Re: r310408 - Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-10 Thread Kostya Serebryany via cfe-commits
+klimek@ who contributed the first version of clang-fuzzer.
We now have clang-proto-fuzzer
(see tools/clang/tools/clang-fuzzer/README.txt)
which shares code with clang-fuzzer, but which also depends on various
packages (protobufs, in particular).
clang-proto-fuzzer is off by default (requires a cmake flag) so these extra
deps don't hurt anyone,
but Nico's concern is that this way we pollute the main repo with code that
requires extra deps.

We could probably move the code to another repo (clang-tools-extra?) but my
concerns are:

* this is extra work, I don't want to do it "just in case". Only if it's a
common agreement that the change will improve the overall state enough to
spend this time.

* we need to keep clang-fuzzer together with clang-proto-fuzzer, they are
too close to have them separately.
But this will make clang-fuzzer even less used.  (Admittedly, the bugs
found by clang-fuzzer are not being fixed anyway)

WDYT?

--kcc





On Thu, Aug 10, 2017 at 12:32 PM, Nico Weber  wrote:

> On Thu, Aug 10, 2017 at 3:13 PM, Kostya Serebryany  wrote:
>
>>
>>
>> On Thu, Aug 10, 2017 at 12:01 PM, Nico Weber  wrote:
>>
>>> On Thu, Aug 10, 2017 at 2:04 PM, Kostya Serebryany 
>>> wrote:
>>>


 On Thu, Aug 10, 2017 at 10:56 AM, Nico Weber via cfe-commits <
 cfe-commits@lists.llvm.org> wrote:

> I really believe this has way too many deps to live in the clang
> repro, as said on the review already.
>

 I don't have a very strong opinion here and would be happy to move if I
 see more support for Nico's opinion
 (I haven't seen it on the review, and you didn't object further, so we
 proceeded).
 Again, my rational is that the simpler it is to use the more likely
 other researchers will extend this work.

 BTW, I am going to commit a Dockerfile that will make experimenting
 with this trivial.
 My current (dirty) version looks like this. Not too much trouble.

 FROM ubuntu:16.04
 RUN apt-get update -y && apt-get install -y autoconf automake libtool
 curl make g++ unzip
 RUN apt-get install -y wget
 RUN apt-get install -y git binutils liblzma-dev libz-dev
 RUN apt-get install -y python-all
 RUN apt-get install -y cmake ninja-build
 RUN apt-get install -y subversion

 WORKDIR /root
 RUN wget -qO- https://github.com/google/prot
 obuf/releases/download/v3.3.0/protobuf-cpp-3.3.0.tar.gz | tar zxf -
 RUN cd protobuf-3.3.0 && ./autogen.sh && ./configure && make -j
 $(nproc) && make check -j $(nproc) && make install && ldconfig
 RUN apt-get install -y pkg-config
 RUN svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm
 RUN cd llvm/tools && svn co http://llvm.org/svn/llvm-project/cfe/trunk
 clang -r $(cd ../ && svn info | grep Revision | awk '{print $2}')
 RUN cd llvm/projects && svn co http://llvm.org/svn/llvm-proje
 ct/compiler-rt/trunk clang -r $(cd ../ && svn info | grep Revision |
 awk '{print $2}')
 RUN mkdir build0 && cd build0 && cmake -GNinja
 -DCMAKE_BUILD_TYPE=Release ../llvm && ninja
 RUN mkdir build1 && cd build1 && cmake -GNinja
 -DCMAKE_BUILD_TYPE=Release ../llvm -DLLVM_ENABLE_ASSERTIONS=ON
  -DCMAKE_C_COMPILER=`pwd`/../build0/bin/clang
 -DCMAKE_CXX_COMPILER=`pwd`/../build0/bin/clang++
 -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address
 -DCLANG_ENABLE_PROTO_FUZZER=ON
 RUN cd build1 && ninja clang-fuzzer
 RUN cd build1 && ninja clang-proto-fuzzer
 #RUN cd build1 && ninja clang-proto-to-cxx



> Maybe this could live in clang-extra instead?
>

 clang-extra?

>>>
>>> clang-tools-extra, sorry.
>>>
>>>
 That's a separate repo, right?

>>>
>>> Yes.
>>>
>>>
 It may require more cmake trickery, and we'll also have to share  the
 clang-fuzzer-specific code between two repos.

>>>
>>> We could move the whole thing. I'd imagine that at most 3% of people who
>>> use clang will use this fuzzer, so having it elsewhere seems reasonable.
>>> (I'd imagine many more people to use clang-tidy for example, and that's in
>>> the other repro.)
>>>
>>
>> The clang-tidy argument doesn't work for me.
>> clang-tidy is a separate tool.
>> clang*fuzzer are ways to test clang, and so they have more reasons to
>> stay closer to clang (for the same reason that the clang tests stay with
>> clang).
>>
>
> Then think of the "[cfe-dev] Proposal for an ABI testsuite for clang"
> thread instead, which was about testing clang. We ended up putting that
> into a completely separate repo.
>
>
>
>
>>
>> --kcc
>>
>>
>>> Also see the "Contributing Extensions to Clang" section on
>>> http://clang.llvm.org/get_involved.html
>>>
>>>
 I do want the original clang-fuzzer to remain where it was, and both
 (clang-fuzzer and clang-proto-fuzzer) share the code.




>
> On Aug 8, 2017 

Re: r310408 - Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-10 Thread Nico Weber via cfe-commits
On Thu, Aug 10, 2017 at 3:13 PM, Kostya Serebryany  wrote:

>
>
> On Thu, Aug 10, 2017 at 12:01 PM, Nico Weber  wrote:
>
>> On Thu, Aug 10, 2017 at 2:04 PM, Kostya Serebryany 
>> wrote:
>>
>>>
>>>
>>> On Thu, Aug 10, 2017 at 10:56 AM, Nico Weber via cfe-commits <
>>> cfe-commits@lists.llvm.org> wrote:
>>>
 I really believe this has way too many deps to live in the clang repro,
 as said on the review already.

>>>
>>> I don't have a very strong opinion here and would be happy to move if I
>>> see more support for Nico's opinion
>>> (I haven't seen it on the review, and you didn't object further, so we
>>> proceeded).
>>> Again, my rational is that the simpler it is to use the more likely
>>> other researchers will extend this work.
>>>
>>> BTW, I am going to commit a Dockerfile that will make experimenting with
>>> this trivial.
>>> My current (dirty) version looks like this. Not too much trouble.
>>>
>>> FROM ubuntu:16.04
>>> RUN apt-get update -y && apt-get install -y autoconf automake libtool
>>> curl make g++ unzip
>>> RUN apt-get install -y wget
>>> RUN apt-get install -y git binutils liblzma-dev libz-dev
>>> RUN apt-get install -y python-all
>>> RUN apt-get install -y cmake ninja-build
>>> RUN apt-get install -y subversion
>>>
>>> WORKDIR /root
>>> RUN wget -qO- https://github.com/google/prot
>>> obuf/releases/download/v3.3.0/protobuf-cpp-3.3.0.tar.gz | tar zxf -
>>> RUN cd protobuf-3.3.0 && ./autogen.sh && ./configure && make -j $(nproc)
>>> && make check -j $(nproc) && make install && ldconfig
>>> RUN apt-get install -y pkg-config
>>> RUN svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm
>>> RUN cd llvm/tools && svn co http://llvm.org/svn/llvm-project/cfe/trunk
>>> clang -r $(cd ../ && svn info | grep Revision | awk '{print $2}')
>>> RUN cd llvm/projects && svn co http://llvm.org/svn/llvm-proje
>>> ct/compiler-rt/trunk clang -r $(cd ../ && svn info | grep Revision |
>>> awk '{print $2}')
>>> RUN mkdir build0 && cd build0 && cmake -GNinja
>>> -DCMAKE_BUILD_TYPE=Release ../llvm && ninja
>>> RUN mkdir build1 && cd build1 && cmake -GNinja
>>> -DCMAKE_BUILD_TYPE=Release ../llvm -DLLVM_ENABLE_ASSERTIONS=ON
>>>  -DCMAKE_C_COMPILER=`pwd`/../build0/bin/clang
>>> -DCMAKE_CXX_COMPILER=`pwd`/../build0/bin/clang++
>>> -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address
>>> -DCLANG_ENABLE_PROTO_FUZZER=ON
>>> RUN cd build1 && ninja clang-fuzzer
>>> RUN cd build1 && ninja clang-proto-fuzzer
>>> #RUN cd build1 && ninja clang-proto-to-cxx
>>>
>>>
>>>
 Maybe this could live in clang-extra instead?

>>>
>>> clang-extra?
>>>
>>
>> clang-tools-extra, sorry.
>>
>>
>>> That's a separate repo, right?
>>>
>>
>> Yes.
>>
>>
>>> It may require more cmake trickery, and we'll also have to share  the
>>> clang-fuzzer-specific code between two repos.
>>>
>>
>> We could move the whole thing. I'd imagine that at most 3% of people who
>> use clang will use this fuzzer, so having it elsewhere seems reasonable.
>> (I'd imagine many more people to use clang-tidy for example, and that's in
>> the other repro.)
>>
>
> The clang-tidy argument doesn't work for me.
> clang-tidy is a separate tool.
> clang*fuzzer are ways to test clang, and so they have more reasons to stay
> closer to clang (for the same reason that the clang tests stay with clang).
>

Then think of the "[cfe-dev] Proposal for an ABI testsuite for clang"
thread instead, which was about testing clang. We ended up putting that
into a completely separate repo.




>
> --kcc
>
>
>> Also see the "Contributing Extensions to Clang" section on
>> http://clang.llvm.org/get_involved.html
>>
>>
>>> I do want the original clang-fuzzer to remain where it was, and both
>>> (clang-fuzzer and clang-proto-fuzzer) share the code.
>>>
>>>
>>>
>>>

 On Aug 8, 2017 4:15 PM, "Matt Morehouse via cfe-commits" <
 cfe-commits@lists.llvm.org> wrote:

> Author: morehouse
> Date: Tue Aug  8 13:15:04 2017
> New Revision: 310408
>
> URL: http://llvm.org/viewvc/llvm-project?rev=310408=rev
> Log:
> Integrate Kostya's clang-proto-fuzzer with LLVM.
>
> Summary:
> The clang-proto-fuzzer models a subset of C++ as a protobuf and
> uses libprotobuf-mutator to generate interesting mutations of C++
> programs.  Clang-proto-fuzzer has already found several bugs in
> Clang (e.g., https://bugs.llvm.org/show_bug.cgi?id=33747,
> https://bugs.llvm.org/show_bug.cgi?id=33749).
>
> As with clang-fuzzer, clang-proto-fuzzer requires the following
> cmake flags:
> - CMAKE_C_COMPILER=clang
> - CMAKE_CXX_COMPILER=clang++
> - LLVM_USE_SANITIZE_COVERAGE=YES  // needed for libFuzzer
> - LLVM_USE_SANITIZER=Address  // needed for libFuzzer
>
> In addition, clang-proto-fuzzer requires:
> - CLANG_ENABLE_PROTO_FUZZER=ON
>
> clang-proto-fuzzer also requires the following dependencies:
> - binutils  // needed for 

Re: r310408 - Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-10 Thread Kostya Serebryany via cfe-commits
On Thu, Aug 10, 2017 at 12:01 PM, Nico Weber  wrote:

> On Thu, Aug 10, 2017 at 2:04 PM, Kostya Serebryany  wrote:
>
>>
>>
>> On Thu, Aug 10, 2017 at 10:56 AM, Nico Weber via cfe-commits <
>> cfe-commits@lists.llvm.org> wrote:
>>
>>> I really believe this has way too many deps to live in the clang repro,
>>> as said on the review already.
>>>
>>
>> I don't have a very strong opinion here and would be happy to move if I
>> see more support for Nico's opinion
>> (I haven't seen it on the review, and you didn't object further, so we
>> proceeded).
>> Again, my rational is that the simpler it is to use the more likely other
>> researchers will extend this work.
>>
>> BTW, I am going to commit a Dockerfile that will make experimenting with
>> this trivial.
>> My current (dirty) version looks like this. Not too much trouble.
>>
>> FROM ubuntu:16.04
>> RUN apt-get update -y && apt-get install -y autoconf automake libtool
>> curl make g++ unzip
>> RUN apt-get install -y wget
>> RUN apt-get install -y git binutils liblzma-dev libz-dev
>> RUN apt-get install -y python-all
>> RUN apt-get install -y cmake ninja-build
>> RUN apt-get install -y subversion
>>
>> WORKDIR /root
>> RUN wget -qO- https://github.com/google/prot
>> obuf/releases/download/v3.3.0/protobuf-cpp-3.3.0.tar.gz | tar zxf -
>> RUN cd protobuf-3.3.0 && ./autogen.sh && ./configure && make -j $(nproc)
>> && make check -j $(nproc) && make install && ldconfig
>> RUN apt-get install -y pkg-config
>> RUN svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm
>> RUN cd llvm/tools && svn co http://llvm.org/svn/llvm-project/cfe/trunk
>> clang -r $(cd ../ && svn info | grep Revision | awk '{print $2}')
>> RUN cd llvm/projects && svn co http://llvm.org/svn/llvm-proje
>> ct/compiler-rt/trunk clang -r $(cd ../ && svn info | grep Revision | awk
>> '{print $2}')
>> RUN mkdir build0 && cd build0 && cmake -GNinja -DCMAKE_BUILD_TYPE=Release
>> ../llvm && ninja
>> RUN mkdir build1 && cd build1 && cmake -GNinja -DCMAKE_BUILD_TYPE=Release
>> ../llvm -DLLVM_ENABLE_ASSERTIONS=ON  
>> -DCMAKE_C_COMPILER=`pwd`/../build0/bin/clang
>> -DCMAKE_CXX_COMPILER=`pwd`/../build0/bin/clang++
>> -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address
>> -DCLANG_ENABLE_PROTO_FUZZER=ON
>> RUN cd build1 && ninja clang-fuzzer
>> RUN cd build1 && ninja clang-proto-fuzzer
>> #RUN cd build1 && ninja clang-proto-to-cxx
>>
>>
>>
>>> Maybe this could live in clang-extra instead?
>>>
>>
>> clang-extra?
>>
>
> clang-tools-extra, sorry.
>
>
>> That's a separate repo, right?
>>
>
> Yes.
>
>
>> It may require more cmake trickery, and we'll also have to share  the
>> clang-fuzzer-specific code between two repos.
>>
>
> We could move the whole thing. I'd imagine that at most 3% of people who
> use clang will use this fuzzer, so having it elsewhere seems reasonable.
> (I'd imagine many more people to use clang-tidy for example, and that's in
> the other repro.)
>

The clang-tidy argument doesn't work for me.
clang-tidy is a separate tool.
clang*fuzzer are ways to test clang, and so they have more reasons to stay
closer to clang (for the same reason that the clang tests stay with clang).

--kcc


> Also see the "Contributing Extensions to Clang" section on
> http://clang.llvm.org/get_involved.html
>
>
>> I do want the original clang-fuzzer to remain where it was, and both
>> (clang-fuzzer and clang-proto-fuzzer) share the code.
>>
>>
>>
>>
>>>
>>> On Aug 8, 2017 4:15 PM, "Matt Morehouse via cfe-commits" <
>>> cfe-commits@lists.llvm.org> wrote:
>>>
 Author: morehouse
 Date: Tue Aug  8 13:15:04 2017
 New Revision: 310408

 URL: http://llvm.org/viewvc/llvm-project?rev=310408=rev
 Log:
 Integrate Kostya's clang-proto-fuzzer with LLVM.

 Summary:
 The clang-proto-fuzzer models a subset of C++ as a protobuf and
 uses libprotobuf-mutator to generate interesting mutations of C++
 programs.  Clang-proto-fuzzer has already found several bugs in
 Clang (e.g., https://bugs.llvm.org/show_bug.cgi?id=33747,
 https://bugs.llvm.org/show_bug.cgi?id=33749).

 As with clang-fuzzer, clang-proto-fuzzer requires the following
 cmake flags:
 - CMAKE_C_COMPILER=clang
 - CMAKE_CXX_COMPILER=clang++
 - LLVM_USE_SANITIZE_COVERAGE=YES  // needed for libFuzzer
 - LLVM_USE_SANITIZER=Address  // needed for libFuzzer

 In addition, clang-proto-fuzzer requires:
 - CLANG_ENABLE_PROTO_FUZZER=ON

 clang-proto-fuzzer also requires the following dependencies:
 - binutils  // needed for libprotobuf-mutator
 - liblzma-dev  // needed for libprotobuf-mutator
 - libz-dev  // needed for libprotobuf-mutator
 - docbook2x  // needed for libprotobuf-mutator
 - Recent version of protobuf [3.3.0 is known to work]

 A working version of libprotobuf-mutator will automatically be
 downloaded and built as an external project.

 Implementation of clang-proto-fuzzer provided by 

Re: r310408 - Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-10 Thread Nico Weber via cfe-commits
On Thu, Aug 10, 2017 at 2:04 PM, Kostya Serebryany  wrote:

>
>
> On Thu, Aug 10, 2017 at 10:56 AM, Nico Weber via cfe-commits <
> cfe-commits@lists.llvm.org> wrote:
>
>> I really believe this has way too many deps to live in the clang repro,
>> as said on the review already.
>>
>
> I don't have a very strong opinion here and would be happy to move if I
> see more support for Nico's opinion
> (I haven't seen it on the review, and you didn't object further, so we
> proceeded).
> Again, my rational is that the simpler it is to use the more likely other
> researchers will extend this work.
>
> BTW, I am going to commit a Dockerfile that will make experimenting with
> this trivial.
> My current (dirty) version looks like this. Not too much trouble.
>
> FROM ubuntu:16.04
> RUN apt-get update -y && apt-get install -y autoconf automake libtool curl
> make g++ unzip
> RUN apt-get install -y wget
> RUN apt-get install -y git binutils liblzma-dev libz-dev
> RUN apt-get install -y python-all
> RUN apt-get install -y cmake ninja-build
> RUN apt-get install -y subversion
>
> WORKDIR /root
> RUN wget -qO- https://github.com/google/protobuf/releases/download/v3.
> 3.0/protobuf-cpp-3.3.0.tar.gz | tar zxf -
> RUN cd protobuf-3.3.0 && ./autogen.sh && ./configure && make -j $(nproc)
> && make check -j $(nproc) && make install && ldconfig
> RUN apt-get install -y pkg-config
> RUN svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm
> RUN cd llvm/tools && svn co http://llvm.org/svn/llvm-project/cfe/trunk
> clang -r $(cd ../ && svn info | grep Revision | awk '{print $2}')
> RUN cd llvm/projects && svn co http://llvm.org/svn/llvm-
> project/compiler-rt/trunk clang -r $(cd ../ && svn info | grep Revision |
> awk '{print $2}')
> RUN mkdir build0 && cd build0 && cmake -GNinja -DCMAKE_BUILD_TYPE=Release
> ../llvm && ninja
> RUN mkdir build1 && cd build1 && cmake -GNinja -DCMAKE_BUILD_TYPE=Release
> ../llvm -DLLVM_ENABLE_ASSERTIONS=ON  
> -DCMAKE_C_COMPILER=`pwd`/../build0/bin/clang
> -DCMAKE_CXX_COMPILER=`pwd`/../build0/bin/clang++
> -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address
> -DCLANG_ENABLE_PROTO_FUZZER=ON
> RUN cd build1 && ninja clang-fuzzer
> RUN cd build1 && ninja clang-proto-fuzzer
> #RUN cd build1 && ninja clang-proto-to-cxx
>
>
>
>> Maybe this could live in clang-extra instead?
>>
>
> clang-extra?
>

clang-tools-extra, sorry.


> That's a separate repo, right?
>

Yes.


> It may require more cmake trickery, and we'll also have to share  the
> clang-fuzzer-specific code between two repos.
>

We could move the whole thing. I'd imagine that at most 3% of people who
use clang will use this fuzzer, so having it elsewhere seems reasonable.
(I'd imagine many more people to use clang-tidy for example, and that's in
the other repro.) Also see the "Contributing Extensions to Clang" section
on http://clang.llvm.org/get_involved.html


> I do want the original clang-fuzzer to remain where it was, and both
> (clang-fuzzer and clang-proto-fuzzer) share the code.
>
>
>
>
>>
>> On Aug 8, 2017 4:15 PM, "Matt Morehouse via cfe-commits" <
>> cfe-commits@lists.llvm.org> wrote:
>>
>>> Author: morehouse
>>> Date: Tue Aug  8 13:15:04 2017
>>> New Revision: 310408
>>>
>>> URL: http://llvm.org/viewvc/llvm-project?rev=310408=rev
>>> Log:
>>> Integrate Kostya's clang-proto-fuzzer with LLVM.
>>>
>>> Summary:
>>> The clang-proto-fuzzer models a subset of C++ as a protobuf and
>>> uses libprotobuf-mutator to generate interesting mutations of C++
>>> programs.  Clang-proto-fuzzer has already found several bugs in
>>> Clang (e.g., https://bugs.llvm.org/show_bug.cgi?id=33747,
>>> https://bugs.llvm.org/show_bug.cgi?id=33749).
>>>
>>> As with clang-fuzzer, clang-proto-fuzzer requires the following
>>> cmake flags:
>>> - CMAKE_C_COMPILER=clang
>>> - CMAKE_CXX_COMPILER=clang++
>>> - LLVM_USE_SANITIZE_COVERAGE=YES  // needed for libFuzzer
>>> - LLVM_USE_SANITIZER=Address  // needed for libFuzzer
>>>
>>> In addition, clang-proto-fuzzer requires:
>>> - CLANG_ENABLE_PROTO_FUZZER=ON
>>>
>>> clang-proto-fuzzer also requires the following dependencies:
>>> - binutils  // needed for libprotobuf-mutator
>>> - liblzma-dev  // needed for libprotobuf-mutator
>>> - libz-dev  // needed for libprotobuf-mutator
>>> - docbook2x  // needed for libprotobuf-mutator
>>> - Recent version of protobuf [3.3.0 is known to work]
>>>
>>> A working version of libprotobuf-mutator will automatically be
>>> downloaded and built as an external project.
>>>
>>> Implementation of clang-proto-fuzzer provided by Kostya
>>> Serebryany.
>>>
>>> https://bugs.llvm.org/show_bug.cgi?id=33829
>>>
>>> Reviewers: kcc, vitalybuka, bogner
>>>
>>> Reviewed By: kcc, vitalybuka
>>>
>>> Subscribers: thakis, mgorny, cfe-commits
>>>
>>> Differential Revision: https://reviews.llvm.org/D36324
>>>
>>> Added:
>>> cfe/trunk/cmake/modules/ProtobufMutator.cmake
>>> cfe/trunk/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
>>> cfe/trunk/tools/clang-fuzzer/README.txt
>>>  

Re: r310408 - Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-10 Thread Kostya Serebryany via cfe-commits
On Thu, Aug 10, 2017 at 10:56 AM, Nico Weber via cfe-commits <
cfe-commits@lists.llvm.org> wrote:

> I really believe this has way too many deps to live in the clang repro, as
> said on the review already.
>

I don't have a very strong opinion here and would be happy to move if I see
more support for Nico's opinion
(I haven't seen it on the review, and you didn't object further, so we
proceeded).
Again, my rational is that the simpler it is to use the more likely other
researchers will extend this work.

BTW, I am going to commit a Dockerfile that will make experimenting with
this trivial.
My current (dirty) version looks like this. Not too much trouble.

FROM ubuntu:16.04
RUN apt-get update -y && apt-get install -y autoconf automake libtool curl
make g++ unzip
RUN apt-get install -y wget
RUN apt-get install -y git binutils liblzma-dev libz-dev
RUN apt-get install -y python-all
RUN apt-get install -y cmake ninja-build
RUN apt-get install -y subversion

WORKDIR /root
RUN wget -qO-
https://github.com/google/protobuf/releases/download/v3.3.0/protobuf-cpp-3.3.0.tar.gz
| tar zxf -
RUN cd protobuf-3.3.0 && ./autogen.sh && ./configure && make -j $(nproc) &&
make check -j $(nproc) && make install && ldconfig
RUN apt-get install -y pkg-config
RUN svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm
RUN cd llvm/tools && svn co http://llvm.org/svn/llvm-project/cfe/trunk
clang -r $(cd ../ && svn info | grep Revision | awk '{print $2}')
RUN cd llvm/projects && svn co
http://llvm.org/svn/llvm-project/compiler-rt/trunk clang -r $(cd ../ && svn
info | grep Revision | awk '{print $2}')
RUN mkdir build0 && cd build0 && cmake -GNinja -DCMAKE_BUILD_TYPE=Release
../llvm && ninja
RUN mkdir build1 && cd build1 && cmake -GNinja -DCMAKE_BUILD_TYPE=Release
../llvm -DLLVM_ENABLE_ASSERTIONS=ON
 -DCMAKE_C_COMPILER=`pwd`/../build0/bin/clang
-DCMAKE_CXX_COMPILER=`pwd`/../build0/bin/clang++
-DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address
-DCLANG_ENABLE_PROTO_FUZZER=ON
RUN cd build1 && ninja clang-fuzzer
RUN cd build1 && ninja clang-proto-fuzzer
#RUN cd build1 && ninja clang-proto-to-cxx



> Maybe this could live in clang-extra instead?
>

clang-extra?
That's a separate repo, right?
It may require more cmake trickery, and we'll also have to share  the
clang-fuzzer-specific code between two repos.
I do want the original clang-fuzzer to remain where it was, and both
(clang-fuzzer and clang-proto-fuzzer) share the code.




>
> On Aug 8, 2017 4:15 PM, "Matt Morehouse via cfe-commits" <
> cfe-commits@lists.llvm.org> wrote:
>
>> Author: morehouse
>> Date: Tue Aug  8 13:15:04 2017
>> New Revision: 310408
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=310408=rev
>> Log:
>> Integrate Kostya's clang-proto-fuzzer with LLVM.
>>
>> Summary:
>> The clang-proto-fuzzer models a subset of C++ as a protobuf and
>> uses libprotobuf-mutator to generate interesting mutations of C++
>> programs.  Clang-proto-fuzzer has already found several bugs in
>> Clang (e.g., https://bugs.llvm.org/show_bug.cgi?id=33747,
>> https://bugs.llvm.org/show_bug.cgi?id=33749).
>>
>> As with clang-fuzzer, clang-proto-fuzzer requires the following
>> cmake flags:
>> - CMAKE_C_COMPILER=clang
>> - CMAKE_CXX_COMPILER=clang++
>> - LLVM_USE_SANITIZE_COVERAGE=YES  // needed for libFuzzer
>> - LLVM_USE_SANITIZER=Address  // needed for libFuzzer
>>
>> In addition, clang-proto-fuzzer requires:
>> - CLANG_ENABLE_PROTO_FUZZER=ON
>>
>> clang-proto-fuzzer also requires the following dependencies:
>> - binutils  // needed for libprotobuf-mutator
>> - liblzma-dev  // needed for libprotobuf-mutator
>> - libz-dev  // needed for libprotobuf-mutator
>> - docbook2x  // needed for libprotobuf-mutator
>> - Recent version of protobuf [3.3.0 is known to work]
>>
>> A working version of libprotobuf-mutator will automatically be
>> downloaded and built as an external project.
>>
>> Implementation of clang-proto-fuzzer provided by Kostya
>> Serebryany.
>>
>> https://bugs.llvm.org/show_bug.cgi?id=33829
>>
>> Reviewers: kcc, vitalybuka, bogner
>>
>> Reviewed By: kcc, vitalybuka
>>
>> Subscribers: thakis, mgorny, cfe-commits
>>
>> Differential Revision: https://reviews.llvm.org/D36324
>>
>> Added:
>> cfe/trunk/cmake/modules/ProtobufMutator.cmake
>> cfe/trunk/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
>> cfe/trunk/tools/clang-fuzzer/README.txt
>> cfe/trunk/tools/clang-fuzzer/cxx_proto.proto
>> cfe/trunk/tools/clang-fuzzer/handle-cxx/
>> cfe/trunk/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
>> cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
>> cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.h
>> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/
>> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
>> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
>> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
>> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
>> Modified:
>> 

Re: r310408 - Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-10 Thread Matt Morehouse via cfe-commits
+ Kostya

The project isn't built by default, so the dependencies aren't needed
unless you build the fuzzer specifically.

On Thu, Aug 10, 2017 at 10:56 AM, Nico Weber  wrote:

> I really believe this has way too many deps to live in the clang repro, as
> said on the review already. Maybe this could live in clang-extra instead?
>
> On Aug 8, 2017 4:15 PM, "Matt Morehouse via cfe-commits" <
> cfe-commits@lists.llvm.org> wrote:
>
>> Author: morehouse
>> Date: Tue Aug  8 13:15:04 2017
>> New Revision: 310408
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=310408=rev
>> Log:
>> Integrate Kostya's clang-proto-fuzzer with LLVM.
>>
>> Summary:
>> The clang-proto-fuzzer models a subset of C++ as a protobuf and
>> uses libprotobuf-mutator to generate interesting mutations of C++
>> programs.  Clang-proto-fuzzer has already found several bugs in
>> Clang (e.g., https://bugs.llvm.org/show_bug.cgi?id=33747,
>> https://bugs.llvm.org/show_bug.cgi?id=33749).
>>
>> As with clang-fuzzer, clang-proto-fuzzer requires the following
>> cmake flags:
>> - CMAKE_C_COMPILER=clang
>> - CMAKE_CXX_COMPILER=clang++
>> - LLVM_USE_SANITIZE_COVERAGE=YES  // needed for libFuzzer
>> - LLVM_USE_SANITIZER=Address  // needed for libFuzzer
>>
>> In addition, clang-proto-fuzzer requires:
>> - CLANG_ENABLE_PROTO_FUZZER=ON
>>
>> clang-proto-fuzzer also requires the following dependencies:
>> - binutils  // needed for libprotobuf-mutator
>> - liblzma-dev  // needed for libprotobuf-mutator
>> - libz-dev  // needed for libprotobuf-mutator
>> - docbook2x  // needed for libprotobuf-mutator
>> - Recent version of protobuf [3.3.0 is known to work]
>>
>> A working version of libprotobuf-mutator will automatically be
>> downloaded and built as an external project.
>>
>> Implementation of clang-proto-fuzzer provided by Kostya
>> Serebryany.
>>
>> https://bugs.llvm.org/show_bug.cgi?id=33829
>>
>> Reviewers: kcc, vitalybuka, bogner
>>
>> Reviewed By: kcc, vitalybuka
>>
>> Subscribers: thakis, mgorny, cfe-commits
>>
>> Differential Revision: https://reviews.llvm.org/D36324
>>
>> Added:
>> cfe/trunk/cmake/modules/ProtobufMutator.cmake
>> cfe/trunk/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
>> cfe/trunk/tools/clang-fuzzer/README.txt
>> cfe/trunk/tools/clang-fuzzer/cxx_proto.proto
>> cfe/trunk/tools/clang-fuzzer/handle-cxx/
>> cfe/trunk/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
>> cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
>> cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.h
>> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/
>> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
>> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
>> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
>> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
>> Modified:
>> cfe/trunk/CMakeLists.txt
>> cfe/trunk/tools/clang-fuzzer/CMakeLists.txt
>> cfe/trunk/tools/clang-fuzzer/ClangFuzzer.cpp
>>
>> Modified: cfe/trunk/CMakeLists.txt
>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/CMakeLists.txt
>> ?rev=310408=310407=310408=diff
>> 
>> ==
>> --- cfe/trunk/CMakeLists.txt (original)
>> +++ cfe/trunk/CMakeLists.txt Tue Aug  8 13:15:04 2017
>> @@ -377,6 +377,8 @@ option(CLANG_ENABLE_STATIC_ANALYZER "Bui
>>  option(CLANG_ANALYZER_BUILD_Z3
>>"Build the static analyzer with the Z3 constraint manager." OFF)
>>
>> +option(CLANG_ENABLE_PROTO_FUZZER "Build Clang protobuf fuzzer." OFF)
>> +
>>  if(NOT CLANG_ENABLE_STATIC_ANALYZER AND (CLANG_ENABLE_ARCMT OR
>> CLANG_ANALYZER_BUILD_Z3))
>>message(FATAL_ERROR "Cannot disable static analyzer while enabling
>> ARCMT or Z3")
>>  endif()
>>
>> Added: cfe/trunk/cmake/modules/ProtobufMutator.cmake
>> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/cmake/modules/
>> ProtobufMutator.cmake?rev=310408=auto
>> 
>> ==
>> --- cfe/trunk/cmake/modules/ProtobufMutator.cmake (added)
>> +++ cfe/trunk/cmake/modules/ProtobufMutator.cmake Tue Aug  8 13:15:04
>> 2017
>> @@ -0,0 +1,24 @@
>> +set(PBM_PREFIX protobuf_mutator)
>> +set(PBM_PATH ${CMAKE_CURRENT_BINARY_DIR}/${
>> PBM_PREFIX}/src/${PBM_PREFIX})
>> +set(PBM_LIB_PATH ${PBM_PATH}/src/libprotobuf-mutator.a)
>> +set(PBM_FUZZ_LIB_PATH ${PBM_PATH}/src/libfuzzer/libp
>> rotobuf-mutator-libfuzzer.a)
>> +
>> +ExternalProject_Add(${PBM_PREFIX}
>> +  PREFIX ${PBM_PREFIX}
>> +  GIT_REPOSITORY https://github.com/google/libprotobuf-mutator.git
>> +  GIT_TAG 34287f8
>> +  CONFIGURE_COMMAND ${CMAKE_COMMAND} -G${CMAKE_GENERATOR}
>> +-DCMAKE_C_COMPILER=${CMAKE_C_COMPILER}
>> +-DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER}
>> +-DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
>> +  BUILD_COMMAND ${CMAKE_MAKE_PROGRAM}
>> +  BUILD_BYPRODUCTS ${PBM_LIB_PATH} ${PBM_FUZZ_LIB_PATH}
>> +  BUILD_IN_SOURCE 1
>> +  INSTALL_COMMAND ""
>> +  

Re: r310408 - Integrate Kostya's clang-proto-fuzzer with LLVM.

2017-08-10 Thread Nico Weber via cfe-commits
I really believe this has way too many deps to live in the clang repro, as
said on the review already. Maybe this could live in clang-extra instead?

On Aug 8, 2017 4:15 PM, "Matt Morehouse via cfe-commits" <
cfe-commits@lists.llvm.org> wrote:

> Author: morehouse
> Date: Tue Aug  8 13:15:04 2017
> New Revision: 310408
>
> URL: http://llvm.org/viewvc/llvm-project?rev=310408=rev
> Log:
> Integrate Kostya's clang-proto-fuzzer with LLVM.
>
> Summary:
> The clang-proto-fuzzer models a subset of C++ as a protobuf and
> uses libprotobuf-mutator to generate interesting mutations of C++
> programs.  Clang-proto-fuzzer has already found several bugs in
> Clang (e.g., https://bugs.llvm.org/show_bug.cgi?id=33747,
> https://bugs.llvm.org/show_bug.cgi?id=33749).
>
> As with clang-fuzzer, clang-proto-fuzzer requires the following
> cmake flags:
> - CMAKE_C_COMPILER=clang
> - CMAKE_CXX_COMPILER=clang++
> - LLVM_USE_SANITIZE_COVERAGE=YES  // needed for libFuzzer
> - LLVM_USE_SANITIZER=Address  // needed for libFuzzer
>
> In addition, clang-proto-fuzzer requires:
> - CLANG_ENABLE_PROTO_FUZZER=ON
>
> clang-proto-fuzzer also requires the following dependencies:
> - binutils  // needed for libprotobuf-mutator
> - liblzma-dev  // needed for libprotobuf-mutator
> - libz-dev  // needed for libprotobuf-mutator
> - docbook2x  // needed for libprotobuf-mutator
> - Recent version of protobuf [3.3.0 is known to work]
>
> A working version of libprotobuf-mutator will automatically be
> downloaded and built as an external project.
>
> Implementation of clang-proto-fuzzer provided by Kostya
> Serebryany.
>
> https://bugs.llvm.org/show_bug.cgi?id=33829
>
> Reviewers: kcc, vitalybuka, bogner
>
> Reviewed By: kcc, vitalybuka
>
> Subscribers: thakis, mgorny, cfe-commits
>
> Differential Revision: https://reviews.llvm.org/D36324
>
> Added:
> cfe/trunk/cmake/modules/ProtobufMutator.cmake
> cfe/trunk/tools/clang-fuzzer/ExampleClangProtoFuzzer.cpp
> cfe/trunk/tools/clang-fuzzer/README.txt
> cfe/trunk/tools/clang-fuzzer/cxx_proto.proto
> cfe/trunk/tools/clang-fuzzer/handle-cxx/
> cfe/trunk/tools/clang-fuzzer/handle-cxx/CMakeLists.txt
> cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.cpp
> cfe/trunk/tools/clang-fuzzer/handle-cxx/handle_cxx.h
> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/
> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/CMakeLists.txt
> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.cpp
> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx.h
> cfe/trunk/tools/clang-fuzzer/proto-to-cxx/proto_to_cxx_main.cpp
> Modified:
> cfe/trunk/CMakeLists.txt
> cfe/trunk/tools/clang-fuzzer/CMakeLists.txt
> cfe/trunk/tools/clang-fuzzer/ClangFuzzer.cpp
>
> Modified: cfe/trunk/CMakeLists.txt
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/CMakeLists.
> txt?rev=310408=310407=310408=diff
> 
> ==
> --- cfe/trunk/CMakeLists.txt (original)
> +++ cfe/trunk/CMakeLists.txt Tue Aug  8 13:15:04 2017
> @@ -377,6 +377,8 @@ option(CLANG_ENABLE_STATIC_ANALYZER "Bui
>  option(CLANG_ANALYZER_BUILD_Z3
>"Build the static analyzer with the Z3 constraint manager." OFF)
>
> +option(CLANG_ENABLE_PROTO_FUZZER "Build Clang protobuf fuzzer." OFF)
> +
>  if(NOT CLANG_ENABLE_STATIC_ANALYZER AND (CLANG_ENABLE_ARCMT OR
> CLANG_ANALYZER_BUILD_Z3))
>message(FATAL_ERROR "Cannot disable static analyzer while enabling
> ARCMT or Z3")
>  endif()
>
> Added: cfe/trunk/cmake/modules/ProtobufMutator.cmake
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/cmake/
> modules/ProtobufMutator.cmake?rev=310408=auto
> 
> ==
> --- cfe/trunk/cmake/modules/ProtobufMutator.cmake (added)
> +++ cfe/trunk/cmake/modules/ProtobufMutator.cmake Tue Aug  8 13:15:04 2017
> @@ -0,0 +1,24 @@
> +set(PBM_PREFIX protobuf_mutator)
> +set(PBM_PATH ${CMAKE_CURRENT_BINARY_DIR}/${PBM_PREFIX}/src/${PBM_PREFIX})
> +set(PBM_LIB_PATH ${PBM_PATH}/src/libprotobuf-mutator.a)
> +set(PBM_FUZZ_LIB_PATH ${PBM_PATH}/src/libfuzzer/
> libprotobuf-mutator-libfuzzer.a)
> +
> +ExternalProject_Add(${PBM_PREFIX}
> +  PREFIX ${PBM_PREFIX}
> +  GIT_REPOSITORY https://github.com/google/libprotobuf-mutator.git
> +  GIT_TAG 34287f8
> +  CONFIGURE_COMMAND ${CMAKE_COMMAND} -G${CMAKE_GENERATOR}
> +-DCMAKE_C_COMPILER=${CMAKE_C_COMPILER}
> +-DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER}
> +-DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
> +  BUILD_COMMAND ${CMAKE_MAKE_PROGRAM}
> +  BUILD_BYPRODUCTS ${PBM_LIB_PATH} ${PBM_FUZZ_LIB_PATH}
> +  BUILD_IN_SOURCE 1
> +  INSTALL_COMMAND ""
> +  LOG_DOWNLOAD 1
> +  LOG_CONFIGURE 1
> +  LOG_BUILD 1
> +  )
> +
> +set(ProtobufMutator_INCLUDE_DIRS ${PBM_PATH})
> +set(ProtobufMutator_LIBRARIES ${PBM_FUZZ_LIB_PATH} ${PBM_LIB_PATH})
>
> Modified: cfe/trunk/tools/clang-fuzzer/CMakeLists.txt
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-
>