2017-08-22 07:25:50 +08:00
|
|
|
//===- FuzzerDefs.h - Internal header for the Fuzzer ------------*- C++ -* ===//
|
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
// Basic definitions.
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
#ifndef LLVM_FUZZER_DEFS_H
|
|
|
|
#define LLVM_FUZZER_DEFS_H
|
|
|
|
|
|
|
|
#include <cassert>
|
|
|
|
#include <cstddef>
|
|
|
|
#include <cstdint>
|
|
|
|
#include <cstring>
|
|
|
|
#include <string>
|
|
|
|
#include <vector>
|
2017-08-28 07:20:09 +08:00
|
|
|
#include <set>
|
|
|
|
#include <memory>
|
2017-08-22 07:25:50 +08:00
|
|
|
|
|
|
|
// Platform detection.
|
|
|
|
#ifdef __linux__
|
|
|
|
#define LIBFUZZER_APPLE 0
|
[libFuzzer] Add support for Fuchsia OS.
Summary:
This patch adds the initial support for Fuchsia.
- LIBFUZZER_FUCHSIA is added as an OS type in FuzzerDefs.h
- Fuchsia is, by design, not POSIX compliant. However, it does use ELF and
supports common POSIX I/O functions. Thus, FuzzerExtFunctions.h and
FuzzerIO.h are implemented by extending the header guards in
FuzzerExtFunctionsWeak.cpp and FuzzerIOPosix.cpp to include
LIBFUZZER_FUCHSIA.
- The platform-specific portions of FuzzerUtil.h are implemented by
FuzzerUtilFuchsia.cpp, which makes use of exception ports, syscalls, and
the launchpad library.
- The experimental equivalence server is not currently supported, so
FuzzerShmem.h is implemented by stub methods in FuzzerShmemFuchsia.cpp.
Any future implementation will likely involve VMOs.
Tested with ASAN/SanCov on Fuchsia/x86-64 with the canonical toy fuzzer.
Patch By: aarongreen
Reviewers: kcc, morehouse, flowerhack, phosek
Reviewed By: kcc, phosek, Eugene.Zelenko
Subscribers: srhines, mgorny, Eugene.Zelenko
Differential Revision: https://reviews.llvm.org/D40974
llvm-svn: 320210
2017-12-09 06:54:44 +08:00
|
|
|
#define LIBFUZZER_FUCHSIA 0
|
2017-08-22 07:25:50 +08:00
|
|
|
#define LIBFUZZER_LINUX 1
|
2017-08-31 06:44:11 +08:00
|
|
|
#define LIBFUZZER_NETBSD 0
|
lib Fuzzer FreeBSD support
Summary: Patch by David CARLIER
Reviewers: vitalybuka, kcc, dim, emaste, davide, morehouse, george.karpenkov
Reviewed By: morehouse
Subscribers: george.karpenkov, kubamracek, srhines, mgorny, emaste, krytarowski
Differential Revision: https://reviews.llvm.org/D41642
llvm-svn: 322380
2018-01-13 01:15:05 +08:00
|
|
|
#define LIBFUZZER_FREEBSD 0
|
2018-04-10 06:38:26 +08:00
|
|
|
#define LIBFUZZER_OPENBSD 0
|
2017-08-22 07:25:50 +08:00
|
|
|
#define LIBFUZZER_WINDOWS 0
|
|
|
|
#elif __APPLE__
|
|
|
|
#define LIBFUZZER_APPLE 1
|
[libFuzzer] Add support for Fuchsia OS.
Summary:
This patch adds the initial support for Fuchsia.
- LIBFUZZER_FUCHSIA is added as an OS type in FuzzerDefs.h
- Fuchsia is, by design, not POSIX compliant. However, it does use ELF and
supports common POSIX I/O functions. Thus, FuzzerExtFunctions.h and
FuzzerIO.h are implemented by extending the header guards in
FuzzerExtFunctionsWeak.cpp and FuzzerIOPosix.cpp to include
LIBFUZZER_FUCHSIA.
- The platform-specific portions of FuzzerUtil.h are implemented by
FuzzerUtilFuchsia.cpp, which makes use of exception ports, syscalls, and
the launchpad library.
- The experimental equivalence server is not currently supported, so
FuzzerShmem.h is implemented by stub methods in FuzzerShmemFuchsia.cpp.
Any future implementation will likely involve VMOs.
Tested with ASAN/SanCov on Fuchsia/x86-64 with the canonical toy fuzzer.
Patch By: aarongreen
Reviewers: kcc, morehouse, flowerhack, phosek
Reviewed By: kcc, phosek, Eugene.Zelenko
Subscribers: srhines, mgorny, Eugene.Zelenko
Differential Revision: https://reviews.llvm.org/D40974
llvm-svn: 320210
2017-12-09 06:54:44 +08:00
|
|
|
#define LIBFUZZER_FUCHSIA 0
|
2017-08-22 07:25:50 +08:00
|
|
|
#define LIBFUZZER_LINUX 0
|
2017-08-31 06:44:11 +08:00
|
|
|
#define LIBFUZZER_NETBSD 0
|
lib Fuzzer FreeBSD support
Summary: Patch by David CARLIER
Reviewers: vitalybuka, kcc, dim, emaste, davide, morehouse, george.karpenkov
Reviewed By: morehouse
Subscribers: george.karpenkov, kubamracek, srhines, mgorny, emaste, krytarowski
Differential Revision: https://reviews.llvm.org/D41642
llvm-svn: 322380
2018-01-13 01:15:05 +08:00
|
|
|
#define LIBFUZZER_FREEBSD 0
|
2018-04-10 06:38:26 +08:00
|
|
|
#define LIBFUZZER_OPENBSD 0
|
2017-08-31 06:44:11 +08:00
|
|
|
#define LIBFUZZER_WINDOWS 0
|
|
|
|
#elif __NetBSD__
|
|
|
|
#define LIBFUZZER_APPLE 0
|
[libFuzzer] Add support for Fuchsia OS.
Summary:
This patch adds the initial support for Fuchsia.
- LIBFUZZER_FUCHSIA is added as an OS type in FuzzerDefs.h
- Fuchsia is, by design, not POSIX compliant. However, it does use ELF and
supports common POSIX I/O functions. Thus, FuzzerExtFunctions.h and
FuzzerIO.h are implemented by extending the header guards in
FuzzerExtFunctionsWeak.cpp and FuzzerIOPosix.cpp to include
LIBFUZZER_FUCHSIA.
- The platform-specific portions of FuzzerUtil.h are implemented by
FuzzerUtilFuchsia.cpp, which makes use of exception ports, syscalls, and
the launchpad library.
- The experimental equivalence server is not currently supported, so
FuzzerShmem.h is implemented by stub methods in FuzzerShmemFuchsia.cpp.
Any future implementation will likely involve VMOs.
Tested with ASAN/SanCov on Fuchsia/x86-64 with the canonical toy fuzzer.
Patch By: aarongreen
Reviewers: kcc, morehouse, flowerhack, phosek
Reviewed By: kcc, phosek, Eugene.Zelenko
Subscribers: srhines, mgorny, Eugene.Zelenko
Differential Revision: https://reviews.llvm.org/D40974
llvm-svn: 320210
2017-12-09 06:54:44 +08:00
|
|
|
#define LIBFUZZER_FUCHSIA 0
|
2017-08-31 06:44:11 +08:00
|
|
|
#define LIBFUZZER_LINUX 0
|
|
|
|
#define LIBFUZZER_NETBSD 1
|
lib Fuzzer FreeBSD support
Summary: Patch by David CARLIER
Reviewers: vitalybuka, kcc, dim, emaste, davide, morehouse, george.karpenkov
Reviewed By: morehouse
Subscribers: george.karpenkov, kubamracek, srhines, mgorny, emaste, krytarowski
Differential Revision: https://reviews.llvm.org/D41642
llvm-svn: 322380
2018-01-13 01:15:05 +08:00
|
|
|
#define LIBFUZZER_FREEBSD 0
|
2018-04-10 06:38:26 +08:00
|
|
|
#define LIBFUZZER_OPENBSD 0
|
lib Fuzzer FreeBSD support
Summary: Patch by David CARLIER
Reviewers: vitalybuka, kcc, dim, emaste, davide, morehouse, george.karpenkov
Reviewed By: morehouse
Subscribers: george.karpenkov, kubamracek, srhines, mgorny, emaste, krytarowski
Differential Revision: https://reviews.llvm.org/D41642
llvm-svn: 322380
2018-01-13 01:15:05 +08:00
|
|
|
#define LIBFUZZER_WINDOWS 0
|
|
|
|
#elif __FreeBSD__
|
|
|
|
#define LIBFUZZER_APPLE 0
|
|
|
|
#define LIBFUZZER_FUCHSIA 0
|
|
|
|
#define LIBFUZZER_LINUX 0
|
|
|
|
#define LIBFUZZER_NETBSD 0
|
|
|
|
#define LIBFUZZER_FREEBSD 1
|
2018-04-10 06:38:26 +08:00
|
|
|
#define LIBFUZZER_OPENBSD 0
|
|
|
|
#define LIBFUZZER_WINDOWS 0
|
|
|
|
#elif __OpenBSD__
|
|
|
|
#define LIBFUZZER_APPLE 0
|
|
|
|
#define LIBFUZZER_FUCHSIA 0
|
|
|
|
#define LIBFUZZER_LINUX 0
|
|
|
|
#define LIBFUZZER_NETBSD 0
|
|
|
|
#define LIBFUZZER_FREEBSD 0
|
|
|
|
#define LIBFUZZER_OPENBSD 1
|
2017-08-22 07:25:50 +08:00
|
|
|
#define LIBFUZZER_WINDOWS 0
|
|
|
|
#elif _WIN32
|
|
|
|
#define LIBFUZZER_APPLE 0
|
[libFuzzer] Add support for Fuchsia OS.
Summary:
This patch adds the initial support for Fuchsia.
- LIBFUZZER_FUCHSIA is added as an OS type in FuzzerDefs.h
- Fuchsia is, by design, not POSIX compliant. However, it does use ELF and
supports common POSIX I/O functions. Thus, FuzzerExtFunctions.h and
FuzzerIO.h are implemented by extending the header guards in
FuzzerExtFunctionsWeak.cpp and FuzzerIOPosix.cpp to include
LIBFUZZER_FUCHSIA.
- The platform-specific portions of FuzzerUtil.h are implemented by
FuzzerUtilFuchsia.cpp, which makes use of exception ports, syscalls, and
the launchpad library.
- The experimental equivalence server is not currently supported, so
FuzzerShmem.h is implemented by stub methods in FuzzerShmemFuchsia.cpp.
Any future implementation will likely involve VMOs.
Tested with ASAN/SanCov on Fuchsia/x86-64 with the canonical toy fuzzer.
Patch By: aarongreen
Reviewers: kcc, morehouse, flowerhack, phosek
Reviewed By: kcc, phosek, Eugene.Zelenko
Subscribers: srhines, mgorny, Eugene.Zelenko
Differential Revision: https://reviews.llvm.org/D40974
llvm-svn: 320210
2017-12-09 06:54:44 +08:00
|
|
|
#define LIBFUZZER_FUCHSIA 0
|
2017-08-22 07:25:50 +08:00
|
|
|
#define LIBFUZZER_LINUX 0
|
2017-08-31 06:44:11 +08:00
|
|
|
#define LIBFUZZER_NETBSD 0
|
lib Fuzzer FreeBSD support
Summary: Patch by David CARLIER
Reviewers: vitalybuka, kcc, dim, emaste, davide, morehouse, george.karpenkov
Reviewed By: morehouse
Subscribers: george.karpenkov, kubamracek, srhines, mgorny, emaste, krytarowski
Differential Revision: https://reviews.llvm.org/D41642
llvm-svn: 322380
2018-01-13 01:15:05 +08:00
|
|
|
#define LIBFUZZER_FREEBSD 0
|
2018-04-10 06:38:26 +08:00
|
|
|
#define LIBFUZZER_OPENBSD 0
|
2017-08-22 07:25:50 +08:00
|
|
|
#define LIBFUZZER_WINDOWS 1
|
[libFuzzer] Add support for Fuchsia OS.
Summary:
This patch adds the initial support for Fuchsia.
- LIBFUZZER_FUCHSIA is added as an OS type in FuzzerDefs.h
- Fuchsia is, by design, not POSIX compliant. However, it does use ELF and
supports common POSIX I/O functions. Thus, FuzzerExtFunctions.h and
FuzzerIO.h are implemented by extending the header guards in
FuzzerExtFunctionsWeak.cpp and FuzzerIOPosix.cpp to include
LIBFUZZER_FUCHSIA.
- The platform-specific portions of FuzzerUtil.h are implemented by
FuzzerUtilFuchsia.cpp, which makes use of exception ports, syscalls, and
the launchpad library.
- The experimental equivalence server is not currently supported, so
FuzzerShmem.h is implemented by stub methods in FuzzerShmemFuchsia.cpp.
Any future implementation will likely involve VMOs.
Tested with ASAN/SanCov on Fuchsia/x86-64 with the canonical toy fuzzer.
Patch By: aarongreen
Reviewers: kcc, morehouse, flowerhack, phosek
Reviewed By: kcc, phosek, Eugene.Zelenko
Subscribers: srhines, mgorny, Eugene.Zelenko
Differential Revision: https://reviews.llvm.org/D40974
llvm-svn: 320210
2017-12-09 06:54:44 +08:00
|
|
|
#elif __Fuchsia__
|
|
|
|
#define LIBFUZZER_APPLE 0
|
|
|
|
#define LIBFUZZER_FUCHSIA 1
|
|
|
|
#define LIBFUZZER_LINUX 0
|
|
|
|
#define LIBFUZZER_NETBSD 0
|
lib Fuzzer FreeBSD support
Summary: Patch by David CARLIER
Reviewers: vitalybuka, kcc, dim, emaste, davide, morehouse, george.karpenkov
Reviewed By: morehouse
Subscribers: george.karpenkov, kubamracek, srhines, mgorny, emaste, krytarowski
Differential Revision: https://reviews.llvm.org/D41642
llvm-svn: 322380
2018-01-13 01:15:05 +08:00
|
|
|
#define LIBFUZZER_FREEBSD 0
|
2018-04-10 06:38:26 +08:00
|
|
|
#define LIBFUZZER_OPENBSD 0
|
[libFuzzer] Add support for Fuchsia OS.
Summary:
This patch adds the initial support for Fuchsia.
- LIBFUZZER_FUCHSIA is added as an OS type in FuzzerDefs.h
- Fuchsia is, by design, not POSIX compliant. However, it does use ELF and
supports common POSIX I/O functions. Thus, FuzzerExtFunctions.h and
FuzzerIO.h are implemented by extending the header guards in
FuzzerExtFunctionsWeak.cpp and FuzzerIOPosix.cpp to include
LIBFUZZER_FUCHSIA.
- The platform-specific portions of FuzzerUtil.h are implemented by
FuzzerUtilFuchsia.cpp, which makes use of exception ports, syscalls, and
the launchpad library.
- The experimental equivalence server is not currently supported, so
FuzzerShmem.h is implemented by stub methods in FuzzerShmemFuchsia.cpp.
Any future implementation will likely involve VMOs.
Tested with ASAN/SanCov on Fuchsia/x86-64 with the canonical toy fuzzer.
Patch By: aarongreen
Reviewers: kcc, morehouse, flowerhack, phosek
Reviewed By: kcc, phosek, Eugene.Zelenko
Subscribers: srhines, mgorny, Eugene.Zelenko
Differential Revision: https://reviews.llvm.org/D40974
llvm-svn: 320210
2017-12-09 06:54:44 +08:00
|
|
|
#define LIBFUZZER_WINDOWS 0
|
2017-08-22 07:25:50 +08:00
|
|
|
#else
|
|
|
|
#error "Support for your platform has not been implemented"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef __has_attribute
|
|
|
|
# define __has_attribute(x) 0
|
|
|
|
#endif
|
|
|
|
|
2018-04-10 06:38:26 +08:00
|
|
|
#define LIBFUZZER_POSIX \
|
|
|
|
(LIBFUZZER_APPLE || LIBFUZZER_LINUX || LIBFUZZER_NETBSD || \
|
|
|
|
LIBFUZZER_FREEBSD || LIBFUZZER_OPENBSD)
|
2017-08-22 07:25:50 +08:00
|
|
|
|
|
|
|
#ifdef __x86_64
|
|
|
|
# if __has_attribute(target)
|
|
|
|
# define ATTRIBUTE_TARGET_POPCNT __attribute__((target("popcnt")))
|
|
|
|
# else
|
|
|
|
# define ATTRIBUTE_TARGET_POPCNT
|
|
|
|
# endif
|
|
|
|
#else
|
|
|
|
# define ATTRIBUTE_TARGET_POPCNT
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef __clang__ // avoid gcc warning.
|
|
|
|
# if __has_attribute(no_sanitize)
|
|
|
|
# define ATTRIBUTE_NO_SANITIZE_MEMORY __attribute__((no_sanitize("memory")))
|
|
|
|
# else
|
|
|
|
# define ATTRIBUTE_NO_SANITIZE_MEMORY
|
|
|
|
# endif
|
|
|
|
# define ALWAYS_INLINE __attribute__((always_inline))
|
|
|
|
#else
|
|
|
|
# define ATTRIBUTE_NO_SANITIZE_MEMORY
|
|
|
|
# define ALWAYS_INLINE
|
|
|
|
#endif // __clang__
|
|
|
|
|
|
|
|
#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address))
|
|
|
|
|
|
|
|
#if defined(__has_feature)
|
|
|
|
# if __has_feature(address_sanitizer)
|
|
|
|
# define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_ADDRESS
|
|
|
|
# elif __has_feature(memory_sanitizer)
|
|
|
|
# define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_MEMORY
|
|
|
|
# else
|
|
|
|
# define ATTRIBUTE_NO_SANITIZE_ALL
|
|
|
|
# endif
|
|
|
|
#else
|
|
|
|
# define ATTRIBUTE_NO_SANITIZE_ALL
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#if LIBFUZZER_WINDOWS
|
|
|
|
#define ATTRIBUTE_INTERFACE __declspec(dllexport)
|
[libFuzzer] Port to Windows
Summary:
Port libFuzzer to windows-msvc.
This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well.
It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch.
It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them.
Patch By: metzman
Reviewers: morehouse, rnk
Reviewed By: morehouse, rnk
Subscribers: #sanitizers, delcypher, morehouse, kcc, eraman
Differential Revision: https://reviews.llvm.org/D51022
llvm-svn: 341082
2018-08-30 23:54:44 +08:00
|
|
|
// This is used for __sancov_lowest_stack which is needed for
|
|
|
|
// -fsanitize-coverage=stack-depth. That feature is not yet available on
|
|
|
|
// Windows, so make the symbol static to avoid linking errors.
|
|
|
|
#define ATTRIBUTES_INTERFACE_TLS_INITIAL_EXEC \
|
|
|
|
__attribute__((tls_model("initial-exec"))) thread_local static
|
2017-08-22 07:25:50 +08:00
|
|
|
#else
|
|
|
|
#define ATTRIBUTE_INTERFACE __attribute__((visibility("default")))
|
[libFuzzer] Port to Windows
Summary:
Port libFuzzer to windows-msvc.
This patch allows libFuzzer targets to be built and run on Windows, using -fsanitize=fuzzer and/or fsanitize=fuzzer-no-link. It allows these forms of coverage instrumentation to work on Windows as well.
It does not fix all issues, such as those with -fsanitize-coverage=stack-depth, which is not usable on Windows as of this patch.
It also does not fix any libFuzzer integration tests. Nearly all of them fail to compile, fixing them will come in a later patch, so libFuzzer tests are disabled on Windows until them.
Patch By: metzman
Reviewers: morehouse, rnk
Reviewed By: morehouse, rnk
Subscribers: #sanitizers, delcypher, morehouse, kcc, eraman
Differential Revision: https://reviews.llvm.org/D51022
llvm-svn: 341082
2018-08-30 23:54:44 +08:00
|
|
|
#define ATTRIBUTES_INTERFACE_TLS_INITIAL_EXEC \
|
|
|
|
ATTRIBUTE_INTERFACE __attribute__((tls_model("initial-exec"))) thread_local
|
2017-08-22 07:25:50 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
namespace fuzzer {
|
|
|
|
|
|
|
|
template <class T> T Min(T a, T b) { return a < b ? a : b; }
|
|
|
|
template <class T> T Max(T a, T b) { return a > b ? a : b; }
|
|
|
|
|
|
|
|
class Random;
|
|
|
|
class Dictionary;
|
|
|
|
class DictionaryEntry;
|
|
|
|
class MutationDispatcher;
|
|
|
|
struct FuzzingOptions;
|
|
|
|
class InputCorpus;
|
|
|
|
struct InputInfo;
|
|
|
|
struct ExternalFunctions;
|
|
|
|
|
|
|
|
// Global interface to functions that may or may not be available.
|
|
|
|
extern ExternalFunctions *EF;
|
|
|
|
|
2017-08-28 07:20:09 +08:00
|
|
|
// We are using a custom allocator to give a different symbol name to STL
|
|
|
|
// containers in order to avoid ODR violations.
|
|
|
|
template<typename T>
|
|
|
|
class fuzzer_allocator: public std::allocator<T> {
|
|
|
|
public:
|
2018-06-06 17:22:19 +08:00
|
|
|
fuzzer_allocator() = default;
|
|
|
|
|
|
|
|
template<class U>
|
|
|
|
fuzzer_allocator(const fuzzer_allocator<U>&) {}
|
|
|
|
|
2017-08-28 07:20:09 +08:00
|
|
|
template<class Other>
|
|
|
|
struct rebind { typedef fuzzer_allocator<Other> other; };
|
|
|
|
};
|
|
|
|
|
|
|
|
template<typename T>
|
|
|
|
using Vector = std::vector<T, fuzzer_allocator<T>>;
|
|
|
|
|
|
|
|
template<typename T>
|
|
|
|
using Set = std::set<T, std::less<T>, fuzzer_allocator<T>>;
|
|
|
|
|
|
|
|
typedef Vector<uint8_t> Unit;
|
|
|
|
typedef Vector<Unit> UnitVector;
|
2017-08-22 07:25:50 +08:00
|
|
|
typedef int (*UserCallback)(const uint8_t *Data, size_t Size);
|
|
|
|
|
|
|
|
int FuzzerDriver(int *argc, char ***argv, UserCallback Callback);
|
|
|
|
|
|
|
|
inline uint8_t Bswap(uint8_t x) { return x; }
|
|
|
|
inline uint16_t Bswap(uint16_t x) { return __builtin_bswap16(x); }
|
|
|
|
inline uint32_t Bswap(uint32_t x) { return __builtin_bswap32(x); }
|
|
|
|
inline uint64_t Bswap(uint64_t x) { return __builtin_bswap64(x); }
|
|
|
|
|
|
|
|
uint8_t *ExtraCountersBegin();
|
|
|
|
uint8_t *ExtraCountersEnd();
|
|
|
|
void ClearExtraCounters();
|
|
|
|
|
2018-07-18 00:12:00 +08:00
|
|
|
extern bool RunningUserCallback;
|
|
|
|
|
2017-08-22 07:25:50 +08:00
|
|
|
} // namespace fuzzer
|
|
|
|
|
|
|
|
#endif // LLVM_FUZZER_DEFS_H
|