[Mlir-commits] [mlir] 2c4e073 - [mlir] Split parser fuzzer for bytecode & text
Jacques Pienaar
llvmlistbot at llvm.org
Sat Oct 29 05:42:35 PDT 2022
Author: Jacques Pienaar
Date: 2022-10-29T05:42:28-07:00
New Revision: 2c4e073dfb6cab3d7122637ba26685763616f81b
URL: https://github.com/llvm/llvm-project/commit/2c4e073dfb6cab3d7122637ba26685763616f81b
DIFF: https://github.com/llvm/llvm-project/commit/2c4e073dfb6cab3d7122637ba26685763616f81b.diff
LOG: [mlir] Split parser fuzzer for bytecode & text
Enable fuzzing these independently. Currently still not linking in
dialects beyond Builtin.
Added:
mlir/tools/mlir-parser-fuzzer/bytecode/CMakeLists.txt
mlir/tools/mlir-parser-fuzzer/bytecode/DummyParserFuzzer.cpp
mlir/tools/mlir-parser-fuzzer/bytecode/mlir-bytecode-parser-fuzzer.cpp
mlir/tools/mlir-parser-fuzzer/text/CMakeLists.txt
mlir/tools/mlir-parser-fuzzer/text/DummyParserFuzzer.cpp
mlir/tools/mlir-parser-fuzzer/text/mlir-text-parser-fuzzer.cpp
Modified:
mlir/tools/mlir-parser-fuzzer/CMakeLists.txt
Removed:
mlir/tools/mlir-parser-fuzzer/DummyParserFuzzer.cpp
mlir/tools/mlir-parser-fuzzer/mlir-parser-fuzzer.cpp
################################################################################
diff --git a/mlir/tools/mlir-parser-fuzzer/CMakeLists.txt b/mlir/tools/mlir-parser-fuzzer/CMakeLists.txt
index fa1d5fd24c460..ea1d4aabf3d94 100644
--- a/mlir/tools/mlir-parser-fuzzer/CMakeLists.txt
+++ b/mlir/tools/mlir-parser-fuzzer/CMakeLists.txt
@@ -1,14 +1,2 @@
-set(LLVM_LINK_COMPONENTS
- FuzzerCLI
- Support
-)
-add_llvm_fuzzer(mlir-parser-fuzzer
- mlir-parser-fuzzer.cpp
- DUMMY_MAIN DummyParserFuzzer.cpp
-)
-target_link_libraries(mlir-parser-fuzzer
- PUBLIC
- MLIRIR
- MLIRParser
- MLIRSupport
-)
+add_subdirectory(bytecode)
+add_subdirectory(text)
diff --git a/mlir/tools/mlir-parser-fuzzer/bytecode/CMakeLists.txt b/mlir/tools/mlir-parser-fuzzer/bytecode/CMakeLists.txt
new file mode 100644
index 0000000000000..7d922656ad12f
--- /dev/null
+++ b/mlir/tools/mlir-parser-fuzzer/bytecode/CMakeLists.txt
@@ -0,0 +1,15 @@
+set(LLVM_LINK_COMPONENTS
+ FuzzerCLI
+ Support
+)
+add_llvm_fuzzer(mlir-bytecode-parser-fuzzer
+ mlir-bytecode-parser-fuzzer.cpp
+ DUMMY_MAIN DummyParserFuzzer.cpp
+)
+target_link_libraries(mlir-bytecode-parser-fuzzer
+ PUBLIC
+ MLIRIR
+ MLIRParser
+ MLIRSupport
+)
+
diff --git a/mlir/tools/mlir-parser-fuzzer/DummyParserFuzzer.cpp b/mlir/tools/mlir-parser-fuzzer/bytecode/DummyParserFuzzer.cpp
similarity index 100%
rename from mlir/tools/mlir-parser-fuzzer/DummyParserFuzzer.cpp
rename to mlir/tools/mlir-parser-fuzzer/bytecode/DummyParserFuzzer.cpp
diff --git a/mlir/tools/mlir-parser-fuzzer/bytecode/mlir-bytecode-parser-fuzzer.cpp b/mlir/tools/mlir-parser-fuzzer/bytecode/mlir-bytecode-parser-fuzzer.cpp
new file mode 100644
index 0000000000000..21411b684c15a
--- /dev/null
+++ b/mlir/tools/mlir-parser-fuzzer/bytecode/mlir-bytecode-parser-fuzzer.cpp
@@ -0,0 +1,51 @@
+//===--- mlir-bytecode-parser-fuzzer.cpp - Entry point to parser fuzzer ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+// Implementation of main so we can build and test without linking libFuzzer.
+//
+//===----------------------------------------------------------------------===//
+
+#include "mlir/IR/BuiltinOps.h"
+#include "mlir/IR/Diagnostics.h"
+#include "mlir/IR/MLIRContext.h"
+#include "mlir/Parser/Parser.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Compiler.h"
+
+using namespace mlir;
+
+extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerTestOneInput(const uint8_t *data,
+ size_t size) {
+ // Skip empty inputs.
+ if (size <= 1 || data[size - 1] != 0)
+ return -1;
+ llvm::StringRef str(reinterpret_cast<const char *>(data), size - 1);
+ // Skip if not bytecode.
+ if (!str.startswith("ML\xefR"))
+ return -1;
+
+ // Create a null-terminated memory buffer from the input.
+ DialectRegistry registry;
+ MLIRContext context(registry);
+ context.allowUnregisteredDialects();
+
+ // Register diagnostic handler to avoid triggering exit behavior.
+ context.getDiagEngine().registerHandler(
+ [](mlir::Diagnostic &diag) { return; });
+
+ // Parse module. The parsed module isn't used, so it is discarded post parse
+ // (successful or failure). The returned module is wrapped in a unique_ptr
+ // such that it is freed upon exit if returned.
+ (void)parseSourceString<ModuleOp>(str, &context);
+ return 0;
+}
+
+extern "C" LLVM_ATTRIBUTE_USED int llvmFuzzerInitialize(int *argc,
+ char ***argv) {
+ return 0;
+}
diff --git a/mlir/tools/mlir-parser-fuzzer/text/CMakeLists.txt b/mlir/tools/mlir-parser-fuzzer/text/CMakeLists.txt
new file mode 100644
index 0000000000000..a9c9e1047b54e
--- /dev/null
+++ b/mlir/tools/mlir-parser-fuzzer/text/CMakeLists.txt
@@ -0,0 +1,15 @@
+set(LLVM_LINK_COMPONENTS
+ FuzzerCLI
+ Support
+)
+add_llvm_fuzzer(mlir-text-parser-fuzzer
+ mlir-text-parser-fuzzer.cpp
+ DUMMY_MAIN DummyParserFuzzer.cpp
+)
+target_link_libraries(mlir-text-parser-fuzzer
+ PUBLIC
+ MLIRIR
+ MLIRParser
+ MLIRSupport
+)
+
diff --git a/mlir/tools/mlir-parser-fuzzer/text/DummyParserFuzzer.cpp b/mlir/tools/mlir-parser-fuzzer/text/DummyParserFuzzer.cpp
new file mode 100644
index 0000000000000..7d99f41a96c19
--- /dev/null
+++ b/mlir/tools/mlir-parser-fuzzer/text/DummyParserFuzzer.cpp
@@ -0,0 +1,20 @@
+//===--- DummyParserFuzzer.cpp - Entry point to sanity check the fuzzer ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+// Implementation of main so we can build and test without linking libFuzzer.
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/FuzzMutate/FuzzerCLI.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+extern "C" int llvmFuzzerInitialize(int *argc, char ***argv);
+int main(int argc, char *argv[]) {
+ return llvm::runFuzzerOnInputs(argc, argv, LLVMFuzzerTestOneInput,
+ llvmFuzzerInitialize);
+}
diff --git a/mlir/tools/mlir-parser-fuzzer/mlir-parser-fuzzer.cpp b/mlir/tools/mlir-parser-fuzzer/text/mlir-text-parser-fuzzer.cpp
similarity index 90%
rename from mlir/tools/mlir-parser-fuzzer/mlir-parser-fuzzer.cpp
rename to mlir/tools/mlir-parser-fuzzer/text/mlir-text-parser-fuzzer.cpp
index 2a9acafadf34c..5555c039eae9a 100644
--- a/mlir/tools/mlir-parser-fuzzer/mlir-parser-fuzzer.cpp
+++ b/mlir/tools/mlir-parser-fuzzer/text/mlir-text-parser-fuzzer.cpp
@@ -1,4 +1,4 @@
-//===--- mlir-parser-fuzzer.cpp - Entry point to parser fuzzer ------------===//
+//===--- mlir-text-parser-fuzzer.cpp - Entry point to parser fuzzer -------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
@@ -12,7 +12,6 @@
#include "mlir/IR/BuiltinOps.h"
#include "mlir/IR/Diagnostics.h"
-#include "mlir/IR/Dialect.h"
#include "mlir/IR/MLIRContext.h"
#include "mlir/Parser/Parser.h"
#include "llvm/ADT/StringRef.h"
@@ -24,8 +23,11 @@ extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerTestOneInput(const uint8_t *data,
size_t size) {
// Skip empty inputs.
if (size <= 1 || data[size - 1] != 0)
- return 0;
- --size;
+ return -1;
+ llvm::StringRef str(reinterpret_cast<const char *>(data), size - 1);
+ // Skip if bytecode.
+ if (str.startswith("ML\xefR"))
+ return -1;
// Create a null-terminated memory buffer from the input.
DialectRegistry registry;
@@ -36,8 +38,6 @@ extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerTestOneInput(const uint8_t *data,
context.getDiagEngine().registerHandler(
[](mlir::Diagnostic &diag) { return; });
- llvm::StringRef str(reinterpret_cast<const char *>(data), size);
-
// Parse module. The parsed module isn't used, so it is discarded post parse
// (successful or failure). The returned module is wrapped in a unique_ptr
// such that it is freed upon exit if returned.
More information about the Mlir-commits
mailing list