Index: llvm/tools/llvm-mc-assemble-fuzzer/CMakeLists.txt =================================================================== --- llvm/tools/llvm-mc-assemble-fuzzer/CMakeLists.txt +++ llvm/tools/llvm-mc-assemble-fuzzer/CMakeLists.txt @@ -6,6 +6,7 @@ MC MCParser Support + FuzzMutate ) add_llvm_fuzzer(llvm-mc-assemble-fuzzer llvm-mc-assemble-fuzzer.cpp Index: llvm/tools/llvm-mc-assemble-fuzzer/llvm-mc-assemble-fuzzer.cpp =================================================================== --- llvm/tools/llvm-mc-assemble-fuzzer/llvm-mc-assemble-fuzzer.cpp +++ llvm/tools/llvm-mc-assemble-fuzzer/llvm-mc-assemble-fuzzer.cpp @@ -8,6 +8,8 @@ // //===----------------------------------------------------------------------===// +#include "llvm/FuzzMutate/FuzzerCLI.h" +#include "llvm/FuzzMutate/IRMutator.h" #include "llvm-c/Target.h" #include "llvm/MC/SubtargetFeature.h" #include "llvm/MC/MCAsmBackend.h" @@ -36,6 +38,10 @@ using namespace llvm; +// This is used for overriding target triple through name mangling in the binary name. +static cl::opt + TargetTripleStr("mtriple", cl::desc("Override target triple for module")); + static cl::opt TripleName("triple", cl::desc("Target triple to assemble for, " "see -version for available targets")); @@ -55,6 +61,7 @@ MAttrs("mattr", cl::CommaSeparated, cl::desc("Target specific attributes (-mattr=help for details)"), cl::value_desc("a1,+a2,-a3,...")); + // The feature string derived from -mattr's values. std::string FeaturesStr; @@ -62,6 +69,7 @@ FuzzerArgs("fuzzer-args", cl::Positional, cl::desc("Options to pass to the fuzzer"), cl::ZeroOrMore, cl::PositionalEatsArgs); + static std::vector ModifiedArgv; enum OutputFileType { @@ -250,9 +258,12 @@ extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerInitialize(int *argc, char ***argv) { // The command line is unusual compared to other fuzzers due to the need to - // specify the target. Options like -triple, -mcpu, and -mattr work like - // their counterparts in llvm-mc, while -fuzzer-args collects options for the - // fuzzer itself. + // specify more than just the target. Options like -triple, -mcpu, + // and -mattr work like their counterparts in llvm-mc, while -fuzzer-args + // collects options for the fuzzer itself. + // Like other fuzzers though, you may mangle the target argument into + // file name of the binary itself. If you do this it will override the + // -triple argument. // // Examples: // @@ -278,6 +289,10 @@ LLVMInitializeAllTargetMCs(); LLVMInitializeAllAsmParsers(); + // Parse any arguments mangled into the file name. + llvm::handleExecNameEncodedOptimizerOpts(*argv[0]); + parseFuzzerCLOpts(*argc, *argv); + cl::ParseCommandLineOptions(*argc, OriginalArgv); // Rebuild the argv without the arguments llvm-mc-fuzzer consumed so that @@ -306,8 +321,14 @@ FeaturesStr = Features.getString(); } - if (TripleName.empty()) + // If the binary name has a target triple mangled into it, overwride the triple + // argument with it. + if (!TargetTripleStr.empty()){ + TripleName.setValue(TargetTripleStr.getValue()); + } + else if (TripleName.empty()){ TripleName = sys::getDefaultTargetTriple(); + } return 0; }