README.txt - OpenGrok cross reference for /llvm-project/clang/tools/clang-fuzzer/README.txt

Lines Matching +full:clang +full:- +full:build
1 This directory contains three utilities for fuzzing Clang: clang-fuzzer,
2 clang-objc-fuzzer, and clang-proto-fuzzer. All use libFuzzer to generate inputs
3 to clang via coverage-guided mutation.
5 The three utilities differ, however, in how they structure inputs to Clang.
6 clang-fuzzer makes no attempt to generate valid C++ programs and is therefore
7 primarily useful for stressing the surface layers of Clang (i.e. lexer, parser).
9 clang-objc-fuzzer is similar but for Objective-C: it makes no attempt to
10 generate a valid Objective-C program.
12 clang-proto-fuzzer uses a protobuf class to describe a subset of the C++
13 language and then uses libprotobuf-mutator to mutate instantiations of that
15 clang-proto-fuzzer is better at stressing deeper layers of Clang and LLVM.
20  Building clang-fuzzer
22 Within your LLVM build directory, run CMake with the following variable
24 - CMAKE_C_COMPILER=clang
25 - CMAKE_CXX_COMPILER=clang++
26 - LLVM_USE_SANITIZE_COVERAGE=YES
27 - LLVM_USE_SANITIZER=Address
29 Then build the clang-fuzzer target.
33   mkdir build && cd build
34   cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \
35     -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address
36   ninja clang-fuzzer
39  Running clang-fuzzer
41   bin/clang-fuzzer CORPUS_DIR
45  Building clang-objc-fuzzer
47 Within your LLVM build directory, run CMake with the following variable
49 - CMAKE_C_COMPILER=clang
50 - CMAKE_CXX_COMPILER=clang++
51 - LLVM_USE_SANITIZE_COVERAGE=YES
52 - LLVM_USE_SANITIZER=Address
54 Then build the clang-objc-fuzzer target.
58   mkdir build && cd build
59   cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \
60     -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address
61   ninja clang-objc-fuzzer
64  Running clang-objc-fuzzer
66   bin/clang-objc-fuzzer CORPUS_DIR
70 …bin/clang-objc-fuzzer <path to corpus_examples/objc> <path to new directory to store  corpus findi…
74  Building clang-proto-fuzzer (Linux-only instructions)
77 - binutils  // needed for libprotobuf-mutator
78 - liblzma-dev  // needed for libprotobuf-mutator
79 - libz-dev  // needed for libprotobuf-mutator
80 - docbook2x  // needed for libprotobuf-mutator
81 - Recent version of protobuf [3.3.0 is known to work]
83 Within your LLVM build directory, run CMake with the following variable
85 - CMAKE_C_COMPILER=clang
86 - CMAKE_CXX_COMPILER=clang++
87 - LLVM_USE_SANITIZE_COVERAGE=YES
88 - LLVM_USE_SANITIZER=Address
89 - CLANG_ENABLE_PROTO_FUZZER=ON
91 Then build the clang-proto-fuzzer and clang-proto-to-cxx targets.  Optionally,
92 you may also build clang-fuzzer with this setup.
96   mkdir build && cd build
97   cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \
98     -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address \
99     -DCLANG_ENABLE_PROTO_FUZZER=ON
100   ninja clang-proto-fuzzer clang-proto-to-cxx
106  Running clang-proto-fuzzer
108   bin/clang-proto-fuzzer CORPUS_DIR
110 Arguments can be specified after -ignore_remaining_args=1 to modify the compiler
113   bin/clang-proto-fuzzer CORPUS_DIR -ignore_remaining_args=1 -O3 -triple \
114       arm64apple-ios9
116 To translate a clang-proto-fuzzer corpus output to C++:
117   bin/clang-proto-to-cxx CORPUS_OUTPUT_FILE
120  llvm-proto-fuzzer
122 Like, clang-proto-fuzzer, llvm-proto-fuzzer is also a protobuf-mutator based
126 the original IR. Currently, it only runs a loop-vectorize pass but more passes
128 function (optimized and not), llvm-proto-fuzzer uses LLVM's JIT Engine to
131 llvm-proto-fuzzer can find not only compiler crashes, but also miscompiles
134 llvm-proto-fuzzer is built very similarly to clang-proto-fuzzer. You can run the
136   bin/clang-llvm-proto-fuzzer CORPUS_DIR
139   bin/clang-loop-proto-to-llvm CORPUS_OUTPUT_FILE
141   bin/clang-loop-proto-to-cxx CORPUS_OUTPUT_FILE
143 Note: To get a higher number of executions per second with llvm-proto-fuzzer it
144 helps to build it without ASan instrumentation and with the -O2 flag. Because
148   cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \
149     -DCLANG_ENABLE_PROTO_FUZZER=ON -DLLVM_USE_SANITIZE_COVERAGE=YES \
150     -DCMAKE_CXX_FLAGS="-O2"
151   ninja clang-llvm-proto-fuzzer clang-loop-proto-to-llvm