From 944738e2dd96c0ce870786a5ec63a5f0c34b85da Mon Sep 17 00:00:00 2001
From: wangyikai <wangyikai14@huawei.com>
Date: Fri, 19 Jul 2024 19:07:18 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=90hdf=5Fcore=E3=80=91fuzz=E6=B5=8B?=
 =?UTF-8?q?=E8=AF=95=E7=94=A8=E4=BE=8B=E8=A1=A5=E5=85=85?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: wangyikai <wangyikai14@huawei.com>
---
 framework/test/fuzztest/BUILD.gn              |   1 +
 .../support/posix_fuzzer/BUILD.gn             |  40 ++++
 .../support/posix_fuzzer/corpus/init          |   7 +
 .../support/posix_fuzzer/posix_fuzzer.cpp     | 183 ++++++++++++++++++
 .../support/posix_fuzzer/posix_fuzzer.h       |  14 ++
 .../support/posix_fuzzer/project.xml          |  17 ++
 6 files changed, 262 insertions(+)
 create mode 100644 framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/BUILD.gn
 create mode 100644 framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/corpus/init
 create mode 100644 framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/posix_fuzzer.cpp
 create mode 100644 framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/posix_fuzzer.h
 create mode 100644 framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/project.xml

diff --git a/framework/test/fuzztest/BUILD.gn b/framework/test/fuzztest/BUILD.gn
index fa07bb7db..dc8e02cc9 100644
--- a/framework/test/fuzztest/BUILD.gn
+++ b/framework/test/fuzztest/BUILD.gn
@@ -15,6 +15,7 @@ group("hdf_framework_fuzztest") {
     "devmgrservicestub_fuzzer:DevmgrServiceStubFuzzTest",
     "devsvcmanagerstub_fuzzer:DevSvcManagerStubFuzzTest",
     "framework_fuzzer/hcs_fuzzer:HdfHcsFuzzTest",
+    "framework_fuzzer/support/posix_fuzzer:HdfPosixFuzzTest",
     "ioservice_fuzzer/ioserviceadapterobtain_fuzzer:IoserviceAdapterObtainFuzzTest",
     "ioservice_fuzzer/ioservicebind_fuzzer:IoserviceBindFuzzTest",
     "ioservice_fuzzer/ioservicegrouplisten_fuzzer:IoserviceGroupListenFuzzTest",
diff --git a/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/BUILD.gn b/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/BUILD.gn
new file mode 100644
index 000000000..15803fc85
--- /dev/null
+++ b/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/BUILD.gn
@@ -0,0 +1,40 @@
+# Copyright (c) 2024 Huawei Device Co., Ltd.
+#
+# HDF is dual licensed: you can use it either under the terms of
+# the GPL, or the BSD license, at your option.
+# See the LICENSE file in the root of this repository for complete details.
+
+import("//build/config/features.gni")
+import("//build/ohos.gni")
+import("//build/test.gni")
+
+module_output_path = "hdf_core/hdf_core/framework_fuzzer"
+
+hdf_framework_path = "../../../../../../framework"
+hdf_uhdf_path = "../../../../../../adapter/uhdf2"
+
+ohos_fuzztest("HdfPosixFuzzTest") {
+  module_out_path = module_output_path
+
+  fuzz_config_file =
+      "$hdf_framework_path/test/fuzztest/framework_fuzzer/support/posix_fuzzer"
+
+  include_dirs = [ "$hdf_uhdf_path/utils/include" ]
+
+  sources = [ "posix_fuzzer.cpp" ]
+
+  deps = [
+    "$hdf_uhdf_path/pub_utils:libpub_utils",
+    "$hdf_uhdf_path/utils:libhdf_utils",
+  ]
+
+  external_deps = [
+    "c_utils:utils",
+    "hilog:libhilog",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":HdfPosixFuzzTest" ]
+}
diff --git a/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/corpus/init b/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/corpus/init
new file mode 100644
index 000000000..f707fb4e4
--- /dev/null
+++ b/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/corpus/init
@@ -0,0 +1,7 @@
+# Copyright (c) 2024 Huawei Device Co., Ltd.
+#
+# HDF is dual licensed: you can use it either under the terms of
+# the GPL, or the BSD license, at your option.
+# See the LICENSE file in the root of this repository for complete details.
+
+FUZZ
\ No newline at end of file
diff --git a/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/posix_fuzzer.cpp b/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/posix_fuzzer.cpp
new file mode 100644
index 000000000..3b3b161db
--- /dev/null
+++ b/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/posix_fuzzer.cpp
@@ -0,0 +1,183 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ *
+ * HDF is dual licensed: you can use it either under the terms of
+ * the GPL, or the BSD license, at your option.
+ * See the LICENSE file in the root of this repository for complete details.
+ */
+
+#include "hdf_base.h"
+#include "hdf_log.h"
+#include "osal_mem.h"
+#include "osal_sem.h"
+#include "osal_time.h"
+#include "osal_spinlock.h"
+#include "posix_fuzzer.h"
+#include <thread>
+
+namespace OHOS {
+constexpr size_t THRESHOLD = 10;
+#define HDF_LOG_TAG posix_fuzzer
+
+enum FuncId {
+    POSIX_OSALMEMALLOC,
+    POSIX_OSALMEMCALLOC,
+    POSIX_OSALMEMALLOCALIGN,
+    POSIX_OSALSEMWAIT,
+    POSIX_OSALSEMPOST,
+    POSIX_OSALSPINLOCK,
+    POSIX_OSALTIME,
+    HCS_END
+};
+
+void FuncOsalMemAlloc(const uint8_t *data, size_t size)
+{
+    if (size < sizeof(size_t)) {
+        return;
+    }
+
+    size_t sz = *(size_t *)data;
+    uint8_t *mem = (uint8_t *)OsalMemAlloc(sz);
+    if (mem != nullptr) {
+        OsalMemFree(mem);
+    }
+    return;
+}
+
+void FuncOsalMemCalloc(const uint8_t *data, size_t size)
+{
+    if (size < sizeof(size_t)) {
+        return;
+    }
+
+    size_t sz = *(size_t *)data;
+    uint8_t *mem = (uint8_t *)OsalMemCalloc(sz);
+    if (mem != nullptr) {
+        OsalMemFree(mem);
+    }
+    return;
+}
+
+void FuncOsalMemAllocAlign(const uint8_t *data, size_t size)
+{
+    if (size < sizeof(size_t)) {
+        return;
+    }
+    size_t alignment = 8;
+    size_t sz = 0;
+
+    uint8_t *mem = (uint8_t *)OsalMemAllocAlign(alignment, sz);
+    if (mem != nullptr) {
+        OsalMemFree(mem);
+    }
+
+    sz = 4;
+    mem = (uint8_t *)OsalMemAllocAlign(alignment, sz);
+    if (mem != nullptr) {
+        OsalMemFree(mem);
+    }
+    return;
+}
+
+void FuncOsalSemWait(const uint8_t *data, size_t size)
+{
+    OsalSemWait(NULL, 0);
+
+    struct OsalSem sem;
+    OsalSemInit(&sem, 1);
+    OsalSemWait(&sem, ~HDF_WAIT_FOREVER);
+    OsalSemDestroy(&sem);
+    return;
+}
+
+void FuncOsalSemPost(const uint8_t *data, size_t size)
+{
+    struct OsalSem sem;
+    OsalSemInit(&sem, 1);
+    OsalSemPost(&sem);
+    OsalSemDestroy(&sem);
+    return;
+}
+
+void FuncOsalSpinLock(const uint8_t *data, size_t size)
+{
+    OsalSpinInit(NULL);
+    OsalSpinlock spinlock;
+    OsalSpinInit(&spinlock);
+    std::thread thrd([&spinlock] {
+        OsalMSleep(2000);
+        OsalSpinUnlock(&spinlock);
+    });
+    OsalSpinLock(&spinlock);
+    OsalSpinDestroy(&spinlock);
+    return;
+}
+
+void FuncOsalTime(const uint8_t *data, size_t size)
+{
+    OsalGetTime(NULL);
+    OsalTimespec start, end, diff;
+    OsalGetTime(&start);
+    OsalGetTime(&end);
+    OsalDiffTime(&start, &end, &diff);
+    OsalUSleep(1);
+    OsalUDelay(1);
+    OsalMDelay(1);
+    uint64_t st = OsalGetSysTimeMs();
+    (void)st;
+    return;
+}
+
+void FuncSwitch(uint32_t cmd, const uint8_t *data, size_t size)
+{
+    switch (cmd) {
+        case POSIX_OSALMEMALLOC: {
+            FuncOsalMemAlloc(data, size);
+            break;
+        }
+        case POSIX_OSALMEMCALLOC: {
+            FuncOsalMemCalloc(data, size);
+            break;
+        }
+        case POSIX_OSALMEMALLOCALIGN: {
+            FuncOsalMemAllocAlign(data, size);
+            break;
+        }
+        case POSIX_OSALSEMWAIT: {
+            FuncOsalSemWait(data, size);
+            break;
+        }
+        case POSIX_OSALSEMPOST: {
+            FuncOsalSemPost(data, size);
+            break;
+        }
+        case POSIX_OSALSPINLOCK: {
+            FuncOsalSpinLock(data, size);
+            break;
+        }
+        case POSIX_OSALTIME: {
+            FuncOsalTime(data, size);
+            break;
+        }
+        default:
+            return;
+    }
+}
+
+void TraverseAllFunc(const uint8_t *data, size_t size)
+{
+    for (uint32_t cmd = 0; cmd < HCS_END; cmd++) {
+        FuncSwitch(cmd, data, size);
+    }
+}
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    if (size < OHOS::THRESHOLD) {
+        return HDF_SUCCESS;
+    }
+
+    OHOS::TraverseAllFunc(data, size);
+    return HDF_SUCCESS;
+}
diff --git a/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/posix_fuzzer.h b/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/posix_fuzzer.h
new file mode 100644
index 000000000..c30667a39
--- /dev/null
+++ b/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/posix_fuzzer.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ *
+ * HDF is dual licensed: you can use it either under the terms of
+ * the GPL, or the BSD license, at your option.
+ * See the LICENSE file in the root of this repository for complete details.
+ */
+
+#ifndef HDF_POSIX_H
+#define HDF_POSIX_H
+
+#define FUZZ_PROJECT_NAME "posix_fuzzer"
+
+#endif // HDF_POSIX_H
\ No newline at end of file
diff --git a/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/project.xml b/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/project.xml
new file mode 100644
index 000000000..c39057510
--- /dev/null
+++ b/framework/test/fuzztest/framework_fuzzer/support/posix_fuzzer/project.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2024 Huawei Device Co., Ltd.
+
+     HDF is dual licensed: you can use it either under the terms of
+     the GPL, or the BSD license, at your option.
+     See the LICENSE file in the root of this repository for complete details.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>0</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>10</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>128</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
-- 
Gitee