[llvm-bugs] [Bug 33829] New: implement a structured clang-fuzzer (aka clang-proto-fuzzer)
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Jul 17 17:12:07 PDT 2017
https://bugs.llvm.org/show_bug.cgi?id=33829
Bug ID: 33829
Summary: implement a structured clang-fuzzer (aka
clang-proto-fuzzer)
Product: new-bugs
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: new bugs
Assignee: mascasa at google.com
Reporter: kcc at google.com
CC: llvm-bugs at lists.llvm.org
Created attachment 18812
--> https://bugs.llvm.org/attachment.cgi?id=18812&action=edit
cxx_proto.proto
I have a prototype of a "structured" fuzzer for clang based on
https://github.com/google/libprotobuf-mutator
and tools/clang/tools/clang-fuzzer/ClangFuzzer.cpp.
The idea is that we describe a subset of C++ as a protobuf,
implement a protobuf=>C++ serialization, and mutate the protobufs
during guided fuzzing.
The prototype has already discovered several bugs:
https://bugs.llvm.org/show_bug.cgi?id=33747
https://bugs.llvm.org/show_bug.cgi?id=33749
https://bugs.llvm.org/show_bug.cgi?id=33494
and so it's time to make it available in LLVM trunk.
The tricky part is that this fuzzer depends on the code that
is not part of the regular LLVM tree nor it's regular deps.
We'll need:
* relatively recent libprotobuf-dev
* fresh libprotobuf-mutator
I propose to implement clang-proto-fuzzer under a cmake flag (off by default),
so that the default build doesn't depend on
libprotobuf-dev/libprotobuf-mutator.
(An alternative is to drag this code into the LLVM tree, which is highly
unpleasant).
I suggest to add ClangProtoFuzzer.cpp adjacent to ClangFuzzer.cpp
(both should probably share some code) and add separate files
* proto description for C++-like language.
* proto=>C++ serialization code.
* simple driver to convert a proto to C++
My prototypes for these are attached.
ClangProtoFuzzer will need to support LLVM flags (via libFuzzer's
-ignore_remaining_args=1)
so that we can fuzz non-default configurations (e.g. non-default '-triple').
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170718/01def0b3/attachment.html>
More information about the llvm-bugs
mailing list