[Lldb-commits] [lldb] 61efe14 - [lldb] Add a fuzzer for target creation

Jonas Devlieghere via lldb-commits lldb-commits at lists.llvm.org
Fri Mar 25 09:34:06 PDT 2022 

Author: Jonas Devlieghere
Date: 2022-03-25T09:34:00-07:00
New Revision: 61efe14e21b2c47a848f6d7500ed05af17c64a9a

URL: https://github.com/llvm/llvm-project/commit/61efe14e21b2c47a848f6d7500ed05af17c64a9a
DIFF: https://github.com/llvm/llvm-project/commit/61efe14e21b2c47a848f6d7500ed05af17c64a9a.diff

LOG: [lldb] Add a fuzzer for target creation

This patch adds a generic fuzzer that interprets inputs as object files
and uses them to create a target in lldb. It is very similar to the
llvm-dwarfdump fuzzer which found a bunch of issues in libObject.

Differential revision: https://reviews.llvm.org/D122461

Added: 
    lldb/tools/lldb-fuzzer/CMakeLists.txt
    lldb/tools/lldb-fuzzer/lldb-target-fuzzer.cpp
    lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
    lldb/tools/lldb-fuzzer/utils/TempFile.cpp
    lldb/tools/lldb-fuzzer/utils/TempFile.h

Modified: 
    lldb/tools/CMakeLists.txt
    llvm/docs/FuzzingLLVM.rst

Removed: 
    


################################################################################
diff  --git a/lldb/tools/CMakeLists.txt b/lldb/tools/CMakeLists.txt
index 1585fd4dc4b9e..16a2c7956aeff 100644
--- a/lldb/tools/CMakeLists.txt
+++ b/lldb/tools/CMakeLists.txt
@@ -6,6 +6,7 @@ add_subdirectory(intel-features)
 # i.e. if a target requires it as dependency. The typical
 # example is `check-lldb`. So, we pass EXCLUDE_FROM_ALL here.
 add_subdirectory(lldb-test EXCLUDE_FROM_ALL)
+add_subdirectory(lldb-fuzzer EXCLUDE_FROM_ALL)
 
 add_lldb_tool_subdirectory(lldb-instr)
 add_lldb_tool_subdirectory(lldb-vscode)

diff  --git a/lldb/tools/lldb-fuzzer/CMakeLists.txt b/lldb/tools/lldb-fuzzer/CMakeLists.txt
new file mode 100644
index 0000000000000..44df5f193b44a
--- /dev/null
+++ b/lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -0,0 +1,17 @@
+add_subdirectory(utils)
+
+set(LLVM_LINK_COMPONENTS
+  Support
+  )
+
+add_llvm_fuzzer(lldb-target-fuzzer
+  EXCLUDE_FROM_ALL
+  lldb-target-fuzzer.cpp
+  )
+
+target_link_libraries(lldb-target-fuzzer
+  PRIVATE
+  liblldb
+  lldbFuzzerUtils
+  )
+

diff  --git a/lldb/tools/lldb-fuzzer/lldb-target-fuzzer.cpp b/lldb/tools/lldb-fuzzer/lldb-target-fuzzer.cpp
new file mode 100644
index 0000000000000..82487bb224f09
--- /dev/null
+++ b/lldb/tools/lldb-fuzzer/lldb-target-fuzzer.cpp
@@ -0,0 +1,35 @@
+//===-- lldb-target-fuzzer.cpp - Fuzz target creation ---------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include <utils/TempFile.h>
+
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+
+using namespace lldb;
+using namespace lldb_fuzzer;
+using namespace llvm;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+  std::unique_ptr<TempFile> file = TempFile::Create(data, size);
+  if (!file)
+    return 1;
+
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(file->GetPath().data());
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+
+  return 0;
+}

diff  --git a/lldb/tools/lldb-fuzzer/utils/CMakeLists.txt b/lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
new file mode 100644
index 0000000000000..2c99c79e8aefe
--- /dev/null
+++ b/lldb/tools/lldb-fuzzer/utils/CMakeLists.txt
@@ -0,0 +1,6 @@
+add_lldb_library(lldbFuzzerUtils
+  TempFile.cpp
+
+  LINK_COMPONENTS
+    Support
+  )

diff  --git a/lldb/tools/lldb-fuzzer/utils/TempFile.cpp b/lldb/tools/lldb-fuzzer/utils/TempFile.cpp
new file mode 100644
index 0000000000000..c5c16ec19df7a
--- /dev/null
+++ b/lldb/tools/lldb-fuzzer/utils/TempFile.cpp
@@ -0,0 +1,33 @@
+//===-- TempFile.cpp ------------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/Support/FileSystem.h"
+#include <TempFile.h>
+
+using namespace lldb_fuzzer;
+using namespace llvm;
+
+TempFile::~TempFile() {
+  if (!m_path.empty())
+    sys::fs::remove(m_path.str(), true);
+}
+
+std::unique_ptr<TempFile> TempFile::Create(uint8_t *data, size_t size) {
+  int fd;
+  std::unique_ptr<TempFile> temp_file = std::make_unique<TempFile>();
+  std::error_code ec = sys::fs::createTemporaryFile("lldb-fuzzer", "input", fd,
+                                                    temp_file->m_path);
+  if (ec)
+    return nullptr;
+
+  raw_fd_ostream os(fd, true);
+  os.write(reinterpret_cast<const char *>(data), size);
+  os.close();
+
+  return temp_file;
+}

diff  --git a/lldb/tools/lldb-fuzzer/utils/TempFile.h b/lldb/tools/lldb-fuzzer/utils/TempFile.h
new file mode 100644
index 0000000000000..27453b0c62d20
--- /dev/null
+++ b/lldb/tools/lldb-fuzzer/utils/TempFile.h
@@ -0,0 +1,27 @@
+//===-- TempFile.h ----------------------------------------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/ADT/SmallString.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+namespace lldb_fuzzer {
+
+class TempFile {
+public:
+  TempFile() = default;
+  ~TempFile();
+
+  static std::unique_ptr<TempFile> Create(uint8_t *data, size_t size);
+  llvm::StringRef GetPath() { return m_path.str(); }
+
+private:
+  llvm::SmallString<128> m_path;
+};
+
+} // namespace lldb_fuzzer

diff  --git a/llvm/docs/FuzzingLLVM.rst b/llvm/docs/FuzzingLLVM.rst
index e471020aab761..6b32eeab1241d 100644
--- a/llvm/docs/FuzzingLLVM.rst
+++ b/llvm/docs/FuzzingLLVM.rst
@@ -158,6 +158,11 @@ compatible with all of libFuzzer's features. See the notes above about
 .. |LLVM IR fuzzer|
    replace:: :ref:`structured LLVM IR fuzzer <fuzzing-llvm-ir>`
 
+lldb-target-fuzzer
+---------------------
+
+A |generic fuzzer| that interprets inputs as object files and uses them to
+create a target in lldb.
 
 Mutators and Input Generators
 =============================

More information about the lldb-commits mailing list