[PATCH] D50829: Update README and Dockerfile to include llvm-proto-fuzzer
Emmett Neyman via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Aug 15 17:45:40 PDT 2018
emmettneyman created this revision.
emmettneyman added reviewers: morehouse, kcc.
Herald added a subscriber: cfe-commits.
Added commands to Dockerfile to build llvm-proto-fuzzer and the other related tools. Also added a section to the bottom of the README describing what llvm-proto-fuzzer does and how to run it.
Repository:
rC Clang
https://reviews.llvm.org/D50829
Files:
clang/tools/clang-fuzzer/Dockerfile
clang/tools/clang-fuzzer/README.txt
Index: clang/tools/clang-fuzzer/README.txt
===================================================================
--- clang/tools/clang-fuzzer/README.txt
+++ clang/tools/clang-fuzzer/README.txt
@@ -80,3 +80,32 @@
To translate a clang-proto-fuzzer corpus output to C++:
bin/clang-proto-to-cxx CORPUS_OUTPUT_FILE
+
+===================
+ llvm-proto-fuzzer
+===================
+Like, clang-proto-fuzzer, llvm-proto-fuzzer is also a protobuf-mutator based
+fuzzer. It receives as input a cxx_loop_proto which it then converts into a
+string of valid LLVM IR: a function with either a single loop or two nested
+loops. It then creates a new string of IR by running optimization passes over
+the original IR. Currently, it only runs a loop-vectorize pass but more passes
+can easily be added to the fuzzer. Once there are two versions of the input
+function (optimized and not), llvm-proto-fuzzer uses LLVM's JIT Engine to
+compile both functions. Lastly, it runs both functions on a suite of inputs and
+checks that both functions behave the same on all inputs. In this way,
+llvm-proto-fuzzer can find not only compiler crashes, but also miscompiles
+originating from LLVM's optimization passes.
+
+llvm-proto-fuzzer is built very similarly to clang-proto-fuzzer. You can run the
+fuzzer with the following command:
+ bin/clang-llvm-proto-fuzzer CORPUS_DIR
+
+To translate a cxx_loop_proto file into LLVM IR do:
+ bin/clang-loop-proto-to-llvm
+To translate a cxx_loop_proto file into C++ do:
+ bin/clang-loop-proto-to-cxx
+
+Note: To get a higher number of executions per second with llvm-proto-fuzzer it
+helps to build it without ASan instrumentation and with the -O2 flag. Because
+the fuzzer is not only compiling code, but also running it, as the inputs get
+large, the time necessary to fuzz one input can get very high.
Index: clang/tools/clang-fuzzer/Dockerfile
===================================================================
--- clang/tools/clang-fuzzer/Dockerfile
+++ clang/tools/clang-fuzzer/Dockerfile
@@ -35,3 +35,7 @@
RUN cd build1 && ninja clang-fuzzer
RUN cd build1 && ninja clang-proto-fuzzer
RUN cd build1 && ninja clang-proto-to-cxx
+RUN cd build1 && ninja clang-loop-proto-to-cxx
+RUN cd build1 && ninja clang-loop-proto-to-llvm
+RUN cd build1 && ninja clang-loop-proto-fuzzer
+RUN cd build1 && ninja clang-llvm-proto-fuzzer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D50829.160959.patch
Type: text/x-patch
Size: 2355 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180816/cef85d09/attachment-0001.bin>
More information about the cfe-commits
mailing list