FuzzingLLVM.rst - OpenGrok cross reference for /external/swiftshader/third

Lines Matching refs:fuzzer
19 clang-fuzzer
22 A |generic fuzzer| that tries to compile textual input as C++ code. Some of the
23 bugs this fuzzer has reported are `on bugzilla`__ and `on OSS Fuzz's
27 __ https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm+clang-fuzzer
29 clang-proto-fuzzer
32 A |protobuf fuzzer| that compiles valid C++ programs generated from a protobuf
35 This fuzzer accepts clang command line options after `ignore_remaining_args=1`.
41    % bin/clang-proto-fuzzer <corpus-dir> -ignore_remaining_args=1 -O3
43 clang-format-fuzzer
46 A |generic fuzzer| that runs clang-format_ on C++ text fragments. Some of the
47 bugs this fuzzer has reported are `on bugzilla`__
52 __ https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm+clang-format-fuzzer  argument
54 llvm-as-fuzzer
57 A |generic fuzzer| that tries to parse text as :doc:`LLVM assembly <LangRef>`.
58 Some of the bugs this fuzzer has reported are `on bugzilla`__.
62 llvm-dwarfdump-fuzzer
65 A |generic fuzzer| that interprets inputs as object files and runs
67 this fuzzer has reported are `on OSS Fuzz's tracker`__
69 __ https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm+llvm-dwarfdump-fuzzer
71 llvm-demangle-fuzzer
74 A |generic fuzzer| for the Itanium demangler used in various LLVM tools. We've
78 llvm-isel-fuzzer
81 A |LLVM IR fuzzer| aimed at finding bugs in instruction selection.
83 This fuzzer accepts flags after `ignore_remaining_args=1`. The flags match
89    % bin/llvm-isel-fuzzer <corpus-dir> -ignore_remaining_args=1 -mtriple aarch64 -global-isel -O0
93 or move ``llvm-isel-fuzzer`` to ``llvm-isel-fuzzer--x-y-z``, separating options
101    % bin/llvm-isel-fuzzer--aarch64-O0-gisel <corpus-dir>
103 llvm-opt-fuzzer
106 A |LLVM IR fuzzer| aimed at finding bugs in optimization passes.
108 It receives optimzation pipeline and runs it for each fuzzer input.
110 Interface of this fuzzer almost directly mirrors ``llvm-isel-fuzzer``. Both
116    % bin/llvm-opt-fuzzer <corpus-dir> -ignore_remaining_args=1 -mtriple x86_64 -passes instcombine
118 Similarly to the ``llvm-isel-fuzzer`` arguments in some predefined configurations
123    % bin/llvm-opt-fuzzer--x86_64-instcombine <corpus-dir>
125 llvm-mc-assemble-fuzzer
128 A |generic fuzzer| that fuzzes the MC layer's assemblers by treating inputs as
131 Note that this fuzzer has an unusual command line interface which is not fully
133 after ``--fuzzer-args``, and any ``llc`` flags must use two dashes. For
138   llvm-mc-fuzzer --triple=aarch64-linux-gnu --fuzzer-args -max_len=4
142 llvm-mc-disassemble-fuzzer
145 A |generic fuzzer| that fuzzes the MC layer's disassemblers by treating inputs
148 Note that this fuzzer has an unusual command line interface which is not fully
150 ``llvm-mc-assemble-fuzzer`` for details.
153 .. |generic fuzzer| replace:: :ref:`generic fuzzer <fuzzing-llvm-generic>`  argument
154 .. |protobuf fuzzer|  argument
155    replace:: :ref:`libprotobuf-mutator based fuzzer <fuzzing-llvm-protobuf>`
156 .. |LLVM IR fuzzer|  argument
157    replace:: :ref:`structured LLVM IR fuzzer <fuzzing-llvm-ir>`
165 mutations that a fuzzer in LLVM might want.
174 mutations. This type of fuzzer is good for stressing the surface layers of a
178 Some of the in-tree fuzzers that use this type of mutator are `clang-fuzzer`_,
179 `clang-format-fuzzer`_, `llvm-as-fuzzer`_, `llvm-dwarfdump-fuzzer`_,
180 `llvm-mc-assemble-fuzzer`_, and `llvm-mc-disassemble-fuzzer`_.
194 To build this kind of fuzzer you need `protobuf`_ and its dependencies
196 with :doc:`CMake <CMake>`. For example, `clang-proto-fuzzer`_ can be enabled by
200 The only in-tree fuzzer that uses ``libprotobuf-mutator`` today is
201 `clang-proto-fuzzer`_.
216 `llvm-isel-fuzzer`_.
268 your fuzzer can be built and tested when not built against libFuzzer.
271 use the ``add_llvm_fuzzer`` to set up fuzzer targets. This function works