1*6777b538SAndroid Build Coastguard Worker# Copyright 2015 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker# found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker# LibFuzzer is a LLVM tool for coverage-guided fuzz testing. 6*6777b538SAndroid Build Coastguard Worker# See http://www.chromium.org/developers/testing/libfuzzer 7*6777b538SAndroid Build Coastguard Worker# 8*6777b538SAndroid Build Coastguard Worker# To enable libfuzzer, 'use_libfuzzer' GN option should be set to true. 9*6777b538SAndroid Build Coastguard Worker# Or equivalent 'use_afl' or 'use_centipede' options for those engines. 10*6777b538SAndroid Build Coastguard Worker 11*6777b538SAndroid Build Coastguard Workerimport("//build/config/features.gni") 12*6777b538SAndroid Build Coastguard Workerimport("//build/config/sanitizers/sanitizers.gni") 13*6777b538SAndroid Build Coastguard Worker 14*6777b538SAndroid Build Coastguard Worker# Temporary target for legacy reasons. Some third party repos explicitly 15*6777b538SAndroid Build Coastguard Worker# refer to libfuzzer_main though they should refer to fuzzer_engine_main 16*6777b538SAndroid Build Coastguard Worker# instead, and so do some infrastructure repos. We should migrate them 17*6777b538SAndroid Build Coastguard Worker# all to point to :fuzzing_engine_main instead. 18*6777b538SAndroid Build Coastguard Worker# TODO: remove this target once they've all migrated. 19*6777b538SAndroid Build Coastguard Workersource_set("libfuzzer_main") { 20*6777b538SAndroid Build Coastguard Worker deps = [ ":fuzzing_engine" ] 21*6777b538SAndroid Build Coastguard Worker testonly = true 22*6777b538SAndroid Build Coastguard Worker sources = [] 23*6777b538SAndroid Build Coastguard Worker if (use_libfuzzer) { 24*6777b538SAndroid Build Coastguard Worker deps += [ "//third_party/libFuzzer:libfuzzer_main" ] 25*6777b538SAndroid Build Coastguard Worker if (is_ios) { 26*6777b538SAndroid Build Coastguard Worker deps += 27*6777b538SAndroid Build Coastguard Worker [ "//testing/libfuzzer/fuzzer_support_ios:fuzzing_engine_main_ios" ] 28*6777b538SAndroid Build Coastguard Worker } 29*6777b538SAndroid Build Coastguard Worker } else if (use_afl) { 30*6777b538SAndroid Build Coastguard Worker deps += [ "//third_party/libFuzzer:afl_driver" ] 31*6777b538SAndroid Build Coastguard Worker } else if (use_centipede) { 32*6777b538SAndroid Build Coastguard Worker deps += [ "//third_party/fuzztest:centipede_runner_main" ] 33*6777b538SAndroid Build Coastguard Worker data_deps = [ 34*6777b538SAndroid Build Coastguard Worker # Centipede based fuzzers require the centipede runner in order to fuzz. 35*6777b538SAndroid Build Coastguard Worker "//third_party/fuzztest:centipede", 36*6777b538SAndroid Build Coastguard Worker ] 37*6777b538SAndroid Build Coastguard Worker } else { 38*6777b538SAndroid Build Coastguard Worker sources += [ "unittest_main.cc" ] 39*6777b538SAndroid Build Coastguard Worker } 40*6777b538SAndroid Build Coastguard Worker} 41*6777b538SAndroid Build Coastguard Worker 42*6777b538SAndroid Build Coastguard Workerif (fuzzing_engine_supports_custom_main) { 43*6777b538SAndroid Build Coastguard Worker # Depend on this if you want to use LLVMFuzzerRunDriver from within an existing 44*6777b538SAndroid Build Coastguard Worker # executable 45*6777b538SAndroid Build Coastguard Worker group("fuzzing_engine_no_main") { 46*6777b538SAndroid Build Coastguard Worker deps = [ ":fuzzing_engine" ] 47*6777b538SAndroid Build Coastguard Worker testonly = true 48*6777b538SAndroid Build Coastguard Worker if (use_libfuzzer) { 49*6777b538SAndroid Build Coastguard Worker deps += [ "//third_party/libFuzzer:libfuzzer" ] 50*6777b538SAndroid Build Coastguard Worker } else if (use_centipede) { 51*6777b538SAndroid Build Coastguard Worker deps += [ "//third_party/fuzztest:centipede_runner_no_main" ] 52*6777b538SAndroid Build Coastguard Worker data_deps = [ 53*6777b538SAndroid Build Coastguard Worker # Centipede based fuzzers require the centipede runner in order to fuzz. 54*6777b538SAndroid Build Coastguard Worker "//third_party/fuzztest:centipede", 55*6777b538SAndroid Build Coastguard Worker ] 56*6777b538SAndroid Build Coastguard Worker } 57*6777b538SAndroid Build Coastguard Worker } 58*6777b538SAndroid Build Coastguard Worker} 59*6777b538SAndroid Build Coastguard Worker 60*6777b538SAndroid Build Coastguard Worker# The currently selected fuzzing engine, providing a main() function. 61*6777b538SAndroid Build Coastguard Worker# Fuzzers should depend upon this. 62*6777b538SAndroid Build Coastguard Workergroup("fuzzing_engine_main") { 63*6777b538SAndroid Build Coastguard Worker deps = [ ":libfuzzer_main" ] 64*6777b538SAndroid Build Coastguard Worker testonly = true 65*6777b538SAndroid Build Coastguard Worker} 66*6777b538SAndroid Build Coastguard Worker 67*6777b538SAndroid Build Coastguard Worker# Any fuzzer using any fuzzing engine. This will be used by infra scripts 68*6777b538SAndroid Build Coastguard Worker# to identify fuzzers which should be built and made available to ClusterFuzz. 69*6777b538SAndroid Build Coastguard Workergroup("fuzzing_engine") { 70*6777b538SAndroid Build Coastguard Worker if (use_clang_coverage) { 71*6777b538SAndroid Build Coastguard Worker # For purposes of code coverage calculation, fuzzer targets are run through 72*6777b538SAndroid Build Coastguard Worker # a wrapper script in this directory, which handles corpus retrieval and 73*6777b538SAndroid Build Coastguard Worker # appropriate parameter passing to run the target in an isolate. This 74*6777b538SAndroid Build Coastguard Worker # directive makes this script and its dependencies to be included in the 75*6777b538SAndroid Build Coastguard Worker # target's isolate. 76*6777b538SAndroid Build Coastguard Worker data = [ "//tools/code_coverage/" ] 77*6777b538SAndroid Build Coastguard Worker } 78*6777b538SAndroid Build Coastguard Worker} 79*6777b538SAndroid Build Coastguard Worker 80*6777b538SAndroid Build Coastguard Worker# A config used by all fuzzer_tests. 81*6777b538SAndroid Build Coastguard Workerconfig("fuzzer_test_config") { 82*6777b538SAndroid Build Coastguard Worker if (use_libfuzzer && is_mac) { 83*6777b538SAndroid Build Coastguard Worker ldflags = [ 84*6777b538SAndroid Build Coastguard Worker "-Wl,-U,_LLVMFuzzerCustomMutator", 85*6777b538SAndroid Build Coastguard Worker "-Wl,-U,_LLVMFuzzerInitialize", 86*6777b538SAndroid Build Coastguard Worker ] 87*6777b538SAndroid Build Coastguard Worker } 88*6777b538SAndroid Build Coastguard Worker} 89*6777b538SAndroid Build Coastguard Worker 90*6777b538SAndroid Build Coastguard Worker# Noop config used to tag fuzzer tests excluded from clusterfuzz. 91*6777b538SAndroid Build Coastguard Worker# Libfuzzer build bot uses this to filter out targets while 92*6777b538SAndroid Build Coastguard Worker# building an archive for clusterfuzz. 93*6777b538SAndroid Build Coastguard Workerconfig("no_clusterfuzz") { 94*6777b538SAndroid Build Coastguard Worker} 95*6777b538SAndroid Build Coastguard Worker 96*6777b538SAndroid Build Coastguard Worker# Since most iOS code doesn't compile in other platforms, and not all fuzzers 97*6777b538SAndroid Build Coastguard Worker# compile in iOS, a clusterfuzz job is set up to run only selected iOS fuzzers. 98*6777b538SAndroid Build Coastguard Worker# This is a noop config to tag fuzzer tests to be built for the job. iOS 99*6777b538SAndroid Build Coastguard Worker# Libfuzzer build bot uses this to filter targets while building an archive for 100*6777b538SAndroid Build Coastguard Worker# the job. 101*6777b538SAndroid Build Coastguard Workerconfig("build_for_ios_clusterfuzz_job") { 102*6777b538SAndroid Build Coastguard Worker} 103*6777b538SAndroid Build Coastguard Worker 104*6777b538SAndroid Build Coastguard Worker# noop to tag seed corpus rules. 105*6777b538SAndroid Build Coastguard Workersource_set("seed_corpus") { 106*6777b538SAndroid Build Coastguard Worker} 107*6777b538SAndroid Build Coastguard Worker 108*6777b538SAndroid Build Coastguard Workerif (use_fuzzing_engine) { 109*6777b538SAndroid Build Coastguard Worker pool("fuzzer_owners_pool") { 110*6777b538SAndroid Build Coastguard Worker depth = 1 111*6777b538SAndroid Build Coastguard Worker } 112*6777b538SAndroid Build Coastguard Worker} 113*6777b538SAndroid Build Coastguard Worker 114*6777b538SAndroid Build Coastguard Workerif (build_with_chromium && use_blink) { 115*6777b538SAndroid Build Coastguard Worker source_set("renderer_fuzzing") { 116*6777b538SAndroid Build Coastguard Worker testonly = true 117*6777b538SAndroid Build Coastguard Worker sources = [ 118*6777b538SAndroid Build Coastguard Worker "renderer_fuzzing/renderer_fuzzing.cc", 119*6777b538SAndroid Build Coastguard Worker "renderer_fuzzing/renderer_fuzzing.h", 120*6777b538SAndroid Build Coastguard Worker ] 121*6777b538SAndroid Build Coastguard Worker deps = [ 122*6777b538SAndroid Build Coastguard Worker "//base", 123*6777b538SAndroid Build Coastguard Worker "//third_party/blink/public:blink", 124*6777b538SAndroid Build Coastguard Worker ] 125*6777b538SAndroid Build Coastguard Worker } 126*6777b538SAndroid Build Coastguard Worker} 127*6777b538SAndroid Build Coastguard Worker 128*6777b538SAndroid Build Coastguard Worker# A wrapper that knows how to execute a single fuzztest within a binary 129*6777b538SAndroid Build Coastguard Worker# containing many fuzztests. 130*6777b538SAndroid Build Coastguard Workersource_set("individual_fuzztest_wrapper") { 131*6777b538SAndroid Build Coastguard Worker sources = [ "//testing/libfuzzer/fuzztest_wrapper.cpp" ] 132*6777b538SAndroid Build Coastguard Worker deps = [ "//base" ] 133*6777b538SAndroid Build Coastguard Worker} 134