emmettneyman updated this revision to Diff 149807.
emmettneyman added a comment.
- Changed CLArgs into getter and deleted commented code
1. Updating https://reviews.llvm.org/D47666: Refactored clang-fuzzer and added
new (copy) files #
2. Enter a brief description of the changes included in this update.
3. The first line is used as subject, next lines as comment.
Made changes in response to comments
Removed commented out code
Changed CLArgs to be a getter method
Removed LLVMFuzzerInitialize decl from header file
Repository:
rC Clang
https://reviews.llvm.org/D47666
Files:
tools/clang-fuzzer/CMakeLists.txt
tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
tools/clang-fuzzer/FuzzerInitialize.cpp
tools/clang-fuzzer/FuzzerInitialize.h
tools/clang-fuzzer/experimental/ExampleClangLoopProtoFuzzer.cpp
tools/clang-fuzzer/experimental/cxx_loop_proto.proto
tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.cpp
tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.h
tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx_main.cpp
Index: tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx_main.cpp
===================================================================
--- /dev/null
+++ tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx_main.cpp
@@ -0,0 +1,34 @@
+//==-- proto_to_cxx_main.cpp - Driver for protobuf-C++ conversion ----------==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// Implements a simple driver to print a C++ program from a protobuf.
+//
+//===----------------------------------------------------------------------===//
+
+// This is a copy and will be updated later to introduce changes
+
+#include <fstream>
+#include <iostream>
+#include <streambuf>
+#include <string>
+
+#include "loop_proto_to_cxx.h"
+
+int main(int argc, char **argv) {
+ for (int i = 1; i < argc; i++) {
+ std::fstream in(argv[i]);
+ std::string str((std::istreambuf_iterator<char>(in)),
+ std::istreambuf_iterator<char>());
+ std::cout << "// " << argv[i] << std::endl;
+ std::cout << clang_fuzzer::ProtoToCxx(
+ reinterpret_cast<const uint8_t *>(str.data()), str.size());
+ // std::cout << clang_fuzzer::ProtoStringToCxx(str);
+ }
+}
+
Index: tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.h
===================================================================
--- /dev/null
+++ tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.h
@@ -0,0 +1,24 @@
+//==-- proto_to_cxx.h - Protobuf-C++ conversion ----------------------------==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// Defines functions for converting between protobufs and C++.
+//
+//===----------------------------------------------------------------------===//
+
+// This is a copy and will be updated later to introduce changes
+
+#include <cstdint>
+#include <cstddef>
+#include <string>
+
+namespace clang_fuzzer {
+class Function;
+std::string FunctionToString(const Function &input);
+std::string ProtoToCxx(const uint8_t *data, size_t size);
+}
Index: tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.cpp
===================================================================
--- /dev/null
+++ tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.cpp
@@ -0,0 +1,115 @@
+//==-- proto_to_cxx.cpp - Protobuf-C++ conversion --------------------------==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// Implements functions for converting between protobufs and C++.
+//
+//===----------------------------------------------------------------------===//
+
+// This is a copy and will be updated later to introduce changes
+
+#include "loop_proto_to_cxx.h"
+#include "cxx_loop_proto.pb.h"
+
+// The following is needed to convert protos in human-readable form
+#include <google/protobuf/text_format.h>
+
+
+#include <ostream>
+#include <sstream>
+
+namespace clang_fuzzer {
+
+// Forward decls.
+std::ostream &operator<<(std::ostream &os, const BinaryOp &x);
+std::ostream &operator<<(std::ostream &os, const StatementSeq &x);
+
+// Proto to C++.
+std::ostream &operator<<(std::ostream &os, const Const &x) {
+ return os << "(" << x.val() << ")";
+}
+std::ostream &operator<<(std::ostream &os, const VarRef &x) {
+ return os << "a[" << (static_cast<uint32_t>(x.varnum()) % 100) << "]";
+}
+std::ostream &operator<<(std::ostream &os, const Lvalue &x) {
+ return os << x.varref();
+}
+std::ostream &operator<<(std::ostream &os, const Rvalue &x) {
+ if (x.has_varref()) return os << x.varref();
+ if (x.has_cons()) return os << x.cons();
+ if (x.has_binop()) return os << x.binop();
+ return os << "1";
+}
+std::ostream &operator<<(std::ostream &os, const BinaryOp &x) {
+ os << "(" << x.left();
+ switch (x.op()) {
+ case BinaryOp::PLUS: os << "+"; break;
+ case BinaryOp::MINUS: os << "-"; break;
+ case BinaryOp::MUL: os << "*"; break;
+ case BinaryOp::DIV: os << "/"; break;
+ case BinaryOp::MOD: os << "%"; break;
+ case BinaryOp::XOR: os << "^"; break;
+ case BinaryOp::AND: os << "&"; break;
+ case BinaryOp::OR: os << "|"; break;
+ case BinaryOp::EQ: os << "=="; break;
+ case BinaryOp::NE: os << "!="; break;
+ case BinaryOp::LE: os << "<="; break;
+ case BinaryOp::GE: os << ">="; break;
+ case BinaryOp::LT: os << "<"; break;
+ case BinaryOp::GT: os << ">"; break;
+ }
+ return os << x.right() << ")";
+}
+std::ostream &operator<<(std::ostream &os, const AssignmentStatement &x) {
+ return os << x.lvalue() << "=" << x.rvalue() << ";\n";
+}
+std::ostream &operator<<(std::ostream &os, const IfElse &x) {
+ return os << "if (" << x.cond() << "){\n"
+ << x.if_body() << "} else { \n"
+ << x.else_body() << "}\n";
+}
+std::ostream &operator<<(std::ostream &os, const While &x) {
+ return os << "while (" << x.cond() << "){\n" << x.body() << "}\n";
+}
+std::ostream &operator<<(std::ostream &os, const Statement &x) {
+ if (x.has_assignment()) return os << x.assignment();
+ if (x.has_ifelse()) return os << x.ifelse();
+ if (x.has_while_loop()) return os << x.while_loop();
+ return os << "(void)0;\n";
+}
+std::ostream &operator<<(std::ostream &os, const StatementSeq &x) {
+ for (auto &st : x.statements()) os << st;
+ return os;
+}
+std::ostream &operator<<(std::ostream &os, const Function &x) {
+ return os << "void foo(int *a) {\n" << x.statements() << "}\n";
+}
+
+// ---------------------------------
+
+std::string FunctionToString(const Function &input) {
+ std::ostringstream os;
+ os << input;
+ return os.str();
+
+}
+std::string ProtoToCxx(const uint8_t *data, size_t size) {
+ Function message;
+ if (!message.ParsePartialFromArray(data, size))
+ return "#error invalid proto, may not be binary encoded\n";
+ return FunctionToString(message);
+}
+/*
+std::string ProtoStringToCxx(const std::string& data) {
+ Function message;
+ if (!google::protobuf::TextFormat::ParseFromString(data, &message))
+ return "#error invalid proto, may not be string encoded\n";
+ return FunctionToString(message);
+}
+*/
+} // namespace clang_fuzzer
Index: tools/clang-fuzzer/experimental/cxx_loop_proto.proto
===================================================================
--- /dev/null
+++ tools/clang-fuzzer/experimental/cxx_loop_proto.proto
@@ -0,0 +1,95 @@
+//===-- cxx_proto.proto - Protobuf description of C++ ---------------------===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+///
+/// \file
+/// This file describes a subset of C++ as a protobuf. It is used to
+/// more easily find interesting inputs for fuzzing Clang.
+///
+//===----------------------------------------------------------------------===//
+
+// This is a copy and will be updated later to introduce changes
+
+syntax = "proto2";
+
+message VarRef {
+ required int32 varnum = 1;
+}
+
+message Lvalue {
+ required VarRef varref = 1;
+}
+
+message Const {
+ required int32 val = 1;
+}
+
+message BinaryOp {
+ enum Op {
+ PLUS = 0;
+ MINUS = 1;
+ MUL = 2;
+ DIV = 3;
+ MOD = 4;
+ XOR = 5;
+ AND = 6;
+ OR = 7;
+ EQ = 8;
+ NE = 9;
+ LE = 10;
+ GE = 11;
+ LT = 12;
+ GT = 13;
+ };
+ required Op op = 1;
+ required Rvalue left = 2;
+ required Rvalue right = 3;
+}
+
+message Rvalue {
+ oneof rvalue_oneof {
+ VarRef varref = 1;
+ Const cons = 2;
+ BinaryOp binop = 3;
+ }
+}
+
+message AssignmentStatement {
+ required Lvalue lvalue = 1;
+ required Rvalue rvalue = 2;
+}
+
+
+message IfElse {
+ required Rvalue cond = 1;
+ required StatementSeq if_body = 2;
+ required StatementSeq else_body = 3;
+}
+
+message While {
+ required Rvalue cond = 1;
+ required StatementSeq body = 2;
+}
+
+message Statement {
+ oneof stmt_oneof {
+ AssignmentStatement assignment = 1;
+ IfElse ifelse = 2;
+ While while_loop = 3;
+ }
+}
+
+message StatementSeq {
+ repeated Statement statements = 1;
+}
+
+message Function {
+ required StatementSeq statements = 1;
+}
+
+package clang_fuzzer;
Index: tools/clang-fuzzer/experimental/ExampleClangLoopProtoFuzzer.cpp
===================================================================
--- tools/clang-fuzzer/experimental/ExampleClangLoopProtoFuzzer.cpp
+++ tools/clang-fuzzer/experimental/ExampleClangLoopProtoFuzzer.cpp
@@ -14,30 +14,19 @@
///
//===----------------------------------------------------------------------===//
-#include "cxx_proto.pb.h"
+// This is a copy and will be updated later to introduce changes
+
+#include "cxx_loop_proto.pb.h"
#include "handle-cxx/handle_cxx.h"
-#include "proto-to-cxx/proto_to_cxx.h"
+
+#include "FuzzerInitialize.h"
#include "src/libfuzzer/libfuzzer_macro.h"
#include <cstring>
using namespace clang_fuzzer;
-static std::vector<const char *> CLArgs;
-
-extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
- CLArgs.push_back("-O2");
- for (int I = 1; I < *argc; I++) {
- if (strcmp((*argv)[I], "-ignore_remaining_args=1") == 0) {
- for (I++; I < *argc; I++)
- CLArgs.push_back((*argv)[I]);
- break;
- }
- }
- return 0;
-}
-
DEFINE_BINARY_PROTO_FUZZER(const Function& input) {
auto S = FunctionToString(input);
HandleCXX(S, CLArgs);
Index: tools/clang-fuzzer/FuzzerInitialize.h
===================================================================
--- /dev/null
+++ tools/clang-fuzzer/FuzzerInitialize.h
@@ -0,0 +1,11 @@
+#include "handle-cxx/handle_cxx.h"
+#include "proto-to-cxx/proto_to_cxx.h"
+
+#include "src/libfuzzer/libfuzzer_macro.h"
+
+#include <cstring>
+
+namespace clang_fuzzer {
+const std::vector<const char *>& GetCLArgs();
+}
+
Index: tools/clang-fuzzer/FuzzerInitialize.cpp
===================================================================
--- tools/clang-fuzzer/FuzzerInitialize.cpp
+++ tools/clang-fuzzer/FuzzerInitialize.cpp
@@ -1,4 +1,4 @@
-//===-- ExampleClangProtoFuzzer.cpp - Fuzz Clang --------------------------===//
+//===-- FuzzerInitialize.cpp - Fuzz Clang ---------------------------------===//
//
// The LLVM Compiler Infrastructure
//
@@ -15,17 +15,22 @@
//===----------------------------------------------------------------------===//
#include "cxx_proto.pb.h"
-#include "handle-cxx/handle_cxx.h"
-#include "proto-to-cxx/proto_to_cxx.h"
-#include "src/libfuzzer/libfuzzer_macro.h"
-
-#include <cstring>
+#include "FuzzerInitialize.h"
using namespace clang_fuzzer;
+
+namespace clang_fuzzer {
+
static std::vector<const char *> CLArgs;
+const std::vector<const char *>& GetCLArgs() {
+ return CLArgs;
+}
+
+}
+
extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
CLArgs.push_back("-O2");
for (int I = 1; I < *argc; I++) {
@@ -38,7 +43,3 @@
return 0;
}
-DEFINE_BINARY_PROTO_FUZZER(const Function& input) {
- auto S = FunctionToString(input);
- HandleCXX(S, CLArgs);
-}
Index: tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
===================================================================
--- tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
+++ tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
@@ -18,27 +18,14 @@
#include "handle-cxx/handle_cxx.h"
#include "proto-to-cxx/proto_to_cxx.h"
+#include "FuzzerInitialize.h"
#include "src/libfuzzer/libfuzzer_macro.h"
#include <cstring>
using namespace clang_fuzzer;
-static std::vector<const char *> CLArgs;
-
-extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
- CLArgs.push_back("-O2");
- for (int I = 1; I < *argc; I++) {
- if (strcmp((*argv)[I], "-ignore_remaining_args=1") == 0) {
- for (I++; I < *argc; I++)
- CLArgs.push_back((*argv)[I]);
- break;
- }
- }
- return 0;
-}
-
DEFINE_BINARY_PROTO_FUZZER(const Function& input) {
auto S = FunctionToString(input);
- HandleCXX(S, CLArgs);
+ HandleCXX(S, GetCLArgs());
}
Index: tools/clang-fuzzer/CMakeLists.txt
===================================================================
--- tools/clang-fuzzer/CMakeLists.txt
+++ tools/clang-fuzzer/CMakeLists.txt
@@ -14,6 +14,7 @@
ClangFuzzer.cpp
DummyClangFuzzer.cpp
ExampleClangProtoFuzzer.cpp
+ FuzzerInitialize.cpp
)
if(CLANG_ENABLE_PROTO_FUZZER)
@@ -44,6 +45,7 @@
add_clang_executable(clang-proto-fuzzer
${DUMMY_MAIN}
ExampleClangProtoFuzzer.cpp
+ FuzzerInitialize.cpp
)
target_link_libraries(clang-proto-fuzzer
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
