[PATCH] D36275: Implement llvm-isel-fuzzer for fuzzing instruction selection

[Kostya Serebryany via Phabricator via llvm-commits]

kcc added a comment.

I've run `./bin/llvm-isel-fuzzer   -ignore_remaining_args=1 -mtriple x86_64-unknown-linux-gnu` for a few minutes and I got this:

25482==ERROR: AddressSanitizer: use-after-poison on address 0x621001698040 at pc 0x00000086c29f bp 0x7ffe31189870 sp 0x7ffe31189868
-----------------------------------------------------------------------------------------------------------------------------------

READ of size 8 at 0x621001698040 thread T0

  #0 0x86c29e in llvm::SDNode::use_empty() const /usr/local/google/home/kcc/llvm/include/llvm/CodeGen/SelectionDAGNodes.h:666:35
  #1 0x39bea98 in (anonymous namespace)::DAGCombiner::useDivRem(llvm::SDNode*) /usr/local/google/home/kcc/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp:2778:31
  #2 0x393fb48 in (anonymous namespace)::DAGCombiner::visitSDIV(llvm::SDNode*) /usr/local/google/home/kcc/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp:2912:26
  #3 0x392b092 in (anonymous namespace)::DAGCombiner::visit(llvm::SDNode*) /usr/local/google/home/kcc/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp:1488:40
  #4 0x3929270 in (anonymous namespace)::DAGCombiner::combine(llvm::SDNode*) /usr/local/google/home/kcc/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp:1579:16
  #5 0x3927a83 in (anonymous namespace)::DAGCombiner::Run(llvm::CombineLevel) /usr/local/google/home/kcc/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp:1427:18
  #6 0x39268f9 in llvm::SelectionDAG::Combine(llvm::CombineLevel, llvm::AAResults*, llvm::CodeGenOpt::Level) /usr/local/google/home/kcc/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp:17450:36
  #7 0x3c43f89 in llvm::SelectionDAGISel::CodeGenAndEmitDAG() /usr/local/google/home/kcc/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:744:13
  #8 0x3c43654 in llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Instruction, true, false, void>, false, true>, llvm::ilist_iterator<llvm::ilist_detail::node_options<llvm::Instruction, true, false, void>, false, true>, bool&) /usr/local/google/home/kcc/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:665:3
  #9 0x3c42a8d in llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) /usr/local/google/home/kcc/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1609:7
  #10 0x3c3de2f in llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&) /usr/local/google/home/kcc/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:466:3

Impressive. 
Let's get it to oss-fuzz!
(But as we discussed, need to encode the options in the binary name somehow)


https://reviews.llvm.org/D36275