1*9880d681SAndroid Build Coastguard Worker //===--- fuzz-llvm-as.cpp - Fuzzer for llvm-as using lib/Fuzzer -----------===//
2*9880d681SAndroid Build Coastguard Worker //
3*9880d681SAndroid Build Coastguard Worker // The LLVM Compiler Infrastructure
4*9880d681SAndroid Build Coastguard Worker //
5*9880d681SAndroid Build Coastguard Worker // This file is distributed under the University of Illinois Open Source
6*9880d681SAndroid Build Coastguard Worker // License. See LICENSE.TXT for details.
7*9880d681SAndroid Build Coastguard Worker //
8*9880d681SAndroid Build Coastguard Worker //===----------------------------------------------------------------------===//
9*9880d681SAndroid Build Coastguard Worker //
10*9880d681SAndroid Build Coastguard Worker // Build tool to fuzz the LLVM assembler (llvm-as) using
11*9880d681SAndroid Build Coastguard Worker // lib/Fuzzer. The main reason for using this tool is that it is much
12*9880d681SAndroid Build Coastguard Worker // faster than using afl-fuzz, since it is run in-process.
13*9880d681SAndroid Build Coastguard Worker //
14*9880d681SAndroid Build Coastguard Worker //===----------------------------------------------------------------------===//
15*9880d681SAndroid Build Coastguard Worker
16*9880d681SAndroid Build Coastguard Worker #include "llvm/ADT/StringRef.h"
17*9880d681SAndroid Build Coastguard Worker #include "llvm/AsmParser/Parser.h"
18*9880d681SAndroid Build Coastguard Worker #include "llvm/IR/LLVMContext.h"
19*9880d681SAndroid Build Coastguard Worker #include "llvm/IR/Module.h"
20*9880d681SAndroid Build Coastguard Worker #include "llvm/IR/Verifier.h"
21*9880d681SAndroid Build Coastguard Worker #include "llvm/Support/ErrorHandling.h"
22*9880d681SAndroid Build Coastguard Worker #include "llvm/Support/MemoryBuffer.h"
23*9880d681SAndroid Build Coastguard Worker #include "llvm/Support/raw_ostream.h"
24*9880d681SAndroid Build Coastguard Worker #include "llvm/Support/SourceMgr.h"
25*9880d681SAndroid Build Coastguard Worker
26*9880d681SAndroid Build Coastguard Worker #include <csetjmp>
27*9880d681SAndroid Build Coastguard Worker
28*9880d681SAndroid Build Coastguard Worker using namespace llvm;
29*9880d681SAndroid Build Coastguard Worker
30*9880d681SAndroid Build Coastguard Worker static jmp_buf JmpBuf;
31*9880d681SAndroid Build Coastguard Worker
32*9880d681SAndroid Build Coastguard Worker namespace {
33*9880d681SAndroid Build Coastguard Worker
MyFatalErrorHandler(void * user_data,const std::string & reason,bool gen_crash_diag)34*9880d681SAndroid Build Coastguard Worker void MyFatalErrorHandler(void *user_data, const std::string& reason,
35*9880d681SAndroid Build Coastguard Worker bool gen_crash_diag) {
36*9880d681SAndroid Build Coastguard Worker // Don't bother printing reason, just return to the test function,
37*9880d681SAndroid Build Coastguard Worker // since a fatal error represents a successful parse (i.e. it correctly
38*9880d681SAndroid Build Coastguard Worker // terminated with an error message to the user).
39*9880d681SAndroid Build Coastguard Worker longjmp(JmpBuf, 1);
40*9880d681SAndroid Build Coastguard Worker }
41*9880d681SAndroid Build Coastguard Worker
42*9880d681SAndroid Build Coastguard Worker static bool InstalledHandler = false;
43*9880d681SAndroid Build Coastguard Worker
44*9880d681SAndroid Build Coastguard Worker } // end of anonymous namespace
45*9880d681SAndroid Build Coastguard Worker
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)46*9880d681SAndroid Build Coastguard Worker extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
47*9880d681SAndroid Build Coastguard Worker
48*9880d681SAndroid Build Coastguard Worker // Allocate space for locals before setjmp so that memory can be collected
49*9880d681SAndroid Build Coastguard Worker // if parse exits prematurely (via longjmp).
50*9880d681SAndroid Build Coastguard Worker StringRef Input((const char *)Data, Size);
51*9880d681SAndroid Build Coastguard Worker // Note: We need to create a buffer to add a null terminator to the
52*9880d681SAndroid Build Coastguard Worker // end of the input string. The parser assumes that the string
53*9880d681SAndroid Build Coastguard Worker // parsed is always null terminated.
54*9880d681SAndroid Build Coastguard Worker std::unique_ptr<MemoryBuffer> MemBuf = MemoryBuffer::getMemBufferCopy(Input);
55*9880d681SAndroid Build Coastguard Worker SMDiagnostic Err;
56*9880d681SAndroid Build Coastguard Worker LLVMContext Context;
57*9880d681SAndroid Build Coastguard Worker std::unique_ptr<Module> M;
58*9880d681SAndroid Build Coastguard Worker
59*9880d681SAndroid Build Coastguard Worker if (setjmp(JmpBuf))
60*9880d681SAndroid Build Coastguard Worker // If reached, we have returned with non-zero status, so exit.
61*9880d681SAndroid Build Coastguard Worker return 0;
62*9880d681SAndroid Build Coastguard Worker
63*9880d681SAndroid Build Coastguard Worker // TODO(kschimpf) Write a main to do this initialization.
64*9880d681SAndroid Build Coastguard Worker if (!InstalledHandler) {
65*9880d681SAndroid Build Coastguard Worker llvm::install_fatal_error_handler(::MyFatalErrorHandler, nullptr);
66*9880d681SAndroid Build Coastguard Worker InstalledHandler = true;
67*9880d681SAndroid Build Coastguard Worker }
68*9880d681SAndroid Build Coastguard Worker
69*9880d681SAndroid Build Coastguard Worker M = parseAssembly(MemBuf->getMemBufferRef(), Err, Context);
70*9880d681SAndroid Build Coastguard Worker
71*9880d681SAndroid Build Coastguard Worker if (!M.get())
72*9880d681SAndroid Build Coastguard Worker return 0;
73*9880d681SAndroid Build Coastguard Worker
74*9880d681SAndroid Build Coastguard Worker verifyModule(*M.get());
75*9880d681SAndroid Build Coastguard Worker return 0;
76*9880d681SAndroid Build Coastguard Worker }
77