Page MenuHomePhabricator

[clang-fuzzer] Add new fuzzer target for Objective-C
ClosedPublic

Authored by dgoldman on Oct 18 2019, 8:14 AM.

Details

Summary
  • Similar to that of clang-fuzzer itself but instead only targets Objective-C source files via cc1
  • Also adds an example corpus directory containing some input for Objective-C

Diff Detail

Event Timeline

dgoldman created this revision.Oct 18 2019, 8:14 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 18 2019, 8:14 AM

Rather than adding a new fuzzer binary, can we make the language an option?
The whole implementation seems almost identical down to handleobjc/handlecxx...

Rather than adding a new fuzzer binary, can we make the language an option?
The whole implementation seems almost identical down to handleobjc/handlecxx...

It's similar at the moment (was initially going to add more flags), but I could swap it over to read an integer/Boolean to swap between the two languages. If we want to modify them in the future (which we might be interested in depending on how well this works) it probably makes sense to keep them separate though.

Not sure who is best to review, feel free to add someone else instead.

morehouse added inline comments.Oct 18 2019, 4:31 PM
tools/clang-fuzzer/ClangObjectiveCFuzzer.cpp
19 ↗(On Diff #225633)

Nit: Since it does nothing, let's omit the LLVMFuzzerInitialize definition.

22 ↗(On Diff #225633)

Nit: reinterpret_cast

tools/clang-fuzzer/handle-objc/handle_objc.cpp
50 ↗(On Diff #225633)

Since this is ~identical to handle_cxx, I'd like to reuse the implementation. Can we make a more generic function (e.g., handleLanguage(Language type, ...)) and use it for both?

dgoldman updated this revision to Diff 225898.Oct 21 2019, 9:00 AM
  • Refactor to use handle-cxx
dgoldman updated this revision to Diff 225899.Oct 21 2019, 9:08 AM
  • Swap to reinterpret_cast
dgoldman marked 4 inline comments as done.Oct 21 2019, 9:10 AM
dgoldman added inline comments.
tools/clang-fuzzer/handle-objc/handle_objc.cpp
50 ↗(On Diff #225633)

Done but left as handleCXX

This revision is now accepted and ready to land.Oct 21 2019, 10:27 AM
This revision was automatically updated to reflect the committed changes.
dgoldman marked an inline comment as done.

Looks reasonable to me. The duplication is unfortunate, but it is reasonable while we have two binaries.

However, you could explore reading the command line flags for HandleCXX in LLVMFuzzerInitialize from fuzzer's command line flags.

RKSimon added inline comments.
clang/tools/clang-fuzzer/ClangObjectiveCFuzzer.cpp
19

@dgoldman @morehouse Removing this has been causing link failures ever since it was committed on a number of targets including msvc (PR44414) and I've just noticed it on a linux release+asserts build. If it is superfluous why did you leave it in ClangFuzzer.cpp ?

morehouse added inline comments.Apr 13 2020, 8:33 AM
clang/tools/clang-fuzzer/ClangObjectiveCFuzzer.cpp
19

It is superfluous on Linux at least since libFuzzer defines its own weak definition. I'm not sure how it works for Windows.

I'm fine if you want to add it back in here.