This commit adds a new page to the LLDB HTML documentation for the LLDB fuzzers. The page primarily explains what the fuzzers are as well as how to build them, run them and investigate and reproduce bugs.
Details
Diff Detail
Event Timeline
Left few comments :)
lldb/docs/resources/fuzzing.rst | ||
---|---|---|
13 | missing word ? | |
29–34 | Don't we have a top-level ninja lldb-fuzzer command that runs all the fuzzer ? If not, what about adding that ? | |
38 | Is it an issue to have this enabled for the other fuzzers ? If not, may be you should just add it to the general cmake invocation |
lldb/docs/resources/fuzzing.rst | ||
---|---|---|
15–27 | I would simplify this a bit and say that in addition to your regular CMake arguments, you have to pass -DLLVM_USE_SANITIZER='Address' -DLLVM_USE_SANITIZE_COVERAGE=On. I think the libfuzzer documentation says something similar so in addition to listing that explicitly here, we should also include a link to that (in case that ever changes in the future). | |
43 | I think this could be its own section that talks about where the fuzzers are (will be) running. | |
45 | ||
48–50 | I would say "from the build directory" and use relative paths here. | |
70–73 | This is specific to LLDB's target fuzzer and not something I think folks should rely on. libfuzzer makes it really easy to reproduce bugs (as you explain below) so we should encourage everyone to use that. |
lldb/docs/resources/fuzzing.rst | ||
---|---|---|
29–34 | Building all the fuzzers (lldb-fuzzer(s)) or running all the fuzzers (fuzz-lldb)? Personally +1 having a target that builds all the fuzzers. I'm not sure if I would ever want to run all the fuzzers in parallel, but I'm also not opposed to the idea as it would be similar to what check-lldb does. |
lldb/docs/resources/fuzzing.rst | ||
---|---|---|
29–34 | Yeah, I meant for building the fuzzers (I haven't commented below on the running the fuzzer in parallel for that reason) |
lldb/docs/resources/fuzzing.rst | ||
---|---|---|
13 | Yep :) | |
15–27 | That's a good idea. I didn't mention this explicitly here but I put the entire CMake invocation because I assumed that someone who wanted to try this would be making a new, not-in-source-tree build directory. | |
38 | Having this enabled doesn't cause problems for the other fuzzers. I had this on its own in case there were people that didn't want to use all of the fuzzers and therefore wouldn't need this option enabled all the time. I can place this in the line that would say "In addition to your regular CMake arguments...". Also having a target that builds all fuzzers is a good idea. | |
43 | I can add a "Continuous Integration" section for OSS Fuzz | |
48–50 | Sounds good, what's funny is that I originally had the relative directories and then I removed them to try and be more general :) | |
70–73 | That makes sense, I used the target fuzzer as an example for using fuzzer inputs with LLDB itself but for reproducing it's better to use libFuzzer. |
Removed the full CMake invocation for the fuzzer build configuration.
Added the information on OSS Fuzz to its own section.
Changed build directory in fuzzer execution command to use a relative path.
Removed reference to using LLDB with fuzzer inputs.
Fixed typos.
LGTM modulo inline comment.
lldb/docs/resources/fuzzing.rst | ||
---|---|---|
15–17 | Remove the $ because these are not shell commands. |
missing word ?