int main(int argc, char **argv) {
// The command line is unusual compared to other fuzzers due to the need to
// specify the target. Options like -triple, -mcpu, and -mattr work like
// their counterparts in llvm-mc, while -fuzzer-args collects options for the
// fuzzer itself.
//
// Examples:
//
// Fuzz the big-endian MIPS32R6 disassembler using 100,000 inputs of up to
// 4-bytes each and use the contents of ./corpus as the test corpus:
// llvm-mc-fuzzer -triple mips-linux-gnu -mcpu=mips32r6 -disassemble \
// -fuzzer-args -max_len=4 -runs=100000 ./corpus
//
// Infinitely fuzz the little-endian MIPS64R2 disassembler with the MSA
// feature enabled using up to 64-byte inputs:
// llvm-mc-fuzzer -triple mipsel-linux-gnu -mcpu=mips64r2 -mattr=msa \
// -disassemble -fuzzer-args ./corpus
//
// If your aim is to find instructions that are not tested, then it is
// advisable to constrain the maximum input size to a single instruction
// using -max_len as in the first example. This results in a test corpus of
// individual instructions that test unique paths. Without this constraint,
// there will be considerable redundancy in the corpus.
LLVMInitializeAllTargetInfos();
LLVMInitializeAllTargetMCs();
LLVMInitializeAllDisassemblers();
cl::ParseCommandLineOptions(argc, argv);
// Package up features to be passed to target/subtarget
// We have to pass it via a global since the callback doesn't
// permit any user data.
if (MAttrs.size()) {
SubtargetFeatures Features;
for (unsigned i = 0; i != MAttrs.size(); ++i)
Features.AddFeature(MAttrs[i]);
FeaturesStr = Features.getString();
}
// Insert the program name into the FuzzerArgv.
FuzzerArgv.insert(FuzzerArgv.begin(), argv[0]);
if (Action == AC_Assemble)
errs() << "error: -assemble is not implemented\n";
else if (Action == AC_Disassemble)
return fuzzer::FuzzerDriver(FuzzerArgv, DisassembleOneInput);
llvm_unreachable("Unknown action");
return 1;
}
