[Lldb-commits] [PATCH] D122461: [lldb] Add a fuzzer for target create
This revision was automatically updated to reflect the committed changes. JDevlieghere marked an inline comment as done. Closed by commit rG61efe14e21b2: [lldb] Add a fuzzer for target creation (authored by JDevlieghere). Herald added projects: LLDB, LLVM. Herald added a subscriber: llvm-commits. Changed prior to commit: https://reviews.llvm.org/D122461?vs=418133&id=418252#toc Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D122461/new/ https://reviews.llvm.org/D122461 Files: lldb/tools/CMakeLists.txt lldb/tools/lldb-fuzzer/CMakeLists.txt lldb/tools/lldb-fuzzer/lldb-target-fuzzer.cpp lldb/tools/lldb-fuzzer/utils/CMakeLists.txt lldb/tools/lldb-fuzzer/utils/TempFile.cpp lldb/tools/lldb-fuzzer/utils/TempFile.h llvm/docs/FuzzingLLVM.rst Index: llvm/docs/FuzzingLLVM.rst === --- llvm/docs/FuzzingLLVM.rst +++ llvm/docs/FuzzingLLVM.rst @@ -158,6 +158,11 @@ .. |LLVM IR fuzzer| replace:: :ref:`structured LLVM IR fuzzer ` +lldb-target-fuzzer +- + +A |generic fuzzer| that interprets inputs as object files and uses them to +create a target in lldb. Mutators and Input Generators = Index: lldb/tools/lldb-fuzzer/utils/TempFile.h === --- /dev/null +++ lldb/tools/lldb-fuzzer/utils/TempFile.h @@ -0,0 +1,27 @@ +//===-- TempFile.h --*- C++ -*-===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===--===// + +#include "llvm/ADT/SmallString.h" +#include "llvm/ADT/StringRef.h" +#include "llvm/Support/Error.h" + +namespace lldb_fuzzer { + +class TempFile { +public: + TempFile() = default; + ~TempFile(); + + static std::unique_ptr Create(uint8_t *data, size_t size); + llvm::StringRef GetPath() { return m_path.str(); } + +private: + llvm::SmallString<128> m_path; +}; + +} // namespace lldb_fuzzer Index: lldb/tools/lldb-fuzzer/utils/TempFile.cpp === --- /dev/null +++ lldb/tools/lldb-fuzzer/utils/TempFile.cpp @@ -0,0 +1,33 @@ +//===-- TempFile.cpp --===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===--===// + +#include "llvm/Support/FileSystem.h" +#include + +using namespace lldb_fuzzer; +using namespace llvm; + +TempFile::~TempFile() { + if (!m_path.empty()) +sys::fs::remove(m_path.str(), true); +} + +std::unique_ptr TempFile::Create(uint8_t *data, size_t size) { + int fd; + std::unique_ptr temp_file = std::make_unique(); + std::error_code ec = sys::fs::createTemporaryFile("lldb-fuzzer", "input", fd, +temp_file->m_path); + if (ec) +return nullptr; + + raw_fd_ostream os(fd, true); + os.write(reinterpret_cast(data), size); + os.close(); + + return temp_file; +} Index: lldb/tools/lldb-fuzzer/utils/CMakeLists.txt === --- /dev/null +++ lldb/tools/lldb-fuzzer/utils/CMakeLists.txt @@ -0,0 +1,6 @@ +add_lldb_library(lldbFuzzerUtils + TempFile.cpp + + LINK_COMPONENTS +Support + ) Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer.cpp === --- /dev/null +++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer.cpp @@ -0,0 +1,35 @@ +//===-- lldb-target-fuzzer.cpp - Fuzz target creation -===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===--===// + +#include + +#include "lldb/API/SBDebugger.h" +#include "lldb/API/SBTarget.h" + +using namespace lldb; +using namespace lldb_fuzzer; +using namespace llvm; + +extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { + SBDebugger::Initialize(); + return 0; +} + +extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) { + std::unique_ptr file = TempFile::Create(data, size); + if (!file) +return 1; + + SBDebugger debugger = SBDebugger::Create(false); + SBTarget target = debugger.CreateTarget(file->GetPath().data()); + debugger.DeleteTarget(target); + SBDebugger::Destroy(debugger); + SBModule::GarbageCollectAllocatedModules(); + + return 0; +} Index: lldb/t
[Lldb-commits] [PATCH] D122461: [lldb] Add a fuzzer for target create
JDevlieghere marked an inline comment as done. JDevlieghere added inline comments. Comment at: lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp:24 +extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) { + auto file = TempFile::Create(data, size); + if (!file) labath wrote: > Not an ideal use of auto -- it's clear that this returns some form of > TempFile, but if this were say Expected, then the code would be > incorrect (but still compile). Agreed. Originally I was returning a `llvm::Expected>` but the inability to create a temp file isn't all that interesting and without the expected the logic can be a lot simpler. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D122461/new/ https://reviews.llvm.org/D122461 ___ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
[Lldb-commits] [PATCH] D122461: [lldb] Add a fuzzer for target create
labath added subscribers: cmtice, labath. labath accepted this revision. labath added a comment. This revision is now accepted and ready to land. I like this. Comment at: lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp:24 +extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) { + auto file = TempFile::Create(data, size); + if (!file) Not an ideal use of auto -- it's clear that this returns some form of TempFile, but if this were say Expected, then the code would be incorrect (but still compile). CHANGES SINCE LAST ACTION https://reviews.llvm.org/D122461/new/ https://reviews.llvm.org/D122461 ___ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
[Lldb-commits] [PATCH] D122461: [lldb] Add a fuzzer for target create
JDevlieghere updated this revision to Diff 418133. JDevlieghere added a comment. Fix ASCII art CHANGES SINCE LAST ACTION https://reviews.llvm.org/D122461/new/ https://reviews.llvm.org/D122461 Files: lldb/tools/CMakeLists.txt lldb/tools/lldb-fuzzer/CMakeLists.txt lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp lldb/tools/lldb-fuzzer/utils/CMakeLists.txt lldb/tools/lldb-fuzzer/utils/TempFile.cpp lldb/tools/lldb-fuzzer/utils/TempFile.h Index: lldb/tools/lldb-fuzzer/utils/TempFile.h === --- /dev/null +++ lldb/tools/lldb-fuzzer/utils/TempFile.h @@ -0,0 +1,27 @@ +//===-- TempFile.h --*- C++ -*-===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===--===// + +#include "llvm/ADT/SmallString.h" +#include "llvm/ADT/StringRef.h" +#include "llvm/Support/Error.h" + +namespace lldb_fuzzer { + +class TempFile { +public: + TempFile() = default; + ~TempFile(); + + static std::unique_ptr Create(uint8_t *data, size_t size); + llvm::StringRef GetPath() { return m_path.str(); } + +private: + llvm::SmallString<128> m_path; +}; + +} // namespace lldb_fuzzer Index: lldb/tools/lldb-fuzzer/utils/TempFile.cpp === --- /dev/null +++ lldb/tools/lldb-fuzzer/utils/TempFile.cpp @@ -0,0 +1,33 @@ +//===-- TempFile.cpp --===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===--===// + +#include "llvm/Support/FileSystem.h" +#include + +using namespace lldb_fuzzer; +using namespace llvm; + +TempFile::~TempFile() { + if (!m_path.empty()) +sys::fs::remove(m_path.str(), true); +} + +std::unique_ptr TempFile::Create(uint8_t *data, size_t size) { + int fd; + std::unique_ptr temp_file = std::make_unique(); + std::error_code ec = sys::fs::createTemporaryFile("lldb-fuzzer", "input", fd, +temp_file->m_path); + if (ec) +return nullptr; + + raw_fd_ostream os(fd, true); + os.write(reinterpret_cast(data), size); + os.close(); + + return temp_file; +} Index: lldb/tools/lldb-fuzzer/utils/CMakeLists.txt === --- /dev/null +++ lldb/tools/lldb-fuzzer/utils/CMakeLists.txt @@ -0,0 +1,6 @@ +add_lldb_library(lldbFuzzerUtils + TempFile.cpp + + LINK_COMPONENTS +Support + ) Index: lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp === --- /dev/null +++ lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp @@ -0,0 +1,34 @@ +//===-- lldb-fuzzer-target.cpp - Fuzz target creation -===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===--===// + +#include + +#include "lldb/API/SBDebugger.h" +#include "lldb/API/SBTarget.h" + +using namespace lldb; +using namespace lldb_fuzzer; +using namespace llvm; + +extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { + SBDebugger::Initialize(); + return 0; +} + +extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) { + auto file = TempFile::Create(data, size); + if (!file) +return 1; + + SBDebugger debugger = SBDebugger::Create(false); + SBTarget target = debugger.CreateTarget(file->GetPath().data()); + debugger.DeleteTarget(target); + SBDebugger::Destroy(debugger); + + return 0; +} Index: lldb/tools/lldb-fuzzer/CMakeLists.txt === --- /dev/null +++ lldb/tools/lldb-fuzzer/CMakeLists.txt @@ -0,0 +1,17 @@ +add_subdirectory(utils) + +set(LLVM_LINK_COMPONENTS + Support + ) + +add_llvm_fuzzer(lldb-fuzzer-target + EXCLUDE_FROM_ALL + lldb-fuzzer-target.cpp + ) + +target_link_libraries(lldb-fuzzer-target + PRIVATE + liblldb + lldbFuzzerUtils + ) + Index: lldb/tools/CMakeLists.txt === --- lldb/tools/CMakeLists.txt +++ lldb/tools/CMakeLists.txt @@ -6,6 +6,7 @@ # i.e. if a target requires it as dependency. The typical # example is `check-lldb`. So, we pass EXCLUDE_FROM_ALL here. add_subdirectory(lldb-test EXCLUDE_FROM_ALL) +add_subdirectory(lldb-fuzzer EXCLUDE_FROM_ALL) add_lldb_tool_subdirectory(lldb-instr) add_lldb_tool_sub
[Lldb-commits] [PATCH] D122461: [lldb] Add a fuzzer for target create
JDevlieghere created this revision. JDevlieghere added a reviewer: LLDB. Herald added a subscriber: mgorny. Herald added a project: All. JDevlieghere requested review of this revision. This patch adds a fuzzer that interprets inputs as object files and makes lldb create targets from them. It is very similar to the llvm-dwarfdump fuzzer which found a bunch of issues in libObject. I let it run in the background for an hour or so and it identified 15 or so inputs that cause lldb to crash. https://reviews.llvm.org/D122461 Files: lldb/tools/CMakeLists.txt lldb/tools/lldb-fuzzer/CMakeLists.txt lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp lldb/tools/lldb-fuzzer/utils/CMakeLists.txt lldb/tools/lldb-fuzzer/utils/TempFile.cpp lldb/tools/lldb-fuzzer/utils/TempFile.h Index: lldb/tools/lldb-fuzzer/utils/TempFile.h === --- /dev/null +++ lldb/tools/lldb-fuzzer/utils/TempFile.h @@ -0,0 +1,27 @@ +//===-- Utils.h ---===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===--===// + +#include "llvm/ADT/SmallString.h" +#include "llvm/ADT/StringRef.h" +#include "llvm/Support/Error.h" + +namespace lldb_fuzzer { + +class TempFile { +public: + TempFile() = default; + ~TempFile(); + + static std::unique_ptr Create(uint8_t *data, size_t size); + llvm::StringRef GetPath() { return m_path.str(); } + +private: + llvm::SmallString<128> m_path; +}; + +} // namespace lldb_fuzzer Index: lldb/tools/lldb-fuzzer/utils/TempFile.cpp === --- /dev/null +++ lldb/tools/lldb-fuzzer/utils/TempFile.cpp @@ -0,0 +1,33 @@ +//===-- Utils.cpp -===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===--===// + +#include "llvm/Support/FileSystem.h" +#include + +using namespace lldb_fuzzer; +using namespace llvm; + +TempFile::~TempFile() { + if (!m_path.empty()) +sys::fs::remove(m_path.str(), true); +} + +std::unique_ptr TempFile::Create(uint8_t *data, size_t size) { + int fd; + std::unique_ptr temp_file = std::make_unique(); + std::error_code ec = sys::fs::createTemporaryFile("lldb-fuzzer", "input", fd, +temp_file->m_path); + if (ec) +return nullptr; + + raw_fd_ostream os(fd, true); + os.write(reinterpret_cast(data), size); + os.close(); + + return temp_file; +} Index: lldb/tools/lldb-fuzzer/utils/CMakeLists.txt === --- /dev/null +++ lldb/tools/lldb-fuzzer/utils/CMakeLists.txt @@ -0,0 +1,6 @@ +add_lldb_library(lldbFuzzerUtils + TempFile.cpp + + LINK_COMPONENTS +Support + ) Index: lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp === --- /dev/null +++ lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp @@ -0,0 +1,34 @@ +//===-- lldb-fuzzer-target.cpp - Fuzz LLDB ===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===--===// + +#include + +#include "lldb/API/SBDebugger.h" +#include "lldb/API/SBTarget.h" + +using namespace lldb; +using namespace lldb_fuzzer; +using namespace llvm; + +extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { + SBDebugger::Initialize(); + return 0; +} + +extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) { + auto file = TempFile::Create(data, size); + if (!file) +return 1; + + SBDebugger debugger = SBDebugger::Create(false); + SBTarget target = debugger.CreateTarget(file->GetPath().data()); + debugger.DeleteTarget(target); + SBDebugger::Destroy(debugger); + + return 0; +} Index: lldb/tools/lldb-fuzzer/CMakeLists.txt === --- /dev/null +++ lldb/tools/lldb-fuzzer/CMakeLists.txt @@ -0,0 +1,17 @@ +add_subdirectory(utils) + +set(LLVM_LINK_COMPONENTS + Support + ) + +add_llvm_fuzzer(lldb-fuzzer-target + EXCLUDE_FROM_ALL + lldb-fuzzer-target.cpp + ) + +target_link_libraries(lldb-fuzzer-target + PRIVATE + liblldb + lldbFuzzerUtils + ) + Index: lldb/tools/CMakeLists.txt === --- lldb/tools/CMak