Index: lib/Fuzzer/CMakeLists.txt =================================================================== --- lib/Fuzzer/CMakeLists.txt +++ lib/Fuzzer/CMakeLists.txt @@ -12,6 +12,7 @@ FuzzerCrossOver.cpp FuzzerTraceState.cpp FuzzerDriver.cpp + FuzzerExtFunctions.cpp FuzzerIO.cpp FuzzerLoop.cpp FuzzerMutate.cpp Index: lib/Fuzzer/FuzzerExtFunctions.h =================================================================== --- /dev/null +++ lib/Fuzzer/FuzzerExtFunctions.h @@ -0,0 +1,31 @@ +//===- FuzzerExtFunctions.h - Interface to external functions ---*- C++ -* ===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// Defines an interface to (possibly optional) functions. +//===----------------------------------------------------------------------===// +#ifndef LLVM_FUZZER_EXT_FUNCTIONS_H +#define LLVM_FUZZER_EXT_FUNCTIONS_H + +#include +#include + +namespace fuzzer { + +struct ExternalFunctions { + // Initialize function pointers. + void Init(); + + // Optional user functions + int (*LLVMFuzzerInitialize)(int *argc, char ***argv) = nullptr; + size_t (*LLVMFuzzerCustomMutator)(uint8_t *Data, size_t Size, size_t MaxSize, + unsigned int Seed) = nullptr; + + // TODO: Sanitizer functions +}; +} +#endif Index: lib/Fuzzer/FuzzerExtFunctions.cpp =================================================================== --- /dev/null +++ lib/Fuzzer/FuzzerExtFunctions.cpp @@ -0,0 +1,44 @@ +//===- FuzzerExtFunctions.cpp - Interface to external functions --*- C++ -* ==// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// Implementation for operating systems that support dlsym() +//===----------------------------------------------------------------------===// + +#include "FuzzerExtFunctions.h" +#include "FuzzerInternal.h" +#include + +using namespace fuzzer; + +template +static T GetFnPtr(const char *FnName, bool WarnIfMissing) { + dlerror(); // Clear any previous errors + void *Fn = dlsym(RTLD_DEFAULT, FnName); + if (Fn == nullptr) { + if (WarnIfMissing) { + const char *ErrorMsg = dlerror(); + Printf("WARNING: Failed to find function \"%s\"", FnName); + if (ErrorMsg) + Printf("Reason %s.", ErrorMsg); + Printf("\n"); + } + } + return reinterpret_cast(Fn); +} + +namespace fuzzer { + +void ExternalFunctions::Init() { +#define INIT_FUNC(NAME, WARN) \ + this->NAME = GetFnPtr(#NAME, WARN) + + INIT_FUNC(LLVMFuzzerInitialize, false); + INIT_FUNC(LLVMFuzzerCustomMutator, false); +#undef INIT_FUNC +} +} Index: lib/Fuzzer/FuzzerInternal.h =================================================================== --- lib/Fuzzer/FuzzerInternal.h +++ lib/Fuzzer/FuzzerInternal.h @@ -25,6 +25,7 @@ #include #include +#include "FuzzerExtFunctions.h" #include "FuzzerInterface.h" #include "FuzzerTracePC.h" @@ -468,6 +469,9 @@ // Need to know our own thread. static thread_local bool IsMyThread; + + // Interface to functions that might be available. + ExternalFunctions EF; }; }; // namespace fuzzer Index: lib/Fuzzer/FuzzerLoop.cpp =================================================================== --- lib/Fuzzer/FuzzerLoop.cpp +++ lib/Fuzzer/FuzzerLoop.cpp @@ -47,9 +47,6 @@ __attribute__((weak)) uintptr_t __sanitizer_get_coverage_pc_buffer(uintptr_t **data); -__attribute__((weak)) size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, - size_t MaxSize, - unsigned int Seed); __attribute__((weak)) void __sanitizer_malloc_hook(void *ptr, size_t size); __attribute__((weak)) void __sanitizer_free_hook(void *ptr); __attribute__((weak)) void __lsan_enable(); @@ -150,7 +147,8 @@ }; Fuzzer::Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options) - : CB(CB), MD(MD), Options(Options) { + : CB(CB), MD(MD), Options(Options), EF(ExternalFunctions()) { + EF.Init(); SetDeathCallback(); InitializeTraceState(); assert(!F); @@ -692,9 +690,9 @@ for (int i = 0; i < Options.MutateDepth; i++) { size_t NewSize = 0; - if (LLVMFuzzerCustomMutator) - NewSize = LLVMFuzzerCustomMutator(CurrentUnitData, Size, - Options.MaxLen, MD.GetRand().Rand()); + if (EF.LLVMFuzzerCustomMutator) + NewSize = EF.LLVMFuzzerCustomMutator(CurrentUnitData, Size, + Options.MaxLen, MD.GetRand().Rand()); else NewSize = MD.Mutate(CurrentUnitData, Size, Options.MaxLen); assert(NewSize > 0 && "Mutator returned empty unit"); Index: lib/Fuzzer/FuzzerMain.cpp =================================================================== --- lib/Fuzzer/FuzzerMain.cpp +++ lib/Fuzzer/FuzzerMain.cpp @@ -9,18 +9,20 @@ // main() and flags. //===----------------------------------------------------------------------===// +#include "FuzzerExtFunctions.h" #include "FuzzerInterface.h" #include "FuzzerInternal.h" extern "C" { // This function should be defined by the user. int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); -// This function may optionally be defined by the user. -__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv); } // extern "C" int main(int argc, char **argv) { - if (LLVMFuzzerInitialize) - LLVMFuzzerInitialize(&argc, &argv); + // FIXME: We don't propagate these into libfuzzer's internals + fuzzer::ExternalFunctions EF; + EF.Init(); + if (EF.LLVMFuzzerInitialize) + EF.LLVMFuzzerInitialize(&argc, &argv); return fuzzer::FuzzerDriver(argc, argv, LLVMFuzzerTestOneInput); }