Test: Update fuzzing harness for GB support
Jeffrey Pfau jeffrey@endrift.com
Mon, 12 Sep 2016 10:54:40 -0700
1 files changed,
27 insertions(+),
24 deletions(-)
jump to
M
src/platform/test/fuzz-main.c
→
src/platform/test/fuzz-main.c
@@ -6,9 +6,8 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "core/config.h" #include "core/core.h" #include "core/serialize.h" -#include "gba/core.h" +#include "gb/core.h" #include "gba/gba.h" -#include "gba/serialize.h" #include "feature/commandline.h" #include "util/memory.h"@@ -35,14 +34,14 @@ char* savestate;
char* ssOverlay; }; -static void _GBAFuzzRunloop(struct mCore* core, int frames); -static void _GBAFuzzShutdown(int signal); +static void _fuzzRunloop(struct mCore* core, int frames); +static void _fuzzShutdown(int signal); static bool _parseFuzzOpts(struct mSubParser* parser, int option, const char* arg); static bool _dispatchExiting = false; int main(int argc, char** argv) { - signal(SIGINT, _GBAFuzzShutdown); + signal(SIGINT, _fuzzShutdown); struct FuzzOpts fuzzOpts = { false, 0, 0, 0, 0 }; struct mSubParser subparser = {@@ -52,11 +51,6 @@ .extraOptions = FUZZ_OPTIONS,
.opts = &fuzzOpts }; - struct mCore* core = GBACoreCreate(); - core->init(core); - mCoreInitConfig(core, "fuzz"); - mCoreConfigSetDefaultValue(&core->config, "idleOptimization", "remove"); - struct mArguments args; bool parsed = parseArguments(&args, argc, argv, &subparser); if (!args.fname) {@@ -64,16 +58,19 @@ parsed = false;
} if (!parsed || args.showHelp) { usage(argv[0], FUZZ_USAGE); - core->deinit(core); return !parsed; } if (args.showVersion) { version(argv[0]); - core->deinit(core); return 0; } + struct mCore* core = mCoreFind(args.fname); + core->init(core); + mCoreInitConfig(core, "fuzz"); applyArguments(&args, NULL, &core->config); + mCoreConfigSetDefaultValue(&core->config, "idleOptimization", "remove"); + void* outputBuffer; outputBuffer = 0;@@ -86,7 +83,11 @@ #ifdef __AFL_HAVE_MANUAL_CONTROL
__AFL_INIT(); #endif - ((struct GBA*) core->board)->hardCrash = false; +#ifdef M_CORE_GBA + if (core->platform(core) == PLATFORM_GBA) { + ((struct GBA*) core->board)->hardCrash = false; + } +#endif mCoreLoadFile(core, args.fname); struct VFile* savestate = 0;@@ -99,20 +100,24 @@ free(fuzzOpts.savestate);
} if (fuzzOpts.ssOverlay) { overlayOffset = fuzzOpts.overlayOffset; - if (overlayOffset < sizeof(struct GBASerializedState)) { + if (overlayOffset < core->stateSize(core)) { savestateOverlay = VFileOpen(fuzzOpts.ssOverlay, O_RDONLY); } free(fuzzOpts.ssOverlay); } + + core->reset(core); + if (savestate) { if (!savestateOverlay) { mCoreLoadStateNamed(core, savestate, 0); } else { - struct GBASerializedState* state = GBAAllocateState(); - savestate->read(savestate, state, sizeof(*state)); - savestateOverlay->read(savestateOverlay, (uint8_t*) state + overlayOffset, sizeof(*state) - overlayOffset); - GBADeserialize(core->board, state); - GBADeallocateState(state); + size_t size = core->stateSize(core); + uint8_t* state = malloc(size); + savestate->read(savestate, state, size); + savestateOverlay->read(savestateOverlay, state + overlayOffset, size - overlayOffset); + core->loadState(core, state); + free(state); savestateOverlay->close(savestateOverlay); savestateOverlay = 0; }@@ -123,9 +128,7 @@
blip_set_rates(core->getAudioChannel(core, 0), GBA_ARM7TDMI_FREQUENCY, 0x8000); blip_set_rates(core->getAudioChannel(core, 1), GBA_ARM7TDMI_FREQUENCY, 0x8000); - core->reset(core); - - _GBAFuzzRunloop(core, fuzzOpts.frames); + _fuzzRunloop(core, fuzzOpts.frames); core->unloadROM(core);@@ -145,7 +148,7 @@
return 0; } -static void _GBAFuzzRunloop(struct mCore* core, int frames) { +static void _fuzzRunloop(struct mCore* core, int frames) { do { core->runFrame(core); blip_clear(core->getAudioChannel(core, 0));@@ -153,7 +156,7 @@ blip_clear(core->getAudioChannel(core, 1));
} while (core->frameCounter(core) < frames && !_dispatchExiting); } -static void _GBAFuzzShutdown(int signal) { +static void _fuzzShutdown(int signal) { UNUSED(signal); _dispatchExiting = true; }