diff --git a/mlir/tools/CMakeLists.txt b/mlir/tools/CMakeLists.txt --- a/mlir/tools/CMakeLists.txt +++ b/mlir/tools/CMakeLists.txt @@ -1,5 +1,6 @@ add_subdirectory(mlir-lsp-server) add_subdirectory(mlir-opt) +add_subdirectory(mlir-parser-fuzzer) add_subdirectory(mlir-pdll) add_subdirectory(mlir-pdll-lsp-server) add_subdirectory(mlir-reduce) diff --git a/mlir/tools/mlir-parser-fuzzer/CMakeLists.txt b/mlir/tools/mlir-parser-fuzzer/CMakeLists.txt new file mode 100644 --- /dev/null +++ b/mlir/tools/mlir-parser-fuzzer/CMakeLists.txt @@ -0,0 +1,14 @@ +set(LLVM_LINK_COMPONENTS + FuzzMutate + Support +) +add_llvm_fuzzer(mlir-parser-fuzzer + mlir-parser-fuzzer.cpp + DUMMY_MAIN DummyParserFuzzer.cpp +) +target_link_libraries(mlir-parser-fuzzer + PUBLIC + MLIRIR + MLIRParser + MLIRSupport +) diff --git a/mlir/tools/mlir-parser-fuzzer/DummyParserFuzzer.cpp b/mlir/tools/mlir-parser-fuzzer/DummyParserFuzzer.cpp new file mode 100644 --- /dev/null +++ b/mlir/tools/mlir-parser-fuzzer/DummyParserFuzzer.cpp @@ -0,0 +1,20 @@ +//===--- DummyParserFuzzer.cpp - Entry point to sanity check the fuzzer ---===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// Implementation of main so we can build and test without linking libFuzzer. +// +//===----------------------------------------------------------------------===// + +#include "llvm/FuzzMutate/FuzzerCLI.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv); +int main(int argc, char *argv[]) { + return llvm::runFuzzerOnInputs(argc, argv, LLVMFuzzerTestOneInput, + LLVMFuzzerInitialize); +} diff --git a/mlir/tools/mlir-parser-fuzzer/mlir-parser-fuzzer.cpp b/mlir/tools/mlir-parser-fuzzer/mlir-parser-fuzzer.cpp new file mode 100644 --- /dev/null +++ b/mlir/tools/mlir-parser-fuzzer/mlir-parser-fuzzer.cpp @@ -0,0 +1,50 @@ +//===--- mlir-parser-fuzzer.cpp - Entry point to parser fuzzer ------------===// +// +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +// +//===----------------------------------------------------------------------===// +// +// Implementation of main so we can build and test without linking libFuzzer. +// +//===----------------------------------------------------------------------===// + +#include "mlir/IR/Diagnostics.h" +#include "mlir/IR/Dialect.h" +#include "mlir/IR/MLIRContext.h" +#include "mlir/Parser/Parser.h" +#include "llvm/ADT/StringRef.h" +#include "llvm/Support/Compiler.h" + +using namespace mlir; + +extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerTestOneInput(const uint8_t *data, + size_t size) { + // Skip empty inputs. + if (size <= 1 || data[size - 1] != 0) + return 0; + --size; + + // Create a null-terminated memory buffer from the input. + DialectRegistry registry; + MLIRContext context(registry); + context.allowUnregisteredDialects(); + + // Register diagnostic handler to avoid triggering exit behavior. + context.getDiagEngine().registerHandler( + [](mlir::Diagnostic &diag) { return; }); + + llvm::StringRef str(reinterpret_cast(data), size); + + // Parse module. The parsed module isn't used, so it is discarded post parse + // (successful or failure). The returned module is wrapped in a unique_ptr + // such that it is freed upon exit if returned. + (void)parseSourceString(str, &context); + return 0; +} + +extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerInitialize(int *argc, + char ***argv) { + return 0; +}