diff options
| author | aizatsky <aizatsky@chromium.org> | 2015-10-09 14:20:08 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-10-09 21:20:49 +0000 |
| commit | fc46a9fb6210aefee9b73f0b956fae04f28223bb (patch) | |
| tree | 76acf03165d665ce92005c5f45f2e3e5f5970ff1 /testing | |
| parent | 4582fd0a115fa71fc8966f15cda13a3f488bc2d9 (diff) | |
| download | chromium_src-fc46a9fb6210aefee9b73f0b956fae04f28223bb.zip chromium_src-fc46a9fb6210aefee9b73f0b956fae04f28223bb.tar.gz chromium_src-fc46a9fb6210aefee9b73f0b956fae04f28223bb.tar.bz2 | |
Adding libfuzzer_main to the gn build.
LLVM libFuzzer (http://llvm.org/docs/LibFuzzer.html) is a coverage-guided fuzz testing tool. It has already found a bunch of bugs in webrtc (thanks to Peter Boström!), as well as in text and compression libs. See http://goto.google.com/libfuzzer. Having libfuzzer in the tree, will allow to submit the already-written fuzzers, and also provide an example for the people which would like to fuzz Chromium code.
The target is controlled by 'use_libfuzzer' option to GN. It expects LLVM sources to be checked out under //third_party/llvm.
BUG=chromium:539572
Review URL: https://codereview.chromium.org/1382593005
Cr-Commit-Position: refs/heads/master@{#353383}
Diffstat (limited to 'testing')
| -rw-r--r-- | testing/libfuzzer/BUILD.gn | 30 | ||||
| -rw-r--r-- | testing/libfuzzer/OWNERS | 3 |
2 files changed, 33 insertions, 0 deletions
diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn new file mode 100644 index 0000000..f9dc5b5 --- /dev/null +++ b/testing/libfuzzer/BUILD.gn @@ -0,0 +1,30 @@ +# LibFuzzer is a LLVM tool for coverage-guided fuzz testing. +# See http://www.chromium.org/developers/testing/libfuzzer +# +# To enable libfuzzer, 'use_libfuzzer' GN option should be set to true. + +import("//testing/test.gni") + +static_library("libfuzzer_main") { + sources = [ + "../../third_party/llvm/lib/Fuzzer/FuzzerCrossOver.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerDriver.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerFlags.def", + "../../third_party/llvm/lib/Fuzzer/FuzzerIO.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerInterface.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerLoop.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerMain.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerMutate.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerSHA1.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerSanitizerOptions.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerTraceState.cpp", + "../../third_party/llvm/lib/Fuzzer/FuzzerUtil.cpp", + ] + + # libfuzzer should be compiled without sanitizers and coverage (doesn't work). + configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ] + include_dirs = [ + "//buildtools/third_party/libc++/trunk/include", + "//buildtools/third_party/libc++abi/trunk/include", + ] +} diff --git a/testing/libfuzzer/OWNERS b/testing/libfuzzer/OWNERS new file mode 100644 index 0000000..a6b651a --- /dev/null +++ b/testing/libfuzzer/OWNERS @@ -0,0 +1,3 @@ +aizatsky@chromium.org +krasin@chromium.org +kcc@chromium.org |