1 //===-- FuzzerCLI.h - Common logic for CLIs of fuzzers ----------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // Common logic needed to implement LLVM's fuzz targets' CLIs - including LLVM 10 // concepts like cl::opt and libFuzzer concepts like -ignore_remaining_args=1. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #ifndef LLVM_FUZZMUTATE_FUZZER_CLI_H 15 #define LLVM_FUZZMUTATE_FUZZER_CLI_H 16 17 #include "llvm/IR/LLVMContext.h" 18 #include "llvm/Support/DataTypes.h" 19 20 namespace llvm { 21 22 class StringRef; 23 24 /// Parse cl::opts from a fuzz target commandline. 25 /// 26 /// This handles all arguments after -ignore_remaining_args=1 as cl::opts. 27 void parseFuzzerCLOpts(int ArgC, char *ArgV[]); 28 29 /// Handle backend options that are encoded in the executable name. 30 /// 31 /// Parses some common backend options out of a specially crafted executable 32 /// name (argv[0]). For example, a name like llvm-foo-fuzzer--aarch64-gisel 33 /// might set up an AArch64 triple and the Global ISel selector. This should be 34 /// called *before* parseFuzzerCLOpts if calling both. 35 /// 36 /// This is meant to be used for environments like OSS-Fuzz that aren't capable 37 /// of passing in command line arguments in the normal way. 38 void handleExecNameEncodedBEOpts(StringRef ExecName); 39 40 /// Handle optimizer options which are encoded in the executable name. 41 /// Same semantics as in 'handleExecNameEncodedBEOpts'. 42 void handleExecNameEncodedOptimizerOpts(StringRef ExecName); 43 44 using FuzzerTestFun = int (*)(const uint8_t *Data, size_t Size); 45 using FuzzerInitFun = int (*)(int *argc, char ***argv); 46 47 /// Runs a fuzz target on the inputs specified on the command line. 48 /// 49 /// Useful for testing fuzz targets without linking to libFuzzer. Finds inputs 50 /// in the argument list in a libFuzzer compatible way. 51 int runFuzzerOnInputs(int ArgC, char *ArgV[], FuzzerTestFun TestOne, 52 FuzzerInitFun Init = [](int *, char ***) { return 0; }); 53 54 /// Fuzzer friendly interface for the llvm bitcode parser. 55 /// 56 /// \param Data Bitcode we are going to parse 57 /// \param Size Size of the 'Data' in bytes 58 /// \return New module or nullptr in case of error 59 std::unique_ptr<Module> parseModule(const uint8_t *Data, size_t Size, 60 LLVMContext &Context); 61 62 /// Fuzzer friendly interface for the llvm bitcode printer. 63 /// 64 /// \param M Module to print 65 /// \param Dest Location to store serialized module 66 /// \param MaxSize Size of the destination buffer 67 /// \return Number of bytes that were written. When module size exceeds MaxSize 68 /// returns 0 and leaves Dest unchanged. 69 size_t writeModule(const Module &M, uint8_t *Dest, size_t MaxSize); 70 71 /// Try to parse module and verify it. May output verification errors to the 72 /// errs(). 73 /// \return New module or nullptr in case of error. 74 std::unique_ptr<Module> parseAndVerify(const uint8_t *Data, size_t Size, 75 LLVMContext &Context); 76 77 } // end llvm namespace 78 79 #endif // LLVM_FUZZMUTATE_FUZZER_CLI_H 80