1 //===- FuzzerInterface.h - Interface header for the Fuzzer ------*- C++ -* ===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 // Define the interface between libFuzzer and the library being tested.
10 //===----------------------------------------------------------------------===//
11 
12 // NOTE: the libFuzzer interface is thin and in the majority of cases
13 // you should not include this file into your target. In 95% of cases
14 // all you need is to define the following function in your file:
15 // extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
16 
17 // WARNING: keep the interface in C.
18 
19 #ifndef LLVM_FUZZER_INTERFACE_H
20 #define LLVM_FUZZER_INTERFACE_H
21 
22 #include <stddef.h>
23 #include <stdint.h>
24 
25 #ifdef __cplusplus
26 extern "C" {
27 #endif  // __cplusplus
28 
29 // Mandatory user-provided target function.
30 // Executes the code under test with [Data, Data+Size) as the input.
31 // libFuzzer will invoke this function *many* times with different inputs.
32 // Must return 0.
33 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
34 
35 // Optional user-provided initialization function.
36 // If provided, this function will be called by libFuzzer once at startup.
37 // It may read and modify argc/argv.
38 // Must return 0.
39 int LLVMFuzzerInitialize(int *argc, char ***argv);
40 
41 // Optional user-provided custom mutator.
42 // Mutates raw data in [Data, Data+Size) inplace.
43 // Returns the new size, which is not greater than MaxSize.
44 // Given the same Seed produces the same mutation.
45 size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize,
46                                unsigned int Seed);
47 
48 // Optional user-provided custom cross-over function.
49 // Combines pieces of Data1 & Data2 together into Out.
50 // Returns the new size, which is not greater than MaxOutSize.
51 // Should produce the same mutation given the same Seed.
52 size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
53                                  const uint8_t *Data2, size_t Size2,
54                                  uint8_t *Out, size_t MaxOutSize,
55                                  unsigned int Seed);
56 
57 // Experimental, may go away in future.
58 // libFuzzer-provided function to be used inside LLVMFuzzerTestOneInput.
59 // Mutates raw data in [Data, Data+Size) inplace.
60 // Returns the new size, which is not greater than MaxSize.
61 size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
62 
63 #ifdef __cplusplus
64 }  // extern "C"
65 #endif  // __cplusplus
66 
67 #endif  // LLVM_FUZZER_INTERFACE_H
68