Weak main to link non-fuzzing targets

fuzzers/fuzzbench/Cargo.toml

@@ -3,7 +3,6 @@ name = "fuzzbench"
 version = "0.4.0"
 authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
 edition = "2018"
-build = "build.rs"
 
 [features]
 default = ["std"]

fuzzers/fuzzbench/build.rs

@@ -1,9 +0,0 @@
-// build.rs
-
-fn main() {
-    cc::Build::new()
-        .file("src/libafl_wrapper.c")
-        .compile("libafl_sys.a");
-    println!("cargo:rerun-if-changed=build.rs");
-    println!("cargo:rerun-if-changed=src/libafl_wrapper.c");
-}

fuzzers/fuzzbench/src/lib.rs

@@ -45,9 +45,9 @@ use libafl_targets::{
     MAX_EDGES_NUM,
 };
 
-/// The fuzzer main (as `no_mangle` c function)
+/// The fuzzer main (as `no_mangle` C function)
 #[no_mangle]
-pub extern "C" fn fuzzer_main() {
+pub fn libafl_main() {
     // Registry the metadata types used in this fuzzer
     // Needed only on no_std
     //RegistryBuilder::register::<Tokens>();

fuzzers/fuzzbench/src/libafl_wrapper.c

@@ -1,24 +0,0 @@
-// We only want to link our fuzzer main, if the target doesn't specify its own main - hence we define `main` as `weak` in this file.
-#include <stddef.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-// jump to rust
-void fuzzer_main();
-
-// Link in a dummy llvm test to non-fuzzing builds, for configure et al.
-int __attribute__((weak)) LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
-  (void) buf;
-  (void) len;
-  fprintf(stderr, "LibAFL - No LLVMFuzzerTestOneInput function found! Linker error?\n");
-  fflush(stderr);
-  abort();
-}
-
-int __attribute__((weak)) main(int argc, char *argv[]) {
-  (void) argc;
-  (void) argv;
-  fuzzer_main();
-  return 0;
-}

fuzzers/generic_inmemory/src/lib.rs

@@ -37,9 +37,9 @@ use libafl_targets::{
     MAX_EDGES_NUM,
 };
 
-/// The main fn, `no_mangle` as it is a C main
+/// The main fn, `no_mangle` as it is a C symbol
 #[no_mangle]
-pub fn main() {
+pub fn libafl_main() {
     // Registry the metadata types used in this fuzzer
     // Needed only on no_std
     //RegistryBuilder::register::<Tokens>();

fuzzers/libfuzzer_libmozjpeg/src/bin/libafl_cc.rs

@@ -1,4 +1,4 @@
-use libafl_cc::{ClangWrapper, CompilerWrapper, LLVMPasses};
+use libafl_cc::{ClangWrapper, CompilerWrapper};
 use std::env;
 
 pub fn main() {

fuzzers/libfuzzer_libmozjpeg/src/lib.rs

@@ -36,7 +36,7 @@ extern "C" {
 
 /// The main fn, usually parsing parameters, and starting the fuzzer
 #[no_mangle]
-pub fn main() {
+pub fn libafl_main() {
     // Registry the metadata types used in this fuzzer
     // Needed only on no_std
     //RegistryBuilder::register::<Tokens>();

fuzzers/libfuzzer_libpng/src/bin/libafl_cc.rs

@@ -1,4 +1,4 @@
-use libafl_cc::{ClangWrapper, CompilerWrapper, LLVMPasses};
+use libafl_cc::{ClangWrapper, CompilerWrapper};
 use std::env;
 
 pub fn main() {

fuzzers/libfuzzer_libpng/src/lib.rs

@@ -31,7 +31,7 @@ use libafl_targets::{libfuzzer_initialize, libfuzzer_test_one_input, EDGES_MAP,
 /// The main fn, `no_mangle` as it is a C main
 #[cfg(not(test))]
 #[no_mangle]
-pub fn main() {
+pub fn libafl_main() {
     // Registry the metadata types used in this fuzzer
     // Needed only on no_std
     //RegistryBuilder::register::<Tokens>();

fuzzers/libfuzzer_libpng_launcher/src/bin/libafl_cc.rs

@@ -1,4 +1,4 @@
-use libafl_cc::{ClangWrapper, CompilerWrapper, LLVMPasses};
+use libafl_cc::{ClangWrapper, CompilerWrapper};
 use std::env;
 
 pub fn main() {

fuzzers/libfuzzer_libpng_launcher/src/lib.rs

@@ -35,9 +35,9 @@ use libafl::{
 
 use libafl_targets::{libfuzzer_initialize, libfuzzer_test_one_input, EDGES_MAP, MAX_EDGES_NUM};
 
-/// The main fn, `no_mangle` as it is a C main
+/// The main fn, `no_mangle` as it is a C symbol
 #[no_mangle]
-pub fn main() {
+pub fn libafl_main() {
     // Registry the metadata types used in this fuzzer
     // Needed only on no_std
     //RegistryBuilder::register::<Tokens>();

fuzzers/libfuzzer_reachability/src/bin/libafl_cc.rs

@@ -1,4 +1,4 @@
-use libafl_cc::{ClangWrapper, CompilerWrapper, LLVMPasses};
+use libafl_cc::{ClangWrapper, CompilerWrapper};
 use std::env;
 
 pub fn main() {

fuzzers/libfuzzer_reachability/src/lib.rs

@@ -26,9 +26,9 @@ extern "C" {
     static __libafl_target_list: *mut usize;
 }
 
-/// The main fn, `no_mangle` as it is a C main
+/// The main fn, `no_mangle` as it is a C symbol
 #[no_mangle]
-pub fn main() {
+pub fn libafl_main() {
     // Registry the metadata types used in this fuzzer
     // Needed only on no_std
     //RegistryBuilder::register::<Tokens>();

libafl_targets/build.rs

@@ -46,6 +46,8 @@ pub const CMPLOG_MAP_H: usize = {};
     println!("cargo:rerun-if-env-changed=LIBAFL_CMPLOG_MAP_W");
     println!("cargo:rerun-if-env-changed=LIBAFL_CMPLOG_MAP_H");
 
+    println!("cargo:rerun-if-changed=src/common.h");
+
     //std::env::set_var("CC", "clang");
     //std::env::set_var("CXX", "clang++");
 

libafl_targets/src/common.h

@@ -3,6 +3,11 @@
 
 #include <stdint.h>
 
+#define true 1
+#define false 0
+
+#define STATIC_ASSERT(pred) switch(0){case 0:case pred:;}
+
 #ifdef _WIN32
   #define RETADDR (uintptr_t)_ReturnAddress()
   #define EXPORT_FN __declspec(dllexport)
@@ -35,6 +40,55 @@
   #define MEMCPY memcpy
 #endif
 
-#define STATIC_ASSERT(pred) switch(0){case 0:case pred:;}
+#ifdef _WIN32
+
+// From Libfuzzer
+// Intermediate macro to ensure the parameter is expanded before stringified.
+#define STRINGIFY_(A) #A
+#define STRINGIFY(A) STRINGIFY_(A)
+
+#if _MSC_VER
+// Copied from compiler-rt/lib/sanitizer_common/sanitizer_win_defs.h
+#if defined(_M_IX86) || defined(__i386__)
+#define WIN_SYM_PREFIX "_"
+#else
+#define WIN_SYM_PREFIX
+#endif
+
+// Declare external functions as having alternativenames, so that we can
+// determine if they are not defined.
+#define EXTERNAL_FUNC(Name, Default)                                   \
+  __pragma(comment(linker, "/alternatename:" WIN_SYM_PREFIX STRINGIFY( \
+                               Name) "=" WIN_SYM_PREFIX STRINGIFY(Default)))
+
+#define CHECK_WEAK_FN(Name) ((void*)Name != (void*)&Name##Def)
+#else
+// Declare external functions as weak to allow them to default to a specified
+// function if not defined explicitly. We must use weak symbols because clang's
+// support for alternatename is not 100%, see
+// https://bugs.llvm.org/show_bug.cgi?id=40218 for more details.
+#define EXTERNAL_FUNC(Name, Default) \
+  __attribute__((weak, alias(STRINGIFY(Default))))
+
+#define CHECK_WEAK_FN(Name) (Name != NULL)
+#endif  // _MSC_VER
+
+#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN)         \
+  RETURN_TYPE (*NAME##Def) FUNC_SIG = NULL;                 \
+  EXTERNAL_FUNC(NAME, NAME##Def) RETURN_TYPE NAME FUNC_SIG
+#else
+
+#if defined(__APPLE__)
+  // TODO: Find a proper way to deal with weak fns on Apple!
+  #define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN)           \
+  RETURN_TYPE NAME FUNC_SIG __attribute__((weak_import)) { return 0; }
+#else
+// Declare these symbols as weak to allow them to be optionally defined.
+#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN)                            \
+  __attribute__((weak, visibility("default"))) RETURN_TYPE NAME FUNC_SIG
+#endif
+
+#define CHECK_WEAK_FN(Name) (Name != NULL)
+#endif
 
 #endif

libafl_targets/src/libfuzzer_compatibility.c

@@ -1,68 +1,5 @@
-#include <stdio.h>
+#include "common.h"
-#include <stdlib.h>
+#include <stddef.h>
-#include <stdint.h>
-
-#define true 1
-#define false 0
-
-#ifdef _WIN32
-
-#ifdef _MSC_VER
-#define LIBFUZZER_MSVC 1
-#else
-#define LIBFUZZER_MSVC 0
-#endif  // _MSC_VER
-
-// From Libfuzzer
-// Intermediate macro to ensure the parameter is expanded before stringified.
-#define STRINGIFY_(A) #A
-#define STRINGIFY(A) STRINGIFY_(A)
-
-#if LIBFUZZER_MSVC
-// Copied from compiler-rt/lib/sanitizer_common/sanitizer_win_defs.h
-#if defined(_M_IX86) || defined(__i386__)
-#define WIN_SYM_PREFIX "_"
-#else
-#define WIN_SYM_PREFIX
-#endif
-
-// Declare external functions as having alternativenames, so that we can
-// determine if they are not defined.
-#define EXTERNAL_FUNC(Name, Default)                                   \
-  __pragma(comment(linker, "/alternatename:" WIN_SYM_PREFIX STRINGIFY( \
-                               Name) "=" WIN_SYM_PREFIX STRINGIFY(Default)))
-
-#define CHECK_WEAK_FN(Name) ((void*)Name != (void*)&Name##Def)
-#else
-// Declare external functions as weak to allow them to default to a specified
-// function if not defined explicitly. We must use weak symbols because clang's
-// support for alternatename is not 100%, see
-// https://bugs.llvm.org/show_bug.cgi?id=40218 for more details.
-#define EXTERNAL_FUNC(Name, Default) \
-  __attribute__((weak, alias(STRINGIFY(Default))))
-
-#define CHECK_WEAK_FN(Name) (Name != NULL)
-#endif  // LIBFUZZER_MSVC
-
-#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN)         \
-  RETURN_TYPE (*NAME##Def) FUNC_SIG = NULL;                 \
-  EXTERNAL_FUNC(NAME, NAME##Def) RETURN_TYPE NAME FUNC_SIG
-#else
-
-#define EXPORT_FN
-
-#if defined(__APPLE__)
-  // TODO: Find a proper way to deal with weak fns on Apple!
-  #define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN)           \
-  RETURN_TYPE NAME FUNC_SIG __attribute__((weak_import)) { return 0; }
-#else
-// Declare these symbols as weak to allow them to be optionally defined.
-#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN)                            \
-  __attribute__((weak, visibility("default"))) RETURN_TYPE NAME FUNC_SIG
-#endif
-
-#define CHECK_WEAK_FN(Name) (Name != NULL)
-#endif
 
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wunused-parameter"
@@ -75,9 +12,14 @@ EXT_FUNC(LLVMFuzzerCustomCrossOver, size_t,
           const uint8_t *Data2, size_t Size2,
           uint8_t *Out, size_t MaxOutSize, unsigned int Seed),
          false);
-#pragma GCC diagnostic pop
+EXT_FUNC(LLVMFuzzerTestOneInput, int, (uint8_t *Data, size_t Size), false);
 
-#undef EXT_FUNC
+void libafl_main();
+EXT_FUNC(main, int, (int argc, char** argv), false) {
+  libafl_main();
+  return 0;
+}
+#pragma GCC diagnostic pop
 
 EXPORT_FN int libafl_targets_has_libfuzzer_init() {
   return CHECK_WEAK_FN(LLVMFuzzerInitialize);