[PATCH] Add clang-fuzzer target

Kostya Serebryany kcc at google.com
Thu Jan 29 19:33:26 PST 2015 

Hi chandlerc,

Add clang-fuzzer target.
This is a very naive and slow clang fuzzer, but it has found
one new bug (PR22396) and hit a known bug (PR21954) in just a few minutes,
so I think it deserves to be committed.
I would appreciate further contribution to fuzzer/ClangFuzzer.cpp
to make if faster and more meaningful.

http://reviews.llvm.org/D7289

Files:
  CMakeLists.txt
  fuzzer/
  fuzzer/CMakeLists.txt
  fuzzer/ClangFuzzer.cpp

Index: CMakeLists.txt
===================================================================
--- CMakeLists.txt
+++ CMakeLists.txt
@@ -532,3 +532,7 @@
     ${CLANG_BINARY_DIR}/share/clang/cmake/ClangConfig.cmake
     COPYONLY)
 endif ()
+
+if( LLVM_USE_SANITIZE_COVERAGE )
+  add_subdirectory(fuzzer)
+endif()
Index: fuzzer/CMakeLists.txt
===================================================================
--- /dev/null
+++ fuzzer/CMakeLists.txt
@@ -0,0 +1,17 @@
+set(LLVM_LINK_COMPONENTS support)
+
+add_clang_executable(clang-fuzzer
+  ClangFuzzer.cpp
+  )
+
+target_link_libraries(clang-fuzzer
+  clangAST
+  clangASTMatchers
+  clangBasic
+  clangFrontend
+  clangLex
+  clangRewrite
+  clangTooling
+  clangToolingCore
+  LLVMFuzzer
+  )
Index: fuzzer/ClangFuzzer.cpp
===================================================================
--- /dev/null
+++ fuzzer/ClangFuzzer.cpp
@@ -0,0 +1,34 @@
+//===-- ClangFuzzer.cpp - Fuzz Clang --------------------------------------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+///
+/// \file
+/// \brief This file implements a function that runs Clang on a single
+///  input. This function is then linked into the Fuzzer library.
+///  See llvm/lib/Fuzzer/README.txt for more instructions.
+///
+//===----------------------------------------------------------------------===//
+
+#include <stdio.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "clang/Tooling/Tooling.h"
+#include <string>
+
+// FIXME: The current implementation is very naive an inefficient:
+// - buildASTFromCode does a lot of driver work which slows down things.
+// - Errors are reported to stderr slowing things even further.
+//
+// What we really need here is a function that takes the array of bytes
+// and invokes preprocessor and/or parser on it, sending messages to dev/null.
+
+extern "C" void TestOneInput(uint8_t *data, size_t size) {
+  std::string S((char*)data, size);
+  clang::tooling::buildASTFromCode(S);
+}

EMAIL PREFERENCES
  http://reviews.llvm.org/settings/panel/emailpreferences/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D7289.19021.patch
Type: text/x-patch
Size: 2177 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150130/76ff4abb/attachment.bin>

More information about the cfe-commits mailing list