Home | History | Annotate | Download | only in llvm-as-fuzzer 
      1 //===--- fuzz-llvm-as.cpp - Fuzzer for llvm-as using lib/Fuzzer -----------===//
      2 //
      3 //                     The LLVM Compiler Infrastructure
      4 //
      5 // This file is distributed under the University of Illinois Open Source
      6 // License. See LICENSE.TXT for details.
      7 //
      8 //===----------------------------------------------------------------------===//
      9 //
     10 // Build tool to fuzz the LLVM assembler (llvm-as) using
     11 // lib/Fuzzer. The main reason for using this tool is that it is much
     12 // faster than using afl-fuzz, since it is run in-process.
     13 //
     14 //===----------------------------------------------------------------------===//
     15 
     16 #include "llvm/ADT/StringRef.h"
     17 #include "llvm/AsmParser/Parser.h"
     18 #include "llvm/IR/LLVMContext.h"
     19 #include "llvm/IR/Module.h"
     20 #include "llvm/IR/Verifier.h"
     21 #include "llvm/Support/ErrorHandling.h"
     22 #include "llvm/Support/MemoryBuffer.h"
     23 #include "llvm/Support/raw_ostream.h"
     24 #include "llvm/Support/SourceMgr.h"
     25 
     26 #include <csetjmp>
     27 
     28 using namespace llvm;
     29 
     30 static jmp_buf JmpBuf;
     31 
     32 namespace {
     33 
     34 void MyFatalErrorHandler(void *user_data, const std::string& reason,
     35                          bool gen_crash_diag) {
     36   // Don't bother printing reason, just return to the test function,
     37   // since a fatal error represents a successful parse (i.e. it correctly
     38   // terminated with an error message to the user).
     39   longjmp(JmpBuf, 1);
     40 }
     41 
     42 static bool InstalledHandler = false;
     43 
     44 } // end of anonymous namespace
     45 
     46 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     47 
     48   // Allocate space for locals before setjmp so that memory can be collected
     49   // if parse exits prematurely (via longjmp).
     50   StringRef Input((const char *)Data, Size);
     51   // Note: We need to create a buffer to add a null terminator to the
     52   // end of the input string. The parser assumes that the string
     53   // parsed is always null terminated.
     54   std::unique_ptr<MemoryBuffer> MemBuf = MemoryBuffer::getMemBufferCopy(Input);
     55   SMDiagnostic Err;
     56   LLVMContext &Context = getGlobalContext();
     57   std::unique_ptr<Module> M;
     58 
     59   if (setjmp(JmpBuf))
     60     // If reached, we have returned with non-zero status, so exit.
     61     return 0;
     62 
     63   // TODO(kschimpf) Write a main to do this initialization.
     64   if (!InstalledHandler) {
     65     llvm::install_fatal_error_handler(::MyFatalErrorHandler, nullptr);
     66     InstalledHandler = true;
     67   }
     68 
     69   M = parseAssembly(MemBuf->getMemBufferRef(), Err, Context);
     70 
     71   if (!M.get())
     72     return 0;
     73 
     74   verifyModule(*M.get());
     75   return 0;
     76 }
     77