| # Copyright 2015 The Chromium Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # LibFuzzer is a LLVM tool for coverage-guided fuzz testing. |
| # See http://www.chromium.org/developers/testing/libfuzzer |
| # |
| # To enable libfuzzer, 'use_libfuzzer' GN option should be set to true. |
| # Or equivalent 'use_afl' or 'use_centipede' options for those engines. |
| |
| import("//build/config/features.gni") |
| import("//build/config/sanitizers/sanitizers.gni") |
| |
| # Temporary target for legacy reasons. Some third party repos explicitly |
| # refer to libfuzzer_main though they should refer to fuzzer_engine_main |
| # instead, and so do some infrastructure repos. We should migrate them |
| # all to point to :fuzzing_engine_main instead. |
| # TODO: remove this target once they've all migrated. |
| source_set("libfuzzer_main") { |
| deps = [ ":fuzzing_engine" ] |
| testonly = true |
| sources = [] |
| if (use_libfuzzer) { |
| deps += [ "//third_party/libFuzzer:libfuzzer_main" ] |
| if (is_ios) { |
| deps += |
| [ "//testing/libfuzzer/fuzzer_support_ios:fuzzing_engine_main_ios" ] |
| } |
| } else if (use_afl) { |
| deps += [ "//third_party/libFuzzer:afl_driver" ] |
| } else if (use_centipede) { |
| deps += [ "//third_party/fuzztest:centipede_runner_main" ] |
| data_deps = [ |
| # Centipede based fuzzers require the centipede runner in order to fuzz. |
| "//third_party/fuzztest:centipede", |
| ] |
| } else { |
| sources += [ "unittest_main.cc" ] |
| } |
| } |
| |
| if (fuzzing_engine_supports_custom_main) { |
| # Depend on this if you want to use LLVMFuzzerRunDriver from within an existing |
| # executable |
| group("fuzzing_engine_no_main") { |
| deps = [ ":fuzzing_engine" ] |
| testonly = true |
| if (use_libfuzzer) { |
| deps += [ "//third_party/libFuzzer:libfuzzer" ] |
| } else if (use_centipede) { |
| deps += [ "//third_party/fuzztest:centipede_runner_no_main" ] |
| data_deps = [ |
| # Centipede based fuzzers require the centipede runner in order to fuzz. |
| "//third_party/fuzztest:centipede", |
| ] |
| } |
| } |
| } |
| |
| # The currently selected fuzzing engine, providing a main() function. |
| # Fuzzers should depend upon this. |
| group("fuzzing_engine_main") { |
| deps = [ ":libfuzzer_main" ] |
| testonly = true |
| } |
| |
| # Any fuzzer using any fuzzing engine. This will be used by infra scripts |
| # to identify fuzzers which should be built and made available to ClusterFuzz. |
| group("fuzzing_engine") { |
| if (use_clang_coverage) { |
| # For purposes of code coverage calculation, fuzzer targets are run through |
| # a wrapper script in this directory, which handles corpus retrieval and |
| # appropriate parameter passing to run the target in an isolate. This |
| # directive makes this script and its dependencies to be included in the |
| # target's isolate. |
| data = [ "//tools/code_coverage/" ] |
| } |
| } |
| |
| # A config used by all fuzzer_tests. |
| config("fuzzer_test_config") { |
| if (use_libfuzzer && is_mac) { |
| ldflags = [ |
| "-Wl,-U,_LLVMFuzzerCustomMutator", |
| "-Wl,-U,_LLVMFuzzerInitialize", |
| ] |
| } |
| } |
| |
| # Noop config used to tag fuzzer tests excluded from clusterfuzz. |
| # Libfuzzer build bot uses this to filter out targets while |
| # building an archive for clusterfuzz. |
| config("no_clusterfuzz") { |
| } |
| |
| # Since most iOS code doesn't compile in other platforms, and not all fuzzers |
| # compile in iOS, a clusterfuzz job is set up to run only selected iOS fuzzers. |
| # This is a noop config to tag fuzzer tests to be built for the job. iOS |
| # Libfuzzer build bot uses this to filter targets while building an archive for |
| # the job. |
| config("build_for_ios_clusterfuzz_job") { |
| } |
| |
| # noop to tag seed corpus rules. |
| source_set("seed_corpus") { |
| } |
| |
| if (use_fuzzing_engine) { |
| pool("fuzzer_owners_pool") { |
| depth = 1 |
| } |
| } |