From 22dd3bbcf0ec4507876287a5f9c662ac595f5087 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Fri, 13 May 2016 18:04:35 +0000 Subject: [PATCH] [libFuzzer] simplify FuzzerInterface.h git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@269448 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Fuzzer/CMakeLists.txt | 1 - lib/Fuzzer/FuzzerInterface.cpp | 20 --------- lib/Fuzzer/FuzzerInterface.h | 82 +++++++++++++---------------------- lib/Fuzzer/FuzzerInternal.h | 4 ++ lib/Fuzzer/FuzzerLoop.cpp | 13 +++--- lib/Fuzzer/test/CustomMutatorTest.cpp | 2 +- 6 files changed, 43 insertions(+), 79 deletions(-) delete mode 100644 lib/Fuzzer/FuzzerInterface.cpp diff --git a/lib/Fuzzer/CMakeLists.txt b/lib/Fuzzer/CMakeLists.txt index 16620b06e71..4022375bc26 100644 --- a/lib/Fuzzer/CMakeLists.txt +++ b/lib/Fuzzer/CMakeLists.txt @@ -4,7 +4,6 @@ set(CMAKE_CXX_FLAGS_RELEASE "${LIBFUZZER_FLAGS_BASE} -O2 -fno-sanitize=all -fno- if( LLVM_USE_SANITIZE_COVERAGE ) add_library(LLVMFuzzerNoMainObjects OBJECT FuzzerCrossOver.cpp - FuzzerInterface.cpp FuzzerTraceState.cpp FuzzerDriver.cpp FuzzerIO.cpp diff --git a/lib/Fuzzer/FuzzerInterface.cpp b/lib/Fuzzer/FuzzerInterface.cpp deleted file mode 100644 index 5de7d614429..00000000000 --- a/lib/Fuzzer/FuzzerInterface.cpp +++ /dev/null @@ -1,20 +0,0 @@ -//===- FuzzerInterface.cpp - Mutate a test input --------------------------===// -// -// The LLVM Compiler Infrastructure -// -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. -// -//===----------------------------------------------------------------------===// -// Parts of public interface for libFuzzer. -//===----------------------------------------------------------------------===// - - -#include "FuzzerInterface.h" -#include "FuzzerInternal.h" -#include - -namespace fuzzer { - - -} // namespace fuzzer. diff --git a/lib/Fuzzer/FuzzerInterface.h b/lib/Fuzzer/FuzzerInterface.h index 30620e51396..8d27f2e7f48 100644 --- a/lib/Fuzzer/FuzzerInterface.h +++ b/lib/Fuzzer/FuzzerInterface.h @@ -6,75 +6,53 @@ // License. See LICENSE.TXT for details. // //===----------------------------------------------------------------------===// -// Define the interface between the Fuzzer and the library being tested. +// Define the interface between libFuzzer and the library being tested. //===----------------------------------------------------------------------===// -// WARNING: keep the interface free of STL or any other header-based C++ lib, -// to avoid bad interactions between the code used in the fuzzer and -// the code used in the target function. +// NOTE: the libFuzzer interface is thin and in the majority of cases +// you should not include this file into your target. In 95% of cases +// all you need is to define the following function in your file: +// extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); + +// WARNING: keep the interface in C. #ifndef LLVM_FUZZER_INTERFACE_H #define LLVM_FUZZER_INTERFACE_H -#include -#include +#include +#include -// Plain C interface. Should be sufficient for most uses. +#ifdef __cplusplus extern "C" { -// The target function, mandatory. +#endif // __cplusplus + +// Mandatory user-provided target function. +// Executes the code under test with [Data, Data+Size) as the input. +// libFuzzer will invoke this function *many* times with different inputs. // Must return 0. int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); -// The initialization function, optional. + +// Optional user-provided initialization function. +// If provided, this function will be called by libFuzzer once at startup. +// It may read and modify argc/argv. +// Must return 0. int LLVMFuzzerInitialize(int *argc, char ***argv); -// Custom mutator, optional. -// Mutates raw data in [Data, Data+Size] inplace. + +// Optional user-provided custom mutator. +// Mutates raw data in [Data, Data+Size) inplace. // Returns the new size, which is not greater than MaxSize. // Given the same Seed produces the same mutation. size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed); -} // extern "C" - -namespace fuzzer { - -/// Returns an int 0. Values other than zero are reserved for future. -typedef int (*UserCallback)(const uint8_t *Data, size_t Size); -/** Simple C-like interface with a single user-supplied callback. - -Usage: - -#\code -#include "FuzzerInterface.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - DoStuffWithData(Data, Size); - return 0; -} - -// Optional. -// Define this only if you need to read/modify argc/argv at startup -// and you are using libFuzzer's main(). -// Must return 0. -int LLVMFuzzerInitialize(int *argc, char ***argv) { - ReadAndMaybeModify(argc, argv); - return 0; -} - -// Implement your own main() or use the one from FuzzerMain.cpp. -// *NOT* recommended for most cases. -int main(int argc, char **argv) { - InitializeMeIfNeeded(); - return fuzzer::FuzzerDriver(argc, argv, LLVMFuzzerTestOneInput); -} -#\endcode -*/ -int FuzzerDriver(int argc, char **argv, UserCallback Callback); - -// Mutates raw data in [Data, Data+Size] inplace. +// Experimental, may go away in future. +// libFuzzer-provided function to be used inside LLVMFuzzerTestOneInput. +// Mutates raw data in [Data, Data+Size) inplace. // Returns the new size, which is not greater than MaxSize. -// Can be used inside the user-supplied LLVMFuzzerTestOneInput. -size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize); +size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize); -} // namespace fuzzer +#ifdef __cplusplus +} // extern "C" +#endif // __cplusplus #endif // LLVM_FUZZER_INTERFACE_H diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h index 5e2b474ead9..f43f99f838a 100644 --- a/lib/Fuzzer/FuzzerInternal.h +++ b/lib/Fuzzer/FuzzerInternal.h @@ -28,6 +28,10 @@ #include "FuzzerTracePC.h" namespace fuzzer { + +typedef int (*UserCallback)(const uint8_t *Data, size_t Size); +int FuzzerDriver(int argc, char **argv, UserCallback Callback); + using namespace std::chrono; typedef std::vector Unit; typedef std::vector UnitVector; diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp index 117c1c75823..f2633ce91d9 100644 --- a/lib/Fuzzer/FuzzerLoop.cpp +++ b/lib/Fuzzer/FuzzerLoop.cpp @@ -76,11 +76,6 @@ static void MissingWeakApiFunction(const char *FnName) { // Only one Fuzzer per process. static Fuzzer *F; -size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) { - assert(F); - return F->GetMD().Mutate(Data, Size, MaxSize); -} - struct CoverageController { static void Reset() { CHECK_WEAK_API_FUNCTION(__sanitizer_reset_coverage); @@ -767,3 +762,11 @@ void Fuzzer::UpdateCorpusDistribution() { } } // namespace fuzzer + +extern "C" { + +size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) { + assert(fuzzer::F); + return fuzzer::F->GetMD().Mutate(Data, Size, MaxSize); +} +} // extern "C" diff --git a/lib/Fuzzer/test/CustomMutatorTest.cpp b/lib/Fuzzer/test/CustomMutatorTest.cpp index 0e76eaf8ebd..4f84519a90e 100644 --- a/lib/Fuzzer/test/CustomMutatorTest.cpp +++ b/lib/Fuzzer/test/CustomMutatorTest.cpp @@ -34,5 +34,5 @@ extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, std::cerr << "In LLVMFuzzerCustomMutator\n"; Printed = true; } - return fuzzer::Mutate(Data, Size, MaxSize); + return LLVMFuzzerMutate(Data, Size, MaxSize); } -- 2.11.0