104 lines
3.4 KiB
Plaintext
104 lines
3.4 KiB
Plaintext
# Copyright 2015 The Chromium Authors
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# LibFuzzer is a LLVM tool for coverage-guided fuzz testing.
|
|
# See http://www.chromium.org/developers/testing/libfuzzer
|
|
#
|
|
# To enable libfuzzer, 'use_libfuzzer' GN option should be set to true.
|
|
# Or equivalent 'use_afl' or 'use_centipede' options for those engines.
|
|
|
|
import("//build/config/features.gni")
|
|
import("//build/config/sanitizers/sanitizers.gni")
|
|
|
|
# Temporary target for legacy reasons. Some third party repos explicitly
|
|
# refer to libfuzzer_main though they should refer to fuzzer_engine_main
|
|
# instead, and so do some infrastructure repos. We should migrate them
|
|
# all to point to :fuzzing_engine_main instead.
|
|
# TODO: remove this target once they've all migrated.
|
|
source_set("libfuzzer_main") {
|
|
deps = [ ":fuzzing_engine" ]
|
|
sources = []
|
|
if (use_libfuzzer) {
|
|
deps += [ "//third_party/libFuzzer:libfuzzer_main" ]
|
|
if (is_ios) {
|
|
deps +=
|
|
[ "//testing/libfuzzer/fuzzer_support_ios:fuzzing_engine_main_ios" ]
|
|
}
|
|
} else if (use_afl) {
|
|
deps += [ "//third_party/libFuzzer:afl_driver" ]
|
|
} else if (use_centipede) {
|
|
deps += [ "//third_party/centipede:centipede_runner_main" ]
|
|
} else {
|
|
sources += [ "unittest_main.cc" ]
|
|
}
|
|
}
|
|
|
|
if (fuzzing_engine_supports_custom_main) {
|
|
# Depend on this if you want to use LLVMFuzzerRunDriver from within an existing
|
|
# executable
|
|
source_set("fuzzing_engine_no_main") {
|
|
deps = [ ":fuzzing_engine" ]
|
|
sources = []
|
|
if (use_libfuzzer) {
|
|
deps += [ "//third_party/libFuzzer:libfuzzer" ]
|
|
sources += [ "expose_fuzzer_run_driver.cc" ]
|
|
} else if (use_centipede) {
|
|
deps += [ "//third_party/centipede:centipede_runner_no_main" ]
|
|
}
|
|
}
|
|
}
|
|
|
|
# The currently selected fuzzing engine, providing a main() function.
|
|
# Fuzzers should depend upon this.
|
|
group("fuzzing_engine_main") {
|
|
deps = [ ":libfuzzer_main" ]
|
|
}
|
|
|
|
# Any fuzzer using any fuzzing engine. This will be used by infra scripts
|
|
# to identify fuzzers which should be built and made available to ClusterFuzz.
|
|
group("fuzzing_engine") {
|
|
if (use_clang_coverage) {
|
|
# For purposes of code coverage calculation, fuzzer targets are run through
|
|
# a wrapper script in this directory, which handles corpus retrieval and
|
|
# appropriate parameter passing to run the target in an isolate. This
|
|
# directive makes this script and its dependencies to be included in the
|
|
# target's isolate.
|
|
data = [ "//tools/code_coverage/" ]
|
|
}
|
|
}
|
|
|
|
# A config used by all fuzzer_tests.
|
|
config("fuzzer_test_config") {
|
|
if (use_libfuzzer && is_mac) {
|
|
ldflags = [
|
|
"-Wl,-U,_LLVMFuzzerCustomMutator",
|
|
"-Wl,-U,_LLVMFuzzerInitialize",
|
|
]
|
|
}
|
|
}
|
|
|
|
# Noop config used to tag fuzzer tests excluded from clusterfuzz.
|
|
# Libfuzzer build bot uses this to filter out targets while
|
|
# building an archive for clusterfuzz.
|
|
config("no_clusterfuzz") {
|
|
}
|
|
|
|
# Since most iOS code doesn't compile in other platforms, and not all fuzzers
|
|
# compile in iOS, a clusterfuzz job is set up to run only selected iOS fuzzers.
|
|
# This is a noop config to tag fuzzer tests to be built for the job. iOS
|
|
# Libfuzzer build bot uses this to filter targets while building an archive for
|
|
# the job.
|
|
config("build_for_ios_clusterfuzz_job") {
|
|
}
|
|
|
|
# noop to tag seed corpus rules.
|
|
source_set("seed_corpus") {
|
|
}
|
|
|
|
if (use_fuzzing_engine) {
|
|
pool("fuzzer_owners_pool") {
|
|
depth = 1
|
|
}
|
|
}
|