timelines are complete.
55 std::array<sp<IBinder> /*token*/, 10> predefinedTokens;
56 for (size_t i = 0; i < predefinedTokens.size(); i++) {
57 predefinedTokens[i] = new BBinder();
58 }
59
60 // Randomly invoke LatencyTracker api's until randomness is exhausted.
61 while (fdp.remaining_bytes() > 0) {
62 fdp.PickValueInArray<std::function<void()>>({
63 [&]() -> void {
64 int32_t inputEventId = fdp.ConsumeIntegral<int32_t>();
65 int32_t isDown = fdp.ConsumeBool();
66 nsecs_t eventTime = fdp.ConsumeIntegral<nsecs_t>();
67 nsecs_t readTime = fdp.ConsumeIntegral<nsecs_t>();
68 tracker.trackListener(inputEventId, isDown, eventTime, readTime);
69 },
70 [&]() -> void {
71 int32_t inputEventId = fdp.ConsumeIntegral<int32_t>();
72 sp<IBinder> connectionToken = getConnectionToken(fdp, predefinedTokens);
73 nsecs_t deliveryTime = fdp.ConsumeIntegral<nsecs_t>();
74 nsecs_t consumeTime = fdp.ConsumeIntegral<nsecs_t>();
75 nsecs_t finishTime = fdp.ConsumeIntegral<nsecs_t>();
76 tracker.trackFinishedEvent(inputEventId, connectionToken, deliveryTime,
77 consumeTime, finishTime);
78 },
79 [&]() -> void {
80 int32_t inputEventId = fdp.ConsumeIntegral<int32_t>();
81 sp<IBinder> connectionToken = getConnectionToken(fdp, predefinedTokens);
82 std::array<nsecs_t, GraphicsTimeline::SIZE> graphicsTimeline;
83 for (size_t i = 0; i < graphicsTimeline.size(); i++) {
84 graphicsTimeline[i] = fdp.ConsumeIntegral<nsecs_t>();
85 }
86 tracker.trackGraphicsLatency(inputEventId, connectionToken, graphicsTimeline);
87 },
88 })();
89 }
90
91 return 0;
92 }
93
94 } // namespace inputdispatcher
95
96 } // namespace android