Home | History | Annotate | Download | only in Fuzzer
      1 //===- FuzzerInterface.h - Interface header for the Fuzzer ------*- C++ -* ===//
      2 //
      3 //                     The LLVM Compiler Infrastructure
      4 //
      5 // This file is distributed under the University of Illinois Open Source
      6 // License. See LICENSE.TXT for details.
      7 //
      8 //===----------------------------------------------------------------------===//
      9 // Define the interface between libFuzzer and the library being tested.
     10 //===----------------------------------------------------------------------===//
     11 
     12 // NOTE: the libFuzzer interface is thin and in the majority of cases
     13 // you should not include this file into your target. In 95% of cases
     14 // all you need is to define the following function in your file:
     15 // extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
     16 
     17 // WARNING: keep the interface in C.
     18 
     19 #ifndef LLVM_FUZZER_INTERFACE_H
     20 #define LLVM_FUZZER_INTERFACE_H
     21 
     22 #include <stddef.h>
     23 #include <stdint.h>
     24 
     25 #ifdef __cplusplus
     26 extern "C" {
     27 #endif  // __cplusplus
     28 
     29 // Mandatory user-provided target function.
     30 // Executes the code under test with [Data, Data+Size) as the input.
     31 // libFuzzer will invoke this function *many* times with different inputs.
     32 // Must return 0.
     33 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
     34 
     35 // Optional user-provided initialization function.
     36 // If provided, this function will be called by libFuzzer once at startup.
     37 // It may read and modify argc/argv.
     38 // Must return 0.
     39 int LLVMFuzzerInitialize(int *argc, char ***argv);
     40 
     41 // Optional user-provided custom mutator.
     42 // Mutates raw data in [Data, Data+Size) inplace.
     43 // Returns the new size, which is not greater than MaxSize.
     44 // Given the same Seed produces the same mutation.
     45 size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize,
     46                                unsigned int Seed);
     47 
     48 // Optional user-provided custom cross-over function.
     49 // Combines pieces of Data1 & Data2 together into Out.
     50 // Returns the new size, which is not greater than MaxOutSize.
     51 // Should produce the same mutation given the same Seed.
     52 size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
     53                                  const uint8_t *Data2, size_t Size2,
     54                                  uint8_t *Out, size_t MaxOutSize,
     55                                  unsigned int Seed);
     56 
     57 // Experimental, may go away in future.
     58 // libFuzzer-provided function to be used inside LLVMFuzzerCustomMutator.
     59 // Mutates raw data in [Data, Data+Size) inplace.
     60 // Returns the new size, which is not greater than MaxSize.
     61 size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
     62 
     63 #ifdef __cplusplus
     64 }  // extern "C"
     65 #endif  // __cplusplus
     66 
     67 #endif  // LLVM_FUZZER_INTERFACE_H
     68