Index: lib/Fuzzer/CMakeLists.txt
===================================================================
--- lib/Fuzzer/CMakeLists.txt
+++ lib/Fuzzer/CMakeLists.txt
@@ -12,6 +12,8 @@
     FuzzerCrossOver.cpp
     FuzzerTraceState.cpp
     FuzzerDriver.cpp
+    FuzzerExtFunctionsDlsym.cpp
+    FuzzerExtFunctionsWeak.cpp
     FuzzerIO.cpp
     FuzzerLoop.cpp
     FuzzerMutate.cpp
Index: lib/Fuzzer/FuzzerDriver.cpp
===================================================================
--- lib/Fuzzer/FuzzerDriver.cpp
+++ lib/Fuzzer/FuzzerDriver.cpp
@@ -266,7 +266,7 @@
 }
 
 static int FuzzerDriver(const std::vector<std::string> &Args,
-                        UserCallback Callback) {
+                        UserCallback Callback, fuzzer::ExternalFunctions EF) {
   using namespace fuzzer;
   assert(!Args.empty());
   ProgName = new std::string(Args[0]);
@@ -342,7 +342,7 @@
 
   Random Rand(Seed);
   MutationDispatcher MD(Rand);
-  Fuzzer F(Callback, MD, Options);
+  Fuzzer F(Callback, MD, Options, EF);
 
   for (auto &U: Dictionary)
     if (U.size() <= Word::GetMaxSize())
@@ -417,9 +417,14 @@
   exit(0);  // Don't let F destroy itself.
 }
 
-int FuzzerDriver(int argc, char **argv, UserCallback Callback) {
-  std::vector<std::string> Args(argv, argv + argc);
-  return FuzzerDriver(Args, Callback);
+int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
+  assert(argc && argv && "Argument pointers cannot be nullptr");
+  fuzzer::ExternalFunctions EF;
+  EF.Init();
+  if (EF.LLVMFuzzerInitialize)
+    EF.LLVMFuzzerInitialize(argc, argv);
+  std::vector<std::string> Args(*argv, *argv + *argc);
+  return FuzzerDriver(Args, Callback, EF);
 }
 
 }  // namespace fuzzer
Index: lib/Fuzzer/FuzzerExtFunctions.h
===================================================================
--- /dev/null
+++ lib/Fuzzer/FuzzerExtFunctions.h
@@ -0,0 +1,32 @@
+//===- FuzzerExtFunctions.h - Interface to external functions ---*- C++ -* ===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+// Defines an interface to (possibly optional) functions.
+//===----------------------------------------------------------------------===//
+#ifndef LLVM_FUZZER_EXT_FUNCTIONS_H
+#define LLVM_FUZZER_EXT_FUNCTIONS_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+namespace fuzzer {
+
+struct ExternalFunctions {
+  // Initialize function pointers. Functions that are not available
+  // will be set to nullptr.
+  void Init();
+
+  // Optional user functions
+  int (*LLVMFuzzerInitialize)(int *argc, char ***argv) = nullptr;
+  size_t (*LLVMFuzzerCustomMutator)(uint8_t *Data, size_t Size, size_t MaxSize,
+                                    unsigned int Seed) = nullptr;
+
+  // TODO: Add sanitizer functions
+};
+}
+#endif
Index: lib/Fuzzer/FuzzerExtFunctions.def
===================================================================
--- /dev/null
+++ lib/Fuzzer/FuzzerExtFunctions.def
@@ -0,0 +1,15 @@
+//===- FuzzerExtFunctions.def - External functions --------------*- C++ -* ===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+// This defines the external functions that
+// ``fuzzer::ExternalFunctions::Init()`` should try to initialize.  The
+// INIT_FUNC macro must be defined at the point of inclusion.
+//===----------------------------------------------------------------------===//
+
+INIT_FUNC(LLVMFuzzerInitialize, false);
+INIT_FUNC(LLVMFuzzerCustomMutator, false);
Index: lib/Fuzzer/FuzzerExtFunctionsDlsym.cpp
===================================================================
--- /dev/null
+++ lib/Fuzzer/FuzzerExtFunctionsDlsym.cpp
@@ -0,0 +1,49 @@
+//===- FuzzerExtFunctions.cpp - Interface to external functions --*- C++ -* ==//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+// Implementation for operating systems that support dlsym(). We only use it on
+// Apple platforms for now. We don't use this approach on Linux because it
+// requires that clients of LibFuzzer pass ``--export-dynamic`` to the linker.
+// That is a complication we don't wish to expose to clients right now.
+//===----------------------------------------------------------------------===//
+#include "FuzzerInternal.h"
+#if LIBFUZZER_APPLE
+
+#include "FuzzerExtFunctions.h"
+#include <dlfcn.h>
+
+using namespace fuzzer;
+
+template <typename T>
+static T GetFnPtr(const char *FnName, bool WarnIfMissing) {
+  dlerror(); // Clear any previous errors.
+  void *Fn = dlsym(RTLD_DEFAULT, FnName);
+  if (Fn == nullptr) {
+    if (WarnIfMissing) {
+      const char *ErrorMsg = dlerror();
+      Printf("WARNING: Failed to find function \"%s\".", FnName);
+      if (ErrorMsg)
+        Printf(" Reason %s.", ErrorMsg);
+      Printf("\n");
+    }
+  }
+  return reinterpret_cast<T>(Fn);
+}
+
+namespace fuzzer {
+
+void ExternalFunctions::Init() {
+#define INIT_FUNC(NAME, WARN)                                                  \
+  this->NAME = GetFnPtr<decltype(ExternalFunctions::NAME)>(#NAME, WARN)
+
+#include "FuzzerExtFunctions.def"
+
+#undef INIT_FUNC
+}
+}
+#endif // LIBFUZZER_APPLE
Index: lib/Fuzzer/FuzzerExtFunctionsWeak.cpp
===================================================================
--- /dev/null
+++ lib/Fuzzer/FuzzerExtFunctionsWeak.cpp
@@ -0,0 +1,48 @@
+//===- FuzzerExtFunctions.cpp - Interface to external functions --*- C++ -* ==//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+// Implementation for Linux. This relies on the linker's support for weak
+// symbols. We don't use this approach on Apple platforms because it requires
+// clients of LibFuzzer to pass ``-U _<symbol_name>`` to the linker to allow
+// weak symbols to be undefined. That is a complication we don't want to expose
+// to clients right now.
+//===----------------------------------------------------------------------===//
+#include "FuzzerInternal.h"
+#if LIBFUZZER_LINUX
+
+#include "FuzzerExtFunctions.h"
+
+extern "C" {
+// Declare these symbols as weak to allow them to be optionally defined.
+__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
+__attribute__((weak)) size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
+                                                     size_t MaxSize,
+                                                     unsigned int Seed);
+}
+
+using namespace fuzzer;
+
+static void CheckFnPtr(void *FnPtr, const char* FnName, bool WarnIfMissing) {
+  if (FnPtr == nullptr && WarnIfMissing) {
+    Printf("WARNING: Failed to find function \"%s\".\n", FnName);
+  }
+}
+
+namespace fuzzer {
+
+void ExternalFunctions::Init() {
+#define INIT_FUNC(NAME, WARN)                                                  \
+  this->NAME = ::NAME; \
+  CheckFnPtr((void*)::NAME, #NAME, WARN);
+
+#include "FuzzerExtFunctions.def"
+
+#undef INIT_FUNC
+}
+}
+#endif // LIBFUZZER_LINUX
Index: lib/Fuzzer/FuzzerInternal.h
===================================================================
--- lib/Fuzzer/FuzzerInternal.h
+++ lib/Fuzzer/FuzzerInternal.h
@@ -25,6 +25,7 @@
 #include <unordered_set>
 #include <vector>
 
+#include "FuzzerExtFunctions.h"
 #include "FuzzerInterface.h"
 #include "FuzzerTracePC.h"
 
@@ -42,7 +43,7 @@
 namespace fuzzer {
 
 typedef int (*UserCallback)(const uint8_t *Data, size_t Size);
-int FuzzerDriver(int argc, char **argv, UserCallback Callback);
+int FuzzerDriver(int *argc, char ***argv, UserCallback Callback);
 
 using namespace std::chrono;
 typedef std::vector<uint8_t> Unit;
@@ -349,7 +350,8 @@
     PcCoverageMap PCMap;
   };
 
-  Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options);
+  Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options,
+         ExternalFunctions EF);
   void AddToCorpus(const Unit &U) {
     Corpus.push_back(U);
     UpdateCorpusDistribution();
@@ -468,6 +470,9 @@
 
   // Need to know our own thread.
   static thread_local bool IsMyThread;
+
+  // Interface to functions that may or may not be available.
+  ExternalFunctions EF;
 };
 
 }; // namespace fuzzer
Index: lib/Fuzzer/FuzzerLoop.cpp
===================================================================
--- lib/Fuzzer/FuzzerLoop.cpp
+++ lib/Fuzzer/FuzzerLoop.cpp
@@ -47,9 +47,6 @@
 __attribute__((weak)) uintptr_t
 __sanitizer_get_coverage_pc_buffer(uintptr_t **data);
 
-__attribute__((weak)) size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
-                                                     size_t MaxSize,
-                                                     unsigned int Seed);
 __attribute__((weak)) void __sanitizer_malloc_hook(void *ptr, size_t size);
 __attribute__((weak)) void __sanitizer_free_hook(void *ptr);
 __attribute__((weak)) void __lsan_enable();
@@ -149,8 +146,9 @@
   }
 };
 
-Fuzzer::Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options)
-    : CB(CB), MD(MD), Options(Options) {
+Fuzzer::Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options,
+               ExternalFunctions EF)
+    : CB(CB), MD(MD), Options(Options), EF(EF) {
   SetDeathCallback();
   InitializeTraceState();
   assert(!F);
@@ -692,9 +690,9 @@
 
   for (int i = 0; i < Options.MutateDepth; i++) {
     size_t NewSize = 0;
-    if (LLVMFuzzerCustomMutator)
-      NewSize = LLVMFuzzerCustomMutator(CurrentUnitData, Size,
-                                        Options.MaxLen, MD.GetRand().Rand());
+    if (EF.LLVMFuzzerCustomMutator)
+      NewSize = EF.LLVMFuzzerCustomMutator(CurrentUnitData, Size,
+                                           Options.MaxLen, MD.GetRand().Rand());
     else
       NewSize = MD.Mutate(CurrentUnitData, Size, Options.MaxLen);
     assert(NewSize > 0 && "Mutator returned empty unit");
Index: lib/Fuzzer/FuzzerMain.cpp
===================================================================
--- lib/Fuzzer/FuzzerMain.cpp
+++ lib/Fuzzer/FuzzerMain.cpp
@@ -9,18 +9,15 @@
 // main() and flags.
 //===----------------------------------------------------------------------===//
 
+#include "FuzzerExtFunctions.h"
 #include "FuzzerInterface.h"
 #include "FuzzerInternal.h"
 
 extern "C" {
 // This function should be defined by the user.
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
-// This function may optionally be defined by the user.
-__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
 }  // extern "C"
 
 int main(int argc, char **argv) {
-  if (LLVMFuzzerInitialize)
-    LLVMFuzzerInitialize(&argc, &argv);
-  return fuzzer::FuzzerDriver(argc, argv, LLVMFuzzerTestOneInput);
+  return fuzzer::FuzzerDriver(&argc, &argv, LLVMFuzzerTestOneInput);
 }
Index: lib/Fuzzer/test/FuzzerUnittest.cpp
===================================================================
--- lib/Fuzzer/test/FuzzerUnittest.cpp
+++ lib/Fuzzer/test/FuzzerUnittest.cpp
@@ -1,6 +1,7 @@
 // This file is distributed under the University of Illinois Open Source
 // License. See LICENSE.TXT for details.
 
+#include "FuzzerExtFunctions.h"
 #include "FuzzerInternal.h"
 #include "gtest/gtest.h"
 #include <set>
@@ -408,7 +409,9 @@
   Random Rand(0);
   MutationDispatcher MD(Rand);
   Fuzzer::FuzzingOptions Options;
-  Fuzzer Fuzz(LLVMFuzzerTestOneInput, MD, Options);
+  ExternalFunctions EF;
+  EF.Init();
+  Fuzzer Fuzz(LLVMFuzzerTestOneInput, MD, Options, EF);
   size_t N = 10;
   size_t TriesPerUnit = 1<<20;
   for (size_t i = 0; i < N; i++) {