[llvm] r249214 - [libFuzzer] make LLVMFuzzerTestOneInput (the fuzzer target function) return int instead of void. The actual return value is not *yet* used (and expected to be 0). This change is API breaking, so the fuzzers will need to be updated.
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Fri Oct 2 16:34:06 PDT 2015
Author: kcc
Date: Fri Oct 2 18:34:06 2015
New Revision: 249214
URL: http://llvm.org/viewvc/llvm-project?rev=249214&view=rev
Log:
[libFuzzer] make LLVMFuzzerTestOneInput (the fuzzer target function) return int instead of void. The actual return value is not *yet* used (and expected to be 0). This change is API breaking, so the fuzzers will need to be updated.
Modified:
llvm/trunk/docs/LibFuzzer.rst
llvm/trunk/lib/Fuzzer/FuzzerInterface.h
llvm/trunk/lib/Fuzzer/FuzzerInternal.h
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/FuzzerMain.cpp
llvm/trunk/lib/Fuzzer/test/CounterTest.cpp
llvm/trunk/lib/Fuzzer/test/CxxTokensTest.cpp
llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp
llvm/trunk/lib/Fuzzer/test/FullCoverageSetTest.cpp
llvm/trunk/lib/Fuzzer/test/InfiniteTest.cpp
llvm/trunk/lib/Fuzzer/test/MemcmpTest.cpp
llvm/trunk/lib/Fuzzer/test/NullDerefTest.cpp
llvm/trunk/lib/Fuzzer/test/SimpleCmpTest.cpp
llvm/trunk/lib/Fuzzer/test/SimpleDictionaryTest.cpp
llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp
llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp
llvm/trunk/lib/Fuzzer/test/StrcmpTest.cpp
llvm/trunk/lib/Fuzzer/test/StrncmpTest.cpp
llvm/trunk/lib/Fuzzer/test/SwitchTest.cpp
llvm/trunk/lib/Fuzzer/test/TimeoutTest.cpp
llvm/trunk/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp
llvm/trunk/tools/llvm-as-fuzzer/llvm-as-fuzzer.cpp
llvm/trunk/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp
Modified: llvm/trunk/docs/LibFuzzer.rst
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/docs/LibFuzzer.rst?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/docs/LibFuzzer.rst (original)
+++ llvm/trunk/docs/LibFuzzer.rst Fri Oct 2 18:34:06 2015
@@ -21,7 +21,8 @@ This library is intended primarily for i
optimizations options (e.g. -O0, -O1, -O2) to diversify testing.
* Build a test driver using the same options as the library.
The test driver is a C/C++ file containing interesting calls to the library
- inside a single function ``extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);``
+ inside a single function ``extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);``.
+ Currently, the only expected return value is 0, others are reserved for future.
* Link the Fuzzer, the library and the driver together into an executable
using the same sanitizer options as for the library.
* Collect the initial corpus of inputs for the
@@ -83,11 +84,12 @@ Toy example
A simple function that does something interesting if it receives the input "HI!"::
cat << EOF >> test_fuzzer.cc
- extern "C" void LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size) {
+ extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size) {
if (size > 0 && data[0] == 'H')
if (size > 1 && data[1] == 'I')
if (size > 2 && data[2] == '!')
__builtin_trap();
+ return 0;
}
EOF
# Get lib/Fuzzer. Assuming that you already have fresh clang in PATH.
@@ -119,8 +121,8 @@ Here we show how to use lib/Fuzzer on so
cat << EOF > pcre_fuzzer.cc
#include <string.h>
#include "pcre2posix.h"
- extern "C" void LLVMFuzzerTestOneInput(const unsigned char *data, size_t size) {
- if (size < 1) return;
+ extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size) {
+ if (size < 1) return 0;
char *str = new char[size+1];
memcpy(str, data, size);
str[size] = 0;
@@ -130,6 +132,7 @@ Here we show how to use lib/Fuzzer on so
regfree(&preg);
}
delete [] str;
+ return 0;
}
EOF
clang++ -g -fsanitize=address $COV_FLAGS -c -std=c++11 -I inst/include/ pcre_fuzzer.cc
@@ -227,7 +230,7 @@ to find Heartbleed with LibFuzzer::
assert (SSL_CTX_use_PrivateKey_file(sctx, "server.key", SSL_FILETYPE_PEM));
return 0;
}
- extern "C" void LLVMFuzzerTestOneInput(unsigned char *Data, size_t Size) {
+ extern "C" int LLVMFuzzerTestOneInput(unsigned char *Data, size_t Size) {
static int unused = Init();
SSL *server = SSL_new(sctx);
BIO *sinbio = BIO_new(BIO_s_mem());
@@ -237,6 +240,7 @@ to find Heartbleed with LibFuzzer::
BIO_write(sinbio, Data, Size);
SSL_do_handshake(server);
SSL_free(server);
+ return 0;
}
EOF
# Build the fuzzer.
Modified: llvm/trunk/lib/Fuzzer/FuzzerInterface.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInterface.h?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInterface.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInterface.h Fri Oct 2 18:34:06 2015
@@ -23,7 +23,9 @@
namespace fuzzer {
-typedef void (*UserCallback)(const uint8_t *Data, size_t Size);
+typedef void (*DeprecatedUserCallback)(const uint8_t *Data, size_t Size);
+/// Returns an int 0. Values other than zero are reserved for future.
+typedef int (*UserCallback)(const uint8_t *Data, size_t Size);
/** Simple C-like interface with a single user-supplied callback.
Usage:
@@ -31,8 +33,9 @@ Usage:
#\code
#include "FuzzerInterface.h"
-void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
DoStuffWithData(Data, Size);
+ return 0;
}
// Implement your own main() or use the one from FuzzerMain.cpp.
@@ -43,6 +46,7 @@ int main(int argc, char **argv) {
#\endcode
*/
int FuzzerDriver(int argc, char **argv, UserCallback Callback);
+int FuzzerDriver(int argc, char **argv, DeprecatedUserCallback Callback);
class FuzzerRandomBase {
public:
@@ -118,7 +122,7 @@ class MyFuzzer : public fuzzer::UserSupp
public:
MyFuzzer(fuzzer::FuzzerRandomBase *Rand);
// Must define the target function.
- void TargetFunction(...) { ... }
+ int TargetFunction(...) { ...; return 0; }
// Optionally define the mutator.
size_t Mutate(...) { ... }
// Optionally define the CrossOver method.
@@ -136,7 +140,7 @@ class UserSuppliedFuzzer {
UserSuppliedFuzzer(); // Deprecated, don't use.
UserSuppliedFuzzer(FuzzerRandomBase *Rand);
/// Executes the target function on 'Size' bytes of 'Data'.
- virtual void TargetFunction(const uint8_t *Data, size_t Size) = 0;
+ virtual int TargetFunction(const uint8_t *Data, size_t Size) = 0;
/// Mutates 'Size' bytes of data in 'Data' inplace into up to 'MaxSize' bytes,
/// returns the new size of the data, which should be positive.
virtual size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) {
Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Fri Oct 2 18:34:06 2015
@@ -176,12 +176,19 @@ class SimpleUserSuppliedFuzzer: public U
public:
SimpleUserSuppliedFuzzer(FuzzerRandomBase *Rand, UserCallback Callback)
: UserSuppliedFuzzer(Rand), Callback(Callback) {}
- virtual void TargetFunction(const uint8_t *Data, size_t Size) {
- return Callback(Data, Size);
+
+ SimpleUserSuppliedFuzzer(FuzzerRandomBase *Rand, DeprecatedUserCallback Callback)
+ : UserSuppliedFuzzer(Rand), DeprecatedCallback(Callback) {}
+
+ virtual int TargetFunction(const uint8_t *Data, size_t Size) override {
+ if (Callback) return Callback(Data, Size);
+ DeprecatedCallback(Data, Size);
+ return 0;
}
private:
- UserCallback Callback;
+ DeprecatedUserCallback DeprecatedCallback = nullptr;
+ UserCallback Callback = nullptr;
};
}; // namespace fuzzer
Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Fri Oct 2 18:34:06 2015
@@ -194,12 +194,14 @@ Unit Fuzzer::SubstituteTokens(const Unit
}
void Fuzzer::ExecuteCallback(const Unit &U) {
+ int Res = 0;
if (Options.Tokens.empty()) {
- USF.TargetFunction(U.data(), U.size());
+ Res = USF.TargetFunction(U.data(), U.size());
} else {
auto T = SubstituteTokens(U);
- USF.TargetFunction(T.data(), T.size());
+ Res = USF.TargetFunction(T.data(), T.size());
}
+ assert(Res == 0);
}
size_t Fuzzer::RunOneMaximizeTotalCoverage(const Unit &U) {
Modified: llvm/trunk/lib/Fuzzer/FuzzerMain.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMain.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerMain.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerMain.cpp Fri Oct 2 18:34:06 2015
@@ -13,7 +13,7 @@
#include "FuzzerInternal.h"
// This function should be defined by the user.
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
int main(int argc, char **argv) {
return fuzzer::FuzzerDriver(argc, argv, LLVMFuzzerTestOneInput);
Modified: llvm/trunk/lib/Fuzzer/test/CounterTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CounterTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CounterTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/CounterTest.cpp Fri Oct 2 18:34:06 2015
@@ -2,7 +2,7 @@
// executed many times.
#include <iostream>
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int Num = 0;
for (size_t i = 0; i < Size; i++)
if (Data[i] == 'A' + i)
@@ -11,4 +11,5 @@ extern "C" void LLVMFuzzerTestOneInput(c
std::cerr << "BINGO!\n";
exit(1);
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/CxxTokensTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CxxTokensTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CxxTokensTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/CxxTokensTest.cpp Fri Oct 2 18:34:06 2015
@@ -10,9 +10,9 @@ static void Found() {
exit(1);
}
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
// looking for "thread_local unsigned A;"
- if (Size < 24) return;
+ if (Size < 24) return 0;
if (0 == memcmp(&Data[0], "thread_local", 12))
if (Data[12] == ' ')
if (0 == memcmp(&Data[13], "unsigned", 8))
@@ -20,5 +20,6 @@ extern "C" void LLVMFuzzerTestOneInput(c
if (Data[22] == 'A')
if (Data[23] == ';')
Found();
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp Fri Oct 2 18:34:06 2015
@@ -4,7 +4,7 @@
#include <cstddef>
#include <iostream>
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int bits = 0;
if (Size > 0 && Data[0] == 'F') bits |= 1;
if (Size > 1 && Data[1] == 'U') bits |= 2;
@@ -14,5 +14,6 @@ extern "C" void LLVMFuzzerTestOneInput(c
std::cerr << "BINGO!\n";
exit(1);
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/FullCoverageSetTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/FullCoverageSetTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/FullCoverageSetTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/FullCoverageSetTest.cpp Fri Oct 2 18:34:06 2015
@@ -4,7 +4,7 @@
#include <cstddef>
#include <iostream>
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int bits = 0;
if (Size > 0 && Data[0] == 'F') bits |= 1;
if (Size > 1 && Data[1] == 'U') bits |= 2;
@@ -16,5 +16,6 @@ extern "C" void LLVMFuzzerTestOneInput(c
std::cerr << "BINGO!\n";
exit(1);
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/InfiniteTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/InfiniteTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/InfiniteTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/InfiniteTest.cpp Fri Oct 2 18:34:06 2015
@@ -8,7 +8,7 @@ static volatile int Sink;
static volatile int One = 1;
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size > 0 && Data[0] == 'H') {
Sink = 1;
if (Size > 1 && Data[1] == 'i') {
@@ -20,5 +20,6 @@ extern "C" void LLVMFuzzerTestOneInput(c
}
}
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/MemcmpTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/MemcmpTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/MemcmpTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/MemcmpTest.cpp Fri Oct 2 18:34:06 2015
@@ -4,7 +4,7 @@
#include <cstdio>
#include <cstdlib>
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
// TODO: check other sizes.
if (Size >= 8 && memcmp(Data, "01234567", 8) == 0) {
if (Size >= 12 && memcmp(Data + 8, "ABCD", 4) == 0) {
@@ -16,4 +16,5 @@ extern "C" void LLVMFuzzerTestOneInput(c
}
}
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/NullDerefTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/NullDerefTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/NullDerefTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/NullDerefTest.cpp Fri Oct 2 18:34:06 2015
@@ -7,7 +7,7 @@
static volatile int Sink;
static volatile int *Null = 0;
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size > 0 && Data[0] == 'H') {
Sink = 1;
if (Size > 1 && Data[1] == 'i') {
@@ -18,5 +18,6 @@ extern "C" void LLVMFuzzerTestOneInput(c
}
}
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/SimpleCmpTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/SimpleCmpTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/SimpleCmpTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/SimpleCmpTest.cpp Fri Oct 2 18:34:06 2015
@@ -4,8 +4,8 @@
#include <cstring>
#include <cstdio>
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
- if (Size < 14) return;
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ if (Size < 14) return 0;
uint64_t x = 0;
int64_t y = 0;
int z = 0;
@@ -27,4 +27,5 @@ extern "C" void LLVMFuzzerTestOneInput(c
Size, x, y, z, a);
exit(1);
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/SimpleDictionaryTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/SimpleDictionaryTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/SimpleDictionaryTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/SimpleDictionaryTest.cpp Fri Oct 2 18:34:06 2015
@@ -10,9 +10,9 @@
static volatile int Zero = 0;
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
const char *Expected = "ElvisPresley";
- if (Size < strlen(Expected)) return;
+ if (Size < strlen(Expected)) return 0;
size_t Match = 0;
for (size_t i = 0; Expected[i]; i++)
if (Expected[i] + Zero == Data[i])
@@ -21,5 +21,6 @@ extern "C" void LLVMFuzzerTestOneInput(c
std::cout << "BINGO; Found the target, exiting\n";
exit(1);
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp Fri Oct 2 18:34:06 2015
@@ -22,15 +22,16 @@ static uint32_t simple_hash(const uint8_
return Hash;
}
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size < 14)
- return;
+ return 0;
uint32_t Hash = simple_hash(&Data[0], Size - 4);
uint32_t Want = reinterpret_cast<const uint32_t *>(&Data[Size - 4])[0];
if (Hash != Want)
- return;
+ return 0;
fprintf(stderr, "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash,
(unsigned int)Want);
exit(1);
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp Fri Oct 2 18:34:06 2015
@@ -6,7 +6,7 @@
static volatile int Sink;
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size > 0 && Data[0] == 'H') {
Sink = 1;
if (Size > 1 && Data[1] == 'i') {
@@ -17,5 +17,6 @@ extern "C" void LLVMFuzzerTestOneInput(c
}
}
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/StrcmpTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/StrcmpTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/StrcmpTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/StrcmpTest.cpp Fri Oct 2 18:34:06 2015
@@ -16,7 +16,7 @@ bool Eq(const uint8_t *Data, size_t Size
return res == 0;
}
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Eq(Data, Size, "AAA") &&
Size >= 3 && Eq(Data + 3, Size - 3, "BBBB") &&
Size >= 7 && Eq(Data + 7, Size - 7, "CCCCCC") &&
@@ -25,4 +25,5 @@ extern "C" void LLVMFuzzerTestOneInput(c
fprintf(stderr, "BINGO\n");
exit(1);
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/StrncmpTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/StrncmpTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/StrncmpTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/StrncmpTest.cpp Fri Oct 2 18:34:06 2015
@@ -6,7 +6,7 @@
static volatile int sink;
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
// TODO: check other sizes.
char *S = (char*)Data;
if (Size >= 8 && strncmp(S, "123", 8))
@@ -21,4 +21,5 @@ extern "C" void LLVMFuzzerTestOneInput(c
}
}
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/SwitchTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/SwitchTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/SwitchTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/SwitchTest.cpp Fri Oct 2 18:34:06 2015
@@ -42,7 +42,7 @@ bool ShortSwitch(const uint8_t *Data, si
return false;
}
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size >= 4 && Switch<int>(Data, Size) &&
Size >= 12 && Switch<uint64_t>(Data + 4, Size - 4) &&
Size >= 14 && ShortSwitch(Data + 12, 2)
@@ -50,5 +50,6 @@ extern "C" void LLVMFuzzerTestOneInput(c
fprintf(stderr, "BINGO; Found the target, exiting\n");
exit(1);
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/TimeoutTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/TimeoutTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/TimeoutTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/TimeoutTest.cpp Fri Oct 2 18:34:06 2015
@@ -6,7 +6,7 @@
static volatile int Sink;
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size > 0 && Data[0] == 'H') {
Sink = 1;
if (Size > 1 && Data[1] == 'i') {
@@ -18,5 +18,6 @@ extern "C" void LLVMFuzzerTestOneInput(c
}
}
}
+ return 0;
}
Modified: llvm/trunk/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp Fri Oct 2 18:34:06 2015
@@ -16,9 +16,9 @@ class MyFuzzer : public fuzzer::UserSupp
public:
MyFuzzer(fuzzer::FuzzerRandomBase *Rand)
: fuzzer::UserSuppliedFuzzer(Rand) {}
- void TargetFunction(const uint8_t *Data, size_t Size) {
- if (Size <= 10) return;
- if (memcmp(Data, &kMagic, sizeof(kMagic))) return;
+ int TargetFunction(const uint8_t *Data, size_t Size) {
+ if (Size <= 10) return 0;
+ if (memcmp(Data, &kMagic, sizeof(kMagic))) return 0;
// It's hard to get here w/o advanced fuzzing techniques (e.g. cmp tracing).
// So, we simply 'fix' the data in the custom mutator.
if (Data[8] == 'H') {
@@ -29,6 +29,7 @@ class MyFuzzer : public fuzzer::UserSupp
}
}
}
+ return 0;
}
// Custom mutator.
virtual size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) {
Modified: llvm/trunk/tools/llvm-as-fuzzer/llvm-as-fuzzer.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/llvm-as-fuzzer/llvm-as-fuzzer.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/tools/llvm-as-fuzzer/llvm-as-fuzzer.cpp (original)
+++ llvm/trunk/tools/llvm-as-fuzzer/llvm-as-fuzzer.cpp Fri Oct 2 18:34:06 2015
@@ -43,7 +43,7 @@ static bool InstalledHandler = false;
} // end of anonymous namespace
-extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
// Allocate space for locals before setjmp so that memory can be collected
// if parse exits prematurely (via longjmp).
@@ -58,7 +58,7 @@ extern "C" void LLVMFuzzerTestOneInput(c
if (setjmp(JmpBuf))
// If reached, we have returned with non-zero status, so exit.
- return;
+ return 0;
// TODO(kschimpf) Write a main to do this initialization.
if (!InstalledHandler) {
@@ -69,7 +69,8 @@ extern "C" void LLVMFuzzerTestOneInput(c
M = parseAssembly(MemBuf->getMemBufferRef(), Err, Context);
if (!M.get())
- return;
+ return 0;
verifyModule(*M.get());
+ return 0;
}
Modified: llvm/trunk/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp?rev=249214&r1=249213&r2=249214&view=diff
==============================================================================
--- llvm/trunk/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp (original)
+++ llvm/trunk/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp Fri Oct 2 18:34:06 2015
@@ -62,7 +62,7 @@ static cl::list<std::string>
cl::desc("Options to pass to the fuzzer"), cl::ZeroOrMore,
cl::PositionalEatsArgs);
-void DisassembleOneInput(const uint8_t *Data, size_t Size) {
+int DisassembleOneInput(const uint8_t *Data, size_t Size) {
char AssemblyText[AssemblyTextBufSize];
std::vector<uint8_t> DataCopy(Data, Data + Size);
@@ -85,6 +85,7 @@ void DisassembleOneInput(const uint8_t *
break;
} while (Consumed != 0);
LLVMDisasmDispose(Ctx);
+ return 0;
}
int main(int argc, char **argv) {
More information about the llvm-commits
mailing list