Part 1 of fuzzer additions

libs/execution_context/ebpf_program.h

@@ -192,7 +192,7 @@ extern "C"
         _In_reads_(helper_function_count) const uint32_t* helper_function_ids);
 
     /**
-     * @brief Get the address of a helper functions referred to by the program. Assumes
+     * @brief Get the addresses of helper functions referred to by the program. Assumes
      * ebpf_program_set_helper_function_ids has already been invoked on the program object.
      *
      * @param[in] program Program object to query this on.

tests/libfuzzer/README.md

@@ -4,10 +4,21 @@
 [LibFuzzer](https://www.llvm.org/docs/LibFuzzer.html) is an in-process, coverage-guided, evolutionary fuzzing engine. It uses a set of starting data (the corpus)
 to generate new test cases, measures the code-coverage of the new test, and re-combines it form new test cases.
 
+There are now four libFuzzer-based binaries:
+
+* bpf2c_fuzzer
+* core_helper_fuzzer
+* execution_context_fuzzer
+* verifier_fuzzer
+
 ## Usage
 1) Copy the libFuzzer binary and existing corpus to a test machine (currently only Windows 10 and Server 2019 are supported).
-2) Start the libFuzzer binary, pass the path to the corpus folder, and maximum time to run: ```execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800```
-3) If the the fuzzer hits an issue, it will display the stack trace and create a file containing the input that triggered the crash.
+2) Start the libFuzzer binary, pass the path to the corpus folder, and maximum time to run:
+  * `bpf2c_fuzzer.exe bpf2c_fuzzer_corpus -use_value_profile=1 -max_total_time=1800`
+  * `core_helper_fuzzer.exe core_helper_fuzzer core_helper_corpus -max_len=139 -runs=3000 -use_value_profile=1`
+  * `execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800`
+  * `verifier_fuzzer.exe verifier_corpus -use_value_profile=1 -max_total_time=1800`
+3) If the fuzzer hits an issue, it will display the stack trace and create a file containing the input that triggered the crash.
 4) Copy any new test cases and check them into the repo.
 
 ## Reproducing a crash
@@ -16,4 +27,4 @@ of the input that caused the crash. To reproduce the crash (for debugging), run
 name in place of the corpus folder.
 
 ## Future
-Once funding is available, we should set up a OneFuzz cluster and have the CI/CD pipeline deploy to it.
+Once funding is available, we should set up a OneFuzz cluster and have the CI/CD pipeline deploy to it.

tests/libfuzzer/execution_context/libfuzz_harness.cpp

@@ -169,8 +169,8 @@ class fuzz_wrapper
                 type,
                 type,
                 {reinterpret_cast<uint8_t*>(name.data()), name.size()},
-                {reinterpret_cast<uint8_t*>(name.data()), name.size()},
-                {reinterpret_cast<uint8_t*>(name.data()), name.size()},
+                {reinterpret_cast<uint8_t*>(file.data()), file.size()},
+                {reinterpret_cast<uint8_t*>(section.data()), section.size()},
                 EBPF_CODE_JIT};
             ebpf_handle_t handle;
             if (ebpf_program_create_and_initialize(&params, &handle) == EBPF_SUCCESS) {

tests/libfuzzer/verifier/verifier_fuzzer.vcxproj

@@ -113,4 +113,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>

tests/libfuzzer/verifier/verifier_fuzzer.vcxproj.filters

@@ -40,4 +40,4 @@
       <Filter>Header Files</Filter>
     </ClInclude>
   </ItemGroup>
-</Project>
+</Project>