Skip to content

Commit

Permalink
Use the LLVMFuzzerMutate implementation from FuzzTest in FuzzTest/Cen…
Browse files Browse the repository at this point in the history
…tipede.

This is to prepare for using the mutation metadata in FuzzTest's LLVMFuzzerMutate.

PiperOrigin-RevId: 693412316
  • Loading branch information
xinhaoyuan authored and copybara-github committed Dec 9, 2024
1 parent 5416769 commit 4c862dd
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 10 deletions.
9 changes: 7 additions & 2 deletions centipede/runner.cc
Original file line number Diff line number Diff line change
Expand Up @@ -335,8 +335,8 @@ void GlobalRunnerState::ResetTimers() {

// Byte array mutation fallback for a custom mutator, as defined here:
// https://github.com/google/fuzzing/blob/master/docs/structure-aware-fuzzing.md
extern "C" size_t LLVMFuzzerMutate(uint8_t *data, size_t size,
size_t max_size) {
extern "C" __attribute__((weak)) size_t
CentipedeLLVMFuzzerMutateCallback(uint8_t *data, size_t size, size_t max_size) {
// TODO(kcc): [as-needed] fix the interface mismatch.
// LLVMFuzzerMutate is an array-based interface (for compatibility reasons)
// while ByteArray has a vector-based interface.
Expand All @@ -358,6 +358,11 @@ extern "C" size_t LLVMFuzzerMutate(uint8_t *data, size_t size,
return array.size();
}

extern "C" size_t LLVMFuzzerMutate(uint8_t *data, size_t size,
size_t max_size) {
return CentipedeLLVMFuzzerMutateCallback(data, size, max_size);
}

// An arbitrary large size for input data.
static const size_t kMaxDataSize = 1 << 20;

Expand Down
4 changes: 4 additions & 0 deletions centipede/runner_interface.h
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,10 @@ extern "C" void CentipedeSetTimeoutPerInput(uint64_t timeout_per_input);
// throughout the entire process life-time.
extern "C" absl::Nullable<const char *> CentipedeGetRunnerFlags();

// An overridable function to override `LLVMFuzzerMutate` behavior.
extern "C" size_t CentipedeLLVMFuzzerMutateCallback(uint8_t *data, size_t size,
size_t max_size);

// Prepares to run a batch of test executions that ends with calling
// `CentipedeEndExecutionBatch`.
//
Expand Down
13 changes: 5 additions & 8 deletions fuzztest/llvm_fuzzer_wrapper.cc
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,7 @@
#include "./fuzztest/internal/domains/container_of_impl.h"
#include "./fuzztest/internal/domains/domain_base.h"
#include "./fuzztest/internal/io.h"
#ifndef FUZZTEST_USE_CENTIPEDE
#include "./fuzztest/internal/coverage.h"
#endif

ABSL_DECLARE_FLAG(std::string, llvm_fuzzer_wrapper_dict_file);
ABSL_DECLARE_FLAG(std::string, llvm_fuzzer_wrapper_corpus_dir);
Expand Down Expand Up @@ -127,12 +125,13 @@ class InplaceVector {
std::size_t size_;
};

// Centipede runner also provides LLVMFuzzerMutate to support libFuzzer targets
// on its own. So we do not define it when integrating with Centipede.
#ifndef FUZZTEST_USE_CENTIPEDE

#ifdef FUZZTEST_USE_CENTIPEDE
extern "C" size_t CentipedeLLVMFuzzerMutateCallback(uint8_t* data, size_t size,
size_t max_size) {
#else // FUZZTEST_USE_CENTIPEDE
extern "C" size_t LLVMFuzzerMutate(uint8_t* data, size_t size,
size_t max_size) {
#endif // FUZZTEST_USE_CENTIPEDE
static auto domain = fuzztest::internal::SequenceContainerOfImpl<
InplaceVector<uint8_t>, fuzztest::internal::ArbitraryImpl<uint8_t>>();
domain.WithMaxSize(max_size);
Expand All @@ -147,8 +146,6 @@ extern "C" size_t LLVMFuzzerMutate(uint8_t* data, size_t size,
return val.size();
}

#endif

class ArbitraryByteVector
: public fuzztest::internal::SequenceContainerOfImpl<
std::vector<uint8_t>, fuzztest::internal::ArbitraryImpl<uint8_t>> {
Expand Down

0 comments on commit 4c862dd

Please sign in to comment.