FuzzingLLVM.rst - OpenGrok cross reference for /external/llvm-project/llvm/docs/FuzzingLLVM.rst

Lines Matching refs:fuzzer
20 clang-fuzzer
23 A |generic fuzzer| that tries to compile textual input as C++ code. Some of the
24 bugs this fuzzer has reported are `on bugzilla`__ and `on OSS Fuzz's
28 __ https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm+clang-fuzzer
30 clang-proto-fuzzer
33 A |protobuf fuzzer| that compiles valid C++ programs generated from a protobuf
36 This fuzzer accepts clang command line options after `ignore_remaining_args=1`.
42    % bin/clang-proto-fuzzer <corpus-dir> -ignore_remaining_args=1 -O3
44 clang-format-fuzzer
47 A |generic fuzzer| that runs clang-format_ on C++ text fragments. Some of the
48 bugs this fuzzer has reported are `on bugzilla`__
53 __ https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm+clang-format-fuzzer  argument
55 llvm-as-fuzzer
58 A |generic fuzzer| that tries to parse text as :doc:`LLVM assembly <LangRef>`.
59 Some of the bugs this fuzzer has reported are `on bugzilla`__.
63 llvm-dwarfdump-fuzzer
66 A |generic fuzzer| that interprets inputs as object files and runs
68 this fuzzer has reported are `on OSS Fuzz's tracker`__
70 __ https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm+llvm-dwarfdump-fuzzer
72 llvm-demangle-fuzzer
75 A |generic fuzzer| for the Itanium demangler used in various LLVM tools. We've
79 llvm-isel-fuzzer
82 A |LLVM IR fuzzer| aimed at finding bugs in instruction selection.
84 This fuzzer accepts flags after `ignore_remaining_args=1`. The flags match
90    % bin/llvm-isel-fuzzer <corpus-dir> -ignore_remaining_args=1 -mtriple aarch64 -global-isel -O0
94 or move ``llvm-isel-fuzzer`` to ``llvm-isel-fuzzer--x-y-z``, separating options
102    % bin/llvm-isel-fuzzer--aarch64-O0-gisel <corpus-dir>
104 llvm-opt-fuzzer
107 A |LLVM IR fuzzer| aimed at finding bugs in optimization passes.
109 It receives optimization pipeline and runs it for each fuzzer input.
111 Interface of this fuzzer almost directly mirrors ``llvm-isel-fuzzer``. Both
118    % bin/llvm-opt-fuzzer <corpus-dir> -ignore_remaining_args=1 -mtriple x86_64 -passes instcombine
120 Similarly to the ``llvm-isel-fuzzer`` arguments in some predefined configurations
125    % bin/llvm-opt-fuzzer--x86_64-instcombine <corpus-dir>
127 llvm-mc-assemble-fuzzer
130 A |generic fuzzer| that fuzzes the MC layer's assemblers by treating inputs as
133 Note that this fuzzer has an unusual command line interface which is not fully
135 after ``--fuzzer-args``, and any ``llc`` flags must use two dashes. For
140   llvm-mc-fuzzer --triple=aarch64-linux-gnu --fuzzer-args -max_len=4
144 llvm-mc-disassemble-fuzzer
147 A |generic fuzzer| that fuzzes the MC layer's disassemblers by treating inputs
150 Note that this fuzzer has an unusual command line interface which is not fully
152 ``llvm-mc-assemble-fuzzer`` for details.
155 .. |generic fuzzer| replace:: :ref:`generic fuzzer <fuzzing-llvm-generic>`  argument
156 .. |protobuf fuzzer|  argument
157    replace:: :ref:`libprotobuf-mutator based fuzzer <fuzzing-llvm-protobuf>`
158 .. |LLVM IR fuzzer|  argument
159    replace:: :ref:`structured LLVM IR fuzzer <fuzzing-llvm-ir>`
167 mutations that a fuzzer in LLVM might want.
176 mutations. This type of fuzzer is good for stressing the surface layers of a
180 Some of the in-tree fuzzers that use this type of mutator are `clang-fuzzer`_,
181 `clang-format-fuzzer`_, `llvm-as-fuzzer`_, `llvm-dwarfdump-fuzzer`_,
182 `llvm-mc-assemble-fuzzer`_, and `llvm-mc-disassemble-fuzzer`_.
196 To build this kind of fuzzer you need `protobuf`_ and its dependencies
198 with :doc:`CMake <CMake>`. For example, `clang-proto-fuzzer`_ can be enabled by
202 The only in-tree fuzzer that uses ``libprotobuf-mutator`` today is
203 `clang-proto-fuzzer`_.
218 `llvm-isel-fuzzer`_.
274 your fuzzer can be built and tested when not built against libFuzzer.
277 use the ``add_llvm_fuzzer`` to set up fuzzer targets. This function works