platform/posix: Port fuzzer to upstream "native_sim" board

The older native_posix board is being deprecated, use native_sim, which is the future-proof API. Mostly just swap the board target and change the C API names. Note the NATIVE_SIMULATOR_IF decoaration on LLVMFuzzerTestOneInput(): that forces the function to be included in the first-stage zephyr.elf link (otherwise it would be dropped as Zephyr/SOF itself doesn't reference the entry point) and to be visible as a global symbol to the libfuzzer instrumentation layer. Signed-off-by: Andy Ross <[email protected]>
andyross · Jul 3, 2024 · fc2fba0 · fc2fba0
1 parent 2aaee2e
commit fc2fba0
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/scripts/fuzz.sh b/scripts/fuzz.sh
@@ -34,7 +34,7 @@ with the -b option.
 
 Simple wrapper around a libfuzzer test run, as much for
 documentation as direct use.  The idea here is really simple: build
-for the Zephyr "native_posix" board (which is a just a x86
+for the Zephyr "native_sim" board (which is a just a x86
 executable for the build host, not an emulated device) and run the
 resulting zephyr.exe file.  This specifies a "fuzz_corpus" directory
 to save the seeds that produce useful coverage output for use in
@@ -124,7 +124,7 @@ main()
   (set -x
    # When passing conflicting -DVAR='VAL UE1' -DVAR='VAL UE2' to CMake,
    # the last 'VAL UE2' wins. Previous ones are silently ignored.
-  west build -d build-fuzz -b native_posix "$SOF_TOP"/app/ -- \
+  west build -d build-fuzz -b native_sim "$SOF_TOP"/app/ -- \
       "${fuzz_configs[@]}" "$@"
   )
 

diff --git a/src/platform/posix/fuzz.c b/src/platform/posix/fuzz.c
@@ -8,10 +8,11 @@
 
 #include <irq_ctrl.h>
 #include <zephyr/sys/time_units.h>
+#include <nsi_cpu_if.h>
 
-/* Zephyr arch APIs, not in a header (native_sim has them though) */
-void posix_init(int argc, char *argv[]);
-void posix_exec_for(uint64_t us);
+/* Zephyr arch APIs, not in a header */
+void nsi_init(int argc, char *argv[]);
+void nsi_exec_for(uint64_t us);
 
 const uint8_t *posix_fuzz_buf;
 size_t posix_fuzz_sz;
@@ -23,12 +24,13 @@ size_t posix_fuzz_sz;
  * "long enough" to handle the event and reach a quiescent state
  * again)
  */
+NATIVE_SIMULATOR_IF
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t sz)
 {
 	static bool runner_initialized;
 
 	if (!runner_initialized) {
-		posix_init(0, NULL);
+		nsi_init(0, NULL);
 		runner_initialized = true;
 	}
 
@@ -42,6 +44,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t sz)
 	/* Give the OS time to process whatever happened in that
 	 * interrupt and reach an idle state.
 	 */
-	posix_exec_for(k_ticks_to_us_ceil64(CONFIG_ZEPHYR_POSIX_FUZZ_TICKS));
+	nsi_exec_for(k_ticks_to_us_ceil64(CONFIG_ZEPHYR_POSIX_FUZZ_TICKS));
 	return 0;
 }