// Copyright 2019 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// Package wirefuzz includes a fuzzer for the wire marshaler and unmarshaler.
package wirefuzz

import (
	"fmt"

	"google.golang.org/protobuf/internal/impl"
	"google.golang.org/protobuf/proto"
	"google.golang.org/protobuf/reflect/protoregistry"
	piface "google.golang.org/protobuf/runtime/protoiface"

	fuzzpb "google.golang.org/protobuf/internal/testprotos/fuzz"
)

// Fuzz is a fuzzer for proto.Marshal and proto.Unmarshal.
func Fuzz(data []byte) (score int) {
	// Unmarshal and Validate should agree about the validity of the message.
	m1 := &fuzzpb.Fuzz{}
	mt := m1.ProtoReflect().Type()
	_, valid := impl.Validate(mt, piface.UnmarshalInput{Buf: data})
	if err := (proto.UnmarshalOptions{AllowPartial: true}).Unmarshal(data, m1); err != nil {
		switch valid {
		case impl.ValidationUnknown:
		case impl.ValidationInvalid:
		default:
			panic("unmarshal error with validation status: " + valid.String())
		}
		return 0
	}
	switch valid {
	case impl.ValidationUnknown:
	case impl.ValidationValid:
	default:
		panic("unmarshal ok with validation status: " + valid.String())
	}

	// Unmarshal, Validate, and CheckInitialized should agree about initialization.
	checkInit := proto.CheckInitialized(m1) == nil
	methods := m1.ProtoReflect().ProtoMethods()
	in := piface.UnmarshalInput{Message: mt.New(), Resolver: protoregistry.GlobalTypes, Depth: 10000}
	if checkInit {
		// If the message initialized, the both Unmarshal and Validate should
		// report it as such. False negatives are tolerated, but have a
		// significant impact on performance. In general, they should always
		// properly determine initialization for any normalized message,
		// we produce by re-marshaling the message.
		in.Buf, _ = proto.Marshal(m1)
		if out, _ := methods.Unmarshal(in); out.Flags&piface.UnmarshalInitialized == 0 {
			panic("unmarshal reports initialized message as partial")
		}
		if out, _ := impl.Validate(mt, in); out.Flags&piface.UnmarshalInitialized == 0 {
			panic("validate reports initialized message as partial")
		}
	} else {
		// If the message is partial, then neither Unmarshal nor Validate
		// should ever report it as such. False positives are unacceptable.
		in.Buf = data
		if out, _ := methods.Unmarshal(in); out.Flags&piface.UnmarshalInitialized != 0 {
			panic("unmarshal reports partial message as initialized")
		}
		if out, _ := impl.Validate(mt, in); out.Flags&piface.UnmarshalInitialized != 0 {
			panic("validate reports partial message as initialized")
		}
	}

	// Round-trip Marshal and Unmarshal should produce the same messages.
	data1, err := proto.MarshalOptions{AllowPartial: !checkInit}.Marshal(m1)
	if err != nil {
		panic(err)
	}
	if proto.Size(m1) != len(data1) {
		panic(fmt.Errorf("size does not match output: %d != %d", proto.Size(m1), len(data1)))
	}
	m2 := &fuzzpb.Fuzz{}
	if err := (proto.UnmarshalOptions{AllowPartial: !checkInit}).Unmarshal(data1, m2); err != nil {
		panic(err)
	}
	if !proto.Equal(m1, m2) {
		panic("not equal")
	}
	return 1
}