|
|
@ -73,6 +73,7 @@ |
|
|
|
#include "src/libfuzzer/libfuzzer_macro.h" |
|
|
|
#include "src/libfuzzer/libfuzzer_macro.h" |
|
|
|
#include "test/core/end2end/data/ssl_test_data.h" |
|
|
|
#include "test/core/end2end/data/ssl_test_data.h" |
|
|
|
#include "test/core/end2end/fuzzers/api_fuzzer.pb.h" |
|
|
|
#include "test/core/end2end/fuzzers/api_fuzzer.pb.h" |
|
|
|
|
|
|
|
#include "test/core/end2end/fuzzers/fuzzing_common.h" |
|
|
|
#include "test/core/event_engine/fuzzing_event_engine/fuzzing_event_engine.h" |
|
|
|
#include "test/core/event_engine/fuzzing_event_engine/fuzzing_event_engine.h" |
|
|
|
#include "test/core/event_engine/fuzzing_event_engine/fuzzing_event_engine.pb.h" |
|
|
|
#include "test/core/event_engine/fuzzing_event_engine/fuzzing_event_engine.pb.h" |
|
|
|
#include "test/core/util/fuzz_config_vars.h" |
|
|
|
#include "test/core/util/fuzz_config_vars.h" |
|
|
@ -95,15 +96,6 @@ bool leak_check = true; |
|
|
|
|
|
|
|
|
|
|
|
static void dont_log(gpr_log_func_args* /*args*/) {} |
|
|
|
static void dont_log(gpr_log_func_args* /*args*/) {} |
|
|
|
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
// global state
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static grpc_server* g_server; |
|
|
|
|
|
|
|
static grpc_channel* g_channel; |
|
|
|
|
|
|
|
static grpc_resource_quota* g_resource_quota; |
|
|
|
|
|
|
|
static std::vector<grpc_passthru_endpoint_channel_action> g_channel_actions; |
|
|
|
|
|
|
|
static std::atomic<bool> g_channel_force_delete{false}; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
// dns resolution
|
|
|
|
// dns resolution
|
|
|
|
|
|
|
|
|
|
|
@ -249,6 +241,73 @@ grpc_ares_request* my_dns_lookup_ares( |
|
|
|
static void my_cancel_ares_request(grpc_ares_request* request) { |
|
|
|
static void my_cancel_ares_request(grpc_ares_request* request) { |
|
|
|
GPR_ASSERT(request == nullptr); |
|
|
|
GPR_ASSERT(request == nullptr); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
// globals
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Call; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
namespace grpc { |
|
|
|
|
|
|
|
namespace testing { |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class ApiFuzzer : public BasicFuzzer { |
|
|
|
|
|
|
|
public: |
|
|
|
|
|
|
|
ApiFuzzer(); |
|
|
|
|
|
|
|
~ApiFuzzer() override; |
|
|
|
|
|
|
|
Call* ActiveCall(); |
|
|
|
|
|
|
|
bool Continue(); |
|
|
|
|
|
|
|
void TryShutdown(); |
|
|
|
|
|
|
|
void Tick(); |
|
|
|
|
|
|
|
grpc_server* Server() { return server_; } |
|
|
|
|
|
|
|
const std::vector<grpc_passthru_endpoint_channel_action>& ChannelActions() { |
|
|
|
|
|
|
|
return channel_actions_; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private: |
|
|
|
|
|
|
|
Result PollCq() override; |
|
|
|
|
|
|
|
Result CreateChannel( |
|
|
|
|
|
|
|
const api_fuzzer::CreateChannel& create_channel) override; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Result CloseChannel() override; |
|
|
|
|
|
|
|
Result CreateServer(const api_fuzzer::CreateServer& create_server) override; |
|
|
|
|
|
|
|
Result ShutdownServer() override; |
|
|
|
|
|
|
|
Result CancelAllCallsIfShutdown() override; |
|
|
|
|
|
|
|
Result DestroyServerIfReady() override; |
|
|
|
|
|
|
|
Result CheckConnectivity(bool try_to_connect) override; |
|
|
|
|
|
|
|
Result WatchConnectivity(uint32_t duration_us) override; |
|
|
|
|
|
|
|
Result CreateCall(const api_fuzzer::CreateCall& create_call) override; |
|
|
|
|
|
|
|
Result QueueBatchForActiveCall(const api_fuzzer::Batch& queue_batch) override; |
|
|
|
|
|
|
|
Result ChangeActiveCall() override; |
|
|
|
|
|
|
|
Result CancelActiveCall() override; |
|
|
|
|
|
|
|
Result SendPingOnChannel() override; |
|
|
|
|
|
|
|
Result ServerRequestCall() override; |
|
|
|
|
|
|
|
Result DestroyActiveCall() override; |
|
|
|
|
|
|
|
Result ValidatePeerForActiveCall() override; |
|
|
|
|
|
|
|
Result ValidateChannelTarget() override; |
|
|
|
|
|
|
|
Result ResizeResourceQuota(uint32_t resize_resource_quota) override; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
std::shared_ptr<FuzzingEventEngine> engine_; |
|
|
|
|
|
|
|
grpc_completion_queue* cq_ = nullptr; |
|
|
|
|
|
|
|
grpc_server* server_ = nullptr; |
|
|
|
|
|
|
|
grpc_channel* channel_ = nullptr; |
|
|
|
|
|
|
|
grpc_resource_quota* resource_quota_; |
|
|
|
|
|
|
|
std::vector<grpc_passthru_endpoint_channel_action> channel_actions_; |
|
|
|
|
|
|
|
std::atomic<bool> channel_force_delete_{false}; |
|
|
|
|
|
|
|
std::vector<std::shared_ptr<Call>> calls_; |
|
|
|
|
|
|
|
size_t active_call_ = 0; |
|
|
|
|
|
|
|
bool server_shutdown_ = false; |
|
|
|
|
|
|
|
int pending_server_shutdowns_ = 0; |
|
|
|
|
|
|
|
int pending_channel_watches_ = 0; |
|
|
|
|
|
|
|
int pending_pings_ = 0; |
|
|
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
} // namespace testing
|
|
|
|
|
|
|
|
} // namespace grpc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
namespace { |
|
|
|
|
|
|
|
grpc::testing::ApiFuzzer* g_api_fuzzer = nullptr; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
// client connection
|
|
|
|
// client connection
|
|
|
|
|
|
|
|
|
|
|
@ -262,15 +321,16 @@ typedef struct { |
|
|
|
} future_connect; |
|
|
|
} future_connect; |
|
|
|
|
|
|
|
|
|
|
|
static void do_connect(future_connect fc) { |
|
|
|
static void do_connect(future_connect fc) { |
|
|
|
if (g_server != nullptr) { |
|
|
|
if (g_api_fuzzer->Server() != nullptr) { |
|
|
|
grpc_endpoint* client; |
|
|
|
grpc_endpoint* client; |
|
|
|
grpc_endpoint* server; |
|
|
|
grpc_endpoint* server; |
|
|
|
grpc_passthru_endpoint_create(&client, &server, nullptr, true); |
|
|
|
grpc_passthru_endpoint_create(&client, &server, nullptr, true); |
|
|
|
*fc.ep = client; |
|
|
|
*fc.ep = client; |
|
|
|
start_scheduling_grpc_passthru_endpoint_channel_effects(client, |
|
|
|
start_scheduling_grpc_passthru_endpoint_channel_effects( |
|
|
|
g_channel_actions); |
|
|
|
client, g_api_fuzzer->ChannelActions()); |
|
|
|
|
|
|
|
|
|
|
|
grpc_core::Server* core_server = grpc_core::Server::FromC(g_server); |
|
|
|
grpc_core::Server* core_server = |
|
|
|
|
|
|
|
grpc_core::Server::FromC(g_api_fuzzer->Server()); |
|
|
|
grpc_transport* transport = grpc_create_chttp2_transport( |
|
|
|
grpc_transport* transport = grpc_create_chttp2_transport( |
|
|
|
core_server->channel_args(), server, false); |
|
|
|
core_server->channel_args(), server, false); |
|
|
|
GPR_ASSERT(GRPC_LOG_IF_ERROR( |
|
|
|
GPR_ASSERT(GRPC_LOG_IF_ERROR( |
|
|
@ -520,8 +580,8 @@ class Call : public std::enable_shared_from_this<Call> { |
|
|
|
case api_fuzzer::BatchOp::kReceiveMessage: |
|
|
|
case api_fuzzer::BatchOp::kReceiveMessage: |
|
|
|
// Allow only one active pending_recv_message_op to exist. Otherwise if
|
|
|
|
// Allow only one active pending_recv_message_op to exist. Otherwise if
|
|
|
|
// the previous enqueued recv_message_op is not complete by the time
|
|
|
|
// the previous enqueued recv_message_op is not complete by the time
|
|
|
|
// we get here, then under certain conditions, enqueing this op will
|
|
|
|
// we get here, then under certain conditions, enqueuing this op will
|
|
|
|
// over-write the internal call->receiving_buffer maintained by grpc
|
|
|
|
// overwrite the internal call->receiving_buffer maintained by grpc
|
|
|
|
// leading to a memory leak.
|
|
|
|
// leading to a memory leak.
|
|
|
|
if (call_closed_ || pending_recv_message_op_) { |
|
|
|
if (call_closed_ || pending_recv_message_op_) { |
|
|
|
*batch_is_ok = false; |
|
|
|
*batch_is_ok = false; |
|
|
@ -613,22 +673,6 @@ class Call : public std::enable_shared_from_this<Call> { |
|
|
|
std::vector<grpc_slice> unref_slices_; |
|
|
|
std::vector<grpc_slice> unref_slices_; |
|
|
|
}; |
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
static std::vector<std::shared_ptr<Call>> g_calls; |
|
|
|
|
|
|
|
static size_t g_active_call = 0; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static Call* ActiveCall() { |
|
|
|
|
|
|
|
while (!g_calls.empty()) { |
|
|
|
|
|
|
|
if (g_active_call >= g_calls.size()) { |
|
|
|
|
|
|
|
g_active_call = 0; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if (g_calls[g_active_call] != nullptr && !g_calls[g_active_call]->done()) { |
|
|
|
|
|
|
|
return g_calls[g_active_call].get(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
g_calls.erase(g_calls.begin() + g_active_call); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return nullptr; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Call::~Call() { |
|
|
|
Call::~Call() { |
|
|
|
if (call_ != nullptr) { |
|
|
|
if (call_ != nullptr) { |
|
|
|
grpc_call_unref(call_); |
|
|
|
grpc_call_unref(call_); |
|
|
@ -653,7 +697,8 @@ Call::~Call() { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
template <typename ChannelArgContainer> |
|
|
|
template <typename ChannelArgContainer> |
|
|
|
grpc_channel_args* ReadArgs(const ChannelArgContainer& args) { |
|
|
|
grpc_channel_args* ReadArgs(grpc_resource_quota* resource_quota, |
|
|
|
|
|
|
|
const ChannelArgContainer& args) { |
|
|
|
grpc_channel_args* res = |
|
|
|
grpc_channel_args* res = |
|
|
|
static_cast<grpc_channel_args*>(gpr_malloc(sizeof(grpc_channel_args))); |
|
|
|
static_cast<grpc_channel_args*>(gpr_malloc(sizeof(grpc_channel_args))); |
|
|
|
res->args = |
|
|
|
res->args = |
|
|
@ -671,9 +716,9 @@ grpc_channel_args* ReadArgs(const ChannelArgContainer& args) { |
|
|
|
break; |
|
|
|
break; |
|
|
|
case api_fuzzer::ChannelArg::kResourceQuota: |
|
|
|
case api_fuzzer::ChannelArg::kResourceQuota: |
|
|
|
if (args[i].key() != GRPC_ARG_RESOURCE_QUOTA) continue; |
|
|
|
if (args[i].key() != GRPC_ARG_RESOURCE_QUOTA) continue; |
|
|
|
grpc_resource_quota_ref(g_resource_quota); |
|
|
|
grpc_resource_quota_ref(resource_quota); |
|
|
|
res->args[j].type = GRPC_ARG_POINTER; |
|
|
|
res->args[j].type = GRPC_ARG_POINTER; |
|
|
|
res->args[j].value.pointer.p = g_resource_quota; |
|
|
|
res->args[j].value.pointer.p = resource_quota; |
|
|
|
res->args[j].value.pointer.vtable = grpc_resource_quota_arg_vtable(); |
|
|
|
res->args[j].value.pointer.vtable = grpc_resource_quota_arg_vtable(); |
|
|
|
break; |
|
|
|
break; |
|
|
|
case api_fuzzer::ChannelArg::VALUE_NOT_SET: |
|
|
|
case api_fuzzer::ChannelArg::VALUE_NOT_SET: |
|
|
@ -802,19 +847,11 @@ static grpc_channel_credentials* ReadChannelCreds( |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
DEFINE_PROTO_FUZZER(const api_fuzzer::Msg& msg) { |
|
|
|
namespace grpc { |
|
|
|
if (squelch && !grpc_core::GetEnv("GRPC_TRACE_FUZZER").has_value()) { |
|
|
|
namespace testing { |
|
|
|
gpr_set_log_function(dont_log); |
|
|
|
|
|
|
|
} |
|
|
|
ApiFuzzer::ApiFuzzer() { |
|
|
|
if (msg.has_config_vars()) { |
|
|
|
engine_ = |
|
|
|
grpc_core::ApplyFuzzConfigVars(msg.config_vars()); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
grpc_event_engine::experimental::SetEventEngineFactory( |
|
|
|
|
|
|
|
[actions = msg.event_engine_actions()]() { |
|
|
|
|
|
|
|
return std::make_unique<FuzzingEventEngine>( |
|
|
|
|
|
|
|
FuzzingEventEngine::Options(), actions); |
|
|
|
|
|
|
|
}); |
|
|
|
|
|
|
|
auto engine = |
|
|
|
|
|
|
|
std::dynamic_pointer_cast<FuzzingEventEngine>(GetDefaultEventEngine()); |
|
|
|
std::dynamic_pointer_cast<FuzzingEventEngine>(GetDefaultEventEngine()); |
|
|
|
grpc_init(); |
|
|
|
grpc_init(); |
|
|
|
grpc_set_tcp_client_impl(&fuzz_tcp_client_vtable); |
|
|
|
grpc_set_tcp_client_impl(&fuzz_tcp_client_vtable); |
|
|
@ -824,114 +861,122 @@ DEFINE_PROTO_FUZZER(const api_fuzzer::Msg& msg) { |
|
|
|
grpc_core::Executor::SetThreadingAll(false); |
|
|
|
grpc_core::Executor::SetThreadingAll(false); |
|
|
|
} |
|
|
|
} |
|
|
|
grpc_core::ResetDNSResolver( |
|
|
|
grpc_core::ResetDNSResolver( |
|
|
|
std::make_unique<FuzzerDNSResolver>(engine.get())); |
|
|
|
std::make_unique<FuzzerDNSResolver>(engine_.get())); |
|
|
|
grpc_dns_lookup_hostname_ares = my_dns_lookup_ares; |
|
|
|
grpc_dns_lookup_hostname_ares = my_dns_lookup_ares; |
|
|
|
grpc_cancel_ares_request = my_cancel_ares_request; |
|
|
|
grpc_cancel_ares_request = my_cancel_ares_request; |
|
|
|
|
|
|
|
|
|
|
|
GPR_ASSERT(g_channel == nullptr); |
|
|
|
GPR_ASSERT(channel_ == nullptr); |
|
|
|
GPR_ASSERT(g_server == nullptr); |
|
|
|
GPR_ASSERT(server_ == nullptr); |
|
|
|
|
|
|
|
|
|
|
|
bool server_shutdown = false; |
|
|
|
|
|
|
|
int pending_server_shutdowns = 0; |
|
|
|
|
|
|
|
int pending_channel_watches = 0; |
|
|
|
|
|
|
|
int pending_pings = 0; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
g_resource_quota = grpc_resource_quota_create("api_fuzzer"); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
grpc_completion_queue* cq = grpc_completion_queue_create_for_next(nullptr); |
|
|
|
resource_quota_ = grpc_resource_quota_create("api_fuzzer"); |
|
|
|
|
|
|
|
cq_ = grpc_completion_queue_create_for_next(nullptr); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
int action_index = 0; |
|
|
|
Call* ApiFuzzer::ActiveCall() { |
|
|
|
auto no_more_actions = [&]() { action_index = msg.actions_size(); }; |
|
|
|
while (!calls_.empty()) { |
|
|
|
auto poll_cq = [&]() -> bool { |
|
|
|
if (active_call_ >= calls_.size()) { |
|
|
|
grpc_event ev = grpc_completion_queue_next( |
|
|
|
active_call_ = 0; |
|
|
|
cq, gpr_inf_past(GPR_CLOCK_REALTIME), nullptr); |
|
|
|
|
|
|
|
switch (ev.type) { |
|
|
|
|
|
|
|
case GRPC_OP_COMPLETE: { |
|
|
|
|
|
|
|
static_cast<Validator*>(ev.tag)->Run(ev.success); |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
case GRPC_QUEUE_TIMEOUT: |
|
|
|
if (calls_[active_call_] != nullptr && !calls_[active_call_]->done()) { |
|
|
|
break; |
|
|
|
return calls_[active_call_].get(); |
|
|
|
case GRPC_QUEUE_SHUTDOWN: |
|
|
|
|
|
|
|
return true; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
return false; |
|
|
|
calls_.erase(calls_.begin() + active_call_); |
|
|
|
}; |
|
|
|
} |
|
|
|
|
|
|
|
return nullptr; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
while (action_index < msg.actions_size() || g_channel != nullptr || |
|
|
|
bool ApiFuzzer::Continue() { |
|
|
|
g_server != nullptr || pending_channel_watches > 0 || |
|
|
|
return channel_ != nullptr || server_ != nullptr || |
|
|
|
pending_pings > 0 || ActiveCall() != nullptr) { |
|
|
|
pending_channel_watches_ > 0 || pending_pings_ > 0 || |
|
|
|
engine->Tick(); |
|
|
|
ActiveCall() != nullptr; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (action_index == msg.actions_size()) { |
|
|
|
void ApiFuzzer::TryShutdown() { |
|
|
|
engine->FuzzingDone(); |
|
|
|
engine_->FuzzingDone(); |
|
|
|
if (g_channel != nullptr) { |
|
|
|
if (channel_ != nullptr) { |
|
|
|
grpc_channel_destroy(g_channel); |
|
|
|
grpc_channel_destroy(channel_); |
|
|
|
g_channel = nullptr; |
|
|
|
channel_ = nullptr; |
|
|
|
} |
|
|
|
} |
|
|
|
if (g_server != nullptr) { |
|
|
|
if (server_ != nullptr) { |
|
|
|
if (!server_shutdown) { |
|
|
|
if (!server_shutdown_) { |
|
|
|
grpc_server_shutdown_and_notify( |
|
|
|
grpc_server_shutdown_and_notify( |
|
|
|
g_server, cq, |
|
|
|
server_, cq_, AssertSuccessAndDecrement(&pending_server_shutdowns_)); |
|
|
|
AssertSuccessAndDecrement(&pending_server_shutdowns)); |
|
|
|
server_shutdown_ = true; |
|
|
|
server_shutdown = true; |
|
|
|
pending_server_shutdowns_++; |
|
|
|
pending_server_shutdowns++; |
|
|
|
} else if (pending_server_shutdowns_ == 0) { |
|
|
|
} else if (pending_server_shutdowns == 0) { |
|
|
|
grpc_server_destroy(server_); |
|
|
|
grpc_server_destroy(g_server); |
|
|
|
server_ = nullptr; |
|
|
|
g_server = nullptr; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
for (auto& call : g_calls) { |
|
|
|
for (auto& call : calls_) { |
|
|
|
if (call == nullptr) continue; |
|
|
|
if (call == nullptr) continue; |
|
|
|
if (call->type() == CallType::PENDING_SERVER) continue; |
|
|
|
if (call->type() == CallType::PENDING_SERVER) continue; |
|
|
|
call->Shutdown(); |
|
|
|
call->Shutdown(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
grpc_timer_manager_tick(); |
|
|
|
grpc_timer_manager_tick(); |
|
|
|
GPR_ASSERT(!poll_cq()); |
|
|
|
GPR_ASSERT(PollCq() == Result::kPending); |
|
|
|
continue; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
grpc_timer_manager_tick(); |
|
|
|
ApiFuzzer::~ApiFuzzer() { |
|
|
|
|
|
|
|
GPR_ASSERT(channel_ == nullptr); |
|
|
|
|
|
|
|
GPR_ASSERT(server_ == nullptr); |
|
|
|
|
|
|
|
GPR_ASSERT(ActiveCall() == nullptr); |
|
|
|
|
|
|
|
GPR_ASSERT(calls_.empty()); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
grpc_completion_queue_shutdown(cq_); |
|
|
|
|
|
|
|
GPR_ASSERT(PollCq() == Result::kComplete); |
|
|
|
|
|
|
|
grpc_completion_queue_destroy(cq_); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
grpc_resource_quota_unref(resource_quota_); |
|
|
|
|
|
|
|
grpc_shutdown_blocking(); |
|
|
|
|
|
|
|
engine_->UnsetGlobalHooks(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (g_channel_force_delete.exchange(false) && g_channel) { |
|
|
|
void ApiFuzzer::Tick() { |
|
|
|
grpc_channel_destroy(g_channel); |
|
|
|
engine_->Tick(); |
|
|
|
g_channel = nullptr; |
|
|
|
grpc_timer_manager_tick(); |
|
|
|
g_channel_actions.clear(); |
|
|
|
if (channel_force_delete_.exchange(false) && channel_) { |
|
|
|
|
|
|
|
grpc_channel_destroy(channel_); |
|
|
|
|
|
|
|
channel_ = nullptr; |
|
|
|
|
|
|
|
channel_actions_.clear(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
const api_fuzzer::Action& action = msg.actions(action_index); |
|
|
|
ApiFuzzer::Result ApiFuzzer::PollCq() { |
|
|
|
action_index++; |
|
|
|
grpc_event ev = grpc_completion_queue_next( |
|
|
|
switch (action.type_case()) { |
|
|
|
cq_, gpr_inf_past(GPR_CLOCK_REALTIME), nullptr); |
|
|
|
case api_fuzzer::Action::TYPE_NOT_SET: |
|
|
|
switch (ev.type) { |
|
|
|
no_more_actions(); |
|
|
|
case GRPC_OP_COMPLETE: { |
|
|
|
|
|
|
|
static_cast<Validator*>(ev.tag)->Run(ev.success); |
|
|
|
break; |
|
|
|
break; |
|
|
|
// tickle completion queue
|
|
|
|
} |
|
|
|
case api_fuzzer::Action::kPollCq: { |
|
|
|
case GRPC_QUEUE_TIMEOUT: |
|
|
|
GPR_ASSERT(!poll_cq()); |
|
|
|
|
|
|
|
break; |
|
|
|
break; |
|
|
|
|
|
|
|
case GRPC_QUEUE_SHUTDOWN: |
|
|
|
|
|
|
|
return Result::kComplete; |
|
|
|
} |
|
|
|
} |
|
|
|
// create an insecure channel
|
|
|
|
return Result::kPending; |
|
|
|
case api_fuzzer::Action::kCreateChannel: { |
|
|
|
} |
|
|
|
if (!action.create_channel().channel_actions_size() || |
|
|
|
ApiFuzzer::Result ApiFuzzer::CreateChannel( |
|
|
|
g_channel != nullptr) { |
|
|
|
const api_fuzzer::CreateChannel& create_channel) { |
|
|
|
no_more_actions(); |
|
|
|
if (!create_channel.channel_actions_size() || channel_ != nullptr) { |
|
|
|
|
|
|
|
return Result::kFailed; |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
grpc_channel_args* args = |
|
|
|
grpc_channel_args* args = |
|
|
|
ReadArgs(action.create_channel().channel_args()); |
|
|
|
ReadArgs(resource_quota_, create_channel.channel_args()); |
|
|
|
grpc_channel_credentials* creds = |
|
|
|
grpc_channel_credentials* creds = |
|
|
|
action.create_channel().has_channel_creds() |
|
|
|
create_channel.has_channel_creds() |
|
|
|
? ReadChannelCreds(action.create_channel().channel_creds()) |
|
|
|
? ReadChannelCreds(create_channel.channel_creds()) |
|
|
|
: grpc_insecure_credentials_create(); |
|
|
|
: grpc_insecure_credentials_create(); |
|
|
|
g_channel = grpc_channel_create( |
|
|
|
channel_ = |
|
|
|
action.create_channel().target().c_str(), creds, args); |
|
|
|
grpc_channel_create(create_channel.target().c_str(), creds, args); |
|
|
|
grpc_channel_credentials_release(creds); |
|
|
|
grpc_channel_credentials_release(creds); |
|
|
|
g_channel_actions.clear(); |
|
|
|
channel_actions_.clear(); |
|
|
|
for (int i = 0; i < action.create_channel().channel_actions_size(); |
|
|
|
for (int i = 0; i < create_channel.channel_actions_size(); i++) { |
|
|
|
i++) { |
|
|
|
|
|
|
|
const api_fuzzer::ChannelAction& channel_action = |
|
|
|
const api_fuzzer::ChannelAction& channel_action = |
|
|
|
action.create_channel().channel_actions(i); |
|
|
|
create_channel.channel_actions(i); |
|
|
|
g_channel_actions.push_back({ |
|
|
|
channel_actions_.push_back({ |
|
|
|
std::min(channel_action.wait_ms(), kMaxWaitMs), |
|
|
|
std::min(channel_action.wait_ms(), kMaxWaitMs), |
|
|
|
std::min(channel_action.add_n_bytes_writable(), |
|
|
|
std::min(channel_action.add_n_bytes_writable(), |
|
|
|
kMaxAddNWritableBytes), |
|
|
|
kMaxAddNWritableBytes), |
|
|
@ -939,160 +984,155 @@ DEFINE_PROTO_FUZZER(const api_fuzzer::Msg& msg) { |
|
|
|
kMaxAddNReadableBytes), |
|
|
|
kMaxAddNReadableBytes), |
|
|
|
}); |
|
|
|
}); |
|
|
|
} |
|
|
|
} |
|
|
|
GPR_ASSERT(g_channel != nullptr); |
|
|
|
GPR_ASSERT(channel_ != nullptr); |
|
|
|
g_channel_force_delete = false; |
|
|
|
channel_force_delete_ = false; |
|
|
|
{ |
|
|
|
{ |
|
|
|
grpc_core::ExecCtx exec_ctx; |
|
|
|
grpc_core::ExecCtx exec_ctx; |
|
|
|
grpc_channel_args_destroy(args); |
|
|
|
grpc_channel_args_destroy(args); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
break; |
|
|
|
return Result::kComplete; |
|
|
|
} |
|
|
|
} |
|
|
|
// destroy a channel
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kCloseChannel: { |
|
|
|
ApiFuzzer::Result ApiFuzzer::CloseChannel() { |
|
|
|
if (g_channel != nullptr) { |
|
|
|
if (channel_ != nullptr) { |
|
|
|
grpc_channel_destroy(g_channel); |
|
|
|
grpc_channel_destroy(channel_); |
|
|
|
g_channel = nullptr; |
|
|
|
channel_ = nullptr; |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
} |
|
|
|
break; |
|
|
|
return Result::kComplete; |
|
|
|
} |
|
|
|
} |
|
|
|
// bring up a server
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kCreateServer: { |
|
|
|
ApiFuzzer::Result ApiFuzzer::CreateServer( |
|
|
|
if (g_server == nullptr) { |
|
|
|
const api_fuzzer::CreateServer& create_server) { |
|
|
|
|
|
|
|
if (server_ == nullptr) { |
|
|
|
grpc_channel_args* args = |
|
|
|
grpc_channel_args* args = |
|
|
|
ReadArgs(action.create_server().channel_args()); |
|
|
|
ReadArgs(resource_quota_, create_server.channel_args()); |
|
|
|
g_server = grpc_server_create(args, nullptr); |
|
|
|
server_ = grpc_server_create(args, nullptr); |
|
|
|
GPR_ASSERT(g_server != nullptr); |
|
|
|
GPR_ASSERT(server_ != nullptr); |
|
|
|
{ |
|
|
|
{ |
|
|
|
grpc_core::ExecCtx exec_ctx; |
|
|
|
grpc_core::ExecCtx exec_ctx; |
|
|
|
grpc_channel_args_destroy(args); |
|
|
|
grpc_channel_args_destroy(args); |
|
|
|
} |
|
|
|
} |
|
|
|
grpc_server_register_completion_queue(g_server, cq, nullptr); |
|
|
|
grpc_server_register_completion_queue(server_, cq_, nullptr); |
|
|
|
grpc_server_start(g_server); |
|
|
|
grpc_server_start(server_); |
|
|
|
server_shutdown = false; |
|
|
|
server_shutdown_ = false; |
|
|
|
GPR_ASSERT(pending_server_shutdowns == 0); |
|
|
|
GPR_ASSERT(pending_server_shutdowns_ == 0); |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
// begin server shutdown
|
|
|
|
return Result::kComplete; |
|
|
|
case api_fuzzer::Action::kShutdownServer: { |
|
|
|
} |
|
|
|
if (g_server != nullptr) { |
|
|
|
|
|
|
|
|
|
|
|
ApiFuzzer::Result ApiFuzzer::ShutdownServer() { |
|
|
|
|
|
|
|
if (server_ != nullptr) { |
|
|
|
grpc_server_shutdown_and_notify( |
|
|
|
grpc_server_shutdown_and_notify( |
|
|
|
g_server, cq, |
|
|
|
server_, cq_, AssertSuccessAndDecrement(&pending_server_shutdowns_)); |
|
|
|
AssertSuccessAndDecrement(&pending_server_shutdowns)); |
|
|
|
pending_server_shutdowns_++; |
|
|
|
pending_server_shutdowns++; |
|
|
|
server_shutdown_ = true; |
|
|
|
server_shutdown = true; |
|
|
|
|
|
|
|
} else { |
|
|
|
} else { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
} |
|
|
|
break; |
|
|
|
return Result::kComplete; |
|
|
|
} |
|
|
|
} |
|
|
|
// cancel all calls if shutdown
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kCancelAllCallsIfShutdown: { |
|
|
|
ApiFuzzer::Result ApiFuzzer::CancelAllCallsIfShutdown() { |
|
|
|
if (g_server != nullptr && server_shutdown) { |
|
|
|
if (server_ != nullptr && server_shutdown_) { |
|
|
|
grpc_server_cancel_all_calls(g_server); |
|
|
|
grpc_server_cancel_all_calls(server_); |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
// destroy server
|
|
|
|
return Result::kComplete; |
|
|
|
case api_fuzzer::Action::kDestroyServerIfReady: { |
|
|
|
} |
|
|
|
if (g_server != nullptr && server_shutdown && |
|
|
|
|
|
|
|
pending_server_shutdowns == 0) { |
|
|
|
ApiFuzzer::Result ApiFuzzer::DestroyServerIfReady() { |
|
|
|
grpc_server_destroy(g_server); |
|
|
|
if (server_ != nullptr && server_shutdown_ && |
|
|
|
g_server = nullptr; |
|
|
|
pending_server_shutdowns_ == 0) { |
|
|
|
|
|
|
|
grpc_server_destroy(server_); |
|
|
|
|
|
|
|
server_ = nullptr; |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
} |
|
|
|
break; |
|
|
|
return Result::kComplete; |
|
|
|
} |
|
|
|
} |
|
|
|
// check connectivity
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kCheckConnectivity: { |
|
|
|
ApiFuzzer::Result ApiFuzzer::CheckConnectivity(bool try_to_connect) { |
|
|
|
if (g_channel != nullptr) { |
|
|
|
if (channel_ != nullptr) { |
|
|
|
grpc_channel_check_connectivity_state(g_channel, |
|
|
|
grpc_channel_check_connectivity_state(channel_, try_to_connect); |
|
|
|
action.check_connectivity()); |
|
|
|
|
|
|
|
} else { |
|
|
|
} else { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
// watch connectivity
|
|
|
|
return Result::kComplete; |
|
|
|
case api_fuzzer::Action::kWatchConnectivity: { |
|
|
|
} |
|
|
|
if (g_channel != nullptr) { |
|
|
|
|
|
|
|
|
|
|
|
ApiFuzzer::Result ApiFuzzer::WatchConnectivity(uint32_t duration_us) { |
|
|
|
|
|
|
|
if (channel_ != nullptr) { |
|
|
|
grpc_connectivity_state st = |
|
|
|
grpc_connectivity_state st = |
|
|
|
grpc_channel_check_connectivity_state(g_channel, 0); |
|
|
|
grpc_channel_check_connectivity_state(channel_, 0); |
|
|
|
if (st != GRPC_CHANNEL_SHUTDOWN) { |
|
|
|
if (st != GRPC_CHANNEL_SHUTDOWN) { |
|
|
|
gpr_timespec deadline = |
|
|
|
gpr_timespec deadline = |
|
|
|
gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), |
|
|
|
gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), |
|
|
|
gpr_time_from_micros(action.watch_connectivity(), |
|
|
|
gpr_time_from_micros(duration_us, GPR_TIMESPAN)); |
|
|
|
GPR_TIMESPAN)); |
|
|
|
|
|
|
|
grpc_channel_watch_connectivity_state( |
|
|
|
grpc_channel_watch_connectivity_state( |
|
|
|
g_channel, st, deadline, cq, |
|
|
|
channel_, st, deadline, cq_, |
|
|
|
ValidateConnectivityWatch(deadline, &pending_channel_watches)); |
|
|
|
ValidateConnectivityWatch(deadline, &pending_channel_watches_)); |
|
|
|
pending_channel_watches++; |
|
|
|
pending_channel_watches_++; |
|
|
|
} |
|
|
|
} |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
} |
|
|
|
break; |
|
|
|
return Result::kComplete; |
|
|
|
} |
|
|
|
} |
|
|
|
// create a call
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kCreateCall: { |
|
|
|
ApiFuzzer::Result ApiFuzzer::CreateCall( |
|
|
|
|
|
|
|
const api_fuzzer::CreateCall& create_call) { |
|
|
|
bool ok = true; |
|
|
|
bool ok = true; |
|
|
|
if (g_channel == nullptr) ok = false; |
|
|
|
if (channel_ == nullptr) ok = false; |
|
|
|
// If the active call is a server call, then use it as the parent call
|
|
|
|
// If the active call is a server call, then use it as the parent call
|
|
|
|
// to exercise the propagation logic.
|
|
|
|
// to exercise the propagation logic.
|
|
|
|
Call* parent_call = ActiveCall(); |
|
|
|
Call* parent_call = ActiveCall(); |
|
|
|
if (parent_call != nullptr && parent_call->type() != CallType::SERVER) { |
|
|
|
if (parent_call != nullptr && parent_call->type() != CallType::SERVER) { |
|
|
|
parent_call = nullptr; |
|
|
|
parent_call = nullptr; |
|
|
|
} |
|
|
|
} |
|
|
|
g_calls.emplace_back(new Call(CallType::CLIENT)); |
|
|
|
calls_.emplace_back(new Call(CallType::CLIENT)); |
|
|
|
grpc_slice method = |
|
|
|
grpc_slice method = calls_.back()->ReadSlice(create_call.method()); |
|
|
|
g_calls.back()->ReadSlice(action.create_call().method()); |
|
|
|
|
|
|
|
if (GRPC_SLICE_LENGTH(method) == 0) { |
|
|
|
if (GRPC_SLICE_LENGTH(method) == 0) { |
|
|
|
ok = false; |
|
|
|
ok = false; |
|
|
|
} |
|
|
|
} |
|
|
|
grpc_slice host = |
|
|
|
grpc_slice host = calls_.back()->ReadSlice(create_call.host()); |
|
|
|
g_calls.back()->ReadSlice(action.create_call().host()); |
|
|
|
gpr_timespec deadline = |
|
|
|
gpr_timespec deadline = gpr_time_add( |
|
|
|
gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), |
|
|
|
gpr_now(GPR_CLOCK_REALTIME), |
|
|
|
gpr_time_from_micros(create_call.timeout(), GPR_TIMESPAN)); |
|
|
|
gpr_time_from_micros(action.create_call().timeout(), GPR_TIMESPAN)); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (ok) { |
|
|
|
if (ok) { |
|
|
|
g_calls.back()->SetCall(grpc_channel_create_call( |
|
|
|
calls_.back()->SetCall(grpc_channel_create_call( |
|
|
|
g_channel, parent_call == nullptr ? nullptr : parent_call->call(), |
|
|
|
channel_, parent_call == nullptr ? nullptr : parent_call->call(), |
|
|
|
action.create_call().propagation_mask(), cq, method, &host, |
|
|
|
create_call.propagation_mask(), cq_, method, &host, deadline, nullptr)); |
|
|
|
deadline, nullptr)); |
|
|
|
|
|
|
|
} else { |
|
|
|
} else { |
|
|
|
g_calls.pop_back(); |
|
|
|
calls_.pop_back(); |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
} |
|
|
|
break; |
|
|
|
return Result::kComplete; |
|
|
|
} |
|
|
|
} |
|
|
|
// switch the 'current' call
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kChangeActiveCall: { |
|
|
|
ApiFuzzer::Result ApiFuzzer::ChangeActiveCall() { |
|
|
|
g_active_call++; |
|
|
|
active_call_++; |
|
|
|
ActiveCall(); |
|
|
|
ActiveCall(); |
|
|
|
break; |
|
|
|
return Result::kComplete; |
|
|
|
} |
|
|
|
} |
|
|
|
// queue some ops on a call
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kQueueBatch: { |
|
|
|
ApiFuzzer::Result ApiFuzzer::QueueBatchForActiveCall( |
|
|
|
|
|
|
|
const api_fuzzer::Batch& queue_batch) { |
|
|
|
auto* active_call = ActiveCall(); |
|
|
|
auto* active_call = ActiveCall(); |
|
|
|
if (active_call == nullptr || |
|
|
|
if (active_call == nullptr || |
|
|
|
active_call->type() == CallType::PENDING_SERVER || |
|
|
|
active_call->type() == CallType::PENDING_SERVER || |
|
|
|
active_call->call() == nullptr) { |
|
|
|
active_call->call() == nullptr) { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
const auto& batch = action.queue_batch().operations(); |
|
|
|
const auto& batch = queue_batch.operations(); |
|
|
|
if (batch.size() > 6) { |
|
|
|
if (batch.size() > 6) { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
std::vector<grpc_op> ops; |
|
|
|
std::vector<grpc_op> ops; |
|
|
|
bool ok = true; |
|
|
|
bool ok = true; |
|
|
@ -1104,7 +1144,7 @@ DEFINE_PROTO_FUZZER(const api_fuzzer::Msg& msg) { |
|
|
|
ops.push_back(*op); |
|
|
|
ops.push_back(*op); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (g_channel == nullptr) ok = false; |
|
|
|
if (channel_ == nullptr) ok = false; |
|
|
|
if (ok) { |
|
|
|
if (ok) { |
|
|
|
auto* v = active_call->FinishedBatchValidator(has_ops); |
|
|
|
auto* v = active_call->FinishedBatchValidator(has_ops); |
|
|
|
grpc_call_error error = grpc_call_start_batch( |
|
|
|
grpc_call_error error = grpc_call_start_batch( |
|
|
@ -1113,103 +1153,112 @@ DEFINE_PROTO_FUZZER(const api_fuzzer::Msg& msg) { |
|
|
|
v->Run(false); |
|
|
|
v->Run(false); |
|
|
|
} |
|
|
|
} |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
no_more_actions(); |
|
|
|
|
|
|
|
for (auto& unwind : unwinders) { |
|
|
|
for (auto& unwind : unwinders) { |
|
|
|
unwind(); |
|
|
|
unwind(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
} |
|
|
|
break; |
|
|
|
return Result::kComplete; |
|
|
|
} |
|
|
|
} |
|
|
|
// cancel current call
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kCancelCall: { |
|
|
|
ApiFuzzer::Result ApiFuzzer::CancelActiveCall() { |
|
|
|
auto* active_call = ActiveCall(); |
|
|
|
auto* active_call = ActiveCall(); |
|
|
|
if (active_call != nullptr && active_call->call() != nullptr) { |
|
|
|
if (active_call != nullptr && active_call->call() != nullptr) { |
|
|
|
grpc_call_cancel(active_call->call(), nullptr); |
|
|
|
grpc_call_cancel(active_call->call(), nullptr); |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
// get a calls peer
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kGetPeer: { |
|
|
|
|
|
|
|
auto* active_call = ActiveCall(); |
|
|
|
|
|
|
|
if (active_call != nullptr && active_call->call() != nullptr) { |
|
|
|
|
|
|
|
free_non_null(grpc_call_get_peer(active_call->call())); |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
no_more_actions(); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
break; |
|
|
|
return Result::kComplete; |
|
|
|
} |
|
|
|
} |
|
|
|
// get a channels target
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kGetTarget: { |
|
|
|
ApiFuzzer::Result ApiFuzzer::SendPingOnChannel() { |
|
|
|
if (g_channel != nullptr) { |
|
|
|
if (channel_ != nullptr) { |
|
|
|
free_non_null(grpc_channel_get_target(g_channel)); |
|
|
|
pending_pings_++; |
|
|
|
} else { |
|
|
|
grpc_channel_ping(channel_, cq_, Decrement(&pending_pings_), nullptr); |
|
|
|
no_more_actions(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
// send a ping on a channel
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kPing: { |
|
|
|
|
|
|
|
if (g_channel != nullptr) { |
|
|
|
|
|
|
|
pending_pings++; |
|
|
|
|
|
|
|
grpc_channel_ping(g_channel, cq, Decrement(&pending_pings), nullptr); |
|
|
|
|
|
|
|
} else { |
|
|
|
} else { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
} |
|
|
|
break; |
|
|
|
return Result::kComplete; |
|
|
|
} |
|
|
|
} |
|
|
|
// enable a tracer
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kEnableTracer: { |
|
|
|
ApiFuzzer::Result ApiFuzzer::ServerRequestCall() { |
|
|
|
grpc_tracer_set_enabled(action.enable_tracer().c_str(), 1); |
|
|
|
if (server_ == nullptr) { |
|
|
|
break; |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
|
|
|
|
// disable a tracer
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kDisableTracer: { |
|
|
|
|
|
|
|
grpc_tracer_set_enabled(action.disable_tracer().c_str(), 0); |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
// request a server call
|
|
|
|
|
|
|
|
case api_fuzzer::Action::kRequestCall: { |
|
|
|
|
|
|
|
if (g_server == nullptr) { |
|
|
|
|
|
|
|
no_more_actions(); |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
g_calls.emplace_back(new Call(CallType::PENDING_SERVER)); |
|
|
|
|
|
|
|
g_calls.back()->RequestCall(g_server, cq); |
|
|
|
|
|
|
|
break; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
// destroy a call
|
|
|
|
calls_.emplace_back(new Call(CallType::PENDING_SERVER)); |
|
|
|
case api_fuzzer::Action::kDestroyCall: { |
|
|
|
calls_.back()->RequestCall(server_, cq_); |
|
|
|
|
|
|
|
return Result::kComplete; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ApiFuzzer::Result ApiFuzzer::DestroyActiveCall() { |
|
|
|
auto* active_call = ActiveCall(); |
|
|
|
auto* active_call = ActiveCall(); |
|
|
|
if (active_call != nullptr && |
|
|
|
if (active_call != nullptr && |
|
|
|
active_call->type() != CallType::PENDING_SERVER && |
|
|
|
active_call->type() != CallType::PENDING_SERVER && |
|
|
|
active_call->call() != nullptr) { |
|
|
|
active_call->call() != nullptr) { |
|
|
|
g_calls[g_active_call]->Shutdown(); |
|
|
|
calls_[active_call_]->Shutdown(); |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
no_more_actions(); |
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
} |
|
|
|
break; |
|
|
|
return Result::kComplete; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ApiFuzzer::Result ApiFuzzer::ValidatePeerForActiveCall() { |
|
|
|
|
|
|
|
auto* active_call = ActiveCall(); |
|
|
|
|
|
|
|
if (active_call != nullptr && active_call->call() != nullptr) { |
|
|
|
|
|
|
|
free_non_null(grpc_call_get_peer(active_call->call())); |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
} |
|
|
|
// resize the buffer pool
|
|
|
|
return Result::kComplete; |
|
|
|
case api_fuzzer::Action::kResizeResourceQuota: { |
|
|
|
} |
|
|
|
grpc_resource_quota_resize(g_resource_quota, |
|
|
|
|
|
|
|
action.resize_resource_quota()); |
|
|
|
ApiFuzzer::Result ApiFuzzer::ValidateChannelTarget() { |
|
|
|
break; |
|
|
|
if (channel_ != nullptr) { |
|
|
|
|
|
|
|
free_non_null(grpc_channel_get_target(channel_)); |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
return Result::kFailed; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
return Result::kComplete; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ApiFuzzer::Result ApiFuzzer::ResizeResourceQuota( |
|
|
|
|
|
|
|
uint32_t resize_resource_quota) { |
|
|
|
|
|
|
|
grpc_resource_quota_resize(resource_quota_, resize_resource_quota); |
|
|
|
|
|
|
|
return Result::kComplete; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
} // namespace testing
|
|
|
|
|
|
|
|
} // namespace grpc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DEFINE_PROTO_FUZZER(const api_fuzzer::Msg& msg) { |
|
|
|
|
|
|
|
if (squelch && !grpc_core::GetEnv("GRPC_TRACE_FUZZER").has_value()) { |
|
|
|
|
|
|
|
gpr_set_log_function(dont_log); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if (msg.has_config_vars()) { |
|
|
|
|
|
|
|
grpc_core::ApplyFuzzConfigVars(msg.config_vars()); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
grpc_event_engine::experimental::SetEventEngineFactory( |
|
|
|
|
|
|
|
[actions = msg.event_engine_actions()]() { |
|
|
|
|
|
|
|
return std::make_unique<FuzzingEventEngine>( |
|
|
|
|
|
|
|
FuzzingEventEngine::Options(), actions); |
|
|
|
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
|
|
GPR_ASSERT(g_channel == nullptr); |
|
|
|
g_api_fuzzer = new grpc::testing::ApiFuzzer(); |
|
|
|
GPR_ASSERT(g_server == nullptr); |
|
|
|
int action_index = 0; |
|
|
|
GPR_ASSERT(ActiveCall() == nullptr); |
|
|
|
auto no_more_actions = [&]() { action_index = msg.actions_size(); }; |
|
|
|
GPR_ASSERT(g_calls.empty()); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
grpc_completion_queue_shutdown(cq); |
|
|
|
while (action_index < msg.actions_size() || g_api_fuzzer->Continue()) { |
|
|
|
GPR_ASSERT(poll_cq()); |
|
|
|
g_api_fuzzer->Tick(); |
|
|
|
grpc_completion_queue_destroy(cq); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
grpc_resource_quota_unref(g_resource_quota); |
|
|
|
if (action_index == msg.actions_size()) { |
|
|
|
grpc_shutdown_blocking(); |
|
|
|
g_api_fuzzer->TryShutdown(); |
|
|
|
engine->UnsetGlobalHooks(); |
|
|
|
continue; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
auto result = g_api_fuzzer->ExecuteAction(msg.actions(action_index++)); |
|
|
|
|
|
|
|
if (result == grpc::testing::ApiFuzzer::Result::kFailed) { |
|
|
|
|
|
|
|
no_more_actions(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
delete g_api_fuzzer; |
|
|
|
} |
|
|
|
} |
|
|
|