1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "faultloggerdunwinder_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #include "dfx_ark.h"
22 #include "dfx_config.h"
23 #include "dfx_hap.h"
24 #include "dfx_regs.h"
25 #include "dfx_xz_utils.h"
26 #include "dwarf_op.h"
27 #include "faultloggerd_fuzzertest_common.h"
28 #include "thread_context.h"
29 #include "unwinder.h"
30 #include "unwind_define.h"
31
32 namespace OHOS {
33 namespace HiviewDFX {
34 const int FAULTLOGGER_FUZZTEST_MAX_STRING_LENGTH = 50;
35
TestDfxConfig()36 void TestDfxConfig()
37 {
38 DfxConfig::GetConfig();
39 }
40
TestGetArkNativeFrameInfo(const uint8_t * data,size_t size)41 void TestGetArkNativeFrameInfo(const uint8_t* data, size_t size)
42 {
43 int pid;
44 uintptr_t pc;
45 uintptr_t fp;
46 uintptr_t sp;
47 int offsetTotalLength = sizeof(pid) + sizeof(pc) + sizeof(fp) + sizeof(sp);
48 if (offsetTotalLength > size) {
49 return;
50 }
51
52 STREAM_TO_VALUEINFO(data, pid);
53 STREAM_TO_VALUEINFO(data, pc);
54 STREAM_TO_VALUEINFO(data, fp);
55 STREAM_TO_VALUEINFO(data, sp);
56
57 const size_t jSFRAME_MAX = 64;
58 JsFrame jsFrames[jSFRAME_MAX];
59
60 DfxArk::GetArkNativeFrameInfo(pid, pc, fp, sp, jsFrames, size);
61 }
62
TestStepArkFrame(const uint8_t * data,size_t size)63 void TestStepArkFrame(const uint8_t* data, size_t size)
64 {
65 uintptr_t pc;
66 uintptr_t fp;
67 uintptr_t sp;
68 uintptr_t methodid;
69 int offsetTotalLength = sizeof(pc) + sizeof(fp) + sizeof(sp) + sizeof(methodid);
70 if (offsetTotalLength > size) {
71 return;
72 }
73
74 STREAM_TO_VALUEINFO(data, pc);
75 STREAM_TO_VALUEINFO(data, fp);
76 STREAM_TO_VALUEINFO(data, sp);
77 STREAM_TO_VALUEINFO(data, methodid);
78 bool isJsFrame = methodid % 2;
79
80 DfxMemory dfxMemory;
81 DfxArk::StepArkFrame(&dfxMemory, &(Unwinder::AccessMem), &fp, &sp, &pc, &methodid, &isJsFrame);
82 }
83
TestStepArkFrameWithJit(const uint8_t * data,size_t size)84 void TestStepArkFrameWithJit(const uint8_t* data, size_t size)
85 {
86 uintptr_t fp;
87 uintptr_t pc;
88 uintptr_t sp;
89 uintptr_t methodid;
90 int offsetTotalLength = sizeof(pc) + sizeof(fp) + sizeof(sp) + sizeof(methodid);
91 if (offsetTotalLength > size) {
92 return;
93 }
94
95 STREAM_TO_VALUEINFO(data, pc);
96 STREAM_TO_VALUEINFO(data, fp);
97 STREAM_TO_VALUEINFO(data, sp);
98 STREAM_TO_VALUEINFO(data, methodid);
99 bool isJsFrame = methodid % 2;
100
101 std::vector<uintptr_t> jitCache_ = {};
102 DfxMemory dfxMemory;
103 ArkUnwindParam arkParam(&dfxMemory, &(Unwinder::AccessMem), &fp, &sp, &pc, &methodid, &isJsFrame, jitCache_);
104 DfxArk::StepArkFrameWithJit(&arkParam);
105 }
106
TestJitCodeWriteFile(const uint8_t * data,size_t size)107 void TestJitCodeWriteFile(const uint8_t* data, size_t size)
108 {
109 int fd;
110 uintptr_t jitCacheData;
111 int offsetTotalLength = sizeof(fd) + sizeof(jitCacheData);
112 if (offsetTotalLength > size) {
113 return;
114 }
115
116 STREAM_TO_VALUEINFO(data, fd);
117 STREAM_TO_VALUEINFO(data, jitCacheData);
118
119 std::vector<uintptr_t> jitCache = {};
120 jitCache.push_back(jitCacheData);
121 DfxMemory dfxMemory;
122 DfxArk::JitCodeWriteFile(&dfxMemory, &(Unwinder::AccessMem), fd, jitCache.data(), jitCache.size());
123 }
124
TestParseArkFrameInfoLocal(const uint8_t * data,size_t size)125 void TestParseArkFrameInfoLocal(const uint8_t* data, size_t size)
126 {
127 uintptr_t pc;
128 uintptr_t funcOffset;
129 uintptr_t mapBegin;
130 uintptr_t offset;
131 int offsetTotalLength = sizeof(pc) + sizeof(funcOffset) + sizeof(mapBegin) + sizeof(offset);
132 if (offsetTotalLength > size) {
133 return;
134 }
135
136 STREAM_TO_VALUEINFO(data, pc);
137 STREAM_TO_VALUEINFO(data, funcOffset);
138 STREAM_TO_VALUEINFO(data, mapBegin);
139 STREAM_TO_VALUEINFO(data, offset);
140
141 JsFunction jsFunction;
142 DfxArk::ParseArkFrameInfoLocal(static_cast<uintptr_t>(pc), static_cast<uintptr_t>(funcOffset),
143 static_cast<uintptr_t>(mapBegin), static_cast<uintptr_t>(offset), &jsFunction);
144 }
145
TestArkCreateJsSymbolExtractor(const uint8_t * data,size_t size)146 void TestArkCreateJsSymbolExtractor(const uint8_t* data, size_t size)
147 {
148 uintptr_t extractorPtr;
149 if (size < sizeof(extractorPtr)) {
150 return;
151 }
152
153 STREAM_TO_VALUEINFO(data, extractorPtr);
154
155 DfxArk::ArkCreateJsSymbolExtractor(&extractorPtr);
156 }
157
TestArkDestoryJsSymbolExtractor(const uint8_t * data,size_t size)158 void TestArkDestoryJsSymbolExtractor(const uint8_t* data, size_t size)
159 {
160 uintptr_t extractorPtr;
161 if (size < sizeof(extractorPtr)) {
162 return;
163 }
164
165 STREAM_TO_VALUEINFO(data, extractorPtr);
166
167 DfxArk::ArkDestoryJsSymbolExtractor(extractorPtr);
168 }
169
TestDfxArk(const uint8_t * data,size_t size)170 void TestDfxArk(const uint8_t* data, size_t size)
171 {
172 TestGetArkNativeFrameInfo(data, size);
173 TestStepArkFrame(data, size);
174 TestStepArkFrameWithJit(data, size);
175 TestJitCodeWriteFile(data, size);
176 TestParseArkFrameInfoLocal(data, size);
177 TestArkCreateJsSymbolExtractor(data, size);
178 }
179
TestDfxHap(const uint8_t * data,size_t size)180 void TestDfxHap(const uint8_t* data, size_t size)
181 {
182 pid_t pid;
183 uint64_t pc;
184 uintptr_t methodid;
185 uintptr_t offset;
186 unsigned int offsetTotalLength = sizeof(pid) + sizeof(pc) + sizeof(methodid) + sizeof(offset);
187 if (offsetTotalLength > size) {
188 return;
189 }
190
191 STREAM_TO_VALUEINFO(data, pid);
192 STREAM_TO_VALUEINFO(data, pc);
193 STREAM_TO_VALUEINFO(data, methodid);
194 STREAM_TO_VALUEINFO(data, offset);
195
196 auto map = std::make_shared<DfxMap>();
197 JsFunction jsFunction;
198 DfxHap dfxHap;
199 dfxHap.ParseHapInfo(pid, pc, methodid, map, &jsFunction);
200 }
201
202 #if defined(__aarch64__)
TestSetFromFpMiniRegs(const uint8_t * data,size_t size)203 void TestSetFromFpMiniRegs(const uint8_t* data, size_t size)
204 {
205 uintptr_t regs[FP_MINI_REGS_SIZE];
206 if (size < sizeof(regs)) {
207 return;
208 }
209
210 STREAM_TO_VALUEINFO(data, regs);
211
212 auto dfxregs = std::make_shared<DfxRegsArm64>();
213 dfxregs->SetFromFpMiniRegs(regs, FP_MINI_REGS_SIZE);
214 }
215 #endif
216
217 #if defined(__aarch64__)
TestSetFromQutMiniRegs(const uint8_t * data,size_t size)218 void TestSetFromQutMiniRegs(const uint8_t* data, size_t size)
219 {
220 uintptr_t regs[QUT_MINI_REGS_SIZE];
221 if (size < sizeof(regs)) {
222 return;
223 }
224
225 STREAM_TO_VALUEINFO(data, regs);
226
227 auto dfxregs = std::make_shared<DfxRegsArm64>();
228 dfxregs->SetFromQutMiniRegs(regs, QUT_MINI_REGS_SIZE);
229 }
230 #endif
231
232 #if defined(__aarch64__)
TestDfxRegsArm64(const uint8_t * data,size_t size)233 void TestDfxRegsArm64(const uint8_t* data, size_t size)
234 {
235 TestSetFromFpMiniRegs(data, size);
236 TestSetFromQutMiniRegs(data, size);
237 }
238 #endif
239
TestThreadContext(const uint8_t * data,size_t size)240 void TestThreadContext(const uint8_t* data, size_t size)
241 {
242 int32_t tid;
243 uintptr_t stackBottom;
244 uintptr_t stackTop;
245 unsigned int offsetTotalLength = sizeof(tid) + sizeof(stackBottom) + sizeof(stackTop);
246 if (offsetTotalLength > size) {
247 return;
248 }
249
250 STREAM_TO_VALUEINFO(data, tid);
251 STREAM_TO_VALUEINFO(data, stackBottom);
252 STREAM_TO_VALUEINFO(data, stackTop);
253
254 LocalThreadContext& context = LocalThreadContext::GetInstance();
255 context.GetStackRange(tid, stackBottom, stackTop);
256 context.CollectThreadContext(tid);
257 context.GetThreadContext(tid);
258 context.ReleaseThread(tid);
259 }
260
TestDfxInstrStatistic(const uint8_t * data,size_t size)261 void TestDfxInstrStatistic(const uint8_t* data, size_t size)
262 {
263 uint32_t type;
264 uint64_t val;
265 uint64_t errInfo;
266 unsigned int offsetTotalLength = sizeof(type) + sizeof(val) + sizeof(errInfo) +
267 FAULTLOGGER_FUZZTEST_MAX_STRING_LENGTH;
268 if (offsetTotalLength > size) {
269 return;
270 }
271
272 STREAM_TO_VALUEINFO(data, type);
273 type = type % 10; // 10 : get the last digit of the number
274 STREAM_TO_VALUEINFO(data, val);
275 STREAM_TO_VALUEINFO(data, errInfo);
276
277 std::string soName(reinterpret_cast<const char*>(data), FAULTLOGGER_FUZZTEST_MAX_STRING_LENGTH);
278 data += FAULTLOGGER_FUZZTEST_MAX_STRING_LENGTH;
279
280 InstrStatisticType statisticType;
281 if (type == 0) {
282 statisticType = InstrStatisticType::InstructionEntriesArmExidx;
283 } else {
284 statisticType = InstrStatisticType::UnsupportedArmExidx;
285 }
286 DfxInstrStatistic& statistic = DfxInstrStatistic::GetInstance();
287 statistic.SetCurrentStatLib(soName);
288 statistic.AddInstrStatistic(statisticType, val, errInfo);
289 std::vector<std::pair<uint32_t, uint32_t>> result;
290 statistic.DumpInstrStatResult(result);
291 }
292
TestDfxXzUtils(const uint8_t * data,size_t size)293 void TestDfxXzUtils(const uint8_t* data, size_t size)
294 {
295 std::shared_ptr<std::vector<uint8_t>> out = std::make_shared<std::vector<uint8_t>>();
296 XzDecompress(data, size, out);
297 }
298
FaultloggerdUnwinderTest(const uint8_t * data,size_t size)299 void FaultloggerdUnwinderTest(const uint8_t* data, size_t size)
300 {
301 TestDfxConfig();
302 TestDfxArk(data, size);
303 TestDfxHap(data, size);
304 #if defined(__aarch64__)
305 TestDfxRegsArm64(data, size);
306 #endif
307 TestThreadContext(data, size);
308 TestDfxInstrStatistic(data, size);
309 TestDfxXzUtils(data, size);
310 sleep(1);
311 }
312 } // namespace HiviewDFX
313 } // namespace OHOS
314
315 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)316 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
317 {
318 if (data == nullptr || size == 0) {
319 return 0;
320 }
321
322 /* Run your code on data */
323 OHOS::HiviewDFX::FaultloggerdUnwinderTest(data, size);
324 return 0;
325 }
326