From fc2fba0c67c738a0fcac1c1492febaa5c8cac2bc Mon Sep 17 00:00:00 2001 From: Andy Ross Date: Wed, 3 Jul 2024 11:56:25 -0700 Subject: [PATCH] platform/posix: Port fuzzer to upstream "native_sim" board The older native_posix board is being deprecated, use native_sim, which is the future-proof API. Mostly just swap the board target and change the C API names. Note the NATIVE_SIMULATOR_IF decoaration on LLVMFuzzerTestOneInput(): that forces the function to be included in the first-stage zephyr.elf link (otherwise it would be dropped as Zephyr/SOF itself doesn't reference the entry point) and to be visible as a global symbol to the libfuzzer instrumentation layer. Signed-off-by: Andy Ross --- scripts/fuzz.sh | 4 ++-- src/platform/posix/fuzz.c | 12 +++++++----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/scripts/fuzz.sh b/scripts/fuzz.sh index 07f9f1b59685..27b671e53a01 100755 --- a/scripts/fuzz.sh +++ b/scripts/fuzz.sh @@ -34,7 +34,7 @@ with the -b option. Simple wrapper around a libfuzzer test run, as much for documentation as direct use. The idea here is really simple: build -for the Zephyr "native_posix" board (which is a just a x86 +for the Zephyr "native_sim" board (which is a just a x86 executable for the build host, not an emulated device) and run the resulting zephyr.exe file. This specifies a "fuzz_corpus" directory to save the seeds that produce useful coverage output for use in @@ -124,7 +124,7 @@ main() (set -x # When passing conflicting -DVAR='VAL UE1' -DVAR='VAL UE2' to CMake, # the last 'VAL UE2' wins. Previous ones are silently ignored. - west build -d build-fuzz -b native_posix "$SOF_TOP"/app/ -- \ + west build -d build-fuzz -b native_sim "$SOF_TOP"/app/ -- \ "${fuzz_configs[@]}" "$@" ) diff --git a/src/platform/posix/fuzz.c b/src/platform/posix/fuzz.c index c2b02669b0b5..2d5e535e8bd8 100644 --- a/src/platform/posix/fuzz.c +++ b/src/platform/posix/fuzz.c @@ -8,10 +8,11 @@ #include #include +#include -/* Zephyr arch APIs, not in a header (native_sim has them though) */ -void posix_init(int argc, char *argv[]); -void posix_exec_for(uint64_t us); +/* Zephyr arch APIs, not in a header */ +void nsi_init(int argc, char *argv[]); +void nsi_exec_for(uint64_t us); const uint8_t *posix_fuzz_buf; size_t posix_fuzz_sz; @@ -23,12 +24,13 @@ size_t posix_fuzz_sz; * "long enough" to handle the event and reach a quiescent state * again) */ +NATIVE_SIMULATOR_IF int LLVMFuzzerTestOneInput(const uint8_t *data, size_t sz) { static bool runner_initialized; if (!runner_initialized) { - posix_init(0, NULL); + nsi_init(0, NULL); runner_initialized = true; } @@ -42,6 +44,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t sz) /* Give the OS time to process whatever happened in that * interrupt and reach an idle state. */ - posix_exec_for(k_ticks_to_us_ceil64(CONFIG_ZEPHYR_POSIX_FUZZ_TICKS)); + nsi_exec_for(k_ticks_to_us_ceil64(CONFIG_ZEPHYR_POSIX_FUZZ_TICKS)); return 0; }