head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC4:1.1.1.2 netbsd-11-0-RC3:1.1.1.2 netbsd-11-0-RC2:1.1.1.2 netbsd-11-0-RC1:1.1.1.2 perseant-exfatfs-base-20250801:1.1.1.2 netbsd-11:1.1.1.2.0.10 netbsd-11-base:1.1.1.2 netbsd-10-1-RELEASE:1.1.1.2 perseant-exfatfs-base-20240630:1.1.1.2 perseant-exfatfs:1.1.1.2.0.8 perseant-exfatfs-base:1.1.1.2 netbsd-9-4-RELEASE:1.1.1.1 netbsd-10-0-RELEASE:1.1.1.2 netbsd-10-0-RC6:1.1.1.2 netbsd-10-0-RC5:1.1.1.2 netbsd-10-0-RC4:1.1.1.2 netbsd-10-0-RC3:1.1.1.2 netbsd-10-0-RC2:1.1.1.2 netbsd-10-0-RC1:1.1.1.2 netbsd-10:1.1.1.2.0.6 netbsd-10-base:1.1.1.2 netbsd-9-3-RELEASE:1.1.1.1 cjep_sun2x:1.1.1.2.0.4 cjep_sun2x-base:1.1.1.2 cjep_staticlib_x-base1:1.1.1.2 netbsd-9-2-RELEASE:1.1.1.1 cjep_staticlib_x:1.1.1.2.0.2 cjep_staticlib_x-base:1.1.1.2 netbsd-9-1-RELEASE:1.1.1.1 phil-wifi-20200421:1.1.1.2 phil-wifi-20200411:1.1.1.2 phil-wifi-20200406:1.1.1.2 netbsd-9-0-RELEASE:1.1.1.1 netbsd-9-0-RC2:1.1.1.1 netbsd-9-0-RC1:1.1.1.1 netbsd-9:1.1.1.1.0.6 netbsd-9-base:1.1.1.1 phil-wifi:1.1.1.1.0.4 phil-wifi-20190609:1.1.1.1 pgoyette-compat-merge-20190127:1.1.1.1.2.2 pgoyette-compat-20190127:1.1.1.1 pgoyette-compat-20190118:1.1.1.1 pgoyette-compat-1226:1.1.1.1 pgoyette-compat-1126:1.1.1.1 pgoyette-compat-1020:1.1.1.1 pgoyette-compat-0930:1.1.1.1 pgoyette-compat-0906:1.1.1.1 pgoyette-compat:1.1.1.1.0.2 pgoyette-compat-0728:1.1.1.1 clang-337282:1.1.1.1 LLVM:1.1.1; locks; strict; comment @# @; 1.1 date 2018.07.17.18.32.07; author joerg; state Exp; branches 1.1.1.1; next ; commitid wDzL46ALjrCZgwKA; 1.1.1.1 date 2018.07.17.18.32.07; author joerg; state Exp; branches 1.1.1.1.2.1 1.1.1.1.4.1; next 1.1.1.2; commitid wDzL46ALjrCZgwKA; 1.1.1.2 date 2019.11.13.22.23.04; author joerg; state dead; branches; next ; commitid QD8YATxuNG34YJKB; 1.1.1.1.2.1 date 2018.07.17.18.32.07; author pgoyette; state dead; branches; next 1.1.1.1.2.2; commitid 1UP1xAIUxv1ZgRLA; 1.1.1.1.2.2 date 2018.07.28.04.34.15; author pgoyette; state Exp; branches; next ; commitid 1UP1xAIUxv1ZgRLA; 1.1.1.1.4.1 date 2018.07.17.18.32.07; author christos; state dead; branches; next 1.1.1.1.4.2; commitid jtc8rnCzWiEEHGqB; 1.1.1.1.4.2 date 2019.06.10.21.46.41; author christos; state Exp; branches; next 1.1.1.1.4.3; commitid jtc8rnCzWiEEHGqB; 1.1.1.1.4.3 date 2020.04.13.07.50.32; author martin; state dead; branches; next ; commitid X01YhRUPVUDaec4C; desc @@ 1.1 log @Initial revision @ text @This directory contains two utilities for fuzzing Clang: clang-fuzzer and clang-proto-fuzzer. Both use libFuzzer to generate inputs to clang via coverage-guided mutation. The two utilities differ, however, in how they structure inputs to Clang. clang-fuzzer makes no attempt to generate valid C++ programs and is therefore primarily useful for stressing the surface layers of Clang (i.e. lexer, parser). clang-proto-fuzzer uses a protobuf class to describe a subset of the C++ language and then uses libprotobuf-mutator to mutate instantiations of that class, producing valid C++ programs in the process. As a result, clang-proto-fuzzer is better at stressing deeper layers of Clang and LLVM. =================================== Building clang-fuzzer =================================== Within your LLVM build directory, run CMake with the following variable definitions: - CMAKE_C_COMPILER=clang - CMAKE_CXX_COMPILER=clang++ - LLVM_USE_SANITIZE_COVERAGE=YES - LLVM_USE_SANITIZER=Address Then build the clang-fuzzer target. Example: cd $LLVM_SOURCE_DIR mkdir build && cd build cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \ -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address ninja clang-fuzzer ====================== Running clang-fuzzer ====================== bin/clang-fuzzer CORPUS_DIR ======================================================= Building clang-proto-fuzzer (Linux-only instructions) ======================================================= Install the necessary dependencies: - binutils // needed for libprotobuf-mutator - liblzma-dev // needed for libprotobuf-mutator - libz-dev // needed for libprotobuf-mutator - docbook2x // needed for libprotobuf-mutator - Recent version of protobuf [3.3.0 is known to work] Within your LLVM build directory, run CMake with the following variable definitions: - CMAKE_C_COMPILER=clang - CMAKE_CXX_COMPILER=clang++ - LLVM_USE_SANITIZE_COVERAGE=YES - LLVM_USE_SANITIZER=Address - CLANG_ENABLE_PROTO_FUZZER=ON Then build the clang-proto-fuzzer and clang-proto-to-cxx targets. Optionally, you may also build clang-fuzzer with this setup. Example: cd $LLVM_SOURCE_DIR mkdir build && cd build cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \ -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address \ -DCLANG_ENABLE_PROTO_FUZZER=ON ninja clang-proto-fuzzer clang-proto-to-cxx This directory also contains a Dockerfile which sets up all required dependencies and builds the fuzzers. ============================ Running clang-proto-fuzzer ============================ bin/clang-proto-fuzzer CORPUS_DIR Arguments can be specified after -ignore_remaining_args=1 to modify the compiler invocation. For example, the following command line will fuzz LLVM with a custom optimization level and target triple: bin/clang-proto-fuzzer CORPUS_DIR -ignore_remaining_args=1 -O3 -triple \ arm64apple-ios9 To translate a clang-proto-fuzzer corpus output to C++: bin/clang-proto-to-cxx CORPUS_OUTPUT_FILE @ 1.1.1.1 log @Import clang r337282 from trunk @ text @@ 1.1.1.2 log @Mark old LLVM instance as dead. @ text @@ 1.1.1.1.4.1 log @file README.txt was added on branch phil-wifi on 2019-06-10 21:46:41 +0000 @ text @d1 82 @ 1.1.1.1.4.2 log @Sync with HEAD @ text @a0 82 This directory contains two utilities for fuzzing Clang: clang-fuzzer and clang-proto-fuzzer. Both use libFuzzer to generate inputs to clang via coverage-guided mutation. The two utilities differ, however, in how they structure inputs to Clang. clang-fuzzer makes no attempt to generate valid C++ programs and is therefore primarily useful for stressing the surface layers of Clang (i.e. lexer, parser). clang-proto-fuzzer uses a protobuf class to describe a subset of the C++ language and then uses libprotobuf-mutator to mutate instantiations of that class, producing valid C++ programs in the process. As a result, clang-proto-fuzzer is better at stressing deeper layers of Clang and LLVM. =================================== Building clang-fuzzer =================================== Within your LLVM build directory, run CMake with the following variable definitions: - CMAKE_C_COMPILER=clang - CMAKE_CXX_COMPILER=clang++ - LLVM_USE_SANITIZE_COVERAGE=YES - LLVM_USE_SANITIZER=Address Then build the clang-fuzzer target. Example: cd $LLVM_SOURCE_DIR mkdir build && cd build cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \ -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address ninja clang-fuzzer ====================== Running clang-fuzzer ====================== bin/clang-fuzzer CORPUS_DIR ======================================================= Building clang-proto-fuzzer (Linux-only instructions) ======================================================= Install the necessary dependencies: - binutils // needed for libprotobuf-mutator - liblzma-dev // needed for libprotobuf-mutator - libz-dev // needed for libprotobuf-mutator - docbook2x // needed for libprotobuf-mutator - Recent version of protobuf [3.3.0 is known to work] Within your LLVM build directory, run CMake with the following variable definitions: - CMAKE_C_COMPILER=clang - CMAKE_CXX_COMPILER=clang++ - LLVM_USE_SANITIZE_COVERAGE=YES - LLVM_USE_SANITIZER=Address - CLANG_ENABLE_PROTO_FUZZER=ON Then build the clang-proto-fuzzer and clang-proto-to-cxx targets. Optionally, you may also build clang-fuzzer with this setup. Example: cd $LLVM_SOURCE_DIR mkdir build && cd build cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \ -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address \ -DCLANG_ENABLE_PROTO_FUZZER=ON ninja clang-proto-fuzzer clang-proto-to-cxx This directory also contains a Dockerfile which sets up all required dependencies and builds the fuzzers. ============================ Running clang-proto-fuzzer ============================ bin/clang-proto-fuzzer CORPUS_DIR Arguments can be specified after -ignore_remaining_args=1 to modify the compiler invocation. For example, the following command line will fuzz LLVM with a custom optimization level and target triple: bin/clang-proto-fuzzer CORPUS_DIR -ignore_remaining_args=1 -O3 -triple \ arm64apple-ios9 To translate a clang-proto-fuzzer corpus output to C++: bin/clang-proto-to-cxx CORPUS_OUTPUT_FILE @ 1.1.1.1.4.3 log @Mostly merge changes from HEAD upto 20200411 @ text @@ 1.1.1.1.2.1 log @file README.txt was added on branch pgoyette-compat on 2018-07-28 04:34:15 +0000 @ text @d1 82 @ 1.1.1.1.2.2 log @Sync with HEAD @ text @a0 82 This directory contains two utilities for fuzzing Clang: clang-fuzzer and clang-proto-fuzzer. Both use libFuzzer to generate inputs to clang via coverage-guided mutation. The two utilities differ, however, in how they structure inputs to Clang. clang-fuzzer makes no attempt to generate valid C++ programs and is therefore primarily useful for stressing the surface layers of Clang (i.e. lexer, parser). clang-proto-fuzzer uses a protobuf class to describe a subset of the C++ language and then uses libprotobuf-mutator to mutate instantiations of that class, producing valid C++ programs in the process. As a result, clang-proto-fuzzer is better at stressing deeper layers of Clang and LLVM. =================================== Building clang-fuzzer =================================== Within your LLVM build directory, run CMake with the following variable definitions: - CMAKE_C_COMPILER=clang - CMAKE_CXX_COMPILER=clang++ - LLVM_USE_SANITIZE_COVERAGE=YES - LLVM_USE_SANITIZER=Address Then build the clang-fuzzer target. Example: cd $LLVM_SOURCE_DIR mkdir build && cd build cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \ -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address ninja clang-fuzzer ====================== Running clang-fuzzer ====================== bin/clang-fuzzer CORPUS_DIR ======================================================= Building clang-proto-fuzzer (Linux-only instructions) ======================================================= Install the necessary dependencies: - binutils // needed for libprotobuf-mutator - liblzma-dev // needed for libprotobuf-mutator - libz-dev // needed for libprotobuf-mutator - docbook2x // needed for libprotobuf-mutator - Recent version of protobuf [3.3.0 is known to work] Within your LLVM build directory, run CMake with the following variable definitions: - CMAKE_C_COMPILER=clang - CMAKE_CXX_COMPILER=clang++ - LLVM_USE_SANITIZE_COVERAGE=YES - LLVM_USE_SANITIZER=Address - CLANG_ENABLE_PROTO_FUZZER=ON Then build the clang-proto-fuzzer and clang-proto-to-cxx targets. Optionally, you may also build clang-fuzzer with this setup. Example: cd $LLVM_SOURCE_DIR mkdir build && cd build cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \ -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address \ -DCLANG_ENABLE_PROTO_FUZZER=ON ninja clang-proto-fuzzer clang-proto-to-cxx This directory also contains a Dockerfile which sets up all required dependencies and builds the fuzzers. ============================ Running clang-proto-fuzzer ============================ bin/clang-proto-fuzzer CORPUS_DIR Arguments can be specified after -ignore_remaining_args=1 to modify the compiler invocation. For example, the following command line will fuzz LLVM with a custom optimization level and target triple: bin/clang-proto-fuzzer CORPUS_DIR -ignore_remaining_args=1 -O3 -triple \ arm64apple-ios9 To translate a clang-proto-fuzzer corpus output to C++: bin/clang-proto-to-cxx CORPUS_OUTPUT_FILE @