[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

This revision was automatically updated to reflect the committed changes.
Closed by commit rL338077: Updated llvm-proto-fuzzer to execute the compiled 
code (authored by emmettneyman, committed by ).

Changed prior to commit:
  https://reviews.llvm.org/D49526?vs=157577&id=157591#toc

Repository:
  rL LLVM

https://reviews.llvm.org/D49526

Files:
  cfe/trunk/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp
  cfe/trunk/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  cfe/trunk/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp

Index: cfe/trunk/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp
===
--- cfe/trunk/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp
+++ cfe/trunk/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp
@@ -16,10 +16,13 @@
 
 #include "fuzzer_initialize.h"
 
+#include "llvm/InitializePasses.h"
+#include "llvm/PassRegistry.h"
 #include "llvm/Support/TargetSelect.h"
 #include 
 
 using namespace clang_fuzzer;
+using namespace llvm;
 
 
 namespace clang_fuzzer {
@@ -33,10 +36,22 @@
 }
 
 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
-  llvm::InitializeAllTargets();
-  llvm::InitializeAllTargetMCs();
-  llvm::InitializeAllAsmPrinters();
-  llvm::InitializeAllAsmParsers();
+  InitializeAllTargets();
+  InitializeAllTargetMCs();
+  InitializeAllAsmPrinters();
+  InitializeAllAsmParsers();
+  
+  PassRegistry &Registry = *PassRegistry::getPassRegistry();
+  initializeCore(Registry);
+  initializeScalarOpts(Registry);
+  initializeVectorization(Registry);
+  initializeIPO(Registry);
+  initializeAnalysis(Registry);
+  initializeTransformUtils(Registry);
+  initializeInstCombine(Registry);
+  initializeAggressiveInstCombine(Registry);
+  initializeInstrumentation(Registry);
+  initializeTarget(Registry);
 
   CLArgs.push_back("-O2");
   for (int I = 1; I < *argc; I++) {
Index: cfe/trunk/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
===
--- cfe/trunk/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
+++ cfe/trunk/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
@@ -1,10 +1,18 @@
 set(LLVM_LINK_COMPONENTS
+  CodeGen
   Core
+  ExecutionEngine
   IRReader
   MC
+  MCJIT
+  Object
+  RuntimeDyld
+  SelectionDAG
   Support
-  Analysis
-  )
+  Target
+  TransformUtils
+  native
+)
 
 # Depend on LLVM IR intrinsic generation.
 set(handle_llvm_deps intrinsics_gen)
Index: cfe/trunk/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- cfe/trunk/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ cfe/trunk/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,48 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs a loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
+#include "llvm/Transforms/Vectorize.h"
 
 using namespace llvm;
 
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +68,111 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
-  const std::vector &Ext

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman updated this revision to Diff 157577.
emmettneyman added a comment.

Made some minor fixes


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp

Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,48 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs a loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
+#include "llvm/Transforms/Vectorize.h"
 
 using namespace llvm;
 
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +68,111 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
-  const std::vector &ExtraArgs) {
-  // Parse ExtraArgs to set the optimization level
-  CodeGenOpt::Level OLvl;
-  getOptLevel(ExtraArgs, OLvl);
+void ErrorAndExit(std::string message) {
+  errs()<< "ERROR: " << message << "\n";
+  std::exit(1);
+}
 
-  // Set the Module to include the the IR code to be compiled
-  SMDiagnostic Err;
+// Helper function to add optimization passes to the TargetMachine at the 
+// specified optimization level, OptLevel
+static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
+  CodeGenOpt::Level OptLevel,
+  unsigned SizeLevel) {
+  // Create and initialize a PassManagerBuilder
+  PassManagerBuilder Builder;
+  Builder.OptLevel = OptLevel;
+  Builder.SizeLevel = SizeLevel;
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateModulePassManager(MPM);
+}
 
+// Mimics the opt tool to run an optimization pass over the provided IR
+std::string OptLLVM(const std::string &IR, CodeGenOpt::Level OLvl) {
+  // Create a module that will run the optimization passes
+  SMDiagnostic Err;
   LLVMContext Context;
-  std::unique_ptr M = parseIR(MemoryBufferRef(S, "IR"), Err, Context);
-  if (!M) {
-errs() << "error: could not parse IR!\n";
-std::exit(1);
-  }
+  std::unique_ptr M = parseIR(MemoryBufferRef(IR, "IR"), Err, Context);
+  if (!M || verifyModule(*M, &errs()))
+ErrorAndExit("Could not parse IR");
 
-  // Create a new Target
-  std::string Error;
-  const Target *TheTarget = TargetRegistry::lookupTarget(
-  sys::getDefaultTargetTriple(), Error);
-  if (!TheTarget) {
-errs() << Error;
-std::exit(1);
-  }
+  setFunctionAttributes(getCPUStr(), getFeaturesStr(), *M);
+  
+  legacy::PassManager Passes;
+  Triple ModuleTriple(M->getTargetTriple());
+  
+  Passes.add(new TargetLibraryInfoWrapperPass(ModuleTriple));
+  Passes.add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+  Passes.add(createVerifierPass());
 
-  TargetOptions Options = InitTargetOptionsFromCodeGenFlags();
-
-  // Create a new Machine
-  std::string CPUStr = get

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Matt Morehouse via Phabricator via cfe-commits]

morehouse added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:152
+  typedef void (*func)(int*, int*, int*, int);
+  func f = (func) EE->getPointerToFunction(EntryFunc); 
+

Can we use `reinterpret_cast` here?


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Matt Morehouse via Phabricator via cfe-commits]

morehouse added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:125
+  Context);
+  Module *M = Owner.get();
+  if (!M)

We should be able to get rid of this line now, and rename Owner again.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman updated this revision to Diff 157553.
emmettneyman added a comment.

Changed int to CodeGenOpt::Level and fixed unique_ptr issue


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp

Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,48 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs a loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
+#include "llvm/Transforms/Vectorize.h"
 
 using namespace llvm;
 
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +68,112 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
-  const std::vector &ExtraArgs) {
-  // Parse ExtraArgs to set the optimization level
-  CodeGenOpt::Level OLvl;
-  getOptLevel(ExtraArgs, OLvl);
+void ErrorAndExit(std::string message) {
+  errs()<< "ERROR: " << message << "\n";
+  std::exit(1);
+}
 
-  // Set the Module to include the the IR code to be compiled
-  SMDiagnostic Err;
+// Helper function to add optimization passes to the TargetMachine at the 
+// specified optimization level, OptLevel
+static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
+  CodeGenOpt::Level OptLevel,
+  unsigned SizeLevel) {
+  // Create and initialize a PassManagerBuilder
+  PassManagerBuilder Builder;
+  Builder.OptLevel = OptLevel;
+  Builder.SizeLevel = SizeLevel;
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateModulePassManager(MPM);
+}
 
+// Mimics the opt tool to run an optimization pass over the provided IR
+std::string OptLLVM(const std::string &IR, CodeGenOpt::Level OLvl) {
+  // Create a module that will run the optimization passes
+  SMDiagnostic Err;
   LLVMContext Context;
-  std::unique_ptr M = parseIR(MemoryBufferRef(S, "IR"), Err, Context);
-  if (!M) {
-errs() << "error: could not parse IR!\n";
-std::exit(1);
-  }
+  std::unique_ptr M = parseIR(MemoryBufferRef(IR, "IR"), Err, Context);
+  if (!M || verifyModule(*M, &errs()))
+ErrorAndExit("Could not parse IR");
 
-  // Create a new Target
-  std::string Error;
-  const Target *TheTarget = TargetRegistry::lookupTarget(
-  sys::getDefaultTargetTriple(), Error);
-  if (!TheTarget) {
-errs() << Error;
-std::exit(1);
-  }
+  setFunctionAttributes(getCPUStr(), getFeaturesStr(), *M);
+  
+  legacy::PassManager Passes;
+  Triple ModuleTriple(M->getTargetTriple());
+  
+  Passes.add(new TargetLibraryInfoWrapperPass(ModuleTriple));
+  Passes.add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+  Passes.add(createVerifierPass());
 
-  TargetOptions Options = InitTargetOptionsFromCodeGenFlags();
-
-  // Create a n

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman added a comment.

In https://reviews.llvm.org/D49526#1177208, @morehouse wrote:

> Do we need to parse the arguments for opt-level, or can we just hardcode 
> `-O2` and remove the argument parsing code?


I have the argument parsing code since the original `clang-proto-fuzzer` code 
had it and @kcc mentioned we might want to change the command line arguments in 
the future.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Matt Morehouse via Phabricator via cfe-commits]

morehouse added a comment.

Do we need to parse the arguments for opt-level, or can we just hardcode `-O2` 
and remove the argument parsing code?




Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:144
+   Context);
+  Module *M = Owner.get();
+  if (!M)

emmettneyman wrote:
> morehouse wrote:
> > Why not just rename `Owner` to `M` and remove this line?
> Reverted it back since the change caused the fuzzer to crash.
You will need to move any uses of `M` above the call to `std::move`, since that 
leaves `M` in an invalid state.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:90
+// Mimics the opt tool to run an optimization pass over the provided IR
+std::string OptLLVM(const std::string &IR, int OLvl) {
+  // Create a module that will run the optimization passes

Shouldn't `OLvl` be a `CodeGenOpt::Level`?


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman updated this revision to Diff 157545.
emmettneyman added a comment.

Small change to fix line length


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp

Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,48 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs a loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
+#include "llvm/Transforms/Vectorize.h"
 
 using namespace llvm;
 
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +68,111 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
-  const std::vector &ExtraArgs) {
-  // Parse ExtraArgs to set the optimization level
-  CodeGenOpt::Level OLvl;
-  getOptLevel(ExtraArgs, OLvl);
+void ErrorAndExit(std::string message) {
+  errs()<< "ERROR: " << message << "\n";
+  std::exit(1);
+}
 
-  // Set the Module to include the the IR code to be compiled
-  SMDiagnostic Err;
+// Helper function to add optimization passes to the TargetMachine at the 
+// specified optimization level, OptLevel
+static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
+  unsigned OptLevel, unsigned SizeLevel) {
+  // Create and initialize a PassManagerBuilder
+  PassManagerBuilder Builder;
+  Builder.OptLevel = OptLevel;
+  Builder.SizeLevel = SizeLevel;
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateModulePassManager(MPM);
+}
 
+// Mimics the opt tool to run an optimization pass over the provided IR
+std::string OptLLVM(const std::string &IR, int OLvl) {
+  // Create a module that will run the optimization passes
+  SMDiagnostic Err;
   LLVMContext Context;
-  std::unique_ptr M = parseIR(MemoryBufferRef(S, "IR"), Err, Context);
-  if (!M) {
-errs() << "error: could not parse IR!\n";
-std::exit(1);
-  }
+  std::unique_ptr M = parseIR(MemoryBufferRef(IR, "IR"), Err, Context);
+  if (!M || verifyModule(*M, &errs()))
+ErrorAndExit("Could not parse IR");
 
-  // Create a new Target
-  std::string Error;
-  const Target *TheTarget = TargetRegistry::lookupTarget(
-  sys::getDefaultTargetTriple(), Error);
-  if (!TheTarget) {
-errs() << Error;
-std::exit(1);
-  }
+  setFunctionAttributes(getCPUStr(), getFeaturesStr(), *M);
+  
+  legacy::PassManager Passes;
+  Triple ModuleTriple(M->getTargetTriple());
+  
+  Passes.add(new TargetLibraryInfoWrapperPass(ModuleTriple));
+  Passes.add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+  Passes.add(createVerifierPass());
 
-  TargetOptions Options = InitTargetOptionsFromCodeGenFlags();
-
-  // Create a new Machine
-  std::string CPUStr = getCPUStr();
-  std::string FeaturesStr = getFeatur

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:144
+   Context);
+  Module *M = Owner.get();
+  if (!M)

morehouse wrote:
> Why not just rename `Owner` to `M` and remove this line?
Reverted it back since the change caused the fuzzer to crash.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:147
+  builder.setUseOrcMCJITReplacement(false);
+  builder.setMCJITMemoryManager(make_unique());
+  builder.setOptLevel(OLvl);

morehouse wrote:
> This uses `llvm:make_unique`, which was written when LLVM used C++11.  But 
> since LLVM now uses C++14, I think we should use `std::make_unique` instead.
We talked offline, but just to put it in writing: My current LLVM build uses 
C++11 so I'm keeping it `llvm::make_unique`.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:184
+  CodeGenOpt::Level OLvl;
+  getOptLevel(ExtraArgs, OLvl);
+  

morehouse wrote:
> We're allowing the JIT opt-level to be specified on the command line, but 
> we're hard-coding OptLevel=3 for the optimization passes.
> 
> Do we need to allow the opt-level to be specified on the command line?
Good point. Will change to make `OptLLVM()` use the same optimization level as 
the JIT Engine.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman updated this revision to Diff 157544.
emmettneyman added a comment.

- Code style fixes
- Removed `FPasses`
- Allowed CL Args to specify opt level for `OptLLVM()`


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp

Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,48 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs a loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
+#include "llvm/Transforms/Vectorize.h"
 
 using namespace llvm;
 
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +68,110 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
-  const std::vector &ExtraArgs) {
-  // Parse ExtraArgs to set the optimization level
-  CodeGenOpt::Level OLvl;
-  getOptLevel(ExtraArgs, OLvl);
+void ErrorAndExit(std::string message) {
+  errs()<< "ERROR: " << message << "\n";
+  std::exit(1);
+}
 
-  // Set the Module to include the the IR code to be compiled
-  SMDiagnostic Err;
+// Helper function to add optimization passes to the TargetMachine at the 
+// specified optimization level, OptLevel
+static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
+  unsigned OptLevel, unsigned SizeLevel) {
+  // Create and initialize a PassManagerBuilder
+  PassManagerBuilder Builder;
+  Builder.OptLevel = OptLevel;
+  Builder.SizeLevel = SizeLevel;
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateModulePassManager(MPM);
+}
 
+// Mimics the opt tool to run an optimization pass over the provided IR
+std::string OptLLVM(const std::string &IR, int OLvl) {
+  // Create a module that will run the optimization passes
+  SMDiagnostic Err;
   LLVMContext Context;
-  std::unique_ptr M = parseIR(MemoryBufferRef(S, "IR"), Err, Context);
-  if (!M) {
-errs() << "error: could not parse IR!\n";
-std::exit(1);
-  }
+  std::unique_ptr M = parseIR(MemoryBufferRef(IR, "IR"), Err, Context);
+  if (!M || verifyModule(*M, &errs()))
+ErrorAndExit("Could not parse IR");
 
-  // Create a new Target
-  std::string Error;
-  const Target *TheTarget = TargetRegistry::lookupTarget(
-  sys::getDefaultTargetTriple(), Error);
-  if (!TheTarget) {
-errs() << Error;
-std::exit(1);
-  }
+  setFunctionAttributes(getCPUStr(), getFeaturesStr(), *M);
+  
+  legacy::PassManager Passes;
+  Triple ModuleTriple(M->getTargetTriple());
+  
+  Passes.add(new TargetLibraryInfoWrapperPass(ModuleTriple));
+  Passes.add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+  Passes.add(createVerifierPass());
 
-  TargetOptions Options = InitTargetOptionsFromCodeGenFlags();
-
-  // Create a new Machine
-  std::strin

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Peter Collingbourne via Phabricator via cfe-commits]

pcc added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:147
+  builder.setUseOrcMCJITReplacement(false);
+  builder.setMCJITMemoryManager(make_unique());
+  builder.setOptLevel(OLvl);

morehouse wrote:
> This uses `llvm:make_unique`, which was written when LLVM used C++11.  But 
> since LLVM now uses C++14, I think we should use `std::make_unique` instead.
LLVM doesn't use C++14 yet.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Matt Morehouse via Phabricator via cfe-commits]

morehouse added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:115
+  make_unique(M.get());
+  FPasses->add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+

emmettneyman wrote:
> morehouse wrote:
> > morehouse wrote:
> > > Why do we add a `TargetTransformInfoWrapperPass` to both `Passes` and 
> > > `FPasses`?
> > Do we need both `Passes` and `FPasses`?
> I think because we're just adding a loop vectorize pass, we don't need 
> `FPasses`. The loop vectorize pass lives within the regular 
> `ModulePassManager`, not the `FunctionPassManager`. I decided to put it in 
> the code so, in the future, it would be easier to add different kinds of 
> passes to the fuzz target. Should I remove it?
Let's remove it since it's currently unnecessary.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:135
+  std::unique_ptr M = parseIR(MemoryBufferRef(IR, "IR"), Err,
+   Context);
+  if (!M)

The indentation looks off.  Please fix.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:147
+  builder.setUseOrcMCJITReplacement(false);
+  builder.setMCJITMemoryManager(make_unique());
+  builder.setOptLevel(OLvl);

This uses `llvm:make_unique`, which was written when LLVM used C++11.  But 
since LLVM now uses C++14, I think we should use `std::make_unique` instead.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:169
+  int c[] = {1};
+  
+  f(a, b, c, 1);

Remove whitespace on empty lines.

Actually, you could probably remove this line altogether since the call to 
`f()` can be grouped with the parameter setup above.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:184
+  CodeGenOpt::Level OLvl;
+  getOptLevel(ExtraArgs, OLvl);
+  

We're allowing the JIT opt-level to be specified on the command line, but we're 
hard-coding OptLevel=3 for the optimization passes.

Do we need to allow the opt-level to be specified on the command line?


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:159
+  std::unique_ptr(RTDyldMM));
+  builder.setOptLevel(OLvl);
+  builder.setTargetOptions(InitTargetOptionsFromCodeGenFlags());

emmettneyman wrote:
> morehouse wrote:
> > If the JIT does optimization already, do we need to call `OptLLVM` at all?  
> > Will the vectorizer kick in without `OptLLVM`?
> I'll look into this more. I couldn't find an answer quickly.
No, the JIT doesn't run any optimization passes. The optimization level given 
just controls CodeGen.

Source: http://lists.llvm.org/pipermail/llvm-dev/2016-May/099631.html


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman updated this revision to Diff 157388.
emmettneyman added a comment.

Fixed some things, made code cleaner


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp

Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,48 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs a loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
+#include "llvm/Transforms/Vectorize.h"
 
 using namespace llvm;
 
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +68,123 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
-  const std::vector &ExtraArgs) {
-  // Parse ExtraArgs to set the optimization level
-  CodeGenOpt::Level OLvl;
-  getOptLevel(ExtraArgs, OLvl);
+void ErrorAndExit(std::string message) {
+  errs()<< "ERROR: " << message << "\n";
+  std::exit(1);
+}
+
+// Helper function to add optimization passes to the TargetMachine at the 
+// specified optimization level, OptLevel
+static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
+  legacy::FunctionPassManager &FPM,
+  unsigned OptLevel, unsigned SizeLevel) {
+  // Create and initialize a PassManagerBuilder
+  PassManagerBuilder Builder;
+  Builder.OptLevel = OptLevel;
+  Builder.SizeLevel = SizeLevel;
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateFunctionPassManager(FPM);
+  Builder.populateModulePassManager(MPM);
+}
 
-  // Set the Module to include the the IR code to be compiled
+// Mimics the opt tool to run an optimization pass over the provided IR
+std::string OptLLVM(const std::string &IR) {
+  // Create a module that will run the optimization passes
   SMDiagnostic Err;
+  LLVMContext Context;
+  std::unique_ptr M = parseIR(MemoryBufferRef(IR, "IR"), Err, Context);
+  if (!M || verifyModule(*M, &errs()))
+ErrorAndExit("Could not parse IR");
+
+  setFunctionAttributes(getCPUStr(), getFeaturesStr(), *M);
+  
+  legacy::PassManager Passes;
+  Triple ModuleTriple(M->getTargetTriple());
+  
+  Passes.add(new TargetLibraryInfoWrapperPass(ModuleTriple));
+  Passes.add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+  Passes.add(createVerifierPass());
+  
+  std::unique_ptr FPasses =
+  make_unique(M.get());
+  FPasses->add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+  FPasses->add(createVerifierPass());
+
+  AddOptimizationPasses(Passes, *FPasses, 3, 0);
+  
+  FPasses->doInitialization();
+  for (Function &F : *M)
+FPasses->run(F);
+  FPasses->doFinalization();
+  
+  // Add a pass that writes the optimized IR to an output stream
+  std::string outString;
+  raw_string_ostrea

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:89
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateFunctionPassManager(FPM);

morehouse wrote:
> If we do this, do we need to explicitly add the vectorizer pass below?
No we don't. I've deleted the line below.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:110
+  TargetLibraryInfoImpl TLII(ModuleTriple);
+  Passes.add(new TargetLibraryInfoWrapperPass(TLII));
+  Passes.add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));

morehouse wrote:
> Can simplify to `Passes.add(new 
> TargetLibraryInfoWrapperPass(M->getTargetTriple))`.
Contrary to the function's name, `getTargetTriple()` actually returns a 
`string`, not a `Triple`. But I changed it to `new 
TargetLibraryInfoWrapperPass(ModuleTriple)` and deleted line 109.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:115
+  make_unique(M.get());
+  FPasses->add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+

morehouse wrote:
> morehouse wrote:
> > Why do we add a `TargetTransformInfoWrapperPass` to both `Passes` and 
> > `FPasses`?
> Do we need both `Passes` and `FPasses`?
I think because we're just adding a loop vectorize pass, we don't need 
`FPasses`. The loop vectorize pass lives within the regular 
`ModulePassManager`, not the `FunctionPassManager`. I decided to put it in the 
code so, in the future, it would be easier to add different kinds of passes to 
the fuzz target. Should I remove it?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:159
+  std::unique_ptr(RTDyldMM));
+  builder.setOptLevel(OLvl);
+  builder.setTargetOptions(InitTargetOptionsFromCodeGenFlags());

morehouse wrote:
> If the JIT does optimization already, do we need to call `OptLLVM` at all?  
> Will the vectorizer kick in without `OptLLVM`?
I'll look into this more. I couldn't find an answer quickly.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Matt Morehouse via Phabricator via cfe-commits]

morehouse added inline comments.



Comment at: clang/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp:44
+  
+  PassRegistry &Registry = *llvm::PassRegistry::getPassRegistry();
+  initializeCore(Registry);

Unnecessary `llvm::`



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:89
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateFunctionPassManager(FPM);

If we do this, do we need to explicitly add the vectorizer pass below?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:95
+// Mimics the opt tool to run an optimization pass over the provided IR
+std::string OptLLVM(const std::string &IR, CodeGenOpt::Level &OLvl) {
+  // Create a module that will run the optimization passes

`OLvl` is never used.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:105
+  std::string FeaturesStr = getFeaturesStr();
+  setFunctionAttributes(CPUStr, FeaturesStr, *M);
+  

Let's simplify to `setFunctionAttributes(getCPUStr(), getFeaturesStr(), *M)`.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:110
+  TargetLibraryInfoImpl TLII(ModuleTriple);
+  Passes.add(new TargetLibraryInfoWrapperPass(TLII));
+  Passes.add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));

Can simplify to `Passes.add(new 
TargetLibraryInfoWrapperPass(M->getTargetTriple))`.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:115
+  make_unique(M.get());
+  FPasses->add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+

Why do we add a `TargetTransformInfoWrapperPass` to both `Passes` and `FPasses`?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:115
+  make_unique(M.get());
+  FPasses->add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+

morehouse wrote:
> Why do we add a `TargetTransformInfoWrapperPass` to both `Passes` and 
> `FPasses`?
Do we need both `Passes` and `FPasses`?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:121
+ErrorAndExit("Cannot create IR pass");
+  Passes.add(P);
+  

Let's simplify to `Passes.add(createLoopVectorizePass())`.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:127
+  FPasses->doFinalization();
+  Passes.add(createVerifierPass());
+  

Why do we keep adding passes in different places?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:144
+   Context);
+  Module *M = Owner.get();
+  if (!M)

Why not just rename `Owner` to `M` and remove this line?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:158
+  builder.setMCJITMemoryManager(
+  std::unique_ptr(RTDyldMM));
+  builder.setOptLevel(OLvl);

Please simplify to 
`builder.setMCJITMemoryManager(std::make_unique())`.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:159
+  std::unique_ptr(RTDyldMM));
+  builder.setOptLevel(OLvl);
+  builder.setTargetOptions(InitTargetOptionsFromCodeGenFlags());

If the JIT does optimization already, do we need to call `OptLLVM` at all?  
Will the vectorizer kick in without `OptLLVM`?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:168
+  if (!EntryFunc)
+ErrorAndExit("Function not found in module");
 

Move this closer to where it's used.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:171
+  EE->finalizeObject();
+  EE->runStaticConstructorsDestructors(false);
+

Do we need to call this again to run destructors after we execute `f()` ?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:181
   
-  raw_null_ostream OS;
-  Target->addPassesToEmitFile(PM, OS, nullptr, TargetMachine::CGFT_ObjectFile,
-  false);
-  PM.run(*M);
+  (*f)(a, b, c, 1);
+}

I think `f(a, b, c, 1)` will also work.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman updated this revision to Diff 157335.
emmettneyman added a comment.

- cleaned up code and moved initialization code
- removed fake command line parsing


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/fuzzer-initialize/fuzzer_initialize.cpp
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp

Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,48 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs a loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
+#include "llvm/Transforms/Vectorize.h"
 
 using namespace llvm;
 
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +68,132 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
-  const std::vector &ExtraArgs) {
-  // Parse ExtraArgs to set the optimization level
-  CodeGenOpt::Level OLvl;
-  getOptLevel(ExtraArgs, OLvl);
+void ErrorAndExit(std::string message) {
+  errs()<< "ERROR: " << message << "\n";
+  std::exit(1);
+}
+
+// Helper function to add optimization passes to the TargetMachine at the 
+// specified optimization level, OptLevel
+static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
+  legacy::FunctionPassManager &FPM,
+  unsigned OptLevel, unsigned SizeLevel) {
+  // Verify that input is correct by adding a verifier pass
+  FPM.add(createVerifierPass());
 
-  // Set the Module to include the the IR code to be compiled
+  // Create and initialize a PassManagerBuilder
+  PassManagerBuilder Builder;
+  Builder.OptLevel = OptLevel;
+  Builder.SizeLevel = SizeLevel;
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateFunctionPassManager(FPM);
+  Builder.populateModulePassManager(MPM);
+}
+
+// Mimics the opt tool to run an optimization pass over the provided IR
+std::string OptLLVM(const std::string &IR, CodeGenOpt::Level &OLvl) {
+  // Create a module that will run the optimization passes
   SMDiagnostic Err;
+  LLVMContext Context;
+  std::unique_ptr M = parseIR(MemoryBufferRef(IR, "IR"), Err, Context);
+  if (!M || verifyModule(*M, &errs()))
+ErrorAndExit("Could not parse IR");
+
+  std::string CPUStr = getCPUStr();
+  std::string FeaturesStr = getFeaturesStr();
+  setFunctionAttributes(CPUStr, FeaturesStr, *M);
+  
+  legacy::PassManager Passes;
+  Triple ModuleTriple(M->getTargetTriple());
+  TargetLibraryInfoImpl TLII(ModuleTriple);
+  Passes.add(new TargetLibraryInfoWrapperPass(TLII));
+  Passes.add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+  
+  std::unique_ptr FPasses =
+  make_unique(M.get());
+  FPasses->add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));
+
+  AddOptimizationPasses(Passes, *FPasses, 3, 0);
+  Pass *P = createLoopVectori

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:208
+
+  static_cast(RTDyldMM)->invalidateInstructionCache();
+

morehouse wrote:
> This cast shouldn't be necessary.
Turns out this line is redundant anyways. `EE->finalizeObject()`calls 
`invalidateInstructionCache()`.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Matt Morehouse via Phabricator via cfe-commits]

morehouse added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:190
+  builder.setMCJITMemoryManager(
+  std::unique_ptr(RTDyldMM));
+  builder.setOptLevel(OLvl);

emmettneyman wrote:
> morehouse wrote:
> > emmettneyman wrote:
> > > morehouse wrote:
> > > > emmettneyman wrote:
> > > > > morehouse wrote:
> > > > > > These 3 lines can be combined to `builder.setMCJITMemoryManager(new 
> > > > > > SectionMemoryManager())`
> > > > > I use RTDyldMM on line 208. Should I just keep these lines as they 
> > > > > are?
> > > > Ah, missed that.  In that case, you can probably simplify this line to
> > > > `builder.setMCJITMemoryManager(RTDyldMM)`.
> > > It looks like set `MCJITMemoryManager()` needs to take a `unique_ptr`. 
> > > I'm not sure how to clean it up any more than it already is.
> > Does it not implicitly cast?
> No, I think it only works in the other direction.
Ok, I see.  The constructor we need is marked explicit...



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:208
+
+  static_cast(RTDyldMM)->invalidateInstructionCache();
+

This cast shouldn't be necessary.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:190
+  builder.setMCJITMemoryManager(
+  std::unique_ptr(RTDyldMM));
+  builder.setOptLevel(OLvl);

morehouse wrote:
> emmettneyman wrote:
> > morehouse wrote:
> > > emmettneyman wrote:
> > > > morehouse wrote:
> > > > > These 3 lines can be combined to `builder.setMCJITMemoryManager(new 
> > > > > SectionMemoryManager())`
> > > > I use RTDyldMM on line 208. Should I just keep these lines as they are?
> > > Ah, missed that.  In that case, you can probably simplify this line to
> > > `builder.setMCJITMemoryManager(RTDyldMM)`.
> > It looks like set `MCJITMemoryManager()` needs to take a `unique_ptr`. I'm 
> > not sure how to clean it up any more than it already is.
> Does it not implicitly cast?
No, I think it only works in the other direction.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Matt Morehouse via Phabricator via cfe-commits]

morehouse added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:190
+  builder.setMCJITMemoryManager(
+  std::unique_ptr(RTDyldMM));
+  builder.setOptLevel(OLvl);

emmettneyman wrote:
> morehouse wrote:
> > emmettneyman wrote:
> > > morehouse wrote:
> > > > These 3 lines can be combined to `builder.setMCJITMemoryManager(new 
> > > > SectionMemoryManager())`
> > > I use RTDyldMM on line 208. Should I just keep these lines as they are?
> > Ah, missed that.  In that case, you can probably simplify this line to
> > `builder.setMCJITMemoryManager(RTDyldMM)`.
> It looks like set `MCJITMemoryManager()` needs to take a `unique_ptr`. I'm 
> not sure how to clean it up any more than it already is.
Does it not implicitly cast?


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:190
+  builder.setMCJITMemoryManager(
+  std::unique_ptr(RTDyldMM));
+  builder.setOptLevel(OLvl);

morehouse wrote:
> emmettneyman wrote:
> > morehouse wrote:
> > > These 3 lines can be combined to `builder.setMCJITMemoryManager(new 
> > > SectionMemoryManager())`
> > I use RTDyldMM on line 208. Should I just keep these lines as they are?
> Ah, missed that.  In that case, you can probably simplify this line to
> `builder.setMCJITMemoryManager(RTDyldMM)`.
It looks like set `MCJITMemoryManager()` needs to take a `unique_ptr`. I'm not 
sure how to clean it up any more than it already is.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Matt Morehouse via Phabricator via cfe-commits]

morehouse added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:190
+  builder.setMCJITMemoryManager(
+  std::unique_ptr(RTDyldMM));
+  builder.setOptLevel(OLvl);

emmettneyman wrote:
> morehouse wrote:
> > These 3 lines can be combined to `builder.setMCJITMemoryManager(new 
> > SectionMemoryManager())`
> I use RTDyldMM on line 208. Should I just keep these lines as they are?
Ah, missed that.  In that case, you can probably simplify this line to
`builder.setMCJITMemoryManager(RTDyldMM)`.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:190
+  builder.setMCJITMemoryManager(
+  std::unique_ptr(RTDyldMM));
+  builder.setOptLevel(OLvl);

morehouse wrote:
> These 3 lines can be combined to `builder.setMCJITMemoryManager(new 
> SectionMemoryManager())`
I use RTDyldMM on line 208. Should I just keep these lines as they are?


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Matt Morehouse via Phabricator via cfe-commits]

morehouse added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt:17
 
-# Depend on LLVM IR intrinsic generation.
+# Depend on LLVM IR instrinsic generation.
 set(handle_llvm_deps intrinsics_gen)

Typo introduced here.



Comment at: clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt:25
   handle_llvm.cpp
-
+  
   DEPENDS

Please don't add whitespace to a previously empty line.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:10
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs an loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both

an -> a



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:112
+// Mimics the opt tool to run an optimization pass over the provided IR
+std::string OptLLVM(const std::string IR, CodeGenOpt::Level &OLvl) {
+  InitEverything();

Maybe this should be `const std::string &IR` or `StringRef`.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:113
+std::string OptLLVM(const std::string IR, CodeGenOpt::Level &OLvl) {
+  InitEverything();
+ 

Does this need to be called every time we get a new input?  Can we call this 
from `LLVMFuzzerInitialize()`?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:123
+  args[1] = arg1.c_str();
+  cl::ParseCommandLineOptions(2, args);
 

This shouldn't be required.  You should be able to directly add the passes you 
want.  See `llvm/lib/Passes/PassBuilder.cpp`.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:132
+
+  Triple ModuleTriple(M->getTargetTriple());
+  TargetOptions Options = InitTargetOptionsFromCodeGenFlags();

Move this closer to where it's used.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:133
+  Triple ModuleTriple(M->getTargetTriple());
+  TargetOptions Options = InitTargetOptionsFromCodeGenFlags();
+  std::string CPUStr;

`Options` is never used.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:136
+  std::string FeaturesStr;
+  std::unique_ptr TM(nullptr);
+  setFunctionAttributes(CPUStr, FeaturesStr, *M);

`TM` is never used.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:137
+  std::unique_ptr TM(nullptr);
+  setFunctionAttributes(CPUStr, FeaturesStr, *M);
+  

Does this do anything since `CPUStr` and `FeaturesStr` are empty?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:145
+  std::unique_ptr FPasses;
+  FPasses.reset(new legacy::FunctionPassManager(M.get()));
+  FPasses->add(createTargetTransformInfoWrapperPass(TargetIRAnalysis()));

Can we just make `FPasses` on stack instead?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:190
+  builder.setMCJITMemoryManager(
+  std::unique_ptr(RTDyldMM));
+  builder.setOptLevel(OLvl);

These 3 lines can be combined to `builder.setMCJITMemoryManager(new 
SectionMemoryManager())`


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman updated this revision to Diff 157138.
emmettneyman added a comment.

Cleaned up code

Tried to get rid of ParseCommandLineOptions() call but could not figure out
how to initialize a PassInfo object without it.


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp

Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,50 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs an loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
 
 using namespace llvm;
 
+static cl::list
+PassList(cl::desc("Optimizations available:"));
+
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +70,164 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
-  const std::vector &ExtraArgs) {
-  // Parse ExtraArgs to set the optimization level
-  CodeGenOpt::Level OLvl;
-  getOptLevel(ExtraArgs, OLvl);
+// Helper function to call pass initialization functions
+void InitEverything() {
+  PassRegistry &Registry = *PassRegistry::getPassRegistry();
+  initializeCore(Registry);
+  initializeScalarOpts(Registry);
+  initializeVectorization(Registry);
+  initializeIPO(Registry);
+  initializeAnalysis(Registry);
+  initializeTransformUtils(Registry);
+  initializeInstCombine(Registry);
+  initializeAggressiveInstCombine(Registry);
+  initializeInstrumentation(Registry);
+  initializeTarget(Registry);
+}
+
+void ErrorAndExit(std::string message) {
+  errs()<< "ERROR: " << message << "\n";
+  std::exit(1);
+}
+
+// Helper function to add optimization passes to the TargetMachine at the 
+// specified optimization level, OptLevel
+static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
+  legacy::FunctionPassManager &FPM,
+  unsigned OptLevel, unsigned SizeLevel) {
+  // Verify that input is correct by adding a verifier pass
+  FPM.add(createVerifierPass());
+
+  // Create and initializa a PassManagerBuilder
+  PassManagerBuilder Builder;
+  Builder.OptLevel = OptLevel;
+  Builder.SizeLevel = SizeLevel;
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateFunctionPassManager(FPM);
+  Builder.populateModulePassManager(MPM);
+}
+
+// Mimics the opt tool to run an optimization pass over the provided IR
+std::string OptLLVM(const std::string IR, CodeGenOpt::Level &OLvl) {
+  InitEverything();
+ 
+  // Mimic argc and argv and pass them to ParseCommandLineOptions to initilize
+  // PassList, ie which optimizations we want to run on the IR
+  // TODO: Find a better way of doing this
+  const char *args[2];
+  std::string arg0 = "llvm-proto-fuzzer";
+  std::string arg1 = "-loop-vectorize";
+  args[0] = arg0.c_str();
+  args[1] = arg1.c_str();
+  cl::ParseCommandLineOptions(2, a

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman updated this revision to Diff 156862.
emmettneyman added a comment.

Made fixes to patch, rebased CMake file


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp

Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,51 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs an loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/GenericValue.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
 
 using namespace llvm;
 
+static cl::list
+PassList(cl::desc("Optimizations available:"));
+
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +71,182 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
-  const std::vector &ExtraArgs) {
-  // Parse ExtraArgs to set the optimization level
-  CodeGenOpt::Level OLvl;
-  getOptLevel(ExtraArgs, OLvl);
+// Helper function to call pass initialization functions
+void InitEverything() {
+  PassRegistry &Registry = *PassRegistry::getPassRegistry();
+  initializeCore(Registry);
+  initializeScalarOpts(Registry);
+  initializeVectorization(Registry);
+  initializeIPO(Registry);
+  initializeAnalysis(Registry);
+  initializeTransformUtils(Registry);
+  initializeInstCombine(Registry);
+  initializeAggressiveInstCombine(Registry);
+  initializeInstrumentation(Registry);
+  initializeTarget(Registry);
+}
 
-  // Set the Module to include the the IR code to be compiled
+// Helper function to add optimization passes to the TargetMachine at the 
+// specified optimization level, OptLevel
+static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
+  legacy::FunctionPassManager &FPM,
+  unsigned OptLevel, unsigned SizeLevel) {
+  // Verify that input is correct by adding a verifier pass
+  FPM.add(createVerifierPass());
+
+  // Create and initializa a PassManagerBuilder
+  PassManagerBuilder Builder;
+  Builder.OptLevel = OptLevel;
+  Builder.SizeLevel = SizeLevel;
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateFunctionPassManager(FPM);
+  Builder.populateModulePassManager(MPM);
+}
+
+// Mimics the opt tool to run an optimization pass over the provided IR
+std::string OptLLVM(const std::string IR, CodeGenOpt::Level &OLvl) {
+  InitEverything();
+ 
+  // Mimic argc and argv and pass them to ParseCommandLineOptions to initilize
+  // PassList, ie which optimizations we want to run on the IR
+  // TODO: Find a better way of doing this
+  char *args[2];
+  char t[18] = "llvm-proto-fuzzer";
+  char s[16] = "-loop-vectorize";
+  args[0] = t;
+  args[1] = s;
+  cl::ParseCommandLineOptions(2, args, "");
+
+  // Create a module that will run the optimization passes
   SMDiagnostic Err;
+  LLVMContext Context;
+  std::unique_ptr 

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Peter Collingbourne via Phabricator via cfe-commits]

pcc added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:211-224
+  std::string ErrorMsg1;
+  EngineBuilder builder1(std::move(Owner1));
+  builder1.setMArch(MArch);
+  builder1.setMCPU(getCPUStr());
+  builder1.setMAttrs(getFeatureList());
+  builder1.setErrorStr(&ErrorMsg1);
+  builder1.setEngineKind(EngineKind::JIT);

Can you move this code (and maybe more of the duplicated code below) into a 
function and call it twice?


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Matt Morehouse via Phabricator via cfe-commits]

morehouse added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt:21
+  set(handle_llvm_deps)
+endif()
 

How are you doing your diff?  Some of these changes are already upstream.  
Please rebase 



Comment at: clang/tools/clang-fuzzer/handle-llvm/fuzzer_initialize.cpp:52
+  return 0;
+}

Can we use `fuzzer-initialize/` now?



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:54
+
+static std::string OptIR;
+

Unless there's a good reason for global, let's make this a local.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman updated this revision to Diff 156370.
emmettneyman added a comment.

- Fixed typo that broke build


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/CMakeLists.txt
  clang/tools/clang-fuzzer/ExampleClangLLVMProtoFuzzer.cpp
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/fuzzer_initialize.cpp
  clang/tools/clang-fuzzer/handle-llvm/fuzzer_initialize.h
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp

Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,53 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs an loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/GenericValue.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
 
 using namespace llvm;
 
+static cl::list
+PassList(cl::desc("Optimizations available:"));
+
+static std::string OptIR;
+
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +73,220 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
+// Helper function to call pass initialization functions
+void InitEverything() {
+  PassRegistry &Registry = *PassRegistry::getPassRegistry();
+  initializeCore(Registry);
+  initializeScalarOpts(Registry);
+  initializeVectorization(Registry);
+  initializeIPO(Registry);
+  initializeAnalysis(Registry);
+  initializeTransformUtils(Registry);
+  initializeInstCombine(Registry);
+  initializeAggressiveInstCombine(Registry);
+  initializeInstrumentation(Registry);
+  initializeTarget(Registry);
+}
+
+// Helper function to add optimization passes to the TargetMachine at the 
+// specified optimization level, OptLevel
+static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
+  legacy::FunctionPassManager &FPM,
+  unsigned OptLevel, unsigned SizeLevel) {
+  // Verify that input is correct by adding a verifier pass
+  FPM.add(createVerifierPass());
+
+  // Create and initializa a PassManagerBuilder
+  PassManagerBuilder Builder;
+  Builder.OptLevel = OptLevel;
+  Builder.SizeLevel = SizeLevel;
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateFunctionPassManager(FPM);
+  Builder.populateModulePassManager(MPM);
+}
+
+// Mimics the opt tool to run an optimization pass over the provided IR
+void OptLLVM(const std::string IR, CodeGenOpt::Level &OLvl) {
+  InitEverything();
+ 
+  // Mimic argc and argv and pass them to ParseCommandLineOptions to initilize
+  // PassList, ie which optimizations we want to run on the IR
+  // TODO: Find a better way of doing this
+  char *args[2];
+  char t[18] = "llvm-proto-fuzzer";
+  char s[16] = "-loop-vectorize";
+  args[0] = t;
+  args[1] = s;
+  cl::ParseCommandLineOptions(2, args, "");
+
+  // Create a module that will run the optimization passes
+  SMDiagnostic Err;
+  LLVMContext Context;
+  std::unique_ptr M = p

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman updated this revision to Diff 156364.
emmettneyman added a comment.

- Cleaned up leftover code from mmap memcpy


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/CMakeLists.txt
  clang/tools/clang-fuzzer/ExampleClangLLVMProtoFuzzer.cpp
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/fuzzer_initialize.cpp
  clang/tools/clang-fuzzer/handle-llvm/fuzzer_initialize.h
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.h

Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,53 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs an loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/GenericValue.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
 
 using namespace llvm;
 
+static cl::list
+PassList(cl::desc("Optimizations available:"));
+
+static std::string OptIR;
+
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +73,220 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
-  const std::vector &ExtraArgs) {
+// Helper function to call pass initialization functions
+void InitEverything() {
+  PassRegistry &Registry = *PassRegistry::getPassRegistry();
+  initializeCore(Registry);
+  initializeScalarOpts(Registry);
+  initializeVectorization(Registry);
+  initializeIPO(Registry);
+  initializeAnalysis(Registry);
+  initializeTransformUtils(Registry);
+  initializeInstCombine(Registry);
+  initializeAggressiveInstCombine(Registry);
+  initializeInstrumentation(Registry);
+  initializeTarget(Registry);
+}
+
+// Helper function to add optimization passes to the TargetMachine at the 
+// specified optimization level, OptLevel
+static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
+  legacy::FunctionPassManager &FPM,
+  unsigned OptLevel, unsigned SizeLevel) {
+  // Verify that input is correct by adding a verifier pass
+  FPM.add(createVerifierPass());
+
+  // Create and initializa a PassManagerBuilder
+  PassManagerBuilder Builder;
+  Builder.OptLevel = OptLevel;
+  Builder.SizeLevel = SizeLevel;
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateFunctionPassManager(FPM);
+  Builder.populateModulePassManager(MPM);
+}
+
+// Mimics the opt tool to run an optimization pass over the provided IR
+void OptLLVM(const std::string IR, CodeGenOpt::Level &OLvl) {
+  InitEverything();
+ 
+  // Mimic argc and argv and pass them to ParseCommandLineOptions to initilize
+  // PassList, ie which optimizations we want to run on the IR
+  // TODO: Find a better way of doing this
+  char *args[2];
+  char t[18] = "llvm-proto-fuzzer";
+  char s[16] = "-loop-vectorize";
+  args[0] = t;
+  args[1] = s;
+  cl::ParseCommandLineOptions(2, args, "");
+

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman updated this revision to Diff 156362.
emmettneyman added a comment.

- Switched to JIT for compilation and execution


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/CMakeLists.txt
  clang/tools/clang-fuzzer/ExampleClangLLVMProtoFuzzer.cpp
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/fuzzer_initialize.cpp
  clang/tools/clang-fuzzer/handle-llvm/fuzzer_initialize.h
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.h

Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,53 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs an loop
+// vectorizer optimization pass over the given IR code. Then mimics lli on both
+// versions to JIT the generated code and execute it. Currently, functions are 
+// executed on dummy inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/ExecutionEngine/GenericValue.h"
+#include "llvm/ExecutionEngine/JITEventListener.h"
+#include "llvm/ExecutionEngine/JITSymbol.h"
+#include "llvm/ExecutionEngine/MCJIT.h"
+#include "llvm/ExecutionEngine/ObjectCache.h"
+#include "llvm/ExecutionEngine/RTDyldMemoryManager.h"
+#include "llvm/ExecutionEngine/SectionMemoryManager.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
-
-#include 
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
 
 using namespace llvm;
 
+static cl::list
+PassList(cl::desc("Optimizations available:"));
+
+static std::string OptIR;
+
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,59 +73,221 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::string &S,
-  const std::vector &ExtraArgs) {
+// Helper function to call pass initialization functions
+void InitEverything() {
+  PassRegistry &Registry = *PassRegistry::getPassRegistry();
+  initializeCore(Registry);
+  initializeScalarOpts(Registry);
+  initializeVectorization(Registry);
+  initializeIPO(Registry);
+  initializeAnalysis(Registry);
+  initializeTransformUtils(Registry);
+  initializeInstCombine(Registry);
+  initializeAggressiveInstCombine(Registry);
+  initializeInstrumentation(Registry);
+  initializeTarget(Registry);
+}
+
+// Helper function to add optimization passes to the TargetMachine at the 
+// specified optimization level, OptLevel
+static void AddOptimizationPasses(legacy::PassManagerBase &MPM,
+  legacy::FunctionPassManager &FPM,
+  unsigned OptLevel, unsigned SizeLevel) {
+  // Verify that input is correct by adding a verifier pass
+  FPM.add(createVerifierPass());
+
+  // Create and initializa a PassManagerBuilder
+  PassManagerBuilder Builder;
+  Builder.OptLevel = OptLevel;
+  Builder.SizeLevel = SizeLevel;
+  Builder.Inliner = createFunctionInliningPass(OptLevel, SizeLevel, false);
+  Builder.LoopVectorize = true;
+  Builder.populateFunctionPassManager(FPM);
+  Builder.populateModulePassManager(MPM);
+}
+
+// Mimics the opt tool to run an optimization pass over the provided IR
+void OptLLVM(const std::string IR, CodeGenOpt::Level &OLvl) {
+  InitEverything();
+ 
+  // Mimic argc and argv and pass them to ParseCommandLineOptions to initilize
+  // PassList, ie which optimizations we want to run on the IR
+  // TODO: Find a better way of doing this
+  char *args[2];
+  char t[18] = "llvm-proto-fuzzer";
+  char s[16] = "-loop-vectorize";
+  args[0] = t;
+  args[1] = s;
+  cl::ParseCommandLineOptions(2, args, ""

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Matt Morehouse via Phabricator via cfe-commits]

morehouse added a comment.

You can probably get rid of the llvm-objcopy code and make this a lot simpler 
with something like:

1. Call `getSection()` on the Binary object to get the text section.
2. Read the `sh_offset` and `sh_size` of that section.
3. Copy `sh_size` bytes from the start of the binary buffer + `sh_offset` into 
your executable memory.
4. Run it.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Peter Collingbourne via Phabricator via cfe-commits]

pcc added inline comments.



Comment at: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp:209
+
+// Helper function that converts ELF relocatable into raw machine code that
+// can be executed in memory. Returns size of machine code.

Did you look at using LLVM's JIT infrastructure to do this?


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman added a comment.

The files

  Object.h
  Object.cpp
  llvm-objcopy.h

are from llvm/tools/llvm-obj-copy with only slight modifications, mostly 
deleting irrelevant parts.


Repository:
  rC Clang

https://reviews.llvm.org/D49526



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D49526: Updated llvm-proto-fuzzer to execute the compiled code

[Emmett Neyman via Phabricator via cfe-commits]

emmettneyman created this revision.
emmettneyman added reviewers: morehouse, kcc.
Herald added subscribers: cfe-commits, mgorny.
Herald added a reviewer: alexshap.

Made changes to the llvm-proto-fuzzer

- Added loop vectorizer optimization pass in order to have two IR versions
- Updated old fuzz target to handle two different IR versions
- Wrote code to execute both versions in memory


Repository:
  rC Clang

https://reviews.llvm.org/D49526

Files:
  clang/tools/clang-fuzzer/CMakeLists.txt
  clang/tools/clang-fuzzer/ExampleClangLLVMProtoFuzzer.cpp
  clang/tools/clang-fuzzer/handle-llvm/CMakeLists.txt
  clang/tools/clang-fuzzer/handle-llvm/Object.cpp
  clang/tools/clang-fuzzer/handle-llvm/Object.h
  clang/tools/clang-fuzzer/handle-llvm/fuzzer_initialize.cpp
  clang/tools/clang-fuzzer/handle-llvm/fuzzer_initialize.h
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
  clang/tools/clang-fuzzer/handle-llvm/handle_llvm.h
  clang/tools/clang-fuzzer/handle-llvm/llvm-objcopy.h

Index: clang/tools/clang-fuzzer/handle-llvm/llvm-objcopy.h
===
--- /dev/null
+++ clang/tools/clang-fuzzer/handle-llvm/llvm-objcopy.h
@@ -0,0 +1,42 @@
+//===- llvm-objcopy.h ---*- C++ -*-===//
+//
+//  The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//  Modified version of llvm/tools/llvm-objcopy/llvm-objcopy.h
+//
+//===--===//
+
+#ifndef LLVM_TOOLS_OBJCOPY_OBJCOPY_H
+#define LLVM_TOOLS_OBJCOPY_OBJCOPY_H
+
+#include "llvm/ADT/Twine.h"
+#include "llvm/Support/Compiler.h"
+#include "llvm/Support/Error.h"
+#include "llvm/Support/raw_ostream.h"
+#include 
+
+namespace llvm {
+
+LLVM_ATTRIBUTE_NORETURN extern void error(Twine Message);
+LLVM_ATTRIBUTE_NORETURN extern void reportError(StringRef File, Error E);
+LLVM_ATTRIBUTE_NORETURN extern void reportError(StringRef File,
+std::error_code EC);
+
+// This is taken from llvm-readobj.
+// [see here](llvm/tools/llvm-readobj/llvm-readobj.h:38)
+template  T unwrapOrError(Expected EO) {
+  if (EO)
+return *EO;
+  std::string Buf;
+  raw_string_ostream OS(Buf);
+  logAllUnhandledErrors(EO.takeError(), OS, "");
+  OS.flush();
+  error(Buf);
+}
+
+} // end namespace llvm
+
+#endif // LLVM_TOOLS_OBJCOPY_OBJCOPY_H
Index: clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
===
--- clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
+++ clang/tools/clang-fuzzer/handle-llvm/handle_llvm.cpp
@@ -7,33 +7,56 @@
 //
 //===--===//
 //
-// Implements HandleLLVM for use by the Clang fuzzers. Mimics the llc tool to
-// compile an LLVM IR file to X86_64 assembly.
+// Implements HandleLLVM for use by the Clang fuzzers. First runs an loop
+// vectorizer optimization pass over the given IR code. Then mimics llc on both
+// versions of the IR code to genereate machine code for each version. Inserts
+// both versions of the code into memory and executes both functions on dummy
+// inputs.
 //
 //===--===//
 
 #include "handle_llvm.h"
+#include "Object.h"
 
 #include "llvm/ADT/Triple.h"
 #include "llvm/Analysis/TargetLibraryInfo.h"
+#include "llvm/Analysis/TargetTransformInfo.h"
+#include "llvm/BinaryFormat/ELF.h"
 #include "llvm/CodeGen/CommandFlags.inc"
 #include "llvm/CodeGen/MachineModuleInfo.h"
+#include "llvm/CodeGen/TargetPassConfig.h"
+#include "llvm/IR/IRPrintingPasses.h"
 #include "llvm/IR/LegacyPassManager.h"
+#include "llvm/IR/LegacyPassNameParser.h"
 #include "llvm/IR/LLVMContext.h"
 #include "llvm/IR/Module.h"
 #include "llvm/IR/Verifier.h"
 #include "llvm/IRReader/IRReader.h"
+#include "llvm/Object/Binary.h"
+#include "llvm/Object/ELFObjectFile.h"
+#include "llvm/Object/ELFTypes.h"
+#include "llvm/Pass.h"
 #include "llvm/PassRegistry.h"
-#include "llvm/Support/InitLLVM.h"
 #include "llvm/Support/MemoryBuffer.h"
 #include "llvm/Support/SourceMgr.h"
 #include "llvm/Support/TargetRegistry.h"
+#include "llvm/Support/TargetSelect.h"
 #include "llvm/Target/TargetMachine.h"
+#include "llvm/Transforms/IPO/PassManagerBuilder.h"
+#include "llvm/Transforms/IPO.h"
 
 #include 
 
 using namespace llvm;
+using namespace object;
+using namespace ELF;
 
+static cl::list
+PassList(cl::desc("Optimizations available:"));
+
+static std::string OptIR;
+
+// Helper function to parse command line args and find the optimization level
 static void getOptLevel(const std::vector &ExtraArgs,
   CodeGenOpt::Level &OLvl) {
   // Find the optimization level from the command line args
@@ -53,23 +76,243 @@
   }
 }
 
-void clang_fuzzer::HandleLLVM(const std::st