Implement Any support

Fixes #151

Author: vitalybuka

examples/libfuzzer/libfuzzer_bin_example.cc

@@ -15,6 +15,7 @@
 #include <cmath>
 
 #include "examples/libfuzzer/libfuzzer_example.pb.h"
+#include "port/protobuf.h"
 #include "src/libfuzzer/libfuzzer_macro.h"
 
 protobuf_mutator::protobuf::LogSilencer log_silincer;
@@ -26,15 +27,35 @@ DEFINE_BINARY_PROTO_FUZZER(const libfuzzer_example::Msg& message) {
           message->set_optional_uint64(
               std::hash<std::string>{}(message->optional_string()));
         }
+
+        if (message->has_any()) {
+          auto* any = message->mutable_any();
+
+          // Guide mutator to usefull 'Any' types.
+          static const char* const expected_types[] = {
+              "type.googleapis.com/google.protobuf.DescriptorProto",
+              "type.googleapis.com/google.protobuf.FileDescriptorProto",
+          };
+
+          if (!std::count(std::begin(expected_types), std::end(expected_types),
+                          any->type_url())) {
+            const size_t num =
+                (std::end(expected_types) - std::begin(expected_types));
+            any->set_type_url(expected_types[seed % num]);
+          }
+        }
       }};
 
+  protobuf_mutator::protobuf::FileDescriptorProto file;
+
   // Emulate a bug.
   if (message.optional_uint64() ==
           std::hash<std::string>{}(message.optional_string()) &&
       message.optional_string() == "abcdefghijklmnopqrstuvwxyz" &&
       !std::isnan(message.optional_float()) &&
       std::fabs(message.optional_float()) > 1000 &&
-      std::fabs(message.optional_float()) < 1E10) {
+      message.any().UnpackTo(&file) && !file.name().empty()) {
+    std::cerr << message.DebugString() << "\n";
     abort();
   }
 }

examples/libfuzzer/libfuzzer_example.cc

@@ -15,6 +15,7 @@
 #include <cmath>
 
 #include "examples/libfuzzer/libfuzzer_example.pb.h"
+#include "port/protobuf.h"
 #include "src/libfuzzer/libfuzzer_macro.h"
 
 protobuf_mutator::protobuf::LogSilencer log_silincer;
@@ -26,15 +27,35 @@ DEFINE_PROTO_FUZZER(const libfuzzer_example::Msg& message) {
           message->set_optional_uint64(
               std::hash<std::string>{}(message->optional_string()));
         }
+
+        if (message->has_any()) {
+          auto* any = message->mutable_any();
+
+          // Guide mutator to usefull 'Any' types.
+          static const char* const expected_types[] = {
+              "type.googleapis.com/google.protobuf.DescriptorProto",
+              "type.googleapis.com/google.protobuf.FileDescriptorProto",
+          };
+
+          if (!std::count(std::begin(expected_types), std::end(expected_types),
+                          any->type_url())) {
+            const size_t num =
+                (std::end(expected_types) - std::begin(expected_types));
+            any->set_type_url(expected_types[seed % num]);
+          }
+        }
       }};
 
+  protobuf_mutator::protobuf::FileDescriptorProto file;
+
   // Emulate a bug.
   if (message.optional_uint64() ==
           std::hash<std::string>{}(message.optional_string()) &&
       message.optional_string() == "abcdefghijklmnopqrstuvwxyz" &&
       !std::isnan(message.optional_float()) &&
       std::fabs(message.optional_float()) > 1000 &&
-      std::fabs(message.optional_float()) < 1E10) {
+      message.any().UnpackTo(&file) && !file.name().empty()) {
+    std::cerr << message.DebugString() << "\n";
     abort();
   }
 }

examples/libfuzzer/libfuzzer_example_test.cc

@@ -25,12 +25,12 @@ int GetError(int exit_code) { return WSTOPSIG(exit_code); }
 
 TEST_F(LibFuzzerExampleTest, Text) {
   EXPECT_EQ(kDefaultLibFuzzerError,
-            GetError(RunFuzzer("libfuzzer_example", 150, 10000000)));
+            GetError(RunFuzzer("libfuzzer_example", 1000, 10000000)));
 }
 
 TEST_F(LibFuzzerExampleTest, Binary) {
   EXPECT_EQ(kDefaultLibFuzzerError,
-            GetError(RunFuzzer("libfuzzer_bin_example", 150, 10000000)));
+            GetError(RunFuzzer("libfuzzer_bin_example", 1000, 10000000)));
 }
 
 }  // namespace

port/protobuf.h

@@ -17,6 +17,7 @@
 
 #include <string>
 
+#include "google/protobuf/any.pb.h"
 #include "google/protobuf/descriptor.pb.h"
 #include "google/protobuf/message.h"
 #include "google/protobuf/text_format.h"

src/mutator.cc

@@ -17,6 +17,7 @@
 #include <algorithm>
 #include <bitset>
 #include <map>
+#include <memory>
 #include <random>
 #include <string>
 #include <vector>
@@ -27,6 +28,7 @@
 
 namespace protobuf_mutator {
 
+using protobuf::Any;
 using protobuf::Descriptor;
 using protobuf::FieldDescriptor;
 using protobuf::FileDescriptor;
@@ -360,15 +362,76 @@ class DataSourceSampler {
   WeightedReservoirSampler<ConstFieldInstance, RandomEngine> sampler_;
 };
 
+using UnpackedAny =
+    std::unordered_map<const Message*, std::unique_ptr<Message>>;
+
+const Descriptor* GetAnyTypeDescriptor(const Any& any) {
+  std::string type_name;
+  if (!Any::ParseAnyTypeUrl(any.type_url(), &type_name)) return nullptr;
+  return any.descriptor()->file()->pool()->FindMessageTypeByName(type_name);
+}
+
+std::unique_ptr<Message> UnpackAny(const Any& any) {
+  const Descriptor* desc = GetAnyTypeDescriptor(any);
+  if (!desc) return {};
+  std::unique_ptr<Message> message(
+      any.GetReflection()->GetMessageFactory()->GetPrototype(desc)->New());
+  message->ParsePartialFromString(any.value());
+  return message;
+}
+
+const Any* CastToAny(const Message* message) {
+  return Any::GetDescriptor() == message->GetDescriptor()
+             ? static_cast<const Any*>(message)
+             : nullptr;
+}
+
+Any* CastToAny(Message* message) {
+  return Any::GetDescriptor() == message->GetDescriptor()
+             ? static_cast<Any*>(message)
+             : nullptr;
+}
+
+std::unique_ptr<Message> UnpackIfAny(const Message& message) {
+  if (const Any* any = CastToAny(&message)) return UnpackAny(*any);
+  return {};
+}
+
+void UnpackAny(const Message& message, UnpackedAny* result) {
+  if (std::unique_ptr<Message> any = UnpackIfAny(message)) {
+    UnpackAny(*any, result);
+    result->emplace(&message, std::move(any));
+    return;
+  }
+
+  const Descriptor* descriptor = message.GetDescriptor();
+  const Reflection* reflection = message.GetReflection();
+
+  for (int i = 0; i < descriptor->field_count(); ++i) {
+    const FieldDescriptor* field = descriptor->field(i);
+    if (field->cpp_type() == FieldDescriptor::CPPTYPE_MESSAGE) {
+      if (field->is_repeated()) {
+        const int field_size = reflection->FieldSize(message, field);
+        for (int j = 0; j < field_size; ++j) {
+          UnpackAny(reflection->GetRepeatedMessage(message, field, j), result);
+        }
+      } else if (reflection->HasField(message, field)) {
+        UnpackAny(reflection->GetMessage(message, field), result);
+      }
+    }
+  }
+}
+
 class PostProcessing {
  public:
   using PostProcessors =
       std::unordered_multimap<const Descriptor*, Mutator::PostProcess>;
 
   PostProcessing(bool keep_initialized, const PostProcessors& post_processors,
-                 RandomEngine* random)
+                 UnpackedAny& any, RandomEngine* random)
       : keep_initialized_(keep_initialized),
         post_processors_(post_processors),
+        any_(any),
         random_(random) {}
 
   void Run(Message* message, int max_depth) {
@@ -410,6 +473,22 @@ class PostProcessing {
       }
     }
 
+    if (Any* any = CastToAny(message)) {
+      if (max_depth < 0) {
+        // Clear deep Any fields to avoid stack overflow.
+        any->Clear();
+      } else {
+        auto It = any_.find(message);
+        if (It != any_.end()) {
+          Run(It->second.get(), max_depth);
+          // assert(GetAnyTypeDescriptor(*any) == It->second->GetDescriptor());
+          // if (GetAnyTypeDescriptor(*any) != It->second->GetDescriptor()) {}
+          It->second->SerializePartialToString(any->mutable_value());
+        }
+      }
+    }
+
+    // Call user callback after message trimmed, initialized and packed.
     auto range = post_processors_.equal_range(descriptor);
     for (auto it = range.first; it != range.second; ++it)
       it->second(message, (*random_)());
@@ -418,6 +497,7 @@ class PostProcessing {
  private:
   bool keep_initialized_;
   const PostProcessors& post_processors_;
+  UnpackedAny& any_;
   RandomEngine* random_;
 };
 
@@ -543,30 +623,47 @@ struct CreateField : public FieldFunction<CreateField> {
 void Mutator::Seed(uint32_t value) { random_.seed(value); }
 
 void Mutator::Mutate(Message* message, size_t max_size_hint) {
+  UnpackedAny any;
+  UnpackAny(*message, &any);
+
   Messages messages;
+  messages.reserve(any.size() + 1);
   messages.push_back(message);
+  for (const auto& kv : any) messages.push_back(kv.second.get());
+
   ConstMessages sources(messages.begin(), messages.end());
   MutateImpl(sources, messages, false,
              static_cast<int>(max_size_hint) -
                  static_cast<int>(message->ByteSizeLong()));
 
-  PostProcessing(keep_initialized_, post_processors_, &random_)
+  PostProcessing(keep_initialized_, post_processors_, any, &random_)
       .Run(message, kMaxInitializeDepth);
   assert(IsInitialized(*message));
 }
 
 void Mutator::CrossOver(const Message& message1, Message* message2,
                         size_t max_size_hint) {
+  UnpackedAny any;
+  UnpackAny(*message2, &any);
+
   Messages messages;
+  messages.reserve(any.size() + 1);
   messages.push_back(message2);
+  for (auto& kv : any) messages.push_back(kv.second.get());
+
+  UnpackAny(message1, &any);
+
   ConstMessages sources;
+  sources.reserve(any.size() + 2);
   sources.push_back(&message1);
   sources.push_back(message2);
-  int size_increase_hint = static_cast<int>(max_size_hint) -
-                           static_cast<int>(message2->ByteSizeLong());
-  MutateImpl(sources, messages, true, size_increase_hint);
+  for (const auto& kv : any) sources.push_back(kv.second.get());
+
+  MutateImpl(sources, messages, true,
+             static_cast<int>(max_size_hint) -
+                 static_cast<int>(message2->ByteSizeLong()));
 
-  PostProcessing(keep_initialized_, post_processors_, &random_)
+  PostProcessing(keep_initialized_, post_processors_, any, &random_)
       .Run(message2, kMaxInitializeDepth);
   assert(IsInitialized(*message2));
 }

src/mutator_test.cc

@@ -365,7 +365,6 @@ std::vector<TestParams> GetFieldTestParams(
   for (auto t : tests) {
     auto lines = Split(t);
     for (size_t i = 0; i != lines.size(); ++i) {
-      if (lines[i].find("any {") != std::string::npos) break;
       if (lines[i].find(':') != std::string::npos)
         results.push_back(
             std::make_tuple(&T::default_instance(), t, i, lines[i]));
@@ -381,7 +380,6 @@ std::vector<TestParams> GetMessageTestParams(
   for (auto t : tests) {
     auto lines = Split(t);
     for (size_t i = 0; i != lines.size(); ++i) {
-      if (lines[i].find("any {") != std::string::npos) break;
       if (lines[i].find("{}") != std::string::npos)
         results.push_back(
             std::make_tuple(&T::default_instance(), t, i, lines[i]));
@@ -398,7 +396,7 @@ bool Mutate(const protobuf::Message& from, const protobuf::Message& to,
   EXPECT_FALSE(MessageDifferencer::Equals(from, to));
   for (int j = 0; j < iterations; ++j) {
     message->CopyFrom(from);
-    mutator.Mutate(message.get(), 1000);
+    mutator.Mutate(message.get(), 1500);
     if (MessageDifferencer::Equals(*message, to)) return true;
   }