Reland "Adding mojolpm fuzzer."

This is a reland of 96b8d30 Original change's description: > Adding mojolpm fuzzer. > > This adds code that generates libprotobuf-mutator based > structure-aware fuzzers as part of the mojom compilation process. > (changes in //mojo). > > It also adds a fuzzer for CodeCacheHost using this framework to demonstrate > how it will be used, and documentation explaining that fuzzer and how to use > this generator to write new fuzzers. (changes in //content/test). > > It finally includes a few changes to typemap and traits files that > were necessary to smooth over some inconsistencies in existing code > using mojo. > > Bug: 941849 > Change-Id: I660a57bd90c0963bd9a0b8608c746cdb767edc98 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1978739 > Commit-Queue: Mark Brand <markbrand@google.com> > Auto-Submit: Mark Brand <markbrand@google.com> > Reviewed-by: Peter Kasting <pkasting@chromium.org> > Reviewed-by: Daniel Cheng <dcheng@chromium.org> > Reviewed-by: Ted Meyer <tmathmeyer@chromium.org> > Reviewed-by: Oliver Chang <ochang@chromium.org> > Reviewed-by: Ken Rockot <rockot@google.com> > Cr-Commit-Position: refs/heads/master@{#746827} Bug: 941849 Change-Id: I01feb96401e1c9cbd3bbb2bf2a22ecc253d36b4e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2087408 Commit-Queue: Peter Kasting <pkasting@chromium.org> Reviewed-by: Peter Kasting <pkasting@chromium.org> Reviewed-by: Oliver Chang <ochang@chromium.org> Reviewed-by: Matthew Denton <mpdenton@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: David Roger <droger@chromium.org> Reviewed-by: Ken Rockot <rockot@google.com> Reviewed-by: Ted Meyer <tmathmeyer@chromium.org> Cr-Commit-Position: refs/heads/master@{#751464}
Denger-Network · Mar 18, 2020 · cc205c1 · cc205c1
1 parent 8226533
commit cc205c1
Show file tree

Hide file tree

Showing 42 changed files with 5,173 additions and 174 deletions.
diff --git a/chrome/common/importer/OWNERS b/chrome/common/importer/OWNERS
@@ -10,4 +10,7 @@ per-file *_param_traits*.*=file://ipc/SECURITY_OWNERS
 per-file *.mojom=set noparent
 per-file *.mojom=file://ipc/SECURITY_OWNERS
 
+per-file *.typemap=set noparent
+per-file *.typemap=file://ipc/SECURITY_OWNERS
+
 # COMPONENT: UI>Browser>Import
diff --git a/chrome/common/importer/profile_import.typemap b/chrome/common/importer/profile_import.typemap
@@ -12,7 +12,7 @@ public_headers = [
 ]
 traits_headers =
     [ "//chrome/common/importer/profile_import_process_param_traits.h" ]
-deps = [
+public_deps = [
   "//chrome/common",
   "//components/favicon_base",
   "//ipc",

diff --git a/content/public/common/web_preferences.typemap b/content/public/common/web_preferences.typemap
@@ -5,7 +5,4 @@
 mojom = "//content/public/common/web_preferences.mojom"
 public_headers = [ "//content/public/common/web_preferences.h" ]
 traits_headers = [ "//content/public/common/common_param_traits_macros.h" ]
-type_mappings = [
-  "content.mojom.V8CacheOptions=::content::V8CacheOptions",
-  "content.mojom.WebPreferences=::content::WebPreferences",
-]
+type_mappings = [ "content.mojom.WebPreferences=::content::WebPreferences" ]
diff --git a/content/test/fuzzer/BUILD.gn b/content/test/fuzzer/BUILD.gn
@@ -6,6 +6,7 @@
 
 import("//testing/libfuzzer/fuzzer_test.gni")
 import("//third_party/protobuf/proto_library.gni")
+import("//tools/ipc_fuzzer/ipc_fuzzer.gni")
 
 # Empty group for package discovery.
 group("fuzzer") {
@@ -161,6 +162,47 @@ fuzzer_test("appcache_fuzzer") {
   ]
 }
 
+if (enable_ipc_fuzzer) {
+  copy("code_cache_host_mojolpm_fuzzer_proto_copy") {
+    sources = [ "code_cache_host_mojolpm_fuzzer.proto" ]
+    outputs = [ "$root_gen_dir/code_cache_host_mojolpm_fuzzer.proto" ]
+    testonly = true
+  }
+
+  proto_library("code_cache_host_mojolpm_fuzzer_proto") {
+    sources = [ "$root_gen_dir/code_cache_host_mojolpm_fuzzer.proto" ]
+    generate_python = false
+
+    # TODO(markbrand): this is kind of a hack, but it works. not sure if it's
+    # the best way to get this generated in the right place though.
+    proto_out_dir = "content/test/fuzzer/../../../"
+    proto_deps = [
+      ":code_cache_host_mojolpm_fuzzer_proto_copy",
+      "//third_party/blink/public/mojom:mojom_platform_mojolpm",
+    ]
+    link_deps = [ "//third_party/blink/public/mojom:mojom_platform_mojolpm" ]
+    testonly = true
+  }
+
+  fuzzer_test("code_cache_host_mojolpm_fuzzer") {
+    sources = [ "code_cache_host_mojolpm_fuzzer.cc" ]
+
+    deps = [
+      ":code_cache_host_mojolpm_fuzzer_proto",
+      "//base/test:test_support",
+      "//content/browser:for_content_tests",
+      "//content/public/browser:browser_sources",
+      "//content/test:test_support",
+      "//mojo/core/embedder",
+      "//mojo/public/tools/fuzzers:mojolpm",
+      "//services/network:test_support",
+      "//storage/browser:test_support",
+      "//third_party/blink/public/mojom:mojom_modules_mojolpm",
+      "//third_party/libprotobuf-mutator",
+    ]
+  }
+}
+
 # Note: this compiles and runs on Mac but may cause
 # system instability; if you try it out, close other
 # programs and then reboot afterwards. It should be