5 files changed, 225 insertions, 0 deletions

diff --git a/tools/fuzzing/common/FuzzingMutate.cpp b/tools/fuzzing/common/FuzzingMutate.cpp
new file mode 100644
index 0000000000..bb5e930125
--- /dev/null
+++ b/tools/fuzzing/common/FuzzingMutate.cpp
@@ -0,0 +1,32 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "FuzzingMutate.h"
+#include "FuzzingTraits.h"
+
+namespace mozilla {
+namespace fuzzing {
+
+/**
+ * Randomly mutates a byte inside |aData| by using bit manipulation.
+ */
+/* static */
+void FuzzingMutate::ChangeBit(uint8_t* aData, size_t aLength) {
+  size_t offset = RandomIntegerRange<size_t>(0, aLength);
+  aData[offset] ^= (1 << FuzzingTraits::Random(9));
+}
+
+/**
+ * Randomly replaces a byte inside |aData| with one in the range of [0, 255].
+ */
+/* static */
+void FuzzingMutate::ChangeByte(uint8_t* aData, size_t aLength) {
+  size_t offset = RandomIntegerRange<size_t>(0, aLength);
+  aData[offset] = RandomInteger<unsigned char>();
+}
+
+}  // namespace fuzzing
+}  // namespace mozilla
diff --git a/tools/fuzzing/common/FuzzingMutate.h b/tools/fuzzing/common/FuzzingMutate.h
new file mode 100644
index 0000000000..f24f557669
--- /dev/null
+++ b/tools/fuzzing/common/FuzzingMutate.h
@@ -0,0 +1,24 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_fuzzing_FuzzingMutate_h
+#define mozilla_fuzzing_FuzzingMutate_h
+
+#include <random>
+
+namespace mozilla {
+namespace fuzzing {
+
+class FuzzingMutate {
+ public:
+  static void ChangeBit(uint8_t* aData, size_t aLength);
+  static void ChangeByte(uint8_t* aData, size_t aLength);
+};
+
+}  // namespace fuzzing
+}  // namespace mozilla
+
+#endif
diff --git a/tools/fuzzing/common/FuzzingTraits.cpp b/tools/fuzzing/common/FuzzingTraits.cpp
new file mode 100644
index 0000000000..9e6ba3ac1d
--- /dev/null
+++ b/tools/fuzzing/common/FuzzingTraits.cpp
@@ -0,0 +1,41 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <prinrval.h>
+#include <thread>
+#include <mutex>
+#include "FuzzingTraits.h"
+
+namespace mozilla {
+namespace fuzzing {
+
+/* static */
+unsigned int FuzzingTraits::Random(unsigned int aMax) {
+  MOZ_ASSERT(aMax > 0, "aMax needs to be bigger than 0");
+  std::uniform_int_distribution<unsigned int> d(0, aMax);
+  return d(Rng());
+}
+
+/* static */
+bool FuzzingTraits::Sometimes(unsigned int aProbability) {
+  return FuzzingTraits::Random(aProbability) == 0;
+}
+
+/* static */
+size_t FuzzingTraits::Frequency(const size_t aSize, const uint64_t aFactor) {
+  return RandomIntegerRange<size_t>(0, ceil(float(aSize) / aFactor)) + 1;
+}
+
+/* static */
+std::mt19937_64& FuzzingTraits::Rng() {
+  static std::mt19937_64 rng;
+  static std::once_flag flag;
+  std::call_once(flag, [&] { rng.seed(PR_IntervalNow()); });
+  return rng;
+}
+
+}  // namespace fuzzing
+}  // namespace mozilla
diff --git a/tools/fuzzing/common/FuzzingTraits.h b/tools/fuzzing/common/FuzzingTraits.h
new file mode 100644
index 0000000000..b8c9d76ab7
--- /dev/null
+++ b/tools/fuzzing/common/FuzzingTraits.h
@@ -0,0 +1,117 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_fuzzing_FuzzingTraits_h
+#define mozilla_fuzzing_FuzzingTraits_h
+
+#include "mozilla/Assertions.h"
+#include <cmath>
+#include <random>
+#include <type_traits>
+
+namespace mozilla {
+namespace fuzzing {
+
+class FuzzingTraits {
+ public:
+  static unsigned int Random(unsigned int aMax);
+  static bool Sometimes(unsigned int aProbability);
+  /**
+   * Frequency() defines how many mutations of a kind shall be applied to a
+   * target buffer by using a user definable factor. The higher the factor,
+   * the less mutations are being made.
+   */
+  static size_t Frequency(const size_t aSize, const uint64_t aFactor);
+
+  static std::mt19937_64& Rng();
+};
+
+/**
+ * RandomNumericLimit returns either the min or max limit of an arithmetic
+ * data type.
+ */
+template <typename T>
+T RandomNumericLimit() {
+  static_assert(std::is_arithmetic_v<T> == true,
+                "T must be an arithmetic type");
+  return FuzzingTraits::Sometimes(2) ? std::numeric_limits<T>::min()
+                                     : std::numeric_limits<T>::max();
+}
+
+/**
+ * RandomInteger generates negative and positive integers in 2**n increments.
+ */
+template <typename T>
+T RandomInteger() {
+  static_assert(std::is_integral_v<T> == true, "T must be an integral type");
+  double r =
+      static_cast<double>(FuzzingTraits::Random((sizeof(T) * CHAR_BIT) + 1));
+  T x = static_cast<T>(pow(2.0, r)) - 1;
+  if (std::numeric_limits<T>::is_signed && FuzzingTraits::Sometimes(2)) {
+    return (x * -1) - 1;
+  }
+  return x;
+}
+
+/**
+ * RandomIntegerRange returns a random integral within a [min, max] range.
+ */
+template <typename T>
+T RandomIntegerRange(T min, T max) {
+  static_assert(std::is_integral_v<T> == true, "T must be an integral type");
+  MOZ_ASSERT(min < max);
+  std::uniform_int_distribution<T> d(min, max);
+  return d(FuzzingTraits::Rng());
+}
+/**
+ * uniform_int_distribution is undefined for char/uchar. Need to handle them
+ * separately.
+ */
+template <>
+inline unsigned char RandomIntegerRange(unsigned char min, unsigned char max) {
+  MOZ_ASSERT(min < max);
+  std::uniform_int_distribution<unsigned short> d(min, max);
+  return static_cast<unsigned char>(d(FuzzingTraits::Rng()));
+}
+template <>
+inline char RandomIntegerRange(char min, char max) {
+  MOZ_ASSERT(min < max);
+  std::uniform_int_distribution<short> d(min, max);
+  return static_cast<char>(d(FuzzingTraits::Rng()));
+}
+
+/**
+ * RandomFloatingPointRange returns a random floating-point number within a
+ * [min, max] range.
+ */
+template <typename T>
+T RandomFloatingPointRange(T min, T max) {
+  static_assert(std::is_floating_point_v<T> == true,
+                "T must be a floating point type");
+  MOZ_ASSERT(min < max);
+  std::uniform_real_distribution<T> d(
+      min, std::nextafter(max, std::numeric_limits<T>::max()));
+  return d(FuzzingTraits::Rng());
+}
+
+/**
+ * RandomFloatingPoint returns a random floating-point number in 2**n
+ * increments.
+ */
+template <typename T>
+T RandomFloatingPoint() {
+  static_assert(std::is_floating_point_v<T> == true,
+                "T must be a floating point type");
+  int radix = RandomIntegerRange<int>(std::numeric_limits<T>::min_exponent,
+                                      std::numeric_limits<T>::max_exponent);
+  T x = static_cast<T>(pow(2.0, static_cast<double>(radix)));
+  return x * RandomFloatingPointRange<T>(-1.0, 1.0);
+}
+
+}  // namespace fuzzing
+}  // namespace mozilla
+
+#endif
diff --git a/tools/fuzzing/common/moz.build b/tools/fuzzing/common/moz.build
new file mode 100644
index 0000000000..afa19eddb4
--- /dev/null
+++ b/tools/fuzzing/common/moz.build
@@ -0,0 +1,11 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SOURCES += ["FuzzingMutate.cpp", "FuzzingTraits.cpp"]
+
+EXPORTS += ["FuzzingMutate.h", "FuzzingTraits.h"]
+
+FINAL_LIBRARY = "xul"