Bug 1431090 - Prepare tools/fuzzing/ to be used with JS_STANDALONE. r=froydnj
☠☠ backed out by c0a6a97a4445 ☠ ☠
authorChristian Holler <choller@mozilla.com>
Wed, 17 Jan 2018 15:20:35 +0100
changeset 400366 eb6acc9e44ad0373b3469bc9db2d80ad9279827f
parent 400365 43f1c41b3b2e745dcc89e134d82da1ccedb55a45
child 400367 2e98bda3f39735bbc557c4652a03a071044b03b4
push id33302
push userdluca@mozilla.com
push dateTue, 23 Jan 2018 17:44:47 +0000
treeherdermozilla-central@a89451212513 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfroydnj
bugs1431090
milestone60.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1431090 - Prepare tools/fuzzing/ to be used with JS_STANDALONE. r=froydnj This patch adjusts tools/fuzzing/ in such a way that the relevant parts can be reused in the JS engine. Changes in detail include: * Various JS_STANDALONE checks to exclude parts that cannot be included in those builds. * Turn LibFuzzerRegistry and LibFuzzerRunner into generic FuzzerRegistry and FuzzerRunner classes and use them for AFL as well. Previously, AFL was piggy-backing on gtests which was kind of an ugly solution anyway (besides that it can't work in JS). Now more code like registry and harness is shared between the two and they follow almost the same call paths and entry points. AFL macros in FuzzingInterface have been rewritten accordingly. This also required name changes in various places. Furthermore, this unifies the way, the fuzzing target is selected, using the FUZZER environment variable rather than LIBFUZZER (using LIBFUZZER in browser builds will give you a deprecation warning because I know some people are using this already and need time to switch). Previously, AFL target had to be selected using GTEST_FILTER, so this is also much better now. * I had to split up FuzzingInterface* such that the STREAM parts are in a separate set of files FuzzingInterfaceStream* because they use nsStringStream which is not allowed to be included into the JS engine even in a full browser build (error: "Using XPCOM strings is limited to code linked into libxul."). I also had to pull FuzzingInterface.cpp (the RAW part only) into the header and make it static because otherwise, would have to make not only separate files but also separate libraries to statically link to the JS engine, which seemed overkill for a single small function. The streaming equivalent of the function is still in a cpp file. * LibFuzzerRegister functions are now unique by appending the module name to avoid redefinition errors. MozReview-Commit-ID: 44zWCdglnHr
image/test/fuzzing/TestDecoders.cpp
media/mtransport/fuzztest/stun_parser_libfuzz.cpp
toolkit/xre/nsAppRunner.cpp
tools/fuzzing/interface/FuzzingInterface.cpp
tools/fuzzing/interface/FuzzingInterface.h
tools/fuzzing/interface/FuzzingInterfaceStream.cpp
tools/fuzzing/interface/FuzzingInterfaceStream.h
tools/fuzzing/interface/harness/FuzzerRunner.cpp
tools/fuzzing/interface/harness/FuzzerRunner.h
tools/fuzzing/interface/harness/FuzzerTestHarness.h
tools/fuzzing/interface/harness/moz.build
tools/fuzzing/interface/moz.build
tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.cpp
tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
tools/fuzzing/libfuzzer/harness/LibFuzzerTestHarness.h
tools/fuzzing/libfuzzer/harness/moz.build
tools/fuzzing/libfuzzer/moz.build
tools/fuzzing/moz.build
tools/fuzzing/registry/FuzzerRegistry.cpp
tools/fuzzing/registry/FuzzerRegistry.h
tools/fuzzing/registry/moz.build
xpcom/build/nsXULAppAPI.h
--- a/image/test/fuzzing/TestDecoders.cpp
+++ b/image/test/fuzzing/TestDecoders.cpp
@@ -15,17 +15,17 @@
 #include "nsIInputStream.h"
 #include "nsIRunnable.h"
 #include "nsIStringStream.h"
 #include "nsIThread.h"
 #include "mozilla/RefPtr.h"
 #include "nsString.h"
 #include "nsThreadUtils.h"
 
-#include "FuzzingInterface.h"
+#include "FuzzingInterfaceStream.h"
 
 using namespace mozilla;
 using namespace mozilla::gfx;
 using namespace mozilla::image;
 
 static std::string mimeType = "";
 
 // Prevents x being optimized away if it has no side-effects.
--- a/media/mtransport/fuzztest/stun_parser_libfuzz.cpp
+++ b/media/mtransport/fuzztest/stun_parser_libfuzz.cpp
@@ -4,17 +4,16 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include <string>
 
 #include "gtest/gtest.h"
 
 #include "FuzzingInterface.h"
-#include "LibFuzzerRegistry.h"
 
 extern "C" {
 #include <csi_platform.h>
 #include "stun_msg.h"
 #include "stun_codec.h"
 }
 
 int FuzzingInitStunParser(int *argc, char ***argv) {
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -276,27 +276,29 @@ nsString gAbsoluteArgv0Path;
 // build backends.
 #include "buildid.h"
 #endif
 
 #ifdef MOZ_LINKER
 extern "C" MFBT_API bool IsSignalHandlingBroken();
 #endif
 
-#ifdef LIBFUZZER
-#include "LibFuzzerRunner.h"
+#ifdef FUZZING
+#include "FuzzerRunner.h"
 
 namespace mozilla {
-LibFuzzerRunner* libFuzzerRunner = 0;
+FuzzerRunner* fuzzerRunner = 0;
 } // namespace mozilla
 
+#ifdef LIBFUZZER
 void XRE_LibFuzzerSetDriver(LibFuzzerDriver aDriver) {
-  mozilla::libFuzzerRunner->setParams(aDriver);
+  mozilla::fuzzerRunner->setParams(aDriver);
 }
 #endif
+#endif // FUZZING
 
 namespace mozilla {
 int (*RunGTest)(int*, char**) = 0;
 } // namespace mozilla
 
 using namespace mozilla;
 using mozilla::Unused;
 using mozilla::scache::StartupCache;
@@ -3886,20 +3888,20 @@ XREMain::XRE_mainStartup(bool* aExitFlag
 
   // Open the display ourselves instead of using gtk_init, so that we can
   // close it without fear that one day gtk might clean up the display it
   // opens.
   if (!gtk_parse_args(&gArgc, &gArgv))
     return 1;
 #endif /* MOZ_WIDGET_GTK */
 
-#ifdef LIBFUZZER
-  if (PR_GetEnv("LIBFUZZER")) {
+#ifdef FUZZING
+  if (PR_GetEnv("FUZZER")) {
     *aExitFlag = true;
-    return mozilla::libFuzzerRunner->Run(&gArgc, &gArgv);
+    return mozilla::fuzzerRunner->Run(&gArgc, &gArgv);
   }
 #endif
 
   if (PR_GetEnv("MOZ_RUN_GTEST")) {
     int result;
 #ifdef XP_WIN
     UseParentConsole();
 #endif
deleted file mode 100644
--- a/tools/fuzzing/interface/FuzzingInterface.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- * Interface implementation for the unified fuzzing interface
- */
-
-#include "FuzzingInterface.h"
-
-#include "nsNetUtil.h"
-
-namespace mozilla {
-
-#ifdef __AFL_COMPILER
-void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc) {
-    nsresult rv;
-    nsCOMPtr<nsIProperties> dirService =
-      do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID);
-    MOZ_RELEASE_ASSERT(dirService != nullptr);
-    nsCOMPtr<nsIFile> file;
-    rv = dirService->Get(NS_OS_CURRENT_WORKING_DIR,
-                         NS_GET_IID(nsIFile), getter_AddRefs(file));
-    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-    file->AppendNative(nsDependentCString(testFile));
-    while(__AFL_LOOP(1000)) {
-      nsCOMPtr<nsIInputStream> inputStream;
-      rv = NS_NewLocalFileInputStream(getter_AddRefs(inputStream), file);
-      MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-      if (!NS_InputStreamIsBuffered(inputStream)) {
-        nsCOMPtr<nsIInputStream> bufStream;
-        rv = NS_NewBufferedInputStream(getter_AddRefs(bufStream),
-                                       inputStream.forget(), 1024);
-        MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-        inputStream = bufStream;
-      }
-      testFunc(inputStream.forget());
-    }
-}
-
-void afl_interface_raw(const char* testFile, FuzzingTestFuncRaw testFunc) {
-    char* buf = NULL;
-
-    while(__AFL_LOOP(1000)) {
-      std::ifstream is;
-      is.open (testFile, std::ios::binary);
-      is.seekg (0, std::ios::end);
-      int len = is.tellg();
-      is.seekg (0, std::ios::beg);
-      MOZ_RELEASE_ASSERT(len >= 0);
-      if (!len) {
-        is.close();
-        continue;
-      }
-      buf = (char*)realloc(buf, len);
-      MOZ_RELEASE_ASSERT(buf);
-      is.read(buf,len);
-      is.close();
-      testFunc((uint8_t*)buf, (size_t)len);
-    }
-
-    free(buf);
-}
-#endif
-
-} // namespace mozilla
--- a/tools/fuzzing/interface/FuzzingInterface.h
+++ b/tools/fuzzing/interface/FuzzingInterface.h
@@ -5,100 +5,87 @@
 
 /*
  * Interface definitions for the unified fuzzing interface
  */
 
 #ifndef FuzzingInterface_h__
 #define FuzzingInterface_h__
 
-#include "gtest/gtest.h"
-#include "nsComponentManagerUtils.h"
-#include "nsCOMPtr.h"
-#include "nsIInputStream.h"
-
-#include "nsDirectoryServiceDefs.h"
-#include "nsIDirectoryService.h"
-#include "nsIFile.h"
-#include "nsStreamUtils.h"
-#include "nsStringStream.h"
-
 #include <fstream>
 
-#ifdef LIBFUZZER
-#include "LibFuzzerRegistry.h"
-#endif
+#include "FuzzerRegistry.h"
+#include "mozilla/Assertions.h"
 
 namespace mozilla {
 
 typedef int(*FuzzingTestFuncRaw)(const uint8_t*, size_t);
-typedef int(*FuzzingTestFuncStream)(nsCOMPtr<nsIInputStream>);
 
 #ifdef __AFL_COMPILER
-void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc);
-void afl_interface_raw(const char* testFile, FuzzingTestFuncRaw testFunc);
+
+static int afl_interface_raw(const char* testFile, FuzzingTestFuncRaw testFunc) {
+    char* buf = NULL;
 
-#define MOZ_AFL_INTERFACE_COMMON(initFunc)                                                    \
-  initFunc(NULL, NULL);                                                                       \
+    while(__AFL_LOOP(1000)) {
+      std::ifstream is;
+      is.open (testFile, std::ios::binary);
+      is.seekg (0, std::ios::end);
+      int len = is.tellg();
+      is.seekg (0, std::ios::beg);
+      MOZ_RELEASE_ASSERT(len >= 0);
+      if (!len) {
+        is.close();
+        continue;
+      }
+      buf = (char*)realloc(buf, len);
+      MOZ_RELEASE_ASSERT(buf);
+      is.read(buf,len);
+      is.close();
+      testFunc((uint8_t*)buf, (size_t)len);
+    }
+
+    free(buf);
+
+    return 0;
+}
+
+#define MOZ_AFL_INTERFACE_COMMON()                                                            \
   char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE");                                            \
   if (!testFilePtr) {                                                                         \
-    EXPECT_TRUE(false) << "Must specify testfile in MOZ_FUZZ_TESTFILE environment variable."; \
-    return;                                                                                   \
+    fprintf(stderr, "Must specify testfile in MOZ_FUZZ_TESTFILE environment variable.\n");    \
+    return 1;                                                                                 \
   }                                                                                           \
   /* Make a copy of testFilePtr so the testing function can safely call getenv */             \
   std::string testFile(testFilePtr);
 
-#define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) \
-  TEST(AFL, moduleName) {                                        \
-    MOZ_AFL_INTERFACE_COMMON(initFunc);                          \
-    ::mozilla::afl_interface_stream(testFile.c_str(), testFunc); \
-  }
-
-#define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName)    \
-  TEST(AFL, moduleName) {                                        \
-    MOZ_AFL_INTERFACE_COMMON(initFunc);                          \
-    ::mozilla::afl_interface_raw(testFile.c_str(), testFunc);    \
+#define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName)            \
+  static int afl_fuzz_##moduleName(const uint8_t *data, size_t size) {   \
+    MOZ_RELEASE_ASSERT(data == NULL && size == 0);                       \
+    MOZ_AFL_INTERFACE_COMMON();                                          \
+    return ::mozilla::afl_interface_raw(testFile.c_str(), testFunc);     \
+  }                                                                      \
+  static void __attribute__ ((constructor)) AFLRegister##moduleName() {  \
+    ::mozilla::FuzzerRegistry::getInstance().registerModule(             \
+      #moduleName, initFunc, afl_fuzz_##moduleName                       \
+    );                                                                   \
   }
 #else
-#define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) /* Nothing */
 #define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName)    /* Nothing */
-#endif
+#endif // __AFL_COMPILER
 
 #ifdef LIBFUZZER
-#define MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName)      \
-  static int LibFuzzerTest##moduleName (const uint8_t *data, size_t size) { \
-    if (size > INT32_MAX)                                                   \
-      return 0;                                                             \
-    nsCOMPtr<nsIInputStream> stream;                                        \
-    nsresult rv = NS_NewByteInputStream(getter_AddRefs(stream),             \
-      (const char*)data, size, NS_ASSIGNMENT_DEPEND);                       \
-    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));                                   \
-    testFunc(stream.forget());                                              \
-    return 0;                                                               \
-  }                                                                         \
-  static void __attribute__ ((constructor)) LibFuzzerRegister() {           \
-    ::mozilla::LibFuzzerRegistry::getInstance().registerModule(             \
-      #moduleName, initFunc, LibFuzzerTest##moduleName                      \
-    );                                                                      \
-  }
-
-#define MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName)         \
-  static void __attribute__ ((constructor)) LibFuzzerRegister() {           \
-    ::mozilla::LibFuzzerRegistry::getInstance().registerModule(             \
-      #moduleName, initFunc, testFunc                                       \
-    );                                                                      \
+#define MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName)            \
+  static void __attribute__ ((constructor)) LibFuzzerRegister##moduleName() {  \
+    ::mozilla::FuzzerRegistry::getInstance().registerModule(                   \
+      #moduleName, initFunc, testFunc                                          \
+    );                                                                         \
   }
 #else
-#define MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName) /* Nothing */
 #define MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName)    /* Nothing */
 #endif
 
-#define MOZ_FUZZING_INTERFACE_STREAM(initFunc, testFunc, moduleName) \
-  MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName);    \
-  MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName);
-
 #define MOZ_FUZZING_INTERFACE_RAW(initFunc, testFunc, moduleName)    \
   MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName);       \
   MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName);
 
 } // namespace mozilla
 
 #endif  // FuzzingInterface_h__
new file mode 100644
--- /dev/null
+++ b/tools/fuzzing/interface/FuzzingInterfaceStream.cpp
@@ -0,0 +1,49 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Interface implementation for the unified fuzzing interface
+ */
+
+#include "FuzzingInterfaceStream.h"
+
+#include "mozilla/Assertions.h"
+
+#ifndef JS_STANDALONE
+#include "nsNetUtil.h"
+#endif
+
+namespace mozilla {
+
+#ifdef __AFL_COMPILER
+
+void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc) {
+    nsresult rv;
+    nsCOMPtr<nsIProperties> dirService =
+      do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID);
+    MOZ_RELEASE_ASSERT(dirService != nullptr);
+    nsCOMPtr<nsIFile> file;
+    rv = dirService->Get(NS_OS_CURRENT_WORKING_DIR,
+                         NS_GET_IID(nsIFile), getter_AddRefs(file));
+    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+    file->AppendNative(nsDependentCString(testFile));
+    while(__AFL_LOOP(1000)) {
+      nsCOMPtr<nsIInputStream> inputStream;
+      rv = NS_NewLocalFileInputStream(getter_AddRefs(inputStream), file);
+      MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+      if (!NS_InputStreamIsBuffered(inputStream)) {
+        nsCOMPtr<nsIInputStream> bufStream;
+        rv = NS_NewBufferedInputStream(getter_AddRefs(bufStream),
+                                       inputStream.forget(), 1024);
+        MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+        inputStream = bufStream;
+      }
+      testFunc(inputStream.forget());
+    }
+}
+
+#endif
+
+} // namespace mozilla
new file mode 100644
--- /dev/null
+++ b/tools/fuzzing/interface/FuzzingInterfaceStream.h
@@ -0,0 +1,85 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Interface definitions for the unified fuzzing interface with streaming support
+ */
+
+#ifndef FuzzingInterfaceStream_h__
+#define FuzzingInterfaceStream_h__
+
+#ifdef JS_STANDALONE
+#error "FuzzingInterfaceStream.h cannot be used in JS standalone builds."
+#endif
+
+#include "gtest/gtest.h"
+#include "nsComponentManagerUtils.h"
+#include "nsCOMPtr.h"
+#include "nsIInputStream.h"
+
+#include "nsDirectoryServiceDefs.h"
+#include "nsIDirectoryService.h"
+#include "nsIFile.h"
+#include "nsStreamUtils.h"
+#include "nsStringStream.h"
+
+#include <fstream>
+
+#include "FuzzingInterface.h"
+
+namespace mozilla {
+
+typedef int(*FuzzingTestFuncStream)(nsCOMPtr<nsIInputStream>);
+
+#ifdef __AFL_COMPILER
+void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc);
+
+#define MOZ_AFL_INTERFACE_COMMON(initFunc)                                                    \
+  if (initFunc) initFunc(NULL, NULL);                                                         \
+  char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE");                                            \
+  if (!testFilePtr) {                                                                         \
+    fprintf(stderr, "Must specify testfile in MOZ_FUZZ_TESTFILE environment variable.\n");    \
+    return;                                                                                   \
+  }                                                                                           \
+  /* Make a copy of testFilePtr so the testing function can safely call getenv */             \
+  std::string testFile(testFilePtr);
+
+#define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) \
+  TEST(AFL, moduleName) {                                        \
+    MOZ_AFL_INTERFACE_COMMON(initFunc);                          \
+    ::mozilla::afl_interface_stream(testFile.c_str(), testFunc); \
+  }
+#else
+#define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) /* Nothing */
+#endif
+
+#ifdef LIBFUZZER
+#define MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName)      \
+  static int LibFuzzerTest##moduleName (const uint8_t *data, size_t size) { \
+    if (size > INT32_MAX)                                                   \
+      return 0;                                                             \
+    nsCOMPtr<nsIInputStream> stream;                                        \
+    nsresult rv = NS_NewByteInputStream(getter_AddRefs(stream),             \
+      (const char*)data, size, NS_ASSIGNMENT_DEPEND);                       \
+    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));                                   \
+    testFunc(stream.forget());                                              \
+    return 0;                                                               \
+  }                                                                         \
+  static void __attribute__ ((constructor)) LibFuzzerRegister() {           \
+    ::mozilla::FuzzerRegistry::getInstance().registerModule(                \
+      #moduleName, initFunc, LibFuzzerTest##moduleName                      \
+    );                                                                      \
+  }
+#else
+#define MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName) /* Nothing */
+#endif
+
+#define MOZ_FUZZING_INTERFACE_STREAM(initFunc, testFunc, moduleName) \
+  MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName);    \
+  MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName);
+
+} // namespace mozilla
+
+#endif  // FuzzingInterfaceStream_h__
rename from tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
rename to tools/fuzzing/interface/harness/FuzzerRunner.cpp
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
+++ b/tools/fuzzing/interface/harness/FuzzerRunner.cpp
@@ -1,53 +1,73 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  * * This Source Code Form is subject to the terms of the Mozilla Public
  * * License, v. 2.0. If a copy of the MPL was not distributed with this
  * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include <cstdlib>
 
-#include "LibFuzzerRunner.h"
+#include "FuzzerRunner.h"
 #include "mozilla/Attributes.h"
 #include "prenv.h"
 
-#include "LibFuzzerTestHarness.h"
+#include "FuzzerTestHarness.h"
 
 namespace mozilla {
 
-// We use a static var 'libFuzzerRunner' defined in nsAppRunner.cpp.
-// libFuzzerRunner is initialized to nullptr but if LibFuzzer (this file)
-// is linked in then libFuzzerRunner will be set here indicating that
-// we want to call into LibFuzzer's main.
-class _InitLibFuzzer {
+// We use a static var 'fuzzerRunner' defined in nsAppRunner.cpp.
+// fuzzerRunner is initialized to nullptr but if this file is linked in,
+// then fuzzerRunner will be set here indicating that
+// we want to call into either LibFuzzer's main or the AFL entrypoint.
+class _InitFuzzer {
 public:
-  _InitLibFuzzer() {
-    libFuzzerRunner = new LibFuzzerRunner();
+  _InitFuzzer() {
+    fuzzerRunner = new FuzzerRunner();
   }
 } InitLibFuzzer;
 
-int LibFuzzerRunner::Run(int* argc, char*** argv) {
-  ScopedXPCOM xpcom("LibFuzzer");
-  std::string moduleNameStr(getenv("LIBFUZZER"));
-  LibFuzzerFunctions funcs = LibFuzzerRegistry::getInstance().getModuleFunctions(moduleNameStr);
-  LibFuzzerInitFunc initFunc = funcs.first;
-  LibFuzzerTestingFunc testingFunc = funcs.second;
+int FuzzerRunner::Run(int* argc, char*** argv) {
+  ScopedXPCOM xpcom("Fuzzer");
+  const char* fuzzerEnv = getenv("FUZZER");
+
+  if (!fuzzerEnv) {
+    fuzzerEnv = getenv("LIBFUZZER");
+    if (fuzzerEnv) {
+      fprintf(stderr, "Fuzzer Interface: Warning: \
+        Using deprecated LIBFUZZER variable, use FUZZER instead\n");
+    } else {
+      fprintf(stderr, "Must specify fuzzing target in FUZZER environment variable\n");
+      return 1;
+    }
+  }
+
+  std::string moduleNameStr(fuzzerEnv);
+  FuzzerFunctions funcs = FuzzerRegistry::getInstance().getModuleFunctions(moduleNameStr);
+  FuzzerInitFunc initFunc = funcs.first;
+  FuzzerTestingFunc testingFunc = funcs.second;
   if (initFunc) {
     int ret = initFunc(argc, argv);
     if (ret) {
-      fprintf(stderr, "LibFuzzer: Error: Initialize callback failed\n");
+      fprintf(stderr, "Fuzzing Interface: Error: Initialize callback failed\n");
       return ret;
     }
   }
 
   if (!testingFunc) {
-      fprintf(stderr, "LibFuzzer: Error: No testing callback found\n");
+      fprintf(stderr, "Fuzzing Interface: Error: No testing callback found\n");
       return 1;
   }
 
+#ifdef LIBFUZZER
   return mFuzzerDriver(argc, argv, testingFunc);
+#else
+  // For AFL, testingFunc points to the entry function we need.
+  return testingFunc(NULL, 0);
+#endif
 }
 
-void LibFuzzerRunner::setParams(LibFuzzerDriver aDriver) {
+#ifdef LIBFUZZER
+void FuzzerRunner::setParams(LibFuzzerDriver aDriver) {
   mFuzzerDriver = aDriver;
 }
+#endif
 
 } // namespace mozilla
rename from tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
rename to tools/fuzzing/interface/harness/FuzzerRunner.h
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
+++ b/tools/fuzzing/interface/harness/FuzzerRunner.h
@@ -1,21 +1,24 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  * * This Source Code Form is subject to the terms of the Mozilla Public
  * * License, v. 2.0. If a copy of the MPL was not distributed with this
  * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include "LibFuzzerRegistry.h"
+#include "FuzzerRegistry.h"
 
 namespace mozilla {
 
-class LibFuzzerRunner {
+class FuzzerRunner {
 public:
   int Run(int* argc, char*** argv);
+
+#ifdef LIBFUZZER
   void setParams(LibFuzzerDriver aDriver);
 
 private:
   LibFuzzerDriver mFuzzerDriver;
+#endif
 };
 
-extern LibFuzzerRunner* libFuzzerRunner;
+extern FuzzerRunner* fuzzerRunner;
 
 } // namespace mozilla
rename from tools/fuzzing/libfuzzer/harness/LibFuzzerTestHarness.h
rename to tools/fuzzing/interface/harness/FuzzerTestHarness.h
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerTestHarness.h
+++ b/tools/fuzzing/interface/harness/FuzzerTestHarness.h
@@ -4,18 +4,18 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * Test harness for XPCOM objects, providing a scoped XPCOM initializer,
  * nsCOMPtr, nsRefPtr, do_CreateInstance, do_GetService, ns(Auto|C|)String,
  * and stdio.h/stdlib.h.
  */
 
-#ifndef LibFuzzerTestHarness_h__
-#define LibFuzzerTestHarness_h__
+#ifndef FuzzerTestHarness_h__
+#define FuzzerTestHarness_h__
 
 #include "mozilla/ArrayUtils.h"
 #include "mozilla/Attributes.h"
 
 #include "prenv.h"
 #include "nsComponentManagerUtils.h"
 #include "nsServiceManagerUtils.h"
 #include "nsCOMPtr.h"
@@ -268,9 +268,9 @@ ScopedXPCOM::AddRef()
 NS_IMETHODIMP_(MozExternalRefCountType)
 ScopedXPCOM::Release()
 {
   return 1;
 }
 
 } // namespace
 
-#endif  // LibFuzzerTestHarness_h__
+#endif  // FuzzerTestHarness_h__
rename from tools/fuzzing/libfuzzer/harness/moz.build
rename to tools/fuzzing/interface/harness/moz.build
--- a/tools/fuzzing/libfuzzer/harness/moz.build
+++ b/tools/fuzzing/interface/harness/moz.build
@@ -2,18 +2,15 @@
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 Library('fuzzer-runner')
 
 SOURCES += [
-    'LibFuzzerRegistry.cpp',
-    'LibFuzzerRunner.cpp',
+    'FuzzerRunner.cpp',
 ]
-
 EXPORTS += [
-    'LibFuzzerRegistry.h',
-    'LibFuzzerRunner.h',
+    'FuzzerRunner.h',
 ]
 
 FINAL_LIBRARY = "xul"
--- a/tools/fuzzing/interface/moz.build
+++ b/tools/fuzzing/interface/moz.build
@@ -1,15 +1,28 @@
 # -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
+Library('fuzzer-interface')
+
 EXPORTS += [
     'FuzzingInterface.h',
 ]
 
-SOURCES += [
-    'FuzzingInterface.cpp',
-]
+if CONFIG['JS_STANDALONE']:
+    FINAL_LIBRARY = "js"
+else:
+    EXPORTS += [
+        'FuzzingInterfaceStream.h',
+    ]
 
-FINAL_LIBRARY = 'xul-gtest'
+    SOURCES += [
+        'FuzzingInterfaceStream.cpp',
+    ]
+
+    DIRS += [
+      'harness',
+    ]
+
+    FINAL_LIBRARY = 'xul-gtest'
--- a/tools/fuzzing/libfuzzer/moz.build
+++ b/tools/fuzzing/libfuzzer/moz.build
@@ -1,18 +1,18 @@
 # -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 Library('fuzzer')
 
-DIRS += [
-  'harness',
+EXPORTS += [
+    'FuzzerDefs.h',
 ]
 
 SOURCES += [
     'FuzzerCrossOver.cpp',
     'FuzzerDriver.cpp',
     'FuzzerExtFunctionsDlsym.cpp',
     'FuzzerExtFunctionsDlsymWin.cpp',
     'FuzzerExtFunctionsWeak.cpp',
--- a/tools/fuzzing/moz.build
+++ b/tools/fuzzing/moz.build
@@ -1,17 +1,22 @@
 # -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 DIRS += [
-  'common',
   'interface',
-  'messagemanager',
-  'shmem'
+  'registry',
 ]
 
+if not CONFIG['JS_STANDALONE']:
+  DIRS += [
+    'common',
+    'messagemanager',
+    'shmem',
+  ]
+
 if CONFIG['LIBFUZZER']:
   DIRS += [
     'libfuzzer',
   ]
rename from tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.cpp
rename to tools/fuzzing/registry/FuzzerRegistry.cpp
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.cpp
+++ b/tools/fuzzing/registry/FuzzerRegistry.cpp
@@ -1,23 +1,23 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  * * This Source Code Form is subject to the terms of the Mozilla Public
  * * License, v. 2.0. If a copy of the MPL was not distributed with this
  * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include "LibFuzzerRegistry.h"
+#include "FuzzerRegistry.h"
 
 namespace mozilla {
 
-LibFuzzerRegistry& LibFuzzerRegistry::getInstance() {
-    static LibFuzzerRegistry instance;
+FuzzerRegistry& FuzzerRegistry::getInstance() {
+    static FuzzerRegistry instance;
     return instance;
 }
 
-void LibFuzzerRegistry::registerModule(std::string moduleName, LibFuzzerInitFunc initFunc, LibFuzzerTestingFunc testingFunc) {
-    moduleMap.insert(std::pair<std::string, LibFuzzerFunctions>(moduleName,LibFuzzerFunctions(initFunc, testingFunc)));
+void FuzzerRegistry::registerModule(std::string moduleName, FuzzerInitFunc initFunc, FuzzerTestingFunc testingFunc) {
+    moduleMap.insert(std::pair<std::string, FuzzerFunctions>(moduleName,FuzzerFunctions(initFunc, testingFunc)));
 }
 
-LibFuzzerFunctions LibFuzzerRegistry::getModuleFunctions(std::string& moduleName) {
+FuzzerFunctions FuzzerRegistry::getModuleFunctions(std::string& moduleName) {
     return moduleMap[moduleName];
 }
 
 } // namespace mozilla
rename from tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
rename to tools/fuzzing/registry/FuzzerRegistry.h
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
+++ b/tools/fuzzing/registry/FuzzerRegistry.h
@@ -1,42 +1,43 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  * * This Source Code Form is subject to the terms of the Mozilla Public
  * * License, v. 2.0. If a copy of the MPL was not distributed with this
  * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifndef _LibFuzzerRegistry_h__
-#define _LibFuzzerRegistry_h__
+#ifndef _FuzzerRegistry_h__
+#define _FuzzerRegistry_h__
 
 #include <cstdint>
 #include <map>
 #include <string>
 #include <utility>
 
 #include "mozilla/Attributes.h"
 #include "mozilla/Types.h"
 
-typedef int(*LibFuzzerInitFunc)(int*, char***);
-typedef int(*LibFuzzerTestingFunc)(const uint8_t*, size_t);
-typedef int(*LibFuzzerDriver)(int*, char***, LibFuzzerTestingFunc);
+typedef int(*FuzzerInitFunc)(int*, char***);
+typedef int(*FuzzerTestingFunc)(const uint8_t*, size_t);
+
+typedef int(*LibFuzzerDriver)(int*, char***, FuzzerTestingFunc);
 
 namespace mozilla {
 
-typedef std::pair<LibFuzzerInitFunc, LibFuzzerTestingFunc> LibFuzzerFunctions;
+typedef std::pair<FuzzerInitFunc, FuzzerTestingFunc> FuzzerFunctions;
 
-class LibFuzzerRegistry {
+class FuzzerRegistry {
     public:
-        MOZ_EXPORT static LibFuzzerRegistry& getInstance();
-        MOZ_EXPORT void registerModule(std::string moduleName, LibFuzzerInitFunc initFunc, LibFuzzerTestingFunc testingFunc);
-        MOZ_EXPORT LibFuzzerFunctions getModuleFunctions(std::string& moduleName);
+        MOZ_EXPORT static FuzzerRegistry& getInstance();
+        MOZ_EXPORT void registerModule(std::string moduleName, FuzzerInitFunc initFunc, FuzzerTestingFunc testingFunc);
+        MOZ_EXPORT FuzzerFunctions getModuleFunctions(std::string& moduleName);
 
-        LibFuzzerRegistry(LibFuzzerRegistry const&) = delete;
-        void operator=(LibFuzzerRegistry const&) = delete;
+        FuzzerRegistry(FuzzerRegistry const&) = delete;
+        void operator=(FuzzerRegistry const&) = delete;
 
     private:
-        LibFuzzerRegistry() {};
-        std::map<std::string, LibFuzzerFunctions> moduleMap;
+        FuzzerRegistry() {};
+        std::map<std::string, FuzzerFunctions> moduleMap;
 };
 
 } // namespace mozilla
 
 
-#endif // _LibFuzzerRegistry_h__
+#endif // _FuzzerRegistry_h__
new file mode 100644
--- /dev/null
+++ b/tools/fuzzing/registry/moz.build
@@ -0,0 +1,20 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Library('fuzzer-registry')
+
+SOURCES += [
+    'FuzzerRegistry.cpp',
+]
+
+EXPORTS += [
+    'FuzzerRegistry.h',
+]
+
+if CONFIG['JS_STANDALONE']:
+    FINAL_LIBRARY = "js"
+else:
+    FINAL_LIBRARY = "xul"
--- a/xpcom/build/nsXULAppAPI.h
+++ b/xpcom/build/nsXULAppAPI.h
@@ -508,16 +508,16 @@ XRE_API(void,
 XRE_API(void,
         XRE_EnableSameExecutableForContentProc, ())
 
 XRE_API(int,
         XRE_XPCShellMain, (int argc, char** argv, char** envp,
                            const XREShellData* aShellData))
 
 #ifdef LIBFUZZER
-#include "LibFuzzerRegistry.h"
+#include "FuzzerRegistry.h"
 
 XRE_API(void,
         XRE_LibFuzzerSetDriver, (LibFuzzerDriver))
 
 #endif // LIBFUZZER
 
 #endif // _nsXULAppAPI_h__