[llvm] r257980 - [libFuzzer] introduce LLVMFuzzerInitialize

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Fri Jan 15 17:23:12 PST 2016 

Author: kcc
Date: Fri Jan 15 19:23:12 2016
New Revision: 257980

URL: http://llvm.org/viewvc/llvm-project?rev=257980&view=rev
Log:
[libFuzzer] introduce LLVMFuzzerInitialize

Added:
    llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp
Modified:
    llvm/trunk/docs/LibFuzzer.rst
    llvm/trunk/lib/Fuzzer/FuzzerInterface.h
    llvm/trunk/lib/Fuzzer/FuzzerInternal.h
    llvm/trunk/lib/Fuzzer/FuzzerMain.cpp
    llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
    llvm/trunk/lib/Fuzzer/test/fuzzer.test

Modified: llvm/trunk/docs/LibFuzzer.rst
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/docs/LibFuzzer.rst?rev=257980&r1=257979&r2=257980&view=diff
==============================================================================
--- llvm/trunk/docs/LibFuzzer.rst (original)
+++ llvm/trunk/docs/LibFuzzer.rst Fri Jan 15 19:23:12 2016
@@ -336,6 +336,35 @@ User-supplied mutators
 LibFuzzer allows to use custom (user-supplied) mutators,
 see FuzzerInterface.h_
 
+Startup initialization
+----------------------
+If the library being tested needs to be initialized, there are several options.
+
+The simplest way is to have a statically initialized global object::
+
+   static bool Initialized = DoInitialization();
+
+Alternatively, you may define an optional init function and it will receive
+the program arguments that you can read and modify::
+
+   extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+    ReadAndMaybeModify(argc, argv);
+    return 0;
+   }
+
+Finally, you may use your own ``main()`` and call ``FuzzerDriver``
+from there, see FuzzerInterface.h_.
+
+Try to avoid initialization inside the target function itself as
+it will skew the coverage data. Don't do this::
+
+    extern "C" int LLVMFuzzerTestOneInput(...) {
+      static bool initialized = false;
+      if (!initialized) { 
+         ...
+      }
+    }
+
 Fuzzing components of LLVM
 ==========================
 

Modified: llvm/trunk/lib/Fuzzer/FuzzerInterface.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInterface.h?rev=257980&r1=257979&r2=257980&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInterface.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInterface.h Fri Jan 15 19:23:12 2016
@@ -23,7 +23,6 @@
 #include <string>
 
 namespace fuzzer {
-typedef std::vector<uint8_t> Unit;
 
 /// Returns an int 0. Values other than zero are reserved for future.
 typedef int (*UserCallback)(const uint8_t *Data, size_t Size);
@@ -39,6 +38,15 @@ int LLVMFuzzerTestOneInput(const uint8_t
   return 0;
 }
 
+// Optional.
+// Define this only if you need to read/modify argc/argv at startup
+// and you are using libFuzzer's main().
+// Must return 0.
+int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  ReadAndMaybeModify(argc, argv);
+  return 0;
+}
+
 // Implement your own main() or use the one from FuzzerMain.cpp.
 int main(int argc, char **argv) {
   InitializeMeIfNeeded();

Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=257980&r1=257979&r2=257980&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Fri Jan 15 19:23:12 2016
@@ -25,6 +25,7 @@
 
 namespace fuzzer {
 using namespace std::chrono;
+typedef std::vector<uint8_t> Unit;
 
 std::string FileToString(const std::string &Path);
 Unit FileToVector(const std::string &Path);

Modified: llvm/trunk/lib/Fuzzer/FuzzerMain.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMain.cpp?rev=257980&r1=257979&r2=257980&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerMain.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerMain.cpp Fri Jan 15 19:23:12 2016
@@ -12,9 +12,15 @@
 #include "FuzzerInterface.h"
 #include "FuzzerInternal.h"
 
+extern "C" {
 // This function should be defined by the user.
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+// This function may optionally be defined by the user.
+__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
+}  // extern "C"
 
 int main(int argc, char **argv) {
+  if (LLVMFuzzerInitialize)
+    LLVMFuzzerInitialize(&argc, &argv);
   return fuzzer::FuzzerDriver(argc, argv, LLVMFuzzerTestOneInput);
 }

Modified: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CMakeLists.txt?rev=257980&r1=257979&r2=257980&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt (original)
+++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt Fri Jan 15 19:23:12 2016
@@ -18,6 +18,7 @@ set(Tests
   CounterTest
   FourIndependentBranchesTest
   FullCoverageSetTest
+  InitializeTest
   MemcmpTest
   NullDerefTest
   RepeatedMemcmp

Added: llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp?rev=257980&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp (added)
+++ llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp Fri Jan 15 19:23:12 2016
@@ -0,0 +1,23 @@
+// Make sure LLVMFuzzerInitialize is called.
+#include <assert.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+static char *argv0;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  assert(argc > 0);
+  argv0 = **argv;
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (strncmp(reinterpret_cast<const char*>(Data), argv0, Size)) {
+    fprintf(stderr, "BINGO\n");
+    exit(1);
+  }
+  return 0;
+}

Modified: llvm/trunk/lib/Fuzzer/test/fuzzer.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer.test?rev=257980&r1=257979&r2=257980&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer.test Fri Jan 15 19:23:12 2016
@@ -37,3 +37,5 @@ PCS:BINGO
 RUN: not LLVMFuzzer-BufferOverflowOnInput 2>&1 | FileCheck %s --check-prefix=OOB
 OOB: AddressSanitizer: heap-buffer-overflow
 OOB: is located 0 bytes to the right of 3-byte region
+
+RUN: not LLVMFuzzer-InitializeTest 2>&1 | FileCheck %s

More information about the llvm-commits mailing list