xref: /aosp_15_r20/external/cronet/testing/libfuzzer/BUILD.gn (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1# Copyright 2015 The Chromium Authors
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5# LibFuzzer is a LLVM tool for coverage-guided fuzz testing.
6# See http://www.chromium.org/developers/testing/libfuzzer
7#
8# To enable libfuzzer, 'use_libfuzzer' GN option should be set to true.
9# Or equivalent 'use_afl' or 'use_centipede' options for those engines.
10
11import("//build/config/features.gni")
12import("//build/config/sanitizers/sanitizers.gni")
13
14# Temporary target for legacy reasons. Some third party repos explicitly
15# refer to libfuzzer_main though they should refer to fuzzer_engine_main
16# instead, and so do some infrastructure repos. We should migrate them
17# all to point to :fuzzing_engine_main instead.
18# TODO: remove this target once they've all migrated.
19source_set("libfuzzer_main") {
20  deps = [ ":fuzzing_engine" ]
21  testonly = true
22  sources = []
23  if (use_libfuzzer) {
24    deps += [ "//third_party/libFuzzer:libfuzzer_main" ]
25    if (is_ios) {
26      deps +=
27          [ "//testing/libfuzzer/fuzzer_support_ios:fuzzing_engine_main_ios" ]
28    }
29  } else if (use_afl) {
30    deps += [ "//third_party/libFuzzer:afl_driver" ]
31  } else if (use_centipede) {
32    deps += [ "//third_party/fuzztest:centipede_runner_main" ]
33    data_deps = [
34      # Centipede based fuzzers require the centipede runner in order to fuzz.
35      "//third_party/fuzztest:centipede",
36    ]
37  } else {
38    sources += [ "unittest_main.cc" ]
39  }
40}
41
42if (fuzzing_engine_supports_custom_main) {
43  # Depend on this if you want to use LLVMFuzzerRunDriver from within an existing
44  # executable
45  group("fuzzing_engine_no_main") {
46    deps = [ ":fuzzing_engine" ]
47    testonly = true
48    if (use_libfuzzer) {
49      deps += [ "//third_party/libFuzzer:libfuzzer" ]
50    } else if (use_centipede) {
51      deps += [ "//third_party/fuzztest:centipede_runner_no_main" ]
52      data_deps = [
53        # Centipede based fuzzers require the centipede runner in order to fuzz.
54        "//third_party/fuzztest:centipede",
55      ]
56    }
57  }
58}
59
60# The currently selected fuzzing engine, providing a main() function.
61# Fuzzers should depend upon this.
62group("fuzzing_engine_main") {
63  deps = [ ":libfuzzer_main" ]
64  testonly = true
65}
66
67# Any fuzzer using any fuzzing engine. This will be used by infra scripts
68# to identify fuzzers which should be built and made available to ClusterFuzz.
69group("fuzzing_engine") {
70  if (use_clang_coverage) {
71    # For purposes of code coverage calculation, fuzzer targets are run through
72    # a wrapper script in this directory, which handles corpus retrieval and
73    # appropriate parameter passing to run the target in an isolate. This
74    # directive makes this script and its dependencies to be included in the
75    # target's isolate.
76    data = [ "//tools/code_coverage/" ]
77  }
78}
79
80# A config used by all fuzzer_tests.
81config("fuzzer_test_config") {
82  if (use_libfuzzer && is_mac) {
83    ldflags = [
84      "-Wl,-U,_LLVMFuzzerCustomMutator",
85      "-Wl,-U,_LLVMFuzzerInitialize",
86    ]
87  }
88}
89
90# Noop config used to tag fuzzer tests excluded from clusterfuzz.
91# Libfuzzer build bot uses this to filter out targets while
92# building an archive for clusterfuzz.
93config("no_clusterfuzz") {
94}
95
96# Since most iOS code doesn't compile in other platforms, and not all fuzzers
97# compile in iOS, a clusterfuzz job is set up to run only selected iOS fuzzers.
98# This is a noop config to tag fuzzer tests to be built for the job. iOS
99# Libfuzzer build bot uses this to filter targets while building an archive for
100# the job.
101config("build_for_ios_clusterfuzz_job") {
102}
103
104# noop to tag seed corpus rules.
105source_set("seed_corpus") {
106}
107
108if (use_fuzzing_engine) {
109  pool("fuzzer_owners_pool") {
110    depth = 1
111  }
112}
113
114if (build_with_chromium && use_blink) {
115  source_set("renderer_fuzzing") {
116    testonly = true
117    sources = [
118      "renderer_fuzzing/renderer_fuzzing.cc",
119      "renderer_fuzzing/renderer_fuzzing.h",
120    ]
121    deps = [
122      "//base",
123      "//third_party/blink/public:blink",
124    ]
125  }
126}
127
128# A wrapper that knows how to execute a single fuzztest within a binary
129# containing many fuzztests.
130source_set("individual_fuzztest_wrapper") {
131  sources = [ "//testing/libfuzzer/fuzztest_wrapper.cpp" ]
132  deps = [ "//base" ]
133}
134