Bug 1330533 - Use FuzzerDriver directly instead of wrapping it in a libfuzzer_main function. r?decoder draft
authorMike Hommey <mh+mozilla@glandium.org>
Thu, 12 Jan 2017 14:44:18 +0900
changeset 462799 784eed0ec54f8f00ba4a812f7cacad729abb7fa8
parent 462798 0e93348743fd3893c5095b80f68111f3d028cb15
child 462800 88d519206cf35175b15b467923e0415fa8ddc3ed
push id41857
push userbmo:mh+mozilla@glandium.org
push dateWed, 18 Jan 2017 00:24:11 +0000
reviewersdecoder
bugs1330533
milestone53.0a1
Bug 1330533 - Use FuzzerDriver directly instead of wrapping it in a libfuzzer_main function. r?decoder Going further from the previous changes, all libfuzzer_main really does is call the init function, and then proceed to call the fuzzer driver with the testing function. So instead of calling that function for it to do all that, the LibFuzzerRunner can just call the init function itself, and then call the fuzzer driver with the testing function.
browser/app/moz.build
browser/app/nsBrowserApp.cpp
toolkit/xre/Bootstrap.cpp
toolkit/xre/Bootstrap.h
toolkit/xre/nsAppRunner.cpp
tools/fuzzing/libfuzzer/FuzzerCustomMain.cpp
tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
tools/fuzzing/libfuzzer/moz.build
xpcom/build/nsXULAppAPI.h
--- a/browser/app/moz.build
+++ b/browser/app/moz.build
@@ -29,17 +29,20 @@ LOCAL_INCLUDES += [
     '/xpcom/build',
 ]
 
 USE_LIBS += [
     'mozglue',
 ]
 
 if CONFIG['LIBFUZZER']:
-  USE_LIBS += [ 'fuzzer' ]
+    USE_LIBS += [ 'fuzzer' ]
+    LOCAL_INCLUDES += [
+        '/tools/fuzzing/libfuzzer',
+    ]
 
 if CONFIG['_MSC_VER']:
     # Always enter a Windows program through wmain, whether or not we're
     # a console application.
     WIN32_EXE_LDFLAGS += ['-ENTRY:wmainCRTStartup']
 
 if CONFIG['OS_ARCH'] == 'WINNT':
     RCINCLUDE = 'splash.rc'
--- a/browser/app/nsBrowserApp.cpp
+++ b/browser/app/nsBrowserApp.cpp
@@ -38,16 +38,20 @@
 #include "BinaryPath.h"
 
 #include "nsXPCOMPrivate.h" // for MAXPATHLEN and XPCOM_DLL
 
 #include "mozilla/Sprintf.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/WindowsDllBlocklist.h"
 
+#ifdef LIBFUZZER
+#include "FuzzerDefs.h"
+#endif
+
 #ifdef MOZ_LINUX_32_SSE2_STARTUP_ERROR
 #include <cpuid.h>
 #include "mozilla/Unused.h"
 
 static bool
 IsSSE2Available()
 {
   // The rest of the app has been compiled to assume that SSE2 is present
@@ -158,20 +162,16 @@ static bool IsArg(const char* arg, const
     return !strcasecmp(++arg, s);
 #endif
 
   return false;
 }
 
 Bootstrap::UniquePtr gBootstrap;
 
-#ifdef LIBFUZZER
-int libfuzzer_main(int argc, char **argv, LibFuzzerInitFunc, LibFuzzerTestingFunc);
-#endif
-
 static int do_main(int argc, char* argv[], char* envp[])
 {
   // Allow firefox.exe to launch XULRunner apps via -app <application.ini>
   // Note that -app must be the *first* argument.
   const char *appDataFile = getenv("XUL_APP_FILE");
   if ((!appDataFile || !*appDataFile) &&
       (argc > 1 && IsArg(argv[1], "app"))) {
     if (argc == 2) {
@@ -223,17 +223,17 @@ static int do_main(int argc, char* argv[
     return 255;
   }
 #endif
   config.sandboxBrokerServices = brokerServices;
 #endif
 
 #ifdef LIBFUZZER
   if (getenv("LIBFUZZER"))
-    gBootstrap->XRE_LibFuzzerSetMain(libfuzzer_main);
+    gBootstrap->XRE_LibFuzzerSetDriver(fuzzer::FuzzerDriver);
 #endif
 
   return gBootstrap->XRE_main(argc, argv, config);
 }
 
 static bool
 FileExists(const char *path)
 {
--- a/toolkit/xre/Bootstrap.cpp
+++ b/toolkit/xre/Bootstrap.cpp
@@ -75,18 +75,18 @@ public:
   }
 
   virtual void XRE_SetAndroidChildFds(int aCrashFd, int aIPCFd) override {
     ::XRE_SetAndroidChildFds(aCrashFd, aIPCFd);
   }
 #endif
 
 #ifdef LIBFUZZER
-  virtual void XRE_LibFuzzerSetMain(LibFuzzerMain aMain) override {
-    ::XRE_LibFuzzerSetMain(aMain);
+  virtual void XRE_LibFuzzerSetDriver(LibFuzzerDriver aDriver) override {
+    ::XRE_LibFuzzerSetDriver(aDriver);
   }
 #endif
 
 #ifdef MOZ_IPDL_TESTS
   virtual int XRE_RunIPDLTest(int argc, char **argv) override {
     return ::XRE_RunIPDLTest(argc, argv);
   }
 #endif
--- a/toolkit/xre/Bootstrap.h
+++ b/toolkit/xre/Bootstrap.h
@@ -105,17 +105,17 @@ public:
 
 #ifdef MOZ_WIDGET_ANDROID
   virtual void GeckoStart(JNIEnv* aEnv, char** argv, int argc, const StaticXREAppData& aAppData) = 0;
 
   virtual void XRE_SetAndroidChildFds(int aCrashFd, int aIPCFd) = 0;
 #endif
 
 #ifdef LIBFUZZER
-  virtual void XRE_LibFuzzerSetMain(LibFuzzerMain aMain) = 0;
+  virtual void XRE_LibFuzzerSetDriver(LibFuzzerDriver aDriver) = 0;
 #endif
 
 #ifdef MOZ_IPDL_TESTS
   virtual int XRE_RunIPDLTest(int argc, char **argv) = 0;
 #endif
 };
 
 /**
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -267,18 +267,18 @@ extern "C" MFBT_API bool IsSignalHandlin
 
 #ifdef LIBFUZZER
 #include "LibFuzzerRunner.h"
 
 namespace mozilla {
 LibFuzzerRunner* libFuzzerRunner = 0;
 } // namespace mozilla
 
-extern "C" MOZ_EXPORT void XRE_LibFuzzerSetMain(LibFuzzerMain main) {
-  mozilla::libFuzzerRunner->setParams(main);
+extern "C" MOZ_EXPORT void XRE_LibFuzzerSetDriver(LibFuzzerDriver aDriver) {
+  mozilla::libFuzzerRunner->setParams(aDriver);
 }
 #endif
 
 namespace mozilla {
 int (*RunGTest)(int*, char**) = 0;
 } // namespace mozilla
 
 using namespace mozilla;
@@ -3719,17 +3719,17 @@ XREMain::XRE_mainStartup(bool* aExitFlag
   // opens.
   if (!gtk_parse_args(&gArgc, &gArgv))
     return 1;
 #endif /* MOZ_WIDGET_GTK */
 
 #ifdef LIBFUZZER
   if (PR_GetEnv("LIBFUZZER")) {
     *aExitFlag = true;
-    return mozilla::libFuzzerRunner->Run(gArgc, gArgv);
+    return mozilla::libFuzzerRunner->Run(&gArgc, &gArgv);
   }
 #endif
 
   if (PR_GetEnv("MOZ_RUN_GTEST")) {
     int result;
 #ifdef XP_WIN
     UseParentConsole();
 #endif
deleted file mode 100644
--- a/tools/fuzzing/libfuzzer/FuzzerCustomMain.cpp
+++ /dev/null
@@ -1,28 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- * * This Source Code Form is subject to the terms of the Mozilla Public
- * * License, v. 2.0. If a copy of the MPL was not distributed with this
- * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include <cstdlib>
-
-#include "FuzzerInterface.h"
-#include "FuzzerInternal.h"
-#include "harness/LibFuzzerRegistry.h"
-
-int libfuzzer_main(int argc, char **argv, LibFuzzerInitFunc initFunc,
-                   LibFuzzerTestingFunc testingFunc) {
-  if (initFunc) {
-    int ret = initFunc(&argc, &argv);
-    if (ret) {
-      fprintf(stderr, "LibFuzzer: Error: Initialize callback failed\n");
-      return ret;
-    }
-  }
-
-  if (!testingFunc) {
-      fprintf(stderr, "LibFuzzer: Error: No testing callback found\n");
-      return 1;
-  }
-
-  return fuzzer::FuzzerDriver(&argc, &argv, testingFunc);
-}
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
@@ -11,17 +11,17 @@
 #include <string>
 #include <utility>
 
 #include "mozilla/Attributes.h"
 #include "mozilla/Types.h"
 
 typedef int(*LibFuzzerInitFunc)(int*, char***);
 typedef int(*LibFuzzerTestingFunc)(const uint8_t*, size_t);
-typedef int(*LibFuzzerMain)(int, char**, LibFuzzerInitFunc, LibFuzzerTestingFunc);
+typedef int(*LibFuzzerDriver)(int*, char***, LibFuzzerTestingFunc);
 
 namespace mozilla {
 
 typedef std::pair<LibFuzzerInitFunc, LibFuzzerTestingFunc> LibFuzzerFunctions;
 
 class LibFuzzerRegistry {
     public:
         MOZ_EXPORT static LibFuzzerRegistry& getInstance();
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
@@ -1,13 +1,15 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  * * This Source Code Form is subject to the terms of the Mozilla Public
  * * License, v. 2.0. If a copy of the MPL was not distributed with this
  * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include <cstdlib>
+
 #include "LibFuzzerRunner.h"
 #include "mozilla/Attributes.h"
 #include "prenv.h"
 
 #include "LibFuzzerTestHarness.h"
 
 namespace mozilla {
 
@@ -17,21 +19,34 @@ namespace mozilla {
 // we want to call into LibFuzzer's main.
 class _InitLibFuzzer {
 public:
   _InitLibFuzzer() {
     libFuzzerRunner = new LibFuzzerRunner();
   }
 } InitLibFuzzer;
 
-int LibFuzzerRunner::Run(int argc, char** argv) {
+int LibFuzzerRunner::Run(int* argc, char*** argv) {
   ScopedXPCOM xpcom("LibFuzzer");
   LibFuzzerInitFunc initFunc = nullptr;
   LibFuzzerTestingFunc testingFunc = nullptr;
   XRE_LibFuzzerGetFuncs(getenv("LIBFUZZER"), &initFunc, &testingFunc);
-  return mFuzzerMain(argc, argv, initFunc, testingFunc);
+  if (initFunc) {
+    int ret = initFunc(argc, argv);
+    if (ret) {
+      fprintf(stderr, "LibFuzzer: Error: Initialize callback failed\n");
+      return ret;
+    }
+  }
+
+  if (!testingFunc) {
+      fprintf(stderr, "LibFuzzer: Error: No testing callback found\n");
+      return 1;
+  }
+
+  return mFuzzerDriver(argc, argv, testingFunc);
 }
 
-void LibFuzzerRunner::setParams(LibFuzzerMain main) {
-  mFuzzerMain = main;
+void LibFuzzerRunner::setParams(LibFuzzerDriver aDriver) {
+  mFuzzerDriver = aDriver;
 }
 
 } // namespace mozilla
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
@@ -4,18 +4,18 @@
  * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "LibFuzzerRegistry.h"
 
 namespace mozilla {
 
 class LibFuzzerRunner {
 public:
-  int Run(int argc, char** argv);
-  void setParams(LibFuzzerMain main);
+  int Run(int* argc, char*** argv);
+  void setParams(LibFuzzerDriver aDriver);
 
 private:
-  LibFuzzerMain mFuzzerMain;
+  LibFuzzerDriver mFuzzerDriver;
 };
 
 extern LibFuzzerRunner* libFuzzerRunner;
 
 } // namespace mozilla
--- a/tools/fuzzing/libfuzzer/moz.build
+++ b/tools/fuzzing/libfuzzer/moz.build
@@ -7,17 +7,16 @@
 Library('fuzzer')
 
 DIRS += [
   'harness',
 ]
 
 SOURCES += [
     'FuzzerCrossOver.cpp',
-    'FuzzerCustomMain.cpp',
     'FuzzerDriver.cpp',
     'FuzzerExtFunctionsDlsym.cpp',
     'FuzzerExtFunctionsWeak.cpp',
     'FuzzerIO.cpp',
     'FuzzerLoop.cpp',
     'FuzzerMutate.cpp',
     'FuzzerSHA1.cpp',
     'FuzzerTracePC.cpp',
--- a/xpcom/build/nsXULAppAPI.h
+++ b/xpcom/build/nsXULAppAPI.h
@@ -510,16 +510,16 @@ XRE_API(void,
         XRE_GlibInit, ())
 #endif
 
 
 #ifdef LIBFUZZER
 #include "LibFuzzerRegistry.h"
 
 XRE_API(void,
-        XRE_LibFuzzerSetMain, (LibFuzzerMain))
+        XRE_LibFuzzerSetDriver, (LibFuzzerDriver))
 
 XRE_API(void,
         XRE_LibFuzzerGetFuncs, (const char*, LibFuzzerInitFunc*,
                                 LibFuzzerTestingFunc*))
 #endif // LIBFUZZER
 
 #endif // _nsXULAppAPI_h__