https://bugs.llvm.org/show_bug.cgi?id=33829
Bug ID: 33829
Summary: implement a structured clang-fuzzer (aka
clang-proto-fuzzer)
Product: new-bugs
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: new bugs
Assignee: masc...@google.com
Reporter: k...@google.com
CC: llvm-bugs@lists.llvm.org
Created attachment 18812
--> https://bugs.llvm.org/attachment.cgi?id=18812&action=edit
cxx_proto.proto
I have a prototype of a "structured" fuzzer for clang based on
https://github.com/google/libprotobuf-mutator
and tools/clang/tools/clang-fuzzer/ClangFuzzer.cpp.
The idea is that we describe a subset of C++ as a protobuf,
implement a protobuf=>C++ serialization, and mutate the protobufs
during guided fuzzing.
The prototype has already discovered several bugs:
https://bugs.llvm.org/show_bug.cgi?id=33747
https://bugs.llvm.org/show_bug.cgi?id=33749
https://bugs.llvm.org/show_bug.cgi?id=33494
and so it's time to make it available in LLVM trunk.
The tricky part is that this fuzzer depends on the code that
is not part of the regular LLVM tree nor it's regular deps.
We'll need:
* relatively recent libprotobuf-dev
* fresh libprotobuf-mutator
I propose to implement clang-proto-fuzzer under a cmake flag (off by default),
so that the default build doesn't depend on
libprotobuf-dev/libprotobuf-mutator.
(An alternative is to drag this code into the LLVM tree, which is highly
unpleasant).
I suggest to add ClangProtoFuzzer.cpp adjacent to ClangFuzzer.cpp
(both should probably share some code) and add separate files
* proto description for C++-like language.
* proto=>C++ serialization code.
* simple driver to convert a proto to C++
My prototypes for these are attached.
ClangProtoFuzzer will need to support LLVM flags (via libFuzzer's
-ignore_remaining_args=1)
so that we can fuzz non-default configurations (e.g. non-default '-triple').
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs