This is an archive of the discontinued LLVM Phabricator instance.

Implemented Protobuf fuzzer for LLVM RISC-V MC Disassembler
Needs ReviewPublic

Authored by apazos on Sep 5 2018, 4:59 PM.

Details

Reviewers
mgrang
asb
jocewei
Summary

Fuzzer for LLVM MC Disassembler

  • Added generic function to generate a 32-bit value based on fuzzed 32-bit encoding and fuzzed opcode, using the appropriate fixed fields.
  • Example fuzzer's Protobuf represents the addi and xori instructions.
  • Implemented fuzzer for RV32 and RV64 ISAs for the I, M, A, F, D, and C extensions.
  • Also added completely unconstrained fuzzer, which generates a random 32-bit value and attempts to disassemble it.
  • This tool sets up the target (LLVM MC Disassembler) based on the llvm-mc tool rather than the obsolete llvm-mc-disassemble-fuzzer tool.
  • Added driver script (WIP) to verify LLVM MC Disassembler behavior against GNU.

Diff Detail

Event Timeline

jocewei created this revision.Sep 5 2018, 4:59 PM
jocewei updated this revision to Diff 164540.Sep 7 2018, 4:43 PM

Modified Python script.

jocewei updated this revision to Diff 164955.Sep 11 2018, 12:56 PM

Cleaned up code and refined Python driver script

jocewei retitled this revision from Implemented fuzzer for LLVM MC Disassembler (WIP) to Implemented fuzzer for LLVM MC Disassembler.Sep 11 2018, 12:56 PM
jocewei retitled this revision from Implemented fuzzer for LLVM MC Disassembler to Implemented Protobuf fuzzer for LLVM MC Disassembler.Sep 11 2018, 1:58 PM
jocewei updated this revision to Diff 164978.Sep 11 2018, 2:45 PM

Added README

apazos commandeered this revision.Oct 3 2018, 7:08 PM
apazos edited reviewers, added: jocewei; removed: apazos.
apazos added a comment.Oct 3 2018, 7:10 PM

Taken over the patch as Jocelyn is back to school.

apazos retitled this revision from Implemented Protobuf fuzzer for LLVM MC Disassembler to Implemented Protobuf fuzzer for LLVM RISC-V MC Disassembler.Oct 11 2018, 4:06 PM
apazos updated this revision to Diff 169349.Oct 11 2018, 7:16 PM

Removed PBM_FUZZ_PATH and PBM_REPO from build steps.
Relying on building these fuzzers with the latest version of libprotobuf (and libprotobuf-mutator), which should be installed in the system.

apazos updated this revision to Diff 169469.Oct 12 2018, 11:27 AM

Small fix in mcfuzzer.py

apazos updated this revision to Diff 169486.Oct 12 2018, 1:31 PM

Small fix in README.txt