[PATCH] D131020: Reland "[lldb/Fuzzer] Add fuzzer for expression evaluator"

2022-08-03 Thread Chelsea Cassanova via Phabricator via cfe-commits 
cassanova updated this revision to Diff 449729.
cassanova added a comment.

Set the LLDB_FUZZER_TARGET environment variable in the CMake file for the 
source code to use.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131020/new/

https://reviews.llvm.org/D131020

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,95 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle-cxx/handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto-to-cxx/proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+#include "llvm/Support/FileSystem.h"
+#include "llvm/Support/FormatVariadic.h"
+#include "llvm/Support/WithColor.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char *target_path;
+
+void ReportError(llvm::StringRef message) {
+  WithColor::error() << message << '\n';
+  exit(1);
+}
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+#if !defined(_WIN32)
+  signal(SIGPIPE, SIG_IGN);
+#endif
+
+  target_path = ::getenv("LLDB_FUZZER_TARGET");
+  if (!target_path)
+ReportError(
+"no target path specified in with the LLDB_FUZZER_TARGET variable");
+
+  if (!sys::fs::exists(target_path))
+ReportError(formatv("target path '{0}' does not exist", target_path).str());
+
+  SBDebugger::Initialize();
+
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function ) {
+  std::string expression = clang_fuzzer::FunctionToString(input);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  if (!debugger.IsValid())
+ReportError("Couldn't create debugger");
+
+  SBTarget target = debugger.CreateTarget(target_path);
+  if (!target.IsValid())
+ReportError(formatv("Couldn't create target '{0}'", target_path).str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint breakpoint = target.BreakpointCreateByName("main", target_path);
+  if (!breakpoint.IsValid())
+ReportError("Couldn't create breakpoint");
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo launch_info = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(launch_info, error);
+  if (!process.IsValid() || error.Fail())
+ReportError("Couldn't launch process");
+
+  SBValue value = target.EvaluateExpression(expression.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
@@ -0,0 +1,60 @@
+if(CLANG_ENABLE_PROTO_FUZZER)
+  set(LLVM_LINK_COMPONENTS
+Support
+)
+
+  add_llvm_fuzzer(lldb-expression-fuzzer
+EXCLUDE_FROM_ALL
+lldb-expression-fuzzer.cpp
+)
+
+  if(TARGET lldb-expression-fuzzer)
+target_include_directories(lldb-expression-fuzzer PRIVATE ..)
+find_package(Protobuf REQUIRED)
+add_definitions(-DGOOGLE_PROTOBUF_NO_RTTI)
+include_directories(${PROTOBUF_INCLUDE_DIRS})
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/../../../../clang/tools/clang-fuzzer PRIVATE ..)
+include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer)
+
+set(CLANG_CMAKE_MODULE_PATH
+  ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/cmake/modules)
+
+set(CMAKE_MODULE_PATH
+  ${CMAKE_MODULE_PATH}
+

[PATCH] D131020: Reland "[lldb/Fuzzer] Add fuzzer for expression evaluator"

2022-08-02 Thread Chelsea Cassanova via Phabricator via cfe-commits 
cassanova created this revision.
cassanova added reviewers: JDevlieghere, mib.
cassanova added a project: LLDB.
Herald added a subscriber: mgorny.
Herald added a project: All.
cassanova requested review of this revision.
Herald added a project: clang.
Herald added subscribers: lldb-commits, cfe-commits.

This reverts commit d959324e1efec12c3924c17b7d90db0b37eb84c3 
.

The target_include_directories in the clang-fuzzer CMake files are set to 
PRIVATE instead of PUBLIC to prevent the clang buildbots from breaking when 
symlinking clang into llvm.

The expression evaluator fuzzer itself has been modified to prevent a bug that 
occurs when running it without a target.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D131020

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,95 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle-cxx/handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto-to-cxx/proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+#include "llvm/Support/FileSystem.h"
+#include "llvm/Support/FormatVariadic.h"
+#include "llvm/Support/WithColor.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char *target_path;
+
+void ReportError(llvm::StringRef message) {
+  WithColor::error() << message << '\n';
+  exit(1);
+}
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+#if !defined(_WIN32)
+  signal(SIGPIPE, SIG_IGN);
+#endif
+
+  target_path = ::getenv("LLDB_FUZZER_TARGET");
+  if (!target_path)
+ReportError(
+"no target path specified in with the LLDB_FUZZER_TARGET variable");
+
+  if (!sys::fs::exists(target_path))
+ReportError(formatv("target path '{0}' does not exist", target_path).str());
+
+  SBDebugger::Initialize();
+
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function ) {
+  std::string expression = clang_fuzzer::FunctionToString(input);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  if (!debugger.IsValid())
+ReportError("Couldn't create debugger");
+
+  SBTarget target = debugger.CreateTarget(target_path);
+  if (!target.IsValid())
+ReportError(formatv("Couldn't create target '{0}'", target_path).str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint breakpoint = target.BreakpointCreateByName("main", target_path);
+  if (!breakpoint.IsValid())
+ReportError("Couldn't create breakpoint");
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo launch_info = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(launch_info, error);
+  if (!process.IsValid() || error.Fail())
+ReportError("Couldn't launch process");
+
+  SBValue value = target.EvaluateExpression(expression.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
@@ -0,0 +1,58 @@
+if(CLANG_ENABLE_PROTO_FUZZER)
+  set(LLVM_LINK_COMPONENTS
+Support
+)
+
+  add_llvm_fuzzer(lldb-expression-fuzzer
+EXCLUDE_FROM_ALL
+lldb-expression-fuzzer.cpp
+)
+
+  if(TARGET lldb-expression-fuzzer)
+

[PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

2022-07-22 Thread Chelsea Cassanova via Phabricator via cfe-commits 
This revision was automatically updated to reflect the committed changes.
Closed by commit rGb797834748f1: [lldb/Fuzzer] Add fuzzer for expression 
evaluator (authored by cassanova).

Changed prior to commit:
  https://reviews.llvm.org/D129377?vs=444761=446982#toc

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,73 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char **originalargv;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+
+  // The path for a simple compiled program is needed to create a
+  // target for the debugger and that path is passed in through argv
+  originalargv = *argv;
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function ) {
+  auto input_string = clang_fuzzer::FunctionToString(input);
+
+  // Get the second argument from argv and strip the '--' from it.
+  // This will be used as the path for the object file to create a target from
+  std::string raw_path = originalargv[2];
+  StringRef obj_path = raw_path.erase(0, 2);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(obj_path.str().c_str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint breakpoint = target.BreakpointCreateByLocation(obj_path.str().c_str(), 1);
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo launch_info = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(launch_info, error);
+  target.EvaluateExpression(input_string.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
@@ -0,0 +1,57 @@
+if(CLANG_ENABLE_PROTO_FUZZER)
+  set(LLVM_LINK_COMPONENTS
+Support
+)
+
+  add_llvm_fuzzer(lldb-expression-fuzzer
+EXCLUDE_FROM_ALL
+lldb-expression-fuzzer.cpp
+)
+
+  if(TARGET lldb-expression-fuzzer)
+target_include_directories(lldb-expression-fuzzer PRIVATE ..)
+find_package(Protobuf REQUIRED)
+add_definitions(-DGOOGLE_PROTOBUF_NO_RTTI)
+include_directories(${PROTOBUF_INCLUDE_DIRS})
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/../../../../clang/tools/clang-fuzzer PRIVATE ..)
+
+set(CLANG_CMAKE_MODULE_PATH
+  ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/cmake/modules)
+
+set(CMAKE_MODULE_PATH
+  ${CMAKE_MODULE_PATH}
+  ${CLANG_CMAKE_MODULE_PATH})
+
+
+set (PBM_PREFIX lldb_protobuf_mutator)
+include(ProtobufMutator)
+include_directories(${ProtobufMutator_INCLUDE_DIRS})
+
+target_link_libraries(lldb-expression-fuzzer
+  PRIVATE
+  ${ProtobufMutator_LIBRARIES}
+  ${LLVM_LIB_FUZZING_ENGINE}
+  clangHandleCXX
+  clangCXXProto
+  clangProtoToCXX
+  liblldb
+  )
+
+add_custom_command(TARGET lldb-expression-fuzzer PRE_BUILD
+  COMMAND ${CMAKE_COMMAND} -E make_directory

[PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

2022-07-14 Thread Chelsea Cassanova via Phabricator via cfe-commits 
cassanova updated this revision to Diff 444761.
cassanova edited the summary of this revision.
cassanova added a comment.

Removed the cxx_proto.proto file since we include the headers that it generates 
from the clang side.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,73 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char **originalargv;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+
+  // The path for a simple compiled program is needed to create a
+  // target for the debugger and that path is passed in through argv
+  originalargv = *argv;
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function ) {
+  auto S = clang_fuzzer::FunctionToString(input);
+
+  // Get the second argument from argv and strip the '--' from it.
+  // This will be used as the path for the object file to create a target from
+  std::string rawpath = originalargv[2];
+  StringRef objpath = rawpath.erase(0, 2);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(objpath.str().c_str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint bp = target.BreakpointCreateByLocation(objpath.str().c_str(), 1);
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo li = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(li, error);
+  target.EvaluateExpression(S.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
@@ -0,0 +1,57 @@
+if(CLANG_ENABLE_PROTO_FUZZER)
+  set(LLVM_LINK_COMPONENTS
+Support
+)
+
+  add_llvm_fuzzer(lldb-expression-fuzzer
+EXCLUDE_FROM_ALL
+lldb-expression-fuzzer.cpp
+)
+
+  if(TARGET lldb-expression-fuzzer)
+target_include_directories(lldb-expression-fuzzer PRIVATE ..)
+find_package(Protobuf REQUIRED)
+add_definitions(-DGOOGLE_PROTOBUF_NO_RTTI)
+include_directories(${PROTOBUF_INCLUDE_DIRS})
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/../../../../clang/tools/clang-fuzzer PRIVATE ..)
+
+set(CLANG_CMAKE_MODULE_PATH
+  ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/cmake/modules)
+
+set(CMAKE_MODULE_PATH
+  ${CMAKE_MODULE_PATH}
+  ${CLANG_CMAKE_MODULE_PATH})
+
+
+set (PBM_PREFIX lldb_protobuf_mutator)
+include(ProtobufMutator)
+include_directories(${ProtobufMutator_INCLUDE_DIRS})
+
+target_link_libraries(lldb-expression-fuzzer
+  PRIVATE
+  ${ProtobufMutator_LIBRARIES}
+  ${LLVM_LIB_FUZZING_ENGINE}
+  clangHandleCXX
+  clangCXXProto
+  clangProtoToCXX
+  liblldb
+  )
+
+add_custom_command(TARGET lldb-expression-fuzzer PRE_BUILD
+  COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_BINARY_DIR}/fuzzer-artifacts/expression-artifacts
+  # Create and compile a simple C program using the command line. This is
+

[PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

2022-07-14 Thread Chelsea Cassanova via Phabricator via cfe-commits 
cassanova marked an inline comment as done.
cassanova added inline comments.



Comment at: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto:1
+//===-- cxx_proto.proto - Protobuf description of C++ 
-===//
+//

JDevlieghere wrote:
> Do we still need a copy of this for LLDB?
This file is used to generate the cxx_proto.pb.h which is included in the 
source file. Since we just use the clang-fuzzer directory as an include 
directory then we shouldn't need this file anymore 


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

2022-07-13 Thread Chelsea Cassanova via Phabricator via cfe-commits 
cassanova updated this revision to Diff 444361.
cassanova added a comment.

Updated the ProtobufMutator CMake module and expression fuzzer CMakeLists file 
so that the expression fuzzer will create its own target name in its CMake 
file, and the ProtobufMutator will not attempt to create another target if one 
already exists

Also updated the expression fuzzer's CMake file to create a directory to store 
expression fuzzer artifacts.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,73 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char **originalargv;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+
+  // The path for a simple compiled program is needed to create a
+  // target for the debugger and that path is passed in through argv
+  originalargv = *argv;
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function ) {
+  auto S = clang_fuzzer::FunctionToString(input);
+
+  // Get the second argument from argv and strip the '--' from it.
+  // This will be used as the path for the object file to create a target from
+  std::string rawpath = originalargv[2];
+  StringRef objpath = rawpath.erase(0, 2);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(objpath.str().c_str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint bp = target.BreakpointCreateByLocation(objpath.str().c_str(), 1);
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo li = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(li, error);
+  target.EvaluateExpression(S.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
@@ -0,0 +1,92 @@
+//===-- cxx_proto.proto - Protobuf description of C++ -===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+///
+/// \file
+/// This file describes a subset of C++ as a protobuf.  It is used to
+///  more easily find interesting inputs for fuzzing Clang.
+///
+//===--===//
+
+syntax = "proto2";
+
+message VarRef {
+  required int32 varnum = 1;
+}
+
+message Lvalue {
+  required VarRef varref = 1;
+}
+
+message Const {
+  required int32 val = 1;
+}
+
+message BinaryOp {
+  enum Op {
+PLUS = 0;
+MINUS = 1;
+MUL = 2;
+DIV = 3;
+MOD = 4;
+XOR = 5;
+AND = 6;
+OR = 7;
+EQ = 8;
+NE = 9;
+LE = 10;
+GE = 11;
+LT = 12;
+GT = 13;
+  };
+  required Op op = 1;
+  required

[PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

2022-07-12 Thread Chelsea Cassanova via Phabricator via cfe-commits 
cassanova added inline comments.



Comment at: clang/cmake/modules/ProtobufMutator.cmake:4-5
+  set (PBM_PREFIX clang_protobuf_mutator)
+elseif(${CMAKE_CURRENT_SOURCE_DIR} MATCHES "lldb")
+  set (PBM_PREFIX lldb_protobuf_mutator)
+endif()

mib wrote:
> If feels wrong to me that the clang protobuf cmake module knows about lldb.
> 
> May be we should just have 2 separate files for clang and lldb
My preferred solution to this was just creating a target called 
${LLVM_VARIABLE_THAT_TELLS_YOU_THE_SUBPROJECT_NAME}_protobuf_mutator to avoid 
using if-statements and direct strings but it looks like clang and lldb aren't 
defined as subprojects unless they're being built standalone.

Also in the event that some other subproject wanted to use this library then 
this solution just gets messier. Having 2 different CMake module files for the 
clang and lldb sides each or putting protobuf mutator in a more central 
location is another way to approach this


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

2022-07-12 Thread Chelsea Cassanova via Phabricator via cfe-commits 
cassanova updated this revision to Diff 444074.
cassanova added a comment.

The ProtobufMutator CMake module will build targets for clang and lldb 
individually depending on which project is building the mutator, instead of 
both fuzzers trying to build the same target.

The expression fuzzer's source file only includes handle-cxx and proto-to-cxx 
directly, instead of including them from their folders.

The expression fuzzer's CMake file adds the clang-fuzzer binary directory as a 
include directory so that the lldb fuzzer does not need to generate a second 
copy of cxx_proto.pb.h and cxx_proto.pb.cc. It also requires the Protobuf 
library, grabs its definitions and includes the protobuf include dirs to 
prevent a protobuf header from not being found in the expression fuzzer source 
file.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,73 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char **originalargv;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+
+  // The path for a simple compiled program is needed to create a
+  // target for the debugger and that path is passed in through argv
+  originalargv = *argv;
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function ) {
+  auto S = clang_fuzzer::FunctionToString(input);
+
+  // Get the second argument from argv and strip the '--' from it.
+  // This will be used as the path for the object file to create a target from
+  std::string rawpath = originalargv[2];
+  StringRef objpath = rawpath.erase(0, 2);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(objpath.str().c_str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint bp = target.BreakpointCreateByLocation(objpath.str().c_str(), 1);
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo li = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(li, error);
+  target.EvaluateExpression(S.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
@@ -0,0 +1,92 @@
+//===-- cxx_proto.proto - Protobuf description of C++ -===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+///
+/// \file
+/// This file describes a subset of C++ as a protobuf.  It is used to
+///  more easily find interesting inputs for fuzzing Clang.
+///
+//===--===//
+
+syntax = "proto2";
+
+message VarRef {
+  required int32 varnum = 1;
+}
+
+message

[PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

2022-07-11 Thread Chelsea Cassanova via Phabricator via cfe-commits 
cassanova added inline comments.



Comment at: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt:21
+
+include(ProtobufMutator)
+include_directories(${ProtobufMutator_INCLUDE_DIRS})

Commenting out this line causes the project to generate, but I get file not 
found errors when including the protobuf errors when trying to build the fuzzer.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

2022-07-11 Thread Chelsea Cassanova via Phabricator via cfe-commits 
cassanova updated this revision to Diff 443768.
cassanova added a comment.

Shows top-of-tree changes, however CMake generation fails that the 
ProtobufMutator target already exists for clang-fuzzer:

  CMake Error at 
/opt/homebrew/Cellar/cmake/3.23.1_1/share/cmake/Modules/ExternalProject.cmake:3453
 (add_custom_target):
add_custom_target cannot create target "protobuf_mutator" because another
target with the same name already exists.  The existing target is a custom
target created in source directory
"/Users/chelseacassanova/code/llvm-project/clang/tools/clang-fuzzer".


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/lldb-expression-fuzzer.cpp
@@ -0,0 +1,73 @@
+//===-- lldb-expression-fuzzer.cpp ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===-===//
+//
+// \file
+// This file is a fuzzer for LLDB's expression evaluator. It uses protobufs
+// and the libprotobuf-mutator to create valid C-like inputs for the
+// expression evaluator.
+//
+//===-===//
+
+#include 
+
+#include "cxx_proto.pb.h"
+#include "handle-cxx/handle_cxx.h"
+#include "lldb/API/SBBreakpoint.h"
+#include "lldb/API/SBDebugger.h"
+#include "lldb/API/SBError.h"
+#include "lldb/API/SBLaunchInfo.h"
+#include "lldb/API/SBProcess.h"
+#include "lldb/API/SBTarget.h"
+#include "proto-to-cxx/proto_to_cxx.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Error.h"
+
+using namespace lldb;
+using namespace llvm;
+using namespace clang_fuzzer;
+
+char **originalargv;
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+  SBDebugger::Initialize();
+
+  // The path for a simple compiled program is needed to create a
+  // target for the debugger and that path is passed in through argv
+  originalargv = *argv;
+  return 0;
+}
+
+DEFINE_BINARY_PROTO_FUZZER(const clang_fuzzer::Function ) {
+  auto S = clang_fuzzer::FunctionToString(input);
+
+  // Get the second argument from argv and strip the '--' from it.
+  // This will be used as the path for the object file to create a target from
+  std::string rawpath = originalargv[2];
+  StringRef objpath = rawpath.erase(0, 2);
+
+  // Create a debugger and a target
+  SBDebugger debugger = SBDebugger::Create(false);
+  SBTarget target = debugger.CreateTarget(objpath.str().c_str());
+
+  // Create a breakpoint on the only line in the program
+  SBBreakpoint bp = target.BreakpointCreateByLocation(objpath.str().c_str(), 1);
+
+  // Create launch info and error for launching the process
+  SBLaunchInfo li = target.GetLaunchInfo();
+  SBError error;
+
+  // Launch the process and evaluate the fuzzer's input data
+  // as an expression
+  SBProcess process = target.Launch(li, error);
+  target.EvaluateExpression(S.c_str());
+
+  debugger.DeleteTarget(target);
+  SBDebugger::Destroy(debugger);
+  SBModule::GarbageCollectAllocatedModules();
+}
Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
===
--- /dev/null
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/cxx_proto.proto
@@ -0,0 +1,92 @@
+//===-- cxx_proto.proto - Protobuf description of C++ -===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+///
+/// \file
+/// This file describes a subset of C++ as a protobuf.  It is used to
+///  more easily find interesting inputs for fuzzing Clang.
+///
+//===--===//
+
+syntax = "proto2";
+
+message VarRef {
+  required int32 varnum = 1;
+}
+
+message Lvalue {
+  required VarRef varref = 1;
+}
+
+message Const {
+  required int32 val = 1;
+}
+
+message BinaryOp {
+  enum Op {
+PLUS = 0;
+MINUS = 1;
+MUL = 2;
+DIV = 3;
+

[PATCH] D129377: [lldb/Fuzzer] Add fuzzer for expression evaluator

2022-07-08 Thread Chelsea Cassanova via Phabricator via cfe-commits 
cassanova updated this revision to Diff 443362.
cassanova edited the summary of this revision.
cassanova added a comment.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.

Building the expression evaluator fuzzer is now conditional on the 
CLANG_ENABLE_PROTO_FUZZER CMake variable being enabled.

Copying the source and header files from is no longer being done in the 
top-level CMake file, this is instead added to the subdirectories of the clang 
fuzzer.

The fuzzer uses Clang's CMake modules for libprotobuf_mutator instead of 
copying the module into LLDB.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D129377/new/

https://reviews.llvm.org/D129377

Files:
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt

Index: lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
===
--- lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
+++ lldb/tools/lldb-fuzzer/lldb-expression-fuzzer/CMakeLists.txt
@@ -1,89 +1,50 @@
-set(LLVM_LINK_COMPONENTS
-  Support
-  )
-
-add_llvm_fuzzer(lldb-expression-fuzzer
-  EXCLUDE_FROM_ALL
-  lldb-expression-fuzzer.cpp
-  )
-
-if(TARGET lldb-expression-fuzzer)
-  target_include_directories(lldb-expression-fuzzer PRIVATE ..)
-
-  # Generate the necessary source and header files for using protobufs
-  find_package(Protobuf REQUIRED)
-  add_definitions(-DGOOGLE_PROTOBUF_NO_RTTI)
-  include_directories(${PROTOBUF_INCLUDE_DIRS})
-  include_directories(${CMAKE_CURRENT_BINARY_DIR})
-  protobuf_generate_cpp(PROTO_SRCS PROTO_HDRS cxx_proto.proto)
-  protobuf_generate_cpp(LOOP_PROTO_SRCS LOOP_PROTO_HDRS cxx_loop_proto.proto)
-  set(LLVM_OPTIONAL_SOURCES ${LLVM_OPTIONAL_SOURCES} ${PROTO_SRCS})
-
-  # Place the source and header files into a library for use by LLDB's expression fuzzer
-  # FIXME: It would be better to use add_lldb_library, but using this will cause an error
-  # during cmake's file generation phase
-  add_library(lldbCXXProto
-${PROTO_SRCS}
-${PROTO_HDRS}
-)
-
-  # Build and include the libprotobuf-mutator repository
-  include(ProtobufMutator)
-  include_directories(${ProtobufMutator_INCLUDE_DIRS})
-
-  # Create a variable for the libraries generated by protobuf and protobuf mutator
-  set(COMMON_PROTO_FUZZ_LIBRARIES
-${ProtobufMutator_LIBRARIES}
-${PROTOBUF_LIBRARIES}
-)
-
-  # Link the protobuf libraries as well as the clang libraries used to
-  # convert protobufs to C/C++
-  target_link_libraries(lldb-expression-fuzzer
-PRIVATE
-${COMMON_PROTO_FUZZ_LIBRARIES}
-clangHandleCXX
-lldbCXXProto
-clangProtoToCXX
-liblldb
+if(CLANG_ENABLE_PROTO_FUZZER)
+  set(LLVM_LINK_COMPONENTS
+Support
 )
 
-  # The target for this fuzzer needs to depend on the protobuf mutator
-  # repository
-  add_dependencies(lldb-expression-fuzzer lldb_protobuf_mutator)
-
-  add_custom_command(TARGET lldb-expression-fuzzer PRE_BUILD
-
-# FIXME: Copying the source and header files is not the preferred way to implement these libraries
-# on the LLDB side. It would be preferable to have the libraries for protobuf fuzzers be located
-# in a more central location
-
-# Create directories to store the files for handle-cxx and proto-to-cxx since the protobuf mutator
-# depends on them
-COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/handle-cxx
-COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/proto-to-cxx
-
-# Copy the header and source files for handle-cxx from clang
-COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer/handle-cxx/handle_cxx.h ${CMAKE_CURRENT_BINARY_DIR}/handle-cxx
-COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp ${CMAKE_CURRENT_BINARY_DIR}/handle-cxx
-
-# Copy the header and source files for proto-to-cxx from clang
-COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h ${CMAKE_CURRENT_BINARY_DIR}/proto-to-cxx
-COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp ${CMAKE_CURRENT_BINARY_DIR}/proto-to-cxx
-COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/../../../../clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp ${CMAKE_CURRENT_BINARY_DIR}/proto-to-cxx
-
-# Create and compile a simple C program using the command line. This is
-# needed because LLDB's expression evaluator needs a legitmate target
-# instead of a dummy target
-COMMAND echo 'int main (int argc, char** argv) { return 0\; }' | clang -o main.out -xc -
+  add_llvm_fuzzer(lldb-expression-fuzzer
+EXCLUDE_FROM_ALL
+