Index: lib/Fuzzer/CMakeLists.txt =================================================================== --- lib/Fuzzer/CMakeLists.txt +++ lib/Fuzzer/CMakeLists.txt @@ -12,6 +12,7 @@ FuzzerCrossOver.cpp FuzzerTraceState.cpp FuzzerDriver.cpp + FuzzerExtFunctions.cpp FuzzerIO.cpp FuzzerLoop.cpp FuzzerMutate.cpp @@ -22,12 +23,16 @@ add_library(LLVMFuzzerNoMain STATIC $ ) - target_link_libraries(LLVMFuzzerNoMain ${PTHREAD_LIB}) + target_link_libraries(LLVMFuzzerNoMain INTERFACE ${PTHREAD_LIB}) add_library(LLVMFuzzer STATIC FuzzerMain.cpp $ ) - target_link_libraries(LLVMFuzzer ${PTHREAD_LIB}) + target_link_libraries(LLVMFuzzer INTERFACE ${PTHREAD_LIB}) + if(HAVE_LIBDL) + target_link_libraries(LLVMFuzzerNoMain INTERFACE dl) + target_link_libraries(LLVMFuzzer INTERFACE dl) + endif() if( LLVM_INCLUDE_TESTS ) add_subdirectory(test) Index: lib/Fuzzer/FuzzerDriver.cpp =================================================================== --- lib/Fuzzer/FuzzerDriver.cpp +++ lib/Fuzzer/FuzzerDriver.cpp @@ -266,7 +266,7 @@ } static int FuzzerDriver(const std::vector &Args, - UserCallback Callback) { + UserCallback Callback, fuzzer::ExternalFunctions &EF) { using namespace fuzzer; assert(!Args.empty()); ProgName = new std::string(Args[0]); @@ -342,7 +342,7 @@ Random Rand(Seed); MutationDispatcher MD(Rand); - Fuzzer F(Callback, MD, Options); + Fuzzer F(Callback, MD, Options, EF); for (auto &U: Dictionary) if (U.size() <= Word::GetMaxSize()) @@ -417,9 +417,14 @@ exit(0); // Don't let F destroy itself. } -int FuzzerDriver(int argc, char **argv, UserCallback Callback) { - std::vector Args(argv, argv + argc); - return FuzzerDriver(Args, Callback); +int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { + assert(argc && argv && "Argument pointers cannot be nullptr"); + fuzzer::ExternalFunctions EF; + EF.Init(); + if (EF.LLVMFuzzerInitialize) + EF.LLVMFuzzerInitialize(argc, argv); + std::vector Args(*argv, *argv + *argc); + return FuzzerDriver(Args, Callback, EF); } } // namespace fuzzer Index: lib/Fuzzer/FuzzerInternal.h =================================================================== --- lib/Fuzzer/FuzzerInternal.h +++ lib/Fuzzer/FuzzerInternal.h @@ -25,6 +25,7 @@ #include #include +#include "FuzzerExtFunctions.h" #include "FuzzerInterface.h" #include "FuzzerTracePC.h" @@ -42,7 +43,7 @@ namespace fuzzer { typedef int (*UserCallback)(const uint8_t *Data, size_t Size); -int FuzzerDriver(int argc, char **argv, UserCallback Callback); +int FuzzerDriver(int *argc, char ***argv, UserCallback Callback); using namespace std::chrono; typedef std::vector Unit; @@ -349,7 +350,8 @@ PcCoverageMap PCMap; }; - Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options); + Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options, + ExternalFunctions &EF); void AddToCorpus(const Unit &U) { Corpus.push_back(U); UpdateCorpusDistribution(); @@ -468,6 +470,9 @@ // Need to know our own thread. static thread_local bool IsMyThread; + + // Interface to functions that may or may not be available. + ExternalFunctions &EF; }; }; // namespace fuzzer Index: lib/Fuzzer/FuzzerLoop.cpp =================================================================== --- lib/Fuzzer/FuzzerLoop.cpp +++ lib/Fuzzer/FuzzerLoop.cpp @@ -47,9 +47,6 @@ __attribute__((weak)) uintptr_t __sanitizer_get_coverage_pc_buffer(uintptr_t **data); -__attribute__((weak)) size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, - size_t MaxSize, - unsigned int Seed); __attribute__((weak)) void __sanitizer_malloc_hook(void *ptr, size_t size); __attribute__((weak)) void __sanitizer_free_hook(void *ptr); __attribute__((weak)) void __lsan_enable(); @@ -149,8 +146,9 @@ } }; -Fuzzer::Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options) - : CB(CB), MD(MD), Options(Options) { +Fuzzer::Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options, + ExternalFunctions &EF) + : CB(CB), MD(MD), Options(Options), EF(EF) { SetDeathCallback(); InitializeTraceState(); assert(!F); @@ -692,9 +690,9 @@ for (int i = 0; i < Options.MutateDepth; i++) { size_t NewSize = 0; - if (LLVMFuzzerCustomMutator) - NewSize = LLVMFuzzerCustomMutator(CurrentUnitData, Size, - Options.MaxLen, MD.GetRand().Rand()); + if (EF.LLVMFuzzerCustomMutator) + NewSize = EF.LLVMFuzzerCustomMutator(CurrentUnitData, Size, + Options.MaxLen, MD.GetRand().Rand()); else NewSize = MD.Mutate(CurrentUnitData, Size, Options.MaxLen); assert(NewSize > 0 && "Mutator returned empty unit"); Index: lib/Fuzzer/FuzzerMain.cpp =================================================================== --- lib/Fuzzer/FuzzerMain.cpp +++ lib/Fuzzer/FuzzerMain.cpp @@ -9,18 +9,15 @@ // main() and flags. //===----------------------------------------------------------------------===// +#include "FuzzerExtFunctions.h" #include "FuzzerInterface.h" #include "FuzzerInternal.h" extern "C" { // This function should be defined by the user. int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); -// This function may optionally be defined by the user. -__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv); } // extern "C" int main(int argc, char **argv) { - if (LLVMFuzzerInitialize) - LLVMFuzzerInitialize(&argc, &argv); - return fuzzer::FuzzerDriver(argc, argv, LLVMFuzzerTestOneInput); + return fuzzer::FuzzerDriver(&argc, &argv, LLVMFuzzerTestOneInput); } Index: lib/Fuzzer/test/CMakeLists.txt =================================================================== --- lib/Fuzzer/test/CMakeLists.txt +++ lib/Fuzzer/test/CMakeLists.txt @@ -27,6 +27,20 @@ # Enable the coverage instrumentation (it is disabled for the Fuzzer lib). set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fsanitize-coverage=edge,indirect-calls") +function(target_export_dynamic target) + if (NOT TARGET ${target}) + message(FATAL_ERROR "Target \"${target}\" does not exist") + endif() + if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") + # For non dynamic library symbols to be availale to dlsym() + # we have to pass an extra flag for GNU ld. + set_property(TARGET ${target} + APPEND_STRING PROPERTY + LINK_FLAGS " -Wl,-export-dynamic" + ) + endif() +endfunction() + # add_libfuzzer_test( # SOURCES source0.cpp [source1.cpp ...] # ) @@ -45,7 +59,11 @@ add_executable(LLVMFuzzer-${name} ${add_libfuzzer_test_SOURCES} ) - target_link_libraries(LLVMFuzzer-${name} LLVMFuzzer) + target_link_libraries(LLVMFuzzer-${name} PRIVATE LLVMFuzzer) + if (HAVE_LIBDL) + target_link_libraries(LLVMFuzzer-${name} PRIVATE dl) + endif() + target_export_dynamic(LLVMFuzzer-${name}) # Place binary where llvm-lit expects to find it set_target_properties(LLVMFuzzer-${name} PROPERTIES RUNTIME_OUTPUT_DIRECTORY @@ -121,6 +139,7 @@ PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}" ) +target_export_dynamic(LLVMFuzzer-Unittest) ############################################################################### # Additional tests ############################################################################### Index: lib/Fuzzer/test/FuzzerUnittest.cpp =================================================================== --- lib/Fuzzer/test/FuzzerUnittest.cpp +++ lib/Fuzzer/test/FuzzerUnittest.cpp @@ -1,6 +1,7 @@ // This file is distributed under the University of Illinois Open Source // License. See LICENSE.TXT for details. +#include "FuzzerExtFunctions.h" #include "FuzzerInternal.h" #include "gtest/gtest.h" #include @@ -408,7 +409,12 @@ Random Rand(0); MutationDispatcher MD(Rand); Fuzzer::FuzzingOptions Options; - Fuzzer Fuzz(LLVMFuzzerTestOneInput, MD, Options); + // NOTE: If there if ever more than one test that creates a Fuzzer we should + // create a test fixture to avoid calling ExternalFunctions::Init() for every + // test. + fuzzer::ExternalFunctions EF; + EF.Init(); + Fuzzer Fuzz(LLVMFuzzerTestOneInput, MD, Options, EF); size_t N = 10; size_t TriesPerUnit = 1<<20; for (size_t i = 0; i < N; i++) {