Bug 1660754 - Enable JS RT targets for AFL++ r=decoder

Differential Revision: https://phabricator.services.mozilla.com/D209590

browser/app/nsBrowserApp.cpp

@@ -192,6 +192,9 @@ static int do_main(int argc, char* argv[], char* envp[]) {
 #ifdef LIBFUZZER
     shellData.fuzzerDriver = fuzzer::FuzzerDriver;
 #endif
+#ifdef AFLFUZZ
+    shellData.fuzzerDriver = afl_interface_raw;
+#endif
 
     return gBootstrap->XRE_XPCShellMain(--argc, argv, envp, &shellData);
   }

js/src/fuzz-tests/tests.cpp

@@ -12,6 +12,7 @@
 #include "js/GlobalObject.h"
 #include "js/Initialization.h"
 #include "js/Prefs.h"
+#include "js/RealmOptions.h"
 #include "js/RootingAPI.h"
 #include "js/Stack.h"
 #include "vm/JSContext.h"

js/src/shell/jsrtfuzzing/jsrtfuzzing.cpp

@@ -14,6 +14,9 @@
 #ifdef LIBFUZZER
 #  include "FuzzerDefs.h"
 #endif
+#ifdef AFLFUZZ
+#  include "FuzzingInterface.h"
+#endif
 
 #include "jsapi.h"  // JS_ClearPendingException, JS_IsExceptionPending
 
@@ -71,7 +74,7 @@ int js::shell::FuzzJSRuntimeStart(JSContext* cx, int* argc, char*** argv) {
 #ifdef LIBFUZZER
   fuzzer::FuzzerDriver(&shell::sArgc, &shell::sArgv, FuzzJSRuntimeFuzz);
 #elif AFLFUZZ
-  MOZ_CRASH("AFL is unsupported for JS runtime fuzzing integration");
+  afl_interface_raw(FuzzJSRuntimeFuzz);
 #endif
   return 0;
 }

js/xpconnect/shell/xpcshell.cpp

@@ -77,6 +77,9 @@ int main(int argc, char** argv, char** envp) {
 #ifdef LIBFUZZER
   shellData.fuzzerDriver = fuzzer::FuzzerDriver;
 #endif
+#ifdef AFLFUZZ
+  shellData.fuzzerDriver = afl_interface_raw;
+#endif
 
   int result = bootstrap->XRE_XPCShellMain(argc, argv, envp, &shellData);
 

js/xpconnect/src/XPCShellImpl.cpp

@@ -1363,16 +1363,11 @@ int XRE_XPCShellMain(int argc, char** argv, char** envp,
       {
 #ifdef FUZZING_INTERFACES
         if (fuzzHaveModule) {
-#  ifdef LIBFUZZER
           // argv[0] was removed previously, but libFuzzer expects it
           argc++;
           argv--;
 
-          result = FuzzXPCRuntimeStart(&jsapi, &argc, &argv,
-                                       aShellData->fuzzerDriver);
-#  elif AFLFUZZ
-          MOZ_CRASH("AFL is unsupported for XPC runtime fuzzing integration");
-#  endif
+          result = FuzzXPCRuntimeStart(&jsapi, &argc, &argv, aShellData);
         } else {
 #endif
           // We are almost certainly going to run script here, so we need an

js/xpconnect/src/moz.build

@@ -50,7 +50,7 @@ UNIFIED_SOURCES += [
 ]
 
 
-if CONFIG["LIBFUZZER"]:
+if CONFIG["FUZZING_INTERFACES"]:
     UNIFIED_SOURCES += ["xpcrtfuzzing/xpcrtfuzzing.cpp"]
 
 XPCOM_MANIFESTS += [

js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.cpp

@@ -39,7 +39,7 @@ static void CrashOnPendingException() {
 }
 
 int FuzzXPCRuntimeStart(AutoJSAPI* jsapi, int* argc, char*** argv,
-                        LibFuzzerDriver fuzzerDriver) {
+                        const XREShellData* aShellData) {
   gFuzzModuleName = getenv("FUZZER");
   gJsapi = jsapi;
 
@@ -49,7 +49,11 @@ int FuzzXPCRuntimeStart(AutoJSAPI* jsapi, int* argc, char*** argv,
     return ret;
   }
 
-  ret = fuzzerDriver(argc, argv, FuzzXPCRuntimeFuzz);
+#ifdef AFLFUZZ
+  ret = aShellData->fuzzerDriver(FuzzXPCRuntimeFuzz);
+#else
+  ret = aShellData->fuzzerDriver(argc, argv, FuzzXPCRuntimeFuzz);
+#endif
   if (!ret) {
     fprintf(stdout, "Trying to shutdown!\n");
     int shutdown = FuzzXPCRuntimeShutdown();

js/xpconnect/src/xpcrtfuzzing/xpcrtfuzzing.h

@@ -10,11 +10,11 @@
 #define shell_xpcrtfuzzing_h
 
 #include "mozilla/dom/ScriptSettings.h"  // mozilla::dom::AutoJSAPI
-#include "FuzzerRegistry.h"              // LibFuzzerDriver
+#include "XREShellData.h"
 
 // This is the entry point of the XPC runtime fuzzing code from the XPC shell
 int FuzzXPCRuntimeStart(mozilla::dom::AutoJSAPI* jsapi, int* argc, char*** argv,
-                        LibFuzzerDriver);
+                        const XREShellData*);
 
 // These are the traditional libFuzzer-style functions for initialization
 // and fuzzing iteration.

xpcom/build/XREShellData.h

@@ -10,6 +10,9 @@
 #if defined(LIBFUZZER)
 #  include "FuzzerRegistry.h"  // LibFuzzerDriver
 #endif
+#if defined(AFLFUZZ)
+#  include "FuzzingInterface.h"  // FuzzingTestFuncRaw
+#endif
 
 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
 namespace sandbox {
@@ -34,6 +37,9 @@ struct XREShellData {
 #if defined(LIBFUZZER)
   LibFuzzerDriver fuzzerDriver;
 #endif
+#if defined(AFLFUZZ)
+  int (*fuzzerDriver)(FuzzingTestFuncRaw);
+#endif
 };
 
 #endif  // XREShellData_h