From 1614f78f6d5ebf773763f0a4aa4df552509be95d Mon Sep 17 00:00:00 2001
From: Timotej Kapus <kapust@fb.com>
Date: Mon, 17 Jun 2019 02:38:36 -0700
Subject: [PATCH] [sledge] Add a harness for lionhead fuzzers

Summary:
This diff introduces a `-lib-fuzz` flag to `buck link`, which links in a
simple main that calls the LLVMFuzzerTestOneInput function, which is the
entry point of libFuzzer fuzzer.

Reviewed By: jberdine, jvillard

Differential Revision: D15821512

fbshipit-source-id: cff731ed3
---
 sledge/model/Makefile          |  5 ++++-
 sledge/model/dune.in           |  8 +++++++-
 sledge/model/lib_fuzzer_main.c | 17 +++++++++++++++++
 sledge/src/sledge_buck.ml      | 24 ++++++++++++++++--------
 4 files changed, 44 insertions(+), 10 deletions(-)
 create mode 100644 sledge/model/lib_fuzzer_main.c

diff --git a/sledge/model/Makefile b/sledge/model/Makefile
index 2f44e0671..6302ccd5b 100644
--- a/sledge/model/Makefile
+++ b/sledge/model/Makefile
@@ -17,8 +17,11 @@ LIBCXXABI=$(ROOT)/llvm/projects/libcxxabi
 cxxabi.bc : cxxabi.cpp
 	$(LLVM)/bin/clang --sysroot=/usr $(CLANG_ARGS) -I$(LLVM)/include/c++/v1 -I$(LIBCXXABI)/include -I$(LIBCXXABI)/src -c -emit-llvm cxxabi.cpp
 
+lib_fuzzer_main.bc : lib_fuzzer_main.c
+	$(LLVM)/bin/clang $(CLANG_ARGS) -c -emit-llvm -o $@ $<
+
 clean:
-	rm cxxabi.bc
+	rm -f cxxabi.bc lib_fuzzer_main.bc
 
 fmt:
 	clang-format -i *.h *.c *.cpp
diff --git a/sledge/model/dune.in b/sledge/model/dune.in
index 4e0ff1de1..dadab2ee3 100644
--- a/sledge/model/dune.in
+++ b/sledge/model/dune.in
@@ -17,9 +17,15 @@ Jbuild_plugin.V1.send
  (deps cxxabi.cpp Makefile llair_intrinsics.h)
  (action (run make ROOT=../../.. cxxabi.bc)))
 
+(rule
+ (targets lib_fuzzer_main.bc)
+ (deps lib_fuzzer_main.c Makefile)
+ (action (run make ROOT=../../.. lib_fuzzer_main.bc)))
+
+
 (rule
  (targets model.ml)
- (deps cxxabi.bc)
+ (deps cxxabi.bc lib_fuzzer_main.bc)
  (action (run ocaml-crunch -m plain -e bc -o model.ml .)))
 
 (library
diff --git a/sledge/model/lib_fuzzer_main.c b/sledge/model/lib_fuzzer_main.c
new file mode 100644
index 000000000..82086a47f
--- /dev/null
+++ b/sledge/model/lib_fuzzer_main.c
@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size);
+
+int _llair_main() {
+  size_t Size = 13;
+  uint8_t Data[Size];
+  return LLVMFuzzerTestOneInput(Data, Size);
+}
diff --git a/sledge/src/sledge_buck.ml b/sledge/src/sledge_buck.ml
index 4eba003cd..c105af0d0 100644
--- a/sledge/src/sledge_buck.ml
+++ b/sledge/src/sledge_buck.ml
@@ -130,16 +130,20 @@ let bitcode_files_of ~target =
   List.map ~f:(make_absolute (Lazy.force buck_root)) modules
 
 (* link and optimize the modules *)
-let llvm_link_opt ~output modules =
+let llvm_link_opt ~lib_fuzzer_harness ~output modules =
   let context = context () in
+  let modules = if lib_fuzzer_harness then "-" :: modules else modules in
   let open Process in
   eval ~context
-    ( run
-        (Lazy.force llvm_bin ^ "llvm-link")
-        ( "-internalize"
-        :: ( "-internalize-public-api-list="
-           ^ String.concat ~sep:"," (Config.find_list "entry_points") )
-        :: "-o=-" :: modules )
+    ( ( if lib_fuzzer_harness then
+        echo ~n:() (Option.value_exn (Model.read "/lib_fuzzer_main.bc"))
+      else return () )
+    |- run
+         (Lazy.force llvm_bin ^ "llvm-link")
+         ( "-internalize"
+         :: ( "-internalize-public-api-list="
+            ^ String.concat ~sep:"," (Config.find_list "entry_points") )
+         :: "-o=-" :: modules )
     |- run
          (Lazy.force llvm_bin ^ "opt")
          ["-o=" ^ output; "-globaldce"; "-globalopt"] )
@@ -199,8 +203,12 @@ let main ~(command : unit Command.basic_command) ~analyze =
       and output =
         flag "output" (required abs_path_arg)
           ~doc:"<file> write linked output to <file>"
+      and lib_fuzzer_harness =
+        flag "lib-fuzzer" no_arg
+          ~doc:"add a harness for lib fuzzer binaries"
       in
-      fun () -> llvm_link_opt ~output (bitcode_files_of ~target)
+      fun () ->
+        llvm_link_opt ~lib_fuzzer_harness ~output (bitcode_files_of ~target)
     in
     command ~summary ~readme param
   in