Bug 1431090 - Prepare tools/fuzzing/ to be used with JS_STANDALONE. r=froydnj

This patch adjusts tools/fuzzing/ in such a way that the relevant parts can be reused in the JS engine. Changes in detail include: * Various JS_STANDALONE checks to exclude parts that cannot be included in those builds. * Turn LibFuzzerRegistry and LibFuzzerRunner into generic FuzzerRegistry and FuzzerRunner classes and use them for AFL as well. Previously, AFL was piggy-backing on gtests which was kind of an ugly solution anyway (besides that it can't work in JS). Now more code like registry and harness is shared between the two and they follow almost the same call paths and entry points. AFL macros in FuzzingInterface have been rewritten accordingly. This also required name changes in various places. Furthermore, this unifies the way, the fuzzing target is selected, using the FUZZER environment variable rather than LIBFUZZER (using LIBFUZZER in browser builds will give you a deprecation warning because I know some people are using this already and need time to switch). Previously, AFL target had to be selected using GTEST_FILTER, so this is also much better now. * I had to split up FuzzingInterface* such that the STREAM parts are in a separate set of files FuzzingInterfaceStream* because they use nsStringStream which is not allowed to be included into the JS engine even in a full browser build (error: "Using XPCOM strings is limited to code linked into libxul."). I also had to pull FuzzingInterface.cpp (the RAW part only) into the header and make it static because otherwise, would have to make not only separate files but also separate libraries to statically link to the JS engine, which seemed overkill for a single small function. The streaming equivalent of the function is still in a cpp file. * LibFuzzerRegister functions are now unique by appending the module name to avoid redefinition errors. MozReview-Commit-ID: 44zWCdglnHr --HG-- rename : tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp => tools/fuzzing/interface/harness/FuzzerRunner.cpp rename : tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h => tools/fuzzing/interface/harness/FuzzerRunner.h rename : tools/fuzzing/libfuzzer/harness/LibFuzzerTestHarness.h => tools/fuzzing/interface/harness/FuzzerTestHarness.h rename : tools/fuzzing/libfuzzer/harness/moz.build => tools/fuzzing/interface/harness/moz.build rename : tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.cpp => tools/fuzzing/registry/FuzzerRegistry.cpp rename : tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h => tools/fuzzing/registry/FuzzerRegistry.h extra : rebase_source : 7d0511ca0591dbf4d099376011402e063a79ee3b
2018-01-17 15:20:35 +01:00 · 2018-01-17 15:20:35 +01:00 · 4ce6f81fee
--- a/image/test/fuzzing/TestDecoders.cpp
+++ b/image/test/fuzzing/TestDecoders.cpp
@ -20,7 +20,7 @@
 #include "nsString.h"
 #include "nsThreadUtils.h"
-#include "FuzzingInterface.h"
+#include "FuzzingInterfaceStream.h"
 using namespace mozilla;
 using namespace mozilla::gfx;
--- a/media/mtransport/fuzztest/stun_parser_libfuzz.cpp
+++ b/media/mtransport/fuzztest/stun_parser_libfuzz.cpp
@ -9,7 +9,6 @@
 #include "gtest/gtest.h"
 #include "FuzzingInterface.h"
 #include "LibFuzzerRegistry.h"
 extern "C" {
 #include <csi_platform.h>
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@ -281,17 +281,19 @@ nsString gAbsoluteArgv0Path;
 extern "C" MFBT_API bool IsSignalHandlingBroken();
 #endif
-#ifdef LIBFUZZER
+#ifdef FUZZING
-#include "LibFuzzerRunner.h"
+#include "FuzzerRunner.h"
 namespace mozilla {
-LibFuzzerRunner* libFuzzerRunner = 0;
+FuzzerRunner* fuzzerRunner = 0;
 } // namespace mozilla
 #ifdef LIBFUZZER
 void XRE_LibFuzzerSetDriver(LibFuzzerDriver aDriver) {
-  mozilla::libFuzzerRunner->setParams(aDriver);
+  mozilla::fuzzerRunner->setParams(aDriver);
 }
 #endif
 #endif // FUZZING
 namespace mozilla {
 int (*RunGTest)(int*, char**) = 0;
@ -3891,10 +3893,10 @@ XREMain::XRE_mainStartup(bool* aExitFlag)
    return 1;
 #endif /* MOZ_WIDGET_GTK */
-#ifdef LIBFUZZER
+#ifdef FUZZING
-  if (PR_GetEnv("LIBFUZZER")) {
+  if (PR_GetEnv("FUZZER")) {
    *aExitFlag = true;
-    return mozilla::libFuzzerRunner->Run(&gArgc, &gArgv);
+    return mozilla::fuzzerRunner->Run(&gArgc, &gArgv);
  }
 #endif
--- a/tools/fuzzing/interface/FuzzingInterface.h
+++ b/tools/fuzzing/interface/FuzzingInterface.h
@ -10,91 +10,78 @@
 #ifndef FuzzingInterface_h__
 #define FuzzingInterface_h__
 #include "gtest/gtest.h"
 #include "nsComponentManagerUtils.h"
 #include "nsCOMPtr.h"
 #include "nsIInputStream.h"
 #include "nsDirectoryServiceDefs.h"
 #include "nsIDirectoryService.h"
 #include "nsIFile.h"
 #include "nsStreamUtils.h"
 #include "nsStringStream.h"
 #include <fstream>
-#ifdef LIBFUZZER
+#include "FuzzerRegistry.h"
-#include "LibFuzzerRegistry.h"
+#include "mozilla/Assertions.h"
 #endif
 namespace mozilla {
 typedef int(*FuzzingTestFuncRaw)(const uint8_t*, size_t);
 typedef int(*FuzzingTestFuncStream)(nsCOMPtr<nsIInputStream>);
 #ifdef __AFL_COMPILER
 void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc);
 void afl_interface_raw(const char* testFile, FuzzingTestFuncRaw testFunc);
-#define MOZ_AFL_INTERFACE_COMMON(initFunc)                                                    \
+static int afl_interface_raw(const char* testFile, FuzzingTestFuncRaw testFunc) {
-  initFunc(NULL, NULL);                                                                       \
+    char* buf = NULL;
    while(__AFL_LOOP(1000)) {
      std::ifstream is;
      is.open (testFile, std::ios::binary);
      is.seekg (0, std::ios::end);
      int len = is.tellg();
      is.seekg (0, std::ios::beg);
      MOZ_RELEASE_ASSERT(len >= 0);
      if (!len) {
        is.close();
        continue;
      }
      buf = (char*)realloc(buf, len);
      MOZ_RELEASE_ASSERT(buf);
      is.read(buf,len);
      is.close();
      testFunc((uint8_t*)buf, (size_t)len);
    }
    free(buf);
    return 0;
 }
 #define MOZ_AFL_INTERFACE_COMMON()                                                            \
  char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE");                                            \
  if (!testFilePtr) {                                                                         \
-    EXPECT_TRUE(false) << "Must specify testfile in MOZ_FUZZ_TESTFILE environment variable."; \
+    fprintf(stderr, "Must specify testfile in MOZ_FUZZ_TESTFILE environment variable.\n");    \
-    return;                                                                                   \
+    return 1;                                                                                 \
  }                                                                                           \
  /* Make a copy of testFilePtr so the testing function can safely call getenv */             \
  std::string testFile(testFilePtr);
-#define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) \
+#define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName)            \
-  TEST(AFL, moduleName) {                                        \
+  static int afl_fuzz_##moduleName(const uint8_t *data, size_t size) {   \
-    MOZ_AFL_INTERFACE_COMMON(initFunc);                          \
+    MOZ_RELEASE_ASSERT(data == NULL && size == 0);                       \
-    ::mozilla::afl_interface_stream(testFile.c_str(), testFunc); \
+    MOZ_AFL_INTERFACE_COMMON();                                          \
-  }
+    return ::mozilla::afl_interface_raw(testFile.c_str(), testFunc);     \
-
+  }                                                                      \
-#define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName)    \
+  static void __attribute__ ((constructor)) AFLRegister##moduleName() {  \
-  TEST(AFL, moduleName) {                                        \
+    ::mozilla::FuzzerRegistry::getInstance().registerModule(             \
-    MOZ_AFL_INTERFACE_COMMON(initFunc);                          \
+      #moduleName, initFunc, afl_fuzz_##moduleName                       \
-    ::mozilla::afl_interface_raw(testFile.c_str(), testFunc);    \
+    );                                                                   \
  }
 #else
 #define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) /* Nothing */
 #define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName)    /* Nothing */
-#endif
+#endif // __AFL_COMPILER
 #ifdef LIBFUZZER
-#define MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName)      \
+#define MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName)            \
-  static int LibFuzzerTest##moduleName (const uint8_t *data, size_t size) { \
+  static void __attribute__ ((constructor)) LibFuzzerRegister##moduleName() {  \
-    if (size > INT32_MAX)                                                   \
+    ::mozilla::FuzzerRegistry::getInstance().registerModule(                   \
-      return 0;                                                             \
+      #moduleName, initFunc, testFunc                                          \
-    nsCOMPtr<nsIInputStream> stream;                                        \
+    );                                                                         \
    nsresult rv = NS_NewByteInputStream(getter_AddRefs(stream),             \
      (const char*)data, size, NS_ASSIGNMENT_DEPEND);                       \
    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));                                   \
    testFunc(stream.forget());                                              \
    return 0;                                                               \
  }                                                                         \
  static void __attribute__ ((constructor)) LibFuzzerRegister() {           \
    ::mozilla::LibFuzzerRegistry::getInstance().registerModule(             \
      #moduleName, initFunc, LibFuzzerTest##moduleName                      \
    );                                                                      \
  }
 #define MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName)         \
  static void __attribute__ ((constructor)) LibFuzzerRegister() {           \
    ::mozilla::LibFuzzerRegistry::getInstance().registerModule(             \
      #moduleName, initFunc, testFunc                                       \
    );                                                                      \
  }
 #else
 #define MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName) /* Nothing */
 #define MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName)    /* Nothing */
 #endif
 #define MOZ_FUZZING_INTERFACE_STREAM(initFunc, testFunc, moduleName) \
  MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName);    \
  MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName);
 #define MOZ_FUZZING_INTERFACE_RAW(initFunc, testFunc, moduleName)    \
  MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName);       \
  MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName);
--- a/tools/fuzzing/interface/FuzzingInterfaceStream.cpp
+++ b/tools/fuzzing/interface/FuzzingInterfaceStream.cpp
@ -7,13 +7,18 @@
 * Interface implementation for the unified fuzzing interface
 */
-#include "FuzzingInterface.h"
+#include "FuzzingInterfaceStream.h"
 #include "mozilla/Assertions.h"
 #ifndef JS_STANDALONE
 #include "nsNetUtil.h"
 #endif
 namespace mozilla {
 #ifdef __AFL_COMPILER
 void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc) {
    nsresult rv;
    nsCOMPtr<nsIProperties> dirService =
@ -39,29 +44,6 @@ void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc)
    }
 }
 void afl_interface_raw(const char* testFile, FuzzingTestFuncRaw testFunc) {
    char* buf = NULL;
    while(__AFL_LOOP(1000)) {
      std::ifstream is;
      is.open (testFile, std::ios::binary);
      is.seekg (0, std::ios::end);
      int len = is.tellg();
      is.seekg (0, std::ios::beg);
      MOZ_RELEASE_ASSERT(len >= 0);
      if (!len) {
        is.close();
        continue;
      }
      buf = (char*)realloc(buf, len);
      MOZ_RELEASE_ASSERT(buf);
      is.read(buf,len);
      is.close();
      testFunc((uint8_t*)buf, (size_t)len);
    }
    free(buf);
 }
 #endif
 } // namespace mozilla
--- a/tools/fuzzing/interface/FuzzingInterfaceStream.h
+++ b/tools/fuzzing/interface/FuzzingInterfaceStream.h
@ -0,0 +1,85 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
 * Interface definitions for the unified fuzzing interface with streaming support
 */
 #ifndef FuzzingInterfaceStream_h__
 #define FuzzingInterfaceStream_h__
 #ifdef JS_STANDALONE
 #error "FuzzingInterfaceStream.h cannot be used in JS standalone builds."
 #endif
 #include "gtest/gtest.h"
 #include "nsComponentManagerUtils.h"
 #include "nsCOMPtr.h"
 #include "nsIInputStream.h"
 #include "nsDirectoryServiceDefs.h"
 #include "nsIDirectoryService.h"
 #include "nsIFile.h"
 #include "nsStreamUtils.h"
 #include "nsStringStream.h"
 #include <fstream>
 #include "FuzzingInterface.h"
 namespace mozilla {
 typedef int(*FuzzingTestFuncStream)(nsCOMPtr<nsIInputStream>);
 #ifdef __AFL_COMPILER
 void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc);
 #define MOZ_AFL_INTERFACE_COMMON(initFunc)                                                    \
  if (initFunc) initFunc(NULL, NULL);                                                         \
  char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE");                                            \
  if (!testFilePtr) {                                                                         \
    fprintf(stderr, "Must specify testfile in MOZ_FUZZ_TESTFILE environment variable.\n");    \
    return;                                                                                   \
  }                                                                                           \
  /* Make a copy of testFilePtr so the testing function can safely call getenv */             \
  std::string testFile(testFilePtr);
 #define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) \
  TEST(AFL, moduleName) {                                        \
    MOZ_AFL_INTERFACE_COMMON(initFunc);                          \
    ::mozilla::afl_interface_stream(testFile.c_str(), testFunc); \
  }
 #else
 #define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) /* Nothing */
 #endif
 #ifdef LIBFUZZER
 #define MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName)      \
  static int LibFuzzerTest##moduleName (const uint8_t *data, size_t size) { \
    if (size > INT32_MAX)                                                   \
      return 0;                                                             \
    nsCOMPtr<nsIInputStream> stream;                                        \
    nsresult rv = NS_NewByteInputStream(getter_AddRefs(stream),             \
      (const char*)data, size, NS_ASSIGNMENT_DEPEND);                       \
    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));                                   \
    testFunc(stream.forget());                                              \
    return 0;                                                               \
  }                                                                         \
  static void __attribute__ ((constructor)) LibFuzzerRegister() {           \
    ::mozilla::FuzzerRegistry::getInstance().registerModule(                \
      #moduleName, initFunc, LibFuzzerTest##moduleName                      \
    );                                                                      \
  }
 #else
 #define MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName) /* Nothing */
 #endif
 #define MOZ_FUZZING_INTERFACE_STREAM(initFunc, testFunc, moduleName) \
  MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName);    \
  MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName);
 } // namespace mozilla
 #endif  // FuzzingInterfaceStream_h__
--- a/tools/fuzzing/interface/harness/FuzzerRunner.cpp
+++ b/tools/fuzzing/interface/harness/FuzzerRunner.cpp
@ -0,0 +1,73 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * * This Source Code Form is subject to the terms of the Mozilla Public
 * * License, v. 2.0. If a copy of the MPL was not distributed with this
 * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include <cstdlib>
 #include "FuzzerRunner.h"
 #include "mozilla/Attributes.h"
 #include "prenv.h"
 #include "FuzzerTestHarness.h"
 namespace mozilla {
 // We use a static var 'fuzzerRunner' defined in nsAppRunner.cpp.
 // fuzzerRunner is initialized to nullptr but if this file is linked in,
 // then fuzzerRunner will be set here indicating that
 // we want to call into either LibFuzzer's main or the AFL entrypoint.
 class _InitFuzzer {
 public:
  _InitFuzzer() {
    fuzzerRunner = new FuzzerRunner();
  }
 } InitLibFuzzer;
 int FuzzerRunner::Run(int* argc, char*** argv) {
  ScopedXPCOM xpcom("Fuzzer");
  const char* fuzzerEnv = getenv("FUZZER");
  if (!fuzzerEnv) {
    fuzzerEnv = getenv("LIBFUZZER");
    if (fuzzerEnv) {
      fprintf(stderr, "Fuzzer Interface: Warning: \
        Using deprecated LIBFUZZER variable, use FUZZER instead\n");
    } else {
      fprintf(stderr, "Must specify fuzzing target in FUZZER environment variable\n");
      return 1;
    }
  }
  std::string moduleNameStr(fuzzerEnv);
  FuzzerFunctions funcs = FuzzerRegistry::getInstance().getModuleFunctions(moduleNameStr);
  FuzzerInitFunc initFunc = funcs.first;
  FuzzerTestingFunc testingFunc = funcs.second;
  if (initFunc) {
    int ret = initFunc(argc, argv);
    if (ret) {
      fprintf(stderr, "Fuzzing Interface: Error: Initialize callback failed\n");
      return ret;
    }
  }
  if (!testingFunc) {
      fprintf(stderr, "Fuzzing Interface: Error: No testing callback found\n");
      return 1;
  }
 #ifdef LIBFUZZER
  return mFuzzerDriver(argc, argv, testingFunc);
 #else
  // For AFL, testingFunc points to the entry function we need.
  return testingFunc(NULL, 0);
 #endif
 }
 #ifdef LIBFUZZER
 void FuzzerRunner::setParams(LibFuzzerDriver aDriver) {
  mFuzzerDriver = aDriver;
 }
 #endif
 } // namespace mozilla
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.h
@ -3,19 +3,22 @@
 * * License, v. 2.0. If a copy of the MPL was not distributed with this
 * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include "LibFuzzerRegistry.h"
+#include "FuzzerRegistry.h"
 namespace mozilla {
-class LibFuzzerRunner {
+class FuzzerRunner {
 public:
  int Run(int* argc, char*** argv);
 #ifdef LIBFUZZER
  void setParams(LibFuzzerDriver aDriver);
 private:
  LibFuzzerDriver mFuzzerDriver;
 #endif
 };
-extern LibFuzzerRunner* libFuzzerRunner;
+extern FuzzerRunner* fuzzerRunner;
 } // namespace mozilla
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerTestHarness.h
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerTestHarness.h
@ -9,8 +9,8 @@
 * and stdio.h/stdlib.h.
 */
-#ifndef LibFuzzerTestHarness_h__
+#ifndef FuzzerTestHarness_h__
-#define LibFuzzerTestHarness_h__
+#define FuzzerTestHarness_h__
 #include "mozilla/ArrayUtils.h"
 #include "mozilla/Attributes.h"
@ -273,4 +273,4 @@ ScopedXPCOM::Release()
 } // namespace
-#endif  // LibFuzzerTestHarness_h__
+#endif  // FuzzerTestHarness_h__
--- a/tools/fuzzing/interface/harness/moz.build
+++ b/tools/fuzzing/interface/harness/moz.build
@ -7,13 +7,10 @@
 Library('fuzzer-runner')
 SOURCES += [
-    'LibFuzzerRegistry.cpp',
+    'FuzzerRunner.cpp',
    'LibFuzzerRunner.cpp',
 ]
 EXPORTS += [
-    'LibFuzzerRegistry.h',
+    'FuzzerRunner.h',
    'LibFuzzerRunner.h',
 ]
 FINAL_LIBRARY = "xul"
--- a/tools/fuzzing/interface/moz.build
+++ b/tools/fuzzing/interface/moz.build
@ -4,12 +4,25 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 Library('fuzzer-interface')
 EXPORTS += [
    'FuzzingInterface.h',
 ]
-SOURCES += [
+if CONFIG['JS_STANDALONE']:
-    'FuzzingInterface.cpp',
+    FINAL_LIBRARY = "js"
-]
+else:
    EXPORTS += [
        'FuzzingInterfaceStream.h',
    ]
-FINAL_LIBRARY = 'xul-gtest'
+    SOURCES += [
        'FuzzingInterfaceStream.cpp',
    ]
    DIRS += [
      'harness',
    ]
    FINAL_LIBRARY = 'xul-gtest'
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.cpp
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.cpp
@ -1,23 +0,0 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * * This Source Code Form is subject to the terms of the Mozilla Public
 * * License, v. 2.0. If a copy of the MPL was not distributed with this
 * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "LibFuzzerRegistry.h"
 namespace mozilla {
 LibFuzzerRegistry& LibFuzzerRegistry::getInstance() {
    static LibFuzzerRegistry instance;
    return instance;
 }
 void LibFuzzerRegistry::registerModule(std::string moduleName, LibFuzzerInitFunc initFunc, LibFuzzerTestingFunc testingFunc) {
    moduleMap.insert(std::pair<std::string, LibFuzzerFunctions>(moduleName,LibFuzzerFunctions(initFunc, testingFunc)));
 }
 LibFuzzerFunctions LibFuzzerRegistry::getModuleFunctions(std::string& moduleName) {
    return moduleMap[moduleName];
 }
 } // namespace mozilla
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRegistry.h
@ -1,42 +0,0 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * * This Source Code Form is subject to the terms of the Mozilla Public
 * * License, v. 2.0. If a copy of the MPL was not distributed with this
 * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifndef _LibFuzzerRegistry_h__
 #define _LibFuzzerRegistry_h__
 #include <cstdint>
 #include <map>
 #include <string>
 #include <utility>
 #include "mozilla/Attributes.h"
 #include "mozilla/Types.h"
 typedef int(*LibFuzzerInitFunc)(int*, char***);
 typedef int(*LibFuzzerTestingFunc)(const uint8_t*, size_t);
 typedef int(*LibFuzzerDriver)(int*, char***, LibFuzzerTestingFunc);
 namespace mozilla {
 typedef std::pair<LibFuzzerInitFunc, LibFuzzerTestingFunc> LibFuzzerFunctions;
 class LibFuzzerRegistry {
    public:
        MOZ_EXPORT static LibFuzzerRegistry& getInstance();
        MOZ_EXPORT void registerModule(std::string moduleName, LibFuzzerInitFunc initFunc, LibFuzzerTestingFunc testingFunc);
        MOZ_EXPORT LibFuzzerFunctions getModuleFunctions(std::string& moduleName);
        LibFuzzerRegistry(LibFuzzerRegistry const&) = delete;
        void operator=(LibFuzzerRegistry const&) = delete;
    private:
        LibFuzzerRegistry() {};
        std::map<std::string, LibFuzzerFunctions> moduleMap;
 };
 } // namespace mozilla
 #endif // _LibFuzzerRegistry_h__
--- a/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
+++ b/tools/fuzzing/libfuzzer/harness/LibFuzzerRunner.cpp
@ -1,53 +0,0 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * * This Source Code Form is subject to the terms of the Mozilla Public
 * * License, v. 2.0. If a copy of the MPL was not distributed with this
 * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include <cstdlib>
 #include "LibFuzzerRunner.h"
 #include "mozilla/Attributes.h"
 #include "prenv.h"
 #include "LibFuzzerTestHarness.h"
 namespace mozilla {
 // We use a static var 'libFuzzerRunner' defined in nsAppRunner.cpp.
 // libFuzzerRunner is initialized to nullptr but if LibFuzzer (this file)
 // is linked in then libFuzzerRunner will be set here indicating that
 // we want to call into LibFuzzer's main.
 class _InitLibFuzzer {
 public:
  _InitLibFuzzer() {
    libFuzzerRunner = new LibFuzzerRunner();
  }
 } InitLibFuzzer;
 int LibFuzzerRunner::Run(int* argc, char*** argv) {
  ScopedXPCOM xpcom("LibFuzzer");
  std::string moduleNameStr(getenv("LIBFUZZER"));
  LibFuzzerFunctions funcs = LibFuzzerRegistry::getInstance().getModuleFunctions(moduleNameStr);
  LibFuzzerInitFunc initFunc = funcs.first;
  LibFuzzerTestingFunc testingFunc = funcs.second;
  if (initFunc) {
    int ret = initFunc(argc, argv);
    if (ret) {
      fprintf(stderr, "LibFuzzer: Error: Initialize callback failed\n");
      return ret;
    }
  }
  if (!testingFunc) {
      fprintf(stderr, "LibFuzzer: Error: No testing callback found\n");
      return 1;
  }
  return mFuzzerDriver(argc, argv, testingFunc);
 }
 void LibFuzzerRunner::setParams(LibFuzzerDriver aDriver) {
  mFuzzerDriver = aDriver;
 }
 } // namespace mozilla
--- a/tools/fuzzing/libfuzzer/moz.build
+++ b/tools/fuzzing/libfuzzer/moz.build
@ -6,8 +6,8 @@
 Library('fuzzer')
-DIRS += [
+EXPORTS += [
-  'harness',
+    'FuzzerDefs.h',
 ]
 SOURCES += [
--- a/tools/fuzzing/moz.build
+++ b/tools/fuzzing/moz.build
@ -5,12 +5,17 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 DIRS += [
  'common',
  'interface',
-  'messagemanager',
+  'registry',
  'shmem'
 ]
 if not CONFIG['JS_STANDALONE']:
  DIRS += [
    'common',
    'messagemanager',
    'shmem',
  ]
 if CONFIG['LIBFUZZER']:
  DIRS += [
    'libfuzzer',
--- a/tools/fuzzing/registry/FuzzerRegistry.cpp
+++ b/tools/fuzzing/registry/FuzzerRegistry.cpp
@ -0,0 +1,23 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * * This Source Code Form is subject to the terms of the Mozilla Public
 * * License, v. 2.0. If a copy of the MPL was not distributed with this
 * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "FuzzerRegistry.h"
 namespace mozilla {
 FuzzerRegistry& FuzzerRegistry::getInstance() {
    static FuzzerRegistry instance;
    return instance;
 }
 void FuzzerRegistry::registerModule(std::string moduleName, FuzzerInitFunc initFunc, FuzzerTestingFunc testingFunc) {
    moduleMap.insert(std::pair<std::string, FuzzerFunctions>(moduleName,FuzzerFunctions(initFunc, testingFunc)));
 }
 FuzzerFunctions FuzzerRegistry::getModuleFunctions(std::string& moduleName) {
    return moduleMap[moduleName];
 }
 } // namespace mozilla
--- a/tools/fuzzing/registry/FuzzerRegistry.h
+++ b/tools/fuzzing/registry/FuzzerRegistry.h
@ -0,0 +1,43 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 * * This Source Code Form is subject to the terms of the Mozilla Public
 * * License, v. 2.0. If a copy of the MPL was not distributed with this
 * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifndef _FuzzerRegistry_h__
 #define _FuzzerRegistry_h__
 #include <cstdint>
 #include <map>
 #include <string>
 #include <utility>
 #include "mozilla/Attributes.h"
 #include "mozilla/Types.h"
 typedef int(*FuzzerInitFunc)(int*, char***);
 typedef int(*FuzzerTestingFunc)(const uint8_t*, size_t);
 typedef int(*LibFuzzerDriver)(int*, char***, FuzzerTestingFunc);
 namespace mozilla {
 typedef std::pair<FuzzerInitFunc, FuzzerTestingFunc> FuzzerFunctions;
 class FuzzerRegistry {
    public:
        MOZ_EXPORT static FuzzerRegistry& getInstance();
        MOZ_EXPORT void registerModule(std::string moduleName, FuzzerInitFunc initFunc, FuzzerTestingFunc testingFunc);
        MOZ_EXPORT FuzzerFunctions getModuleFunctions(std::string& moduleName);
        FuzzerRegistry(FuzzerRegistry const&) = delete;
        void operator=(FuzzerRegistry const&) = delete;
    private:
        FuzzerRegistry() {};
        std::map<std::string, FuzzerFunctions> moduleMap;
 };
 } // namespace mozilla
 #endif // _FuzzerRegistry_h__
--- a/tools/fuzzing/registry/moz.build
+++ b/tools/fuzzing/registry/moz.build
@ -0,0 +1,20 @@
 # -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 Library('fuzzer-registry')
 SOURCES += [
    'FuzzerRegistry.cpp',
 ]
 EXPORTS += [
    'FuzzerRegistry.h',
 ]
 if CONFIG['JS_STANDALONE']:
    FINAL_LIBRARY = "js"
 else:
    FINAL_LIBRARY = "xul"
--- a/xpcom/build/nsXULAppAPI.h
+++ b/xpcom/build/nsXULAppAPI.h
@ -513,7 +513,7 @@ XRE_API(int,
                           const XREShellData* aShellData))
 #ifdef LIBFUZZER
-#include "LibFuzzerRegistry.h"
+#include "FuzzerRegistry.h"
 XRE_API(void,
        XRE_LibFuzzerSetDriver, (LibFuzzerDriver))