• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2015 The Chromium Authors
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5# LibFuzzer is a LLVM tool for coverage-guided fuzz testing.
6# See http://www.chromium.org/developers/testing/libfuzzer
7#
8# To enable libfuzzer, 'use_libfuzzer' GN option should be set to true.
9# Or equivalent 'use_afl' or 'use_centipede' options for those engines.
10
11import("//build/config/features.gni")
12import("//build/config/sanitizers/sanitizers.gni")
13
14# Temporary target for legacy reasons. Some third party repos explicitly
15# refer to libfuzzer_main though they should refer to fuzzer_engine_main
16# instead, and so do some infrastructure repos. We should migrate them
17# all to point to :fuzzing_engine_main instead.
18# TODO: remove this target once they've all migrated.
19source_set("libfuzzer_main") {
20  deps = [ ":fuzzing_engine" ]
21  sources = []
22  if (use_libfuzzer) {
23    deps += [ "//third_party/libFuzzer:libfuzzer_main" ]
24    if (is_ios) {
25      deps +=
26          [ "//testing/libfuzzer/fuzzer_support_ios:fuzzing_engine_main_ios" ]
27    }
28  } else if (use_afl) {
29    deps += [ "//third_party/libFuzzer:afl_driver" ]
30  } else if (use_centipede) {
31    deps += [ "//third_party/centipede:centipede_runner_main" ]
32  } else {
33    sources += [ "unittest_main.cc" ]
34  }
35}
36
37if (fuzzing_engine_supports_custom_main) {
38  # Depend on this if you want to use LLVMFuzzerRunDriver from within an existing
39  # executable
40  source_set("fuzzing_engine_no_main") {
41    deps = [ ":fuzzing_engine" ]
42    sources = []
43    if (use_libfuzzer) {
44      deps += [ "//third_party/libFuzzer:libfuzzer" ]
45      sources += [ "expose_fuzzer_run_driver.cc" ]
46    } else if (use_centipede) {
47      deps += [ "//third_party/centipede:centipede_runner_no_main" ]
48    }
49  }
50}
51
52# The currently selected fuzzing engine, providing a main() function.
53# Fuzzers should depend upon this.
54group("fuzzing_engine_main") {
55  deps = [ ":libfuzzer_main" ]
56}
57
58# Any fuzzer using any fuzzing engine. This will be used by infra scripts
59# to identify fuzzers which should be built and made available to ClusterFuzz.
60group("fuzzing_engine") {
61  if (use_clang_coverage) {
62    # For purposes of code coverage calculation, fuzzer targets are run through
63    # a wrapper script in this directory, which handles corpus retrieval and
64    # appropriate parameter passing to run the target in an isolate. This
65    # directive makes this script and its dependencies to be included in the
66    # target's isolate.
67    data = [ "//tools/code_coverage/" ]
68  }
69}
70
71# A config used by all fuzzer_tests.
72config("fuzzer_test_config") {
73  if (use_libfuzzer && is_mac) {
74    ldflags = [
75      "-Wl,-U,_LLVMFuzzerCustomMutator",
76      "-Wl,-U,_LLVMFuzzerInitialize",
77    ]
78  }
79}
80
81# Noop config used to tag fuzzer tests excluded from clusterfuzz.
82# Libfuzzer build bot uses this to filter out targets while
83# building an archive for clusterfuzz.
84config("no_clusterfuzz") {
85}
86
87# Since most iOS code doesn't compile in other platforms, and not all fuzzers
88# compile in iOS, a clusterfuzz job is set up to run only selected iOS fuzzers.
89# This is a noop config to tag fuzzer tests to be built for the job. iOS
90# Libfuzzer build bot uses this to filter targets while building an archive for
91# the job.
92config("build_for_ios_clusterfuzz_job") {
93}
94
95# noop to tag seed corpus rules.
96source_set("seed_corpus") {
97}
98
99if (use_fuzzing_engine) {
100  pool("fuzzer_owners_pool") {
101    depth = 1
102  }
103}
104