============
The LLVM tree includes a number of fuzzers for various components. These are
-built on top of :doc:`LibFuzzer <LibFuzzer>`.
+built on top of :doc:`LibFuzzer <LibFuzzer>`. In order to build and run these
+fuzzers, see :ref:`building-fuzzers`.
Available Fuzzers
__ https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm+llvm-dwarfdump-fuzzer
+llvm-demangle-fuzzer
+---------------------
+
+A |generic fuzzer| for the Itanium demangler used in various LLVM tools. We've
+fuzzed __cxa_demangle to death, why not fuzz LLVM's implementation of the same
+function!
+
llvm-isel-fuzzer
----------------
% bin/llvm-isel-fuzzer--aarch64-O0-gisel <corpus-dir>
+llvm-opt-fuzzer
+---------------
+
+A |LLVM IR fuzzer| aimed at finding bugs in optimization passes.
+
+It receives optimzation pipeline and runs it for each fuzzer input.
+
+Interface of this fuzzer almost directly mirrors ``llvm-isel-fuzzer``. Both
+``mtriple`` and ``passes`` arguments are required. Passes are specified in a
+format suitable for the new pass manager. You can find some documentation about
+this format in the doxygen for ``PassBuilder::parsePassPipeline``.
+
+.. code-block:: shell
+
+ % bin/llvm-opt-fuzzer <corpus-dir> -ignore_remaining_args=1 -mtriple x86_64 -passes instcombine
+
+Similarly to the ``llvm-isel-fuzzer`` arguments in some predefined configurations
+might be embedded directly into the binary file name:
+
+.. code-block:: shell
+
+ % bin/llvm-opt-fuzzer--x86_64-instcombine <corpus-dir>
+
llvm-mc-assemble-fuzzer
-----------------------
with sanitizers, you'll want to specify ``-DLLVM_BUILD_RUNTIME=Off``
to avoid building the sanitizers themselves with sanitizers enabled.
+.. note:: You may run into issues if you build with BFD ld, which is the
+ default linker on many unix systems. These issues are being tracked
+ in https://llvm.org/PR34636.
+
Continuously Running and Finding Bugs
-------------------------------------
OSDN Git Service
