| Karl Schimpf | 1318d71 | 2015-08-31 17:55:32 +0000 | [diff] [blame] | 1 | //===--- fuzz-llvm-as.cpp - Fuzzer for llvm-as using lib/Fuzzer -----------===// |
| 2 | // |
| 3 | // The LLVM Compiler Infrastructure |
| 4 | // |
| 5 | // This file is distributed under the University of Illinois Open Source |
| 6 | // License. See LICENSE.TXT for details. |
| 7 | // |
| 8 | //===----------------------------------------------------------------------===// |
| 9 | // |
| 10 | // Build tool to fuzz the LLVM assembler (llvm-as) using |
| 11 | // lib/Fuzzer. The main reason for using this tool is that it is much |
| 12 | // faster than using afl-fuzz, since it is run in-process. |
| 13 | // |
| 14 | //===----------------------------------------------------------------------===// |
| 15 | |
| 16 | #include "llvm/ADT/StringRef.h" |
| 17 | #include "llvm/AsmParser/Parser.h" |
| 18 | #include "llvm/IR/LLVMContext.h" |
| 19 | #include "llvm/IR/Module.h" |
| 20 | #include "llvm/IR/Verifier.h" |
| 21 | #include "llvm/Support/ErrorHandling.h" |
| 22 | #include "llvm/Support/MemoryBuffer.h" |
| 23 | #include "llvm/Support/raw_ostream.h" |
| 24 | #include "llvm/Support/SourceMgr.h" |
| 25 | |
| 26 | #include <csetjmp> |
| 27 | |
| 28 | using namespace llvm; |
| 29 | |
| 30 | static jmp_buf JmpBuf; |
| 31 | |
| 32 | namespace { |
| 33 | |
| 34 | void MyFatalErrorHandler(void *user_data, const std::string& reason, |
| 35 | bool gen_crash_diag) { |
| 36 | // Don't bother printing reason, just return to the test function, |
| 37 | // since a fatal error represents a successful parse (i.e. it correctly |
| 38 | // terminated with an error message to the user). |
| 39 | longjmp(JmpBuf, 1); |
| 40 | } |
| 41 | |
| 42 | static bool InstalledHandler = false; |
| 43 | |
| 44 | } // end of anonymous namespace |
| 45 | |
| Kostya Serebryany | 9906eef | 2015-10-02 23:34:06 +0000 | [diff] [blame] | 46 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
| Karl Schimpf | 1318d71 | 2015-08-31 17:55:32 +0000 | [diff] [blame] | 47 | |
| 48 | // Allocate space for locals before setjmp so that memory can be collected |
| 49 | // if parse exits prematurely (via longjmp). |
| 50 | StringRef Input((const char *)Data, Size); |
| 51 | // Note: We need to create a buffer to add a null terminator to the |
| 52 | // end of the input string. The parser assumes that the string |
| 53 | // parsed is always null terminated. |
| 54 | std::unique_ptr<MemoryBuffer> MemBuf = MemoryBuffer::getMemBufferCopy(Input); |
| 55 | SMDiagnostic Err; |
| Mehdi Amini | 8be7707 | 2016-04-14 21:59:01 +0000 | [diff] [blame] | 56 | LLVMContext Context; |
| Karl Schimpf | 1318d71 | 2015-08-31 17:55:32 +0000 | [diff] [blame] | 57 | std::unique_ptr<Module> M; |
| 58 | |
| 59 | if (setjmp(JmpBuf)) |
| 60 | // If reached, we have returned with non-zero status, so exit. |
| Kostya Serebryany | 9906eef | 2015-10-02 23:34:06 +0000 | [diff] [blame] | 61 | return 0; |
| Karl Schimpf | 1318d71 | 2015-08-31 17:55:32 +0000 | [diff] [blame] | 62 | |
| 63 | // TODO(kschimpf) Write a main to do this initialization. |
| 64 | if (!InstalledHandler) { |
| 65 | llvm::install_fatal_error_handler(::MyFatalErrorHandler, nullptr); |
| 66 | InstalledHandler = true; |
| 67 | } |
| 68 | |
| 69 | M = parseAssembly(MemBuf->getMemBufferRef(), Err, Context); |
| 70 | |
| 71 | if (!M.get()) |
| Kostya Serebryany | 9906eef | 2015-10-02 23:34:06 +0000 | [diff] [blame] | 72 | return 0; |
| Karl Schimpf | 1318d71 | 2015-08-31 17:55:32 +0000 | [diff] [blame] | 73 | |
| 74 | verifyModule(*M.get()); |
| Kostya Serebryany | 9906eef | 2015-10-02 23:34:06 +0000 | [diff] [blame] | 75 | return 0; |
| Karl Schimpf | 1318d71 | 2015-08-31 17:55:32 +0000 | [diff] [blame] | 76 | } |