| 1 | /* |
| 2 | * Copyright (c) Yann Collet, Meta Platforms, Inc. |
| 3 | * All rights reserved. |
| 4 | * |
| 5 | * This source code is licensed under both the BSD-style license (found in the |
| 6 | * LICENSE file in the root directory of this source tree) and the GPLv2 (found |
| 7 | * in the COPYING file in the root directory of this source tree). |
| 8 | * You may select, at your option, one of the above-listed licenses. |
| 9 | */ |
| 10 | |
| 11 | #ifndef EXAMPLE_SEQ_PROD_H |
| 12 | #define EXAMPLE_SEQ_PROD_H |
| 13 | |
| 14 | #define ZSTD_STATIC_LINKING_ONLY |
| 15 | #include "zstd.h" |
| 16 | |
| 17 | #include <stdint.h> |
| 18 | |
| 19 | #ifdef __cplusplus |
| 20 | extern "C" { |
| 21 | #endif |
| 22 | |
| 23 | /* *** INTERFACE FOR FUZZING THIRD-PARTY SEQUENCE PRODUCER PLUGINS *** |
| 24 | * Fuzz-testing for the external sequence producer API was introduced in PR #3437. |
| 25 | * However, the setup in #3437 only allows fuzzers to exercise the implementation of the |
| 26 | * API itself (the code in the core zstd library which interacts with your plugin). |
| 27 | * |
| 28 | * This header defines an interface for plugin authors to link their code into the fuzzer |
| 29 | * build. Plugin authors can provide an object file implementing the symbols below, |
| 30 | * and those symbols will replace the default ones provided by #3437. |
| 31 | * |
| 32 | * To fuzz your plugin, follow these steps: |
| 33 | * - Build your object file with a recent version of clang. Building with gcc is not supported. |
| 34 | * - Build your object file using appropriate flags for fuzzing. For example: |
| 35 | * `-g -fno-omit-frame-pointer -fsanitize=undefined,address,fuzzer` |
| 36 | * - Build the fuzzer binaries with options corresponding to the flags you chose. Use --custom-seq-prod= to pass in your object file: |
| 37 | * `./fuzz.py build all --enable-fuzzer --enable-asan --enable-ubsan --cc clang --cxx clang++ --custom-seq-prod=your_object.o` |
| 38 | * |
| 39 | * An example implementation of this header is provided at tests/fuzz/seq_prod_fuzz_example/. |
| 40 | * Use these commands to fuzz with the example code: |
| 41 | * $ make corpora |
| 42 | * $ make -C seq_prod_fuzz_example/ |
| 43 | * $ python3 ./fuzz.py build all --enable-fuzzer --enable-asan --enable-ubsan --cc clang --cxx clang++ --custom-seq-prod=seq_prod_fuzz_example/example_seq_prod.o |
| 44 | * $ python3 ./fuzz.py libfuzzer simple_round_trip |
| 45 | */ |
| 46 | |
| 47 | /* The fuzzer will call this function before each test-case. It should run any |
| 48 | * setup actions (such as starting a hardware device) needed for fuzzing. |
| 49 | * |
| 50 | * The fuzzer will assert() that the return value is zero. To signal an error, |
| 51 | * please return a non-zero value. */ |
| 52 | size_t FUZZ_seqProdSetup(void); |
| 53 | |
| 54 | /* The fuzzer will call this function after each test-case. It should free |
| 55 | * resources aquired by FUZZ_seqProdSetup() to prevent leaks across test-cases. |
| 56 | * |
| 57 | * The fuzzer will assert() that the return value is zero. To signal an error, |
| 58 | * please return a non-zero value. */ |
| 59 | size_t FUZZ_seqProdTearDown(void); |
| 60 | |
| 61 | /* The fuzzer will call this function before each test-case, only after calling |
| 62 | * FUZZ_seqProdSetup(), to obtain a sequence producer state which can be passed |
| 63 | * into ZSTD_registerSequenceProducer(). |
| 64 | * |
| 65 | * All compressions which are part of a test-case will share a single sequence |
| 66 | * producer state. Sharing the state object is safe because the fuzzers currently |
| 67 | * don't exercise the sequence producer API in multi-threaded scenarios. We may |
| 68 | * need a new approach in the future to support multi-threaded fuzzing. |
| 69 | * |
| 70 | * The fuzzer will assert() that the return value is not NULL. To signal an error, |
| 71 | * please return NULL. */ |
| 72 | void* FUZZ_createSeqProdState(void); |
| 73 | |
| 74 | /* The fuzzer will call this function after each test-case. It should free any |
| 75 | * resources aquired by FUZZ_createSeqProdState(). |
| 76 | * |
| 77 | * The fuzzer will assert() that the return value is zero. To signal an error, |
| 78 | * please return a non-zero value. */ |
| 79 | size_t FUZZ_freeSeqProdState(void* sequenceProducerState); |
| 80 | |
| 81 | /* This is the sequence producer function you would like to fuzz! It will receive |
| 82 | * the void* returned by FUZZ_createSeqProdState() on each invocation. */ |
| 83 | size_t FUZZ_thirdPartySeqProd(void* sequenceProducerState, |
| 84 | ZSTD_Sequence* outSeqs, size_t outSeqsCapacity, |
| 85 | const void* src, size_t srcSize, |
| 86 | const void* dict, size_t dictSize, |
| 87 | int compressionLevel, |
| 88 | size_t windowSize); |
| 89 | |
| 90 | /* These macros are internal helpers. You do not need to worry about them. */ |
| 91 | #ifdef FUZZ_THIRD_PARTY_SEQ_PROD |
| 92 | #define FUZZ_SEQ_PROD_SETUP() \ |
| 93 | do { \ |
| 94 | FUZZ_ASSERT(FUZZ_seqProdSetup() == 0); \ |
| 95 | FUZZ_seqProdState = FUZZ_createSeqProdState(); \ |
| 96 | FUZZ_ASSERT(FUZZ_seqProdState != NULL); \ |
| 97 | } while (0) |
| 98 | #else |
| 99 | #define FUZZ_SEQ_PROD_SETUP() |
| 100 | #endif |
| 101 | |
| 102 | #ifdef FUZZ_THIRD_PARTY_SEQ_PROD |
| 103 | #define FUZZ_SEQ_PROD_TEARDOWN() \ |
| 104 | do { \ |
| 105 | FUZZ_ASSERT(FUZZ_freeSeqProdState(FUZZ_seqProdState) == 0); \ |
| 106 | FUZZ_ASSERT(FUZZ_seqProdTearDown() == 0); \ |
| 107 | } while (0) |
| 108 | #else |
| 109 | #define FUZZ_SEQ_PROD_TEARDOWN() |
| 110 | #endif |
| 111 | |
| 112 | #ifdef __cplusplus |
| 113 | } |
| 114 | #endif |
| 115 | |
| 116 | #endif /* EXAMPLE_SEQ_PROD_H */ |