[Lldb-commits] [PATCH] D132148: [lldb][docs] Add documentation for LLDB fuzzers

Jonas Devlieghere via Phabricator via lldb-commits lldb-commits at lists.llvm.org
Thu Aug 18 12:37:40 PDT 2022 

JDevlieghere added inline comments.


================
Comment at: lldb/docs/resources/fuzzing.rst:14-26
+::
+   $ cmake <path to root of llvm source tree> \
+        -G Ninja \
+        -DCMAKE_BUILD_TYPE='Release' \
+        -DLLVM_USE_SANITIZER='Address' \
+        -DLLVM_USE_SANITIZE_COVERAGE=On \
+        -DLLVM_BUILD_RUNTIME=Off \
----------------
I would simplify this a bit and say that in addition to your regular CMake arguments, you have to pass `        -DLLVM_USE_SANITIZER='Address'  -DLLVM_USE_SANITIZE_COVERAGE=On`. I think the libfuzzer documentation says something similar so in addition to listing that explicitly here, we should also include a link to that (in case that ever changes in the future). 


================
Comment at: lldb/docs/resources/fuzzing.rst:42
+
+Currently, there are plans to integrate the LLDB fuzzers into the `OSS Fuzz <https://github.com/google/oss-fuzz>`_ project for continuous integration.
+
----------------
I think this could be its own section that talks about where the fuzzers are (will be) running. 


================
Comment at: lldb/docs/resources/fuzzing.rst:44
+
+If you want to run the fuzzers on your own machine, you can run the binaries that were generated with ninja:
+
----------------



================
Comment at: lldb/docs/resources/fuzzing.rst:47-49
+   $ ./<lldb fuzzer build directory>/bin/lldb-target-fuzzer
+   $ ./<lldb fuzzer build directory>/bin/lldb-commandinterpreter-fuzzer
+   $ ./<lldb fuzzer build directory>/bin/lldb-expression-fuzzer
----------------
I would say  "from the build directory" and use relative paths here.


================
Comment at: lldb/docs/resources/fuzzing.rst:69-72
+If you want to reproduce the issue found by a fuzzer once you have gotten the input, you can pass the input to LLDB depending on which component you were fuzzing. For example, if you found an input that crashed target creation, you could run:
+
+::
+   $ lldb <input you are investigating>
----------------
This is specific to LLDB's target fuzzer and not something I think folks should rely on. libfuzzer makes it really easy to reproduce bugs (as you explain below) so we should encourage everyone to use that.  


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D132148/new/

https://reviews.llvm.org/D132148

More information about the lldb-commits mailing list