1//===--- fuzz-llvm-as.cpp - Fuzzer for llvm-as using lib/Fuzzer -----------===//
2//
3//                     The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9//
10// Build tool to fuzz the LLVM assembler (llvm-as) using
11// lib/Fuzzer. The main reason for using this tool is that it is much
12// faster than using afl-fuzz, since it is run in-process.
13//
14//===----------------------------------------------------------------------===//
15
16#include "llvm/ADT/StringRef.h"
17#include "llvm/AsmParser/Parser.h"
18#include "llvm/IR/LLVMContext.h"
19#include "llvm/IR/Module.h"
20#include "llvm/IR/Verifier.h"
21#include "llvm/Support/ErrorHandling.h"
22#include "llvm/Support/MemoryBuffer.h"
23#include "llvm/Support/raw_ostream.h"
24#include "llvm/Support/SourceMgr.h"
25
26#include <csetjmp>
27
28using namespace llvm;
29
30static jmp_buf JmpBuf;
31
32namespace {
33
34void MyFatalErrorHandler(void *user_data, const std::string& reason,
35                         bool gen_crash_diag) {
36  // Don't bother printing reason, just return to the test function,
37  // since a fatal error represents a successful parse (i.e. it correctly
38  // terminated with an error message to the user).
39  longjmp(JmpBuf, 1);
40}
41
42static bool InstalledHandler = false;
43
44} // end of anonymous namespace
45
46extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
47
48  // Allocate space for locals before setjmp so that memory can be collected
49  // if parse exits prematurely (via longjmp).
50  StringRef Input((const char *)Data, Size);
51  // Note: We need to create a buffer to add a null terminator to the
52  // end of the input string. The parser assumes that the string
53  // parsed is always null terminated.
54  std::unique_ptr<MemoryBuffer> MemBuf = MemoryBuffer::getMemBufferCopy(Input);
55  SMDiagnostic Err;
56  LLVMContext Context;
57  std::unique_ptr<Module> M;
58
59  if (setjmp(JmpBuf))
60    // If reached, we have returned with non-zero status, so exit.
61    return 0;
62
63  // TODO(kschimpf) Write a main to do this initialization.
64  if (!InstalledHandler) {
65    llvm::install_fatal_error_handler(::MyFatalErrorHandler, nullptr);
66    InstalledHandler = true;
67  }
68
69  M = parseAssembly(MemBuf->getMemBufferRef(), Err, Context);
70
71  if (!M.get())
72    return 0;
73
74  verifyModule(*M.get());
75  return 0;
76}
77