From 36e9403b66851a05d38a998287df65dd38552703 Mon Sep 17 00:00:00 2001 From: zhaoqin Date: Fri, 11 Dec 2015 15:39:12 -0800 Subject: [PATCH] Build standalone fuzzer tests for running with Dr. Fuzz - add use_drfuzz arg to support building standalone fuzzer tests for Dr. Fuzz - add drfuzz_main.cc to provid main function if use_drfuzz is used R=aizatsky@chromium.org,dpranke@chromium.org, BUG=566930 Review URL: https://codereview.chromium.org/1498013005 Cr-Commit-Position: refs/heads/master@{#364840} --- BUILD.gn | 2 +- build/config/sanitizers/sanitizers.gni | 4 +++ testing/libfuzzer/BUILD.gn | 34 +++++++++++++++----------- testing/libfuzzer/drfuzz_main.cc | 15 ++++++++++++ 4 files changed, 40 insertions(+), 15 deletions(-) create mode 100644 testing/libfuzzer/drfuzz_main.cc diff --git a/BUILD.gn b/BUILD.gn index 9845ff4d20ec7b..3216b4c2cd365e 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -714,7 +714,7 @@ group("gn_only") { deps -= [ "//mandoline:all" ] # TODO(GYP) } - if (use_libfuzzer) { + if (use_libfuzzer || use_drfuzz) { # these are needed only for gn to discover build files. deps += [ "//testing/libfuzzer:libfuzzer_main", diff --git a/build/config/sanitizers/sanitizers.gni b/build/config/sanitizers/sanitizers.gni index ddf28f127ff17f..f8f469c97c954f 100644 --- a/build/config/sanitizers/sanitizers.gni +++ b/build/config/sanitizers/sanitizers.gni @@ -48,6 +48,10 @@ declare_args() { # Compile for fuzzing with LLVM LibFuzzer. # See http://www.chromium.org/developers/testing/libfuzzer use_libfuzzer = false + + # Compile for fuzzing with Dr. Fuzz + # See http://www.chromium.org/developers/testing/dr-fuzz + use_drfuzz = false } # Args that are in turn dependent on other args must be in a separate diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn index a0ffbbbb3b4250..e08e205ec4626a 100644 --- a/testing/libfuzzer/BUILD.gn +++ b/testing/libfuzzer/BUILD.gn @@ -8,23 +8,29 @@ # To enable libfuzzer, 'use_libfuzzer' GN option should be set to true. import("//build/config/features.gni") +import("//build/config/sanitizers/sanitizers.gni") static_library("libfuzzer_main") { # libfuzzer should be compiled without coverage (infinite loop in trace_cmp). configs -= [ "//build/config/sanitizers:default_sanitizer_coverage_flags" ] - sources = [ - "../../third_party/llvm/lib/Fuzzer/FuzzerCrossOver.cpp", - "../../third_party/llvm/lib/Fuzzer/FuzzerDriver.cpp", - "../../third_party/llvm/lib/Fuzzer/FuzzerFlags.def", - "../../third_party/llvm/lib/Fuzzer/FuzzerIO.cpp", - "../../third_party/llvm/lib/Fuzzer/FuzzerInterface.cpp", - "../../third_party/llvm/lib/Fuzzer/FuzzerLoop.cpp", - "../../third_party/llvm/lib/Fuzzer/FuzzerMain.cpp", - "../../third_party/llvm/lib/Fuzzer/FuzzerMutate.cpp", - "../../third_party/llvm/lib/Fuzzer/FuzzerSHA1.cpp", - "../../third_party/llvm/lib/Fuzzer/FuzzerSanitizerOptions.cpp", - "../../third_party/llvm/lib/Fuzzer/FuzzerTraceState.cpp", - "../../third_party/llvm/lib/Fuzzer/FuzzerUtil.cpp", - ] + sources = [] + if (use_libfuzzer) { + sources += [ + "../../third_party/llvm/lib/Fuzzer/FuzzerCrossOver.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerDriver.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerFlags.def", + "../../third_party/llvm/lib/Fuzzer/FuzzerIO.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerInterface.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerLoop.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerMain.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerMutate.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerSHA1.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerSanitizerOptions.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerTraceState.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerUtil.cpp", + ] + } else if (use_drfuzz) { + sources += [ "drfuzz_main.cc" ] + } } diff --git a/testing/libfuzzer/drfuzz_main.cc b/testing/libfuzzer/drfuzz_main.cc new file mode 100644 index 00000000000000..b9974066977e8b --- /dev/null +++ b/testing/libfuzzer/drfuzz_main.cc @@ -0,0 +1,15 @@ +// Copyright (c) 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +#include "base/memory/scoped_ptr.h" + +extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size); + +// Provide main for running fuzzer tests with Dr. Fuzz. +int main(int argc, char **argv) +{ + static const size_t kFuzzInputMaxSize = 1024; + scoped_ptr fuzz_input(new unsigned char[kFuzzInputMaxSize]); + // The buffer and size arguments can be changed by Dr. Fuzz. + return LLVMFuzzerTestOneInput(fuzz_input.get(), kFuzzInputMaxSize); +}