[Lldb-commits] [PATCH] D122461: [lldb] Add a fuzzer for target create
This revision was automatically updated to reflect the committed changes.
JDevlieghere marked an inline comment as done.
Closed by commit rG61efe14e21b2: [lldb] Add a fuzzer for target creation
(authored by JDevlieghere).
Herald added projects: LLDB, LLVM.
Herald added a subscriber: llvm-commits.
Changed prior to commit:
https://reviews.llvm.org/D122461?vs=418133&id=418252#toc
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D122461/new/
https://reviews.llvm.org/D122461
Files:
lldb/tools/CMakeLists.txt
lldb/tools/lldb-fuzzer/CMakeLists.txt
lldb/tools/lldb-fuzzer/lldb-target-fuzzer.cpp
lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
lldb/tools/lldb-fuzzer/utils/TempFile.cpp
lldb/tools/lldb-fuzzer/utils/TempFile.h
llvm/docs/FuzzingLLVM.rst
Index: llvm/docs/FuzzingLLVM.rst
===
--- llvm/docs/FuzzingLLVM.rst
+++ llvm/docs/FuzzingLLVM.rst
@@ -158,6 +158,11 @@
.. |LLVM IR fuzzer|
replace:: :ref:`structured LLVM IR fuzzer `
+lldb-target-fuzzer
+-
+
+A |generic fuzzer| that interprets inputs as object files and uses them to
+create a target in lldb.
Mutators and Input Generators
=
Index: lldb/tools/lldb-fuzzer/utils/TempFile.h
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/utils/TempFile.h
@@ -0,0 +1,27 @@
+//===-- TempFile.h --*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "llvm/ADT/SmallString.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+namespace lldb_fuzzer {
+
+class TempFile {
+public:
+ TempFile() = default;
+ ~TempFile();
+
+ static std::unique_ptr Create(uint8_t *data, size_t size);
+ llvm::StringRef GetPath() { return m_path.str(); }
+
+private:
+ llvm::SmallString<128> m_path;
+};
+
+} // namespace lldb_fuzzer
Index: lldb/tools/lldb-fuzzer/utils/TempFile.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/utils/TempFile.cpp
@@ -0,0 +1,33 @@
+//===-- TempFile.cpp --===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "llvm/Support/FileSystem.h"
+#include
+
+using namespace lldb_fuzzer;
+using namespace llvm;
+
+TempFile::~TempFile() {
+ if (!m_path.empty())
+sys::fs::remove(m_path.str(), true);
+}
+
+std::unique_ptr TempFile::Create(uint8_t *data, size_t size) {
+ int fd;
+ std::unique_ptr temp_file = std::make_unique();
+ std::error_code ec = sys::fs::createTemporaryFile("lldb-fuzzer", "input", fd,
+temp_file->m_path);
+ if (ec)
+return nullptr;
+
+ raw_fd_ostream os(fd, true);
+ os.write(reinterpret_cast(data), size);
+ os.close();
+
+ return temp_file;
+}
Index: lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
@@ -0,0 +1,6 @@
+add_lldb_library(lldbFuzzerUtils
+ TempFile.cpp
+
+ LINK_COMPONENTS
+Support
+ )
Index: lldb/tools/lldb-fuzzer/lldb-target-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-target-fuzzer.cpp
@@ -0,0 +1,35 @@
+//===-- lldb-target-fuzzer.cpp - Fuzz target creation -===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include
+
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+
+using namespace lldb;
+using namespace lldb_fuzzer;
+using namespace llvm;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+ SBDebugger::Initialize();
+ return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+ std::unique_ptr file = TempFile::Create(data, size);
+ if (!file)
+return 1;
+
+ SBDebugger debugger = SBDebugger::Create(false);
+ SBTarget target = debugger.CreateTarget(file->GetPath().data());
+ debugger.DeleteTarget(target);
+ SBDebugger::Destroy(debugger);
+ SBModule::GarbageCollectAllocatedModules();
+
+ return 0;
+}
Index: lldb/t
[Lldb-commits] [PATCH] D122461: [lldb] Add a fuzzer for target create
JDevlieghere marked an inline comment as done.
JDevlieghere added inline comments.
Comment at: lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp:24
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+ auto file = TempFile::Create(data, size);
+ if (!file)
labath wrote:
> Not an ideal use of auto -- it's clear that this returns some form of
> TempFile, but if this were say Expected, then the code would be
> incorrect (but still compile).
Agreed. Originally I was returning a
`llvm::Expected>` but the inability to create a temp
file isn't all that interesting and without the expected the logic can be a lot
simpler.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D122461/new/
https://reviews.llvm.org/D122461
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
[Lldb-commits] [PATCH] D122461: [lldb] Add a fuzzer for target create
labath added subscribers: cmtice, labath.
labath accepted this revision.
labath added a comment.
This revision is now accepted and ready to land.
I like this.
Comment at: lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp:24
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+ auto file = TempFile::Create(data, size);
+ if (!file)
Not an ideal use of auto -- it's clear that this returns some form of TempFile,
but if this were say Expected, then the code would be incorrect (but
still compile).
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D122461/new/
https://reviews.llvm.org/D122461
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
[Lldb-commits] [PATCH] D122461: [lldb] Add a fuzzer for target create
JDevlieghere updated this revision to Diff 418133.
JDevlieghere added a comment.
Fix ASCII art
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D122461/new/
https://reviews.llvm.org/D122461
Files:
lldb/tools/CMakeLists.txt
lldb/tools/lldb-fuzzer/CMakeLists.txt
lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp
lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
lldb/tools/lldb-fuzzer/utils/TempFile.cpp
lldb/tools/lldb-fuzzer/utils/TempFile.h
Index: lldb/tools/lldb-fuzzer/utils/TempFile.h
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/utils/TempFile.h
@@ -0,0 +1,27 @@
+//===-- TempFile.h --*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "llvm/ADT/SmallString.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+namespace lldb_fuzzer {
+
+class TempFile {
+public:
+ TempFile() = default;
+ ~TempFile();
+
+ static std::unique_ptr Create(uint8_t *data, size_t size);
+ llvm::StringRef GetPath() { return m_path.str(); }
+
+private:
+ llvm::SmallString<128> m_path;
+};
+
+} // namespace lldb_fuzzer
Index: lldb/tools/lldb-fuzzer/utils/TempFile.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/utils/TempFile.cpp
@@ -0,0 +1,33 @@
+//===-- TempFile.cpp --===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "llvm/Support/FileSystem.h"
+#include
+
+using namespace lldb_fuzzer;
+using namespace llvm;
+
+TempFile::~TempFile() {
+ if (!m_path.empty())
+sys::fs::remove(m_path.str(), true);
+}
+
+std::unique_ptr TempFile::Create(uint8_t *data, size_t size) {
+ int fd;
+ std::unique_ptr temp_file = std::make_unique();
+ std::error_code ec = sys::fs::createTemporaryFile("lldb-fuzzer", "input", fd,
+temp_file->m_path);
+ if (ec)
+return nullptr;
+
+ raw_fd_ostream os(fd, true);
+ os.write(reinterpret_cast(data), size);
+ os.close();
+
+ return temp_file;
+}
Index: lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
@@ -0,0 +1,6 @@
+add_lldb_library(lldbFuzzerUtils
+ TempFile.cpp
+
+ LINK_COMPONENTS
+Support
+ )
Index: lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp
@@ -0,0 +1,34 @@
+//===-- lldb-fuzzer-target.cpp - Fuzz target creation -===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include
+
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+
+using namespace lldb;
+using namespace lldb_fuzzer;
+using namespace llvm;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+ SBDebugger::Initialize();
+ return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+ auto file = TempFile::Create(data, size);
+ if (!file)
+return 1;
+
+ SBDebugger debugger = SBDebugger::Create(false);
+ SBTarget target = debugger.CreateTarget(file->GetPath().data());
+ debugger.DeleteTarget(target);
+ SBDebugger::Destroy(debugger);
+
+ return 0;
+}
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -0,0 +1,17 @@
+add_subdirectory(utils)
+
+set(LLVM_LINK_COMPONENTS
+ Support
+ )
+
+add_llvm_fuzzer(lldb-fuzzer-target
+ EXCLUDE_FROM_ALL
+ lldb-fuzzer-target.cpp
+ )
+
+target_link_libraries(lldb-fuzzer-target
+ PRIVATE
+ liblldb
+ lldbFuzzerUtils
+ )
+
Index: lldb/tools/CMakeLists.txt
===
--- lldb/tools/CMakeLists.txt
+++ lldb/tools/CMakeLists.txt
@@ -6,6 +6,7 @@
# i.e. if a target requires it as dependency. The typical
# example is `check-lldb`. So, we pass EXCLUDE_FROM_ALL here.
add_subdirectory(lldb-test EXCLUDE_FROM_ALL)
+add_subdirectory(lldb-fuzzer EXCLUDE_FROM_ALL)
add_lldb_tool_subdirectory(lldb-instr)
add_lldb_tool_sub
[Lldb-commits] [PATCH] D122461: [lldb] Add a fuzzer for target create
JDevlieghere created this revision.
JDevlieghere added a reviewer: LLDB.
Herald added a subscriber: mgorny.
Herald added a project: All.
JDevlieghere requested review of this revision.
This patch adds a fuzzer that interprets inputs as object files and makes lldb
create targets from them. It is very similar to the llvm-dwarfdump fuzzer which
found a bunch of issues in libObject. I let it run in the background for an
hour or so and it identified 15 or so inputs that cause lldb to crash.
https://reviews.llvm.org/D122461
Files:
lldb/tools/CMakeLists.txt
lldb/tools/lldb-fuzzer/CMakeLists.txt
lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp
lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
lldb/tools/lldb-fuzzer/utils/TempFile.cpp
lldb/tools/lldb-fuzzer/utils/TempFile.h
Index: lldb/tools/lldb-fuzzer/utils/TempFile.h
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/utils/TempFile.h
@@ -0,0 +1,27 @@
+//===-- Utils.h ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "llvm/ADT/SmallString.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+namespace lldb_fuzzer {
+
+class TempFile {
+public:
+ TempFile() = default;
+ ~TempFile();
+
+ static std::unique_ptr Create(uint8_t *data, size_t size);
+ llvm::StringRef GetPath() { return m_path.str(); }
+
+private:
+ llvm::SmallString<128> m_path;
+};
+
+} // namespace lldb_fuzzer
Index: lldb/tools/lldb-fuzzer/utils/TempFile.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/utils/TempFile.cpp
@@ -0,0 +1,33 @@
+//===-- Utils.cpp -===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include "llvm/Support/FileSystem.h"
+#include
+
+using namespace lldb_fuzzer;
+using namespace llvm;
+
+TempFile::~TempFile() {
+ if (!m_path.empty())
+sys::fs::remove(m_path.str(), true);
+}
+
+std::unique_ptr TempFile::Create(uint8_t *data, size_t size) {
+ int fd;
+ std::unique_ptr temp_file = std::make_unique();
+ std::error_code ec = sys::fs::createTemporaryFile("lldb-fuzzer", "input", fd,
+temp_file->m_path);
+ if (ec)
+return nullptr;
+
+ raw_fd_ostream os(fd, true);
+ os.write(reinterpret_cast(data), size);
+ os.close();
+
+ return temp_file;
+}
Index: lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
@@ -0,0 +1,6 @@
+add_lldb_library(lldbFuzzerUtils
+ TempFile.cpp
+
+ LINK_COMPONENTS
+Support
+ )
Index: lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-fuzzer-target.cpp
@@ -0,0 +1,34 @@
+//===-- lldb-fuzzer-target.cpp - Fuzz LLDB ===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+
+#include
+
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+
+using namespace lldb;
+using namespace lldb_fuzzer;
+using namespace llvm;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+ SBDebugger::Initialize();
+ return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+ auto file = TempFile::Create(data, size);
+ if (!file)
+return 1;
+
+ SBDebugger debugger = SBDebugger::Create(false);
+ SBTarget target = debugger.CreateTarget(file->GetPath().data());
+ debugger.DeleteTarget(target);
+ SBDebugger::Destroy(debugger);
+
+ return 0;
+}
Index: lldb/tools/lldb-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -0,0 +1,17 @@
+add_subdirectory(utils)
+
+set(LLVM_LINK_COMPONENTS
+ Support
+ )
+
+add_llvm_fuzzer(lldb-fuzzer-target
+ EXCLUDE_FROM_ALL
+ lldb-fuzzer-target.cpp
+ )
+
+target_link_libraries(lldb-fuzzer-target
+ PRIVATE
+ liblldb
+ lldbFuzzerUtils
+ )
+
Index: lldb/tools/CMakeLists.txt
===
--- lldb/tools/CMak
