LLVM  6.0.0svn
FuzzerInterface.h
Go to the documentation of this file.
1 //===- FuzzerInterface.h - Interface header for the Fuzzer ------*- C++ -* ===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 // Define the interface between libFuzzer and the library being tested.
10 //===----------------------------------------------------------------------===//
11 
12 // NOTE: the libFuzzer interface is thin and in the majority of cases
13 // you should not include this file into your target. In 95% of cases
14 // all you need is to define the following function in your file:
15 // extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
16 
17 // WARNING: keep the interface in C.
18 
19 #ifndef LLVM_FUZZER_INTERFACE_H
20 #define LLVM_FUZZER_INTERFACE_H
21 
22 #include <stddef.h>
23 #include <stdint.h>
24 
25 #ifdef __cplusplus
26 extern "C" {
27 #endif // __cplusplus
28 
29 // Mandatory user-provided target function.
30 // Executes the code under test with [Data, Data+Size) as the input.
31 // libFuzzer will invoke this function *many* times with different inputs.
32 // Must return 0.
33 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
34 
35 // Optional user-provided initialization function.
36 // If provided, this function will be called by libFuzzer once at startup.
37 // It may read and modify argc/argv.
38 // Must return 0.
39 int LLVMFuzzerInitialize(int *argc, char ***argv);
40 
41 // Optional user-provided custom mutator.
42 // Mutates raw data in [Data, Data+Size) inplace.
43 // Returns the new size, which is not greater than MaxSize.
44 // Given the same Seed produces the same mutation.
45 size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize,
46  unsigned int Seed);
47 
48 // Optional user-provided custom cross-over function.
49 // Combines pieces of Data1 & Data2 together into Out.
50 // Returns the new size, which is not greater than MaxOutSize.
51 // Should produce the same mutation given the same Seed.
52 size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
53  const uint8_t *Data2, size_t Size2,
54  uint8_t *Out, size_t MaxOutSize,
55  unsigned int Seed);
56 
57 // Experimental, may go away in future.
58 // libFuzzer-provided function to be used inside LLVMFuzzerCustomMutator.
59 // Mutates raw data in [Data, Data+Size) inplace.
60 // Returns the new size, which is not greater than MaxSize.
61 size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
62 
63 #ifdef __cplusplus
64 } // extern "C"
65 #endif // __cplusplus
66 
67 #endif // LLVM_FUZZER_INTERFACE_H
static cl::opt< unsigned long long > Seed("rng-seed", cl::value_desc("seed"), cl::desc("Seed for the random number generator"), cl::init(0))
size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize)
Definition: afl_driver.cpp:248
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1, const uint8_t *Data2, size_t Size2, uint8_t *Out, size_t MaxOutSize, unsigned int Seed)
char *** argv
Definition: afl_driver.cpp:92
int LLVMFuzzerInitialize(int *argc, char ***argv)
size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed)
constexpr char Size[]
Key for Kernel::Arg::Metadata::mSize.