HomePhabricator

Integrate Kostya's clang-proto-fuzzer with LLVM.

Description

Integrate Kostya's clang-proto-fuzzer with LLVM.

Summary:
The clang-proto-fuzzer models a subset of C++ as a protobuf and
uses libprotobuf-mutator to generate interesting mutations of C++
programs. Clang-proto-fuzzer has already found several bugs in
Clang (e.g., https://bugs.llvm.org/show_bug.cgi?id=33747,
https://bugs.llvm.org/show_bug.cgi?id=33749).

As with clang-fuzzer, clang-proto-fuzzer requires the following
cmake flags:

  • CMAKE_C_COMPILER=clang
  • CMAKE_CXX_COMPILER=clang++
  • LLVM_USE_SANITIZE_COVERAGE=YES // needed for libFuzzer
  • LLVM_USE_SANITIZER=Address // needed for libFuzzer

In addition, clang-proto-fuzzer requires:

  • CLANG_ENABLE_PROTO_FUZZER=ON

clang-proto-fuzzer also requires the following dependencies:

  • binutils // needed for libprotobuf-mutator
  • liblzma-dev // needed for libprotobuf-mutator
  • libz-dev // needed for libprotobuf-mutator
  • docbook2x // needed for libprotobuf-mutator
  • Recent version of protobuf [3.3.0 is known to work]

A working version of libprotobuf-mutator will automatically be
downloaded and built as an external project.

Implementation of clang-proto-fuzzer provided by Kostya
Serebryany.

https://bugs.llvm.org/show_bug.cgi?id=33829

Reviewers: kcc, vitalybuka, bogner

Reviewed By: kcc, vitalybuka

Subscribers: thakis, mgorny, cfe-commits

Differential Revision: https://reviews.llvm.org/D36324

Details