This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
clang/tools/clang-fuzzer/handle-llvm/
-
tools/
-
clang-fuzzer/
-
handle-llvm/
3
CMakeLists.txt
53
handle_llvm.cpp

Differential D49526

Updated llvm-proto-fuzzer to execute the compiled code
ClosedPublic

Authored by emmettneyman on Jul 18 2018, 5:43 PM.

Download Raw Diff

Details

Reviewers

morehouse
kcc
alexander-shaposhnikov

Commits

rGe5581242a04a: Updated llvm-proto-fuzzer to execute the compiled code
rC338077: Updated llvm-proto-fuzzer to execute the compiled code
rL338077: Updated llvm-proto-fuzzer to execute the compiled code

Summary

Made changes to the llvm-proto-fuzzer

Added loop vectorizer optimization pass in order to have two IR versions
Updated old fuzz target to handle two different IR versions
Wrote code to execute both versions in memory

Diff Detail

Repository

rC Clang

Build Status

Buildable 20674
Build 20674: arc lint + arc unit

Event Timeline

emmettneyman created this revision.Jul 18 2018, 5:43 PM

Herald added a reviewer: alexander-shaposhnikov. · View Herald TranscriptJul 18 2018, 5:43 PM

Herald added subscribers: cfe-commits, mgorny. · View Herald Transcript

Harbormaster completed remote builds in B20500: Diff 156194.Jul 18 2018, 5:43 PM

The files

Object.h
Object.cpp
llvm-objcopy.h

are from llvm/tools/llvm-obj-copy with only slight modifications, mostly deleting irrelevant parts.

pcc added a subscriber: pcc.Jul 18 2018, 5:52 PM

pcc added inline comments.

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
202	Did you look at using LLVM's JIT infrastructure to do this?

You can probably get rid of the llvm-objcopy code and make this a lot simpler with something like:

Call getSection() on the Binary object to get the text section.
Read the sh_offset and sh_size of that section.
Copy sh_size bytes from the start of the binary buffer + sh_offset into your executable memory.
Run it.

Switched to JIT for compilation and execution

Harbormaster completed remote builds in B20525: Diff 156362.Jul 19 2018, 2:47 PM

Cleaned up leftover code from mmap memcpy

Harbormaster completed remote builds in B20526: Diff 156364.Jul 19 2018, 2:53 PM

Fixed typo that broke build

morehouse added inline comments.Jul 19 2018, 3:20 PM

clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
21	How are you doing your diff? Some of these changes are already upstream. Please rebase
clang/tools/clang-fuzzer/handle-llvm/fuzzer_initialize.cpp
52 ↗	(On Diff #156370)	Can we use `fuzzer-initialize/` now?
clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
53	Unless there's a good reason for global, let's make this a local.

pcc added inline comments.Jul 19 2018, 3:22 PM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
182–195	Can you move this code (and maybe more of the duplicated code below) into a function and call it twice?

Made fixes to patch, rebased CMake file

Harbormaster completed remote builds in B20619: Diff 156862.Jul 23 2018, 1:25 PM

Cleaned up code

Tried to get rid of ParseCommandLineOptions() call but could not figure out
how to initialize a PassInfo object without it.

Harbormaster completed remote builds in B20674: Diff 157138.Jul 24 2018, 3:00 PM

morehouse added inline comments.Jul 24 2018, 4:04 PM

clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
17	Typo introduced here.
25	Please don't add whitespace to a previously empty line.
clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
10	an -> a
112	Maybe this should be `const std::string &IR` or `StringRef`.
113	Does this need to be called every time we get a new input? Can we call this from `LLVMFuzzerInitialize()`?
123	This shouldn't be required. You should be able to directly add the passes you want. See `llvm/lib/Passes/PassBuilder.cpp`.
132	Move this closer to where it's used.
133	`Options` is never used.
136	`TM` is never used.
137	Does this do anything since `CPUStr` and `FeaturesStr` are empty?
145	Can we just make `FPasses` on stack instead?
190	These 3 lines can be combined to `builder.setMCJITMemoryManager(new SectionMemoryManager())`

emmettneyman added inline comments.Jul 24 2018, 5:36 PM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
190	I use RTDyldMM on line 208. Should I just keep these lines as they are?

morehouse added inline comments.Jul 24 2018, 5:43 PM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
190	Ah, missed that. In that case, you can probably simplify this line to `builder.setMCJITMemoryManager(RTDyldMM)`.

emmettneyman added inline comments.Jul 25 2018, 10:53 AM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
190	It looks like set `MCJITMemoryManager()` needs to take a `unique_ptr`. I'm not sure how to clean it up any more than it already is.

morehouse added inline comments.Jul 25 2018, 11:03 AM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
190	Does it not implicitly cast?

emmettneyman added inline comments.Jul 25 2018, 11:11 AM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
190	No, I think it only works in the other direction.

morehouse added inline comments.Jul 25 2018, 11:24 AM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
190	Ok, I see. The constructor we need is marked explicit...
208	This cast shouldn't be necessary.

emmettneyman added inline comments.Jul 25 2018, 12:02 PM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
208	Turns out this line is redundant anyways. `EE->finalizeObject()`calls `invalidateInstructionCache()`.

cleaned up code and moved initialization code
removed fake command line parsing

morehouse added inline comments.Jul 25 2018, 1:07 PM

clang/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp
44 ↗	(On Diff #157335)	Unnecessary `llvm::`
clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
130	If we do this, do we need to explicitly add the vectorizer pass below?
134	Let's simplify to `setFunctionAttributes(getCPUStr(), getFeaturesStr(), *M)`.
136	`OLvl` is never used.
139	Can simplify to `Passes.add(new TargetLibraryInfoWrapperPass(M->getTargetTriple))`.
144	Why do we add a `TargetTransformInfoWrapperPass` to both `Passes` and `FPasses`?
144	Do we need both `Passes` and `FPasses`?
150	Let's simplify to `Passes.add(createLoopVectorizePass())`.
156	Why do we keep adding passes in different places?
176	Why not just rename `Owner` to `M` and remove this line?
190	Please simplify to `builder.setMCJITMemoryManager(std::make_unique<RTDyldMemoryManager>())`.
191	If the JIT does optimization already, do we need to call `OptLLVM` at all? Will the vectorizer kick in without `OptLLVM`?
200	Move this closer to where it's used.
203	Do we need to call this again to run destructors after we execute `f()` ?
215–216	I think `f(a, b, c, 1)` will also work.

emmettneyman added inline comments.Jul 25 2018, 4:09 PM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
130	No we don't. I've deleted the line below.
139	Contrary to the function's name, `getTargetTriple()` actually returns a `string`, not a `Triple`. But I changed it to `new TargetLibraryInfoWrapperPass(ModuleTriple)` and deleted line 109.
144	I think because we're just adding a loop vectorize pass, we don't need `FPasses`. The loop vectorize pass lives within the regular `ModulePassManager`, not the `FunctionPassManager`. I decided to put it in the code so, in the future, it would be easier to add different kinds of passes to the fuzz target. Should I remove it?
191	I'll look into this more. I couldn't find an answer quickly.

Fixed some things, made code cleaner

emmettneyman added inline comments.Jul 25 2018, 4:17 PM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
191	No, the JIT doesn't run any optimization passes. The optimization level given just controls CodeGen. Source: http://lists.llvm.org/pipermail/llvm-dev/2016-May/099631.html

morehouse added inline comments.Jul 26 2018, 9:17 AM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
144	Let's remove it since it's currently unnecessary.
175	The indentation looks off. Please fix.
188	This uses `llvm:make_unique`, which was written when LLVM used C++11. But since LLVM now uses C++14, I think we should use `std::make_unique` instead.
216	Remove whitespace on empty lines. Actually, you could probably remove this line altogether since the call to `f()` can be grouped with the parameter setup above.
220	We're allowing the JIT opt-level to be specified on the command line, but we're hard-coding OptLevel=3 for the optimization passes. Do we need to allow the opt-level to be specified on the command line?

pcc added inline comments.Jul 26 2018, 11:44 AM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
188	LLVM doesn't use C++14 yet.

emmettneyman added inline comments.Jul 26 2018, 11:48 AM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
176	Reverted it back since the change caused the fuzzer to crash.
188	We talked offline, but just to put it in writing: My current LLVM build uses C++11 so I'm keeping it `llvm::make_unique`.
220	Good point. Will change to make `OptLLVM()` use the same optimization level as the JIT Engine.

Code style fixes
Removed FPasses
Allowed CL Args to specify opt level for OptLLVM()

Small change to fix line length

Harbormaster completed remote builds in B20743: Diff 157545.Jul 26 2018, 11:50 AM

Do we need to parse the arguments for opt-level, or can we just hardcode -O2 and remove the argument parsing code?

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
172	Shouldn't `OLvl` be a `CodeGenOpt::Level`?
176	You will need to move any uses of `M` above the call to `std::move`, since that leaves `M` in an invalid state.

In D49526#1177208, @morehouse wrote:

Do we need to parse the arguments for opt-level, or can we just hardcode -O2 and remove the argument parsing code?

I have the argument parsing code since the original clang-proto-fuzzer code had it and @kcc mentioned we might want to change the command line arguments in the future.

Changed int to CodeGenOpt::Level and fixed unique_ptr issue

Harbormaster completed remote builds in B20746: Diff 157553.Jul 26 2018, 1:03 PM

morehouse added inline comments.Jul 26 2018, 2:16 PM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
239	We should be able to get rid of this line now, and rename Owner again.

morehouse added inline comments.Jul 26 2018, 2:18 PM

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
267	Can we use `reinterpret_cast` here?

Made some minor fixes

Harbormaster completed remote builds in B20750: Diff 157577.Jul 26 2018, 2:32 PM

morehouse accepted this revision.Jul 26 2018, 2:35 PM

This revision is now accepted and ready to land.Jul 26 2018, 2:35 PM

Closed by commit rL338077: Updated llvm-proto-fuzzer to execute the compiled code (authored by emmettneyman). · Explain WhyJul 26 2018, 3:23 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

clang/

tools/

clang-fuzzer/

handle-llvm/

CMakeLists.txt

16 lines

handle_llvm.cpp

220 lines

Diff 157138

clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt

	set(LLVM_LINK_COMPONENTS			set(LLVM_LINK_COMPONENTS
				CodeGen
	Core			Core
				ExecutionEngine
	IRReader			IRReader
	MC			MC
				MCJIT
				Object
				RuntimeDyld
				SelectionDAG
	Support			Support
	Analysis			Target
				TransformUtils
				native
	)			)

	# Depend on LLVM IR intrinsic generation.			# Depend on LLVM IR instrinsic generation.
				morehouseUnsubmitted Not Done Reply Inline Actions Typo introduced here. morehouse: Typo introduced here.
	set(handle_llvm_deps intrinsics_gen)			set(handle_llvm_deps intrinsics_gen)
	if (CLANG_BUILT_STANDALONE)			if (CLANG_BUILT_STANDALONE)
	set(handle_llvm_deps)			set(handle_llvm_deps)
	endif()			endif()
				morehouseUnsubmitted Not Done Reply Inline Actions How are you doing your diff? Some of these changes are already upstream. Please rebase morehouse: How are you doing your diff? Some of these changes are already upstream. Please rebase

	add_clang_library(clangHandleLLVM			add_clang_library(clangHandleLLVM
	handle_llvm.cpp			handle_llvm.cpp

				morehouseUnsubmitted Not Done Reply Inline Actions Please don't add whitespace to a previously empty line. morehouse: Please don't add whitespace to a previously empty line.
	DEPENDS			DEPENDS
	${handle_llvm_deps}			${handle_llvm_deps}
	)			)

clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp

	//==-- handle_llvm.cpp - Helper function for Clang fuzzers -----------------==//			//==-- handle_llvm.cpp - Helper function for Clang fuzzers -----------------==//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	//			//
	// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to			// Implements HandleLLVM for use by the Clang fuzzers. First runs an loop
				morehouseUnsubmitted Not Done Reply Inline Actions an -> a morehouse: an -> a
	// compile an LLVM IR file to X86_64 assembly.			// vectorizer optimization pass over the given IR code. Then mimics lli on both
				// versions to JIT the generated code and execute it. Currently, functions are
				// executed on dummy inputs.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#include "handle_llvm.h"			#include "handle_llvm.h"

	#include "llvm/ADT/Triple.h"			#include "llvm/ADT/Triple.h"
	#include "llvm/Analysis/TargetLibraryInfo.h"			#include "llvm/Analysis/TargetLibraryInfo.h"
				#include "llvm/Analysis/TargetTransformInfo.h"
	#include "llvm/CodeGen/CommandFlags.inc"			#include "llvm/CodeGen/CommandFlags.inc"
	#include "llvm/CodeGen/MachineModuleInfo.h"			#include "llvm/CodeGen/MachineModuleInfo.h"
				#include "llvm/CodeGen/TargetPassConfig.h"
				#include "llvm/ExecutionEngine/JITEventListener.h"
				#include "llvm/ExecutionEngine/JITSymbol.h"
				#include "llvm/ExecutionEngine/MCJIT.h"
				#include "llvm/ExecutionEngine/ObjectCache.h"
				#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
				#include "llvm/ExecutionEngine/SectionMemoryManager.h"
				#include "llvm/IR/IRPrintingPasses.h"
	#include "llvm/IR/LegacyPassManager.h"			#include "llvm/IR/LegacyPassManager.h"
				#include "llvm/IR/LegacyPassNameParser.h"
	#include "llvm/IR/LLVMContext.h"			#include "llvm/IR/LLVMContext.h"
	#include "llvm/IR/Module.h"			#include "llvm/IR/Module.h"
	#include "llvm/IR/Verifier.h"			#include "llvm/IR/Verifier.h"
	#include "llvm/IRReader/IRReader.h"			#include "llvm/IRReader/IRReader.h"
				#include "llvm/Pass.h"
	#include "llvm/PassRegistry.h"			#include "llvm/PassRegistry.h"
	#include "llvm/Support/InitLLVM.h"
	#include "llvm/Support/MemoryBuffer.h"			#include "llvm/Support/MemoryBuffer.h"
	#include "llvm/Support/SourceMgr.h"			#include "llvm/Support/SourceMgr.h"
	#include "llvm/Support/TargetRegistry.h"			#include "llvm/Support/TargetRegistry.h"
				#include "llvm/Support/TargetSelect.h"
	#include "llvm/Target/TargetMachine.h"			#include "llvm/Target/TargetMachine.h"
				#include "llvm/Transforms/IPO/PassManagerBuilder.h"
	#include <cstdlib>			#include "llvm/Transforms/IPO.h"

	using namespace llvm;			using namespace llvm;

				static cl::list<const PassInfo*, bool, PassNameParser>
				PassList(cl::desc("Optimizations available:"));

				// Helper function to parse command line args and find the optimization level
				morehouseUnsubmitted Not Done Reply Inline Actions Unless there's a good reason for global, let's make this a local. morehouse: Unless there's a good reason for global, let's make this a local.
	static void getOptLevel(const std::vector<const char *> &ExtraArgs,			static void getOptLevel(const std::vector<const char *> &ExtraArgs,
	CodeGenOpt::Level &OLvl) {			CodeGenOpt::Level &OLvl) {
	// Find the optimization level from the command line args			// Find the optimization level from the command line args
	OLvl = CodeGenOpt::Default;			OLvl = CodeGenOpt::Default;
	for (auto &A : ExtraArgs) {			for (auto &A : ExtraArgs) {
	if (A[0] == '-' && A[1] == 'O') {			if (A[0] == '-' && A[1] == 'O') {
	switch(A[2]) {			switch(A[2]) {
	case '0': OLvl = CodeGenOpt::None; break;			case '0': OLvl = CodeGenOpt::None; break;
	case '1': OLvl = CodeGenOpt::Less; break;			case '1': OLvl = CodeGenOpt::Less; break;
	case '2': OLvl = CodeGenOpt::Default; break;			case '2': OLvl = CodeGenOpt::Default; break;
	case '3': OLvl = CodeGenOpt::Aggressive; break;			case '3': OLvl = CodeGenOpt::Aggressive; break;
	default:			default:
	errs() << "error: opt level must be between 0 and 3.\n";			errs() << "error: opt level must be between 0 and 3.\n";
	std::exit(1);			std::exit(1);
	}			}
	}			}
	}			}
	}			}

	void clang_fuzzer::HandleLLVM(const std::string &S,			// Helper function to call pass initialization functions
	const std::vector<const char *> &ExtraArgs) {			void InitEverything() {
	// Parse ExtraArgs to set the optimization level			PassRegistry &Registry = *PassRegistry::getPassRegistry();
	CodeGenOpt::Level OLvl;			initializeCore(Registry);
	getOptLevel(ExtraArgs, OLvl);			initializeScalarOpts(Registry);
				initializeVectorization(Registry);
	// Set the Module to include the the IR code to be compiled			initializeIPO(Registry);
	SMDiagnostic Err;			initializeAnalysis(Registry);
				initializeTransformUtils(Registry);
	LLVMContext Context;			initializeInstCombine(Registry);
	std::unique_ptr<Module> M = parseIR(MemoryBufferRef(S, "IR"), Err, Context);			initializeAggressiveInstCombine(Registry);
	if (!M) {			initializeInstrumentation(Registry);
	errs() << "error: could not parse IR!\n";			initializeTarget(Registry);
	std::exit(1);
	}			}

	// Create a new Target			void ErrorAndExit(std::string message) {
	std::string Error;			errs()<< "ERROR: " << message << "\n";
	const Target *TheTarget = TargetRegistry::lookupTarget(
	sys::getDefaultTargetTriple(), Error);
	if (!TheTarget) {
	errs() << Error;
	std::exit(1);			std::exit(1);
	}			}

				// Helper function to add optimization passes to the TargetMachine at the
				// specified optimization level, OptLevel
				static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
				legacy::FunctionPassManager &FPM,
				unsigned OptLevel, unsigned SizeLevel) {
				// Verify that input is correct by adding a verifier pass
				FPM.add(createVerifierPass());

				// Create and initializa a PassManagerBuilder
				PassManagerBuilder Builder;
				Builder.OptLevel = OptLevel;
				Builder.SizeLevel = SizeLevel;
				Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
				Builder.LoopVectorize = true;
				Builder.populateFunctionPassManager(FPM);
				Builder.populateModulePassManager(MPM);
				}

				// Mimics the opt tool to run an optimization pass over the provided IR
				std::string OptLLVM(const std::string IR, CodeGenOpt::Level &OLvl) {
				morehouseUnsubmitted Not Done Reply Inline Actions Maybe this should be `const std::string &IR` or `StringRef`. morehouse: Maybe this should be `const std::string &IR` or `StringRef`.
				InitEverything();
				morehouseUnsubmitted Not Done Reply Inline Actions Does this need to be called every time we get a new input? Can we call this from `LLVMFuzzerInitialize()`? morehouse: Does this need to be called every time we get a new input? Can we call this from…

				// Mimic argc and argv and pass them to ParseCommandLineOptions to initilize
				// PassList, ie which optimizations we want to run on the IR
				// TODO: Find a better way of doing this
				const char *args[2];
				std::string arg0 = "llvm-proto-fuzzer";
				std::string arg1 = "-loop-vectorize";
				args[0] = arg0.c_str();
				args[1] = arg1.c_str();
				cl::ParseCommandLineOptions(2, args);
				morehouseUnsubmitted Not Done Reply Inline Actions This shouldn't be required. You should be able to directly add the passes you want. See `llvm/lib/Passes/PassBuilder.cpp`. morehouse: This shouldn't be required. You should be able to directly add the passes you want. See…

				// Create a module that will run the optimization passes
				SMDiagnostic Err;
				LLVMContext Context;
				std::unique_ptr<Module> M = parseIR(MemoryBufferRef(IR, "IR"), Err, Context);
				if (!M \|\| verifyModule(*M, &errs()))
				ErrorAndExit("Could not parse IR");
				morehouseUnsubmitted Not Done Reply Inline Actions If we do this, do we need to explicitly add the vectorizer pass below? morehouse: If we do this, do we need to explicitly add the vectorizer pass below?
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions No we don't. I've deleted the line below. emmettneyman: No we don't. I've deleted the line below.

				Triple ModuleTriple(M->getTargetTriple());
				morehouseUnsubmitted Not Done Reply Inline Actions Move this closer to where it's used. morehouse: Move this closer to where it's used.
	TargetOptions Options = InitTargetOptionsFromCodeGenFlags();			TargetOptions Options = InitTargetOptionsFromCodeGenFlags();
				morehouseUnsubmitted Not Done Reply Inline Actions `Options` is never used. morehouse: `Options` is never used.
				std::string CPUStr;
				morehouseUnsubmitted Not Done Reply Inline Actions Let's simplify to `setFunctionAttributes(getCPUStr(), getFeaturesStr(), M)`. morehouse:* Let's simplify to `setFunctionAttributes(getCPUStr(), getFeaturesStr(), *M)`.
				std::string FeaturesStr;
				std::unique_ptr<TargetMachine> TM(nullptr);
				morehouseUnsubmitted Not Done Reply Inline Actions `TM` is never used. morehouse: `TM` is never used.
				morehouseUnsubmitted Not Done Reply Inline Actions `OLvl` is never used. morehouse: `OLvl` is never used.
				setFunctionAttributes(CPUStr, FeaturesStr, *M);
				morehouseUnsubmitted Not Done Reply Inline Actions Does this do anything since `CPUStr` and `FeaturesStr` are empty? morehouse: Does this do anything since `CPUStr` and `FeaturesStr` are empty?

	// Create a new Machine			legacy::PassManager Passes;
				morehouseUnsubmitted Not Done Reply Inline Actions Can simplify to `Passes.add(new TargetLibraryInfoWrapperPass(M->getTargetTriple))`. morehouse: Can simplify to `Passes.add(new TargetLibraryInfoWrapperPass(M->getTargetTriple))`.
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions Contrary to the function's name, `getTargetTriple()` actually returns a `string`, not a `Triple`. But I changed it to `new TargetLibraryInfoWrapperPass(ModuleTriple)` and deleted line 109. emmettneyman: Contrary to the function's name, `getTargetTriple()` actually returns a `string`, not a…
	std::string CPUStr = getCPUStr();			TargetLibraryInfoImpl TLII(ModuleTriple);
	std::string FeaturesStr = getFeaturesStr();			Passes.add(new TargetLibraryInfoWrapperPass(TLII));
	std::unique_ptr<TargetMachine> Target(TheTarget->createTargetMachine(			Passes.add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
	sys::getDefaultTargetTriple(), CPUStr, FeaturesStr, Options,
	getRelocModel(), getCodeModel(), OLvl));			std::unique_ptr<legacy::FunctionPassManager> FPasses;
				morehouseUnsubmitted Not Done Reply Inline Actions Why do we add a `TargetTransformInfoWrapperPass` to both `Passes` and `FPasses`? morehouse: Why do we add a `TargetTransformInfoWrapperPass` to both `Passes` and `FPasses`?
				morehouseUnsubmitted Not Done Reply Inline Actions Do we need both `Passes` and `FPasses`? morehouse: Do we need both `Passes` and `FPasses`?
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions I think because we're just adding a loop vectorize pass, we don't need `FPasses`. The loop vectorize pass lives within the regular `ModulePassManager`, not the `FunctionPassManager`. I decided to put it in the code so, in the future, it would be easier to add different kinds of passes to the fuzz target. Should I remove it? emmettneyman: I think because we're just adding a loop vectorize pass, we don't need `FPasses`. The loop…
				morehouseUnsubmitted Not Done Reply Inline Actions Let's remove it since it's currently unnecessary. morehouse: Let's remove it since it's currently unnecessary.
				FPasses.reset(new legacy::FunctionPassManager(M.get()));
				morehouseUnsubmitted Not Done Reply Inline Actions Can we just make `FPasses` on stack instead? morehouse: Can we just make `FPasses` on stack instead?
	// Create a new PassManager			FPasses->add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
	legacy::PassManager PM;
	TargetLibraryInfoImpl TLII(Triple(M->getTargetTriple()));			AddOptimizationPasses(Passes, *FPasses, 3, 0);
	PM.add(new TargetLibraryInfoWrapperPass(TLII));			const PassInfo *PassInf = PassList[0];
	M->setDataLayout(Target->createDataLayout());			Pass *P = PassInf->getNormalCtor()();
				morehouseUnsubmitted Not Done Reply Inline Actions Let's simplify to `Passes.add(createLoopVectorizePass())`. morehouse: Let's simplify to `Passes.add(createLoopVectorizePass())`.
				if (!P)
	// Make sure the Module has no errors			ErrorAndExit("Cannot create IR pass");
	if (verifyModule(*M, &errs())) {			Passes.add(P);
	errs() << "error: input module is broken!\n";
	std::exit(1);			FPasses->doInitialization();
				for (Function &F : *M)
				morehouseUnsubmitted Not Done Reply Inline Actions Why do we keep adding passes in different places? morehouse: Why do we keep adding passes in different places?
				FPasses->run(F);
				FPasses->doFinalization();
				Passes.add(createVerifierPass());

				// Add a pass that writes the optimized IR to an output stream
				std::string outString;
				raw_string_ostream OS(outString);
				Passes.add(createPrintModulePass(OS, "", false));

				Passes.run(*M);

				return OS.str();
	}			}

	setFunctionAttributes(CPUStr, FeaturesStr, *M);			void CreateAndRunJITFun(std::string IR, CodeGenOpt::Level OLvl) {
				SMDiagnostic Err;
				morehouseUnsubmitted Not Done Reply Inline Actions Shouldn't `OLvl` be a `CodeGenOpt::Level`? morehouse: Shouldn't `OLvl` be a `CodeGenOpt::Level`?
				LLVMContext Context;
				std::unique_ptr<Module> Owner = parseIR(MemoryBufferRef(IR, "IR"), Err,
				Context);
				morehouseUnsubmitted Not Done Reply Inline Actions The indentation looks off. Please fix. morehouse: The indentation looks off. Please fix.
				Module *M = Owner.get();
				morehouseUnsubmitted Not Done Reply Inline Actions Why not just rename `Owner` to `M` and remove this line? morehouse: Why not just rename `Owner` to `M` and remove this line?
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions Reverted it back since the change caused the fuzzer to crash. emmettneyman: Reverted it back since the change caused the fuzzer to crash.
				morehouseUnsubmitted Not Done Reply Inline Actions You will need to move any uses of `M` above the call to `std::move`, since that leaves `M` in an invalid state. morehouse: You will need to move any uses of `M` above the call to `std::move`, since that leaves `M` in…
				if (!M)
				ErrorAndExit("Could not parse IR");

				std::string ErrorMsg;
				EngineBuilder builder(std::move(Owner));
				builder.setMArch(MArch);
				builder.setMCPU(getCPUStr());
				builder.setMAttrs(getFeatureList());
				builder.setErrorStr(&ErrorMsg);
				builder.setEngineKind(EngineKind::JIT);
				builder.setUseOrcMCJITReplacement(false);
				RTDyldMemoryManager *RTDyldMM = new SectionMemoryManager();
				morehouseUnsubmitted Not Done Reply Inline Actions This uses `llvm:make_unique`, which was written when LLVM used C++11. But since LLVM now uses C++14, I think we should use `std::make_unique` instead. morehouse: This uses `llvm:make_unique`, which was written when LLVM used C++11. But since LLVM now uses…
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions We talked offline, but just to put it in writing: My current LLVM build uses C++11 so I'm keeping it `llvm::make_unique`. emmettneyman: We talked offline, but just to put it in writing: My current LLVM build uses C++11 so I'm…
				pccUnsubmitted Not Done Reply Inline Actions LLVM doesn't use C++14 yet. pcc: LLVM doesn't use C++14 yet.
				builder.setMCJITMemoryManager(
				std::unique_ptr<RTDyldMemoryManager>(RTDyldMM));
				morehouseUnsubmitted Not Done Reply Inline Actions These 3 lines can be combined to `builder.setMCJITMemoryManager(new SectionMemoryManager())` morehouse: These 3 lines can be combined to `builder.setMCJITMemoryManager(new SectionMemoryManager())`
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions I use RTDyldMM on line 208. Should I just keep these lines as they are? emmettneyman: I use RTDyldMM on line 208. Should I just keep these lines as they are?
				morehouseUnsubmitted Not Done Reply Inline Actions Ah, missed that. In that case, you can probably simplify this line to `builder.setMCJITMemoryManager(RTDyldMM)`. morehouse: Ah, missed that. In that case, you can probably simplify this line to `builder.
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions It looks like set `MCJITMemoryManager()` needs to take a `unique_ptr`. I'm not sure how to clean it up any more than it already is. emmettneyman: It looks like set `MCJITMemoryManager()` needs to take a `unique_ptr`. I'm not sure how to…
				morehouseUnsubmitted Not Done Reply Inline Actions Does it not implicitly cast? morehouse: Does it not implicitly cast?
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions No, I think it only works in the other direction. emmettneyman: No, I think it only works in the other direction.
				morehouseUnsubmitted Not Done Reply Inline Actions Ok, I see. The constructor we need is marked explicit... morehouse: Ok, I see. The constructor we need is marked explicit...
				morehouseUnsubmitted Not Done Reply Inline Actions Please simplify to `builder.setMCJITMemoryManager(std::make_unique<RTDyldMemoryManager>())`. morehouse: Please simplify to `builder.setMCJITMemoryManager(std::make_unique<RTDyldMemoryManager>())`.
				builder.setOptLevel(OLvl);
				morehouseUnsubmitted Not Done Reply Inline Actions If the JIT does optimization already, do we need to call `OptLLVM` at all? Will the vectorizer kick in without `OptLLVM`? morehouse: If the JIT does optimization already, do we need to call `OptLLVM` at all? Will the vectorizer…
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions I'll look into this more. I couldn't find an answer quickly. emmettneyman: I'll look into this more. I couldn't find an answer quickly.
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions No, the JIT doesn't run any optimization passes. The optimization level given just controls CodeGen. Source: http://lists.llvm.org/pipermail/llvm-dev/2016-May/099631.html emmettneyman: No, the JIT doesn't run any optimization passes. The optimization level given just controls…
				builder.setTargetOptions(InitTargetOptionsFromCodeGenFlags());

				std::unique_ptr<ExecutionEngine> EE(builder.create());
				if (!EE)
				pccUnsubmitted Not Done Reply Inline Actions Can you move this code (and maybe more of the duplicated code below) into a function and call it twice? pcc: Can you move this code (and maybe more of the duplicated code below) into a function and call…
				ErrorAndExit("Could not create execution engine");

				Function *EntryFunc = M->getFunction("foo");
				if (!EntryFunc)
				ErrorAndExit("Function not found in module");
				morehouseUnsubmitted Not Done Reply Inline Actions Move this closer to where it's used. morehouse: Move this closer to where it's used.

				EE->finalizeObject();
				pccUnsubmitted Not Done Reply Inline Actions Did you look at using LLVM's JIT infrastructure to do this? pcc: Did you look at using LLVM's JIT infrastructure to do this?
				EE->runStaticConstructorsDestructors(false);
				morehouseUnsubmitted Not Done Reply Inline Actions Do we need to call this again to run destructors after we execute `f()` ? morehouse: Do we need to call this again to run destructors after we execute `f()` ?

				typedef void (func)(int, int, int, int);
				func f = (func) EE->getPointerToFunction(EntryFunc);

				static_cast<SectionMemoryManager*>(RTDyldMM)->invalidateInstructionCache();
				morehouseUnsubmitted Not Done Reply Inline Actions This cast shouldn't be necessary. morehouse: This cast shouldn't be necessary.
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions Turns out this line is redundant anyways. `EE->finalizeObject()`calls `invalidateInstructionCache()`. emmettneyman: Turns out this line is redundant anyways. `EE->finalizeObject()`calls…

				// Define some dummy arrays to use an input for now
				int a[] = {1};
				int b[] = {1};
				int c[] = {1};

				(*f)(a, b, c, 1);
				}
				morehouseUnsubmitted Not Done Reply Inline Actions I think `f(a, b, c, 1)` will also work. morehouse: I think `f(a, b, c, 1)` will also work.
				morehouseUnsubmitted Not Done Reply Inline Actions Remove whitespace on empty lines. Actually, you could probably remove this line altogether since the call to `f()` can be grouped with the parameter setup above. morehouse: Remove whitespace on empty lines. Actually, you could probably remove this line altogether…

				// Main fuzz target called by ExampleClangLLVMProtoFuzzer.cpp
				// Mimics the lli tool to JIT the LLVM IR code and execute it
				void clang_fuzzer::HandleLLVM(const std::string &IR,
				morehouseUnsubmitted Not Done Reply Inline Actions We're allowing the JIT opt-level to be specified on the command line, but we're hard-coding OptLevel=3 for the optimization passes. Do we need to allow the opt-level to be specified on the command line? morehouse: We're allowing the JIT opt-level to be specified on the command line, but we're hard-coding…
				emmettneymanAuthorUnsubmitted Not Done Reply Inline Actions Good point. Will change to make `OptLLVM()` use the same optimization level as the JIT Engine. emmettneyman: Good point. Will change to make `OptLLVM()` use the same optimization level as the JIT Engine.
				const std::vector<const char *> &ExtraArgs) {
				// Parse ExtraArgs to set the optimization level
				CodeGenOpt::Level OLvl;
				getOptLevel(ExtraArgs, OLvl);

				// First we optimize the IR by running a loop vectorizer pass
				std::string OptIR = OptLLVM(IR, OLvl);

	raw_null_ostream OS;			CreateAndRunJITFun(OptIR, OLvl);
	Target->addPassesToEmitFile(PM, OS, nullptr, TargetMachine::CGFT_ObjectFile,			CreateAndRunJITFun(IR, CodeGenOpt::None);
	false);
	PM.run(*M);

	return;			return;
	}			}
				morehouseUnsubmitted Not Done Reply Inline Actions We should be able to get rid of this line now, and rename Owner again. morehouse: We should be able to get rid of this line now, and rename Owner again.
				morehouseUnsubmitted Not Done Reply Inline Actions Can we use `reinterpret_cast` here? morehouse: Can we use `reinterpret_cast` here?