Update docs and tests for LLVMFuzzerTestOneInput

Author: benrimmington

docs/libFuzzerIntegration.md

@@ -1,37 +1,39 @@
-libFuzzer Integration
----------------------
-
-Swift compiler comes with a built-in `libFuzzer` integration.
-In order to use it on a file `myfile.swift`, we define an entry point fuzzing function
-with a `@_cdecl("LLVMFuzzerTestOneInput")` annotation:
+# libFuzzer Integration
 
+Custom builds of the Swift toolchain (including development snapshots)
+have a built-in `libFuzzer` integration. In order to use it on a file
+`myfile.swift`, define an entry point fuzzing function with a
+`@_cdecl("LLVMFuzzerTestOneInput")` annotation:
 
 ```swift
-@_cdecl("LLVMFuzzerTestOneInput") public func fuzzMe(Data: UnsafePointer<CChar>, Size: CInt) -> CInt{
-    // Test our code using provided Data.
-  }
+@_cdecl("LLVMFuzzerTestOneInput")
+public func test(_ start: UnsafeRawPointer, _ count: Int) -> CInt {
+  let bytes = UnsafeRawBufferPointer(start: start, count: count)
+  // TODO: Test the code using the provided bytes.
+  return 0
 }
 ```
 
-To compile it, we use `-sanitize=fuzzer` flag to link `libFuzzer`
-and enable coverage annotation, and `-parse-as-library` flag not to insert
-the `main` symbol, such that the fuzzer entry point can be used:
+To compile it, use the `-sanitize=fuzzer` flag to link `libFuzzer`
+and enable code coverage information; and the `-parse-as-library` flag
+to omit the `main` symbol, so that the fuzzer entry point can be used:
 
 ```bash
 % swiftc -sanitize=fuzzer -parse-as-library myfile.swift
 ```
 
-`libFuzzer` can be also combined with other sanitizers:
+`libFuzzer` can be combined with other sanitizers:
 
 ```bash
 % swiftc -sanitize=fuzzer,address -parse-as-library myfile.swift
 ```
 
-Finally, we launch the fuzzing process:
+Finally, launch the fuzzing process:
 
 ```bash
-% ./a.out
+% ./myfile
 ```
 
-Refer to the official `libFuzzer` documentation at http://llvm.org/docs/LibFuzzer.html
-for the description of flags the resulting binary has.
+Refer to the official `libFuzzer` documentation at
+<https://llvm.org/docs/LibFuzzer.html#options>
+for a description of the fuzzer's command line options.

test/Driver/fuzzer.swift

@@ -6,6 +6,7 @@
 // LIBFUZZER_OSX: libclang_rt.fuzzer
 // LIBFUZZER_LINUX: -fsanitize=address,fuzzer
 
-@_cdecl("LLVMFuzzerTestOneInput") public func fuzzOneInput(Data: UnsafePointer<CChar>, Size: CLong) -> CInt {
-  return 0;
+@_cdecl("LLVMFuzzerTestOneInput")
+public func test(_ start: UnsafeRawPointer, _ count: Int) -> CInt {
+  return 0
 }

test/Fuzzing/fuzzer_test.swift

@@ -0,0 +1,28 @@
+// RUN: %target-build-swift -parse-as-library -sanitize=fuzzer %s -o %t
+// RUN: not %t -only_ascii=1 -max_len=3 | %FileCheck %s
+// REQUIRES: CPU=x86_64
+// REQUIRES: executable_test
+// REQUIRES: fuzzer_runtime
+// XFAIL: OS=ios
+// XFAIL: OS=tvos
+// XFAIL: OS=watchos
+// CHECK: Crash!
+
+#if canImport(Darwin)
+import Darwin.C
+#elseif canImport(Glibc)
+import Glibc
+#elseif canImport(MSVCRT)
+import MSVCRT
+#endif
+
+@_cdecl("LLVMFuzzerTestOneInput")
+public func test(_ start: UnsafeRawPointer, _ count: Int) -> CInt {
+  let bytes = UnsafeRawBufferPointer(start: start, count: count)
+  if bytes.starts(with: "ABC".utf8) {
+    print("Crash!")
+    fflush(stdout)
+    exit(EXIT_FAILURE)
+  }
+  return 0
+}