maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

[libFuzzer] simplify FuzzerInterface.h 

llvm-svn: 269448
This commit is contained in:
Kostya Serebryany 2016-05-13 18:04:35 +00:00
parent 4e0cf49318
commit 8b0d90a6d4
6 changed files with 43 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
llvm/lib/Fuzzer/CMakeLists.txt
View File

@ -4,7 +4,6 @@ set(CMAKE_CXX_FLAGS_RELEASE "${LIBFUZZER_FLAGS_BASE} -O2 -fno-sanitize=all -fno-
if( LLVM_USE_SANITIZE_COVERAGE ) if( LLVM_USE_SANITIZE_COVERAGE )
add_library(LLVMFuzzerNoMainObjects OBJECT add_library(LLVMFuzzerNoMainObjects OBJECT
FuzzerCrossOver.cpp FuzzerCrossOver.cpp
FuzzerInterface.cpp
FuzzerTraceState.cpp FuzzerTraceState.cpp
FuzzerDriver.cpp FuzzerDriver.cpp
FuzzerIO.cpp FuzzerIO.cpp

20
llvm/lib/Fuzzer/FuzzerInterface.cpp
View File

@ -1,20 +0,0 @@
//===- FuzzerInterface.cpp - Mutate a test input --------------------------===//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
// Parts of public interface for libFuzzer.
//===----------------------------------------------------------------------===//
#include "FuzzerInterface.h"
#include "FuzzerInternal.h"
#include <random>
namespace fuzzer {
} // namespace fuzzer.

82
llvm/lib/Fuzzer/FuzzerInterface.h
View File

@ -6,75 +6,53 @@
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Define the interface between the Fuzzer and the library being tested. // Define the interface between libFuzzer and the library being tested.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// WARNING: keep the interface free of STL or any other header-based C++ lib, // NOTE: the libFuzzer interface is thin and in the majority of cases
// to avoid bad interactions between the code used in the fuzzer and // you should not include this file into your target. In 95% of cases
// the code used in the target function. // all you need is to define the following function in your file:
// extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
// WARNING: keep the interface in C.
#ifndef LLVM_FUZZER_INTERFACE_H #ifndef LLVM_FUZZER_INTERFACE_H
#define LLVM_FUZZER_INTERFACE_H #define LLVM_FUZZER_INTERFACE_H
#include <cstddef> #include <stddef.h>
#include <cstdint> #include <stdint.h>
// Plain C interface. Should be sufficient for most uses. #ifdef __cplusplus
extern "C" { extern "C" {
// The target function, mandatory. #endif // __cplusplus
// Mandatory user-provided target function.
// Executes the code under test with [Data, Data+Size) as the input.
// libFuzzer will invoke this function *many* times with different inputs.
// Must return 0. // Must return 0.
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
// The initialization function, optional.
// Optional user-provided initialization function.
// If provided, this function will be called by libFuzzer once at startup.
// It may read and modify argc/argv.
// Must return 0.
int LLVMFuzzerInitialize(int *argc, char ***argv); int LLVMFuzzerInitialize(int *argc, char ***argv);
// Custom mutator, optional.
// Mutates raw data in [Data, Data+Size] inplace. // Optional user-provided custom mutator.
// Mutates raw data in [Data, Data+Size) inplace.
// Returns the new size, which is not greater than MaxSize. // Returns the new size, which is not greater than MaxSize.
// Given the same Seed produces the same mutation. // Given the same Seed produces the same mutation.
size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize, size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize,
unsigned int Seed); unsigned int Seed);
} // extern "C" // Experimental, may go away in future.
// libFuzzer-provided function to be used inside LLVMFuzzerTestOneInput.
namespace fuzzer { // Mutates raw data in [Data, Data+Size) inplace.
/// Returns an int 0. Values other than zero are reserved for future.
typedef int (*UserCallback)(const uint8_t *Data, size_t Size);
/** Simple C-like interface with a single user-supplied callback.
Usage:
#\code
#include "FuzzerInterface.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
DoStuffWithData(Data, Size);
return 0;
}
// Optional.
// Define this only if you need to read/modify argc/argv at startup
// and you are using libFuzzer's main().
// Must return 0.
int LLVMFuzzerInitialize(int *argc, char ***argv) {
ReadAndMaybeModify(argc, argv);
return 0;
}
// Implement your own main() or use the one from FuzzerMain.cpp.
// *NOT* recommended for most cases.
int main(int argc, char **argv) {
InitializeMeIfNeeded();
return fuzzer::FuzzerDriver(argc, argv, LLVMFuzzerTestOneInput);
}
#\endcode
*/
int FuzzerDriver(int argc, char **argv, UserCallback Callback);
// Mutates raw data in [Data, Data+Size] inplace.
// Returns the new size, which is not greater than MaxSize. // Returns the new size, which is not greater than MaxSize.
// Can be used inside the user-supplied LLVMFuzzerTestOneInput. size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize);
} // namespace fuzzer #ifdef __cplusplus
} // extern "C"
#endif // __cplusplus
#endif // LLVM_FUZZER_INTERFACE_H #endif // LLVM_FUZZER_INTERFACE_H

4
llvm/lib/Fuzzer/FuzzerInternal.h
View File

@ -28,6 +28,10 @@
#include "FuzzerTracePC.h" #include "FuzzerTracePC.h"
namespace fuzzer { namespace fuzzer {
typedef int (*UserCallback)(const uint8_t *Data, size_t Size);
int FuzzerDriver(int argc, char **argv, UserCallback Callback);
using namespace std::chrono; using namespace std::chrono;
typedef std::vector<uint8_t> Unit; typedef std::vector<uint8_t> Unit;
typedef std::vector<Unit> UnitVector; typedef std::vector<Unit> UnitVector;

13
llvm/lib/Fuzzer/FuzzerLoop.cpp
View File

@ -76,11 +76,6 @@ static void MissingWeakApiFunction(const char *FnName) {
// Only one Fuzzer per process. // Only one Fuzzer per process.
static Fuzzer *F; static Fuzzer *F;
size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) {
assert(F);
return F->GetMD().Mutate(Data, Size, MaxSize);
}
struct CoverageController { struct CoverageController {
static void Reset() { static void Reset() {
CHECK_WEAK_API_FUNCTION(__sanitizer_reset_coverage); CHECK_WEAK_API_FUNCTION(__sanitizer_reset_coverage);
@ -767,3 +762,11 @@ void Fuzzer::UpdateCorpusDistribution() {
} }
} // namespace fuzzer } // namespace fuzzer
extern "C" {
size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) {
assert(fuzzer::F);
return fuzzer::F->GetMD().Mutate(Data, Size, MaxSize);
}
} // extern "C"

2
llvm/lib/Fuzzer/test/CustomMutatorTest.cpp
View File

@ -34,5 +34,5 @@ extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
std::cerr << "In LLVMFuzzerCustomMutator\n"; std::cerr << "In LLVMFuzzerCustomMutator\n";
Printed = true; Printed = true;
} }
return fuzzer::Mutate(Data, Size, MaxSize); return LLVMFuzzerMutate(Data, Size, MaxSize);
} }