search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[sanitizer] Improve FreeBSD ASLR detection
[llvm-project.git] / llvm / tools / llvm-isel-fuzzer / llvm-isel-fuzzer.cpp
bloba6370da6e038e365d9a73d735dba86afb23e6cc8
1 //===--- llvm-isel-fuzzer.cpp - Fuzzer for instruction selection ----------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Tool to fuzz instruction selection using libFuzzer.
10 //
11 //===----------------------------------------------------------------------===//
12
13 #include "llvm/ADT/StringRef.h"
14 #include "llvm/Analysis/TargetLibraryInfo.h"
15 #include "llvm/Bitcode/BitcodeReader.h"
16 #include "llvm/Bitcode/BitcodeWriter.h"
17 #include "llvm/CodeGen/CommandFlags.h"
18 #include "llvm/FuzzMutate/FuzzerCLI.h"
19 #include "llvm/FuzzMutate/IRMutator.h"
20 #include "llvm/FuzzMutate/Operations.h"
21 #include "llvm/IR/Constants.h"
22 #include "llvm/IR/LLVMContext.h"
23 #include "llvm/IR/LegacyPassManager.h"
24 #include "llvm/IR/Module.h"
25 #include "llvm/IR/Verifier.h"
26 #include "llvm/IRReader/IRReader.h"
27 #include "llvm/MC/TargetRegistry.h"
28 #include "llvm/Support/CommandLine.h"
29 #include "llvm/Support/DataTypes.h"
30 #include "llvm/Support/Debug.h"
31 #include "llvm/Support/SourceMgr.h"
32 #include "llvm/Support/TargetSelect.h"
33 #include "llvm/Target/TargetMachine.h"
34
35 #define DEBUG_TYPE "isel-fuzzer"
36
37 using namespace llvm;
38
39 static codegen::RegisterCodeGenFlags CGF;
40
41 static cl::opt<char>
42 OptLevel("O",
43 cl::desc("Optimization level. [-O0, -O1, -O2, or -O3] "
44 "(default = '-O2')"),
45 cl::Prefix,
46 cl::ZeroOrMore,
47 cl::init(' '));
48
49 static cl::opt<std::string>
50 TargetTriple("mtriple", cl::desc("Override target triple for module"));
51
52 static std::unique_ptr<TargetMachine> TM;
53 static std::unique_ptr<IRMutator> Mutator;
54
55 std::unique_ptr<IRMutator> createISelMutator() {
56 std::vector<TypeGetter> Types{
57 Type::getInt1Ty, Type::getInt8Ty, Type::getInt16Ty, Type::getInt32Ty,
58 Type::getInt64Ty, Type::getFloatTy, Type::getDoubleTy};
59
60 std::vector<std::unique_ptr<IRMutationStrategy>> Strategies;
61 Strategies.emplace_back(
62 new InjectorIRStrategy(InjectorIRStrategy::getDefaultOps()));
63 Strategies.emplace_back(new InstDeleterIRStrategy());
64
65 return std::make_unique<IRMutator>(std::move(Types), std::move(Strategies));
66 }
67
68 extern "C" LLVM_ATTRIBUTE_USED size_t LLVMFuzzerCustomMutator(
69 uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed) {
70 LLVMContext Context;
71 std::unique_ptr<Module> M;
72 if (Size <= 1)
73 // We get bogus data given an empty corpus - just create a new module.
74 M.reset(new Module("M", Context));
75 else
76 M = parseModule(Data, Size, Context);
77
78 Mutator->mutateModule(*M, Seed, Size, MaxSize);
79
80 return writeModule(*M, Data, MaxSize);
81 }
82
83 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
84 if (Size <= 1)
85 // We get bogus data given an empty corpus - ignore it.
86 return 0;
87
88 LLVMContext Context;
89 auto M = parseAndVerify(Data, Size, Context);
90 if (!M) {
91 errs() << "error: input module is broken!\n";
92 return 0;
93 }
94
95 // Set up the module to build for our target.
96 M->setTargetTriple(TM->getTargetTriple().normalize());
97 M->setDataLayout(TM->createDataLayout());
98
99 // Build up a PM to do instruction selection.
100 legacy::PassManager PM;
101 TargetLibraryInfoImpl TLII(TM->getTargetTriple());
102 PM.add(new TargetLibraryInfoWrapperPass(TLII));
103 raw_null_ostream OS;
104 TM->addPassesToEmitFile(PM, OS, nullptr, CGFT_Null);
105 PM.run(*M);
106
107 return 0;
108 }
109
110 static void handleLLVMFatalError(void *, const char *Message, bool) {
111 // TODO: Would it be better to call into the fuzzer internals directly?
112 dbgs() << "LLVM ERROR: " << Message << "\n"
113 << "Aborting to trigger fuzzer exit handling.\n";
114 abort();
115 }
116
117 extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerInitialize(int *argc,
118 char ***argv) {
119 EnableDebugBuffering = true;
120
121 InitializeAllTargets();
122 InitializeAllTargetMCs();
123 InitializeAllAsmPrinters();
124 InitializeAllAsmParsers();
125
126 handleExecNameEncodedBEOpts(*argv[0]);
127 parseFuzzerCLOpts(*argc, *argv);
128
129 if (TargetTriple.empty()) {
130 errs() << *argv[0] << ": -mtriple must be specified\n";
131 exit(1);
132 }
133
134 Triple TheTriple = Triple(Triple::normalize(TargetTriple));
135
136 // Get the target specific parser.
137 std::string Error;
138 const Target *TheTarget =
139 TargetRegistry::lookupTarget(codegen::getMArch(), TheTriple, Error);
140 if (!TheTarget) {
141 errs() << argv[0] << ": " << Error;
142 return 1;
143 }
144
145 // Set up the pipeline like llc does.
146 std::string CPUStr = codegen::getCPUStr(),
147 FeaturesStr = codegen::getFeaturesStr();
148
149 CodeGenOpt::Level OLvl = CodeGenOpt::Default;
150 switch (OptLevel) {
151 default:
152 errs() << argv[0] << ": invalid optimization level.\n";
153 return 1;
154 case ' ': break;
155 case '0': OLvl = CodeGenOpt::None; break;
156 case '1': OLvl = CodeGenOpt::Less; break;
157 case '2': OLvl = CodeGenOpt::Default; break;
158 case '3': OLvl = CodeGenOpt::Aggressive; break;
159 }
160
161 TargetOptions Options = codegen::InitTargetOptionsFromCodeGenFlags(TheTriple);
162 TM.reset(TheTarget->createTargetMachine(
163 TheTriple.getTriple(), CPUStr, FeaturesStr, Options,
164 codegen::getExplicitRelocModel(), codegen::getExplicitCodeModel(), OLvl));
165 assert(TM && "Could not allocate target machine!");
166
167 // Make sure we print the summary and the current unit when LLVM errors out.
168 install_fatal_error_handler(handleLLVMFatalError, nullptr);
169
170 // Finally, create our mutator.
171 Mutator = createISelMutator();
172 return 0;
173 }
LLVM monorepo