The expression fuzzer checks an environment variable, `LLDB_FUZZER_TARGET`, to get the fuzzer target binary. This is fine, but internally our tooling for running fuzz tests only has proper handling for flag values. It's surprisingly complicated to add support for that, and allowing it to be passed via flag seems reasonable anyway.
Reviewed By: cassanova
Differential Revision: https://reviews.llvm.org/D133546
This reverts commit d959324e1e.
The target_include_directories in the clang-fuzzer CMake files
are set to PRIVATE instead of PUBLIC to prevent the clang buildbots
from breaking when symlinking clang into llvm.
The expression evaluator fuzzer itself has been modified to prevent a
bug that occurs when running it without a target.
This commit adds a fuzzer for LLDB's expression evaluator.
The fuzzer takes a different approach than the current fuzzers
present, and uses an approach that is currently being used for
clang fuzzers.
Instead of fuzzing the evaluator with randomly mutated
characters, protobufs are used to generate a subset of C++. This
is then converted to valid C++ code and sent to the expression
evaluator. In addition, libprotobuf_mutator is used to mutate
the fuzzer's inputs from valid C++ code to valid C++ code, rather
than mutating from valid code to total nonsense.
Differential revision: https://reviews.llvm.org/D129377
Jordan Rupprecht