[inspector][fuzzer] Add inspector fuzzer

This adds a first simple version of the inspector fuzzer, which is a
stripped-down version of the inspector-test executable. The fuzzer
generates inputs which are compatible with inspector-test.

There are still memory leaks, and the fuzzer will probably run into
timeouts most of the time. Both of this will be addressed in follow-ups.

R=szuend@chromium.org, machenbach@chromium.org

Bug: chromium:1142437
Change-Id: I4d13da460f571d791a3642b0705a1f07b442c11b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505722
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70922}

BUILD.gn

@@ -4806,6 +4806,7 @@ if (is_fuchsia && !build_with_chromium) {
 group("v8_fuzzers") {
   testonly = true
   data_deps = [
+    ":v8_simple_inspector_fuzzer",
     ":v8_simple_json_fuzzer",
     ":v8_simple_multi_return_fuzzer",
     ":v8_simple_parser_fuzzer",
@@ -5270,6 +5271,23 @@ v8_source_set("wasm_compile_fuzzer") {
 v8_fuzzer("wasm_compile_fuzzer") {
 }
 
+v8_source_set("inspector_fuzzer") {
+  sources = [ "test/fuzzer/inspector-fuzzer.cc" ]
+
+  deps = [
+    ":fuzzer_support",
+    "test/inspector:inspector_test",
+  ]
+
+  configs = [
+    ":external_config",
+    ":internal_config_base",
+  ]
+}
+
+v8_fuzzer("inspector_fuzzer") {
+}
+
 # Target to build all generated .cc files.
 group("v8_generated_cc_files") {
   testonly = true

test/fuzzer/BUILD.gn

@@ -6,13 +6,14 @@ group("v8_fuzzer") {
   testonly = true
 
   data_deps = [
-    "../../tools:v8_testrunner",
     "../..:v8_fuzzers",
+    "../../tools:v8_testrunner",
   ]
 
   data = [
     "./fuzzer.status",
     "./testcfg.py",
+    "./inspector/",
     "./json/",
     "./parser/",
     "./regexp/",

test/fuzzer/inspector/foo

+smoke test

test/fuzzer/testcfg.py

@@ -8,10 +8,11 @@ from testrunner.local import testsuite
 from testrunner.objects import testcase
 
 SUB_TESTS = [
+  'inspector',
   'json',
   'parser',
-  'regexp_builtins',
   'regexp',
+  'regexp_builtins',
   'multi_return',
   'wasm',
   'wasm_async',

test/inspector/BUILD.gn

@@ -4,12 +4,9 @@
 
 import("../../gni/v8.gni")
 
-v8_executable("inspector-test") {
-  testonly = true
-
+v8_source_set("inspector_test") {
   sources = [
     "frontend-channel.h",
-    "inspector-test.cc",
     "isolate-data.cc",
     "isolate-data.h",
     "task-runner.cc",
@@ -20,16 +17,28 @@ v8_executable("inspector-test") {
     "utils.h",
   ]
 
+  configs = [ "../..:internal_config_base" ]
+
+  public_deps = [
+    "../..:v8",
+    "../..:v8_libbase",
+    "../..:v8_libplatform",
+    "../../src/inspector:inspector_test_headers",
+  ]
+}
+
+v8_executable("inspector-test") {
+  testonly = true
+
+  sources = [ "inspector-test.cc" ]
+
   configs = [
     "../..:external_config",
     "../..:internal_config_base",
   ]
 
   deps = [
-    "../..:v8",
-    "../..:v8_libbase",
-    "../..:v8_libplatform",
-    "../../src/inspector:inspector_test_headers",
+    ":inspector_test",
     "//build/win:default_exe_manifest",
   ]