[Mlir-commits] [mlir] 450692d - [mlir] Add simple fuzzer for textual format

Jacques Pienaar llvmlistbot at llvm.org
Wed Mar 23 14:33:59 PDT 2022 

Author: Jacques Pienaar
Date: 2022-03-23T14:33:50-07:00
New Revision: 450692d5b4d7b033c7000ea78a4a7e9da1d1d97f

URL: https://github.com/llvm/llvm-project/commit/450692d5b4d7b033c7000ea78a4a7e9da1d1d97f
DIFF: https://github.com/llvm/llvm-project/commit/450692d5b4d7b033c7000ea78a4a7e9da1d1d97f.diff

LOG: [mlir] Add simple fuzzer for textual format

Only use this on generic parser for now by not registering any dialect. For flushing out some parser bugs. The textual format is not meant to be load bearing in production runs, but still useful to remove edge cases/failures.

Differential Revision: https://reviews.llvm.org/D122267

Added: 
    mlir/tools/mlir-parser-fuzzer/CMakeLists.txt
    mlir/tools/mlir-parser-fuzzer/DummyParserFuzzer.cpp
    mlir/tools/mlir-parser-fuzzer/mlir-parser-fuzzer.cpp

Modified: 
    mlir/tools/CMakeLists.txt

Removed: 
    


################################################################################
diff  --git a/mlir/tools/CMakeLists.txt b/mlir/tools/CMakeLists.txt
index 16fa0f03f09dd..a19831c64feb1 100644
--- a/mlir/tools/CMakeLists.txt
+++ b/mlir/tools/CMakeLists.txt
@@ -1,5 +1,6 @@
 add_subdirectory(mlir-lsp-server)
 add_subdirectory(mlir-opt)
+add_subdirectory(mlir-parser-fuzzer)
 add_subdirectory(mlir-pdll)
 add_subdirectory(mlir-pdll-lsp-server)
 add_subdirectory(mlir-reduce)

diff  --git a/mlir/tools/mlir-parser-fuzzer/CMakeLists.txt b/mlir/tools/mlir-parser-fuzzer/CMakeLists.txt
new file mode 100644
index 0000000000000..4cfd31d112901
--- /dev/null
+++ b/mlir/tools/mlir-parser-fuzzer/CMakeLists.txt
@@ -0,0 +1,14 @@
+set(LLVM_LINK_COMPONENTS
+  FuzzMutate
+  Support
+)
+add_llvm_fuzzer(mlir-parser-fuzzer
+  mlir-parser-fuzzer.cpp
+  DUMMY_MAIN DummyParserFuzzer.cpp
+)
+target_link_libraries(mlir-parser-fuzzer
+  PUBLIC
+  MLIRIR
+  MLIRParser
+  MLIRSupport
+)

diff  --git a/mlir/tools/mlir-parser-fuzzer/DummyParserFuzzer.cpp b/mlir/tools/mlir-parser-fuzzer/DummyParserFuzzer.cpp
new file mode 100644
index 0000000000000..007bbe82554d1
--- /dev/null
+++ b/mlir/tools/mlir-parser-fuzzer/DummyParserFuzzer.cpp
@@ -0,0 +1,20 @@
+//===--- DummyParserFuzzer.cpp - Entry point to sanity check the fuzzer ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+// Implementation of main so we can build and test without linking libFuzzer.
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/FuzzMutate/FuzzerCLI.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv);
+int main(int argc, char *argv[]) {
+  return llvm::runFuzzerOnInputs(argc, argv, LLVMFuzzerTestOneInput,
+                                 LLVMFuzzerInitialize);
+}

diff  --git a/mlir/tools/mlir-parser-fuzzer/mlir-parser-fuzzer.cpp b/mlir/tools/mlir-parser-fuzzer/mlir-parser-fuzzer.cpp
new file mode 100644
index 0000000000000..6f6895a762349
--- /dev/null
+++ b/mlir/tools/mlir-parser-fuzzer/mlir-parser-fuzzer.cpp
@@ -0,0 +1,50 @@
+//===--- mlir-parser-fuzzer.cpp - Entry point to parser fuzzer ------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+// Implementation of main so we can build and test without linking libFuzzer.
+//
+//===----------------------------------------------------------------------===//
+
+#include "mlir/IR/Diagnostics.h"
+#include "mlir/IR/Dialect.h"
+#include "mlir/IR/MLIRContext.h"
+#include "mlir/Parser/Parser.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Compiler.h"
+
+using namespace mlir;
+
+extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerTestOneInput(const uint8_t *data,
+                                                          size_t size) {
+  // Skip empty inputs.
+  if (size <= 1 || data[size - 1] != 0)
+    return 0;
+  --size;
+
+  // Create a null-terminated memory buffer from the input.
+  DialectRegistry registry;
+  MLIRContext context(registry);
+  context.allowUnregisteredDialects();
+
+  // Register diagnostic handler to avoid triggering exit behavior.
+  context.getDiagEngine().registerHandler(
+      [](mlir::Diagnostic &diag) { return; });
+
+  llvm::StringRef str(reinterpret_cast<const char *>(data), size);
+
+  // Parse module. The parsed module isn't used, so it is discarded post parse
+  // (successful or failure). The returned module is wrapped in a unique_ptr
+  // such that it is freed upon exit if returned.
+  (void)parseSourceString<ModuleOp>(str, &context);
+  return 0;
+}
+
+extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerInitialize(int *argc,
+                                                        char ***argv) {
+  return 0;
+}

More information about the Mlir-commits mailing list