[llvm-mc-fuzzer] Support untested instruction discovery for variable length instructi...

Summary:
For fixed length instructions, we can use -max_len to limit the fuzzer to a
single instruction. This doesn't work for variable length instruction sets
since a 4-byte input could consist of one 4-byte instruction or two 2-byte
instructions.

This patch adds a --insn-limit to llvm-mc-fuzzer to limit the input in
terms of instructions processed.

Reviewers: kcc

Subscribers: kcc, llvm-commits

Differential Revision: http://reviews.llvm.org/D12960

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@248253 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp b/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp
index 7b89132..f2bbe4f 100644 (file)
--- a/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp
+++ b/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp
@@ -44,6 +44,12 @@ static cl::opt<std::string>
          cl::desc("Target a specific cpu type (-mcpu=help for details)"),
          cl::value_desc("cpu-name"), cl::init(""));
 
+// This is useful for variable-length instruction sets.
+static cl::opt<unsigned> InsnLimit(
+    "insn-limit",
+    cl::desc("Limit the number of instructions to process (0 for no limit)"),
+    cl::value_desc("count"), cl::init(0));
+
 static cl::list<std::string>
     MAttrs("mattr", cl::CommaSeparated,
            cl::desc("Target specific attributes (-mattr=help for details)"),
@@ -67,11 +73,16 @@ void DisassembleOneInput(const uint8_t *Data, size_t Size) {
   assert(Ctx);
   uint8_t *p = DataCopy.data();
   unsigned Consumed;
+  unsigned InstructionsProcessed = 0;
   do {
     Consumed = LLVMDisasmInstruction(Ctx, p, Size, 0, AssemblyText,
                                      AssemblyTextBufSize);
     Size -= Consumed;
     p += Consumed;
+
+    InstructionsProcessed ++;
+    if (InsnLimit != 0 && InstructionsProcessed < InsnLimit)
+      break;
   } while (Consumed != 0);
   LLVMDisasmDispose(Ctx);
 }