Bug 1330533 - Pass LibFuzzerInitFunc and LibFuzzerTestingFunc to libfuzzer_main. r=decoder
authorMike Hommey <mh+mozilla@glandium.org>
Thu, 12 Jan 2017 14:50:14 +0900
changeset 464556 b22cd126ae14dd01ced45406664bbff4394ec3fe
parent 464555 7d3a760bda8f25c469e06081dd9cc9189e32f6bb
child 464557 7fc26210eee598018ce3e926ce413118f19ccf1f
push id42370
push usermwein@mozilla.com
push dateSat, 21 Jan 2017 03:10:58 +0000
reviewersdecoder
bugs1330533
milestone53.0a1
Bug 1330533 - Pass LibFuzzerInitFunc and LibFuzzerTestingFunc to libfuzzer_main. r=decoder The LibFuzzerRunner code lives in libxul. It's unnecessary complications to have it call back a function in the firefox executable just so that it calls another function that is in libxul. Passing the init and testing functions to the libfuzzer_main function allows to just bypass that roundtrip, simplifying the setup.
browser/app/nsBrowserApp.cpp
toolkit/xre/Bootstrap.cpp
toolkit/xre/Bootstrap.h
tools/fuzzing/libfuzzer/FuzzerCustomMain.cpp
tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
--- a/browser/app/nsBrowserApp.cpp
+++ b/browser/app/nsBrowserApp.cpp
@@ -159,24 +159,17 @@ static bool IsArg(const char* arg, const
 #endif
 
   return false;
 }
 
 Bootstrap::UniquePtr gBootstrap;
 
 #ifdef LIBFUZZER
-int libfuzzer_main(int argc, char **argv);
-
-/* This wrapper is used by the libFuzzer main to call into libxul */
-
-void libFuzzerGetFuncs(const char* moduleName, LibFuzzerInitFunc* initFunc,
-                       LibFuzzerTestingFunc* testingFunc) {
-  return gBootstrap->XRE_LibFuzzerGetFuncs(moduleName, initFunc, testingFunc);
-}
+int libfuzzer_main(int argc, char **argv, LibFuzzerInitFunc, LibFuzzerTestingFunc);
 #endif
 
 static int do_main(int argc, char* argv[], char* envp[])
 {
   // Allow firefox.exe to launch XULRunner apps via -app <application.ini>
   // Note that -app must be the *first* argument.
   const char *appDataFile = getenv("XUL_APP_FILE");
   if ((!appDataFile || !*appDataFile) &&
--- a/toolkit/xre/Bootstrap.cpp
+++ b/toolkit/xre/Bootstrap.cpp
@@ -78,20 +78,16 @@ public:
     ::XRE_SetAndroidChildFds(aCrashFd, aIPCFd);
   }
 #endif
 
 #ifdef LIBFUZZER
   virtual void XRE_LibFuzzerSetMain(LibFuzzerMain aMain) override {
     ::XRE_LibFuzzerSetMain(aMain);
   }
-
-  virtual void XRE_LibFuzzerGetFuncs(const char* aModuleName, LibFuzzerInitFunc* aInitFunc, LibFuzzerTestingFunc* aTestingFunc) override {
-    ::XRE_LibFuzzerGetFuncs(aModuleName, aInitFunc, aTestingFunc);
-  }
 #endif
 
 #ifdef MOZ_IPDL_TESTS
   virtual int XRE_RunIPDLTest(int argc, char **argv) override {
     return ::XRE_RunIPDLTest(argc, argv);
   }
 #endif
 };
--- a/toolkit/xre/Bootstrap.h
+++ b/toolkit/xre/Bootstrap.h
@@ -106,18 +106,16 @@ public:
 #ifdef MOZ_WIDGET_ANDROID
   virtual void GeckoStart(JNIEnv* aEnv, char** argv, int argc, const StaticXREAppData& aAppData) = 0;
 
   virtual void XRE_SetAndroidChildFds(int aCrashFd, int aIPCFd) = 0;
 #endif
 
 #ifdef LIBFUZZER
   virtual void XRE_LibFuzzerSetMain(LibFuzzerMain aMain) = 0;
-
-  virtual void XRE_LibFuzzerGetFuncs(const char* aModuleName, LibFuzzerInitFunc* aInitFunc, LibFuzzerTestingFunc* aTestingFunc) = 0;
 #endif
 
 #ifdef MOZ_IPDL_TESTS
   virtual int XRE_RunIPDLTest(int argc, char **argv) = 0;
 #endif
 };
 
 /**
--- a/tools/fuzzing/libfuzzer/FuzzerCustomMain.cpp
+++ b/tools/fuzzing/libfuzzer/FuzzerCustomMain.cpp
@@ -4,27 +4,18 @@
  * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include <cstdlib>
 
 #include "FuzzerInterface.h"
 #include "FuzzerInternal.h"
 #include "harness/LibFuzzerRegistry.h"
 
-/* This is a wrapper defined in browser/app/nsBrowserApp.cpp,
- * encapsulating the XRE_ equivalent defined in libxul */
-extern void libFuzzerGetFuncs(const char*, LibFuzzerInitFunc*,
-                                 LibFuzzerTestingFunc*);
-
-int libfuzzer_main(int argc, char **argv) {
-  LibFuzzerInitFunc initFunc = nullptr;
-  LibFuzzerTestingFunc testingFunc = nullptr;
-
-  libFuzzerGetFuncs(getenv("LIBFUZZER"), &initFunc, &testingFunc);
-
+int libfuzzer_main(int argc, char **argv, LibFuzzerInitFunc initFunc,
+                   LibFuzzerTestingFunc testingFunc) {
   if (initFunc) {
     int ret = initFunc(&argc, &argv);
     if (ret) {
       fprintf(stderr, "LibFuzzer: Error: Initialize callback failed\n");
       return ret;
     }
   }
 
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
@@ -9,19 +9,19 @@
 #include <cstdint>
 #include <map>
 #include <string>
 #include <utility>
 
 #include "mozilla/Attributes.h"
 #include "mozilla/Types.h"
 
-typedef int(*LibFuzzerMain)(int, char**);
 typedef int(*LibFuzzerInitFunc)(int*, char***);
 typedef int(*LibFuzzerTestingFunc)(const uint8_t*, size_t);
+typedef int(*LibFuzzerMain)(int, char**, LibFuzzerInitFunc, LibFuzzerTestingFunc);
 
 namespace mozilla {
 
 typedef std::pair<LibFuzzerInitFunc, LibFuzzerTestingFunc> LibFuzzerFunctions;
 
 class LibFuzzerRegistry {
     public:
         MOZ_EXPORT static LibFuzzerRegistry& getInstance();
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
@@ -19,18 +19,19 @@ class _InitLibFuzzer {
 public:
   _InitLibFuzzer() {
     libFuzzerRunner = new LibFuzzerRunner();
   }
 } InitLibFuzzer;
 
 int LibFuzzerRunner::Run(int argc, char** argv) {
   ScopedXPCOM xpcom("LibFuzzer");
-  return mFuzzerMain(argc, argv);
+  LibFuzzerInitFunc initFunc = nullptr;
+  LibFuzzerTestingFunc testingFunc = nullptr;
+  XRE_LibFuzzerGetFuncs(getenv("LIBFUZZER"), &initFunc, &testingFunc);
+  return mFuzzerMain(argc, argv, initFunc, testingFunc);
 }
 
-typedef int(*LibFuzzerMain)(int, char**);
-
 void LibFuzzerRunner::setParams(LibFuzzerMain main) {
   mFuzzerMain = main;
 }
 
 } // namespace mozilla
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
@@ -1,16 +1,16 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  * * This Source Code Form is subject to the terms of the Mozilla Public
  * * License, v. 2.0. If a copy of the MPL was not distributed with this
  * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-namespace mozilla {
+#include "LibFuzzerRegistry.h"
 
-typedef int(*LibFuzzerMain)(int, char**);
+namespace mozilla {
 
 class LibFuzzerRunner {
 public:
   int Run(int argc, char** argv);
   void setParams(LibFuzzerMain main);
 
 private:
   LibFuzzerMain mFuzzerMain;