[Lldb-commits] [PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova created this revision.
cassanova added reviewers: JDevlieghere, mib.
cassanova added a project: LLDB.
Herald added a subscriber: mgorny.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a subscriber: lldb-commits.

This commit adds a fuzzer for LLDB's expression evaluator.
The fuzzer takes a different approach than the current fuzzers
present, and uses an approach that is currently being used for
clang fuzzers.

Instead of fuzzing the evaluator with randomly mutated
characters, protobufs are used to generate a subset of C++. This
is then converted to valid C++ code and sent to the expression
evaluator. In addition, libprotobuf_mutator is used to mutate
the fuzzer's inputs from valid C++ code to valid C++ code, rather
than mutating from valid code to total nonsense.

In order to use libprotobuf_mutator, a CMake module is added to
LLDB's CMake modules.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D129377

Files:
  lldb/cmake/modules/ProtobufMutator.cmake
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,73 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle-cxx/handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto-to-cxx/proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char **originalargv;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+
+  // The path for a simple compiled program is needed to create a
+  // target for the debugger and that path is passed in through argv
+  originalargv = *argv;
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function &input) {
+  auto S = clang_fuzzer::FunctionToString(input);
+
+  // Get the second argument from argv and strip the '--' from it.
+  // This will be used as the path for the object file to create a target from
+  std::string rawpath = originalargv[2];
+  StringRef objpath = rawpath.erase(0, 2);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(objpath.str().c_str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint bp = target.BreakpointCreateByLocation(objpath.str().c_str(), 1);
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo li = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(li, error);
+  target.EvaluateExpression(S.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
@@ -0,0 +1,92 @@
+//===-- cxx_proto.proto - Protobuf description of C++ -===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+///
+/// \file
+/// This file describes a subset of C++ as a protobuf.  It is used to
+///  more easily find interesting inputs for fuzzing Clang.
+///
+//===--===//
+
+syntax = "proto2";
+
+message VarRef {
+  required int32 varnum = 1;
+}
+
+message 

[Lldb-commits] [PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 443362.
cassanova edited the summary of this revision.
cassanova added a comment.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.

Building the expression evaluator fuzzer is now conditional on the 
CLANG_ENABLE_PROTO_FUZZER CMake variable being enabled.

Copying the source and header files from is no longer being done in the 
top-level CMake file, this is instead added to the subdirectories of the clang 
fuzzer.

The fuzzer uses Clang's CMake modules for libprotobuf_mutator instead of 
copying the module into LLDB.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
@@ -1,89 +1,50 @@
-set(LLVM_LINK_COMPONENTS
-  Support
-  )
-
-add_llvm_fuzzer(lldb-expression-fuzzer
-  EXCLUDE_FROM_ALL
-  lldb-expression-fuzzer.cpp
-  )
-
-if(TARGET lldb-expression-fuzzer)
-  target_include_directories(lldb-expression-fuzzer PRIVATE ..)
-
-  # Generate the necessary source and header files for using protobufs
-  find_package(Protobuf REQUIRED)
-  add_definitions(-DGOOGLE_PROTOBUF_NO_RTTI)
-  include_directories(${PROTOBUF_INCLUDE_DIRS})
-  include_directories(${CMAKE_CURRENT_BINARY_DIR})
-  protobuf_generate_cpp(PROTO_SRCS PROTO_HDRS cxx_proto.proto)
-  protobuf_generate_cpp(LOOP_PROTO_SRCS LOOP_PROTO_HDRS cxx_loop_proto.proto)
-  set(LLVM_OPTIONAL_SOURCES ${LLVM_OPTIONAL_SOURCES} ${PROTO_SRCS})
-
-  # Place the source and header files into a library for use by LLDB's expression fuzzer
-  # FIXME: It would be better to use add_lldb_library, but using this will cause an error
-  # during cmake's file generation phase
-  add_library(lldbCXXProto
-${PROTO_SRCS}
-${PROTO_HDRS}
-)
-
-  # Build and include the libprotobuf-mutator repository
-  include(ProtobufMutator)
-  include_directories(${ProtobufMutator_INCLUDE_DIRS})
-
-  # Create a variable for the libraries generated by protobuf and protobuf mutator
-  set(COMMON_PROTO_FUZZ_LIBRARIES
-${ProtobufMutator_LIBRARIES}
-${PROTOBUF_LIBRARIES}
-)
-
-  # Link the protobuf libraries as well as the clang libraries used to
-  # convert protobufs to C/C++
-  target_link_libraries(lldb-expression-fuzzer
-PRIVATE
-${COMMON_PROTO_FUZZ_LIBRARIES}
-clangHandleCXX
-lldbCXXProto
-clangProtoToCXX
-liblldb
+if(CLANG_ENABLE_PROTO_FUZZER)
+  set(LLVM_LINK_COMPONENTS
+Support
 )
 
-  # The target for this fuzzer needs to depend on the protobuf mutator
-  # repository
-  add_dependencies(lldb-expression-fuzzer lldb_protobuf_mutator)
-
-  add_custom_command(TARGET lldb-expression-fuzzer PRE_BUILD
-
-# FIXME: Copying the source and header files is not the preferred way to implement these libraries
-# on the LLDB side. It would be preferable to have the libraries for protobuf fuzzers be located
-# in a more central location
-
-# Create directories to store the files for handle-cxx and proto-to-cxx since the protobuf mutator
-# depends on them
-COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/handle-cxx
-COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/proto-to-cxx
-
-# Copy the header and source files for handle-cxx from clang
-COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer/handle-cxx/handle_cxx.h ${CMAKE_CURRENT_BINARY_DIR}/handle-cxx
-COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp ${CMAKE_CURRENT_BINARY_DIR}/handle-cxx
-
-# Copy the header and source files for proto-to-cxx from clang
-COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h ${CMAKE_CURRENT_BINARY_DIR}/proto-to-cxx
-COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp ${CMAKE_CURRENT_BINARY_DIR}/proto-to-cxx
-COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp ${CMAKE_CURRENT_BINARY_DIR}/proto-to-cxx
-
-# Create and compile a simple C program using the command line. This is
-# needed because LLDB's expression evaluator needs a legitmate target
-# instead of a dummy target
-COMMAND echo 'int main (int argc, char** argv) { return 0\; }' | clang -o main.out -xc -
+  add_llvm_fuzzer(lldb-expression-fuzzer
+EXCLUDE_FROM_ALL
+l

[Lldb-commits] [PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 443768.
cassanova added a comment.

Shows top-of-tree changes, however CMake generation fails that the 
ProtobufMutator target already exists for clang-fuzzer:

  CMake Error at 
/opt/homebrew/Cellar/cmake/3.23.1_1/share/cmake/Modules/ExternalProject.cmake:3453
 (add_custom_target):
add_custom_target cannot create target "protobuf_mutator" because another
target with the same name already exists.  The existing target is a custom
target created in source directory
"/Users/chelseacassanova/code/llvm-project/clang/tools/clang-fuzzer".


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,73 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle-cxx/handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto-to-cxx/proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char **originalargv;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+
+  // The path for a simple compiled program is needed to create a
+  // target for the debugger and that path is passed in through argv
+  originalargv = *argv;
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function &input) {
+  auto S = clang_fuzzer::FunctionToString(input);
+
+  // Get the second argument from argv and strip the '--' from it.
+  // This will be used as the path for the object file to create a target from
+  std::string rawpath = originalargv[2];
+  StringRef objpath = rawpath.erase(0, 2);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(objpath.str().c_str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint bp = target.BreakpointCreateByLocation(objpath.str().c_str(), 1);
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo li = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(li, error);
+  target.EvaluateExpression(S.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
@@ -0,0 +1,92 @@
+//===-- cxx_proto.proto - Protobuf description of C++ -===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+///
+/// \file
+/// This file describes a subset of C++ as a protobuf.  It is used to
+///  more easily find interesting inputs for fuzzing Clang.
+///
+//===--===//
+
+syntax = "proto2";
+
+message VarRef {
+  required int32 varnum = 1;
+}
+
+message Lvalue {
+  required VarRef varref = 1;
+}
+
+message Const {
+  required int32 val = 1;
+}
+
+message BinaryOp {
+  enum Op {
+PLUS = 0;
+MINUS = 1;
+MUL = 2;
+DIV = 3;

[Lldb-commits] [PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt:21
+
+include(ProtobufMutator)
+include_directories(${ProtobufMutator_INCLUDE_DIRS})

Commenting out this line causes the project to generate, but I get file not 
found errors when including the protobuf errors when trying to build the fuzzer.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: clang/cmake/modules/ProtobufMutator.cmake:4-5
+  set (PBM_PREFIX clang_protobuf_mutator)
+elseif(${CMAKE_CURRENT_SOURCE_DIR} MATCHES "lldb")
+  set (PBM_PREFIX lldb_protobuf_mutator)
+endif()

mib wrote:
> If feels wrong to me that the clang protobuf cmake module knows about lldb.
> 
> May be we should just have 2 separate files for clang and lldb
My preferred solution to this was just creating a target called 
${LLVM_VARIABLE_THAT_TELLS_YOU_THE_SUBPROJECT_NAME}_protobuf_mutator to avoid 
using if-statements and direct strings but it looks like clang and lldb aren't 
defined as subprojects unless they're being built standalone.

Also in the event that some other subproject wanted to use this library then 
this solution just gets messier. Having 2 different CMake module files for the 
clang and lldb sides each or putting protobuf mutator in a more central 
location is another way to approach this


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 444074.
cassanova added a comment.

The ProtobufMutator CMake module will build targets for clang and lldb 
individually depending on which project is building the mutator, instead of 
both fuzzers trying to build the same target.

The expression fuzzer's source file only includes handle-cxx and proto-to-cxx 
directly, instead of including them from their folders.

The expression fuzzer's CMake file adds the clang-fuzzer binary directory as a 
include directory so that the lldb fuzzer does not need to generate a second 
copy of cxx_proto.pb.h and cxx_proto.pb.cc. It also requires the Protobuf 
library, grabs its definitions and includes the protobuf include dirs to 
prevent a protobuf header from not being found in the expression fuzzer source 
file.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,73 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char **originalargv;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+
+  // The path for a simple compiled program is needed to create a
+  // target for the debugger and that path is passed in through argv
+  originalargv = *argv;
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function &input) {
+  auto S = clang_fuzzer::FunctionToString(input);
+
+  // Get the second argument from argv and strip the '--' from it.
+  // This will be used as the path for the object file to create a target from
+  std::string rawpath = originalargv[2];
+  StringRef objpath = rawpath.erase(0, 2);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(objpath.str().c_str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint bp = target.BreakpointCreateByLocation(objpath.str().c_str(), 1);
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo li = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(li, error);
+  target.EvaluateExpression(S.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
@@ -0,0 +1,92 @@
+//===-- cxx_proto.proto - Protobuf description of C++ -===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+///
+/// \file
+/// This file describes a subset of C++ as a protobuf.  It is used to
+///  more easily find interesting inputs for fuzzing Clang.
+///
+//===--===//
+
+syntax = "proto2";
+
+message VarRef {
+  required int32 varnum = 1;
+}
+
+messa

[Lldb-commits] [PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 444361.
cassanova added a comment.

Updated the ProtobufMutator CMake module and expression fuzzer CMakeLists file 
so that the expression fuzzer will create its own target name in its CMake 
file, and the ProtobufMutator will not attempt to create another target if one 
already exists

Also updated the expression fuzzer's CMake file to create a directory to store 
expression fuzzer artifacts.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,73 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char **originalargv;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+
+  // The path for a simple compiled program is needed to create a
+  // target for the debugger and that path is passed in through argv
+  originalargv = *argv;
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function &input) {
+  auto S = clang_fuzzer::FunctionToString(input);
+
+  // Get the second argument from argv and strip the '--' from it.
+  // This will be used as the path for the object file to create a target from
+  std::string rawpath = originalargv[2];
+  StringRef objpath = rawpath.erase(0, 2);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(objpath.str().c_str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint bp = target.BreakpointCreateByLocation(objpath.str().c_str(), 1);
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo li = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(li, error);
+  target.EvaluateExpression(S.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
@@ -0,0 +1,92 @@
+//===-- cxx_proto.proto - Protobuf description of C++ -===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+///
+/// \file
+/// This file describes a subset of C++ as a protobuf.  It is used to
+///  more easily find interesting inputs for fuzzing Clang.
+///
+//===--===//
+
+syntax = "proto2";
+
+message VarRef {
+  required int32 varnum = 1;
+}
+
+message Lvalue {
+  required VarRef varref = 1;
+}
+
+message Const {
+  required int32 val = 1;
+}
+
+message BinaryOp {
+  enum Op {
+PLUS = 0;
+MINUS = 1;
+MUL = 2;
+DIV = 3;
+MOD = 4;
+XOR = 5;
+AND = 6;
+OR = 7;
+EQ = 8;
+NE = 9;
+LE = 10;
+GE = 11;
+LT = 12;
+GT = 13;
+  };
+  required Op op = 1;
+  requir

[Lldb-commits] [PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova marked an inline comment as done.
cassanova added inline comments.



Comment at: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto:1
+//===-- cxx_proto.proto - Protobuf description of C++ 
-===//
+//

JDevlieghere wrote:
> Do we still need a copy of this for LLDB?
This file is used to generate the cxx_proto.pb.h which is included in the 
source file. Since we just use the clang-fuzzer directory as an include 
directory then we shouldn't need this file anymore 


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 444761.
cassanova edited the summary of this revision.
cassanova added a comment.

Removed the cxx_proto.proto file since we include the headers that it generates 
from the clang side.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,73 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char **originalargv;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+
+  // The path for a simple compiled program is needed to create a
+  // target for the debugger and that path is passed in through argv
+  originalargv = *argv;
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function &input) {
+  auto S = clang_fuzzer::FunctionToString(input);
+
+  // Get the second argument from argv and strip the '--' from it.
+  // This will be used as the path for the object file to create a target from
+  std::string rawpath = originalargv[2];
+  StringRef objpath = rawpath.erase(0, 2);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(objpath.str().c_str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint bp = target.BreakpointCreateByLocation(objpath.str().c_str(), 1);
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo li = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(li, error);
+  target.EvaluateExpression(S.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
@@ -0,0 +1,57 @@
+if(CLANG_ENABLE_PROTO_FUZZER)
+  set(LLVM_LINK_COMPONENTS
+Support
+)
+
+  add_llvm_fuzzer(lldb-expression-fuzzer
+EXCLUDE_FROM_ALL
+lldb-expression-fuzzer.cpp
+)
+
+  if(TARGET lldb-expression-fuzzer)
+target_include_directories(lldb-expression-fuzzer PRIVATE ..)
+find_package(Protobuf REQUIRED)
+add_definitions(-DGOOGLE_PROTOBUF_NO_RTTI)
+include_directories(${PROTOBUF_INCLUDE_DIRS})
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/../../../../clang/tools/clang-fuzzer PRIVATE ..)
+
+set(CLANG_CMAKE_MODULE_PATH
+  ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/cmake/modules)
+
+set(CMAKE_MODULE_PATH
+  ${CMAKE_MODULE_PATH}
+  ${CLANG_CMAKE_MODULE_PATH})
+
+
+set (PBM_PREFIX lldb_protobuf_mutator)
+include(ProtobufMutator)
+include_directories(${ProtobufMutator_INCLUDE_DIRS})
+
+target_link_libraries(lldb-expression-fuzzer
+  PRIVATE
+  ${ProtobufMutator_LIBRARIES}
+  ${LLVM_LIB_FUZZING_ENGINE}
+  clangHandleCXX
+  clangCXXProto
+  clangProtoToCXX
+  liblldb
+  )
+
+add_custom_command(TARGET lldb-expression-fuzzer PRE_BUILD
+  COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_BINARY_DIR}/fuzzer-artifacts/expression-artifacts
+  # Create and compile a simple C program using the command line. This 

[Lldb-commits] [PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

[Chelsea Cassanova via Phabricator via lldb-commits]

This revision was automatically updated to reflect the committed changes.
Closed by commit rGb797834748f1: [lldb/Fuzzer] Add fuzzer for expression 
evaluator (authored by cassanova).

Changed prior to commit:
  https://reviews.llvm.org/D129377?vs=444761&id=446982#toc

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,73 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char **originalargv;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+
+  // The path for a simple compiled program is needed to create a
+  // target for the debugger and that path is passed in through argv
+  originalargv = *argv;
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function &input) {
+  auto input_string = clang_fuzzer::FunctionToString(input);
+
+  // Get the second argument from argv and strip the '--' from it.
+  // This will be used as the path for the object file to create a target from
+  std::string raw_path = originalargv[2];
+  StringRef obj_path = raw_path.erase(0, 2);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(obj_path.str().c_str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint breakpoint = target.BreakpointCreateByLocation(obj_path.str().c_str(), 1);
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo launch_info = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(launch_info, error);
+  target.EvaluateExpression(input_string.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
@@ -0,0 +1,57 @@
+if(CLANG_ENABLE_PROTO_FUZZER)
+  set(LLVM_LINK_COMPONENTS
+Support
+)
+
+  add_llvm_fuzzer(lldb-expression-fuzzer
+EXCLUDE_FROM_ALL
+lldb-expression-fuzzer.cpp
+)
+
+  if(TARGET lldb-expression-fuzzer)
+target_include_directories(lldb-expression-fuzzer PRIVATE ..)
+find_package(Protobuf REQUIRED)
+add_definitions(-DGOOGLE_PROTOBUF_NO_RTTI)
+include_directories(${PROTOBUF_INCLUDE_DIRS})
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/../../../../clang/tools/clang-fuzzer PRIVATE ..)
+
+set(CLANG_CMAKE_MODULE_PATH
+  ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/cmake/modules)
+
+set(CMAKE_MODULE_PATH
+  ${CMAKE_MODULE_PATH}
+  ${CLANG_CMAKE_MODULE_PATH})
+
+
+set (PBM_PREFIX lldb_protobuf_mutator)
+include(ProtobufMutator)
+include_directories(${ProtobufMutator_INCLUDE_DIRS})
+
+target_link_libraries(lldb-expression-fuzzer
+  PRIVATE
+  ${ProtobufMutator_LIBRARIES}
+  ${LLVM_LIB_FUZZING_ENGINE}
+  clangHandleCXX
+  clangCXXProto
+  clangProtoToCXX
+  liblldb
+  )
+
+add_custom_command(TARGET lldb-expression-fuzzer PRE_BUILD
+  COMMAND ${CMAKE_COMMAND} -E make_directory 

[Lldb-commits] [PATCH] D131020: Reland "[lldb/Fuzzer] Add fuzzer for expression evaluator"

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova created this revision.
cassanova added reviewers: JDevlieghere, mib.
cassanova added a project: LLDB.
Herald added a subscriber: mgorny.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a project: clang.
Herald added subscribers: lldb-commits, cfe-commits.

This reverts commit d959324e1efec12c3924c17b7d90db0b37eb84c3 
.

The target_include_directories in the clang-fuzzer CMake files are set to 
PRIVATE instead of PUBLIC to prevent the clang buildbots from breaking when 
symlinking clang into llvm.

The expression evaluator fuzzer itself has been modified to prevent a bug that 
occurs when running it without a target.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D131020

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,95 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle-cxx/handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto-to-cxx/proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+#include "llvm/Support/FileSystem.h"
+#include "llvm/Support/FormatVariadic.h"
+#include "llvm/Support/WithColor.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char *target_path;
+
+void ReportError(llvm::StringRef message) {
+  WithColor::error() << message << '\n';
+  exit(1);
+}
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+#if !defined(_WIN32)
+  signal(SIGPIPE, SIG_IGN);
+#endif
+
+  target_path = ::getenv("LLDB_FUZZER_TARGET");
+  if (!target_path)
+ReportError(
+"no target path specified in with the LLDB_FUZZER_TARGET variable");
+
+  if (!sys::fs::exists(target_path))
+ReportError(formatv("target path '{0}' does not exist", target_path).str());
+
+  SBDebugger::Initialize();
+
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function &input) {
+  std::string expression = clang_fuzzer::FunctionToString(input);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  if (!debugger.IsValid())
+ReportError("Couldn't create debugger");
+
+  SBTarget target = debugger.CreateTarget(target_path);
+  if (!target.IsValid())
+ReportError(formatv("Couldn't create target '{0}'", target_path).str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint breakpoint = target.BreakpointCreateByName("main", target_path);
+  if (!breakpoint.IsValid())
+ReportError("Couldn't create breakpoint");
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo launch_info = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(launch_info, error);
+  if (!process.IsValid() || error.Fail())
+ReportError("Couldn't launch process");
+
+  SBValue value = target.EvaluateExpression(expression.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
@@ -0,0 +1,58 @@
+if(CLANG_ENABLE_PROTO_FUZZER)
+  set(LLVM_LINK_COMPONENTS
+Support
+)
+
+  add_llvm_fuzzer(lldb-expression-fuzzer
+EXCLUDE_FROM_ALL
+lldb-expression-fuzzer.cpp
+)
+
+  if(TARGET lldb-expression-fuzzer)
+target_include_directories(

[Lldb-commits] [PATCH] D131020: Reland "[lldb/Fuzzer] Add fuzzer for expression evaluator"

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 449729.
cassanova added a comment.

Set the LLDB_FUZZER_TARGET environment variable in the CMake file for the 
source code to use.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131020/new/

https://reviews.llvm.org/D131020

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,95 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle-cxx/handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto-to-cxx/proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+#include "llvm/Support/FileSystem.h"
+#include "llvm/Support/FormatVariadic.h"
+#include "llvm/Support/WithColor.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char *target_path;
+
+void ReportError(llvm::StringRef message) {
+  WithColor::error() << message << '\n';
+  exit(1);
+}
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+#if !defined(_WIN32)
+  signal(SIGPIPE, SIG_IGN);
+#endif
+
+  target_path = ::getenv("LLDB_FUZZER_TARGET");
+  if (!target_path)
+ReportError(
+"no target path specified in with the LLDB_FUZZER_TARGET variable");
+
+  if (!sys::fs::exists(target_path))
+ReportError(formatv("target path '{0}' does not exist", target_path).str());
+
+  SBDebugger::Initialize();
+
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function &input) {
+  std::string expression = clang_fuzzer::FunctionToString(input);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  if (!debugger.IsValid())
+ReportError("Couldn't create debugger");
+
+  SBTarget target = debugger.CreateTarget(target_path);
+  if (!target.IsValid())
+ReportError(formatv("Couldn't create target '{0}'", target_path).str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint breakpoint = target.BreakpointCreateByName("main", target_path);
+  if (!breakpoint.IsValid())
+ReportError("Couldn't create breakpoint");
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo launch_info = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(launch_info, error);
+  if (!process.IsValid() || error.Fail())
+ReportError("Couldn't launch process");
+
+  SBValue value = target.EvaluateExpression(expression.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
@@ -0,0 +1,60 @@
+if(CLANG_ENABLE_PROTO_FUZZER)
+  set(LLVM_LINK_COMPONENTS
+Support
+)
+
+  add_llvm_fuzzer(lldb-expression-fuzzer
+EXCLUDE_FROM_ALL
+lldb-expression-fuzzer.cpp
+)
+
+  if(TARGET lldb-expression-fuzzer)
+target_include_directories(lldb-expression-fuzzer PRIVATE ..)
+find_package(Protobuf REQUIRED)
+add_definitions(-DGOOGLE_PROTOBUF_NO_RTTI)
+include_directories(${PROTOBUF_INCLUDE_DIRS})
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/../../../../clang/tools/clang-fuzzer PRIVATE ..)
+include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer)
+
+set(CLANG_CMAKE_MODULE_PATH
+  ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/cmake/modules)
+
+set(CMAKE_MODULE_PATH
+  ${CMAKE_MODULE_PATH}
+  ${CLANG_CMAK

[Lldb-commits] [PATCH] D131605: [lldb][tests] Test queue-specific breakpoints

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova created this revision.
cassanova added reviewers: JDevlieghere, mib, jingham.
cassanova added a project: LLDB.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a subscriber: lldb-commits.

This commit adds tests to ensure that queue-specific breakpoints work as 
expected, as this feature wasn't being tested before.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D131605

Files:
  lldb/test/API/macosx/queues/TestQueues.py


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -122,6 +122,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the 
breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), 
queue1.GetName()))
+self.assertTrue(queue_breakpoint.GetHitCount() == 1,
+"The breakpoint for queue %s has not been hit" % 
(queue_breakpoint.GetQueueName()))
+self.assertEqual(queue1_thread.GetStopReason(), 3,
+ "Queue %s is not stopped at breakpoint %d" %
+ (queue1.GetName(), queue_breakpoint.GetID()))
+self.assertNotEqual(queue2_thread.GetStopReason(), 3,
+"Queue %s is stopped at breakpoint %d, but this 
breakpoint should only be hit for queue %s" %
+(queue2.GetName(), queue_breakpoint.GetID(), 
queue_breakpoint.GetQueueName()))
+
 def queues(self):
 """Test queues inspection SB APIs without libBacktraceRecording."""
 exe = self.getBuildArtifact("a.out")
@@ -138,6 +153,7 @@
 if len(threads) != 1:
 self.fail("Failed to stop at breakpoint 1.")
 
+main_thread = threads[0]
 self.inferior_process = process
 
 queue_submittor_1 = lldb.SBQueue()
@@ -183,6 +199,13 @@
 self.check_queues_threads_match_queue(queue_performer_2)
 self.check_queues_threads_match_queue(queue_performer_3)
 
+# Run the executable until the stopper function and get the breakpoint
+# that's created from that. Then set the queue name of the breakpoint
+# to be the name of the main thread
+queue_breakpoint = lldbutil.run_to_name_breakpoint(self, "stopper", 
only_one_thread=False)[3]
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())
+self.check_queue_breakpoints(main_thread.GetQueue(), 
queue_submittor_1, queue_breakpoint)
+
 # We have threads running with all the different dispatch QoS service
 # levels - find those threads and check that we can get the correct
 # QoS name for each of them.
@@ -291,6 +314,7 @@
 if len(threads) != 1:
 self.fail("Failed to stop at breakpoint 1.")
 
+main_thread = threads[0]
 self.inferior_process = process
 
 libbtr_module_filespec = lldb.SBFileSpec("libBacktraceRecording.dylib")
@@ -358,6 +382,13 @@
 self.check_queues_threads_match_queue(queue_performer_2)
 self.check_queues_threads_match_queue(queue_performer_3)
 
+# Run the executable until the stopper function and get the breakpoint
+# that's created from that. Then set the queue name of the breakpoint
+# to be the name of the main thread
+queue_breakpoint = lldbutil.run_to_name_breakpoint(self, "stopper", 
only_one_thread=False)[3]
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())
+self.check_queue_breakpoints(main_thread.GetQueue(), 
queue_submittor_1, queue_breakpoint)
+
 self.assertTrue(queue_performer_2.GetPendingItemAtIndex(
 0).IsValid(), "queue 2's pending item #0 is valid")
 
self.assertTrue(queue_performer_2.GetPendingItemAtIndex(0).GetAddress().GetSymbol(


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -122,6 +122,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), queue1.GetName()))
+self.assert

[Lldb-commits] [PATCH] D131605: [lldb][tests] Test queue-specific breakpoints

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: lldb/test/API/macosx/queues/TestQueues.py:133
+"The breakpoint for queue %s has not been hit" % 
(queue_breakpoint.GetQueueName()))
+self.assertEqual(queue1_thread.GetStopReason(), 3,
+ "Queue %s is not stopped at breakpoint %d" %

mib wrote:
> Could you replace that with the enum variable ?
Yes the enum variable would be better here



Comment at: lldb/test/API/macosx/queues/TestQueues.py:388
+# to be the name of the main thread
+queue_breakpoint = lldbutil.run_to_name_breakpoint(self, "stopper", 
only_one_thread=False)[3]
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())

mib wrote:
> Do you really need a `main_thread` variable since 
> `lldbutil.run_to_name_breakpoint` would return a tuple with `(target, 
> process, thread, bkpt)` ? Is the thread returned here different from the 
> `main_thread` you created above ?
The thread is the same actually, so it would probably be beneficial to just get 
the thread from `run_to_name_breakpoint` instead.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131605/new/

https://reviews.llvm.org/D131605

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D131605: [lldb][tests] Test queue-specific breakpoints

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 452267.
cassanova added a comment.

Use the enum name for the stop reason when asserting that the queues hit their 
breakpoints instead of just the raw number.

Also, get the main thread from `run_to_name_breakpoint` instead of getting it 
from `get_threads_stopped_at_breakpoint`


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131605/new/

https://reviews.llvm.org/D131605

Files:
  lldb/test/API/macosx/queues/TestQueues.py


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -122,6 +122,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the 
breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), 
queue1.GetName()))
+self.assertTrue(queue_breakpoint.GetHitCount() == 1,
+"The breakpoint for queue %s has not been hit" % 
(queue_breakpoint.GetQueueName()))
+self.assertEqual(queue1_thread.GetStopReason(), 
lldb.eStopReasonBreakpoint,
+ "Queue %s is not stopped at breakpoint %d" %
+ (queue1.GetName(), queue_breakpoint.GetID()))
+self.assertNotEqual(queue2_thread.GetStopReason(), 
lldb.eStopReasonBreakpoint,
+"Queue %s is stopped at breakpoint %d, but this 
breakpoint should only be hit for queue %s" %
+(queue2.GetName(), queue_breakpoint.GetID(), 
queue_breakpoint.GetQueueName()))
+
 def queues(self):
 """Test queues inspection SB APIs without libBacktraceRecording."""
 exe = self.getBuildArtifact("a.out")
@@ -183,6 +198,15 @@
 self.check_queues_threads_match_queue(queue_performer_2)
 self.check_queues_threads_match_queue(queue_performer_3)
 
+# Run the executable until the stopper function and get the breakpoint
+# that's created from that. Then set the queue name of the breakpoint
+# to be the name of the main thread
+process_info = lldbutil.run_to_name_breakpoint(self, "stopper", 
only_one_thread=False)
+main_thread = process_info[2]
+queue_breakpoint = process_info[3]
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())
+self.check_queue_breakpoints(main_thread.GetQueue(), 
queue_submittor_1, queue_breakpoint)
+
 # We have threads running with all the different dispatch QoS service
 # levels - find those threads and check that we can get the correct
 # QoS name for each of them.
@@ -291,6 +315,7 @@
 if len(threads) != 1:
 self.fail("Failed to stop at breakpoint 1.")
 
+main_thread = threads[0]
 self.inferior_process = process
 
 libbtr_module_filespec = lldb.SBFileSpec("libBacktraceRecording.dylib")
@@ -358,6 +383,15 @@
 self.check_queues_threads_match_queue(queue_performer_2)
 self.check_queues_threads_match_queue(queue_performer_3)
 
+# Run the executable until the stopper function and get the breakpoint
+# that's created from that. Then set the queue name of the breakpoint
+# to be the name of the main thread
+process_info = lldbutil.run_to_name_breakpoint(self, "stopper", 
only_one_thread=False)
+main_thread = process_info[2]
+queue_breakpoint = process_info[3]
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())
+self.check_queue_breakpoints(main_thread.GetQueue(), 
queue_submittor_1, queue_breakpoint)
+
 self.assertTrue(queue_performer_2.GetPendingItemAtIndex(
 0).IsValid(), "queue 2's pending item #0 is valid")
 
self.assertTrue(queue_performer_2.GetPendingItemAtIndex(0).GetAddress().GetSymbol(


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -122,6 +122,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), queue1.GetName()))
+self.assertTrue(

[Lldb-commits] [PATCH] D131605: [lldb][tests] Test queue-specific breakpoints

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 452275.
cassanova added a comment.

All variables needed from `run_to_name_breakpoint` are obtained in one line 
rather than getting them by index.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131605/new/

https://reviews.llvm.org/D131605

Files:
  lldb/test/API/macosx/queues/TestQueues.py


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -122,6 +122,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the 
breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), 
queue1.GetName()))
+self.assertTrue(queue_breakpoint.GetHitCount() == 1,
+"The breakpoint for queue %s has not been hit" % 
(queue_breakpoint.GetQueueName()))
+self.assertEqual(queue1_thread.GetStopReason(), 
lldb.eStopReasonBreakpoint,
+ "Queue %s is not stopped at breakpoint %d" %
+ (queue1.GetName(), queue_breakpoint.GetID()))
+self.assertNotEqual(queue2_thread.GetStopReason(), 
lldb.eStopReasonBreakpoint,
+"Queue %s is stopped at breakpoint %d, but this 
breakpoint should only be hit for queue %s" %
+(queue2.GetName(), queue_breakpoint.GetID(), 
queue_breakpoint.GetQueueName()))
+
 def queues(self):
 """Test queues inspection SB APIs without libBacktraceRecording."""
 exe = self.getBuildArtifact("a.out")
@@ -183,6 +198,13 @@
 self.check_queues_threads_match_queue(queue_performer_2)
 self.check_queues_threads_match_queue(queue_performer_3)
 
+# Run the executable until the stopper function and get the breakpoint
+# that's created from that. Then set the queue name of the breakpoint
+# to be the name of the main thread
+target, process, main_thread, queue_breakpoint = 
lldbutil.run_to_name_breakpoint(self, "stopper", only_one_thread=False)
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())
+self.check_queue_breakpoints(main_thread.GetQueue(), 
queue_submittor_1, queue_breakpoint)
+
 # We have threads running with all the different dispatch QoS service
 # levels - find those threads and check that we can get the correct
 # QoS name for each of them.
@@ -291,6 +313,7 @@
 if len(threads) != 1:
 self.fail("Failed to stop at breakpoint 1.")
 
+main_thread = threads[0]
 self.inferior_process = process
 
 libbtr_module_filespec = lldb.SBFileSpec("libBacktraceRecording.dylib")
@@ -358,6 +381,13 @@
 self.check_queues_threads_match_queue(queue_performer_2)
 self.check_queues_threads_match_queue(queue_performer_3)
 
+# Run the executable until the stopper function and get the breakpoint
+# that's created from that. Then set the queue name of the breakpoint
+# to be the name of the main thread
+target, process, main_thread, queue_breakpoint = 
lldbutil.run_to_name_breakpoint(self, "stopper", only_one_thread=False)
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())
+self.check_queue_breakpoints(main_thread.GetQueue(), 
queue_submittor_1, queue_breakpoint)
+
 self.assertTrue(queue_performer_2.GetPendingItemAtIndex(
 0).IsValid(), "queue 2's pending item #0 is valid")
 
self.assertTrue(queue_performer_2.GetPendingItemAtIndex(0).GetAddress().GetSymbol(


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -122,6 +122,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), queue1.GetName()))
+self.assertTrue(queue_breakpoint.GetHitCount() == 1,
+"The breakpoint for queue %s has not been hit" % (queue_breakpoint.GetQueueName()))
+self.assertEqual(queue1_thread.GetStopReason(), lldb.eStopReasonBreakpoint,

[Lldb-commits] [PATCH] D131605: [lldb][tests] Test queue-specific breakpoints

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: lldb/test/API/macosx/queues/TestQueues.py:204-206
+process_info = lldbutil.run_to_name_breakpoint(self, "stopper", 
only_one_thread=False)
+main_thread = process_info[2]
+queue_breakpoint = process_info[3]

mib wrote:
> Why not do it this way ? Takes less space and it's easier to read (for people 
> who don't know what `process_info[2]` and `process_info[3]` refers to)
This is a much cleaner way to write it :)


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131605/new/

https://reviews.llvm.org/D131605

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D131605: [lldb][tests] Test queue-specific breakpoints

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: lldb/test/API/macosx/queues/TestQueues.py:131
+ "The breakpoint was set for queue %s, but the 
breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), 
queue1.GetName()))
+self.assertTrue(queue_breakpoint.GetHitCount() == 1,
+"The breakpoint for queue %s has not been hit" % 
(queue_breakpoint.GetQueueName()))

mib wrote:
> teemperor wrote:
> > missed assertEqual here?
> +1!
Yes, adding this in 


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131605/new/

https://reviews.llvm.org/D131605

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D131605: [lldb][tests] Test queue-specific breakpoints

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 452302.
cassanova added a comment.

Changed an `assertTrue` to `assertEqual`.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131605/new/

https://reviews.llvm.org/D131605

Files:
  lldb/test/API/macosx/queues/TestQueues.py


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -122,6 +122,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the 
breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), 
queue1.GetName()))
+self.assertEqual(queue_breakpoint.GetHitCount(), 1,
+"The breakpoint for queue %s has not been hit" % 
(queue_breakpoint.GetQueueName()))
+self.assertEqual(queue1_thread.GetStopReason(), 
lldb.eStopReasonBreakpoint,
+ "Queue %s is not stopped at breakpoint %d" %
+ (queue1.GetName(), queue_breakpoint.GetID()))
+self.assertNotEqual(queue2_thread.GetStopReason(), 
lldb.eStopReasonBreakpoint,
+"Queue %s is stopped at breakpoint %d, but this 
breakpoint should only be hit for queue %s" %
+(queue2.GetName(), queue_breakpoint.GetID(), 
queue_breakpoint.GetQueueName()))
+
 def queues(self):
 """Test queues inspection SB APIs without libBacktraceRecording."""
 exe = self.getBuildArtifact("a.out")
@@ -183,6 +198,13 @@
 self.check_queues_threads_match_queue(queue_performer_2)
 self.check_queues_threads_match_queue(queue_performer_3)
 
+# Run the executable until the stopper function and get the breakpoint
+# that's created from that. Then set the queue name of the breakpoint
+# to be the name of the main thread
+target, process, main_thread, queue_breakpoint = 
lldbutil.run_to_name_breakpoint(self, "stopper", only_one_thread=False)
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())
+self.check_queue_breakpoints(main_thread.GetQueue(), 
queue_submittor_1, queue_breakpoint)
+
 # We have threads running with all the different dispatch QoS service
 # levels - find those threads and check that we can get the correct
 # QoS name for each of them.
@@ -291,6 +313,7 @@
 if len(threads) != 1:
 self.fail("Failed to stop at breakpoint 1.")
 
+main_thread = threads[0]
 self.inferior_process = process
 
 libbtr_module_filespec = lldb.SBFileSpec("libBacktraceRecording.dylib")
@@ -358,6 +381,13 @@
 self.check_queues_threads_match_queue(queue_performer_2)
 self.check_queues_threads_match_queue(queue_performer_3)
 
+# Run the executable until the stopper function and get the breakpoint
+# that's created from that. Then set the queue name of the breakpoint
+# to be the name of the main thread
+target, process, main_thread, queue_breakpoint = 
lldbutil.run_to_name_breakpoint(self, "stopper", only_one_thread=False)
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())
+self.check_queue_breakpoints(main_thread.GetQueue(), 
queue_submittor_1, queue_breakpoint)
+
 self.assertTrue(queue_performer_2.GetPendingItemAtIndex(
 0).IsValid(), "queue 2's pending item #0 is valid")
 
self.assertTrue(queue_performer_2.GetPendingItemAtIndex(0).GetAddress().GetSymbol(


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -122,6 +122,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), queue1.GetName()))
+self.assertEqual(queue_breakpoint.GetHitCount(), 1,
+"The breakpoint for queue %s has not been hit" % (queue_breakpoint.GetQueueName()))
+self.assertEqual(queue1_thread.GetStopReason(), lldb.eStopReasonBreakpoint,
+ "Queue %s is not stopped at breakpoint %d" %
+

[Lldb-commits] [PATCH] D131605: [lldb][tests] Test queue-specific breakpoints

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: lldb/test/API/macosx/queues/TestQueues.py:201-206
+# Run the executable until the stopper function and get the breakpoint
+# that's created from that. Then set the queue name of the breakpoint
+# to be the name of the main thread
+target, process, main_thread, queue_breakpoint = 
lldbutil.run_to_name_breakpoint(self, "stopper", only_one_thread=False)
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())
+self.check_queue_breakpoints(main_thread.GetQueue(), 
queue_submittor_1, queue_breakpoint)

JDevlieghere wrote:
> This seems like it should be its own test. Right now this is reassigning the 
> target and process, which seems suspicious, and also changes the meaning of 
> everything that comes after it. 
Good point, I'm placing the queue specific tests into their own test.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131605/new/

https://reviews.llvm.org/D131605

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D131605: [lldb][tests] Test queue-specific breakpoints

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 452853.
cassanova added a comment.

Added the queue-specific breakpoints to their own test.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131605/new/

https://reviews.llvm.org/D131605

Files:
  lldb/test/API/macosx/queues/TestQueues.py


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -20,6 +20,12 @@
 self.build()
 self.queues()
 
+@skipUnlessDarwin
+@add_test_categories(['pyapi'])
+def test_queue_specific_breakpoints(self):
+self.build()
+self.queue_specific_breakpoints()
+
 @skipUnlessDarwin
 @add_test_categories(['pyapi'])
 def test_with_python_api_queues_with_backtrace(self):
@@ -122,6 +128,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the 
breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), 
queue1.GetName()))
+self.assertEqual(queue_breakpoint.GetHitCount(), 1,
+"The breakpoint for queue %s has not been hit" % 
(queue_breakpoint.GetQueueName()))
+self.assertStopReason(queue1_thread.GetStopReason(), 
lldb.eStopReasonBreakpoint,
+ "Queue %s is not stopped at breakpoint %d" %
+ (queue1.GetName(), queue_breakpoint.GetID()))
+self.assertNotEqual(queue2_thread.GetStopReason(), 
lldb.eStopReasonBreakpoint,
+"Queue %s is stopped at breakpoint %d, but this 
breakpoint should only be hit for queue %s" %
+(queue2.GetName(), queue_breakpoint.GetID(), 
queue_breakpoint.GetQueueName()))
+
 def queues(self):
 """Test queues inspection SB APIs without libBacktraceRecording."""
 exe = self.getBuildArtifact("a.out")
@@ -371,3 +392,21 @@
 ).GetName() == "doing_the_work_2", "queue 2's pending item #0 should 
be doing_the_work_2")
 self.assertTrue(queue_performer_2.GetPendingItemAtIndex(
 ).IsValid() == False, "queue 2's pending item # is 
invalid")
+
+def queue_specific_breakpoints(self):
+# Run the executable until the stopper function and get the breakpoint
+# that's created from that. Then set the queue name of the breakpoint
+# to be the name of the main thread
+target, process, main_thread, queue_breakpoint = 
lldbutil.run_to_name_breakpoint(self, "stopper", only_one_thread=False)
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())
+
+# Create a submittor queue
+queue_submittor_1 = lldb.SBQueue()
+for idx in range(0, process.GetNumQueues()):
+q = process.GetQueueAtIndex(idx)
+if q.GetName() == "com.apple.work_submittor_1":
+queue_submittor_1 = q
+
+self.assertTrue(queue_submittor_1.IsValid(), "Unable to get expected 
queue com.apple.work_submittor_1, instead got queue %s" % 
(queue_submittor_1.GetName()))
+
+self.check_queue_breakpoints(main_thread.GetQueue(), 
queue_submittor_1, queue_breakpoint)


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -20,6 +20,12 @@
 self.build()
 self.queues()
 
+@skipUnlessDarwin
+@add_test_categories(['pyapi'])
+def test_queue_specific_breakpoints(self):
+self.build()
+self.queue_specific_breakpoints()
+
 @skipUnlessDarwin
 @add_test_categories(['pyapi'])
 def test_with_python_api_queues_with_backtrace(self):
@@ -122,6 +128,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), queue1.GetName()))
+self.assertEqual(queue_breakpoint.GetHitCount(), 1,
+"The breakpoint for queue %s has not been hit" % (queue_breakpoint.GetQueueName()))
+self.assertStopReason(queue1_thread.GetStopReason(), lldb.eStopReasonBreakpoint,
+ "Queue %s is not stopped at breakpoint %

[Lldb-commits] [PATCH] D131605: [lldb][tests] Test queue-specific breakpoints

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: lldb/test/API/macosx/queues/TestQueues.py:131
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)

JDevlieghere wrote:
> Any reason this should be a separate function? Can this be inlined in 
> `queue_specific_breakpoints`?
It can be inlined, the reason I had it in a separate function is that it 
matched the rest of the test in having the assertions be in their own functions.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131605/new/

https://reviews.llvm.org/D131605

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D131605: [lldb][tests] Test queue-specific breakpoints

[Chelsea Cassanova via Phabricator via lldb-commits]

This revision was automatically updated to reflect the committed changes.
Closed by commit rG9525015c1bed: [lldb][tests] Test queue-specific breakpoints 
(authored by cassanova).

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131605/new/

https://reviews.llvm.org/D131605

Files:
  lldb/test/API/macosx/queues/TestQueues.py


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -16,6 +16,12 @@
 self.build()
 self.queues()
 
+@skipUnlessDarwin
+@add_test_categories(['pyapi'])
+def test_queue_specific_breakpoints(self):
+self.build()
+self.queue_specific_breakpoints()
+
 @skipUnlessDarwin
 @add_test_categories(['pyapi'])
 def test_with_python_api_queues_with_backtrace(self):
@@ -118,6 +124,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the 
breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), 
queue1.GetName()))
+self.assertEqual(queue_breakpoint.GetHitCount(), 1,
+"The breakpoint for queue %s has not been hit" % 
(queue_breakpoint.GetQueueName()))
+self.assertStopReason(queue1_thread.GetStopReason(), 
lldb.eStopReasonBreakpoint,
+ "Queue %s is not stopped at breakpoint %d" %
+ (queue1.GetName(), queue_breakpoint.GetID()))
+self.assertNotEqual(queue2_thread.GetStopReason(), 
lldb.eStopReasonBreakpoint,
+"Queue %s is stopped at breakpoint %d, but this 
breakpoint should only be hit for queue %s" %
+(queue2.GetName(), queue_breakpoint.GetID(), 
queue_breakpoint.GetQueueName()))
+
 def queues(self):
 """Test queues inspection SB APIs without libBacktraceRecording."""
 exe = self.getBuildArtifact("a.out")
@@ -367,3 +388,21 @@
 ).GetName() == "doing_the_work_2", "queue 2's pending item #0 should 
be doing_the_work_2")
 self.assertTrue(queue_performer_2.GetPendingItemAtIndex(
 ).IsValid() == False, "queue 2's pending item # is 
invalid")
+
+def queue_specific_breakpoints(self):
+# Run the executable until the stopper function and get the breakpoint
+# that's created from that. Then set the queue name of the breakpoint
+# to be the name of the main thread
+target, process, main_thread, queue_breakpoint = 
lldbutil.run_to_name_breakpoint(self, "stopper", only_one_thread=False)
+queue_breakpoint.SetQueueName(main_thread.GetQueue().GetName())
+
+# Create a submittor queue
+queue_submittor_1 = lldb.SBQueue()
+for idx in range(0, process.GetNumQueues()):
+q = process.GetQueueAtIndex(idx)
+if q.GetName() == "com.apple.work_submittor_1":
+queue_submittor_1 = q
+
+self.assertTrue(queue_submittor_1.IsValid(), "Unable to get expected 
queue com.apple.work_submittor_1, instead got queue %s" % 
(queue_submittor_1.GetName()))
+
+self.check_queue_breakpoints(main_thread.GetQueue(), 
queue_submittor_1, queue_breakpoint)


Index: lldb/test/API/macosx/queues/TestQueues.py
===
--- lldb/test/API/macosx/queues/TestQueues.py
+++ lldb/test/API/macosx/queues/TestQueues.py
@@ -16,6 +16,12 @@
 self.build()
 self.queues()
 
+@skipUnlessDarwin
+@add_test_categories(['pyapi'])
+def test_queue_specific_breakpoints(self):
+self.build()
+self.queue_specific_breakpoints()
+
 @skipUnlessDarwin
 @add_test_categories(['pyapi'])
 def test_with_python_api_queues_with_backtrace(self):
@@ -118,6 +124,21 @@
  t.GetQueue().GetQueueID(),
 queue.GetQueueID()))
 
+def check_queue_breakpoints(self, queue1, queue2, queue_breakpoint):
+queue1_thread = queue1.GetThreadAtIndex(0)
+queue2_thread = queue2.GetThreadAtIndex(0)
+
+self.assertEqual(queue_breakpoint.GetQueueName(), queue1.GetName(),
+ "The breakpoint was set for queue %s, but the breakpoint's queue name is %s" % (queue_breakpoint.GetQueueName(), queue1.GetName()))
+self.assertEqual(queue_breakpoint.GetHitCount(), 1,
+"The breakpoint for queue %s has not been hit" % (queue_breakpoint.GetQueueName()))
+self.assertStopReason(queue1_thread.GetStopReason(), lldb.eStopReasonBreakpoint,
+   

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova created this revision.
cassanova added reviewers: JDevlieghere, mib.
cassanova added a project: LLDB.
Herald added a subscriber: arphaman.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a subscriber: lldb-commits.

This commit adds a new page to the LLDB HTML documentation for the LLDB 
fuzzers. The page primarily explains what the fuzzers are as well as how to 
build them, run them and investigate and reproduce bugs.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D132148

Files:
  lldb/docs/index.rst
  lldb/docs/resources/fuzzing.rst


Index: lldb/docs/resources/fuzzing.rst
===
--- /dev/null
+++ lldb/docs/resources/fuzzing.rst
@@ -0,0 +1,77 @@
+Fuzzing LLDB
+
+
+Overview
+
+
+LLDB has fuzzers that provide automated `fuzz testing 
`_ for different components of LLDB. The 
fuzzers are built with `libFuzzer `_ . 
Currently, there are fuzzers for target creation, LLDB's command interpreter 
and LLDB's expression evaluator.
+
+Building the fuzzers
+
+
+Building the LLDB fuzzers requires a build configuration that has the address 
sanitizer and sanitizer coverage. This CMake invocation will configure a build 
directory that can be used to build the LLDB fuzzers:
+
+::
+   $ cmake  \
+-G Ninja \
+-DCMAKE_BUILD_TYPE='Release' \
+-DLLVM_USE_SANITIZER='Address' \
+-DLLVM_USE_SANITIZE_COVERAGE=On \
+-DLLVM_BUILD_RUNTIME=Off \
+-DLLVM_ENABLE_ASSERTIONS:BOOL=ON \
+-DLLDB_ENABLE_PYTHON=ON \
+-DLLVM_ENABLE_PROJECTS='llvm;clang;lldb' \
+-DLLVM_ENABLE_RUNTIMES='libcxx;libcxxabi'
+
+If you want to debug LLDB itself when you find a bug using the fuzzers, use 
the CMake option ``-DCMAKE_BUILD_TYPE='RelWithDebInfo'``
+
+To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to 
build:
+
+::
+   $ ninja lldb-target-fuzzer
+   $ ninja lldb-commandinterpreter-fuzzer
+   $ ninja lldb-expression-fuzzer
+
+Once built, the binaries for the fuzzers will exist in the ``bin`` directory 
of your build folder.
+
+Note that building the LLDB expression evaluator fuzzer will require the CMake 
option ``-DCLANG_ENABLE_PROTO_FUZZER=ON``.
+
+Running the fuzzers
+---
+
+Currently, there are plans to integrate the LLDB fuzzers into the `OSS Fuzz 
`_ project for continuous integration.
+
+If you want to run the fuzzers on your own machine, you can run the binaries 
that were generated with ninja:
+
+::
+   $ .//bin/lldb-target-fuzzer
+   $ .//bin/lldb-commandinterpreter-fuzzer
+   $ .//bin/lldb-expression-fuzzer
+
+This will run the fuzzer binaries directly, and you can use the `libFuzzer 
options `_ to customize how the 
fuzzers are run.
+
+Another way to run the fuzzers is to use a ninja target that will both build 
the fuzzers and then run them immediately after. These custom targets run each 
fuzzer with command-line arguments that provide better fuzzing for the 
components being tested. Running the fuzzers this way will also create 
directories that will store any inputs that caused LLDB to crash, timeout or 
run out of memory. The directories are created for each fuzzer.
+
+To run the custom ninja targets, run the command for your desired fuzzer:
+
+::
+   $ ninja fuzz-lldb-target
+   $ ninja fuzz-lldb-commandinterpreter
+   $ ninja fuzz-lldb-expression
+
+Investigating and reproducing bugs
+--
+
+When the fuzzers find an input that causes LLDB to crash, timeout or run out 
of memory, the input is saved to a file in the build directory. When running 
the fuzzer binaries directly this input is stored in a file named 
``-``.
+
+When running the fuzzers using the custom ninja targets shown above, the 
inputs will be stored in ``fuzzer-artifacts/-artifacts``, which is 
created in your build directory. The input files will have the name ``--``.
+
+If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the input to LLDB depending on which component you were 
fuzzing. For example, if you found an input that crashed target creation, you 
could run:
+
+::
+   $ lldb 
+
+If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the individual input to the fuzzer binary as a command-line 
argument:
+
+::
+   $ ./ 
Index: lldb/docs/index.rst
===
--- lldb/docs/index.rst
+++ lldb/docs/index.rst
@@ -150,6 +150,7 @@
resources/contributing
resources/build
resources/test
+   resources/fuzzing
resources/bots
resources/caveats
 


Index: lldb/docs/resources/fuzzing.rst
=

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: lldb/docs/resources/fuzzing.rst:12
+
+Building the LLDB fuzzers requires a build configuration that has the address 
sanitizer and sanitizer coverage. This CMake invocation will configure a build 
directory that can be used to build the LLDB fuzzers:
+

mib wrote:
> missing word ?
Yep :)



Comment at: lldb/docs/resources/fuzzing.rst:14-26
+::
+   $ cmake  \
+-G Ninja \
+-DCMAKE_BUILD_TYPE='Release' \
+-DLLVM_USE_SANITIZER='Address' \
+-DLLVM_USE_SANITIZE_COVERAGE=On \
+-DLLVM_BUILD_RUNTIME=Off \

JDevlieghere wrote:
> I would simplify this a bit and say that in addition to your regular CMake 
> arguments, you have to pass `-DLLVM_USE_SANITIZER='Address'  
> -DLLVM_USE_SANITIZE_COVERAGE=On`. I think the libfuzzer documentation says 
> something similar so in addition to listing that explicitly here, we should 
> also include a link to that (in case that ever changes in the future). 
That's a good idea. I didn't mention this explicitly here but I put the entire 
CMake invocation because I assumed that someone who wanted to try this would be 
making a new, not-in-source-tree build directory.



Comment at: lldb/docs/resources/fuzzing.rst:37
+
+Note that building the LLDB expression evaluator fuzzer will require the CMake 
option ``-DCLANG_ENABLE_PROTO_FUZZER=ON``.
+

mib wrote:
> Is it an issue to have this enabled for the other fuzzers ? If not, may be 
> you should just add it to the general cmake invocation 
Having this enabled doesn't cause problems for the other fuzzers. I had this on 
its own in case there were people that didn't want to use all of the fuzzers 
and therefore wouldn't need this option enabled all the time.

I can place this in the line that would say "In addition to your regular CMake 
arguments...". Also having a target that builds all fuzzers is a good idea.



Comment at: lldb/docs/resources/fuzzing.rst:42
+
+Currently, there are plans to integrate the LLDB fuzzers into the `OSS Fuzz 
`_ project for continuous integration.
+

JDevlieghere wrote:
> I think this could be its own section that talks about where the fuzzers are 
> (will be) running. 
I can add a "Continuous Integration" section for OSS Fuzz



Comment at: lldb/docs/resources/fuzzing.rst:47-49
+   $ .//bin/lldb-target-fuzzer
+   $ .//bin/lldb-commandinterpreter-fuzzer
+   $ .//bin/lldb-expression-fuzzer

JDevlieghere wrote:
> I would say  "from the build directory" and use relative paths here.
Sounds good, what's funny is that I originally had the relative directories and 
then I removed them to try and be more general :)



Comment at: lldb/docs/resources/fuzzing.rst:69-72
+If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the input to LLDB depending on which component you were 
fuzzing. For example, if you found an input that crashed target creation, you 
could run:
+
+::
+   $ lldb 

JDevlieghere wrote:
> This is specific to LLDB's target fuzzer and not something I think folks 
> should rely on. libfuzzer makes it really easy to reproduce bugs (as you 
> explain below) so we should encourage everyone to use that.  
That makes sense, I used the target fuzzer as an example for using fuzzer 
inputs with LLDB itself but for reproducing it's better to use libFuzzer.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 453808.
cassanova added a comment.

Removed the full CMake invocation for the fuzzer build configuration.

Added the information on OSS Fuzz to its own section.

Changed build directory in fuzzer execution command to use a relative path.

Removed reference to using LLDB with fuzzer inputs.

Fixed typos.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

Files:
  lldb/docs/index.rst
  lldb/docs/resources/fuzzing.rst


Index: lldb/docs/resources/fuzzing.rst
===
--- /dev/null
+++ lldb/docs/resources/fuzzing.rst
@@ -0,0 +1,68 @@
+Fuzzing LLDB
+
+
+Overview
+
+
+LLDB has fuzzers that provide automated `fuzz testing 
`_ for different components of LLDB. The 
fuzzers are built with `libFuzzer `_ . 
Currently, there are fuzzers for target creation, LLDB's command interpreter 
and LLDB's expression evaluator.
+
+Building the fuzzers
+
+
+Building the LLDB fuzzers requires a build configuration that has the address 
sanitizer and sanitizer coverage enabled. In addition to your regular CMake 
arguments, you will need these argumets to build the fuzzers:
+
+::
+   $ -DLLVM_USE_SANITIZER='Address'
+   $ -DLLVM_USE_SANITIZE_COVERAGE=On
+   $ -DCLANG_ENABLE_PROTO_FUZZER=ON
+
+More information on libFuzzer's sanitizer coverage is available here: 
``_
+
+If you want to debug LLDB itself when you find a bug using the fuzzers, use 
the CMake option ``-DCMAKE_BUILD_TYPE='RelWithDebInfo'``
+
+To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to 
build:
+
+::
+   $ ninja lldb-target-fuzzer
+   $ ninja lldb-commandinterpreter-fuzzer
+   $ ninja lldb-expression-fuzzer
+
+Once built, the binaries for the fuzzers will exist in the ``bin`` directory 
of your build folder.
+
+Continuous integration
+--
+
+Currently, there are plans to integrate the LLDB fuzzers into the `OSS Fuzz 
`_ project for continuous integration.
+
+Running the fuzzers
+---
+
+If you want to run the fuzzers locally, you can run the binaries that were 
generated with ninja from the build directory:
+
+::
+   $ ./bin/lldb-target-fuzzer
+   $ ./bin/lldb-commandinterpreter-fuzzer
+   $ ./bin/lldb-expression-fuzzer
+
+This will run the fuzzer binaries directly, and you can use the `libFuzzer 
options `_ to customize how the 
fuzzers are run.
+
+Another way to run the fuzzers is to use a ninja target that will both build 
the fuzzers and then run them immediately after. These custom targets run each 
fuzzer with command-line arguments that provide better fuzzing for the 
components being tested. Running the fuzzers this way will also create 
directories that will store any inputs that caused LLDB to crash, timeout or 
run out of memory. The directories are created for each fuzzer.
+
+To run the custom ninja targets, run the command for your desired fuzzer:
+
+::
+   $ ninja fuzz-lldb-target
+   $ ninja fuzz-lldb-commandinterpreter
+   $ ninja fuzz-lldb-expression
+
+Investigating and reproducing bugs
+--
+
+When the fuzzers find an input that causes LLDB to crash, timeout or run out 
of memory, the input is saved to a file in the build directory. When running 
the fuzzer binaries directly this input is stored in a file named 
``-``.
+
+When running the fuzzers using the custom ninja targets shown above, the 
inputs will be stored in ``fuzzer-artifacts/-artifacts``, which is 
created in your build directory. The input files will have the name ``--``.
+
+If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the individual input to the fuzzer binary as a command-line 
argument:
+
+::
+   $ ./ 
Index: lldb/docs/index.rst
===
--- lldb/docs/index.rst
+++ lldb/docs/index.rst
@@ -150,6 +150,7 @@
resources/contributing
resources/build
resources/test
+   resources/fuzzing
resources/bots
resources/caveats
 


Index: lldb/docs/resources/fuzzing.rst
===
--- /dev/null
+++ lldb/docs/resources/fuzzing.rst
@@ -0,0 +1,68 @@
+Fuzzing LLDB
+
+
+Overview
+
+
+LLDB has fuzzers that provide automated `fuzz testing `_ for different components of LLDB. The fuzzers are built with `libFuzzer `_ . Currently, there are fuzzers for target creation, LLDB's command interpreter and LLDB's expression evaluator.
+
+Building the fuzzers
+
+
+Building the LLDB fuzzers requires a build configuration that has t

[Lldb-commits] [PATCH] D126507: [lldb/fuzzer] Moving target fuzzer into separate subdirectory

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova created this revision.
cassanova added reviewers: mib, JDevlieghere.
cassanova added a project: LLDB.
Herald added a subscriber: mgorny.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a subscriber: lldb-commits.

Moving lldb-target-fuzzer into its own subdirectory
for better organization and modularity.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D126507

Files:
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-target-fuzzer.cpp
  lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-target-fuzzer/lldb-target-fuzzer.cpp


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/lldb-target-fuzzer.cpp
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/lldb-target-fuzzer.cpp
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/lldb-target-fuzzer.cpp
@@ -6,7 +6,7 @@
 //
 
//===--===//
 
-#include 
+#include "utils/TempFile.h"
 
 #include "lldb/API/SBDebugger.h"
 #include "lldb/API/SBTarget.h"
Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -0,0 +1,17 @@
+set(LLVM_LINK_COMPONENTS
+  Support
+  )
+
+add_llvm_fuzzer(lldb-target-fuzzer
+  EXCLUDE_FROM_ALL
+  lldb-target-fuzzer.cpp
+  )
+
+if(TARGET lldb-target-fuzzer)
+  target_include_directories(lldb-target-fuzzer PRIVATE ..)
+  target_link_libraries(lldb-target-fuzzer
+PRIVATE
+liblldb
+lldbFuzzerUtils
+)
+endif()
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,18 +1,2 @@
+add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)
-
-set(LLVM_LINK_COMPONENTS
-  Support
-  )
-
-add_llvm_fuzzer(lldb-target-fuzzer
-  EXCLUDE_FROM_ALL
-  lldb-target-fuzzer.cpp
-  )
-
-if(TARGET lldb-target-fuzzer)
-  target_link_libraries(lldb-target-fuzzer
-PRIVATE
-liblldb
-lldbFuzzerUtils
-)
-endif()


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/lldb-target-fuzzer.cpp
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/lldb-target-fuzzer.cpp
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/lldb-target-fuzzer.cpp
@@ -6,7 +6,7 @@
 //
 //===--===//
 
-#include 
+#include "utils/TempFile.h"
 
 #include "lldb/API/SBDebugger.h"
 #include "lldb/API/SBTarget.h"
Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -0,0 +1,17 @@
+set(LLVM_LINK_COMPONENTS
+  Support
+  )
+
+add_llvm_fuzzer(lldb-target-fuzzer
+  EXCLUDE_FROM_ALL
+  lldb-target-fuzzer.cpp
+  )
+
+if(TARGET lldb-target-fuzzer)
+  target_include_directories(lldb-target-fuzzer PRIVATE ..)
+  target_link_libraries(lldb-target-fuzzer
+PRIVATE
+liblldb
+lldbFuzzerUtils
+)
+endif()
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,18 +1,2 @@
+add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)
-
-set(LLVM_LINK_COMPONENTS
-  Support
-  )
-
-add_llvm_fuzzer(lldb-target-fuzzer
-  EXCLUDE_FROM_ALL
-  lldb-target-fuzzer.cpp
-  )
-
-if(TARGET lldb-target-fuzzer)
-  target_link_libraries(lldb-target-fuzzer
-PRIVATE
-liblldb
-lldbFuzzerUtils
-)
-endif()
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D127016: [lldb] Prevent crash due to reading memory from page zero.

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova created this revision.
cassanova added reviewers: JDevlieghere, mib.
cassanova added a project: LLDB.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a subscriber: lldb-commits.

Adds a check to ensure that a process exists before attempting to get its ABI 
to prevent lldb from crash due to trying to read from page zero.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D127016

Files:
  lldb/source/Commands/CommandObjectMemory.cpp
  lldb/test/Shell/Driver/TestPageZeroRead.test


Index: lldb/test/Shell/Driver/TestPageZeroRead.test
===
--- /dev/null
+++ lldb/test/Shell/Driver/TestPageZeroRead.test
@@ -0,0 +1,3 @@
+# Ensure that the read from memory command doesn't try and read from page zero.
+# RUN: %clang_host %p/Inputs/hello.c -g -o a.out
+# RUN: %lldb -b a.out -o 'x 0'
Index: lldb/source/Commands/CommandObjectMemory.cpp
===
--- lldb/source/Commands/CommandObjectMemory.cpp
+++ lldb/source/Commands/CommandObjectMemory.cpp
@@ -593,7 +593,10 @@
   return false;
 }
 
-ABISP abi = m_exe_ctx.GetProcessPtr()->GetABI();
+ABISP abi;
+if (Process * proc = m_exe_ctx.GetProcessPtr())
+  abi = proc->GetABI();
+
 if (abi)
   addr = abi->FixDataAddress(addr);
 


Index: lldb/test/Shell/Driver/TestPageZeroRead.test
===
--- /dev/null
+++ lldb/test/Shell/Driver/TestPageZeroRead.test
@@ -0,0 +1,3 @@
+# Ensure that the read from memory command doesn't try and read from page zero.
+# RUN: %clang_host %p/Inputs/hello.c -g -o a.out
+# RUN: %lldb -b a.out -o 'x 0'
Index: lldb/source/Commands/CommandObjectMemory.cpp
===
--- lldb/source/Commands/CommandObjectMemory.cpp
+++ lldb/source/Commands/CommandObjectMemory.cpp
@@ -593,7 +593,10 @@
   return false;
 }
 
-ABISP abi = m_exe_ctx.GetProcessPtr()->GetABI();
+ABISP abi;
+if (Process * proc = m_exe_ctx.GetProcessPtr())
+  abi = proc->GetABI();
+
 if (abi)
   addr = abi->FixDataAddress(addr);
 
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D127016: [lldb] Prevent crash due to reading memory from page zero.

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: lldb/source/Commands/CommandObjectMemory.cpp:597-598
+ABISP abi;
+if (Process * proc = m_exe_ctx.GetProcessPtr())
+  abi = proc->GetABI();
+

kastiglione wrote:
> Should `memory read` emit an error if there's no process (and no core file or 
> any other memory to read from)?
Right now running `memory read` without a target indicates that there's no 
target. The input that can cause lldb to crash is `x 0` (such as `./bin/lldb -o 
'x 0' ./bin/count`.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D127016/new/

https://reviews.llvm.org/D127016

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D127016: [lldb] Prevent crash due to reading memory from page zero.

[Chelsea Cassanova via Phabricator via lldb-commits]

This revision was automatically updated to reflect the committed changes.
Closed by commit rG0f02dd34f226: [lldb/Commands] Prevent crash due to reading 
memory from page zero. (authored by cassanova).

Changed prior to commit:
  https://reviews.llvm.org/D127016?vs=434172&id=435359#toc

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D127016/new/

https://reviews.llvm.org/D127016

Files:
  lldb/source/Commands/CommandObjectMemory.cpp
  lldb/test/Shell/Driver/TestPageZeroRead.test


Index: lldb/test/Shell/Driver/TestPageZeroRead.test
===
--- /dev/null
+++ lldb/test/Shell/Driver/TestPageZeroRead.test
@@ -0,0 +1,6 @@
+# REQUIRES: system-darwin
+# Ensure that the read from memory command doesn't try and read from page zero.
+# RUN: %clang_host %p/Inputs/hello.c -g -o a.out
+# RUN: %lldb -b a.out -o 'settings set 
interpreter.stop-command-source-on-error false' -s %s 2>&1 | FileCheck %s
+x 0
+# CHECK: error: error reading data from section __PAGEZERO
Index: lldb/source/Commands/CommandObjectMemory.cpp
===
--- lldb/source/Commands/CommandObjectMemory.cpp
+++ lldb/source/Commands/CommandObjectMemory.cpp
@@ -592,7 +592,10 @@
   return false;
 }
 
-ABISP abi = m_exe_ctx.GetProcessPtr()->GetABI();
+ABISP abi;
+if (Process *proc = m_exe_ctx.GetProcessPtr())
+  abi = proc->GetABI();
+
 if (abi)
   addr = abi->FixDataAddress(addr);
 


Index: lldb/test/Shell/Driver/TestPageZeroRead.test
===
--- /dev/null
+++ lldb/test/Shell/Driver/TestPageZeroRead.test
@@ -0,0 +1,6 @@
+# REQUIRES: system-darwin
+# Ensure that the read from memory command doesn't try and read from page zero.
+# RUN: %clang_host %p/Inputs/hello.c -g -o a.out
+# RUN: %lldb -b a.out -o 'settings set interpreter.stop-command-source-on-error false' -s %s 2>&1 | FileCheck %s
+x 0
+# CHECK: error: error reading data from section __PAGEZERO
Index: lldb/source/Commands/CommandObjectMemory.cpp
===
--- lldb/source/Commands/CommandObjectMemory.cpp
+++ lldb/source/Commands/CommandObjectMemory.cpp
@@ -592,7 +592,10 @@
   return false;
 }
 
-ABISP abi = m_exe_ctx.GetProcessPtr()->GetABI();
+ABISP abi;
+if (Process *proc = m_exe_ctx.GetProcessPtr())
+  abi = proc->GetABI();
+
 if (abi)
   addr = abi->FixDataAddress(addr);
 
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D127882: [lldb/Fuzzer] Create ninja target for target fuzzer

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova created this revision.
cassanova added reviewers: JDevlieghere, mib.
cassanova added a project: LLDB.
Herald added subscribers: Michael137, mgorny.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a subscriber: lldb-commits.

Create a ninja target for running the LLDB target fuzzer.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D127882

Files:
  lldb/tools/lldb-fuzzer/CMakeLists.txt


Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,2 +1,8 @@
 add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)
+
+add_custom_target(fuzz-lldb-target
+  COMMENT "Running the LLDB target fuzzer..."
+  COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+  USES_TERMINAL
+  )


Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,2 +1,8 @@
 add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)
+
+add_custom_target(fuzz-lldb-target
+  COMMENT "Running the LLDB target fuzzer..."
+  COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+  USES_TERMINAL
+  )
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D127882: [lldb/Fuzzer] Create ninja target for target fuzzer

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added a comment.

Yes it can, updating the diff to reflect that.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D127882/new/

https://reviews.llvm.org/D127882

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D127882: [lldb/Fuzzer] Create ninja target for target fuzzer

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 437266.
cassanova added a comment.

Moved changes to lldb-target-fuzzer/CMakeLists.txt file


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D127882/new/

https://reviews.llvm.org/D127882

Files:
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -15,3 +15,9 @@
 lldbFuzzerUtils
 )
 endif()
+
+add_custom_target(fuzz-lldb-target
+  COMMENT "Running the LLDB target fuzzer..."
+  COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+  USES_TERMINAL
+  )
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,8 +1,3 @@
 add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)
 
-add_custom_target(fuzz-lldb-target
-  COMMENT "Running the LLDB target fuzzer..."
-  COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
-  USES_TERMINAL
-  )


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -15,3 +15,9 @@
 lldbFuzzerUtils
 )
 endif()
+
+add_custom_target(fuzz-lldb-target
+  COMMENT "Running the LLDB target fuzzer..."
+  COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+  USES_TERMINAL
+  )
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,8 +1,3 @@
 add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)
 
-add_custom_target(fuzz-lldb-target
-  COMMENT "Running the LLDB target fuzzer..."
-  COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
-  USES_TERMINAL
-  )
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D127882: [lldb/Fuzzer] Create ninja target for target fuzzer

[Chelsea Cassanova via Phabricator via lldb-commits]

This revision was landed with ongoing or failed builds.
This revision was automatically updated to reflect the committed changes.
Closed by commit rGf3250da1b94f: [lldb/Fuzzer] Create ninja target for target 
fuzzer (authored by cassanova).

Changed prior to commit:
  https://reviews.llvm.org/D127882?vs=437266&id=437277#toc

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D127882/new/

https://reviews.llvm.org/D127882

Files:
  lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -15,3 +15,9 @@
 lldbFuzzerUtils
 )
 endif()
+
+add_custom_target(fuzz-lldb-target
+  COMMENT "Running the LLDB target fuzzer..."
+  COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+  USES_TERMINAL
+  )


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -15,3 +15,9 @@
 lldbFuzzerUtils
 )
 endif()
+
+add_custom_target(fuzz-lldb-target
+  COMMENT "Running the LLDB target fuzzer..."
+  COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+  USES_TERMINAL
+  )
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128292: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova created this revision.
cassanova added reviewers: JDevlieghere, mib.
cassanova added a project: LLDB.
Herald added a subscriber: mgorny.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a subscriber: lldb-commits.

This adds a command interpreter fuzzer to LLDB's fuzzing library. The input 
data from the fuzzer is used as input for the command interpreter. Input data 
for the fuzzer is guided by a dictionary of keywords used in LLDB, such as 
"breakpoint", "target" and others.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D128292

Files:
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
  
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
@@ -0,0 +1,53 @@
+//===-- lldb-commandinterpreter-fuzzer.cpp - Fuzz LLDB's command interpreter
+//-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include 
+
+#include "lldb/API/SBCommandInterpreter.h"
+#include "lldb/API/SBCommandInterpreterRunOptions.h"
+#include "lldb/API/SBCommandReturnObject.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+#include "utils/TempFile.h"
+
+using namespace lldb;
+using namespace lldb_fuzzer;
+using namespace llvm;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+  // Convert the data into a null-terminated string
+  std::string str((char *)data, size);
+
+  // Create a debugger and a dummy target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.GetDummyTarget();
+
+  // Create a command interpreter for the current debugger
+  // A return object is needed to run the command interpreter
+  SBCommandReturnObject ro = SBCommandReturnObject();
+  SBCommandInterpreter thisinterpreter = debugger.GetCommandInterpreter();
+
+  // Create a breakpoint in the target program and then use the fuzzer
+  // generated input as input for the command interpreter
+  if (thisinterpreter.IsValid()) {
+thisinterpreter.HandleCommand("breakpoint set --name main", ro, false);
+thisinterpreter.HandleCommand(str.c_str(), ro, false);
+  }
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+
+  return 0;
+}
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
@@ -0,0 +1,4 @@
+kw1="breakpoint set"
+kw2="target"
+kw3="run"
+kw4="frame info"
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -0,0 +1,24 @@
+set(LLVM_LINK_COMPONENTS
+  Support
+  ObjectYAML
+  )
+
+add_llvm_fuzzer(lldb-commandinterpreter-fuzzer
+  EXCLUDE_FROM_ALL
+  lldb-commandinterpreter-fuzzer.cpp
+  )
+
+if(TARGET lldb-commandinterpreter-fuzzer)
+  target_include_directories(lldb-commandinterpreter-fuzzer PRIVATE ..)
+  target_link_libraries(lldb-commandinterpreter-fuzzer
+PRIVATE
+liblldb
+lldbFuzzerUtils
+)
+
+  add_custom_target(fuzz-lldb-commandinterpreter
+COMMENT "Running the LLDB command interpreter fuzzer..."
+COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $ -dict=inputdictionary.txt -only_ascii=1
+USES_TERMINAL
+)
+endif()
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,2 +1,3 @@
 add_subdirectory(lldb-target-fuzzer)
+add_subdirectory(lldb-commandinterpreter-fuzzer)
 add_subdirectory(utils)
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128292: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: 
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt:3
+  Support
+  ObjectYAML
+  )

JDevlieghere wrote:
> I assume we don't need this anymore if we're using the dummy target?
Yes this isn't necessary anymore, I'll remove it and update the revision.



Comment at: 
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt:21
+COMMENT "Running the LLDB command interpreter fuzzer..."
+COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && 
$ -dict=inputdictionary.txt 
-only_ascii=1
+USES_TERMINAL

JDevlieghere wrote:
> Shouldn't we use an absolute path for the input dictionary? Something like 
> `${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt`
Yes an absolute path is better here, I'll add it and update the revision.



Comment at: 
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp:44
+  if (thisinterpreter.IsValid()) {
+thisinterpreter.HandleCommand("breakpoint set --name main", ro, false);
+thisinterpreter.HandleCommand(str.c_str(), ro, false);

JDevlieghere wrote:
> Why do we need a breakpoint?
This was a leftover from when I ran this fuzzer with a non-dummy target, 
removing it doesn't seem to affect the fuzzer so I can take this line out and 
update the diff.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128292/new/

https://reviews.llvm.org/D128292

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128292: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 438810.
cassanova added a comment.

Removed ObjectYAML link component from CMakeLists file, changed fuzzer 
invocation to use a relative path for the dictionary file, removed line that 
sets a breakpoint in the fuzzer's LLDB process.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128292/new/

https://reviews.llvm.org/D128292

Files:
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
  
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
@@ -0,0 +1,51 @@
+//===-- lldb-commandinterpreter-fuzzer.cpp - Fuzz LLDB's command interpreter
+//-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include 
+
+#include "lldb/API/SBCommandInterpreter.h"
+#include "lldb/API/SBCommandInterpreterRunOptions.h"
+#include "lldb/API/SBCommandReturnObject.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+#include "utils/TempFile.h"
+
+using namespace lldb;
+using namespace lldb_fuzzer;
+using namespace llvm;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+  // Convert the data into a null-terminated string
+  std::string str((char *)data, size);
+
+  // Create a debugger and a dummy target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.GetDummyTarget();
+
+  // Create a command interpreter for the current debugger
+  // A return object is needed to run the command interpreter
+  SBCommandReturnObject ro = SBCommandReturnObject();
+  SBCommandInterpreter thisinterpreter = debugger.GetCommandInterpreter();
+
+  // Use the fuzzer generated input as input for the command interpreter
+  if (thisinterpreter.IsValid()) {
+thisinterpreter.HandleCommand(str.c_str(), ro, false);
+  }
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+
+  return 0;
+}
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
@@ -0,0 +1,4 @@
+kw1="breakpoint set"
+kw2="target"
+kw3="run"
+kw4="frame info"
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -0,0 +1,23 @@
+set(LLVM_LINK_COMPONENTS
+  Support
+  )
+
+add_llvm_fuzzer(lldb-commandinterpreter-fuzzer
+  EXCLUDE_FROM_ALL
+  lldb-commandinterpreter-fuzzer.cpp
+  )
+
+if(TARGET lldb-commandinterpreter-fuzzer)
+  target_include_directories(lldb-commandinterpreter-fuzzer PRIVATE ..)
+  target_link_libraries(lldb-commandinterpreter-fuzzer
+PRIVATE
+liblldb
+lldbFuzzerUtils
+)
+
+  add_custom_target(fuzz-lldb-commandinterpreter
+COMMENT "Running the LLDB command interpreter fuzzer..."
+COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $ -dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt  -only_ascii=1
+USES_TERMINAL
+)
+endif()
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,2 +1,3 @@
 add_subdirectory(lldb-target-fuzzer)
+add_subdirectory(lldb-commandinterpreter-fuzzer)
 add_subdirectory(utils)
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128292: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: 
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt:15
+liblldb
+lldbFuzzerUtils
+)

JDevlieghere wrote:
> I don't think this used any longer. 
Ok, I can remove this library.



Comment at: 
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp:17
+#include "lldb/API/SBTarget.h"
+#include "utils/TempFile.h"
+

JDevlieghere wrote:
> Not used?
Not in this file, but removing that include causes the compiler to not 
recognize the llvm and lldb_fuzzer namespaces. That's also fine in this file 
because neither of those namespaces are used but I still found it strange.



Comment at: 
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp:39
+  SBCommandReturnObject ro = SBCommandReturnObject();
+  SBCommandInterpreter thisinterpreter = debugger.GetCommandInterpreter();
+

mib wrote:
> mib wrote:
> > Nit: the variable naming does really follow the lldb's style.
> doesn't *
Oh shoot, I didn't notice. Would `interpreter` or `ci` be a better variable 
name?


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128292/new/

https://reviews.llvm.org/D128292

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128292: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 438839.
cassanova added a comment.

Sorted subdirectories alphabetically in top-level CMakeLists file.

Removed lldbfuzzer link library in command interpreter CMakeLists file.

Fixed ASCII art in command interpreter source file, renamed `thisinterpreter` 
to `ci`, removed unused include in command interpreter source file.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128292/new/

https://reviews.llvm.org/D128292

Files:
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
  
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp


Index: 
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
===
--- /dev/null
+++ 
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
@@ -0,0 +1,47 @@
+//===-- lldb-commandinterpreter-fuzzer.cpp - Fuzz LLDB's command interpreter 
-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include 
+
+#include "lldb/API/SBCommandInterpreter.h"
+#include "lldb/API/SBCommandInterpreterRunOptions.h"
+#include "lldb/API/SBCommandReturnObject.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+
+using namespace lldb;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+  // Convert the data into a null-terminated string
+  std::string str((char *)data, size);
+
+  // Create a debugger and a dummy target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.GetDummyTarget();
+
+  // Create a command interpreter for the current debugger
+  // A return object is needed to run the command interpreter
+  SBCommandReturnObject ro = SBCommandReturnObject();
+  SBCommandInterpreter ci = debugger.GetCommandInterpreter();
+
+  // Use the fuzzer generated input as input for the command interpreter
+  if (ci.IsValid()) {
+ci.HandleCommand(str.c_str(), ro, false);
+  }
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+
+  return 0;
+}
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
@@ -0,0 +1,4 @@
+kw1="breakpoint set"
+kw2="target"
+kw3="run"
+kw4="frame info"
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -0,0 +1,22 @@
+set(LLVM_LINK_COMPONENTS
+  Support
+  )
+
+add_llvm_fuzzer(lldb-commandinterpreter-fuzzer
+  EXCLUDE_FROM_ALL
+  lldb-commandinterpreter-fuzzer.cpp
+  )
+
+if(TARGET lldb-commandinterpreter-fuzzer)
+  target_include_directories(lldb-commandinterpreter-fuzzer PRIVATE ..)
+  target_link_libraries(lldb-commandinterpreter-fuzzer
+PRIVATE
+liblldb
+)
+
+  add_custom_target(fuzz-lldb-commandinterpreter
+COMMENT "Running the LLDB command interpreter fuzzer..."
+COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && 
$ 
-dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt  -only_ascii=1
+USES_TERMINAL
+)
+endif()
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,2 +1,3 @@
+add_subdirectory(lldb-commandinterpreter-fuzzer)
 add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)


Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
@@ -0,0 +1,47 @@
+//===-- lldb-commandinterpreter-fuzzer.cpp - Fuzz LLDB's command interpreter -===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include 
+
+#include "lldb/API/SBCommandInterpreter.h"
+#include "lldb/API/SBCommandInterpreterRunOptions.h"
+#include "lldb/API/SBCommandReturnObject.h"
+#include "lldb/API/S

[Lldb-commits] [PATCH] D128292: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: 
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp:39
+  SBCommandReturnObject ro = SBCommandReturnObject();
+  SBCommandInterpreter thisinterpreter = debugger.GetCommandInterpreter();
+

mib wrote:
> cassanova wrote:
> > mib wrote:
> > > mib wrote:
> > > > Nit: the variable naming does really follow the lldb's style.
> > > doesn't *
> > Oh shoot, I didn't notice. Would `interpreter` or `ci` be a better variable 
> > name?
> I was more annoyed by the fact that the variable started with `this`. It's a 
> reserved keyword in C++ and that can it make error prone. However, `ci` is a 
> great candidate for this :)
Ah, good point about that. I renamed it to `ci`.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128292/new/

https://reviews.llvm.org/D128292

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128292: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 439021.
cassanova added a comment.

Updated ASCII header to work with 80-column limit.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128292/new/

https://reviews.llvm.org/D128292

Files:
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
  
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp


Index: 
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
===
--- /dev/null
+++ 
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
@@ -0,0 +1,47 @@
+//===-- lldb-commandinterpreter-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM 
Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+
+#include 
+
+#include "lldb/API/SBCommandInterpreter.h"
+#include "lldb/API/SBCommandInterpreterRunOptions.h"
+#include "lldb/API/SBCommandReturnObject.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+
+using namespace lldb;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+  // Convert the data into a null-terminated string
+  std::string str((char *)data, size);
+
+  // Create a debugger and a dummy target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.GetDummyTarget();
+
+  // Create a command interpreter for the current debugger
+  // A return object is needed to run the command interpreter
+  SBCommandReturnObject ro = SBCommandReturnObject();
+  SBCommandInterpreter ci = debugger.GetCommandInterpreter();
+
+  // Use the fuzzer generated input as input for the command interpreter
+  if (ci.IsValid()) {
+ci.HandleCommand(str.c_str(), ro, false);
+  }
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+
+  return 0;
+}
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
@@ -0,0 +1,4 @@
+kw1="breakpoint set"
+kw2="target"
+kw3="run"
+kw4="frame info"
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -0,0 +1,22 @@
+set(LLVM_LINK_COMPONENTS
+  Support
+  )
+
+add_llvm_fuzzer(lldb-commandinterpreter-fuzzer
+  EXCLUDE_FROM_ALL
+  lldb-commandinterpreter-fuzzer.cpp
+  )
+
+if(TARGET lldb-commandinterpreter-fuzzer)
+  target_include_directories(lldb-commandinterpreter-fuzzer PRIVATE ..)
+  target_link_libraries(lldb-commandinterpreter-fuzzer
+PRIVATE
+liblldb
+)
+
+  add_custom_target(fuzz-lldb-commandinterpreter
+COMMENT "Running the LLDB command interpreter fuzzer..."
+COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && 
$ 
-dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt  -only_ascii=1
+USES_TERMINAL
+)
+endif()
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,2 +1,3 @@
+add_subdirectory(lldb-commandinterpreter-fuzzer)
 add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)


Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
@@ -0,0 +1,47 @@
+//===-- lldb-commandinterpreter-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+
+#include 
+
+#include "lldb/API/SBCommandInterpreter.h"
+#include "lldb/API/SBCommandInterpreterRunOptions.h"
+#include "lldb/API/SBCommandReturnObject.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+
+using namespace lldb;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+  return 0;
+}
+
+extern "C" int LLVMFuzzer

[Lldb-commits] [PATCH] D128292: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 439111.
cassanova added a comment.

Updated CMakeLists file to save fuzzer artifacts (the files that the fuzzer 
writes when an input causes the program being fuzzed to fail) to a directory in 
the user's build directory, instead of saving them in the user's source 
directory. Also change fuzzer invocation to add a prefix to artifacts so that 
it is easier to identify them.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128292/new/

https://reviews.llvm.org/D128292

Files:
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
  
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
@@ -0,0 +1,47 @@
+//===-- lldb-commandinterpreter-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+
+#include 
+
+#include "lldb/API/SBCommandInterpreter.h"
+#include "lldb/API/SBCommandInterpreterRunOptions.h"
+#include "lldb/API/SBCommandReturnObject.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+
+using namespace lldb;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+  // Convert the data into a null-terminated string
+  std::string str((char *)data, size);
+
+  // Create a debugger and a dummy target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.GetDummyTarget();
+
+  // Create a command interpreter for the current debugger
+  // A return object is needed to run the command interpreter
+  SBCommandReturnObject ro = SBCommandReturnObject();
+  SBCommandInterpreter ci = debugger.GetCommandInterpreter();
+
+  // Use the fuzzer generated input as input for the command interpreter
+  if (ci.IsValid()) {
+ci.HandleCommand(str.c_str(), ro, false);
+  }
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+
+  return 0;
+}
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
@@ -0,0 +1,4 @@
+kw1="breakpoint set"
+kw2="target"
+kw3="run"
+kw4="frame info"
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -0,0 +1,28 @@
+set(LLVM_LINK_COMPONENTS
+  Support
+  )
+
+add_llvm_fuzzer(lldb-commandinterpreter-fuzzer
+  EXCLUDE_FROM_ALL
+  lldb-commandinterpreter-fuzzer.cpp
+  )
+
+if(TARGET lldb-commandinterpreter-fuzzer)
+  target_include_directories(lldb-commandinterpreter-fuzzer PRIVATE ..)
+  target_link_libraries(lldb-commandinterpreter-fuzzer
+PRIVATE
+liblldb
+)
+
+  # This will create a directory specifially for the fuzzer's artifacts, go to that
+  # directory and run the fuzzer from there. When the fuzzer exits the input
+  # artifact that caused it to exit will be written to a directory within the
+  # build directory
+  add_custom_target(fuzz-lldb-commandinterpreter
+COMMENT "Running the LLDB command interpreter fuzzer..."
+COMMAND mkdir -p ${CMAKE_BINARY_DIR}/commandinterpreter-fuzzer-artifacts &&
+cd ${CMAKE_BINARY_DIR}/commandinterpreter-fuzzer-artifacts
+&& $ -dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt  -only_ascii=1 -artifact_prefix=commandinterpreter-
+USES_TERMINAL
+)
+endif()
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,2 +1,3 @@
+add_subdirectory(lldb-commandinterpreter-fuzzer)
 add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128292: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 439158.
cassanova added a comment.

Added a subdirectory to the top-level build directory. This directory will hold 
directories for the artifacts of various fuzzers. Also corrected a typo in the 
command interpreter CMakeLists file.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128292/new/

https://reviews.llvm.org/D128292

Files:
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
  
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
@@ -0,0 +1,47 @@
+//===-- lldb-commandinterpreter-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+
+#include 
+
+#include "lldb/API/SBCommandInterpreter.h"
+#include "lldb/API/SBCommandInterpreterRunOptions.h"
+#include "lldb/API/SBCommandReturnObject.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+
+using namespace lldb;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+  // Convert the data into a null-terminated string
+  std::string str((char *)data, size);
+
+  // Create a debugger and a dummy target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.GetDummyTarget();
+
+  // Create a command interpreter for the current debugger
+  // A return object is needed to run the command interpreter
+  SBCommandReturnObject ro = SBCommandReturnObject();
+  SBCommandInterpreter ci = debugger.GetCommandInterpreter();
+
+  // Use the fuzzer generated input as input for the command interpreter
+  if (ci.IsValid()) {
+ci.HandleCommand(str.c_str(), ro, false);
+  }
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+
+  return 0;
+}
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
@@ -0,0 +1,4 @@
+kw1="breakpoint set"
+kw2="target"
+kw3="run"
+kw4="frame info"
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -0,0 +1,28 @@
+set(LLVM_LINK_COMPONENTS
+  Support
+  )
+
+add_llvm_fuzzer(lldb-commandinterpreter-fuzzer
+  EXCLUDE_FROM_ALL
+  lldb-commandinterpreter-fuzzer.cpp
+  )
+
+if(TARGET lldb-commandinterpreter-fuzzer)
+  target_include_directories(lldb-commandinterpreter-fuzzer PRIVATE ..)
+  target_link_libraries(lldb-commandinterpreter-fuzzer
+PRIVATE
+liblldb
+)
+
+  # This will create a directory specifically for the fuzzer's artifacts, go to that
+  # directory and run the fuzzer from there. When the fuzzer exits the input
+  # artifact that caused it to exit will be written to a directory within the
+  # build directory
+  add_custom_target(fuzz-lldb-commandinterpreter
+COMMENT "Running the LLDB command interpreter fuzzer..."
+COMMAND mkdir -p ${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts &&
+cd ${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts
+&& $ -dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt  -only_ascii=1 -artifact_prefix=commandinterpreter-
+USES_TERMINAL
+)
+endif()
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,2 +1,3 @@
+add_subdirectory(lldb-commandinterpreter-fuzzer)
 add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128292: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

[Chelsea Cassanova via Phabricator via lldb-commits]

This revision was automatically updated to reflect the committed changes.
Closed by commit rG46be5faaf034: [lldb/Fuzzer] Add command interpreter fuzzer 
for LLDB (authored by cassanova).

Changed prior to commit:
  https://reviews.llvm.org/D128292?vs=439158&id=439163#toc

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128292/new/

https://reviews.llvm.org/D128292

Files:
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
  
lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
@@ -0,0 +1,47 @@
+//===-- lldb-commandinterpreter-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+
+#include 
+
+#include "lldb/API/SBCommandInterpreter.h"
+#include "lldb/API/SBCommandInterpreterRunOptions.h"
+#include "lldb/API/SBCommandReturnObject.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+
+using namespace lldb;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+  // Convert the data into a null-terminated string
+  std::string str((char *)data, size);
+
+  // Create a debugger and a dummy target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.GetDummyTarget();
+
+  // Create a command interpreter for the current debugger
+  // A return object is needed to run the command interpreter
+  SBCommandReturnObject ro = SBCommandReturnObject();
+  SBCommandInterpreter ci = debugger.GetCommandInterpreter();
+
+  // Use the fuzzer generated input as input for the command interpreter
+  if (ci.IsValid()) {
+ci.HandleCommand(str.c_str(), ro, false);
+  }
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+
+  return 0;
+}
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
@@ -0,0 +1,4 @@
+kw1="breakpoint set"
+kw2="target"
+kw3="run"
+kw4="frame info"
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -0,0 +1,28 @@
+set(LLVM_LINK_COMPONENTS
+  Support
+  )
+
+add_llvm_fuzzer(lldb-commandinterpreter-fuzzer
+  EXCLUDE_FROM_ALL
+  lldb-commandinterpreter-fuzzer.cpp
+  )
+
+if(TARGET lldb-commandinterpreter-fuzzer)
+  target_include_directories(lldb-commandinterpreter-fuzzer PRIVATE ..)
+  target_link_libraries(lldb-commandinterpreter-fuzzer
+PRIVATE
+liblldb
+)
+
+  # This will create a directory specifically for the fuzzer's artifacts, go to that
+  # directory and run the fuzzer from there. When the fuzzer exits the input
+  # artifact that caused it to exit will be written to a directory within the
+  # build directory
+  add_custom_target(fuzz-lldb-commandinterpreter
+COMMENT "Running the LLDB command interpreter fuzzer..."
+COMMAND mkdir -p ${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts &&
+cd ${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts
+&& $ -dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt  -only_ascii=1 -artifact_prefix=commandinterpreter-
+USES_TERMINAL
+)
+endif()
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,2 +1,3 @@
+add_subdirectory(lldb-commandinterpreter-fuzzer)
 add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128450: [lldb/Fuzzer] Have target fuzzer write artifacts to specific directory

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova created this revision.
cassanova added reviewers: JDevlieghere, mib.
cassanova added a project: LLDB.
Herald added a subscriber: mgorny.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a subscriber: lldb-commits.

This makes the LLDB target fuzzer write its fuzzer artifacts to its own 
directory in the build directory. It also adds an artifact prefix to make it 
easier to tell which fuzzer wrote the artifact.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D128450

Files:
  lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -17,7 +17,9 @@
 
   add_custom_target(fuzz-lldb-target
 COMMENT "Running the LLDB target fuzzer..."
-COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+COMMAND mkdir -p ${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts &&
+cd ${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts
+&& $ -artifact_prefix=target-
 USES_TERMINAL
 )
 endif()


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -17,7 +17,9 @@
 
   add_custom_target(fuzz-lldb-target
 COMMENT "Running the LLDB target fuzzer..."
-COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+COMMAND mkdir -p ${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts &&
+cd ${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts
+&& $ -artifact_prefix=target-
 USES_TERMINAL
 )
 endif()
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128450: [lldb/Fuzzer] Have target fuzzer write artifacts to specific directory

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added a comment.

This is a lot cleaner than chaining shell commands, I just implemented the 
second solution on my end. To clarify, it would create the directory before 
running the `fuzz-lldb-target` and within the `fuzz-lldb-target` we would just 
change the working directory to the one that the pre-build command created?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128450/new/

https://reviews.llvm.org/D128450

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128450: [lldb/Fuzzer] Have target fuzzer write artifacts to specific directory

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added a comment.

Yes, I can include the command interpreter's cmake file in the diff.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128450/new/

https://reviews.llvm.org/D128450

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D128450: [lldb/Fuzzer] Have fuzzers write artifacts to specific directory

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova updated this revision to Diff 439454.
cassanova retitled this revision from "[lldb/Fuzzer] Have target fuzzer write 
artifacts to specific directory" to "[lldb/Fuzzer] Have fuzzers write artifacts 
to specific directory".
cassanova edited the summary of this revision.
cassanova added a comment.

Removed the chain of shell commands in the target fuzzer's CMakeLists file and 
added a pre build command that creates the necessary directory and changes the 
working directory in the target to this directory.

Also implemented these changes to the command interpreter fuzzer's CMakeLists 
file and added it to this diff.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128450/new/

https://reviews.llvm.org/D128450

Files:
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -15,9 +15,14 @@
 lldbFuzzerUtils
 )
 
+  add_custom_command(TARGET lldb-target-fuzzer PRE_BUILD
+COMMAND ${CMAKE_COMMAND} -E make_directory 
${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts
+)
+
   add_custom_target(fuzz-lldb-target
 COMMENT "Running the LLDB target fuzzer..."
-COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts
+COMMAND $ -artifact_prefix=target-
 USES_TERMINAL
 )
 endif()
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -14,15 +14,19 @@
 liblldb
 )
 
-  # This will create a directory specifically for the fuzzer's artifacts, go 
to that
-  # directory and run the fuzzer from there. When the fuzzer exits the input
-  # artifact that caused it to exit will be written to a directory within the
-  # build directory
+  # A directory in the build directory is created to hold the fuzzer's
+  # artifacts as a pre-build command for the command interpreter's executable
+  # target. When the fuzzer exits the input artifact that caused it to exit
+  # will be written to this directory.
+
+  add_custom_command(TARGET lldb-commandinterpreter-fuzzer PRE_BUILD
+COMMAND ${CMAKE_COMMAND} -E make_directory 
${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts
+)
+
   add_custom_target(fuzz-lldb-commandinterpreter
 COMMENT "Running the LLDB command interpreter fuzzer..."
-COMMAND mkdir -p 
${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts &&
-cd ${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts
-&& $ 
-dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt  -only_ascii=1 
-artifact_prefix=commandinterpreter-
+WORKING_DIRECTORY 
${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts
+COMMAND  $ 
-dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt  -only_ascii=1 
-artifact_prefix=commandinterpreter-
 USES_TERMINAL
 )
 endif()


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -15,9 +15,14 @@
 lldbFuzzerUtils
 )
 
+  add_custom_command(TARGET lldb-target-fuzzer PRE_BUILD
+COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts
+)
+
   add_custom_target(fuzz-lldb-target
 COMMENT "Running the LLDB target fuzzer..."
-COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts
+COMMAND $ -artifact_prefix=target-
 USES_TERMINAL
 )
 endif()
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -14,15 +14,19 @@
 liblldb
 )
 
-  # This will create a directory specifically for the fuzzer's artifacts, go to that
-  # directory and run the fuzzer from there. When the fuzzer exits the input
-  # artifact that caused it to exit will be written to a directory within the
-  # build directory
+  # A directory in the build directory is created to hold the fuzzer's
+  # artifacts as a pre-build command for the command interpreter's executable
+  # target. When the fuzzer exits the input artifact that caused it to exit
+  # will be written to this direct

[Lldb-commits] [PATCH] D128450: [lldb/Fuzzer] Have fuzzers write artifacts to specific directory

[Chelsea Cassanova via Phabricator via lldb-commits]

This revision was not accepted when it landed; it landed in state "Needs 
Review".
This revision was automatically updated to reflect the committed changes.
Closed by commit rG40aace59cc58: [lldb/Fuzzer] Have fuzzers write artifacts to 
specific directory (authored by cassanova).

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D128450/new/

https://reviews.llvm.org/D128450

Files:
  lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -15,9 +15,14 @@
 lldbFuzzerUtils
 )
 
+  add_custom_command(TARGET lldb-target-fuzzer PRE_BUILD
+COMMAND ${CMAKE_COMMAND} -E make_directory 
${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts
+)
+
   add_custom_target(fuzz-lldb-target
 COMMENT "Running the LLDB target fuzzer..."
-COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts
+COMMAND $ -artifact_prefix=target-
 USES_TERMINAL
 )
 endif()
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -14,15 +14,19 @@
 liblldb
 )
 
-  # This will create a directory specifically for the fuzzer's artifacts, go 
to that
-  # directory and run the fuzzer from there. When the fuzzer exits the input
-  # artifact that caused it to exit will be written to a directory within the
-  # build directory
+  # A directory in the build directory is created to hold the fuzzer's
+  # artifacts as a pre-build command for the command interpreter's executable
+  # target. When the fuzzer exits the input artifact that caused it to exit
+  # will be written to this directory.
+
+  add_custom_command(TARGET lldb-commandinterpreter-fuzzer PRE_BUILD
+COMMAND ${CMAKE_COMMAND} -E make_directory 
${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts
+)
+
   add_custom_target(fuzz-lldb-commandinterpreter
 COMMENT "Running the LLDB command interpreter fuzzer..."
-COMMAND mkdir -p 
${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts &&
-cd ${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts
-&& $ 
-dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt  -only_ascii=1 
-artifact_prefix=commandinterpreter-
+WORKING_DIRECTORY 
${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts
+COMMAND  $ 
-dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt  -only_ascii=1 
-artifact_prefix=commandinterpreter-
 USES_TERMINAL
 )
 endif()


Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer/CMakeLists.txt
@@ -15,9 +15,14 @@
 lldbFuzzerUtils
 )
 
+  add_custom_command(TARGET lldb-target-fuzzer PRE_BUILD
+COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts
+)
+
   add_custom_target(fuzz-lldb-target
 COMMENT "Running the LLDB target fuzzer..."
-COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && $
+WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/fuzzer-artifacts/target-artifacts
+COMMAND $ -artifact_prefix=target-
 USES_TERMINAL
 )
 endif()
Index: lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -14,15 +14,19 @@
 liblldb
 )
 
-  # This will create a directory specifically for the fuzzer's artifacts, go to that
-  # directory and run the fuzzer from there. When the fuzzer exits the input
-  # artifact that caused it to exit will be written to a directory within the
-  # build directory
+  # A directory in the build directory is created to hold the fuzzer's
+  # artifacts as a pre-build command for the command interpreter's executable
+  # target. When the fuzzer exits the input artifact that caused it to exit
+  # will be written to this directory.
+
+  add_custom_command(TARGET lldb-commandinterpreter-fuzzer PRE_BUILD
+COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts
+)
+
   add_custom_target(fuzz-lldb-commandinterpreter
 COMMENT "Running the LLDB command interpreter fuzzer..."
-COMMAND mkdir -p ${CMAKE_BINARY_D

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

[Chelsea Cassanova via Phabricator via lldb-commits]

This revision was automatically updated to reflect the committed changes.
Closed by commit rG43d7320e7111: [lldb][docs] Add documentation for LLDB 
fuzzers (authored by cassanova).

Changed prior to commit:
  https://reviews.llvm.org/D132148?vs=453808&id=456058#toc

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

Files:
  lldb/docs/index.rst
  lldb/docs/resources/fuzzing.rst


Index: lldb/docs/resources/fuzzing.rst
===
--- /dev/null
+++ lldb/docs/resources/fuzzing.rst
@@ -0,0 +1,68 @@
+Fuzzing LLDB
+
+
+Overview
+
+
+LLDB has fuzzers that provide automated `fuzz testing 
`_ for different components of LLDB. The 
fuzzers are built with `libFuzzer `_ . 
Currently, there are fuzzers for target creation, LLDB's command interpreter 
and LLDB's expression evaluator.
+
+Building the fuzzers
+
+
+Building the LLDB fuzzers requires a build configuration that has the address 
sanitizer and sanitizer coverage enabled. In addition to your regular CMake 
arguments, you will need these argumets to build the fuzzers:
+
+::
+   -DLLVM_USE_SANITIZER='Address' \
+   -DLLVM_USE_SANITIZE_COVERAGE=On \
+   -DCLANG_ENABLE_PROTO_FUZZER=ON
+
+More information on libFuzzer's sanitizer coverage is available here: 
``_
+
+If you want to debug LLDB itself when you find a bug using the fuzzers, use 
the CMake option ``-DCMAKE_BUILD_TYPE='RelWithDebInfo'``
+
+To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to 
build:
+
+::
+   $ ninja lldb-target-fuzzer
+   $ ninja lldb-commandinterpreter-fuzzer
+   $ ninja lldb-expression-fuzzer
+
+Once built, the binaries for the fuzzers will exist in the ``bin`` directory 
of your build folder.
+
+Continuous integration
+--
+
+Currently, there are plans to integrate the LLDB fuzzers into the `OSS Fuzz 
`_ project for continuous integration.
+
+Running the fuzzers
+---
+
+If you want to run the fuzzers locally, you can run the binaries that were 
generated with ninja from the build directory:
+
+::
+   $ ./bin/lldb-target-fuzzer
+   $ ./bin/lldb-commandinterpreter-fuzzer
+   $ ./bin/lldb-expression-fuzzer
+
+This will run the fuzzer binaries directly, and you can use the `libFuzzer 
options `_ to customize how the 
fuzzers are run.
+
+Another way to run the fuzzers is to use a ninja target that will both build 
the fuzzers and then run them immediately after. These custom targets run each 
fuzzer with command-line arguments that provide better fuzzing for the 
components being tested. Running the fuzzers this way will also create 
directories that will store any inputs that caused LLDB to crash, timeout or 
run out of memory. The directories are created for each fuzzer.
+
+To run the custom ninja targets, run the command for your desired fuzzer:
+
+::
+   $ ninja fuzz-lldb-target
+   $ ninja fuzz-lldb-commandinterpreter
+   $ ninja fuzz-lldb-expression
+
+Investigating and reproducing bugs
+--
+
+When the fuzzers find an input that causes LLDB to crash, timeout or run out 
of memory, the input is saved to a file in the build directory. When running 
the fuzzer binaries directly this input is stored in a file named 
``-``.
+
+When running the fuzzers using the custom ninja targets shown above, the 
inputs will be stored in ``fuzzer-artifacts/-artifacts``, which is 
created in your build directory. The input files will have the name ``--``.
+
+If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the individual input to the fuzzer binary as a command-line 
argument:
+
+::
+   $ ./ 
Index: lldb/docs/index.rst
===
--- lldb/docs/index.rst
+++ lldb/docs/index.rst
@@ -150,6 +150,7 @@
resources/contributing
resources/build
resources/test
+   resources/fuzzing
resources/bots
resources/caveats
 


Index: lldb/docs/resources/fuzzing.rst
===
--- /dev/null
+++ lldb/docs/resources/fuzzing.rst
@@ -0,0 +1,68 @@
+Fuzzing LLDB
+
+
+Overview
+
+
+LLDB has fuzzers that provide automated `fuzz testing `_ for different components of LLDB. The fuzzers are built with `libFuzzer `_ . Currently, there are fuzzers for target creation, LLDB's command interpreter and LLDB's expression evaluator.
+
+Building the fuzzers
+
+
+Building the LLDB fuzzers requires a build configuration that has the address sanitizer and sanitizer coverage

[Lldb-commits] [PATCH] D132775: [lldb][docs] Fix formatting in fuzzing doc

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova created this revision.
cassanova added reviewers: JDevlieghere, mib.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a project: LLDB.
Herald added a subscriber: lldb-commits.

The page for fuzzing LLDB had incorrectly formatted code, this commit fixes 
that.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D132775

Files:
  lldb/docs/resources/fuzzing.rst


Index: lldb/docs/resources/fuzzing.rst
===
--- lldb/docs/resources/fuzzing.rst
+++ lldb/docs/resources/fuzzing.rst
@@ -12,6 +12,7 @@
 Building the LLDB fuzzers requires a build configuration that has the address 
sanitizer and sanitizer coverage enabled. In addition to your regular CMake 
arguments, you will need these argumets to build the fuzzers:
 
 ::
+
-DLLVM_USE_SANITIZER='Address' \
-DLLVM_USE_SANITIZE_COVERAGE=On \
-DCLANG_ENABLE_PROTO_FUZZER=ON
@@ -23,6 +24,7 @@
 To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to 
build:
 
 ::
+
$ ninja lldb-target-fuzzer
$ ninja lldb-commandinterpreter-fuzzer
$ ninja lldb-expression-fuzzer
@@ -40,6 +42,7 @@
 If you want to run the fuzzers locally, you can run the binaries that were 
generated with ninja from the build directory:
 
 ::
+
$ ./bin/lldb-target-fuzzer
$ ./bin/lldb-commandinterpreter-fuzzer
$ ./bin/lldb-expression-fuzzer
@@ -51,6 +54,7 @@
 To run the custom ninja targets, run the command for your desired fuzzer:
 
 ::
+
$ ninja fuzz-lldb-target
$ ninja fuzz-lldb-commandinterpreter
$ ninja fuzz-lldb-expression
@@ -65,4 +69,5 @@
 If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the individual input to the fuzzer binary as a command-line 
argument:
 
 ::
+
$ ./ 


Index: lldb/docs/resources/fuzzing.rst
===
--- lldb/docs/resources/fuzzing.rst
+++ lldb/docs/resources/fuzzing.rst
@@ -12,6 +12,7 @@
 Building the LLDB fuzzers requires a build configuration that has the address sanitizer and sanitizer coverage enabled. In addition to your regular CMake arguments, you will need these argumets to build the fuzzers:
 
 ::
+
-DLLVM_USE_SANITIZER='Address' \
-DLLVM_USE_SANITIZE_COVERAGE=On \
-DCLANG_ENABLE_PROTO_FUZZER=ON
@@ -23,6 +24,7 @@
 To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to build:
 
 ::
+
$ ninja lldb-target-fuzzer
$ ninja lldb-commandinterpreter-fuzzer
$ ninja lldb-expression-fuzzer
@@ -40,6 +42,7 @@
 If you want to run the fuzzers locally, you can run the binaries that were generated with ninja from the build directory:
 
 ::
+
$ ./bin/lldb-target-fuzzer
$ ./bin/lldb-commandinterpreter-fuzzer
$ ./bin/lldb-expression-fuzzer
@@ -51,6 +54,7 @@
 To run the custom ninja targets, run the command for your desired fuzzer:
 
 ::
+
$ ninja fuzz-lldb-target
$ ninja fuzz-lldb-commandinterpreter
$ ninja fuzz-lldb-expression
@@ -65,4 +69,5 @@
 If you want to reproduce the issue found by a fuzzer once you have gotten the input, you can pass the individual input to the fuzzer binary as a command-line argument:
 
 ::
+
$ ./ 
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D132775: [lldb][docs] Fix formatting in fuzzing doc

[Chelsea Cassanova via Phabricator via lldb-commits]

This revision was automatically updated to reflect the committed changes.
Closed by commit rG53f1cc85e3de: [lldb][docs] Fix formatting in fuzzing doc 
(authored by cassanova).

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132775/new/

https://reviews.llvm.org/D132775

Files:
  lldb/docs/resources/fuzzing.rst


Index: lldb/docs/resources/fuzzing.rst
===
--- lldb/docs/resources/fuzzing.rst
+++ lldb/docs/resources/fuzzing.rst
@@ -12,6 +12,7 @@
 Building the LLDB fuzzers requires a build configuration that has the address 
sanitizer and sanitizer coverage enabled. In addition to your regular CMake 
arguments, you will need these argumets to build the fuzzers:
 
 ::
+
-DLLVM_USE_SANITIZER='Address' \
-DLLVM_USE_SANITIZE_COVERAGE=On \
-DCLANG_ENABLE_PROTO_FUZZER=ON
@@ -23,6 +24,7 @@
 To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to 
build:
 
 ::
+
$ ninja lldb-target-fuzzer
$ ninja lldb-commandinterpreter-fuzzer
$ ninja lldb-expression-fuzzer
@@ -40,6 +42,7 @@
 If you want to run the fuzzers locally, you can run the binaries that were 
generated with ninja from the build directory:
 
 ::
+
$ ./bin/lldb-target-fuzzer
$ ./bin/lldb-commandinterpreter-fuzzer
$ ./bin/lldb-expression-fuzzer
@@ -51,6 +54,7 @@
 To run the custom ninja targets, run the command for your desired fuzzer:
 
 ::
+
$ ninja fuzz-lldb-target
$ ninja fuzz-lldb-commandinterpreter
$ ninja fuzz-lldb-expression
@@ -65,4 +69,5 @@
 If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the individual input to the fuzzer binary as a command-line 
argument:
 
 ::
+
$ ./ 


Index: lldb/docs/resources/fuzzing.rst
===
--- lldb/docs/resources/fuzzing.rst
+++ lldb/docs/resources/fuzzing.rst
@@ -12,6 +12,7 @@
 Building the LLDB fuzzers requires a build configuration that has the address sanitizer and sanitizer coverage enabled. In addition to your regular CMake arguments, you will need these argumets to build the fuzzers:
 
 ::
+
-DLLVM_USE_SANITIZER='Address' \
-DLLVM_USE_SANITIZE_COVERAGE=On \
-DCLANG_ENABLE_PROTO_FUZZER=ON
@@ -23,6 +24,7 @@
 To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to build:
 
 ::
+
$ ninja lldb-target-fuzzer
$ ninja lldb-commandinterpreter-fuzzer
$ ninja lldb-expression-fuzzer
@@ -40,6 +42,7 @@
 If you want to run the fuzzers locally, you can run the binaries that were generated with ninja from the build directory:
 
 ::
+
$ ./bin/lldb-target-fuzzer
$ ./bin/lldb-commandinterpreter-fuzzer
$ ./bin/lldb-expression-fuzzer
@@ -51,6 +54,7 @@
 To run the custom ninja targets, run the command for your desired fuzzer:
 
 ::
+
$ ninja fuzz-lldb-target
$ ninja fuzz-lldb-commandinterpreter
$ ninja fuzz-lldb-expression
@@ -65,4 +69,5 @@
 If you want to reproduce the issue found by a fuzzer once you have gotten the input, you can pass the individual input to the fuzzer binary as a command-line argument:
 
 ::
+
$ ./ 
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D133546: [lldb][fuzz] Allow expression fuzzer to be passed as a flag.

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added inline comments.



Comment at: 
lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp:66
 ReportError(
 "no target path specified in with the LLDB_FUZZER_TARGET variable");
 

I think having a flag for the fuzzer target alongside the env variable is a 
good addition. My only wonder is if there should be an error message if no flag 
is specified so that anyone that uses this knows that they can use a flag as 
well.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D133546/new/

https://reviews.llvm.org/D133546

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D133546: [lldb][fuzz] Allow expression fuzzer to be passed as a flag.

[Chelsea Cassanova via Phabricator via lldb-commits]

cassanova added a comment.

The wording is good, LGTM!


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D133546/new/

https://reviews.llvm.org/D133546

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits