Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
zhanglei
/
soft_bus
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Gałąź: master
Gałęzie Tagi
soft_bus
/
rocksdb
/
fuzz
/
db_fuzzer.cc

db_fuzzer.cc 5.9 KB
Bezpośredni odnośnik Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172 
  1. //  Copyright (c) Meta Platforms, Inc. and affiliates.
    2. 

  2. //
    3. 

  3. //  This source code is licensed under both the GPLv2 (found in the
    4. 

  4. //  COPYING file in the root directory) and Apache 2.0 License
    5. 

  5. //  (found in the LICENSE.Apache file in the root directory).
    6. 

  6. 

  7. #include <fuzzer/FuzzedDataProvider.h>
    8. 

  8. 

  9. #include "rocksdb/db.h"
    10. 

  10. 

  11. enum OperationType {
    12. 

  12.   kPut,
    13. 

  13.   kGet,
    14. 

  14.   kDelete,
    15. 

  15.   kGetProperty,
    16. 

  16.   kIterator,
    17. 

  17.   kSnapshot,
    18. 

  18.   kOpenClose,
    19. 

  19.   kColumn,
    20. 

  20.   kCompactRange,
    21. 

  21.   kSeekForPrev,
    22. 

  22.   OP_COUNT
    23. 

  23. };
    24. 

  24. 

  25. constexpr char db_path[] = "/tmp/testdb";
    26. 

  26. 

  27. // Fuzzes DB operations by doing interpretations on the data. Both the
    28. 

  28. // sequence of API calls to be called on the DB as well as the arguments
    29. 

  29. // to each of these APIs are interpreted by way of the data buffer.
    30. 

  30. // The operations that the fuzzer supports are given by the OperationType
    31. 

  31. // enum. The goal is to capture sanitizer bugs, so the code should be
    32. 

  32. // compiled with a given sanitizer (ASan, UBSan, MSan).
    33. 

  33. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
    34. 

  34.   ROCKSDB_NAMESPACE::DB* db;
    35. 

  35.   ROCKSDB_NAMESPACE::Options options;
    36. 

  36.   options.create_if_missing = true;
    37. 

  37.   ROCKSDB_NAMESPACE::Status status =
    38. 

  38.       ROCKSDB_NAMESPACE::DB::Open(options, db_path, &db);
    39. 

  39.   if (!status.ok()) {
    40. 

  40.     return 0;
    41. 

  41.   }
    42. 

  42.   FuzzedDataProvider fuzzed_data(data, size);
    43. 

  43. 

  44.   // perform a sequence of calls on our db instance
    45. 

  45.   int max_iter = static_cast<int>(data[0]);
    46. 

  46.   for (int i = 0; i < max_iter && i < size; i++) {
    47. 

  47.     OperationType op = static_cast<OperationType>(data[i] % OP_COUNT);
    48. 

  48. 

  49.     switch (op) {
    50. 

  50.       case kPut: {
    51. 

  51.         std::string key = fuzzed_data.ConsumeRandomLengthString();
    52. 

  52.         std::string val = fuzzed_data.ConsumeRandomLengthString();
    53. 

  53.         db->Put(ROCKSDB_NAMESPACE::WriteOptions(), key, val);
    54. 

  54.         break;
    55. 

  55.       }
    56. 

  56.       case kGet: {
    57. 

  57.         std::string key = fuzzed_data.ConsumeRandomLengthString();
    58. 

  58.         std::string value;
    59. 

  59.         db->Get(ROCKSDB_NAMESPACE::ReadOptions(), key, &value);
    60. 

  60.         break;
    61. 

  61.       }
    62. 

  62.       case kDelete: {
    63. 

  63.         std::string key = fuzzed_data.ConsumeRandomLengthString();
    64. 

  64.         db->Delete(ROCKSDB_NAMESPACE::WriteOptions(), key);
    65. 

  65.         break;
    66. 

  66.       }
    67. 

  67.       case kGetProperty: {
    68. 

  68.         std::string prop;
    69. 

  69.         std::string property_name = fuzzed_data.ConsumeRandomLengthString();
    70. 

  70.         db->GetProperty(property_name, &prop);
    71. 

  71.         break;
    72. 

  72.       }
    73. 

  73.       case kIterator: {
    74. 

  74.         ROCKSDB_NAMESPACE::Iterator* it =
    75. 

  75.             db->NewIterator(ROCKSDB_NAMESPACE::ReadOptions());
    76. 

  76.         for (it->SeekToFirst(); it->Valid(); it->Next()) {
    77. 

  77.         }
    78. 

  78.         delete it;
    79. 

  79.         break;
    80. 

  80.       }
    81. 

  81.       case kSnapshot: {
    82. 

  82.         ROCKSDB_NAMESPACE::ReadOptions snapshot_options;
    83. 

  83.         snapshot_options.snapshot = db->GetSnapshot();
    84. 

  84.         ROCKSDB_NAMESPACE::Iterator* it = db->NewIterator(snapshot_options);
    85. 

  85.         db->ReleaseSnapshot(snapshot_options.snapshot);
    86. 

  86.         delete it;
    87. 

  87.         break;
    88. 

  88.       }
    89. 

  89.       case kOpenClose: {
    90. 

  90.         db->Close();
    91. 

  91.         delete db;
    92. 

  92.         status = ROCKSDB_NAMESPACE::DB::Open(options, db_path, &db);
    93. 

  93.         if (!status.ok()) {
    94. 

  94.           ROCKSDB_NAMESPACE::DestroyDB(db_path, options);
    95. 

  95.           return 0;
    96. 

  96.         }
    97. 

  97. 

  98.         break;
    99. 

  99.       }
    100. 

  100.       case kColumn: {
    101. 

  101.         ROCKSDB_NAMESPACE::ColumnFamilyHandle* cf;
    102. 

  102.         ROCKSDB_NAMESPACE::Status s;
    103. 

  103.         s = db->CreateColumnFamily(ROCKSDB_NAMESPACE::ColumnFamilyOptions(),
    104. 

  104.                                    "new_cf", &cf);
    105. 

  105.         s = db->DestroyColumnFamilyHandle(cf);
    106. 

  106.         db->Close();
    107. 

  107.         delete db;
    108. 

  108. 

  109.         // open DB with two column families
    110. 

  110.         std::vector<ROCKSDB_NAMESPACE::ColumnFamilyDescriptor> column_families;
    111. 

  111.         // have to open default column family
    112. 

  112.         column_families.push_back(ROCKSDB_NAMESPACE::ColumnFamilyDescriptor(
    113. 

  113.             ROCKSDB_NAMESPACE::kDefaultColumnFamilyName,
    114. 

  114.             ROCKSDB_NAMESPACE::ColumnFamilyOptions()));
    115. 

  115.         // open the new one, too
    116. 

  116.         column_families.push_back(ROCKSDB_NAMESPACE::ColumnFamilyDescriptor(
    117. 

  117.             "new_cf", ROCKSDB_NAMESPACE::ColumnFamilyOptions()));
    118. 

  118.         std::vector<ROCKSDB_NAMESPACE::ColumnFamilyHandle*> handles;
    119. 

  119.         s = ROCKSDB_NAMESPACE::DB::Open(ROCKSDB_NAMESPACE::DBOptions(), db_path,
    120. 

  120.                                         column_families, &handles, &db);
    121. 

  121. 

  122.         if (s.ok()) {
    123. 

  123.           std::string key1 = fuzzed_data.ConsumeRandomLengthString();
    124. 

  124.           std::string val1 = fuzzed_data.ConsumeRandomLengthString();
    125. 

  125.           std::string key2 = fuzzed_data.ConsumeRandomLengthString();
    126. 

  126.           s = db->Put(ROCKSDB_NAMESPACE::WriteOptions(), handles[1], key1,
    127. 

  127.                       val1);
    128. 

  128.           std::string value;
    129. 

  129.           s = db->Get(ROCKSDB_NAMESPACE::ReadOptions(), handles[1], key2,
    130. 

  130.                       &value);
    131. 

  131.           s = db->DropColumnFamily(handles[1]);
    132. 

  132.           for (auto handle : handles) {
    133. 

  133.             s = db->DestroyColumnFamilyHandle(handle);
    134. 

  134.           }
    135. 

  135.         } else {
    136. 

  136.           status = ROCKSDB_NAMESPACE::DB::Open(options, db_path, &db);
    137. 

  137.           if (!status.ok()) {
    138. 

  138.             // At this point there is no saving to do. So we exit
    139. 

  139.             ROCKSDB_NAMESPACE::DestroyDB(db_path, ROCKSDB_NAMESPACE::Options());
    140. 

  140.             return 0;
    141. 

  141.           }
    142. 

  142.         }
    143. 

  143.         break;
    144. 

  144.       }
    145. 

  145.       case kCompactRange: {
    146. 

  146.         std::string slice_start = fuzzed_data.ConsumeRandomLengthString();
    147. 

  147.         std::string slice_end = fuzzed_data.ConsumeRandomLengthString();
    148. 

  148. 

  149.         ROCKSDB_NAMESPACE::Slice begin(slice_start);
    150. 

  150.         ROCKSDB_NAMESPACE::Slice end(slice_end);
    151. 

  151.         ROCKSDB_NAMESPACE::CompactRangeOptions options;
    152. 

  152.         ROCKSDB_NAMESPACE::Status s = db->CompactRange(options, &begin, &end);
    153. 

  153.         break;
    154. 

  154.       }
    155. 

  155.       case kSeekForPrev: {
    156. 

  156.         std::string key = fuzzed_data.ConsumeRandomLengthString();
    157. 

  157.         auto iter = db->NewIterator(ROCKSDB_NAMESPACE::ReadOptions());
    158. 

  158.         iter->SeekForPrev(key);
    159. 

  159.         delete iter;
    160. 

  160.         break;
    161. 

  161.       }
    162. 

  162.       case OP_COUNT:
    163. 

  163.         break;
    164. 

  164.     }
    165. 

  165.   }
    166. 

  166. 

  167.   // Cleanup DB
    168. 

  168.   db->Close();
    169. 

  169.   delete db;
    170. 

  170.   ROCKSDB_NAMESPACE::DestroyDB(db_path, options);
    171. 

  171.   return 0;
    172. 

  172. }
    173.