[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-08 Thread Vitaly Buka via Phabricator via cfe-commits 
vitalybuka added inline comments.



Comment at: clang/cmake/modules/ProtobufMutator.cmake:6
+
+ExternalProject_Add(${PBM_PREFIX}
+  PREFIX ${PBM_PREFIX}

Just noticed, for cmake projects shorter syntax can be used.
Example: 
https://github.com/google/libprotobuf-mutator/blob/master/cmake/external/googletest.cmake



Repository:
  rL LLVM

https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-08 Thread Matt Morehouse via Phabricator via cfe-commits 
This revision was automatically updated to reflect the committed changes.
Closed by commit rL310408: Integrate Kostya's clang-proto-fuzzer with LLVM. 
(authored by morehouse).

Changed prior to commit:
  https://reviews.llvm.org/D36324?vs=110265=110269#toc

Repository:
  rL LLVM

https://reviews.llvm.org/D36324

Files:
  cfe/trunk/CMakeLists.txt
  cfe/trunk/cmake/modules/ProtobufMutator.cmake
  cfe/trunk/tools/clang-fuzzer/CMakeLists.txt
  cfe/trunk/tools/clang-fuzzer/ClangFuzzer.cpp
  cfe/trunk/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
  cfe/trunk/tools/clang-fuzzer/README.txt
  cfe/trunk/tools/clang-fuzzer/cxx_proto.proto
  cfe/trunk/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
  cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.h
  cfe/trunk/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
  cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
  cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp

Index: cfe/trunk/CMakeLists.txt
===
--- cfe/trunk/CMakeLists.txt
+++ cfe/trunk/CMakeLists.txt
@@ -377,6 +377,8 @@
 option(CLANG_ANALYZER_BUILD_Z3
   "Build the static analyzer with the Z3 constraint manager." OFF)
 
+option(CLANG_ENABLE_PROTO_FUZZER "Build Clang protobuf fuzzer." OFF)
+
 if(NOT CLANG_ENABLE_STATIC_ANALYZER AND (CLANG_ENABLE_ARCMT OR CLANG_ANALYZER_BUILD_Z3))
   message(FATAL_ERROR "Cannot disable static analyzer while enabling ARCMT or Z3")
 endif()
Index: cfe/trunk/tools/clang-fuzzer/CMakeLists.txt
===
--- cfe/trunk/tools/clang-fuzzer/CMakeLists.txt
+++ cfe/trunk/tools/clang-fuzzer/CMakeLists.txt
@@ -1,21 +1,60 @@
 if( LLVM_USE_SANITIZE_COVERAGE )
   set(LLVM_LINK_COMPONENTS ${LLVM_TARGETS_TO_BUILD})
 
+  if(CLANG_ENABLE_PROTO_FUZZER)
+# Create protobuf .h and .cc files, and put them in a library for use by
+# clang-proto-fuzzer components.
+find_package(Protobuf REQUIRED)
+add_definitions(-DGOOGLE_PROTOBUF_NO_RTTI)
+include_directories(${PROTOBUF_INCLUDE_DIRS})
+include_directories(${CMAKE_CURRENT_BINARY_DIR})
+protobuf_generate_cpp(PROTO_SRCS PROTO_HDRS cxx_proto.proto)
+# Hack to bypass LLVM's cmake sources check and allow multiple libraries and
+# executables from this directory.
+set(LLVM_OPTIONAL_SOURCES
+  ClangFuzzer.cpp
+  ExampleClangProtoFuzzer.cpp
+  ${PROTO_SRCS}
+  )
+add_clang_library(clangCXXProto
+  ${PROTO_SRCS}
+  ${PROTO_HDRS}
+
+  LINK_LIBS
+  ${PROTOBUF_LIBRARIES}
+  )
+
+# Build and include libprotobuf-mutator
+include(ProtobufMutator)
+include_directories(${ProtobufMutator_INCLUDE_DIRS})
+
+# Build the protobuf->C++ translation library and driver.
+add_clang_subdirectory(proto-to-cxx)
+
+# Build the protobuf fuzzer
+add_clang_executable(clang-proto-fuzzer ExampleClangProtoFuzzer.cpp)
+target_link_libraries(clang-proto-fuzzer
+  ${ProtobufMutator_LIBRARIES}
+  clangCXXProto
+  clangHandleCXX
+  clangProtoToCXX
+  LLVMFuzzer
+  )
+  else()
+# Hack to bypass LLVM's cmake sources check and allow multiple libraries and
+# executables from this directory.
+set(LLVM_OPTIONAL_SOURCES ClangFuzzer.cpp ExampleClangProtoFuzzer.cpp)
+  endif()
+
+  add_clang_subdirectory(handle-cxx)
+
   add_clang_executable(clang-fuzzer
 EXCLUDE_FROM_ALL
 ClangFuzzer.cpp
 )
 
   target_link_libraries(clang-fuzzer
-${CLANG_FORMAT_LIB_DEPS}
-clangAST
-clangBasic
-clangCodeGen
-clangDriver
-clangFrontend
-clangRewriteFrontend
-clangStaticAnalyzerFrontend
-clangTooling
+clangHandleCXX
 LLVMFuzzer
 )
 endif()
Index: cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
===
--- cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
+++ cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
@@ -0,0 +1,58 @@
+//==-- handle_cxx.cpp - Helper function for Clang fuzzers --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements HandleCXX for use by the Clang fuzzers.
+//
+//===--===//
+
+#include "handle_cxx.h"
+
+#include "clang/CodeGen/CodeGenAction.h"
+#include "clang/Frontend/CompilerInstance.h"
+#include "clang/Lex/PreprocessorOptions.h"
+#include "clang/Tooling/Tooling.h"
+#include "llvm/Option/Option.h"
+#include "llvm/Support/TargetSelect.h"
+
+using namespace clang;
+
+void clang_fuzzer::HandleCXX(const std::string ,
+ const

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-08 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse updated this revision to Diff 110265.
morehouse added a comment.

- README tweaks.


https://reviews.llvm.org/D36324

Files:
  clang/CMakeLists.txt
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/CMakeLists.txt
  clang/tools/clang-fuzzer/ClangFuzzer.cpp
  clang/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
  clang/tools/clang-fuzzer/README.txt
  clang/tools/clang-fuzzer/cxx_proto.proto
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp

Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
@@ -0,0 +1,30 @@
+//==-- proto_to_cxx_main.cpp - Driver for protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements a simple driver to print a C++ program from a protobuf.
+//
+//===--===//
+#include 
+#include 
+#include 
+#include 
+
+#include "proto_to_cxx.h"
+
+int main(int argc, char **argv) {
+  for (int i = 1; i < argc; i++) {
+std::fstream in(argv[i]);
+std::string str((std::istreambuf_iterator(in)),
+std::istreambuf_iterator());
+std::cout << "// " << argv[i] << std::endl;
+std::cout << clang_fuzzer::ProtoToCxx(
+reinterpret_cast(str.data()), str.size());
+  }
+}
+
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
@@ -0,0 +1,22 @@
+//==-- proto_to_cxx.h - Protobuf-C++ conversion ==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Defines functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include 
+#include 
+#include 
+
+namespace clang_fuzzer {
+class Function;
+std::string FunctionToString(const Function );
+std::string ProtoToCxx(const uint8_t *data, size_t size);
+}
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
@@ -0,0 +1,102 @@
+//==-- proto_to_cxx.cpp - Protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include "proto_to_cxx.h"
+#include "cxx_proto.pb.h"
+
+#include 
+#include 
+
+namespace clang_fuzzer {
+
+// Forward decls.
+std::ostream <<(std::ostream , const BinaryOp );
+std::ostream <<(std::ostream , const StatementSeq );
+
+// Proto to C++.
+std::ostream <<(std::ostream , const Const ) {
+  return os << "(" << x.val() << ")";
+}
+std::ostream <<(std::ostream , const VarRef ) {
+  return os << "a[" << (static_cast(x.varnum()) % 100) << "]";
+}
+std::ostream <<(std::ostream , const Lvalue ) {
+  return os << x.varref();
+}
+std::ostream <<(std::ostream , const Rvalue ) {
+if (x.has_varref()) return os << x.varref();
+if (x.has_cons())   return os << x.cons();
+if (x.has_binop())  return os << x.binop();
+return os << "1";
+}
+std::ostream <<(std::ostream , const BinaryOp ) {
+  os << "(" << x.left();
+  switch (x.op()) {
+case BinaryOp::PLUS: os << "+"; break;
+case BinaryOp::MINUS: os << "-"; break;
+case BinaryOp::MUL: os << "*"; break;
+case BinaryOp::DIV: os << "/"; break;
+case BinaryOp::MOD: os << "%"; break;
+case BinaryOp::XOR: os << "^"; break;
+case BinaryOp::AND: os << "&"; break;
+case BinaryOp::OR: os << "|"; break;
+case BinaryOp::EQ: os << "=="; break;
+case BinaryOp::NE: os << "!="; break;
+case BinaryOp::LE: os << "<="; break;
+case BinaryOp::GE: os << ">="; break;

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-08 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse updated this revision to Diff 110264.
morehouse added a comment.

- Add run instructions to README.


https://reviews.llvm.org/D36324

Files:
  clang/CMakeLists.txt
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/CMakeLists.txt
  clang/tools/clang-fuzzer/ClangFuzzer.cpp
  clang/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
  clang/tools/clang-fuzzer/README.txt
  clang/tools/clang-fuzzer/cxx_proto.proto
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp

Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
@@ -0,0 +1,30 @@
+//==-- proto_to_cxx_main.cpp - Driver for protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements a simple driver to print a C++ program from a protobuf.
+//
+//===--===//
+#include 
+#include 
+#include 
+#include 
+
+#include "proto_to_cxx.h"
+
+int main(int argc, char **argv) {
+  for (int i = 1; i < argc; i++) {
+std::fstream in(argv[i]);
+std::string str((std::istreambuf_iterator(in)),
+std::istreambuf_iterator());
+std::cout << "// " << argv[i] << std::endl;
+std::cout << clang_fuzzer::ProtoToCxx(
+reinterpret_cast(str.data()), str.size());
+  }
+}
+
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
@@ -0,0 +1,22 @@
+//==-- proto_to_cxx.h - Protobuf-C++ conversion ==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Defines functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include 
+#include 
+#include 
+
+namespace clang_fuzzer {
+class Function;
+std::string FunctionToString(const Function );
+std::string ProtoToCxx(const uint8_t *data, size_t size);
+}
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
@@ -0,0 +1,102 @@
+//==-- proto_to_cxx.cpp - Protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include "proto_to_cxx.h"
+#include "cxx_proto.pb.h"
+
+#include 
+#include 
+
+namespace clang_fuzzer {
+
+// Forward decls.
+std::ostream <<(std::ostream , const BinaryOp );
+std::ostream <<(std::ostream , const StatementSeq );
+
+// Proto to C++.
+std::ostream <<(std::ostream , const Const ) {
+  return os << "(" << x.val() << ")";
+}
+std::ostream <<(std::ostream , const VarRef ) {
+  return os << "a[" << (static_cast(x.varnum()) % 100) << "]";
+}
+std::ostream <<(std::ostream , const Lvalue ) {
+  return os << x.varref();
+}
+std::ostream <<(std::ostream , const Rvalue ) {
+if (x.has_varref()) return os << x.varref();
+if (x.has_cons())   return os << x.cons();
+if (x.has_binop())  return os << x.binop();
+return os << "1";
+}
+std::ostream <<(std::ostream , const BinaryOp ) {
+  os << "(" << x.left();
+  switch (x.op()) {
+case BinaryOp::PLUS: os << "+"; break;
+case BinaryOp::MINUS: os << "-"; break;
+case BinaryOp::MUL: os << "*"; break;
+case BinaryOp::DIV: os << "/"; break;
+case BinaryOp::MOD: os << "%"; break;
+case BinaryOp::XOR: os << "^"; break;
+case BinaryOp::AND: os << "&"; break;
+case BinaryOp::OR: os << "|"; break;
+case BinaryOp::EQ: os << "=="; break;
+case BinaryOp::NE: os << "!="; break;
+case BinaryOp::LE: os << "<="; break;
+case BinaryOp::GE: os

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-08 Thread Kostya Serebryany via Phabricator via cfe-commits 
kcc accepted this revision.
kcc added a comment.

LGTM with a couple if nits in the README

Thanks!




Comment at: clang/tools/clang-fuzzer/README.txt:11
+class, producing valid C++ programs in the process.  As a result,
+clang-proto-fuzzer is better at stressing deeper layers of Clang.
+

.. of of Clang and LLVM



Comment at: clang/tools/clang-fuzzer/README.txt:36
+=
+Install the necessary dependencies:
+- binutils  // needed for libprotobuf-mutator

(linux-only instructions)



Comment at: clang/tools/clang-fuzzer/README.txt:51
+
+Then build the clang-proto-fuzzer target.
+

You may also build clang-fuzzer with this setup 


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-08 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse updated this revision to Diff 110262.
morehouse added a comment.

- Add README.txt.


https://reviews.llvm.org/D36324

Files:
  clang/CMakeLists.txt
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/CMakeLists.txt
  clang/tools/clang-fuzzer/ClangFuzzer.cpp
  clang/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
  clang/tools/clang-fuzzer/README.txt
  clang/tools/clang-fuzzer/cxx_proto.proto
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp

Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
@@ -0,0 +1,30 @@
+//==-- proto_to_cxx_main.cpp - Driver for protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements a simple driver to print a C++ program from a protobuf.
+//
+//===--===//
+#include 
+#include 
+#include 
+#include 
+
+#include "proto_to_cxx.h"
+
+int main(int argc, char **argv) {
+  for (int i = 1; i < argc; i++) {
+std::fstream in(argv[i]);
+std::string str((std::istreambuf_iterator(in)),
+std::istreambuf_iterator());
+std::cout << "// " << argv[i] << std::endl;
+std::cout << clang_fuzzer::ProtoToCxx(
+reinterpret_cast(str.data()), str.size());
+  }
+}
+
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
@@ -0,0 +1,22 @@
+//==-- proto_to_cxx.h - Protobuf-C++ conversion ==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Defines functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include 
+#include 
+#include 
+
+namespace clang_fuzzer {
+class Function;
+std::string FunctionToString(const Function );
+std::string ProtoToCxx(const uint8_t *data, size_t size);
+}
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
@@ -0,0 +1,102 @@
+//==-- proto_to_cxx.cpp - Protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include "proto_to_cxx.h"
+#include "cxx_proto.pb.h"
+
+#include 
+#include 
+
+namespace clang_fuzzer {
+
+// Forward decls.
+std::ostream <<(std::ostream , const BinaryOp );
+std::ostream <<(std::ostream , const StatementSeq );
+
+// Proto to C++.
+std::ostream <<(std::ostream , const Const ) {
+  return os << "(" << x.val() << ")";
+}
+std::ostream <<(std::ostream , const VarRef ) {
+  return os << "a[" << (static_cast(x.varnum()) % 100) << "]";
+}
+std::ostream <<(std::ostream , const Lvalue ) {
+  return os << x.varref();
+}
+std::ostream <<(std::ostream , const Rvalue ) {
+if (x.has_varref()) return os << x.varref();
+if (x.has_cons())   return os << x.cons();
+if (x.has_binop())  return os << x.binop();
+return os << "1";
+}
+std::ostream <<(std::ostream , const BinaryOp ) {
+  os << "(" << x.left();
+  switch (x.op()) {
+case BinaryOp::PLUS: os << "+"; break;
+case BinaryOp::MINUS: os << "-"; break;
+case BinaryOp::MUL: os << "*"; break;
+case BinaryOp::DIV: os << "/"; break;
+case BinaryOp::MOD: os << "%"; break;
+case BinaryOp::XOR: os << "^"; break;
+case BinaryOp::AND: os << "&"; break;
+case BinaryOp::OR: os << "|"; break;
+case BinaryOp::EQ: os << "=="; break;
+case BinaryOp::NE: os << "!="; break;
+case BinaryOp::LE: os << "<="; break;
+case BinaryOp::GE: os << ">="; break;

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-08 Thread Kostya Serebryany via Phabricator via cfe-commits 
kcc added a comment.

Looks good!
Now, please add a clang/tools/clang-fuzzer/README.txt describing how to build 
the fuzzers (both the old one and the new one) and how to run them.
For the new one explain how to install the deps


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-08 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse updated this revision to Diff 110222.
morehouse added a comment.

- Define GOOGLE_PROTOBUF_NO_RTTI to remove RTTI requirement.


https://reviews.llvm.org/D36324

Files:
  clang/CMakeLists.txt
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/CMakeLists.txt
  clang/tools/clang-fuzzer/ClangFuzzer.cpp
  clang/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
  clang/tools/clang-fuzzer/cxx_proto.proto
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp

Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
@@ -0,0 +1,30 @@
+//==-- proto_to_cxx_main.cpp - Driver for protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements a simple driver to print a C++ program from a protobuf.
+//
+//===--===//
+#include 
+#include 
+#include 
+#include 
+
+#include "proto_to_cxx.h"
+
+int main(int argc, char **argv) {
+  for (int i = 1; i < argc; i++) {
+std::fstream in(argv[i]);
+std::string str((std::istreambuf_iterator(in)),
+std::istreambuf_iterator());
+std::cout << "// " << argv[i] << std::endl;
+std::cout << clang_fuzzer::ProtoToCxx(
+reinterpret_cast(str.data()), str.size());
+  }
+}
+
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
@@ -0,0 +1,22 @@
+//==-- proto_to_cxx.h - Protobuf-C++ conversion ==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Defines functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include 
+#include 
+#include 
+
+namespace clang_fuzzer {
+class Function;
+std::string FunctionToString(const Function );
+std::string ProtoToCxx(const uint8_t *data, size_t size);
+}
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
@@ -0,0 +1,102 @@
+//==-- proto_to_cxx.cpp - Protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include "proto_to_cxx.h"
+#include "cxx_proto.pb.h"
+
+#include 
+#include 
+
+namespace clang_fuzzer {
+
+// Forward decls.
+std::ostream <<(std::ostream , const BinaryOp );
+std::ostream <<(std::ostream , const StatementSeq );
+
+// Proto to C++.
+std::ostream <<(std::ostream , const Const ) {
+  return os << "(" << x.val() << ")";
+}
+std::ostream <<(std::ostream , const VarRef ) {
+  return os << "a[" << (static_cast(x.varnum()) % 100) << "]";
+}
+std::ostream <<(std::ostream , const Lvalue ) {
+  return os << x.varref();
+}
+std::ostream <<(std::ostream , const Rvalue ) {
+if (x.has_varref()) return os << x.varref();
+if (x.has_cons())   return os << x.cons();
+if (x.has_binop())  return os << x.binop();
+return os << "1";
+}
+std::ostream <<(std::ostream , const BinaryOp ) {
+  os << "(" << x.left();
+  switch (x.op()) {
+case BinaryOp::PLUS: os << "+"; break;
+case BinaryOp::MINUS: os << "-"; break;
+case BinaryOp::MUL: os << "*"; break;
+case BinaryOp::DIV: os << "/"; break;
+case BinaryOp::MOD: os << "%"; break;
+case BinaryOp::XOR: os << "^"; break;
+case BinaryOp::AND: os << "&"; break;
+case BinaryOp::OR: os << "|"; break;
+case BinaryOp::EQ: os << "=="; break;
+case BinaryOp::NE: os << "!="; break;
+case BinaryOp::LE: os << "<="; break;
+case BinaryOp::GE: os << ">=";

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-08 Thread Kostya Serebryany via Phabricator via cfe-commits 
kcc added a comment.

In https://reviews.llvm.org/D36324#835415, @morehouse wrote:

> In https://reviews.llvm.org/D36324#834660, @kcc wrote:
>
> > Why do we need LLVM_ENABLE_RTTI=ON here?
>
>
> Attempting to build without it yields all kinds of protobuf errors.  For 
> example:
>  F4944099: image.png 


This is very strange, I'd like to understand more about this LLVM_ENABLE_RTTI. 
ideally, we should avoid it.


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-08 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse updated this revision to Diff 110215.
morehouse added a comment.

- Formatting and code cleanup.


https://reviews.llvm.org/D36324

Files:
  clang/CMakeLists.txt
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/CMakeLists.txt
  clang/tools/clang-fuzzer/ClangFuzzer.cpp
  clang/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
  clang/tools/clang-fuzzer/cxx_proto.proto
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp

Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
@@ -0,0 +1,30 @@
+//==-- proto_to_cxx_main.cpp - Driver for protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements a simple driver to print a C++ program from a protobuf.
+//
+//===--===//
+#include 
+#include 
+#include 
+#include 
+
+#include "proto_to_cxx.h"
+
+int main(int argc, char **argv) {
+  for (int i = 1; i < argc; i++) {
+std::fstream in(argv[i]);
+std::string str((std::istreambuf_iterator(in)),
+std::istreambuf_iterator());
+std::cout << "// " << argv[i] << std::endl;
+std::cout << clang_fuzzer::ProtoToCxx(
+reinterpret_cast(str.data()), str.size());
+  }
+}
+
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
@@ -0,0 +1,22 @@
+//==-- proto_to_cxx.h - Protobuf-C++ conversion ==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Defines functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include 
+#include 
+#include 
+
+namespace clang_fuzzer {
+class Function;
+std::string FunctionToString(const Function );
+std::string ProtoToCxx(const uint8_t *data, size_t size);
+}
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
@@ -0,0 +1,102 @@
+//==-- proto_to_cxx.cpp - Protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include "proto_to_cxx.h"
+#include "cxx_proto.pb.h"
+
+#include 
+#include 
+
+namespace clang_fuzzer {
+
+// Forward decls.
+std::ostream <<(std::ostream , const BinaryOp );
+std::ostream <<(std::ostream , const StatementSeq );
+
+// Proto to C++.
+std::ostream <<(std::ostream , const Const ) {
+  return os << "(" << x.val() << ")";
+}
+std::ostream <<(std::ostream , const VarRef ) {
+  return os << "a[" << (static_cast(x.varnum()) % 100) << "]";
+}
+std::ostream <<(std::ostream , const Lvalue ) {
+  return os << x.varref();
+}
+std::ostream <<(std::ostream , const Rvalue ) {
+if (x.has_varref()) return os << x.varref();
+if (x.has_cons())   return os << x.cons();
+if (x.has_binop())  return os << x.binop();
+return os << "1";
+}
+std::ostream <<(std::ostream , const BinaryOp ) {
+  os << "(" << x.left();
+  switch (x.op()) {
+case BinaryOp::PLUS: os << "+"; break;
+case BinaryOp::MINUS: os << "-"; break;
+case BinaryOp::MUL: os << "*"; break;
+case BinaryOp::DIV: os << "/"; break;
+case BinaryOp::MOD: os << "%"; break;
+case BinaryOp::XOR: os << "^"; break;
+case BinaryOp::AND: os << "&"; break;
+case BinaryOp::OR: os << "|"; break;
+case BinaryOp::EQ: os << "=="; break;
+case BinaryOp::NE: os << "!="; break;
+case BinaryOp::LE: os << "<="; break;
+case BinaryOp::GE: os << ">="; break;
+case BinaryOp::LT:

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-08 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse added a comment.

In https://reviews.llvm.org/D36324#834660, @kcc wrote:

> Why do we need LLVM_ENABLE_RTTI=ON here?


Attempting to build without it yields all kinds of protobuf errors.  For 
example:
F4944099: image.png 


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-07 Thread Vitaly Buka via Phabricator via cfe-commits 
vitalybuka added inline comments.



Comment at: clang/tools/clang-fuzzer/cxx_proto.proto:17
+syntax = "proto2";
+//option cc_api_version = 2;
+

>> //option cc_api_version = 2;
Please remove



Comment at: clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt:7
+
+add_clang_library(clangProtoToCXX
+  proto_to_cxx.cpp

Formatting of this statement looks weird



Comment at: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp:46
+  switch (x.op()) {
+#define OP(a, b) case BinaryOp::a: os << b; break
+OP(PLUS, "+");

 OP looks to trivial to potentially get into conflicts with some 3rd party macro



Comment at: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp:50
+OP(MUL, "*");
+OP(DIV, "/");
+OP(MOD, "%");

```
switch (x.op()) {
BinaryOp::PLUS: os << "+"; break
BinaryOp::MINUS: os << "-"; break
BinaryOp::MUL: os << "*"; break
```

does not look bad to me



Comment at: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp:102
+  if (!message.ParseFromArray(data, size))
+//   if (!proto2::TextFormat::ParseBinaryMessage({data, data + size}, 
))
+return "#error invalid proto\n";

please remove commented code


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-07 Thread Kostya Serebryany via Phabricator via cfe-commits 
kcc added a comment.

Why do we need LLVM_ENABLE_RTTI=ON here?


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-07 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse updated this revision to Diff 110111.
morehouse added a comment.

- Build protobuf-mutator with same build type as current build.
- Remove unnecessary options from clang-proto-fuzzer.
- Expand macro.


https://reviews.llvm.org/D36324

Files:
  clang/CMakeLists.txt
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/CMakeLists.txt
  clang/tools/clang-fuzzer/ClangFuzzer.cpp
  clang/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
  clang/tools/clang-fuzzer/cxx_proto.proto
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp

Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
@@ -0,0 +1,30 @@
+//==-- proto_to_cxx_main.cpp - Driver for protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements a simple driver to print a C++ program from a protobuf.
+//
+//===--===//
+#include 
+#include 
+#include 
+#include 
+
+#include "proto_to_cxx.h"
+
+int main(int argc, char **argv) {
+  for (int i = 1; i < argc; i++) {
+std::fstream in(argv[i]);
+std::string str((std::istreambuf_iterator(in)),
+std::istreambuf_iterator());
+std::cout << "// " << argv[i] << std::endl;
+std::cout << clang_fuzzer::ProtoToCxx(
+reinterpret_cast(str.data()), str.size());
+  }
+}
+
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
@@ -0,0 +1,22 @@
+//==-- proto_to_cxx.h - Protobuf-C++ conversion ==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Defines functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include 
+#include 
+#include 
+
+namespace clang_fuzzer {
+class Function;
+std::string FunctionToString(const Function );
+std::string ProtoToCxx(const uint8_t *data, size_t size);
+}
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
@@ -0,0 +1,107 @@
+//==-- proto_to_cxx.cpp - Protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include "proto_to_cxx.h"
+#include "cxx_proto.pb.h"
+
+#include 
+#include 
+
+namespace clang_fuzzer {
+
+#define P(Type) std::ostream <<(std::ostream , const Type )
+// Forward decls.
+std::ostream <<(std::ostream , const BinaryOp );
+std::ostream <<(std::ostream , const StatementSeq );
+
+// Proto to C++.
+std::ostream <<(std::ostream , const Const ) {
+  return os << "(" << x.val() << ")";
+}
+std::ostream <<(std::ostream , const VarRef ) {
+  return os << "a[" << (static_cast(x.varnum()) % 100) << "]";
+}
+std::ostream <<(std::ostream , const Lvalue ) {
+  return os << x.varref();
+}
+std::ostream <<(std::ostream , const Rvalue ) {
+if (x.has_varref()) return os << x.varref();
+if (x.has_cons())   return os << x.cons();
+if (x.has_binop())  return os << x.binop();
+return os << "1";
+}
+std::ostream <<(std::ostream , const BinaryOp ) {
+  os << "(" << x.left();
+  switch (x.op()) {
+#define OP(a, b) case BinaryOp::a: os << b; break
+OP(PLUS, "+");
+OP(MINUS, "-");
+OP(MUL, "*");
+OP(DIV, "/");
+OP(MOD, "%");
+OP(XOR, "^");
+OP(AND, "&");
+OP(OR, "|");
+OP(EQ, "==");
+OP(NE, "!=");
+OP(LE, "<=");
+OP(GE, ">=");
+OP(LT, "<");
+OP(GT, ">");
+#undef OP
+default: assert(0);
+  }
+  return os <<

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-07 Thread Kostya Serebryany via Phabricator via cfe-commits 
kcc added a reviewer: bogner.
kcc added a comment.

+bogner@ FYI




Comment at: clang/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp:25
+
+static void MaybePrint(const std::string ) {
+  static const char *env = getenv("CXXFUZZ_PRINT");

this is debug code, not worth having here, plz remove



Comment at: clang/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp:34
+  MaybePrint(S);
+  HandleCXX(S, {"-O2", "-mllvm", "-scalar-evolution-max-arith-depth=4"});
+  if (getenv("CXX_FUZZ_MORE")) {

Remove "-mllvm", "-scalar-evolution-max-arith-depth=4".
It's there as a workaround for a performance bug 
(https://bugs.llvm.org/show_bug.cgi?id=33494) but it shouldn't be here. 



Comment at: clang/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp:35
+  HandleCXX(S, {"-O2", "-mllvm", "-scalar-evolution-max-arith-depth=4"});
+  if (getenv("CXX_FUZZ_MORE")) {
+HandleCXX(S, {"-O1", "-triple", "arm-apple-darwin10", "-mllvm",

Remove this section. 
In a later change, please allow to change the tripple (and any other flags) 
similar to https://reviews.llvm.org/D36275



Comment at: clang/tools/clang-fuzzer/cxx_proto.proto:16
+
+syntax = "proto2";
+//option cc_api_version = 2;

vitalybuka wrote:
> vitalybuka wrote:
> > I'd suggest proto3
> proto3 has no required, to avoid backward compatibility issues.
> Same is useful for us, we don't wont to discard corpus if we drop some field 
> in the future.
I'm afraid it's much more convenient to have 'required' here. 
How else could you express a binary op node? 



Comment at: clang/tools/clang-fuzzer/cxx_proto.proto:93
+}
+
+package clang_fuzzer;

vitalybuka wrote:
> morehouse wrote:
> > vitalybuka wrote:
> > > message CxxInput {
> > >   required Function f = 1;
> > >   required int/enum opt_level = 2;
> > >   required enum tripple = 3;
> > >   required scalar-evolution-max-arith-depth ...
> > > }
> > Interesting idea.  This would allow for protobuf-mutator to choose 
> > different option combinations, if I understand correctly.
> > 
> > Is that worth adding to this initial patch, though?
> yes, instead of CXX_FUZZ_MORE
For now, keep it as is, please (see my other comment about flags) 


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-04 Thread Vitaly Buka via Phabricator via cfe-commits 
vitalybuka added inline comments.



Comment at: clang/tools/clang-fuzzer/ClangFuzzer.cpp:20
 
 extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
   std::string s((const char *)data, size);

morehouse wrote:
> morehouse wrote:
> > vitalybuka wrote:
> > > Do we want replace this fuzzer? Why not just add another one?
> > The idea was to keep ClangFuzzer and add ClangProtoFuzzer alongside it.  
> > However, the two share a fair amount of code, which was factored out into 
> > HandleCXX.
> > It's ok to share code, but I don't see fuzzer with accept string as is.
> 
> That's exactly what this fuzzer is doing.
my mistake, I see now.



Comment at: clang/tools/clang-fuzzer/cxx_proto.proto:16
+
+syntax = "proto2";
+//option cc_api_version = 2;

vitalybuka wrote:
> I'd suggest proto3
proto3 has no required, to avoid backward compatibility issues.
Same is useful for us, we don't wont to discard corpus if we drop some field in 
the future.


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-04 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse added inline comments.



Comment at: clang/tools/clang-fuzzer/ClangFuzzer.cpp:20
 
 extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
   std::string s((const char *)data, size);

morehouse wrote:
> vitalybuka wrote:
> > Do we want replace this fuzzer? Why not just add another one?
> The idea was to keep ClangFuzzer and add ClangProtoFuzzer alongside it.  
> However, the two share a fair amount of code, which was factored out into 
> HandleCXX.
> It's ok to share code, but I don't see fuzzer with accept string as is.

That's exactly what this fuzzer is doing.


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-04 Thread Vitaly Buka via Phabricator via cfe-commits 
vitalybuka added inline comments.



Comment at: clang/tools/clang-fuzzer/CMakeLists.txt:12
+# Hack to bypass LLVM's cmake sources check and allow multiple libraries 
and
+# executables from this directory.
+set(LLVM_OPTIONAL_SOURCES

morehouse wrote:
> vitalybuka wrote:
> > You already download mutator, so maybe just DOWNLOAD_PROTOBUF and simplify 
> > this piece?
> That would be simpler if only protobuf-mutator needed protobuf.  But since we 
> need protobuf for some of the source files here, it would actually make this 
> CMakeLists.txt more complicated since it would have to fish for the paths 
> where protobuf mutator builds protobuf and then redefine variables.
It's ok to share code, but I don't see fuzzer with accept string as is.



Comment at: clang/tools/clang-fuzzer/cxx_proto.proto:16
+
+syntax = "proto2";
+//option cc_api_version = 2;

I'd suggest proto3



Comment at: clang/tools/clang-fuzzer/cxx_proto.proto:93
+}
+
+package clang_fuzzer;

morehouse wrote:
> vitalybuka wrote:
> > message CxxInput {
> >   required Function f = 1;
> >   required int/enum opt_level = 2;
> >   required enum tripple = 3;
> >   required scalar-evolution-max-arith-depth ...
> > }
> Interesting idea.  This would allow for protobuf-mutator to choose different 
> option combinations, if I understand correctly.
> 
> Is that worth adding to this initial patch, though?
yes, instead of CXX_FUZZ_MORE


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-04 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse added inline comments.



Comment at: clang/cmake/modules/ProtobufMutator.cmake:13
+-DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER}
+-DCMAKE_BUILD_TYPE=Debug
+  BUILD_COMMAND ${CMAKE_MAKE_PROGRAM}

vitalybuka wrote:
> Why this is debug?
> 
I was just using what the libprotobuf-mutator readme suggested.  But I can 
change it to use CMAKE_BUILD_TYPE instead.



Comment at: clang/tools/clang-fuzzer/CMakeLists.txt:12
+# Hack to bypass LLVM's cmake sources check and allow multiple libraries 
and
+# executables from this directory.
+set(LLVM_OPTIONAL_SOURCES

vitalybuka wrote:
> You already download mutator, so maybe just DOWNLOAD_PROTOBUF and simplify 
> this piece?
That would be simpler if only protobuf-mutator needed protobuf.  But since we 
need protobuf for some of the source files here, it would actually make this 
CMakeLists.txt more complicated since it would have to fish for the paths where 
protobuf mutator builds protobuf and then redefine variables.



Comment at: clang/tools/clang-fuzzer/ClangFuzzer.cpp:20
 
 extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
   std::string s((const char *)data, size);

vitalybuka wrote:
> Do we want replace this fuzzer? Why not just add another one?
The idea was to keep ClangFuzzer and add ClangProtoFuzzer alongside it.  
However, the two share a fair amount of code, which was factored out into 
HandleCXX.



Comment at: clang/tools/clang-fuzzer/cxx_proto.proto:93
+}
+
+package clang_fuzzer;

vitalybuka wrote:
> message CxxInput {
>   required Function f = 1;
>   required int/enum opt_level = 2;
>   required enum tripple = 3;
>   required scalar-evolution-max-arith-depth ...
> }
Interesting idea.  This would allow for protobuf-mutator to choose different 
option combinations, if I understand correctly.

Is that worth adding to this initial patch, though?


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-04 Thread Vitaly Buka via Phabricator via cfe-commits 
vitalybuka added inline comments.



Comment at: clang/cmake/modules/ProtobufMutator.cmake:13
+-DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER}
+-DCMAKE_BUILD_TYPE=Debug
+  BUILD_COMMAND ${CMAKE_MAKE_PROGRAM}

Why this is debug?




Comment at: clang/tools/clang-fuzzer/CMakeLists.txt:12
+# Hack to bypass LLVM's cmake sources check and allow multiple libraries 
and
+# executables from this directory.
+set(LLVM_OPTIONAL_SOURCES

You already download mutator, so maybe just DOWNLOAD_PROTOBUF and simplify this 
piece?



Comment at: clang/tools/clang-fuzzer/ClangFuzzer.cpp:20
 
 extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
   std::string s((const char *)data, size);

Do we want replace this fuzzer? Why not just add another one?



Comment at: clang/tools/clang-fuzzer/cxx_proto.proto:93
+}
+
+package clang_fuzzer;

message CxxInput {
  required Function f = 1;
  required int/enum opt_level = 2;
  required enum tripple = 3;
  required scalar-evolution-max-arith-depth ...
}



Comment at: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp:22
+
+#define P(Type) std::ostream <<(std::ostream , const Type )
+// Forward decls.

Not sure that macro here is justified
could you please replace with 
std::ostream <<(std::ostream , const BinaryOp& x) {

...


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-04 Thread Kostya Serebryany via Phabricator via cfe-commits 
kcc added a comment.

In https://reviews.llvm.org/D36324#832271, @thakis wrote:

> Why should this be part of llvm? This seems to come with very heavy 
> dependencies (protobuf), and LLVM has historically tried to minimize the 
> number of things it depends on.


This fuzzer has already uncovered a few llvm bugs, so I hope it can be useful 
directly. 
But more than that, I hope that a ready-to-use integration with structure-aware 
fuzzing will allow other researchers to experiment. 
Having it as a side patch (bit-rotten in a few weeks after creation) will 
discourage most of the potential researchers from experiments.

I agree we don't want to bring heavy deps to LLVM, but this patch (AFAICT) 
doesn't bring any new deps to the default build. (at least this is the intent)


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-04 Thread Nico Weber via Phabricator via cfe-commits 
thakis added a comment.

Why should this be part of llvm? This seems to come with very heavy 
dependencies (protobuf), and LLVM has historically tried to minimize the number 
of things it depends on.


https://reviews.llvm.org/D36324



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D36324: Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-04 Thread Matt Morehouse via Phabricator via cfe-commits 
morehouse created this revision.
Herald added a subscriber: mgorny.

The clang-proto-fuzzer models a subset of C++ as a protobuf and
uses libprotobuf-mutator to generate interesting mutations of C++
programs.  Clang-proto-fuzzer has already found several bugs in
Clang (e.g., https://bugs.llvm.org/show_bug.cgi?id=33747,
https://bugs.llvm.org/show_bug.cgi?id=33749).

As with clang-fuzzer, clang-proto-fuzzer requires the following
cmake flags:

- CMAKE_C_COMPILER=clang
- CMAKE_CXX_COMPILER=clang++
- LLVM_USE_SANITIZE_COVERAGE=YES  // needed for libFuzzer
- LLVM_USE_SANITIZER=Address  // needed for libFuzzer

In addition, clang-proto-fuzzer requires:

- LLVM_ENABLE_RTTI=ON   // needed for protobuf
- CLANG_ENABLE_PROTO_FUZZER=ON

clang-proto-fuzzer also requires the following dependencies:

- binutils  // needed for libprotobuf-mutator
- liblzma-dev  // needed for libprotobuf-mutator
- libz-dev  // needed for libprotobuf-mutator
- docbook2x  // needed for libprotobuf-mutator
- Recent version of protobuf [3.3.0 is known to work]

A working version of libprotobuf-mutator will automatically be
downloaded and built as an external project.

Implementation of clang-proto-fuzzer provided by Kostya
Serebryany.


https://reviews.llvm.org/D36324

Files:
  clang/CMakeLists.txt
  clang/cmake/modules/ProtobufMutator.cmake
  clang/tools/clang-fuzzer/CMakeLists.txt
  clang/tools/clang-fuzzer/ClangFuzzer.cpp
  clang/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
  clang/tools/clang-fuzzer/cxx_proto.proto
  clang/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
  clang/tools/clang-fuzzer/handle-cxx/handle_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
  clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp

Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
@@ -0,0 +1,30 @@
+//==-- proto_to_cxx_main.cpp - Driver for protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements a simple driver to print a C++ program from a protobuf.
+//
+//===--===//
+#include 
+#include 
+#include 
+#include 
+
+#include "proto_to_cxx.h"
+
+int main(int argc, char **argv) {
+  for (int i = 1; i < argc; i++) {
+std::fstream in(argv[i]);
+std::string str((std::istreambuf_iterator(in)),
+std::istreambuf_iterator());
+std::cout << "// " << argv[i] << std::endl;
+std::cout << clang_fuzzer::ProtoToCxx(
+reinterpret_cast(str.data()), str.size());
+  }
+}
+
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
@@ -0,0 +1,22 @@
+//==-- proto_to_cxx.h - Protobuf-C++ conversion ==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Defines functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include 
+#include 
+#include 
+
+namespace clang_fuzzer {
+class Function;
+std::string FunctionToString(const Function );
+std::string ProtoToCxx(const uint8_t *data, size_t size);
+}
Index: clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
===
--- /dev/null
+++ clang/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
@@ -0,0 +1,97 @@
+//==-- proto_to_cxx.cpp - Protobuf-C++ conversion --==//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+//
+// Implements functions for converting between protobufs and C++.
+//
+//===--===//
+
+#include "proto_to_cxx.h"
+#include "cxx_proto.pb.h"
+
+#include 
+#include 
+
+namespace clang_fuzzer {
+
+#define P(Type) std::ostream <<(std::ostream , const Type )
+// Forward decls.
+P(BinaryOp);
+P(StatementSeq);
+
+// Proto to C++.
+P(Const) { return os << "(" << x.val() << ")"; }