2017-09-03 07:43:04 +08:00
|
|
|
//===-- FuzzerCLI.cpp -----------------------------------------------------===//
|
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
#include "llvm/FuzzMutate/FuzzerCLI.h"
|
2017-10-12 12:35:32 +08:00
|
|
|
#include "llvm/ADT/Triple.h"
|
2017-11-16 23:23:08 +08:00
|
|
|
#include "llvm/Bitcode/BitcodeReader.h"
|
|
|
|
#include "llvm/Bitcode/BitcodeWriter.h"
|
|
|
|
#include "llvm/IR/LLVMContext.h"
|
2017-09-03 07:43:04 +08:00
|
|
|
#include "llvm/Support/CommandLine.h"
|
|
|
|
#include "llvm/Support/Compiler.h"
|
|
|
|
#include "llvm/Support/Error.h"
|
|
|
|
#include "llvm/Support/MemoryBuffer.h"
|
2017-11-16 23:23:08 +08:00
|
|
|
#include "llvm/Support/SourceMgr.h"
|
2017-09-03 07:43:04 +08:00
|
|
|
#include "llvm/Support/raw_ostream.h"
|
|
|
|
|
|
|
|
using namespace llvm;
|
|
|
|
|
|
|
|
void llvm::parseFuzzerCLOpts(int ArgC, char *ArgV[]) {
|
|
|
|
std::vector<const char *> CLArgs;
|
|
|
|
CLArgs.push_back(ArgV[0]);
|
|
|
|
|
|
|
|
int I = 1;
|
|
|
|
while (I < ArgC)
|
|
|
|
if (StringRef(ArgV[I++]).equals("-ignore_remaining_args=1"))
|
|
|
|
break;
|
|
|
|
while (I < ArgC)
|
|
|
|
CLArgs.push_back(ArgV[I++]);
|
|
|
|
|
|
|
|
cl::ParseCommandLineOptions(CLArgs.size(), CLArgs.data());
|
|
|
|
}
|
|
|
|
|
2017-10-12 12:35:32 +08:00
|
|
|
void llvm::handleExecNameEncodedBEOpts(StringRef ExecName) {
|
|
|
|
std::vector<std::string> Args{ExecName};
|
|
|
|
|
2017-10-13 08:18:32 +08:00
|
|
|
auto NameAndArgs = ExecName.split("--");
|
2017-10-12 12:35:32 +08:00
|
|
|
if (NameAndArgs.second.empty())
|
|
|
|
return;
|
|
|
|
|
|
|
|
SmallVector<StringRef, 4> Opts;
|
|
|
|
NameAndArgs.second.split(Opts, '-');
|
|
|
|
for (StringRef Opt : Opts) {
|
|
|
|
if (Opt.equals("gisel")) {
|
|
|
|
Args.push_back("-global-isel");
|
|
|
|
// For now we default GlobalISel to -O0
|
|
|
|
Args.push_back("-O0");
|
|
|
|
} else if (Opt.startswith("O")) {
|
|
|
|
Args.push_back("-" + Opt.str());
|
2017-10-17 10:39:40 +08:00
|
|
|
} else if (Triple(Opt).getArch()) {
|
2017-10-12 12:35:32 +08:00
|
|
|
Args.push_back("-mtriple=" + Opt.str());
|
|
|
|
} else {
|
|
|
|
errs() << ExecName << ": Unknown option: " << Opt << ".\n";
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
errs() << NameAndArgs.first << ": Injected args:";
|
|
|
|
for (int I = 1, E = Args.size(); I < E; ++I)
|
|
|
|
errs() << " " << Args[I];
|
|
|
|
errs() << "\n";
|
|
|
|
|
|
|
|
std::vector<const char *> CLArgs;
|
|
|
|
CLArgs.reserve(Args.size());
|
|
|
|
for (std::string &S : Args)
|
|
|
|
CLArgs.push_back(S.c_str());
|
|
|
|
|
|
|
|
cl::ParseCommandLineOptions(CLArgs.size(), CLArgs.data());
|
|
|
|
}
|
|
|
|
|
2017-11-10 20:19:08 +08:00
|
|
|
void llvm::handleExecNameEncodedOptimizerOpts(StringRef ExecName) {
|
|
|
|
// TODO: Refactor parts common with the 'handleExecNameEncodedBEOpts'
|
|
|
|
std::vector<std::string> Args{ExecName};
|
|
|
|
|
|
|
|
auto NameAndArgs = ExecName.split("--");
|
|
|
|
if (NameAndArgs.second.empty())
|
|
|
|
return;
|
|
|
|
|
|
|
|
SmallVector<StringRef, 4> Opts;
|
|
|
|
NameAndArgs.second.split(Opts, '-');
|
|
|
|
for (StringRef Opt : Opts) {
|
|
|
|
if (Opt.startswith("instcombine")) {
|
|
|
|
Args.push_back("-passes=instcombine");
|
2018-01-24 17:57:17 +08:00
|
|
|
} else if (Opt.startswith("earlycse")) {
|
|
|
|
Args.push_back("-passes=early-cse");
|
|
|
|
} else if (Opt.startswith("simplifycfg")) {
|
|
|
|
Args.push_back("-passes=simplify-cfg");
|
|
|
|
} else if (Opt.startswith("gvn")) {
|
|
|
|
Args.push_back("-passes=gvn");
|
|
|
|
} else if (Opt.startswith("sccp")) {
|
|
|
|
Args.push_back("-passes=sccp");
|
2017-11-10 20:19:08 +08:00
|
|
|
} else if (Triple(Opt).getArch()) {
|
|
|
|
Args.push_back("-mtriple=" + Opt.str());
|
|
|
|
} else {
|
|
|
|
errs() << ExecName << ": Unknown option: " << Opt << ".\n";
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
errs() << NameAndArgs.first << ": Injected args:";
|
|
|
|
for (int I = 1, E = Args.size(); I < E; ++I)
|
|
|
|
errs() << " " << Args[I];
|
|
|
|
errs() << "\n";
|
|
|
|
|
|
|
|
std::vector<const char *> CLArgs;
|
|
|
|
CLArgs.reserve(Args.size());
|
|
|
|
for (std::string &S : Args)
|
|
|
|
CLArgs.push_back(S.c_str());
|
|
|
|
|
|
|
|
cl::ParseCommandLineOptions(CLArgs.size(), CLArgs.data());
|
|
|
|
}
|
|
|
|
|
2017-09-03 07:43:04 +08:00
|
|
|
int llvm::runFuzzerOnInputs(int ArgC, char *ArgV[], FuzzerTestFun TestOne,
|
|
|
|
FuzzerInitFun Init) {
|
|
|
|
errs() << "*** This tool was not linked to libFuzzer.\n"
|
|
|
|
<< "*** No fuzzing will be performed.\n";
|
|
|
|
if (int RC = Init(&ArgC, &ArgV)) {
|
|
|
|
errs() << "Initialization failed\n";
|
|
|
|
return RC;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (int I = 1; I < ArgC; ++I) {
|
|
|
|
StringRef Arg(ArgV[I]);
|
|
|
|
if (Arg.startswith("-")) {
|
|
|
|
if (Arg.equals("-ignore_remaining_args=1"))
|
|
|
|
break;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
auto BufOrErr = MemoryBuffer::getFile(Arg, /*FileSize-*/ -1,
|
|
|
|
/*RequiresNullTerminator=*/false);
|
|
|
|
if (std::error_code EC = BufOrErr.getError()) {
|
|
|
|
errs() << "Error reading file: " << Arg << ": " << EC.message() << "\n";
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
std::unique_ptr<MemoryBuffer> Buf = std::move(BufOrErr.get());
|
|
|
|
errs() << "Running: " << Arg << " (" << Buf->getBufferSize() << " bytes)\n";
|
|
|
|
TestOne(reinterpret_cast<const uint8_t *>(Buf->getBufferStart()),
|
|
|
|
Buf->getBufferSize());
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
2017-11-16 23:23:08 +08:00
|
|
|
|
|
|
|
std::unique_ptr<Module> llvm::parseModule(
|
|
|
|
const uint8_t *Data, size_t Size, LLVMContext &Context) {
|
|
|
|
|
|
|
|
if (Size <= 1)
|
|
|
|
// We get bogus data given an empty corpus - just create a new module.
|
|
|
|
return llvm::make_unique<Module>("M", Context);
|
|
|
|
|
|
|
|
auto Buffer = MemoryBuffer::getMemBuffer(
|
|
|
|
StringRef(reinterpret_cast<const char *>(Data), Size), "Fuzzer input",
|
|
|
|
/*RequiresNullTerminator=*/false);
|
|
|
|
|
|
|
|
SMDiagnostic Err;
|
|
|
|
auto M = parseBitcodeFile(Buffer->getMemBufferRef(), Context);
|
|
|
|
if (Error E = M.takeError()) {
|
|
|
|
errs() << toString(std::move(E)) << "\n";
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
return std::move(M.get());
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t llvm::writeModule(const Module &M, uint8_t *Dest, size_t MaxSize) {
|
|
|
|
std::string Buf;
|
|
|
|
{
|
|
|
|
raw_string_ostream OS(Buf);
|
|
|
|
WriteBitcodeToFile(&M, OS);
|
|
|
|
}
|
|
|
|
if (Buf.size() > MaxSize)
|
|
|
|
return 0;
|
|
|
|
memcpy(Dest, Buf.data(), Buf.size());
|
|
|
|
return Buf.size();
|
|
|
|
}
|