[clang-fuzzer] Add new fuzzer target for Objective-C

Summary: - Similar to that of `clang-fuzzer` itself but instead only targets Objective-C source files via cc1 - Also adds an example corpus directory containing some input for Objective-C Subscribers: mgorny, jfb, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D69171 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@375453 91177308-0d34-0410-b5e6-96231b3b80d8
author: David Goldman <dallasftball@gmail.com> 2019-10-21 20:45:02 +0000
committer: David Goldman <dallasftball@gmail.com> 2019-10-21 20:45:02 +0000
commit: 73e476646bdaeb2ad2d40254ce64c2dfe8c78873 (patch)
tree: 8ba07c4dbe54f1277575f567efb7f8b3616f4724 /tools/clang-fuzzer/README.txt
parent: c12eb40f6c6eca83e99bc20f6813dc32e3e68831 (diff)
download: clang-73e476646bdaeb2ad2d40254ce64c2dfe8c78873.tar.gz
1 files changed, 39 insertions, 4 deletions
diff --git a/tools/clang-fuzzer/README.txt b/tools/clang-fuzzer/README.txt
index 9c25afdb22..eec4a9efdf 100644
--- a/tools/clang-fuzzer/README.txt
+++ b/tools/clang-fuzzer/README.txt
@@ -1,15 +1,21 @@
-This directory contains two utilities for fuzzing Clang: clang-fuzzer and
-clang-proto-fuzzer.  Both use libFuzzer to generate inputs to clang via
-coverage-guided mutation.
+This directory contains three utilities for fuzzing Clang: clang-fuzzer,
+clang-objc-fuzzer, and clang-proto-fuzzer. All use libFuzzer to generate inputs
+to clang via coverage-guided mutation.
 
-The two utilities differ, however, in how they structure inputs to Clang.
+The three utilities differ, however, in how they structure inputs to Clang.
 clang-fuzzer makes no attempt to generate valid C++ programs and is therefore
 primarily useful for stressing the surface layers of Clang (i.e. lexer, parser).
+
+clang-objc-fuzzer is similar but for Objective-C: it makes no attempt to
+generate a valid Objective-C program.
+
 clang-proto-fuzzer uses a protobuf class to describe a subset of the C++
 language and then uses libprotobuf-mutator to mutate instantiations of that
 class, producing valid C++ programs in the process.  As a result,
 clang-proto-fuzzer is better at stressing deeper layers of Clang and LLVM.
 
+Some of the fuzzers have example corpuses inside the corpus_examples directory.
+
 ===================================
  Building clang-fuzzer
 ===================================
@@ -35,6 +41,35 @@ Example:
   bin/clang-fuzzer CORPUS_DIR
 
 
+===================================
+ Building clang-objc-fuzzer
+===================================
+Within your LLVM build directory, run CMake with the following variable
+definitions:
+- CMAKE_C_COMPILER=clang
+- CMAKE_CXX_COMPILER=clang++
+- LLVM_USE_SANITIZE_COVERAGE=YES
+- LLVM_USE_SANITIZER=Address
+
+Then build the clang-objc-fuzzer target.
+
+Example:
+  cd $LLVM_SOURCE_DIR
+  mkdir build && cd build
+  cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \
+    -DLLVM_USE_SANITIZE_COVERAGE=YES -DLLVM_USE_SANITIZER=Address
+  ninja clang-objc-fuzzer
+
+======================
+ Running clang-objc-fuzzer
+======================
+  bin/clang-objc-fuzzer CORPUS_DIR
+
+e.g. using the example objc corpus,
+
+  bin/clang-objc-fuzzer <path to corpus_examples/objc> <path to new directory to store  corpus findings>
+
+
 =======================================================
  Building clang-proto-fuzzer (Linux-only instructions)
 =======================================================
author	David Goldman <dallasftball@gmail.com>	2019-10-21 20:45:02 +0000
committer	David Goldman <dallasftball@gmail.com>	2019-10-21 20:45:02 +0000
commit	73e476646bdaeb2ad2d40254ce64c2dfe8c78873 (patch)
tree	8ba07c4dbe54f1277575f567efb7f8b3616f4724 /tools/clang-fuzzer/README.txt
parent	c12eb40f6c6eca83e99bc20f6813dc32e3e68831 (diff)
download	clang-73e476646bdaeb2ad2d40254ce64c2dfe8c78873.tar.gz