[Lldb-commits] [lldb] 46be5fa - [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

Chelsea Cassanova via lldb-commits lldb-commits at lists.llvm.org
Wed Jun 22 14:43:12 PDT 2022 

Author: Chelsea Cassanova
Date: 2022-06-22T17:42:55-04:00
New Revision: 46be5faaf03466c3751f8a2882bef5a217e15926

URL: https://github.com/llvm/llvm-project/commit/46be5faaf03466c3751f8a2882bef5a217e15926
DIFF: https://github.com/llvm/llvm-project/commit/46be5faaf03466c3751f8a2882bef5a217e15926.diff

LOG: [lldb/Fuzzer] Add command interpreter fuzzer for LLDB

This adds a command interpreter fuzzer to LLDB's fuzzing library.
The input data from the fuzzer is used as input for the command
interpreter.
Input data for the fuzzer is guided by a dictionary of keywords used in
LLDB, such as "breakpoint", "target" and others.

Differential revision: https://reviews.llvm.org/D128292

Added: 
    lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
    lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
    lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp

Modified: 
    lldb/tools/lldb-fuzzer/CMakeLists.txt

Removed: 
    


################################################################################
diff  --git a/lldb/tools/lldb-fuzzer/CMakeLists.txt b/lldb/tools/lldb-fuzzer/CMakeLists.txt
index 326c69a29dac1..867a41961c13c 100644
--- a/lldb/tools/lldb-fuzzer/CMakeLists.txt
+++ b/lldb/tools/lldb-fuzzer/CMakeLists.txt
@@ -1,2 +1,3 @@
+add_subdirectory(lldb-commandinterpreter-fuzzer)
 add_subdirectory(lldb-target-fuzzer)
 add_subdirectory(utils)

diff  --git a/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
new file mode 100644
index 0000000000000..5bfae5b574e95
--- /dev/null
+++ b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/CMakeLists.txt
@@ -0,0 +1,28 @@
+set(LLVM_LINK_COMPONENTS
+  Support
+  )
+
+add_llvm_fuzzer(lldb-commandinterpreter-fuzzer
+  EXCLUDE_FROM_ALL
+  lldb-commandinterpreter-fuzzer.cpp
+  )
+
+if(TARGET lldb-commandinterpreter-fuzzer)
+  target_include_directories(lldb-commandinterpreter-fuzzer PRIVATE ..)
+  target_link_libraries(lldb-commandinterpreter-fuzzer
+    PRIVATE
+    liblldb
+    )
+
+  # This will create a directory specifically for the fuzzer's artifacts, go to that
+  # directory and run the fuzzer from there. When the fuzzer exits the input
+  # artifact that caused it to exit will be written to a directory within the
+  # build directory
+  add_custom_target(fuzz-lldb-commandinterpreter
+    COMMENT "Running the LLDB command interpreter fuzzer..."
+    COMMAND mkdir -p ${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts &&
+    cd ${CMAKE_BINARY_DIR}/fuzzer-artifacts/commandinterpreter-artifacts
+    && $<TARGET_FILE:lldb-commandinterpreter-fuzzer> -dict=${CMAKE_CURRENT_SOURCE_DIR}/inputdictionary.txt  -only_ascii=1 -artifact_prefix=commandinterpreter-
+    USES_TERMINAL
+    )
+endif()

diff  --git a/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
new file mode 100644
index 0000000000000..ddd52a6d7806a
--- /dev/null
+++ b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/inputdictionary.txt
@@ -0,0 +1,4 @@
+kw1="breakpoint set"
+kw2="target"
+kw3="run"
+kw4="frame info"

diff  --git a/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
new file mode 100644
index 0000000000000..036954838b057
--- /dev/null
+++ b/lldb/tools/lldb-fuzzer/lldb-commandinterpreter-fuzzer/lldb-commandinterpreter-fuzzer.cpp
@@ -0,0 +1,47 @@
+//===-- lldb-commandinterpreter-fuzzer.cpp -------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===---------------------------------------------------------------------===//
+
+#include <string>
+
+#include "lldb/API/SBCommandInterpreter.h"
+#include "lldb/API/SBCommandInterpreterRunOptions.h"
+#include "lldb/API/SBCommandReturnObject.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBTarget.h"
+
+using namespace lldb;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
+  // Convert the data into a null-terminated string
+  std::string str((char *)data, size);
+
+  // Create a debugger and a dummy target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.GetDummyTarget();
+
+  // Create a command interpreter for the current debugger
+  // A return object is needed to run the command interpreter
+  SBCommandReturnObject ro = SBCommandReturnObject();
+  SBCommandInterpreter ci = debugger.GetCommandInterpreter();
+
+  // Use the fuzzer generated input as input for the command interpreter
+  if (ci.IsValid()) {
+    ci.HandleCommand(str.c_str(), ro, false);
+  }
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+
+  return 0;
+}

More information about the lldb-commits mailing list