[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

2022-08-26 Thread Chelsea Cassanova via Phabricator via lldb-commits 
This revision was automatically updated to reflect the committed changes.
Closed by commit rG43d7320e7111: [lldb][docs] Add documentation for LLDB 
fuzzers (authored by cassanova).

Changed prior to commit:
  https://reviews.llvm.org/D132148?vs=453808&id=456058#toc

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

Files:
  lldb/docs/index.rst
  lldb/docs/resources/fuzzing.rst


Index: lldb/docs/resources/fuzzing.rst
===
--- /dev/null
+++ lldb/docs/resources/fuzzing.rst
@@ -0,0 +1,68 @@
+Fuzzing LLDB
+
+
+Overview
+
+
+LLDB has fuzzers that provide automated `fuzz testing 
`_ for different components of LLDB. The 
fuzzers are built with `libFuzzer `_ . 
Currently, there are fuzzers for target creation, LLDB's command interpreter 
and LLDB's expression evaluator.
+
+Building the fuzzers
+
+
+Building the LLDB fuzzers requires a build configuration that has the address 
sanitizer and sanitizer coverage enabled. In addition to your regular CMake 
arguments, you will need these argumets to build the fuzzers:
+
+::
+   -DLLVM_USE_SANITIZER='Address' \
+   -DLLVM_USE_SANITIZE_COVERAGE=On \
+   -DCLANG_ENABLE_PROTO_FUZZER=ON
+
+More information on libFuzzer's sanitizer coverage is available here: 
``_
+
+If you want to debug LLDB itself when you find a bug using the fuzzers, use 
the CMake option ``-DCMAKE_BUILD_TYPE='RelWithDebInfo'``
+
+To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to 
build:
+
+::
+   $ ninja lldb-target-fuzzer
+   $ ninja lldb-commandinterpreter-fuzzer
+   $ ninja lldb-expression-fuzzer
+
+Once built, the binaries for the fuzzers will exist in the ``bin`` directory 
of your build folder.
+
+Continuous integration
+--
+
+Currently, there are plans to integrate the LLDB fuzzers into the `OSS Fuzz 
`_ project for continuous integration.
+
+Running the fuzzers
+---
+
+If you want to run the fuzzers locally, you can run the binaries that were 
generated with ninja from the build directory:
+
+::
+   $ ./bin/lldb-target-fuzzer
+   $ ./bin/lldb-commandinterpreter-fuzzer
+   $ ./bin/lldb-expression-fuzzer
+
+This will run the fuzzer binaries directly, and you can use the `libFuzzer 
options `_ to customize how the 
fuzzers are run.
+
+Another way to run the fuzzers is to use a ninja target that will both build 
the fuzzers and then run them immediately after. These custom targets run each 
fuzzer with command-line arguments that provide better fuzzing for the 
components being tested. Running the fuzzers this way will also create 
directories that will store any inputs that caused LLDB to crash, timeout or 
run out of memory. The directories are created for each fuzzer.
+
+To run the custom ninja targets, run the command for your desired fuzzer:
+
+::
+   $ ninja fuzz-lldb-target
+   $ ninja fuzz-lldb-commandinterpreter
+   $ ninja fuzz-lldb-expression
+
+Investigating and reproducing bugs
+--
+
+When the fuzzers find an input that causes LLDB to crash, timeout or run out 
of memory, the input is saved to a file in the build directory. When running 
the fuzzer binaries directly this input is stored in a file named 
``-``.
+
+When running the fuzzers using the custom ninja targets shown above, the 
inputs will be stored in ``fuzzer-artifacts/-artifacts``, which is 
created in your build directory. The input files will have the name ``--``.
+
+If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the individual input to the fuzzer binary as a command-line 
argument:
+
+::
+   $ ./ 
Index: lldb/docs/index.rst
===
--- lldb/docs/index.rst
+++ lldb/docs/index.rst
@@ -150,6 +150,7 @@
resources/contributing
resources/build
resources/test
+   resources/fuzzing
resources/bots
resources/caveats
 


Index: lldb/docs/resources/fuzzing.rst
===
--- /dev/null
+++ lldb/docs/resources/fuzzing.rst
@@ -0,0 +1,68 @@
+Fuzzing LLDB
+
+
+Overview
+
+
+LLDB has fuzzers that provide automated `fuzz testing `_ for different components of LLDB. The fuzzers are built with `libFuzzer `_ . Currently, there are fuzzers for target creation, LLDB's command interpreter and LLDB's expression evaluator.
+
+Building the fuzzers
+
+
+Building the LLDB fuzzers requires a build configuration that has the address sanitizer and sanitizer coverage

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

2022-08-25 Thread Jonas Devlieghere via Phabricator via lldb-commits 
JDevlieghere accepted this revision.
JDevlieghere added a comment.
This revision is now accepted and ready to land.

LGTM modulo inline comment.




Comment at: lldb/docs/resources/fuzzing.rst:15-17
+   $ -DLLVM_USE_SANITIZER='Address'
+   $ -DLLVM_USE_SANITIZE_COVERAGE=On
+   $ -DCLANG_ENABLE_PROTO_FUZZER=ON

Remove the `$` because these are not shell commands.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

2022-08-18 Thread Chelsea Cassanova via Phabricator via lldb-commits 
cassanova updated this revision to Diff 453808.
cassanova added a comment.

Removed the full CMake invocation for the fuzzer build configuration.

Added the information on OSS Fuzz to its own section.

Changed build directory in fuzzer execution command to use a relative path.

Removed reference to using LLDB with fuzzer inputs.

Fixed typos.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

Files:
  lldb/docs/index.rst
  lldb/docs/resources/fuzzing.rst


Index: lldb/docs/resources/fuzzing.rst
===
--- /dev/null
+++ lldb/docs/resources/fuzzing.rst
@@ -0,0 +1,68 @@
+Fuzzing LLDB
+
+
+Overview
+
+
+LLDB has fuzzers that provide automated `fuzz testing 
`_ for different components of LLDB. The 
fuzzers are built with `libFuzzer `_ . 
Currently, there are fuzzers for target creation, LLDB's command interpreter 
and LLDB's expression evaluator.
+
+Building the fuzzers
+
+
+Building the LLDB fuzzers requires a build configuration that has the address 
sanitizer and sanitizer coverage enabled. In addition to your regular CMake 
arguments, you will need these argumets to build the fuzzers:
+
+::
+   $ -DLLVM_USE_SANITIZER='Address'
+   $ -DLLVM_USE_SANITIZE_COVERAGE=On
+   $ -DCLANG_ENABLE_PROTO_FUZZER=ON
+
+More information on libFuzzer's sanitizer coverage is available here: 
``_
+
+If you want to debug LLDB itself when you find a bug using the fuzzers, use 
the CMake option ``-DCMAKE_BUILD_TYPE='RelWithDebInfo'``
+
+To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to 
build:
+
+::
+   $ ninja lldb-target-fuzzer
+   $ ninja lldb-commandinterpreter-fuzzer
+   $ ninja lldb-expression-fuzzer
+
+Once built, the binaries for the fuzzers will exist in the ``bin`` directory 
of your build folder.
+
+Continuous integration
+--
+
+Currently, there are plans to integrate the LLDB fuzzers into the `OSS Fuzz 
`_ project for continuous integration.
+
+Running the fuzzers
+---
+
+If you want to run the fuzzers locally, you can run the binaries that were 
generated with ninja from the build directory:
+
+::
+   $ ./bin/lldb-target-fuzzer
+   $ ./bin/lldb-commandinterpreter-fuzzer
+   $ ./bin/lldb-expression-fuzzer
+
+This will run the fuzzer binaries directly, and you can use the `libFuzzer 
options `_ to customize how the 
fuzzers are run.
+
+Another way to run the fuzzers is to use a ninja target that will both build 
the fuzzers and then run them immediately after. These custom targets run each 
fuzzer with command-line arguments that provide better fuzzing for the 
components being tested. Running the fuzzers this way will also create 
directories that will store any inputs that caused LLDB to crash, timeout or 
run out of memory. The directories are created for each fuzzer.
+
+To run the custom ninja targets, run the command for your desired fuzzer:
+
+::
+   $ ninja fuzz-lldb-target
+   $ ninja fuzz-lldb-commandinterpreter
+   $ ninja fuzz-lldb-expression
+
+Investigating and reproducing bugs
+--
+
+When the fuzzers find an input that causes LLDB to crash, timeout or run out 
of memory, the input is saved to a file in the build directory. When running 
the fuzzer binaries directly this input is stored in a file named 
``-``.
+
+When running the fuzzers using the custom ninja targets shown above, the 
inputs will be stored in ``fuzzer-artifacts/-artifacts``, which is 
created in your build directory. The input files will have the name ``--``.
+
+If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the individual input to the fuzzer binary as a command-line 
argument:
+
+::
+   $ ./ 
Index: lldb/docs/index.rst
===
--- lldb/docs/index.rst
+++ lldb/docs/index.rst
@@ -150,6 +150,7 @@
resources/contributing
resources/build
resources/test
+   resources/fuzzing
resources/bots
resources/caveats
 


Index: lldb/docs/resources/fuzzing.rst
===
--- /dev/null
+++ lldb/docs/resources/fuzzing.rst
@@ -0,0 +1,68 @@
+Fuzzing LLDB
+
+
+Overview
+
+
+LLDB has fuzzers that provide automated `fuzz testing `_ for different components of LLDB. The fuzzers are built with `libFuzzer `_ . Currently, there are fuzzers for target creation, LLDB's command interpreter and LLDB's expression evaluator.
+
+Building the fuzzers
+
+
+Building the LLDB fuzzers requires a build configuration that has t

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

2022-08-18 Thread Chelsea Cassanova via Phabricator via lldb-commits 
cassanova added inline comments.



Comment at: lldb/docs/resources/fuzzing.rst:12
+
+Building the LLDB fuzzers requires a build configuration that has the address 
sanitizer and sanitizer coverage. This CMake invocation will configure a build 
directory that can be used to build the LLDB fuzzers:
+

mib wrote:
> missing word ?
Yep :)



Comment at: lldb/docs/resources/fuzzing.rst:14-26
+::
+   $ cmake  \
+-G Ninja \
+-DCMAKE_BUILD_TYPE='Release' \
+-DLLVM_USE_SANITIZER='Address' \
+-DLLVM_USE_SANITIZE_COVERAGE=On \
+-DLLVM_BUILD_RUNTIME=Off \

JDevlieghere wrote:
> I would simplify this a bit and say that in addition to your regular CMake 
> arguments, you have to pass `-DLLVM_USE_SANITIZER='Address'  
> -DLLVM_USE_SANITIZE_COVERAGE=On`. I think the libfuzzer documentation says 
> something similar so in addition to listing that explicitly here, we should 
> also include a link to that (in case that ever changes in the future). 
That's a good idea. I didn't mention this explicitly here but I put the entire 
CMake invocation because I assumed that someone who wanted to try this would be 
making a new, not-in-source-tree build directory.



Comment at: lldb/docs/resources/fuzzing.rst:37
+
+Note that building the LLDB expression evaluator fuzzer will require the CMake 
option ``-DCLANG_ENABLE_PROTO_FUZZER=ON``.
+

mib wrote:
> Is it an issue to have this enabled for the other fuzzers ? If not, may be 
> you should just add it to the general cmake invocation 
Having this enabled doesn't cause problems for the other fuzzers. I had this on 
its own in case there were people that didn't want to use all of the fuzzers 
and therefore wouldn't need this option enabled all the time.

I can place this in the line that would say "In addition to your regular CMake 
arguments...". Also having a target that builds all fuzzers is a good idea.



Comment at: lldb/docs/resources/fuzzing.rst:42
+
+Currently, there are plans to integrate the LLDB fuzzers into the `OSS Fuzz 
`_ project for continuous integration.
+

JDevlieghere wrote:
> I think this could be its own section that talks about where the fuzzers are 
> (will be) running. 
I can add a "Continuous Integration" section for OSS Fuzz



Comment at: lldb/docs/resources/fuzzing.rst:47-49
+   $ .//bin/lldb-target-fuzzer
+   $ .//bin/lldb-commandinterpreter-fuzzer
+   $ .//bin/lldb-expression-fuzzer

JDevlieghere wrote:
> I would say  "from the build directory" and use relative paths here.
Sounds good, what's funny is that I originally had the relative directories and 
then I removed them to try and be more general :)



Comment at: lldb/docs/resources/fuzzing.rst:69-72
+If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the input to LLDB depending on which component you were 
fuzzing. For example, if you found an input that crashed target creation, you 
could run:
+
+::
+   $ lldb 

JDevlieghere wrote:
> This is specific to LLDB's target fuzzer and not something I think folks 
> should rely on. libfuzzer makes it really easy to reproduce bugs (as you 
> explain below) so we should encourage everyone to use that.  
That makes sense, I used the target fuzzer as an example for using fuzzer 
inputs with LLDB itself but for reproducing it's better to use libFuzzer.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

2022-08-18 Thread Med Ismail Bennani via Phabricator via lldb-commits 
mib added inline comments.



Comment at: lldb/docs/resources/fuzzing.rst:28-33
+To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to 
build:
+
+::
+   $ ninja lldb-target-fuzzer
+   $ ninja lldb-commandinterpreter-fuzzer
+   $ ninja lldb-expression-fuzzer

JDevlieghere wrote:
> mib wrote:
> > Don't we have a top-level `ninja lldb-fuzzer` command that runs all the 
> > fuzzer ? If not, what about adding that ?
> Building all the fuzzers (`lldb-fuzzer(s)`) or running all the fuzzers 
> (`fuzz-lldb`)? 
> 
> Personally +1 having a target that builds all the fuzzers. I'm not sure if I 
> would ever want to run all the fuzzers in parallel, but I'm also not opposed 
> to the idea as it would be similar to what `check-lldb` does.
Yeah, I meant for building the fuzzers (I haven't commented below on the 
running the fuzzer in parallel for that reason) 


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

2022-08-18 Thread Jonas Devlieghere via Phabricator via lldb-commits 
JDevlieghere added inline comments.



Comment at: lldb/docs/resources/fuzzing.rst:28-33
+To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to 
build:
+
+::
+   $ ninja lldb-target-fuzzer
+   $ ninja lldb-commandinterpreter-fuzzer
+   $ ninja lldb-expression-fuzzer

mib wrote:
> Don't we have a top-level `ninja lldb-fuzzer` command that runs all the 
> fuzzer ? If not, what about adding that ?
Building all the fuzzers (`lldb-fuzzer(s)`) or running all the fuzzers 
(`fuzz-lldb`)? 

Personally +1 having a target that builds all the fuzzers. I'm not sure if I 
would ever want to run all the fuzzers in parallel, but I'm also not opposed to 
the idea as it would be similar to what `check-lldb` does.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

2022-08-18 Thread Jonas Devlieghere via Phabricator via lldb-commits 
JDevlieghere added inline comments.



Comment at: lldb/docs/resources/fuzzing.rst:14-26
+::
+   $ cmake  \
+-G Ninja \
+-DCMAKE_BUILD_TYPE='Release' \
+-DLLVM_USE_SANITIZER='Address' \
+-DLLVM_USE_SANITIZE_COVERAGE=On \
+-DLLVM_BUILD_RUNTIME=Off \

I would simplify this a bit and say that in addition to your regular CMake 
arguments, you have to pass `-DLLVM_USE_SANITIZER='Address'  
-DLLVM_USE_SANITIZE_COVERAGE=On`. I think the libfuzzer documentation says 
something similar so in addition to listing that explicitly here, we should 
also include a link to that (in case that ever changes in the future). 



Comment at: lldb/docs/resources/fuzzing.rst:42
+
+Currently, there are plans to integrate the LLDB fuzzers into the `OSS Fuzz 
`_ project for continuous integration.
+

I think this could be its own section that talks about where the fuzzers are 
(will be) running. 



Comment at: lldb/docs/resources/fuzzing.rst:44
+
+If you want to run the fuzzers on your own machine, you can run the binaries 
that were generated with ninja:
+





Comment at: lldb/docs/resources/fuzzing.rst:47-49
+   $ .//bin/lldb-target-fuzzer
+   $ .//bin/lldb-commandinterpreter-fuzzer
+   $ .//bin/lldb-expression-fuzzer

I would say  "from the build directory" and use relative paths here.



Comment at: lldb/docs/resources/fuzzing.rst:69-72
+If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the input to LLDB depending on which component you were 
fuzzing. For example, if you found an input that crashed target creation, you 
could run:
+
+::
+   $ lldb 

This is specific to LLDB's target fuzzer and not something I think folks should 
rely on. libfuzzer makes it really easy to reproduce bugs (as you explain 
below) so we should encourage everyone to use that.  


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

2022-08-18 Thread Med Ismail Bennani via Phabricator via lldb-commits 
mib added a comment.

Left few comments :)




Comment at: lldb/docs/resources/fuzzing.rst:12
+
+Building the LLDB fuzzers requires a build configuration that has the address 
sanitizer and sanitizer coverage. This CMake invocation will configure a build 
directory that can be used to build the LLDB fuzzers:
+

missing word ?



Comment at: lldb/docs/resources/fuzzing.rst:28-33
+To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to 
build:
+
+::
+   $ ninja lldb-target-fuzzer
+   $ ninja lldb-commandinterpreter-fuzzer
+   $ ninja lldb-expression-fuzzer

Don't we have a top-level `ninja lldb-fuzzer` command that runs all the fuzzer 
? If not, what about adding that ?



Comment at: lldb/docs/resources/fuzzing.rst:37
+
+Note that building the LLDB expression evaluator fuzzer will require the CMake 
option ``-DCLANG_ENABLE_PROTO_FUZZER=ON``.
+

Is it an issue to have this enabled for the other fuzzers ? If not, may be you 
should just add it to the general cmake invocation 


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

2022-08-18 Thread Chelsea Cassanova via Phabricator via lldb-commits 
cassanova created this revision.
cassanova added reviewers: JDevlieghere, mib.
cassanova added a project: LLDB.
Herald added a subscriber: arphaman.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a subscriber: lldb-commits.

This commit adds a new page to the LLDB HTML documentation for the LLDB 
fuzzers. The page primarily explains what the fuzzers are as well as how to 
build them, run them and investigate and reproduce bugs.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D132148

Files:
  lldb/docs/index.rst
  lldb/docs/resources/fuzzing.rst


Index: lldb/docs/resources/fuzzing.rst
===
--- /dev/null
+++ lldb/docs/resources/fuzzing.rst
@@ -0,0 +1,77 @@
+Fuzzing LLDB
+
+
+Overview
+
+
+LLDB has fuzzers that provide automated `fuzz testing 
`_ for different components of LLDB. The 
fuzzers are built with `libFuzzer `_ . 
Currently, there are fuzzers for target creation, LLDB's command interpreter 
and LLDB's expression evaluator.
+
+Building the fuzzers
+
+
+Building the LLDB fuzzers requires a build configuration that has the address 
sanitizer and sanitizer coverage. This CMake invocation will configure a build 
directory that can be used to build the LLDB fuzzers:
+
+::
+   $ cmake  \
+-G Ninja \
+-DCMAKE_BUILD_TYPE='Release' \
+-DLLVM_USE_SANITIZER='Address' \
+-DLLVM_USE_SANITIZE_COVERAGE=On \
+-DLLVM_BUILD_RUNTIME=Off \
+-DLLVM_ENABLE_ASSERTIONS:BOOL=ON \
+-DLLDB_ENABLE_PYTHON=ON \
+-DLLVM_ENABLE_PROJECTS='llvm;clang;lldb' \
+-DLLVM_ENABLE_RUNTIMES='libcxx;libcxxabi'
+
+If you want to debug LLDB itself when you find a bug using the fuzzers, use 
the CMake option ``-DCMAKE_BUILD_TYPE='RelWithDebInfo'``
+
+To build a fuzzer, run the desired ninja command for the fuzzer(s) you want to 
build:
+
+::
+   $ ninja lldb-target-fuzzer
+   $ ninja lldb-commandinterpreter-fuzzer
+   $ ninja lldb-expression-fuzzer
+
+Once built, the binaries for the fuzzers will exist in the ``bin`` directory 
of your build folder.
+
+Note that building the LLDB expression evaluator fuzzer will require the CMake 
option ``-DCLANG_ENABLE_PROTO_FUZZER=ON``.
+
+Running the fuzzers
+---
+
+Currently, there are plans to integrate the LLDB fuzzers into the `OSS Fuzz 
`_ project for continuous integration.
+
+If you want to run the fuzzers on your own machine, you can run the binaries 
that were generated with ninja:
+
+::
+   $ .//bin/lldb-target-fuzzer
+   $ .//bin/lldb-commandinterpreter-fuzzer
+   $ .//bin/lldb-expression-fuzzer
+
+This will run the fuzzer binaries directly, and you can use the `libFuzzer 
options `_ to customize how the 
fuzzers are run.
+
+Another way to run the fuzzers is to use a ninja target that will both build 
the fuzzers and then run them immediately after. These custom targets run each 
fuzzer with command-line arguments that provide better fuzzing for the 
components being tested. Running the fuzzers this way will also create 
directories that will store any inputs that caused LLDB to crash, timeout or 
run out of memory. The directories are created for each fuzzer.
+
+To run the custom ninja targets, run the command for your desired fuzzer:
+
+::
+   $ ninja fuzz-lldb-target
+   $ ninja fuzz-lldb-commandinterpreter
+   $ ninja fuzz-lldb-expression
+
+Investigating and reproducing bugs
+--
+
+When the fuzzers find an input that causes LLDB to crash, timeout or run out 
of memory, the input is saved to a file in the build directory. When running 
the fuzzer binaries directly this input is stored in a file named 
``-``.
+
+When running the fuzzers using the custom ninja targets shown above, the 
inputs will be stored in ``fuzzer-artifacts/-artifacts``, which is 
created in your build directory. The input files will have the name ``--``.
+
+If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the input to LLDB depending on which component you were 
fuzzing. For example, if you found an input that crashed target creation, you 
could run:
+
+::
+   $ lldb 
+
+If you want to reproduce the issue found by a fuzzer once you have gotten the 
input, you can pass the individual input to the fuzzer binary as a command-line 
argument:
+
+::
+   $ ./ 
Index: lldb/docs/index.rst
===
--- lldb/docs/index.rst
+++ lldb/docs/index.rst
@@ -150,6 +150,7 @@
resources/contributing
resources/build
resources/test
+   resources/fuzzing
resources/bots
resources/caveats
 


Index: lldb/docs/resources/fuzzing.rst
=