<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Aug 10, 2017 at 3:13 PM, Kostya Serebryany <span dir="ltr"><<a href="mailto:kcc@google.com" target="_blank">kcc@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="gmail-h5">On Thu, Aug 10, 2017 at 12:01 PM, Nico Weber <span dir="ltr"><<a href="mailto:thakis@chromium.org" target="_blank">thakis@chromium.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div class="gmail-m_4829665276632969416gmail-h5"><div>On Thu, Aug 10, 2017 at 2:04 PM, Kostya Serebryany <span dir="ltr"><<a href="mailto:kcc@google.com" target="_blank">kcc@google.com</a>></span> wrote:<br></div></div></div><div class="gmail_extra"><div class="gmail_quote"><div><div class="gmail-m_4829665276632969416gmail-h5"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="gmail-m_4829665276632969416gmail-m_4215696314480687471gmail-">On Thu, Aug 10, 2017 at 10:56 AM, Nico Weber via cfe-commits <span dir="ltr"><<a href="mailto:cfe-commits@lists.llvm.org" target="_blank">cfe-commits@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">I really believe this has way too many deps to live in the clang repro, as said on the review already. </div></blockquote><div><br></div></span><div>I don't have a very strong opinion here and would be happy to move if I see more support for Nico's opinion</div><div>(I haven't seen it on the review, and you didn't object further, so we proceeded). </div><div>Again, my rational is that the simpler it is to use the more likely other researchers will extend this work. </div><div><br></div><div>BTW, I am going to commit a Dockerfile that will make experimenting with this trivial. </div><div>My current (dirty) version looks like this. Not too much trouble. </div><div><br></div><div><div>FROM ubuntu:16.04</div><div>RUN apt-get update -y && apt-get install -y autoconf automake libtool curl make g++ unzip</div><div>RUN apt-get install -y wget</div><div>RUN apt-get install -y git binutils liblzma-dev libz-dev</div><div>RUN apt-get install -y python-all</div><div>RUN apt-get install -y cmake ninja-build</div><div>RUN apt-get install -y subversion</div><div><br></div><div>WORKDIR /root</div><div>RUN wget -qO- <a href="https://github.com/google/protobuf/releases/download/v3.3.0/protobuf-cpp-3.3.0.tar.gz" target="_blank">https://github.com/google/prot<wbr>obuf/releases/download/v3.3.0/<wbr>protobuf-cpp-3.3.0.tar.gz</a> | tar zxf -</div><div>RUN cd protobuf-3.3.0 && ./autogen.sh && ./configure && make -j $(nproc) && make check -j $(nproc) && make install && ldconfig</div><div>RUN apt-get install -y pkg-config</div><div>RUN svn co <a href="http://llvm.org/svn/llvm-project/llvm/trunk" target="_blank">http://llvm.org/svn/llvm-proje<wbr>ct/llvm/trunk</a> llvm</div><div>RUN cd llvm/tools && svn co <a href="http://llvm.org/svn/llvm-project/cfe/trunk" target="_blank">http://llvm.org/svn/llvm-proje<wbr>ct/cfe/trunk</a> clang -r $(cd ../ && svn info | grep Revision | awk '{print $2}')</div><div>RUN cd llvm/projects && svn co <a href="http://llvm.org/svn/llvm-project/compiler-rt/trunk" target="_blank">http://llvm.org/svn/llvm-proje<wbr>ct/compiler-rt/trunk</a> clang -r $(cd ../ && svn info | grep Revision | awk '{print $2}')</div><div>RUN mkdir build0 && cd build0 && cmake -GNinja -DCMAKE_BUILD_TYPE=Release ../llvm && ninja</div><div>RUN mkdir build1 && cd build1 && cmake -GNinja -DCMAKE_BUILD_TYPE=Release ../llvm -DLLVM_ENABLE_ASSERTIONS=ON -DCMAKE_C_COMPILER=`pwd`/../b<wbr>uild0/bin/clang -DCMAKE_CXX_COMPILER=`pwd`/../<wbr>build0/bin/clang++ -DLLVM_USE_SANITIZE_COVERAGE=Y<wbr>ES -DLLVM_USE_SANITIZER=Address -DCLANG_ENABLE_PROTO_FUZZER=ON</div><div>RUN cd build1 && ninja clang-fuzzer</div><div>RUN cd build1 && ninja clang-proto-fuzzer</div><div>#RUN cd build1 && ninja clang-proto-to-cxx</div></div><span class="gmail-m_4829665276632969416gmail-m_4215696314480687471gmail-"><div><br></div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Maybe this could live in clang-extra instead? </div></blockquote><div><br></div></span><div>clang-extra? </div></div></div></div></blockquote><div><br></div></div></div><div>clang-tools-extra, sorry.</div><span class="gmail-m_4829665276632969416gmail-"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>That's a separate repo, right? </div></div></div></div></blockquote><div><br></div></span><div>Yes.</div><span class="gmail-m_4829665276632969416gmail-"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>It may require more cmake trickery, and we'll also have to share the clang-fuzzer-specific code between two repos. </div></div></div></div></blockquote><div><br></div></span><div>We could move the whole thing. I'd imagine that at most 3% of people who use clang will use this fuzzer, so having it elsewhere seems reasonable. (I'd imagine many more people to use clang-tidy for example, and that's in the other repro.) </div></div></div></div></blockquote><div><br></div></div></div><div>The clang-tidy argument doesn't work for me. </div><div>clang-tidy is a separate tool. <br></div><div>clang*fuzzer are ways to test clang, and so they have more reasons to stay closer to clang (for the same reason that the clang tests stay with clang). </div></div></div></div></blockquote><div><br></div><div>Then think of the "[cfe-dev] Proposal for an ABI testsuite for clang" thread instead, which was about testing clang. We ended up putting that into a completely separate repo.</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><br></div><div>--kcc </div><div><div class="gmail-h5"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>Also see the "Contributing Extensions to Clang" section on <a href="http://clang.llvm.org/get_involved.html" target="_blank">http://clang.llvm.org/get_i<wbr>nvolved.html</a></div><div><div class="gmail-m_4829665276632969416gmail-h5"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>I do want the original clang-fuzzer to remain where it was, and both (clang-fuzzer and clang-proto-fuzzer) share the code. </div><div><div class="gmail-m_4829665276632969416gmail-m_4215696314480687471gmail-h5"><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="gmail-m_4829665276632969416gmail-m_4215696314480687471gmail-m_636659730165809214gmail-HOEnZb"><div class="gmail-m_4829665276632969416gmail-m_4215696314480687471gmail-m_636659730165809214gmail-h5"><div class="gmail_extra"><br><div class="gmail_quote">On Aug 8, 2017 4:15 PM, "Matt Morehouse via cfe-commits" <<a href="mailto:cfe-commits@lists.llvm.org" target="_blank">cfe-commits@lists.llvm.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Author: morehouse<br>
Date: Tue Aug 8 13:15:04 2017<br>
New Revision: 310408<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=310408&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject?rev=310408&view=rev</a><br>
Log:<br>
Integrate Kostya's clang-proto-fuzzer with LLVM.<br>
<br>
Summary:<br>
The clang-proto-fuzzer models a subset of C++ as a protobuf and<br>
uses libprotobuf-mutator to generate interesting mutations of C++<br>
programs. Clang-proto-fuzzer has already found several bugs in<br>
Clang (e.g., <a href="https://bugs.llvm.org/show_bug.cgi?id=33747" rel="noreferrer" target="_blank">https://bugs.llvm.org/show_bug<wbr>.cgi?id=33747</a>,<br>
<a href="https://bugs.llvm.org/show_bug.cgi?id=33749" rel="noreferrer" target="_blank">https://bugs.llvm.org/show_bug<wbr>.cgi?id=33749</a>).<br>
<br>
As with clang-fuzzer, clang-proto-fuzzer requires the following<br>
cmake flags:<br>
- CMAKE_C_COMPILER=clang<br>
- CMAKE_CXX_COMPILER=clang++<br>
- LLVM_USE_SANITIZE_COVERAGE=YES<wbr> // needed for libFuzzer<br>
- LLVM_USE_SANITIZER=Address // needed for libFuzzer<br>
<br>
In addition, clang-proto-fuzzer requires:<br>
- CLANG_ENABLE_PROTO_FUZZER=ON<br>
<br>
clang-proto-fuzzer also requires the following dependencies:<br>
- binutils // needed for libprotobuf-mutator<br>
- liblzma-dev // needed for libprotobuf-mutator<br>
- libz-dev // needed for libprotobuf-mutator<br>
- docbook2x // needed for libprotobuf-mutator<br>
- Recent version of protobuf [3.3.0 is known to work]<br>
<br>
A working version of libprotobuf-mutator will automatically be<br>
downloaded and built as an external project.<br>
<br>
Implementation of clang-proto-fuzzer provided by Kostya<br>
Serebryany.<br>
<br>
<a href="https://bugs.llvm.org/show_bug.cgi?id=33829" rel="noreferrer" target="_blank">https://bugs.llvm.org/show_bug<wbr>.cgi?id=33829</a><br>
<br>
Reviewers: kcc, vitalybuka, bogner<br>
<br>
Reviewed By: kcc, vitalybuka<br>
<br>
Subscribers: thakis, mgorny, cfe-commits<br>
<br>
Differential Revision: <a href="https://reviews.llvm.org/D36324" rel="noreferrer" target="_blank">https://reviews.llvm.org/D3632<wbr>4</a><br>
<br>
Added:<br>
cfe/trunk/cmake/modules/Protob<wbr>ufMutator.cmake<br>
cfe/trunk/tools/clang-fuzzer/E<wbr>xampleClangProtoFuzzer.cpp<br>
cfe/trunk/tools/clang-fuzzer/R<wbr>EADME.txt<br>
cfe/trunk/tools/clang-fuzzer/c<wbr>xx_proto.proto<br>
cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/<br>
cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/CMakeLists.txt<br>
cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/handle_cxx.cpp<br>
cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/handle_cxx.h<br>
cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/<br>
cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/CMakeLists.txt<br>
cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx.cpp<br>
cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx.h<br>
cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx_main.<wbr>cpp<br>
Modified:<br>
cfe/trunk/CMakeLists.txt<br>
cfe/trunk/tools/clang-fuzzer/C<wbr>MakeLists.txt<br>
cfe/trunk/tools/clang-fuzzer/C<wbr>langFuzzer.cpp<br>
<br>
Modified: cfe/trunk/CMakeLists.txt<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/CMakeLists.txt?rev=310408&r1=310407&r2=310408&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/CMakeLists.txt<wbr>?rev=310408&r1=310407&r2=31040<wbr>8&view=diff</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/CMakeLists.txt (original)<br>
+++ cfe/trunk/CMakeLists.txt Tue Aug 8 13:15:04 2017<br>
@@ -377,6 +377,8 @@ option(CLANG_ENABLE_STATIC_ANA<wbr>LYZER "Bui<br>
option(CLANG_ANALYZER_BUILD_Z<wbr>3<br>
"Build the static analyzer with the Z3 constraint manager." OFF)<br>
<br>
+option(CLANG_ENABLE_PROTO_FUZ<wbr>ZER "Build Clang protobuf fuzzer." OFF)<br>
+<br>
if(NOT CLANG_ENABLE_STATIC_ANALYZER AND (CLANG_ENABLE_ARCMT OR CLANG_ANALYZER_BUILD_Z3))<br>
message(FATAL_ERROR "Cannot disable static analyzer while enabling ARCMT or Z3")<br>
endif()<br>
<br>
Added: cfe/trunk/cmake/modules/Protob<wbr>ufMutator.cmake<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/cmake/modules/ProtobufMutator.cmake?rev=310408&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/cmake/modules/<wbr>ProtobufMutator.cmake?rev=3104<wbr>08&view=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/cmake/modules/Protob<wbr>ufMutator.cmake (added)<br>
+++ cfe/trunk/cmake/modules/Protob<wbr>ufMutator.cmake Tue Aug 8 13:15:04 2017<br>
@@ -0,0 +1,24 @@<br>
+set(PBM_PREFIX protobuf_mutator)<br>
+set(PBM_PATH ${CMAKE_CURRENT_BINARY_DIR}/${<wbr>PBM_PREFIX}/src/${PBM_PREFIX})<br>
+set(PBM_LIB_PATH ${PBM_PATH}/src/libprotobuf-mu<wbr>tator.a)<br>
+set(PBM_FUZZ_LIB_PATH ${PBM_PATH}/src/libfuzzer/libp<wbr>rotobuf-mutator-libfuzzer.a)<br>
+<br>
+ExternalProject_Add(${PBM_PRE<wbr>FIX}<br>
+ PREFIX ${PBM_PREFIX}<br>
+ GIT_REPOSITORY <a href="https://github.com/google/libprotobuf-mutator.git" rel="noreferrer" target="_blank">https://github.com/google/libp<wbr>rotobuf-mutator.git</a><br>
+ GIT_TAG 34287f8<br>
+ CONFIGURE_COMMAND ${CMAKE_COMMAND} -G${CMAKE_GENERATOR}<br>
+ -DCMAKE_C_COMPILER=${CMAKE_C_C<wbr>OMPILER}<br>
+ -DCMAKE_CXX_COMPILER=${CMAKE_C<wbr>XX_COMPILER}<br>
+ -DCMAKE_BUILD_TYPE=${CMAKE_BUI<wbr>LD_TYPE}<br>
+ BUILD_COMMAND ${CMAKE_MAKE_PROGRAM}<br>
+ BUILD_BYPRODUCTS ${PBM_LIB_PATH} ${PBM_FUZZ_LIB_PATH}<br>
+ BUILD_IN_SOURCE 1<br>
+ INSTALL_COMMAND ""<br>
+ LOG_DOWNLOAD 1<br>
+ LOG_CONFIGURE 1<br>
+ LOG_BUILD 1<br>
+ )<br>
+<br>
+set(ProtobufMutator_INCLUDE_D<wbr>IRS ${PBM_PATH})<br>
+set(ProtobufMutator_LIBRARIES ${PBM_FUZZ_LIB_PATH} ${PBM_LIB_PATH})<br>
<br>
Modified: cfe/trunk/tools/clang-fuzzer/C<wbr>MakeLists.txt<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/CMakeLists.txt?rev=310408&r1=310407&r2=310408&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/CMakeLists.txt?rev=310408<wbr>&r1=310407&r2=310408&view=diff</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/C<wbr>MakeLists.txt (original)<br>
+++ cfe/trunk/tools/clang-fuzzer/C<wbr>MakeLists.txt Tue Aug 8 13:15:04 2017<br>
@@ -1,21 +1,60 @@<br>
if( LLVM_USE_SANITIZE_COVERAGE )<br>
set(LLVM_LINK_COMPONENTS ${LLVM_TARGETS_TO_BUILD})<br>
<br>
+ if(CLANG_ENABLE_PROTO_FUZZER)<br>
+ # Create protobuf .h and .cc files, and put them in a library for use by<br>
+ # clang-proto-fuzzer components.<br>
+ find_package(Protobuf REQUIRED)<br>
+ add_definitions(-DGOOGLE_PROTO<wbr>BUF_NO_RTTI)<br>
+ include_directories(${PROTOBUF<wbr>_INCLUDE_DIRS})<br>
+ include_directories(${CMAKE_CU<wbr>RRENT_BINARY_DIR})<br>
+ protobuf_generate_cpp(PROTO_SR<wbr>CS PROTO_HDRS cxx_proto.proto)<br>
+ # Hack to bypass LLVM's cmake sources check and allow multiple libraries and<br>
+ # executables from this directory.<br>
+ set(LLVM_OPTIONAL_SOURCES<br>
+ ClangFuzzer.cpp<br>
+ ExampleClangProtoFuzzer.cpp<br>
+ ${PROTO_SRCS}<br>
+ )<br>
+ add_clang_library(clangCXXProt<wbr>o<br>
+ ${PROTO_SRCS}<br>
+ ${PROTO_HDRS}<br>
+<br>
+ LINK_LIBS<br>
+ ${PROTOBUF_LIBRARIES}<br>
+ )<br>
+<br>
+ # Build and include libprotobuf-mutator<br>
+ include(ProtobufMutator)<br>
+ include_directories(${Protobuf<wbr>Mutator_INCLUDE_DIRS})<br>
+<br>
+ # Build the protobuf->C++ translation library and driver.<br>
+ add_clang_subdirectory(proto-t<wbr>o-cxx)<br>
+<br>
+ # Build the protobuf fuzzer<br>
+ add_clang_executable(clang-pro<wbr>to-fuzzer ExampleClangProtoFuzzer.cpp)<br>
+ target_link_libraries(clang-pr<wbr>oto-fuzzer<br>
+ ${ProtobufMutator_LIBRARIES}<br>
+ clangCXXProto<br>
+ clangHandleCXX<br>
+ clangProtoToCXX<br>
+ LLVMFuzzer<br>
+ )<br>
+ else()<br>
+ # Hack to bypass LLVM's cmake sources check and allow multiple libraries and<br>
+ # executables from this directory.<br>
+ set(LLVM_OPTIONAL_SOURCES ClangFuzzer.cpp ExampleClangProtoFuzzer.cpp)<br>
+ endif()<br>
+<br>
+ add_clang_subdirectory(handle-<wbr>cxx)<br>
+<br>
add_clang_executable(clang-fu<wbr>zzer<br>
EXCLUDE_FROM_ALL<br>
ClangFuzzer.cpp<br>
)<br>
<br>
target_link_libraries(clang-f<wbr>uzzer<br>
- ${CLANG_FORMAT_LIB_DEPS}<br>
- clangAST<br>
- clangBasic<br>
- clangCodeGen<br>
- clangDriver<br>
- clangFrontend<br>
- clangRewriteFrontend<br>
- clangStaticAnalyzerFrontend<br>
- clangTooling<br>
+ clangHandleCXX<br>
LLVMFuzzer<br>
)<br>
endif()<br>
<br>
Modified: cfe/trunk/tools/clang-fuzzer/C<wbr>langFuzzer.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/ClangFuzzer.cpp?rev=310408&r1=310407&r2=310408&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/ClangFuzzer.cpp?rev=31040<wbr>8&r1=310407&r2=310408&view=dif<wbr>f</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/C<wbr>langFuzzer.cpp (original)<br>
+++ cfe/trunk/tools/clang-fuzzer/C<wbr>langFuzzer.cpp Tue Aug 8 13:15:04 2017<br>
@@ -13,43 +13,12 @@<br>
///<br>
//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
<br>
-#include "clang/Tooling/Tooling.h"<br>
-#include "clang/CodeGen/CodeGenAction.h<wbr>"<br>
-#include "clang/Frontend/CompilerInstan<wbr>ce.h"<br>
-#include "clang/Lex/PreprocessorOptions<wbr>.h"<br>
-#include "llvm/Option/Option.h"<br>
-#include "llvm/Support/TargetSelect.h"<br>
+#include "handle-cxx/handle_cxx.h"<br>
<br>
-using namespace clang;<br>
+using namespace clang_fuzzer;<br>
<br>
extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {<br>
std::string s((const char *)data, size);<br>
- llvm::InitializeAllTargets();<br>
- llvm::InitializeAllTargetMCs()<wbr>;<br>
- llvm::InitializeAllAsmPrinters<wbr>();<br>
- llvm::InitializeAllAsmParsers(<wbr>);<br>
-<br>
- llvm::opt::ArgStringList CC1Args;<br>
- CC1Args.push_back("-cc1");<br>
- CC1Args.push_back("./test.cc")<wbr>;<br>
- CC1Args.push_back("-O2");<br>
- llvm::IntrusiveRefCntPtr<FileM<wbr>anager> Files(<br>
- new FileManager(FileSystemOptions(<wbr>)));<br>
- IgnoringDiagConsumer Diags;<br>
- IntrusiveRefCntPtr<DiagnosticO<wbr>ptions> DiagOpts = new DiagnosticOptions();<br>
- DiagnosticsEngine Diagnostics(<br>
- IntrusiveRefCntPtr<clang::Diag<wbr>nosticIDs>(new DiagnosticIDs()), &*DiagOpts,<br>
- &Diags, false);<br>
- std::unique_ptr<clang::Compile<wbr>rInvocation> Invocation(<br>
- tooling::newInvocation(&Diagno<wbr>stics, CC1Args));<br>
- std::unique_ptr<llvm::MemoryBu<wbr>ffer> Input =<br>
- llvm::MemoryBuffer::getMemBuff<wbr>er(s);<br>
- Invocation->getPreprocessorOpt<wbr>s().addRemappedFile("./test.cc<wbr>", Input.release());<br>
- std::unique_ptr<tooling::ToolA<wbr>ction> action(<br>
- tooling::newFrontendActionFact<wbr>ory<clang::EmitObjAction>());<br>
- std::shared_ptr<PCHContainerOp<wbr>erations> PCHContainerOps =<br>
- std::make_shared<PCHContainerO<wbr>perations>();<br>
- action->runInvocation(std::mov<wbr>e(Invocation), Files.get(), PCHContainerOps,<br>
- &Diags);<br>
+ HandleCXX(s, {"-O2"});<br>
return 0;<br>
}<br>
<br>
Added: cfe/trunk/tools/clang-fuzzer/E<wbr>xampleClangProtoFuzzer.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp?rev=310408&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/ExampleClangProtoFuzzer.c<wbr>pp?rev=310408&view=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/E<wbr>xampleClangProtoFuzzer.cpp (added)<br>
+++ cfe/trunk/tools/clang-fuzzer/E<wbr>xampleClangProtoFuzzer.cpp Tue Aug 8 13:15:04 2017<br>
@@ -0,0 +1,28 @@<br>
+//===-- ExampleClangProtoFuzzer.cpp - Fuzz Clang --------------------------===/<wbr>/<br>
+//<br>
+// The LLVM Compiler Infrastructure<br>
+//<br>
+// This file is distributed under the University of Illinois Open Source<br>
+// License. See LICENSE.TXT for details.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+///<br>
+/// \file<br>
+/// \brief This file implements a function that runs Clang on a single<br>
+/// input and uses libprotobuf-mutator to find new inputs. This function is<br>
+/// then linked into the Fuzzer library.<br>
+///<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+<br>
+#include "cxx_proto.pb.h"<br>
+#include "handle-cxx/handle_cxx.h"<br>
+#include "proto-to-cxx/proto_to_cxx.h"<br>
+<br>
+#include "src/libfuzzer/libfuzzer_macro<wbr>.h"<br>
+<br>
+using namespace clang_fuzzer;<br>
+<br>
+DEFINE_BINARY_PROTO_FUZZER(co<wbr>nst Function& input) {<br>
+ auto S = FunctionToString(input);<br>
+ HandleCXX(S, {"-O2"});<br>
+}<br>
<br>
Added: cfe/trunk/tools/clang-fuzzer/R<wbr>EADME.txt<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/README.txt?rev=310408&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/README.txt?rev=310408&vie<wbr>w=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/R<wbr>EADME.txt (added)<br>
+++ cfe/trunk/tools/clang-fuzzer/R<wbr>EADME.txt Tue Aug 8 13:15:04 2017<br>
@@ -0,0 +1,73 @@<br>
+This directory contains two utilities for fuzzing Clang: clang-fuzzer and<br>
+clang-proto-fuzzer. Both use libFuzzer to generate inputs to clang via<br>
+coverage-guided mutation.<br>
+<br>
+The two utilities differ, however, in how they structure inputs to Clang.<br>
+clang-fuzzer makes no attempt to generate valid C++ programs and is therefore<br>
+primarily useful for stressing the surface layers of Clang (i.e. lexer, parser).<br>
+clang-proto-fuzzer uses a protobuf class to describe a subset of the C++<br>
+language and then uses libprotobuf-mutator to mutate instantiations of that<br>
+class, producing valid C++ programs in the process. As a result,<br>
+clang-proto-fuzzer is better at stressing deeper layers of Clang and LLVM.<br>
+<br>
+=============================<wbr>======<br>
+ Building clang-fuzzer<br>
+=============================<wbr>======<br>
+Within your LLVM build directory, run CMake with the following variable<br>
+definitions:<br>
+- CMAKE_C_COMPILER=clang<br>
+- CMAKE_CXX_COMPILER=clang++<br>
+- LLVM_USE_SANITIZE_COVERAGE=YES<br>
+- LLVM_USE_SANITIZER=Address<br>
+<br>
+Then build the clang-fuzzer target.<br>
+<br>
+Example:<br>
+ cd $LLVM_SOURCE_DIR<br>
+ mkdir build && cd build<br>
+ cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \<br>
+ -DLLVM_USE_SANITIZE_COVERAGE=Y<wbr>ES -DLLVM_USE_SANITIZER=Address<br>
+ ninja clang-fuzzer<br>
+<br>
+<br>
+=============================<wbr>==========================<br>
+ Building clang-proto-fuzzer (Linux-only instructions)<br>
+=============================<wbr>==========================<br>
+Install the necessary dependencies:<br>
+- binutils // needed for libprotobuf-mutator<br>
+- liblzma-dev // needed for libprotobuf-mutator<br>
+- libz-dev // needed for libprotobuf-mutator<br>
+- docbook2x // needed for libprotobuf-mutator<br>
+- Recent version of protobuf [3.3.0 is known to work]<br>
+<br>
+Within your LLVM build directory, run CMake with the following variable<br>
+definitions:<br>
+- CMAKE_C_COMPILER=clang<br>
+- CMAKE_CXX_COMPILER=clang++<br>
+- LLVM_USE_SANITIZE_COVERAGE=YES<br>
+- LLVM_USE_SANITIZER=Address<br>
+- CLANG_ENABLE_PROTO_FUZZER=ON<br>
+<br>
+Then build the clang-proto-fuzzer and clang-proto-to-cxx targets. Optionally,<br>
+you may also build clang-fuzzer with this setup.<br>
+<br>
+Example:<br>
+ cd $LLVM_SOURCE_DIR<br>
+ mkdir build && cd build<br>
+ cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \<br>
+ -DLLVM_USE_SANITIZE_COVERAGE=Y<wbr>ES -DLLVM_USE_SANITIZER=Address \<br>
+ -DCLANG_ENABLE_PROTO_FUZZER=ON<br>
+ ninja clang-proto-fuzzer clang-proto-to-cxx<br>
+<br>
+<br>
+=====================<br>
+ Running the fuzzers<br>
+=====================<br>
+clang-fuzzer:<br>
+ bin/clang-fuzzer CORPUS_DIR<br>
+<br>
+clang-proto-fuzzer:<br>
+ bin/clang-proto-fuzzer CORPUS_DIR<br>
+<br>
+Translating a clang-proto-fuzzer corpus output to C++:<br>
+ bin/clang-proto-to-cxx CORPUS_OUTPUT_FILE<br>
<br>
Added: cfe/trunk/tools/clang-fuzzer/c<wbr>xx_proto.proto<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/cxx_proto.proto?rev=310408&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/cxx_proto.proto?rev=31040<wbr>8&view=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/c<wbr>xx_proto.proto (added)<br>
+++ cfe/trunk/tools/clang-fuzzer/c<wbr>xx_proto.proto Tue Aug 8 13:15:04 2017<br>
@@ -0,0 +1,93 @@<br>
+//===-- cxx_proto.proto - Protobuf description of C++ ---------------------===//<br>
+//<br>
+// The LLVM Compiler Infrastructure<br>
+//<br>
+// This file is distributed under the University of Illinois Open Source<br>
+// License. See LICENSE.TXT for details.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+///<br>
+/// \file<br>
+/// \brief This file describes a subset of C++ as a protobuf. It is used to<br>
+/// more easily find interesting inputs for fuzzing Clang.<br>
+///<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+<br>
+syntax = "proto2";<br>
+<br>
+message VarRef {<br>
+ required int32 varnum = 1;<br>
+}<br>
+<br>
+message Lvalue {<br>
+ required VarRef varref = 1;<br>
+}<br>
+<br>
+message Const {<br>
+ required int32 val = 1;<br>
+}<br>
+<br>
+message BinaryOp {<br>
+ enum Op {<br>
+ PLUS = 0;<br>
+ MINUS = 1;<br>
+ MUL = 2;<br>
+ DIV = 3;<br>
+ MOD = 4;<br>
+ XOR = 5;<br>
+ AND = 6;<br>
+ OR = 7;<br>
+ EQ = 8;<br>
+ NE = 9;<br>
+ LE = 10;<br>
+ GE = 11;<br>
+ LT = 12;<br>
+ GT = 13;<br>
+ };<br>
+ required Op op = 1;<br>
+ required Rvalue left = 2;<br>
+ required Rvalue right = 3;<br>
+}<br>
+<br>
+message Rvalue {<br>
+ oneof rvalue_oneof {<br>
+ VarRef varref = 1;<br>
+ Const cons = 2;<br>
+ BinaryOp binop = 3;<br>
+ }<br>
+}<br>
+<br>
+message AssignmentStatement {<br>
+ required Lvalue lvalue = 1;<br>
+ required Rvalue rvalue = 2;<br>
+}<br>
+<br>
+<br>
+message IfElse {<br>
+ required Rvalue cond = 1;<br>
+ required StatementSeq if_body = 2;<br>
+ required StatementSeq else_body = 3;<br>
+}<br>
+<br>
+message While {<br>
+ required Rvalue cond = 1;<br>
+ required StatementSeq body = 2;<br>
+}<br>
+<br>
+message Statement {<br>
+ oneof stmt_oneof {<br>
+ AssignmentStatement assignment = 1;<br>
+ IfElse ifelse = 2;<br>
+ While while_loop = 3;<br>
+ }<br>
+}<br>
+<br>
+message StatementSeq {<br>
+ repeated Statement statements = 1;<br>
+}<br>
+<br>
+message Function {<br>
+ required StatementSeq statements = 1;<br>
+}<br>
+<br>
+package clang_fuzzer;<br>
<br>
Added: cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/CMakeLists.txt<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/handle-cxx/CMakeLists.txt?rev=310408&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/handle-cxx/CMakeLists.txt<wbr>?rev=310408&view=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/CMakeLists.txt (added)<br>
+++ cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/CMakeLists.txt Tue Aug 8 13:15:04 2017<br>
@@ -0,0 +1,11 @@<br>
+set(LLVM_LINK_COMPONENTS ${LLVM_TARGETS_TO_BUILD})<br>
+<br>
+add_clang_library(clangHandle<wbr>CXX<br>
+ handle_cxx.cpp<br>
+<br>
+ LINK_LIBS<br>
+ clangCodeGen<br>
+ clangFrontend<br>
+ clangLex<br>
+ clangTooling<br>
+ )<br>
<br>
Added: cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/handle_cxx.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp?rev=310408&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/handle-cxx/handle_cxx.cpp<wbr>?rev=310408&view=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/handle_cxx.cpp (added)<br>
+++ cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/handle_cxx.cpp Tue Aug 8 13:15:04 2017<br>
@@ -0,0 +1,58 @@<br>
+//==-- handle_cxx.cpp - Helper function for Clang fuzzers ------------------==//<br>
+//<br>
+// The LLVM Compiler Infrastructure<br>
+//<br>
+// This file is distributed under the University of Illinois Open Source<br>
+// License. See LICENSE.TXT for details.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+//<br>
+// Implements HandleCXX for use by the Clang fuzzers.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+<br>
+#include "handle_cxx.h"<br>
+<br>
+#include "clang/CodeGen/CodeGenAction.h<wbr>"<br>
+#include "clang/Frontend/CompilerInstan<wbr>ce.h"<br>
+#include "clang/Lex/PreprocessorOptions<wbr>.h"<br>
+#include "clang/Tooling/Tooling.h"<br>
+#include "llvm/Option/Option.h"<br>
+#include "llvm/Support/TargetSelect.h"<br>
+<br>
+using namespace clang;<br>
+<br>
+void clang_fuzzer::HandleCXX(const std::string &S,<br>
+ const std::vector<const char *> &ExtraArgs) {<br>
+ llvm::InitializeAllTargets();<br>
+ llvm::InitializeAllTargetMCs()<wbr>;<br>
+ llvm::InitializeAllAsmPrinters<wbr>();<br>
+ llvm::InitializeAllAsmParsers(<wbr>);<br>
+<br>
+ llvm::opt::ArgStringList CC1Args;<br>
+ CC1Args.push_back("-cc1");<br>
+ for (auto &A : ExtraArgs)<br>
+ CC1Args.push_back(A);<br>
+ CC1Args.push_back("./test.cc")<wbr>;<br>
+<br>
+ llvm::IntrusiveRefCntPtr<FileM<wbr>anager> Files(<br>
+ new FileManager(FileSystemOptions(<wbr>)));<br>
+ IgnoringDiagConsumer Diags;<br>
+ IntrusiveRefCntPtr<DiagnosticO<wbr>ptions> DiagOpts = new DiagnosticOptions();<br>
+ DiagnosticsEngine Diagnostics(<br>
+ IntrusiveRefCntPtr<clang::Diag<wbr>nosticIDs>(new DiagnosticIDs()), &*DiagOpts,<br>
+ &Diags, false);<br>
+ std::unique_ptr<clang::Compile<wbr>rInvocation> Invocation(<br>
+ tooling::newInvocation(&Diagno<wbr>stics, CC1Args));<br>
+ std::unique_ptr<llvm::MemoryBu<wbr>ffer> Input =<br>
+ llvm::MemoryBuffer::getMemBuff<wbr>er(S);<br>
+ Invocation->getPreprocessorOpt<wbr>s().addRemappedFile("./test.cc<wbr>",<br>
+ Input.release());<br>
+ std::unique_ptr<tooling::ToolA<wbr>ction> action(<br>
+ tooling::newFrontendActionFact<wbr>ory<clang::EmitObjAction>());<br>
+ std::shared_ptr<PCHContainerOp<wbr>erations> PCHContainerOps =<br>
+ std::make_shared<PCHContainerO<wbr>perations>();<br>
+ action->runInvocation(std::mov<wbr>e(Invocation), Files.get(), PCHContainerOps,<br>
+ &Diags);<br>
+}<br>
+<br>
<br>
Added: cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/handle_cxx.h<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.h?rev=310408&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/handle-cxx/handle_cxx.h?r<wbr>ev=310408&view=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/handle_cxx.h (added)<br>
+++ cfe/trunk/tools/clang-fuzzer/h<wbr>andle-cxx/handle_cxx.h Tue Aug 8 13:15:04 2017<br>
@@ -0,0 +1,25 @@<br>
+//==-- handle_cxx.h - Helper function for Clang fuzzers --------------------==//<br>
+//<br>
+// The LLVM Compiler Infrastructure<br>
+//<br>
+// This file is distributed under the University of Illinois Open Source<br>
+// License. See LICENSE.TXT for details.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+//<br>
+// Defines HandleCXX for use by the Clang fuzzers.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+<br>
+#ifndef LLVM_CLANG_TOOLS_CLANG_FUZZER_<wbr>HANDLE_CXX_HANDLECXX_H<br>
+#define LLVM_CLANG_TOOLS_CLANG_FUZZER_<wbr>HANDLE_CXX_HANDLECXX_H<br>
+<br>
+#include <string><br>
+#include <vector><br>
+<br>
+namespace clang_fuzzer {<br>
+void HandleCXX(const std::string &S,<br>
+ const std::vector<const char *> &ExtraArgs);<br>
+} // namespace clang_fuzzer<br>
+<br>
+#endif<br>
<br>
Added: cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/CMakeLists.txt<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt?rev=310408&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/proto-to-cxx/CMakeLists.t<wbr>xt?rev=310408&view=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/CMakeLists.txt (added)<br>
+++ cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/CMakeLists.txt Tue Aug 8 13:15:04 2017<br>
@@ -0,0 +1,10 @@<br>
+set(LLVM_LINK_COMPONENTS ${LLVM_TARGETS_TO_BUILD})<br>
+<br>
+# Hack to bypass LLVM's CMake source checks so we can have both a library and<br>
+# an executable built from this directory.<br>
+set(LLVM_OPTIONAL_SOURCES proto_to_cxx.cpp proto_to_cxx_main.cpp)<br>
+<br>
+add_clang_library(clangProtoT<wbr>oCXX proto_to_cxx.cpp LINK_LIBS clangCXXProto)<br>
+<br>
+add_clang_executable(clang-pr<wbr>oto-to-cxx proto_to_cxx_main.cpp)<br>
+target_link_libraries(clang-p<wbr>roto-to-cxx clangProtoToCXX)<br>
<br>
Added: cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp?rev=310408&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/proto-to-cxx/proto_to_cxx<wbr>.cpp?rev=310408&view=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx.cpp (added)<br>
+++ cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx.cpp Tue Aug 8 13:15:04 2017<br>
@@ -0,0 +1,102 @@<br>
+//==-- proto_to_cxx.cpp - Protobuf-C++ conversion --------------------------==//<br>
+//<br>
+// The LLVM Compiler Infrastructure<br>
+//<br>
+// This file is distributed under the University of Illinois Open Source<br>
+// License. See LICENSE.TXT for details.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+//<br>
+// Implements functions for converting between protobufs and C++.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+<br>
+#include "proto_to_cxx.h"<br>
+#include "cxx_proto.pb.h"<br>
+<br>
+#include <ostream><br>
+#include <sstream><br>
+<br>
+namespace clang_fuzzer {<br>
+<br>
+// Forward decls.<br>
+std::ostream &operator<<(std::ostream &os, const BinaryOp &x);<br>
+std::ostream &operator<<(std::ostream &os, const StatementSeq &x);<br>
+<br>
+// Proto to C++.<br>
+std::ostream &operator<<(std::ostream &os, const Const &x) {<br>
+ return os << "(" << x.val() << ")";<br>
+}<br>
+std::ostream &operator<<(std::ostream &os, const VarRef &x) {<br>
+ return os << "a[" << (static_cast<uint32_t>(x.varnu<wbr>m()) % 100) << "]";<br>
+}<br>
+std::ostream &operator<<(std::ostream &os, const Lvalue &x) {<br>
+ return os << x.varref();<br>
+}<br>
+std::ostream &operator<<(std::ostream &os, const Rvalue &x) {<br>
+ if (x.has_varref()) return os << x.varref();<br>
+ if (x.has_cons()) return os << x.cons();<br>
+ if (x.has_binop()) return os << x.binop();<br>
+ return os << "1";<br>
+}<br>
+std::ostream &operator<<(std::ostream &os, const BinaryOp &x) {<br>
+ os << "(" << x.left();<br>
+ switch (x.op()) {<br>
+ case BinaryOp::PLUS: os << "+"; break;<br>
+ case BinaryOp::MINUS: os << "-"; break;<br>
+ case BinaryOp::MUL: os << "*"; break;<br>
+ case BinaryOp::DIV: os << "/"; break;<br>
+ case BinaryOp::MOD: os << "%"; break;<br>
+ case BinaryOp::XOR: os << "^"; break;<br>
+ case BinaryOp::AND: os << "&"; break;<br>
+ case BinaryOp::OR: os << "|"; break;<br>
+ case BinaryOp::EQ: os << "=="; break;<br>
+ case BinaryOp::NE: os << "!="; break;<br>
+ case BinaryOp::LE: os << "<="; break;<br>
+ case BinaryOp::GE: os << ">="; break;<br>
+ case BinaryOp::LT: os << "<"; break;<br>
+ case BinaryOp::GT: os << ">"; break;<br>
+ }<br>
+ return os << x.right() << ")";<br>
+}<br>
+std::ostream &operator<<(std::ostream &os, const AssignmentStatement &x) {<br>
+ return os << x.lvalue() << "=" << x.rvalue() << ";\n";<br>
+}<br>
+std::ostream &operator<<(std::ostream &os, const IfElse &x) {<br>
+ return os << "if (" << x.cond() << "){\n"<br>
+ << x.if_body() << "} else { \n"<br>
+ << x.else_body() << "}\n";<br>
+}<br>
+std::ostream &operator<<(std::ostream &os, const While &x) {<br>
+ return os << "while (" << x.cond() << "){\n" << x.body() << "}\n";<br>
+}<br>
+std::ostream &operator<<(std::ostream &os, const Statement &x) {<br>
+ if (x.has_assignment()) return os << x.assignment();<br>
+ if (x.has_ifelse()) return os << x.ifelse();<br>
+ if (x.has_while_loop()) return os << x.while_loop();<br>
+ return os << "(void)0;\n";<br>
+}<br>
+std::ostream &operator<<(std::ostream &os, const StatementSeq &x) {<br>
+ for (auto &st : x.statements()) os << st;<br>
+ return os;<br>
+}<br>
+std::ostream &operator<<(std::ostream &os, const Function &x) {<br>
+ return os << "void foo(int *a) {\n" << x.statements() << "}\n";<br>
+}<br>
+<br>
+// ------------------------------<wbr>---<br>
+<br>
+std::string FunctionToString(const Function &input) {<br>
+ std::ostringstream os;<br>
+ os << input;<br>
+ return os.str();<br>
+<br>
+}<br>
+std::string ProtoToCxx(const uint8_t *data, size_t size) {<br>
+ Function message;<br>
+ if (!message.ParseFromArray(data, size))<br>
+ return "#error invalid proto\n";<br>
+ return FunctionToString(message);<br>
+}<br>
+<br>
+} // namespace clang_fuzzer<br>
<br>
Added: cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx.h<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h?rev=310408&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/proto-to-cxx/proto_to_cxx<wbr>.h?rev=310408&view=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx.h (added)<br>
+++ cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx.h Tue Aug 8 13:15:04 2017<br>
@@ -0,0 +1,22 @@<br>
+//==-- proto_to_cxx.h - Protobuf-C++ conversion ----------------------------==<wbr>//<br>
+//<br>
+// The LLVM Compiler Infrastructure<br>
+//<br>
+// This file is distributed under the University of Illinois Open Source<br>
+// License. See LICENSE.TXT for details.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+//<br>
+// Defines functions for converting between protobufs and C++.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+<br>
+#include <cstdint><br>
+#include <cstddef><br>
+#include <string><br>
+<br>
+namespace clang_fuzzer {<br>
+class Function;<br>
+std::string FunctionToString(const Function &input);<br>
+std::string ProtoToCxx(const uint8_t *data, size_t size);<br>
+}<br>
<br>
Added: cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx_main.<wbr>cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp?rev=310408&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-pr<wbr>oject/cfe/trunk/tools/clang-fu<wbr>zzer/proto-to-cxx/proto_to_cxx<wbr>_main.cpp?rev=310408&view=auto</a><br>
==============================<wbr>==============================<wbr>==================<br>
--- cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx_main.<wbr>cpp (added)<br>
+++ cfe/trunk/tools/clang-fuzzer/p<wbr>roto-to-cxx/proto_to_cxx_main.<wbr>cpp Tue Aug 8 13:15:04 2017<br>
@@ -0,0 +1,30 @@<br>
+//==-- proto_to_cxx_main.cpp - Driver for protobuf-C++ conversion ----------==//<br>
+//<br>
+// The LLVM Compiler Infrastructure<br>
+//<br>
+// This file is distributed under the University of Illinois Open Source<br>
+// License. See LICENSE.TXT for details.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+//<br>
+// Implements a simple driver to print a C++ program from a protobuf.<br>
+//<br>
+//===------------------------<wbr>------------------------------<wbr>----------------===//<br>
+#include <fstream><br>
+#include <iostream><br>
+#include <streambuf><br>
+#include <string><br>
+<br>
+#include "proto_to_cxx.h"<br>
+<br>
+int main(int argc, char **argv) {<br>
+ for (int i = 1; i < argc; i++) {<br>
+ std::fstream in(argv[i]);<br>
+ std::string str((std::istreambuf_iterator<<wbr>char>(in)),<br>
+ std::istreambuf_iterator<char><wbr>());<br>
+ std::cout << "// " << argv[i] << std::endl;<br>
+ std::cout << clang_fuzzer::ProtoToCxx(<br>
+ reinterpret_cast<const uint8_t *>(str.data()), str.size());<br>
+ }<br>
+}<br>
+<br>
<br>
<br>
______________________________<wbr>_________________<br>
cfe-commits mailing list<br>
<a href="mailto:cfe-commits@lists.llvm.org" target="_blank">cfe-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-commits</a><br>
</blockquote></div></div>
</div></div><br>______________________________<wbr>_________________<br>
cfe-commits mailing list<br>
<a href="mailto:cfe-commits@lists.llvm.org" target="_blank">cfe-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-commits</a><br>
<br></blockquote></div></div></div><br></div></div>
</blockquote></div></div></div><br></div></div>
</blockquote></div></div></div><br></div></div>
</blockquote></div><br></div></div>