[llvm-dev] How is llvm-opt-fuzzer supposed to be built and used with a pass pipeline?
Jean-Pierre Münch via llvm-dev
llvm-dev at lists.llvm.org
Wed Aug 15 03:28:15 PDT 2018
Hello List,
I'm currently writing my own little optimization pass (on LLVM 6.0) and
considered it a neat idea to fuzz it using llvm-opt-fuzzer, which in
theory should be a ready-made tool for such jobs as far as I can tell,
potentially helping me to find UB and Address issues in my pass.
So I went ahead and followed the instructions in the build manual [1] to
build LLVM's llvm-opt-fuzzer as "RelWithDebInfo" with clang / clang++
using my 18.04.1 LTS Ubuntu instance (and its default clang which is
version 6.0). Then I tried to run llvm-opt-fuzzer and it complained that
it wasn't linked to LibFuzzer and thus no fuzzing would be performed. So
I hacked the Link.txt file for llvm-opt-fuzzer in my cmake build
directory to add the -fsanitize=fuzzer flag and remove the dummy object
file from linking. Now it would actually look at the corpus, but then
immediately give up because
"ERROR: no interesting inputs were found. Is the code instrumented for
coverage? Exiting."
at which point I'm lost because of my lack of experience with CMake and
LibFuzzer I don't know how I can build LLVM with the required
instrumentation.
So my (first) question is:
What are the proper arguments to pass to CMake to actually get
llvm-opt-fuzzer to work as intended?
Additionally my pass has the problem that it requires -loop-simplify
being run beforehand (which can't be requested using
AnalysisUsage.addRequired<>() apparently). So I tried to specify
'-passes "loop-simplify mypass"' to llvm-opt-fuzzer but it was rejected
because "./llvm-opt-fuzzer: can't parse pass pipeline". Naturally I
tried to find any documentation for this format but a search would only
show me the fact that LLVM applies all passes on a function / module
before moving on to the next for locality reasons.
So my (second) question is:
What are the proper arguments to pass to llvm-opt-fuzzer to have it run
more than one pass, e.g. first loop-simplify and then DCE?
Alternate (third?) question:
Is there any way to require the loops be in simplified form for your own
pass short of re-implementing loop-simplify yourself in your pass?
I hope somebody here can and is willing to help me.
Kind Regards
Jean-Pierre Münch
[1]: https://llvm.org/docs/CMake.html
P.S.: While on my above "adventure" I noticed that building LLVM with
clang and -DLLVM_USE_SANITIZER="MemoryWithOrigins" fails to complete
because it apparently detects a bug in one of the build helper tools.
More information about the llvm-dev
mailing list