[llvm-dev] llvm-mc-[dis]assemble-fuzzer status?
Justin Bogner via llvm-dev
llvm-dev at lists.llvm.org
Thu Aug 24 14:59:33 PDT 2017
Kostya Serebryany <kcc at google.com> writes:
>> I'd like llvm-isel-fuzzer to be added once its committed
>
> consider it done (once it's there)
>
>> (which should be as soon as LLVM fuzzers work in release builds
>> again). One potential issue is that llvm-isel-fuzzer is more of a
>> collection of fuzzers, and it needs some arguments to run (ie, to
>> choose the backend).
>
> I have the same problem with clang-proto-fuzzer, which uses the same
> approach with flags as llvm-isel-fuzzer.
>
> The solution I was thinking about is (drum roll!) to encode the flags in
> the binary name, e.g.
> "./llvm-isel-fuzzer,-flag1,-flag2" and then read these flags from argv[0]
> in LLVMFuzzerInitialize()
This is just horrible enough that it might work.
> Then in oss-fuzz build.sh we will just do this:
> for flags in -flag1a,-flag1b -flag2a,-flag2b; do
> cp llvm-isel-fuzzer $OUT/llvm-isel-fuzzer,$flags
> done
Would it work to just create a simple shell script that forwards to the
"real" fuzzer binary? Ie,
echo 'llvm-isel-fuzzer "$@" --ignore-remaining-flags=1 -mtriple=aarch64-apple-ios -global-isel -O0' > llvm-isel-fuzzer-aarch64-gisel
Then we could just tell OSS-Fuzz that llvm-isel-fuzzer-aarch64-gisel is
what we want to run. Depending on what OSS-Fuzz does with the binary I
could see this failing, of course.
More information about the llvm-dev
mailing list