Build standalone fuzzer tests for running with Dr. Fuzz

- add use_drfuzz arg to support building standalone fuzzer tests for Dr. Fuzz
- add drfuzz_main.cc to provid main function if use_drfuzz is used

R=aizatsky@chromium.org,dpranke@chromium.org,
BUG=566930

Review URL: https://codereview.chromium.org/1498013005

Cr-Commit-Position: refs/heads/master@{#364840}

BUILD.gn

@@ -714,7 +714,7 @@ group("gn_only") {
     deps -= [ "//mandoline:all" ]  # TODO(GYP)
   }
 
-  if (use_libfuzzer) {
+  if (use_libfuzzer || use_drfuzz) {
     # these are needed only for gn to discover build files.
     deps += [
       "//testing/libfuzzer:libfuzzer_main",

build/config/sanitizers/sanitizers.gni

@@ -48,6 +48,10 @@ declare_args() {
   # Compile for fuzzing with LLVM LibFuzzer.
   # See http://www.chromium.org/developers/testing/libfuzzer
   use_libfuzzer = false
+
+  # Compile for fuzzing with Dr. Fuzz
+  # See http://www.chromium.org/developers/testing/dr-fuzz
+  use_drfuzz = false
 }
 
 # Args that are in turn dependent on other args must be in a separate

testing/libfuzzer/BUILD.gn

@@ -8,23 +8,29 @@
 # To enable libfuzzer, 'use_libfuzzer' GN option should be set to true.
 
 import("//build/config/features.gni")
+import("//build/config/sanitizers/sanitizers.gni")
 
 static_library("libfuzzer_main") {
   # libfuzzer should be compiled without coverage (infinite loop in trace_cmp).
   configs -= [ "//build/config/sanitizers:default_sanitizer_coverage_flags" ]
 
-  sources = [
-    "../../third_party/llvm/lib/Fuzzer/FuzzerCrossOver.cpp",
-    "../../third_party/llvm/lib/Fuzzer/FuzzerDriver.cpp",
-    "../../third_party/llvm/lib/Fuzzer/FuzzerFlags.def",
-    "../../third_party/llvm/lib/Fuzzer/FuzzerIO.cpp",
-    "../../third_party/llvm/lib/Fuzzer/FuzzerInterface.cpp",
-    "../../third_party/llvm/lib/Fuzzer/FuzzerLoop.cpp",
-    "../../third_party/llvm/lib/Fuzzer/FuzzerMain.cpp",
-    "../../third_party/llvm/lib/Fuzzer/FuzzerMutate.cpp",
-    "../../third_party/llvm/lib/Fuzzer/FuzzerSHA1.cpp",
-    "../../third_party/llvm/lib/Fuzzer/FuzzerSanitizerOptions.cpp",
-    "../../third_party/llvm/lib/Fuzzer/FuzzerTraceState.cpp",
-    "../../third_party/llvm/lib/Fuzzer/FuzzerUtil.cpp",
-  ]
+  sources = []
+  if (use_libfuzzer) {
+    sources += [
+      "../../third_party/llvm/lib/Fuzzer/FuzzerCrossOver.cpp",
+      "../../third_party/llvm/lib/Fuzzer/FuzzerDriver.cpp",
+      "../../third_party/llvm/lib/Fuzzer/FuzzerFlags.def",
+      "../../third_party/llvm/lib/Fuzzer/FuzzerIO.cpp",
+      "../../third_party/llvm/lib/Fuzzer/FuzzerInterface.cpp",
+      "../../third_party/llvm/lib/Fuzzer/FuzzerLoop.cpp",
+      "../../third_party/llvm/lib/Fuzzer/FuzzerMain.cpp",
+      "../../third_party/llvm/lib/Fuzzer/FuzzerMutate.cpp",
+      "../../third_party/llvm/lib/Fuzzer/FuzzerSHA1.cpp",
+      "../../third_party/llvm/lib/Fuzzer/FuzzerSanitizerOptions.cpp",
+      "../../third_party/llvm/lib/Fuzzer/FuzzerTraceState.cpp",
+      "../../third_party/llvm/lib/Fuzzer/FuzzerUtil.cpp",
+    ]
+  } else if (use_drfuzz) {
+    sources += [ "drfuzz_main.cc" ]
+  }
 }

testing/libfuzzer/drfuzz_main.cc

@@ -0,0 +1,15 @@
+// Copyright (c) 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "base/memory/scoped_ptr.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size);
+
+// Provide main for running fuzzer tests with Dr. Fuzz.
+int main(int argc, char **argv)
+{
+  static const size_t kFuzzInputMaxSize = 1024;
+  scoped_ptr<unsigned char[]> fuzz_input(new unsigned char[kFuzzInputMaxSize]);
+  // The buffer and size arguments can be changed by Dr. Fuzz.
+  return LLVMFuzzerTestOneInput(fuzz_input.get(), kFuzzInputMaxSize);
+}