Author: Chelsea Cassanova Date: 2022-06-22T17:42:55-04:00 New Revision: 46be5faaf03466c3751f8a2882bef5a217e15926
URL: https://github.com/llvm/llvm-project/commit/46be5faaf03466c3751f8a2882bef5a217e15926 DIFF: https://github.com/llvm/llvm-project/commit/46be5faaf03466c3751f8a2882bef5a217e15926.diff LOG: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB This adds a command interpreter fuzzer to LLDB's fuzzing library. The input data from the fuzzer is used as input for the command interpreter. Input data for the fuzzer is guided by a dictionary of keywords used in LLDB, such as "breakpoint", "target" and others. Differential revision: https://reviews.llvm.org/D128292 Added: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp Modified: lldb/tools/lldb-fuzzer/CMakeLists.txt Removed: ################################################################################ diff --git a/lldb/tools/lldb-fuzzer/CMakeLists.txt b/lldb/tools/lldb-fuzzer/CMakeLists.txt index 326c69a29dac1..867a41961c13c 100644 --- a/lldb/tools/lldb-fuzzer/CMakeLists.txt +++ b/lldb/tools/lldb-fuzzer/CMakeLists.txt @@ -1,2 +1,3 @@ +add_subdirectory(lldb-commandinterpreter-fuzzer) add_subdirectory(lldb-target-fuzzer) add_subdirectory(utils) diff --git a/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt new file mode 100644 index 0000000000000..5bfae5b574e95 --- /dev/null +++ b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt @@ -0,0 +1,28 @@ +set(LLVM_LINK_COMPONENTS + Support + ) + +add_llvm_fuzzer(lldb-commandinterpreter-fuzzer + EXCLUDE_FROM_ALL + lldb-commandinterpreter-fuzzer.cpp + ) + +if(TARGET lldb-commandinterpreter-fuzzer) + target_include_directories(lldb-commandinterpreter-fuzzer PRIVATE ..) + target_link_libraries(lldb-commandinterpreter-fuzzer + PRIVATE + liblldb + ) + + # This will create a directory specifically for the fuzzer's artifacts, go to that + # directory and run the fuzzer from there. When the fuzzer exits the input + # artifact that caused it to exit will be written to a directory within the + # build directory + add_custom_target(fuzz-lldb-commandinterpreter + COMMENT "Running the LLDB command interpreter fuzzer..." + COMMAND mkdir -p ${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts && + cd ${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts + && $<TARGET_FILE:lldb-commandinterpreter-fuzzer> -dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt -only_ascii=1 -artifact_prefix=commandinterpreter- + USES_TERMINAL + ) +endif() diff --git a/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt new file mode 100644 index 0000000000000..ddd52a6d7806a --- /dev/null +++ b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt @@ -0,0 +1,4 @@ +kw1="breakpoint set" +kw2="target" +kw3="run" +kw4="frame info" diff --git a/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp new file mode 100644 index 0000000000000..036954838b057 --- /dev/null +++ b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp @@ -0,0 +1,47 @@ +//===-- lldb-commandinterpreter-fuzzer.cpp -------------------------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===---------------------------------------------------------------------===// + +#include <string> + +#include "lldb/API/SBCommandInterpreter.h" +#include "lldb/API/SBCommandInterpreterRunOptions.h" +#include "lldb/API/SBCommandReturnObject.h" +#include "lldb/API/SBDebugger.h" +#include "lldb/API/SBTarget.h" + +using namespace lldb; + +extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { + SBDebugger::Initialize(); + return 0; +} + +extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) { + // Convert the data into a null-terminated string + std::string str((char *)data, size); + + // Create a debugger and a dummy target + SBDebugger debugger = SBDebugger::Create(false); + SBTarget target = debugger.GetDummyTarget(); + + // Create a command interpreter for the current debugger + // A return object is needed to run the command interpreter + SBCommandReturnObject ro = SBCommandReturnObject(); + SBCommandInterpreter ci = debugger.GetCommandInterpreter(); + + // Use the fuzzer generated input as input for the command interpreter + if (ci.IsValid()) { + ci.HandleCommand(str.c_str(), ro, false); + } + + debugger.DeleteTarget(target); + SBDebugger::Destroy(debugger); + SBModule::GarbageCollectAllocatedModules(); + + return 0; +} _______________________________________________ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
