Index: lib/Fuzzer/CMakeLists.txt =================================================================== --- lib/Fuzzer/CMakeLists.txt +++ lib/Fuzzer/CMakeLists.txt @@ -12,6 +12,8 @@ FuzzerCrossOver.cpp FuzzerTraceState.cpp FuzzerDriver.cpp + FuzzerExtFunctionsDlsym.cpp + FuzzerExtFunctionsWeak.cpp FuzzerIO.cpp FuzzerLoop.cpp FuzzerMutate.cpp Index: lib/Fuzzer/FuzzerDriver.cpp =================================================================== --- lib/Fuzzer/FuzzerDriver.cpp +++ lib/Fuzzer/FuzzerDriver.cpp @@ -265,9 +265,13 @@ return true; } -static int FuzzerDriver(const std::vector &Args, - UserCallback Callback) { +int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { using namespace fuzzer; + assert(argc && argv && "Argument pointers cannot be nullptr"); + fuzzer::ExternalFunctions EF; + if (EF.LLVMFuzzerInitialize) + EF.LLVMFuzzerInitialize(argc, argv); + const std::vector Args(*argv, *argv + *argc); assert(!Args.empty()); ProgName = new std::string(Args[0]); ParseFlags(Args); @@ -416,10 +420,4 @@ exit(0); // Don't let F destroy itself. } - -int FuzzerDriver(int argc, char **argv, UserCallback Callback) { - std::vector Args(argv, argv + argc); - return FuzzerDriver(Args, Callback); -} - } // namespace fuzzer Index: lib/Fuzzer/FuzzerExtFunctions.h =================================================================== --- /dev/null +++ lib/Fuzzer/FuzzerExtFunctions.h @@ -0,0 +1,32 @@ +//===- FuzzerExtFunctions.h - Interface to external functions ---*- C++ -* ===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// Defines an interface to (possibly optional) functions. +//===----------------------------------------------------------------------===// +#ifndef LLVM_FUZZER_EXT_FUNCTIONS_H +#define LLVM_FUZZER_EXT_FUNCTIONS_H + +#include +#include + +namespace fuzzer { + +struct ExternalFunctions { + // Initialize function pointers. Functions that are not available + // will be set to nullptr. + ExternalFunctions(); + +#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \ + RETURN_TYPE(*NAME) FUNC_SIG = nullptr + +#include "FuzzerExtFunctions.def" + +#undef EXT_FUNC +}; +} // namespace fuzzer +#endif Index: lib/Fuzzer/FuzzerExtFunctions.def =================================================================== --- /dev/null +++ lib/Fuzzer/FuzzerExtFunctions.def @@ -0,0 +1,23 @@ +//===- FuzzerExtFunctions.def - External functions --------------*- C++ -* ===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// This defines the external function pointers that +// ``fuzzer::ExternalFunctions`` should contain and try to initialize. The +// EXT_FUNC macro must be defined at the point of inclusion. The signature of +// the macro is: +// +// EXT_FUNC(, , , ) +//===----------------------------------------------------------------------===// + +// Optional user functions +EXT_FUNC(LLVMFuzzerInitialize, int, (int *argc, char ***argv), false); +EXT_FUNC(LLVMFuzzerCustomMutator, size_t, + (uint8_t * Data, size_t Size, size_t MaxSize, unsigned int Seed), + false); + +// TODO: Sanitizer functions Index: lib/Fuzzer/FuzzerExtFunctionsDlsym.cpp =================================================================== --- /dev/null +++ lib/Fuzzer/FuzzerExtFunctionsDlsym.cpp @@ -0,0 +1,49 @@ +//===- FuzzerExtFunctionsDlsym.cpp - Interface to external functions ------===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// Implementation for operating systems that support dlsym(). We only use it on +// Apple platforms for now. We don't use this approach on Linux because it +// requires that clients of LibFuzzer pass ``--export-dynamic`` to the linker. +// That is a complication we don't wish to expose to clients right now. +//===----------------------------------------------------------------------===// +#include "FuzzerInternal.h" +#if LIBFUZZER_APPLE + +#include "FuzzerExtFunctions.h" +#include + +using namespace fuzzer; + +template +static T GetFnPtr(const char *FnName, bool WarnIfMissing) { + dlerror(); // Clear any previous errors. + void *Fn = dlsym(RTLD_DEFAULT, FnName); + if (Fn == nullptr) { + if (WarnIfMissing) { + const char *ErrorMsg = dlerror(); + Printf("WARNING: Failed to find function \"%s\".", FnName); + if (ErrorMsg) + Printf(" Reason %s.", ErrorMsg); + Printf("\n"); + } + } + return reinterpret_cast(Fn); +} + +namespace fuzzer { + +ExternalFunctions::ExternalFunctions() { +#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \ + this->NAME = GetFnPtr(#NAME, WARN) + +#include "FuzzerExtFunctions.def" + +#undef EXT_FUNC +} +} // namespace fuzzer +#endif // LIBFUZZER_APPLE Index: lib/Fuzzer/FuzzerExtFunctionsWeak.cpp =================================================================== --- /dev/null +++ lib/Fuzzer/FuzzerExtFunctionsWeak.cpp @@ -0,0 +1,50 @@ +//===- FuzzerExtFunctionsWeak.cpp - Interface to external functions -------===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// Implementation for Linux. This relies on the linker's support for weak +// symbols. We don't use this approach on Apple platforms because it requires +// clients of LibFuzzer to pass ``-U _`` to the linker to allow +// weak symbols to be undefined. That is a complication we don't want to expose +// to clients right now. +//===----------------------------------------------------------------------===// +#include "FuzzerInternal.h" +#if LIBFUZZER_LINUX + +#include "FuzzerExtFunctions.h" + +extern "C" { +// Declare these symbols as weak to allow them to be optionally defined. +#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \ + __attribute__((weak)) RETURN_TYPE NAME FUNC_SIG + +#include "FuzzerExtFunctions.def" + +#undef EXT_FUNC +} + +using namespace fuzzer; + +static void CheckFnPtr(void *FnPtr, const char *FnName, bool WarnIfMissing) { + if (FnPtr == nullptr && WarnIfMissing) { + Printf("WARNING: Failed to find function \"%s\".\n", FnName); + } +} + +namespace fuzzer { + +ExternalFunctions::ExternalFunctions() { +#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \ + this->NAME = ::NAME; \ + CheckFnPtr((void *)::NAME, #NAME, WARN); + +#include "FuzzerExtFunctions.def" + +#undef EXT_FUNC +} +} // namespace fuzzer +#endif // LIBFUZZER_LINUX Index: lib/Fuzzer/FuzzerInternal.h =================================================================== --- lib/Fuzzer/FuzzerInternal.h +++ lib/Fuzzer/FuzzerInternal.h @@ -25,6 +25,7 @@ #include #include +#include "FuzzerExtFunctions.h" #include "FuzzerInterface.h" #include "FuzzerTracePC.h" @@ -42,7 +43,7 @@ namespace fuzzer { typedef int (*UserCallback)(const uint8_t *Data, size_t Size); -int FuzzerDriver(int argc, char **argv, UserCallback Callback); +int FuzzerDriver(int *argc, char ***argv, UserCallback Callback); using namespace std::chrono; typedef std::vector Unit; @@ -468,6 +469,9 @@ // Need to know our own thread. static thread_local bool IsMyThread; + + // Interface to functions that may or may not be available. + ExternalFunctions EF; }; }; // namespace fuzzer Index: lib/Fuzzer/FuzzerLoop.cpp =================================================================== --- lib/Fuzzer/FuzzerLoop.cpp +++ lib/Fuzzer/FuzzerLoop.cpp @@ -47,9 +47,6 @@ __attribute__((weak)) uintptr_t __sanitizer_get_coverage_pc_buffer(uintptr_t **data); -__attribute__((weak)) size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, - size_t MaxSize, - unsigned int Seed); __attribute__((weak)) void __sanitizer_malloc_hook(void *ptr, size_t size); __attribute__((weak)) void __sanitizer_free_hook(void *ptr); __attribute__((weak)) void __lsan_enable(); @@ -692,9 +689,9 @@ for (int i = 0; i < Options.MutateDepth; i++) { size_t NewSize = 0; - if (LLVMFuzzerCustomMutator) - NewSize = LLVMFuzzerCustomMutator(CurrentUnitData, Size, - Options.MaxLen, MD.GetRand().Rand()); + if (EF.LLVMFuzzerCustomMutator) + NewSize = EF.LLVMFuzzerCustomMutator(CurrentUnitData, Size, + Options.MaxLen, MD.GetRand().Rand()); else NewSize = MD.Mutate(CurrentUnitData, Size, Options.MaxLen); assert(NewSize > 0 && "Mutator returned empty unit"); Index: lib/Fuzzer/FuzzerMain.cpp =================================================================== --- lib/Fuzzer/FuzzerMain.cpp +++ lib/Fuzzer/FuzzerMain.cpp @@ -15,12 +15,8 @@ extern "C" { // This function should be defined by the user. int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); -// This function may optionally be defined by the user. -__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv); } // extern "C" int main(int argc, char **argv) { - if (LLVMFuzzerInitialize) - LLVMFuzzerInitialize(&argc, &argv); - return fuzzer::FuzzerDriver(argc, argv, LLVMFuzzerTestOneInput); + return fuzzer::FuzzerDriver(&argc, &argv, LLVMFuzzerTestOneInput); }