1//===--- fuzz-llvm-as.cpp - Fuzzer for llvm-as using lib/Fuzzer -----------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// Build tool to fuzz the LLVM assembler (llvm-as) using 11// lib/Fuzzer. The main reason for using this tool is that it is much 12// faster than using afl-fuzz, since it is run in-process. 13// 14//===----------------------------------------------------------------------===// 15 16#include "llvm/ADT/StringRef.h" 17#include "llvm/AsmParser/Parser.h" 18#include "llvm/IR/LLVMContext.h" 19#include "llvm/IR/Module.h" 20#include "llvm/IR/Verifier.h" 21#include "llvm/Support/ErrorHandling.h" 22#include "llvm/Support/MemoryBuffer.h" 23#include "llvm/Support/raw_ostream.h" 24#include "llvm/Support/SourceMgr.h" 25 26#include <csetjmp> 27 28using namespace llvm; 29 30static jmp_buf JmpBuf; 31 32namespace { 33 34void MyFatalErrorHandler(void *user_data, const std::string& reason, 35 bool gen_crash_diag) { 36 // Don't bother printing reason, just return to the test function, 37 // since a fatal error represents a successful parse (i.e. it correctly 38 // terminated with an error message to the user). 39 longjmp(JmpBuf, 1); 40} 41 42static bool InstalledHandler = false; 43 44} // end of anonymous namespace 45 46extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { 47 48 // Allocate space for locals before setjmp so that memory can be collected 49 // if parse exits prematurely (via longjmp). 50 StringRef Input((const char *)Data, Size); 51 // Note: We need to create a buffer to add a null terminator to the 52 // end of the input string. The parser assumes that the string 53 // parsed is always null terminated. 54 std::unique_ptr<MemoryBuffer> MemBuf = MemoryBuffer::getMemBufferCopy(Input); 55 SMDiagnostic Err; 56 LLVMContext Context; 57 std::unique_ptr<Module> M; 58 59 if (setjmp(JmpBuf)) 60 // If reached, we have returned with non-zero status, so exit. 61 return 0; 62 63 // TODO(kschimpf) Write a main to do this initialization. 64 if (!InstalledHandler) { 65 llvm::install_fatal_error_handler(::MyFatalErrorHandler, nullptr); 66 InstalledHandler = true; 67 } 68 69 M = parseAssembly(MemBuf->getMemBufferRef(), Err, Context); 70 71 if (!M.get()) 72 return 0; 73 74 verifyModule(*M.get()); 75 return 0; 76} 77