[PATCH] D47666: Refactored clang-fuzzer and added new (copy) files

Emmett Neyman via Phabricator via cfe-commits Fri, 01 Jun 2018 16:44:58 -0700

emmettneyman created this revision.
emmettneyman added reviewers: vitalybuka, kcc, morehouse.
Herald added subscribers: cfe-commits, mgorny.


Refactored LLVMFuzzerInitialize function into its own file.
Copied and renamed some files in preparation for new loop-proto-fuzzer.


Repository:
  rC Clang

https://reviews.llvm.org/D47666

Files:
  tools/clang-fuzzer/CMakeLists.txt
  tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
  tools/clang-fuzzer/FuzzerInitialize.cpp
  tools/clang-fuzzer/FuzzerInitialize.h
  tools/clang-fuzzer/experimental/ExampleClangLoopProtoFuzzer.cpp
  tools/clang-fuzzer/experimental/cxx_loop_proto.proto
  tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.cpp
  tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.h
  tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx_main.cpp

Index: tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx_main.cpp
===================================================================
--- /dev/null
+++ tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx_main.cpp
@@ -0,0 +1,34 @@
+//==-- proto_to_cxx_main.cpp - Driver for protobuf-C++ conversion ----------==//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// Implements a simple driver to print a C++ program from a protobuf.
+//
+//===----------------------------------------------------------------------===//
+
+// This is a copy and will be updated later to introduce changes
+
+#include <fstream>
+#include <iostream>
+#include <streambuf>
+#include <string>
+
+#include "loop_proto_to_cxx.h"
+
+int main(int argc, char **argv) {
+  for (int i = 1; i < argc; i++) {
+    std::fstream in(argv[i]);
+    std::string str((std::istreambuf_iterator<char>(in)),
+                    std::istreambuf_iterator<char>());
+    std::cout << "// " << argv[i] << std::endl;
+    std::cout << clang_fuzzer::ProtoToCxx(
+        reinterpret_cast<const uint8_t *>(str.data()), str.size());
+    // std::cout << clang_fuzzer::ProtoStringToCxx(str);
+  }
+}
+
Index: tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.h
===================================================================
--- /dev/null
+++ tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.h
@@ -0,0 +1,24 @@
+//==-- proto_to_cxx.h - Protobuf-C++ conversion ----------------------------==//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// Defines functions for converting between protobufs and C++.
+//
+//===----------------------------------------------------------------------===//
+
+// This is a copy and will be updated later to introduce changes
+
+#include <cstdint>
+#include <cstddef>
+#include <string>
+
+namespace clang_fuzzer {
+class Function;
+std::string FunctionToString(const Function &input);
+std::string ProtoToCxx(const uint8_t *data, size_t size);
+}
Index: tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.cpp
===================================================================
--- /dev/null
+++ tools/clang-fuzzer/proto-to-cxx/experimental/loop_proto_to_cxx.cpp
@@ -0,0 +1,115 @@
+//==-- proto_to_cxx.cpp - Protobuf-C++ conversion --------------------------==//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// Implements functions for converting between protobufs and C++.
+//
+//===----------------------------------------------------------------------===//
+
+// This is a copy and will be updated later to introduce changes
+
+#include "loop_proto_to_cxx.h"
+#include "cxx_loop_proto.pb.h"
+
+// The following is needed to convert protos in human-readable form
+#include <google/protobuf/text_format.h>
+
+
+#include <ostream>
+#include <sstream>
+
+namespace clang_fuzzer {
+
+// Forward decls.
+std::ostream &operator<<(std::ostream &os, const BinaryOp &x);
+std::ostream &operator<<(std::ostream &os, const StatementSeq &x);
+
+// Proto to C++.
+std::ostream &operator<<(std::ostream &os, const Const &x) {
+  return os << "(" << x.val() << ")";
+}
+std::ostream &operator<<(std::ostream &os, const VarRef &x) {
+  return os << "a[" << (static_cast<uint32_t>(x.varnum()) % 100) << "]";
+}
+std::ostream &operator<<(std::ostream &os, const Lvalue &x) {
+  return os << x.varref();
+}
+std::ostream &operator<<(std::ostream &os, const Rvalue &x) {
+    if (x.has_varref()) return os << x.varref();
+    if (x.has_cons())   return os << x.cons();
+    if (x.has_binop())  return os << x.binop();
+    return os << "1";
+}
+std::ostream &operator<<(std::ostream &os, const BinaryOp &x) {
+  os << "(" << x.left();
+  switch (x.op()) {
+    case BinaryOp::PLUS: os << "+"; break;
+    case BinaryOp::MINUS: os << "-"; break;
+    case BinaryOp::MUL: os << "*"; break;
+    case BinaryOp::DIV: os << "/"; break;
+    case BinaryOp::MOD: os << "%"; break;
+    case BinaryOp::XOR: os << "^"; break;
+    case BinaryOp::AND: os << "&"; break;
+    case BinaryOp::OR: os << "|"; break;
+    case BinaryOp::EQ: os << "=="; break;
+    case BinaryOp::NE: os << "!="; break;
+    case BinaryOp::LE: os << "<="; break;
+    case BinaryOp::GE: os << ">="; break;
+    case BinaryOp::LT: os << "<"; break;
+    case BinaryOp::GT: os << ">"; break;
+  }
+  return os << x.right() << ")";
+}
+std::ostream &operator<<(std::ostream &os, const AssignmentStatement &x) {
+  return os << x.lvalue() << "=" << x.rvalue() << ";\n";
+}
+std::ostream &operator<<(std::ostream &os, const IfElse &x) {
+  return os << "if (" << x.cond() << "){\n"
+            << x.if_body() << "} else { \n"
+            << x.else_body() << "}\n";
+}
+std::ostream &operator<<(std::ostream &os, const While &x) {
+  return os << "while (" << x.cond() << "){\n" << x.body() << "}\n";
+}
+std::ostream &operator<<(std::ostream &os, const Statement &x) {
+  if (x.has_assignment()) return os << x.assignment();
+  if (x.has_ifelse())     return os << x.ifelse();
+  if (x.has_while_loop()) return os << x.while_loop();
+  return os << "(void)0;\n";
+}
+std::ostream &operator<<(std::ostream &os, const StatementSeq &x) {
+  for (auto &st : x.statements()) os << st;
+  return os;
+}
+std::ostream &operator<<(std::ostream &os, const Function &x) {
+  return os << "void foo(int *a) {\n" << x.statements() << "}\n";
+}
+
+// ---------------------------------
+
+std::string FunctionToString(const Function &input) {
+  std::ostringstream os;
+  os << input;
+  return os.str();
+
+}
+std::string ProtoToCxx(const uint8_t *data, size_t size) {
+  Function message;
+  if (!message.ParsePartialFromArray(data, size))
+    return "#error invalid proto, may not be binary encoded\n";
+  return FunctionToString(message);
+}
+/*
+std::string ProtoStringToCxx(const std::string& data) {
+  Function message;
+  if (!google::protobuf::TextFormat::ParseFromString(data, &message))
+    return "#error invalid proto, may not be string encoded\n";
+  return FunctionToString(message);
+}
+*/
+} // namespace clang_fuzzer
Index: tools/clang-fuzzer/experimental/cxx_loop_proto.proto
===================================================================
--- /dev/null
+++ tools/clang-fuzzer/experimental/cxx_loop_proto.proto
@@ -0,0 +1,95 @@
+//===-- cxx_proto.proto - Protobuf description of C++ ---------------------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+///
+/// \file
+/// This file describes a subset of C++ as a protobuf.  It is used to
+///  more easily find interesting inputs for fuzzing Clang.
+///
+//===----------------------------------------------------------------------===//
+
+// This is a copy and will be updated later to introduce changes
+
+syntax = "proto2";
+
+message VarRef {
+  required int32 varnum = 1;
+}
+
+message Lvalue {
+  required VarRef varref = 1;
+}
+
+message Const {
+  required int32 val = 1;
+}
+
+message BinaryOp {
+  enum Op {
+    PLUS = 0;
+    MINUS = 1;
+    MUL = 2;
+    DIV = 3;
+    MOD = 4;
+    XOR = 5;
+    AND = 6;
+    OR = 7;
+    EQ = 8;
+    NE = 9;
+    LE = 10;
+    GE = 11;
+    LT = 12;
+    GT = 13;
+  };
+  required Op op = 1;
+  required Rvalue left = 2;
+  required Rvalue right = 3;
+}
+
+message Rvalue {
+  oneof rvalue_oneof {
+    VarRef varref = 1;
+    Const cons = 2;
+    BinaryOp binop = 3;
+  }
+}
+
+message AssignmentStatement {
+  required Lvalue lvalue = 1;
+  required Rvalue rvalue = 2;
+}
+
+
+message IfElse {
+  required Rvalue cond = 1;
+  required StatementSeq if_body = 2;
+  required StatementSeq else_body = 3;
+}
+
+message While {
+  required Rvalue cond = 1;
+  required StatementSeq body = 2;
+}
+
+message Statement {
+  oneof stmt_oneof {
+    AssignmentStatement assignment = 1;
+    IfElse              ifelse     = 2;
+    While               while_loop = 3;
+  }
+}
+
+message StatementSeq {
+  repeated Statement statements = 1;
+}
+
+message Function {
+  required StatementSeq statements = 1;
+}
+
+package clang_fuzzer;
Index: tools/clang-fuzzer/experimental/ExampleClangLoopProtoFuzzer.cpp
===================================================================
--- tools/clang-fuzzer/experimental/ExampleClangLoopProtoFuzzer.cpp
+++ tools/clang-fuzzer/experimental/ExampleClangLoopProtoFuzzer.cpp
@@ -14,16 +14,20 @@
 ///
 //===----------------------------------------------------------------------===//
 
-#include "cxx_proto.pb.h"
+// This is a copy and will be updated later to introduce changes
+
+#include "cxx_loop_proto.pb.h"
 #include "handle-cxx/handle_cxx.h"
-#include "proto-to-cxx/proto_to_cxx.h"
+
+#include "FuzzerInitialize.h"
 
 #include "src/libfuzzer/libfuzzer_macro.h"
 
 #include <cstring>
 
 using namespace clang_fuzzer;
 
+/*
 static std::vector<const char *> CLArgs;
 
 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
@@ -37,6 +41,7 @@
   }
   return 0;
 }
+*/
 
 DEFINE_BINARY_PROTO_FUZZER(const Function& input) {
   auto S = FunctionToString(input);
Index: tools/clang-fuzzer/FuzzerInitialize.h
===================================================================
--- /dev/null
+++ tools/clang-fuzzer/FuzzerInitialize.h
@@ -0,0 +1,14 @@
+#include "handle-cxx/handle_cxx.h"
+#include "proto-to-cxx/proto_to_cxx.h"
+// #include "proto-to-cxx/loop_proto_to_cxx.h"
+
+#include "src/libfuzzer/libfuzzer_macro.h"
+
+#include <cstring>
+
+namespace clang_fuzzer {
+
+static std::vector<const char *> CLArgs;
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv);
+
+}
Index: tools/clang-fuzzer/FuzzerInitialize.cpp
===================================================================
--- tools/clang-fuzzer/FuzzerInitialize.cpp
+++ tools/clang-fuzzer/FuzzerInitialize.cpp
@@ -1,4 +1,4 @@
-//===-- ExampleClangProtoFuzzer.cpp - Fuzz Clang --------------------------===//
+//===-- FuzzerInitialize.cpp - Fuzz Clang ---------------------------------===//
 //
 //                     The LLVM Compiler Infrastructure
 //
@@ -15,18 +15,14 @@
 //===----------------------------------------------------------------------===//
 
 #include "cxx_proto.pb.h"
-#include "handle-cxx/handle_cxx.h"
-#include "proto-to-cxx/proto_to_cxx.h"
 
-#include "src/libfuzzer/libfuzzer_macro.h"
-
-#include <cstring>
+#include "FuzzerInitialize.h"
 
 using namespace clang_fuzzer;
 
-static std::vector<const char *> CLArgs;
 
 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  std::cout << "inited";
   CLArgs.push_back("-O2");
   for (int I = 1; I < *argc; I++) {
     if (strcmp((*argv)[I], "-ignore_remaining_args=1") == 0) {
@@ -38,7 +34,3 @@
   return 0;
 }
 
-DEFINE_BINARY_PROTO_FUZZER(const Function& input) {
-  auto S = FunctionToString(input);
-  HandleCXX(S, CLArgs);
-}
Index: tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
===================================================================
--- tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
+++ tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
@@ -18,12 +18,14 @@
 #include "handle-cxx/handle_cxx.h"
 #include "proto-to-cxx/proto_to_cxx.h"
 
+#include "FuzzerInitialize.h"
 #include "src/libfuzzer/libfuzzer_macro.h"
 
 #include <cstring>
 
 using namespace clang_fuzzer;
 
+/*
 static std::vector<const char *> CLArgs;
 
 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
@@ -37,6 +39,7 @@
   }
   return 0;
 }
+*/
 
 DEFINE_BINARY_PROTO_FUZZER(const Function& input) {
   auto S = FunctionToString(input);
Index: tools/clang-fuzzer/CMakeLists.txt
===================================================================
--- tools/clang-fuzzer/CMakeLists.txt
+++ tools/clang-fuzzer/CMakeLists.txt
@@ -14,6 +14,7 @@
   ClangFuzzer.cpp
   DummyClangFuzzer.cpp
   ExampleClangProtoFuzzer.cpp
+  FuzzerInitialize.cpp
   )
 
 if(CLANG_ENABLE_PROTO_FUZZER)
@@ -44,6 +45,7 @@
   add_clang_executable(clang-proto-fuzzer
     ${DUMMY_MAIN}
     ExampleClangProtoFuzzer.cpp
+    FuzzerInitialize.cpp
     )
 
   target_link_libraries(clang-proto-fuzzer

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D47666: Refactored clang-fuzzer and added new (copy) files

Reply via email to