| #!/bin/bash -eux |
| # |
| # Copyright 2017 Google Inc. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| ################################################################################ |
| |
| readonly FUZZERS=( \ |
| clang-fuzzer \ |
| clang-format-fuzzer \ |
| clang-objc-fuzzer \ |
| clangd-fuzzer \ |
| llvm-itanium-demangle-fuzzer \ |
| llvm-microsoft-demangle-fuzzer \ |
| llvm-dwarfdump-fuzzer \ |
| llvm-isel-fuzzer \ |
| llvm-special-case-list-fuzzer \ |
| llvm-opt-fuzzer \ |
| ) |
| case $SANITIZER in |
| address) LLVM_SANITIZER="Address" ;; |
| undefined) LLVM_SANITIZER="Undefined" ;; |
| memory) LLVM_SANITIZER="MemoryWithOrigins" ;; |
| *) LLVM_SANITIZER="" ;; |
| esac |
| case "${LIB_FUZZING_ENGINE}" in |
| -fsanitize=fuzzer) CMAKE_FUZZING_CONFIG="-DLLVM_USE_SANITIZE_COVERAGE=ON" ;; |
| *) CMAKE_FUZZING_CONFIG="-DLLVM_LIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE}" ;; |
| esac |
| |
| LLVM=llvm-project/llvm |
| |
| mkdir build |
| cd build |
| |
| cmake -GNinja -DCMAKE_BUILD_TYPE=Release ../$LLVM \ |
| -DLLVM_ENABLE_PROJECTS="clang;libcxx;libcxxabi;compiler-rt;lld;clang-tools-extra" \ |
| -DLLVM_ENABLE_ASSERTIONS=ON \ |
| -DCMAKE_C_COMPILER="${CC}" \ |
| -DCMAKE_CXX_COMPILER="${CXX}" \ |
| -DCMAKE_C_FLAGS="${CFLAGS}" \ |
| -DCMAKE_CXX_FLAGS="${CXXFLAGS}" \ |
| "${CMAKE_FUZZING_CONFIG}" \ |
| -DLLVM_NO_DEAD_STRIP=ON \ |
| -DLLVM_USE_SANITIZER="${LLVM_SANITIZER}" \ |
| -DLLVM_EXPERIMENTAL_TARGETS_TO_BUILD=WebAssembly |
| for fuzzer in "${FUZZERS[@]}"; do |
| ninja $fuzzer |
| cp bin/$fuzzer $OUT |
| done |
| ninja llvm-as |
| |
| # isel-fuzzer encodes its default flags in the name. |
| cp $OUT/llvm-isel-fuzzer $OUT/llvm-isel-fuzzer--aarch64-O2 |
| cp $OUT/llvm-isel-fuzzer $OUT/llvm-isel-fuzzer--x86_64-O2 |
| cp $OUT/llvm-isel-fuzzer $OUT/llvm-isel-fuzzer--wasm32-O2 |
| mv $OUT/llvm-isel-fuzzer $OUT/llvm-isel-fuzzer--aarch64-gisel |
| |
| # Same for llvm-opt-fuzzer |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-earlycse |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-simplifycfg |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-gvn |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-sccp |
| |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-loop_predication |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-guard_widening |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-loop_vectorize |
| |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-loop_rotate |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-loop_unswitch |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-loop_unroll |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-licm |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-indvars |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-strength_reduce |
| |
| cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-irce |
| |
| mv $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-instcombine |
| |
| # Build corpus for the llvm-opt-fuzzer |
| function build_corpus { |
| local lit_path="${1}" |
| local fuzzer_name="${2}" |
| |
| [[ -e "${WORK}/corpus-tmp" ]] && rm -r "${WORK}/corpus-tmp" |
| mkdir "${WORK}/corpus-tmp" |
| |
| cd "${SRC}" |
| |
| # Compile all lit tests into bitcode. Ignore possible llvm-as failures. |
| find "${lit_path}" -name "*.ll" -print0 | |
| xargs -t -i -0 -n1 sh -c "build/bin/llvm-as "{}" || true" |
| |
| # Move freshly created bitcode into temp directory. |
| find "${lit_path}" -name "*.bc" -print0 | |
| xargs -t -i -0 -n1 mv "{}" "${WORK}/corpus-tmp" |
| |
| # Archive the corpus. |
| zip -j "${OUT}/${fuzzer_name}_seed_corpus.zip" "${WORK}"/corpus-tmp/* |
| |
| rm -r "${WORK}/corpus-tmp" |
| |
| echo -e "[libfuzzer]\nmax_len = 0" > "${OUT}"/"${fuzzer_name}".options |
| } |
| |
| build_corpus "$LLVM/test/Transforms/InstCombine/" "llvm-opt-fuzzer--x86_64-instcombine" |
| build_corpus "$LLVM/test/Transforms/EarlyCSE/" "llvm-opt-fuzzer--x86_64-earlycse" |
| build_corpus "$LLVM/test/Transforms/SimplifyCFG/" "llvm-opt-fuzzer--x86_64-simplifycfg" |
| build_corpus "$LLVM/test/Transforms/GVN/" "llvm-opt-fuzzer--x86_64-gvn" |
| build_corpus "$LLVM/test/Transforms/SCCP/" "llvm-opt-fuzzer--x86_64-sccp" |
| |
| build_corpus "$LLVM/test/Transforms/LoopPredication/" "llvm-opt-fuzzer--x86_64-loop_predication" |
| build_corpus "$LLVM/test/Transforms/GuardWidening/" "llvm-opt-fuzzer--x86_64-guard_widening" |
| build_corpus "$LLVM/test/Transforms/LoopVectorize/" "llvm-opt-fuzzer--x86_64-loop_vectorize" |
| |
| build_corpus "$LLVM/test/Transforms/LoopRotate/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_rotate" |
| build_corpus "$LLVM/test/Transforms/LoopUnswitch/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_unswitch" |
| build_corpus "$LLVM/test/Transforms/LoopUnroll/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_unroll" |
| build_corpus "$LLVM/test/Transforms/LICM/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-licm" |
| build_corpus "$LLVM/test/Transforms/IndVarSimplify/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-indvars" |
| build_corpus "$LLVM/test/Transforms/LoopStrengthReduce/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-strength_reduce" |
| |
| build_corpus "$LLVM/test/Transforms/IRCE/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-irce" |
| |
| zip -j "${OUT}/clang-objc-fuzzer_seed_corpus.zip" $SRC/$LLVM/../clang/tools/clang-fuzzer/corpus_examples/objc/* |
| zip -j "${OUT}/clangd-fuzzer_seed_corpus.zip" $SRC/$LLVM/../clang-tools-extra/clangd/test/* |
