[www] r354043 - Add open project for ASTImporter fuzzer
Raphael Isemann via llvm-commits
llvm-commits at lists.llvm.org
Thu Feb 14 10:33:28 PST 2019
Author: teemperor
Date: Thu Feb 14 10:33:28 2019
New Revision: 354043
URL: http://llvm.org/viewvc/llvm-project?rev=354043&view=rev
Log:
Add open project for ASTImporter fuzzer
Modified:
www/trunk/OpenProjects.html
Modified: www/trunk/OpenProjects.html
URL: http://llvm.org/viewvc/llvm-project/www/trunk/OpenProjects.html?rev=354043&r1=354042&r2=354043&view=diff
==============================================================================
--- www/trunk/OpenProjects.html (original)
+++ www/trunk/OpenProjects.html Thu Feb 14 10:33:28 2019
@@ -205,6 +205,63 @@ main <a href="https://developers.google.
</div>
+<!-- *********************************************************************** -->
+<div class="www_subsubsection">
+ <a name="clang-astimporter-fuzzer">Implement an ASTImporter fuzzer</a>
+</div>
+<!-- *********************************************************************** -->
+
+<div class="www_text">
+ <p><b>Description of the project: </b>
+ Clang contains an ASTImporter which allows moving declarations and
+ statements from one Clang AST to another. This is for example used for
+ static analysis across translation units and in LLDB's expression
+ evaluator.
+ </p>
+ <p>
+ The current ASTImporter works as intended when moving simple C code from
+ one AST to another. However, more complicated declarations such as C++'s
+ OOP features and templates are not fully implemented and can cause crashes
+ or invalid AST nodes. The bug reports related to these crashes are often
+ filed against LLDB's expression evaluator and are rarely submited with a
+ minimal reproducer. This makes improving ASTImporter a time-consuming and
+ tedious task.
+ </p>
+ <p>
+ This project is about writing a fuzzer to proactively discover these
+ ASTImporter bugs and provide minimal reproducers which make understanding
+ and fixing the underlying bug easier.
+ </p>
+ <p>
+ A possible implementation of such a fuzzer and driver could look like this:
+
+ <ul>
+ <li>Generate some source code that can be imported (either fully randomly
+ or based on existing source code from a user-given code corpus).</li>
+ <li>Import randomly a few declarations from this AST. The AST in which
+ they are imported to can already be populated with declarations.</li>
+ <li>Run Clang's code generator over our imported AST.</li>
+ <li>If we hit an assert during the import or CodeGen steps we probably
+ found an ASTImporter bug.</li>
+ <li>The fuzzer driver should now reduce the size of the source code
+ until it is as small as possible and still reproduces the crash (e.g.
+ by running Creduce with an automatically generated test script).</li>
+ <li>The reproducer should now be stored in a format so that it can just be
+ copied into Clang's regression test suite for the ASTImporter (see
+ the <a href="https://github.com/llvm/llvm-project/tree/master/clang/test/Import">clang/test/Import/</a> directory).
+ The reproducer must still reproduce the found bug when run as part
+ of the test suite.
+ </li>
+ </ul>
+ This is just one possible approach and students are welcome to submit their
+ own ideas on how the fuzzer should operate. Approaches that allow to
+ automatically verify more aspects of the imported AST (e.g. the source
+ locations of AST nodes, size of RecordDecls) are encouraged. The fuzzer and
+ driver should be implemented in C++ and/or Python.
+ </p>
+ <p><b>Confirmed Mentor:</b> Raphael Isemann, Shafik Yaghmour</p>
+ <p><b>Desirable skills:</b> Intermediate knowledge of C++.</p>
+</div>
<!-- *********************************************************************** -->
<div class="www_sectiontitle">
More information about the llvm-commits
mailing list