llvm-project/compiler-rt/lib/fuzzer/FuzzerExtFunctions.def

//===- FuzzerExtFunctions.def - External functions --------------*- C++ -* ===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// This defines the external function pointers that
// ``fuzzer::ExternalFunctions`` should contain and try to initialize.  The
// EXT_FUNC macro must be defined at the point of inclusion. The signature of
// the macro is:
//
// EXT_FUNC(<name>, <return_type>, <function_signature>, <warn_if_missing>)
//===----------------------------------------------------------------------===//

// Optional user functions
EXT_FUNC(LLVMFuzzerInitialize, int, (int *argc, char ***argv), false);
EXT_FUNC(LLVMFuzzerCustomMutator, size_t,
         (uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed),
         false);
EXT_FUNC(LLVMFuzzerCustomCrossOver, size_t,
         (const uint8_t *Data1, size_t Size1,
          const uint8_t *Data2, size_t Size2,
          uint8_t *Out, size_t MaxOutSize, unsigned int Seed),
         false);

// Sanitizer functions
EXT_FUNC(__lsan_enable, void, (), false);
EXT_FUNC(__lsan_disable, void, (), false);
EXT_FUNC(__lsan_do_recoverable_leak_check, int, (), false);
EXT_FUNC(__sanitizer_acquire_crash_state, int, (), true);
EXT_FUNC(__sanitizer_install_malloc_and_free_hooks, int,
         (void (*malloc_hook)(const volatile void *, size_t),
          void (*free_hook)(const volatile void *)),
         false);
EXT_FUNC(__sanitizer_log_write, void, (const char *buf, size_t len), false);
EXT_FUNC(__sanitizer_purge_allocator, void, (), false);
EXT_FUNC(__sanitizer_print_memory_profile, void, (size_t, size_t), false);
EXT_FUNC(__sanitizer_print_stack_trace, void, (), true);
EXT_FUNC(__sanitizer_symbolize_pc, void,
         (void *, const char *fmt, char *out_buf, size_t out_buf_size), false);
EXT_FUNC(__sanitizer_get_module_and_offset_for_pc, int,
         (void *pc, char *module_path,
         size_t module_path_len,void **pc_offset), false);
EXT_FUNC(__sanitizer_set_death_callback, void, (void (*)(void)), true);
EXT_FUNC(__sanitizer_set_report_fd, void, (void*), false);
EXT_FUNC(__msan_scoped_disable_interceptor_checks, void, (), false);
EXT_FUNC(__msan_scoped_enable_interceptor_checks, void, (), false);
EXT_FUNC(__msan_unpoison, void, (const volatile void *, size_t size), false);
EXT_FUNC(__msan_unpoison_param, void, (size_t n), false);
Move libFuzzer to compiler_rt. Resulting library binaries will be named libclang_rt.fuzzer*, and will be placed in Clang toolchain, allowing redistribution. Differential Revision: https://reviews.llvm.org/D36908 llvm-svn: 311407 2017-08-22 07:25:50 +08:00			`//===- FuzzerExtFunctions.def - External functions --------------- C++ - ===//`
			`//`
Update the file headers across all of the LLVM projects in the monorepo to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. llvm-svn: 351636 2019-01-19 16:50:56 +08:00			`// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.`
			`// See https://llvm.org/LICENSE.txt for license information.`
			`// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception`
Move libFuzzer to compiler_rt. Resulting library binaries will be named libclang_rt.fuzzer*, and will be placed in Clang toolchain, allowing redistribution. Differential Revision: https://reviews.llvm.org/D36908 llvm-svn: 311407 2017-08-22 07:25:50 +08:00			`//`
			`//===----------------------------------------------------------------------===//`
			`// This defines the external function pointers that`
			// ``fuzzer::ExternalFunctions`` should contain and try to initialize. The
			`// EXT_FUNC macro must be defined at the point of inclusion. The signature of`
			`// the macro is:`
			`//`
			`// EXT_FUNC(<name>, <return_type>, <function_signature>, <warn_if_missing>)`
			`//===----------------------------------------------------------------------===//`

			`// Optional user functions`
			`EXT_FUNC(LLVMFuzzerInitialize, int, (int argc, char **argv), false);`
			`EXT_FUNC(LLVMFuzzerCustomMutator, size_t,`
[compiler-rt] Move FDP to include/fuzzer/FuzzedDataProvider.h for easier use. Summary: FuzzedDataProvider is a helper class for writing fuzz targets that fuzz multple inputs simultaneously. The header is supposed to be used for fuzzing engine agnostic fuzz targets (i.e. the same target can be used with libFuzzer, AFL, honggfuzz, and other engines). The common thing though is that fuzz targets are typically compiled with clang, as it provides all sanitizers as well as different coverage instrumentation modes. Therefore, making this FDP class a part of the compiler-rt installation package would make it easier to develop and distribute fuzz targets across different projects, build systems, etc. Some context also available in https://github.com/google/oss-fuzz/pull/2547. This CL does not delete the header from `lib/fuzzer/utils` directory in order to provide the downstream users some time for a smooth migration to the new header location. Reviewers: kcc, morehouse Reviewed By: morehouse Subscribers: lebedev.ri, kubamracek, dberris, mgorny, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D65661 llvm-svn: 367917 2019-08-06 03:55:52 +08:00			`(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed),`
Move libFuzzer to compiler_rt. Resulting library binaries will be named libclang_rt.fuzzer*, and will be placed in Clang toolchain, allowing redistribution. Differential Revision: https://reviews.llvm.org/D36908 llvm-svn: 311407 2017-08-22 07:25:50 +08:00			`false);`
			`EXT_FUNC(LLVMFuzzerCustomCrossOver, size_t,`
[compiler-rt] Move FDP to include/fuzzer/FuzzedDataProvider.h for easier use. Summary: FuzzedDataProvider is a helper class for writing fuzz targets that fuzz multple inputs simultaneously. The header is supposed to be used for fuzzing engine agnostic fuzz targets (i.e. the same target can be used with libFuzzer, AFL, honggfuzz, and other engines). The common thing though is that fuzz targets are typically compiled with clang, as it provides all sanitizers as well as different coverage instrumentation modes. Therefore, making this FDP class a part of the compiler-rt installation package would make it easier to develop and distribute fuzz targets across different projects, build systems, etc. Some context also available in https://github.com/google/oss-fuzz/pull/2547. This CL does not delete the header from `lib/fuzzer/utils` directory in order to provide the downstream users some time for a smooth migration to the new header location. Reviewers: kcc, morehouse Reviewed By: morehouse Subscribers: lebedev.ri, kubamracek, dberris, mgorny, delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D65661 llvm-svn: 367917 2019-08-06 03:55:52 +08:00			`(const uint8_t *Data1, size_t Size1,`
			`const uint8_t *Data2, size_t Size2,`
			`uint8_t *Out, size_t MaxOutSize, unsigned int Seed),`
Move libFuzzer to compiler_rt. Resulting library binaries will be named libclang_rt.fuzzer*, and will be placed in Clang toolchain, allowing redistribution. Differential Revision: https://reviews.llvm.org/D36908 llvm-svn: 311407 2017-08-22 07:25:50 +08:00			`false);`

			`// Sanitizer functions`
			`EXT_FUNC(__lsan_enable, void, (), false);`
			`EXT_FUNC(__lsan_disable, void, (), false);`
			`EXT_FUNC(__lsan_do_recoverable_leak_check, int, (), false);`
[Fuzzer] Fix function prototype in fuzzer::ExternalFunctions. [NFC] The __sanitizer_acquire_crash_state function has int return type, but the fuzzer's external function definitions give it bool. Places where __sanitizer_acquire_crash_state is declared: include/sanitizer_common/sanitizer_interface_defs.h lib/sanitizer_common/sanitizer_interface_internal.h lib/sanitizer_common/sanitizer_common.cc lib/fuzzer/FuzzerExtFunctions.def (this is the only bool) llvm-svn: 353596 2019-02-09 09:45:29 +08:00			`EXT_FUNC(__sanitizer_acquire_crash_state, int, (), true);`
Move libFuzzer to compiler_rt. Resulting library binaries will be named libclang_rt.fuzzer*, and will be placed in Clang toolchain, allowing redistribution. Differential Revision: https://reviews.llvm.org/D36908 llvm-svn: 311407 2017-08-22 07:25:50 +08:00			`EXT_FUNC(__sanitizer_install_malloc_and_free_hooks, int,`
			`(void (malloc_hook)(const volatile void , size_t),`
			`void (free_hook)(const volatile void )),`
			`false);`
[libFuzzer] Always print DSO map on Fuchsia libFuzzer launch Fuchsia doesn't have /proc/id/maps, so it relies on the kernel logging system to provide the DSO map to be able to symbolize in the context of ASLR. The DSO map is logged automatically on Fuchsia when encountering a crash or writing to the sanitizer log for the first time in a process. There are several cases where libFuzzer doesn't encounter a crash, e.g. on timeouts, OOMs, and when configured to print new PCs as they become covered, to name a few. Therefore, this change always writes to the sanitizer log on startup to ensure the DSO map is available in the log. Author: aarongreen Differential Revision: https://reviews.llvm.org/D66233 llvm-svn: 372056 2019-09-17 08:34:41 +08:00			`EXT_FUNC(__sanitizer_log_write, void, (const char *buf, size_t len), false);`
[libFuzzer] Periodically purge allocator's quarantine to prolong fuzzing sessions. Summary: Fuzzing targets that allocate/deallocate a lot of memory tend to consume a lot of RSS when ASan quarantine is enabled. Purging quarantine between iterations and returning memory to OS keeps RSS down and should not reduce the quarantine effectiveness provided the fuzz target does not preserve state between iterations (in this case this feature can be turned off). Based on D39153. Reviewers: vitalybuka Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39155 llvm-svn: 316382 2017-10-24 06:04:30 +08:00			`EXT_FUNC(__sanitizer_purge_allocator, void, (), false);`
[libFuzzer] Fix __sanitizer_print_memory_profile return type in ExtFunctions.def Summary: Looks like a typo, as that function actually returns void and is used as such in libFuzzer code as well. Reviewers: kcc, Dor1s Reviewed By: Dor1s Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D65160 llvm-svn: 366834 2019-07-24 02:26:53 +08:00			`EXT_FUNC(__sanitizer_print_memory_profile, void, (size_t, size_t), false);`
Move libFuzzer to compiler_rt. Resulting library binaries will be named libclang_rt.fuzzer*, and will be placed in Clang toolchain, allowing redistribution. Differential Revision: https://reviews.llvm.org/D36908 llvm-svn: 311407 2017-08-22 07:25:50 +08:00			`EXT_FUNC(__sanitizer_print_stack_trace, void, (), true);`
			`EXT_FUNC(__sanitizer_symbolize_pc, void,`
			`(void , const char fmt, char *out_buf, size_t out_buf_size), false);`
			`EXT_FUNC(__sanitizer_get_module_and_offset_for_pc, int,`
			`(void pc, char module_path,`
			`size_t module_path_len,void **pc_offset), false);`
			`EXT_FUNC(__sanitizer_set_death_callback, void, (void (*)(void)), true);`
			`EXT_FUNC(__sanitizer_set_report_fd, void, (void*), false);`
[libFuzzer] Make -fsanitize=memory,fuzzer work. This patch allows libFuzzer to fuzz applications instrumented with MSan without recompiling libFuzzer with MSan instrumentation. Fixes https://github.com/google/sanitizers/issues/958. Differential Revision: https://reviews.llvm.org/D48891 llvm-svn: 336619 2018-07-10 07:51:08 +08:00			`EXT_FUNC(__msan_scoped_disable_interceptor_checks, void, (), false);`
			`EXT_FUNC(__msan_scoped_enable_interceptor_checks, void, (), false);`
			`EXT_FUNC(__msan_unpoison, void, (const volatile void *, size_t size), false);`
[libFuzzer] Unpoison parameters before calling user callback. Summary: Fixes an MSan false positive when compiling with -fsanitize=memory,fuzzer. See https://github.com/google/oss-fuzz/issues/2369 for more details. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits, metzman, eugenis Tags: #llvm Differential Revision: https://reviews.llvm.org/D61753 llvm-svn: 360390 2019-05-10 06:48:46 +08:00			`EXT_FUNC(__msan_unpoison_param, void, (size_t n), false);`