sample fuzzer: Move fuzzer specific code to sample and fix for native_sim
Move the LLVM fuzzing specific code out of the board main file and into the sample. That way we avoid needing to duplicate it for native_sim and avoid having a very adhoc interface between the fuzzer test and runner code. Also ensure it works for native_sim and not just native_posix Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
This commit is contained in:
Alberto Escolar Piedras
Johan Hedberg
parent
09d554b769
commit
f5553004b0
3 changed files with 52 additions and 39 deletions
|
|
@ -118,40 +118,4 @@ int main(int argc, char *argv[])
|
|||
return 1; /* LCOV_EXCL_LINE */
|
||||
}
|
||||
|
||||
#else /* CONFIG_ARCH_POSIX_LIBFUZZER */
|
||||
|
||||
const uint8_t *posix_fuzz_buf;
|
||||
size_t posix_fuzz_sz;
|
||||
|
||||
/**
|
||||
* Entry point for fuzzing (when enabled). Works by placing the data
|
||||
* into two known symbols, triggering an app-visible interrupt, and
|
||||
* then letting the OS run for a fixed amount of time (intended to be
|
||||
* "long enough" to handle the event and reach a quiescent state
|
||||
* again)
|
||||
*/
|
||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t sz)
|
||||
{
|
||||
static bool posix_initialized;
|
||||
|
||||
if (!posix_initialized) {
|
||||
posix_init(0, NULL);
|
||||
posix_initialized = true;
|
||||
}
|
||||
|
||||
/* Provide the fuzz data to Zephyr as an interrupt, with
|
||||
* "DMA-like" data placed into posix_fuzz_buf/sz
|
||||
*/
|
||||
posix_fuzz_buf = data;
|
||||
posix_fuzz_sz = sz;
|
||||
hw_irq_ctrl_set_irq(CONFIG_ARCH_POSIX_FUZZ_IRQ);
|
||||
|
||||
/* Give the OS time to process whatever happened in that
|
||||
* interrupt and reach an idle state.
|
||||
*/
|
||||
posix_exec_for(k_ticks_to_us_ceil64(CONFIG_ARCH_POSIX_FUZZ_TICKS));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue