1#!/bin/bash -eux 2# 3# Copyright 2017 Google Inc. 4# 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16# 17################################################################################ 18 19readonly FUZZERS=( \ 20 clang-fuzzer \ 21 clang-format-fuzzer \ 22 clang-objc-fuzzer \ 23 clangd-fuzzer \ 24 llvm-itanium-demangle-fuzzer \ 25 llvm-microsoft-demangle-fuzzer \ 26 llvm-dwarfdump-fuzzer \ 27 llvm-isel-fuzzer \ 28 llvm-special-case-list-fuzzer \ 29 llvm-opt-fuzzer \ 30) 31case $SANITIZER in 32 address) LLVM_SANITIZER="Address" ;; 33 undefined) LLVM_SANITIZER="Undefined" ;; 34 memory) LLVM_SANITIZER="MemoryWithOrigins" ;; 35 *) LLVM_SANITIZER="" ;; 36esac 37case "${LIB_FUZZING_ENGINE}" in 38 -fsanitize=fuzzer) CMAKE_FUZZING_CONFIG="-DLLVM_USE_SANITIZE_COVERAGE=ON" ;; 39 *) CMAKE_FUZZING_CONFIG="-DLLVM_LIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE}" ;; 40esac 41 42LLVM=llvm-project/llvm 43 44mkdir build 45cd build 46 47cmake -GNinja -DCMAKE_BUILD_TYPE=Release ../$LLVM \ 48 -DLLVM_ENABLE_PROJECTS="clang;libcxx;libcxxabi;compiler-rt;lld;clang-tools-extra" \ 49 -DLLVM_ENABLE_ASSERTIONS=ON \ 50 -DCMAKE_C_COMPILER="${CC}" \ 51 -DCMAKE_CXX_COMPILER="${CXX}" \ 52 -DCMAKE_C_FLAGS="${CFLAGS}" \ 53 -DCMAKE_CXX_FLAGS="${CXXFLAGS}" \ 54 "${CMAKE_FUZZING_CONFIG}" \ 55 -DLLVM_NO_DEAD_STRIP=ON \ 56 -DLLVM_USE_SANITIZER="${LLVM_SANITIZER}" \ 57 -DLLVM_EXPERIMENTAL_TARGETS_TO_BUILD=WebAssembly 58for fuzzer in "${FUZZERS[@]}"; do 59 ninja $fuzzer 60 cp bin/$fuzzer $OUT 61done 62ninja llvm-as 63 64# isel-fuzzer encodes its default flags in the name. 65cp $OUT/llvm-isel-fuzzer $OUT/llvm-isel-fuzzer--aarch64-O2 66cp $OUT/llvm-isel-fuzzer $OUT/llvm-isel-fuzzer--x86_64-O2 67cp $OUT/llvm-isel-fuzzer $OUT/llvm-isel-fuzzer--wasm32-O2 68mv $OUT/llvm-isel-fuzzer $OUT/llvm-isel-fuzzer--aarch64-gisel 69 70# Same for llvm-opt-fuzzer 71cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-earlycse 72cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-simplifycfg 73cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-gvn 74cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-sccp 75 76cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-loop_predication 77cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-guard_widening 78cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-loop_vectorize 79 80cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-loop_rotate 81cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-loop_unswitch 82cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-loop_unroll 83cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-licm 84cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-indvars 85cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-strength_reduce 86 87cp $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-irce 88 89mv $OUT/llvm-opt-fuzzer $OUT/llvm-opt-fuzzer--x86_64-instcombine 90 91# Build corpus for the llvm-opt-fuzzer 92function build_corpus { 93 local lit_path="${1}" 94 local fuzzer_name="${2}" 95 96 [[ -e "${WORK}/corpus-tmp" ]] && rm -r "${WORK}/corpus-tmp" 97 mkdir "${WORK}/corpus-tmp" 98 99 cd "${SRC}" 100 101 # Compile all lit tests into bitcode. Ignore possible llvm-as failures. 102 find "${lit_path}" -name "*.ll" -print0 | 103 xargs -t -i -0 -n1 sh -c "build/bin/llvm-as "{}" || true" 104 105 # Move freshly created bitcode into temp directory. 106 find "${lit_path}" -name "*.bc" -print0 | 107 xargs -t -i -0 -n1 mv "{}" "${WORK}/corpus-tmp" 108 109 # Archive the corpus. 110 zip -j "${OUT}/${fuzzer_name}_seed_corpus.zip" "${WORK}"/corpus-tmp/* 111 112 rm -r "${WORK}/corpus-tmp" 113 114 echo -e "[libfuzzer]\nmax_len = 0" > "${OUT}"/"${fuzzer_name}".options 115} 116 117build_corpus "$LLVM/test/Transforms/InstCombine/" "llvm-opt-fuzzer--x86_64-instcombine" 118build_corpus "$LLVM/test/Transforms/EarlyCSE/" "llvm-opt-fuzzer--x86_64-earlycse" 119build_corpus "$LLVM/test/Transforms/SimplifyCFG/" "llvm-opt-fuzzer--x86_64-simplifycfg" 120build_corpus "$LLVM/test/Transforms/GVN/" "llvm-opt-fuzzer--x86_64-gvn" 121build_corpus "$LLVM/test/Transforms/SCCP/" "llvm-opt-fuzzer--x86_64-sccp" 122 123build_corpus "$LLVM/test/Transforms/LoopPredication/" "llvm-opt-fuzzer--x86_64-loop_predication" 124build_corpus "$LLVM/test/Transforms/GuardWidening/" "llvm-opt-fuzzer--x86_64-guard_widening" 125build_corpus "$LLVM/test/Transforms/LoopVectorize/" "llvm-opt-fuzzer--x86_64-loop_vectorize" 126 127build_corpus "$LLVM/test/Transforms/LoopRotate/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_rotate" 128build_corpus "$LLVM/test/Transforms/LoopUnswitch/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_unswitch" 129build_corpus "$LLVM/test/Transforms/LoopUnroll/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_unroll" 130build_corpus "$LLVM/test/Transforms/LICM/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-licm" 131build_corpus "$LLVM/test/Transforms/IndVarSimplify/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-indvars" 132build_corpus "$LLVM/test/Transforms/LoopStrengthReduce/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-strength_reduce" 133 134build_corpus "$LLVM/test/Transforms/IRCE/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-irce" 135 136zip -j "${OUT}/clang-objc-fuzzer_seed_corpus.zip" $SRC/$LLVM/../clang/tools/clang-fuzzer/corpus_examples/objc/* 137zip -j "${OUT}/clangd-fuzzer_seed_corpus.zip" $SRC/$LLVM/../clang-tools-extra/clangd/test/* 138