Index: compiler-rt/lib/fuzzer/FuzzerDriver.cpp =================================================================== --- compiler-rt/lib/fuzzer/FuzzerDriver.cpp +++ compiler-rt/lib/fuzzer/FuzzerDriver.cpp @@ -668,6 +668,7 @@ Options.IgnoreTimeouts = Flags.ignore_timeouts; Options.IgnoreOOMs = Flags.ignore_ooms; Options.IgnoreCrashes = Flags.ignore_crashes; + Options.IgnoreRemoteExits = Flags.ignore_remote_exits; Options.MaxTotalTimeSec = Flags.max_total_time; Options.DoCrossOver = Flags.cross_over; Options.CrossOverUniformDist = Flags.cross_over_uniform_dist; @@ -677,6 +678,7 @@ Options.UseMemmem = Flags.use_memmem; Options.UseCmp = Flags.use_cmp; Options.UseValueProfile = Flags.use_value_profile; + Options.UseRemote = Flags.remote; Options.Shrink = Flags.shrink; Options.ReduceInputs = Flags.reduce_inputs; Options.ShuffleAtStartUp = Flags.shuffle; Index: compiler-rt/lib/fuzzer/FuzzerExtFunctions.def =================================================================== --- compiler-rt/lib/fuzzer/FuzzerExtFunctions.def +++ compiler-rt/lib/fuzzer/FuzzerExtFunctions.def @@ -27,6 +27,7 @@ // Sanitizer functions EXT_FUNC(__lsan_enable, void, (), false); EXT_FUNC(__lsan_disable, void, (), false); +EXT_FUNC(__lsan_do_leak_check, void, (), false); EXT_FUNC(__lsan_do_recoverable_leak_check, int, (), false); EXT_FUNC(__sanitizer_acquire_crash_state, int, (), true); EXT_FUNC(__sanitizer_install_malloc_and_free_hooks, int, @@ -48,3 +49,14 @@ EXT_FUNC(__msan_scoped_enable_interceptor_checks, void, (), false); EXT_FUNC(__msan_unpoison, void, (const volatile void *, size_t size), false); EXT_FUNC(__msan_unpoison_param, void, (size_t n), false); + +// IPC functions +EXT_FUNC(FuzzerAcceptRemotes, void, (), false); +EXT_FUNC(FuzzerShutdownRemotes, void, (), false); +EXT_FUNC(FuzzerRemoteStartExecution, void, (unsigned long, uint32_t), false); +EXT_FUNC(FuzzerRemoteFinishExecution, void, (unsigned long), false); +EXT_FUNC(FuzzerRemotePrintPC, void, (unsigned long, const char *, const char *, uintptr_t), false); +EXT_FUNC(FuzzerRemoteDescribePC, void, (unsigned long, const char *, uintptr_t, char *, size_t), false); +EXT_FUNC(FuzzerRemotePrintStackTrace, void, (unsigned long), false); +EXT_FUNC(FuzzerRemotePrintMemoryProfile, void, (unsigned long), false); +EXT_FUNC(FuzzerRemoteDetectLeaksAtExit, void, (unsigned long), false); Index: compiler-rt/lib/fuzzer/FuzzerFlags.def =================================================================== --- compiler-rt/lib/fuzzer/FuzzerFlags.def +++ compiler-rt/lib/fuzzer/FuzzerFlags.def @@ -61,6 +61,7 @@ FUZZER_FLAG_INT(ignore_timeouts, 1, "Ignore timeouts in fork mode") FUZZER_FLAG_INT(ignore_ooms, 1, "Ignore OOMs in fork mode") FUZZER_FLAG_INT(ignore_crashes, 0, "Ignore crashes in fork mode") +FUZZER_FLAG_INT(ignore_remote_exits, 0, "Ignore remote processes exiting normally") FUZZER_FLAG_INT(merge, 0, "If 1, the 2-nd, 3-rd, etc corpora will be " "merged into the 1-st corpus. Only interesting units will be taken. " "This flag can be used to minimize a corpus.") @@ -99,6 +100,9 @@ FUZZER_FLAG_INT(use_value_profile, 0, "Experimental. Use value profile to guide fuzzing.") FUZZER_FLAG_INT(use_cmp, 1, "Use CMP traces to guide mutations") +FUZZER_FLAG_INT(remote, 0, "Experimental. Allow remote processes to connect and" + " forward coverage information. Used to fuzz" + " interprocess communication.") FUZZER_FLAG_INT(shrink, 0, "Experimental. Try to shrink corpus inputs.") FUZZER_FLAG_INT(reduce_inputs, 1, "Try to reduce the size of inputs while preserving their full feature sets") Index: compiler-rt/lib/fuzzer/FuzzerOptions.h =================================================================== --- compiler-rt/lib/fuzzer/FuzzerOptions.h +++ compiler-rt/lib/fuzzer/FuzzerOptions.h @@ -27,6 +27,7 @@ bool IgnoreTimeouts = true; bool IgnoreOOMs = true; bool IgnoreCrashes = false; + bool IgnoreRemoteExits = false; int MaxTotalTimeSec = 0; int RssLimitMb = 0; int MallocLimitMb = 0; @@ -38,6 +39,7 @@ bool UseMemmem = true; bool UseCmp = false; int UseValueProfile = false; + bool UseRemote = false; bool Shrink = false; bool ReduceInputs = false; int ReloadIntervalSec = 1; Index: compiler-rt/lib/fuzzer/tests/FuzzerTestUtil.h =================================================================== --- compiler-rt/lib/fuzzer/tests/FuzzerTestUtil.h +++ compiler-rt/lib/fuzzer/tests/FuzzerTestUtil.h @@ -24,12 +24,24 @@ // Helper environment to ensure that: // * The PRNG is seeded deterministically. // * The ExternalFunctions are allocated. +// * No-op versions of the FuzzerRemote* methods are provided. class TestEnvironment : public testing::Environment { public: void SetUp() override { srand(0); ExtFuncs.reset(new ExternalFunctions()); EF = ExtFuncs.get(); + EF->FuzzerAcceptRemotes = []() {}; + EF->FuzzerShutdownRemotes = []() {}; + EF->FuzzerRemoteStartExecution = [](unsigned long PID, uint32_t Flags) {}; + EF->FuzzerRemoteFinishExecution = [](unsigned long PID) {}; + EF->FuzzerRemotePrintPC = [](unsigned long PID, const char *SymbolizedFMT, + const char *FallbackFMT, uintptr_t PC) {}; + EF->FuzzerRemoteDescribePC = [](unsigned long PID, + const char *SymbolizedFMT, uintptr_t PC, + char *Out, size_t OutLen) {}; + EF->FuzzerRemotePrintStackTrace = [](unsigned long PID) {}; + EF->FuzzerRemotePrintMemoryProfile = [](unsigned long PID) {}; } void TearDown() override { EF = nullptr; }