Skip to content

Instantly share code, notes, and snippets.

@CAFxX

CAFxX/LLVM-BB-trellis.html

Created July 20, 2012 08:30
Show Gist options
  • Save CAFxX/3149600 to your computer and use it in GitHub Desktop.
Save CAFxX/3149600 to your computer and use it in GitHub Desktop.
Download ZIP
LLVM fuzzer: BB trellis
Raw
LLVM-BB-trellis.html
<html><body><script>
const nBB = 256; // number of basic blocks to generate
const nI = 1; // number of instructions per basic block
const nVar = 16; // number of variables defined
const nBr = 16; // number of targets of the switch (for bThreaded==false)
const bThreaded = true; // simulate threaded code (implies nBr=nBB)
var i, vars="";
for (i=0; i<nVar; i++)
vars += "v"+i+"=0,";
vars = " unsigned int " + vars + "c;\n\n";
var j, bbs="";
for (j=0; j<nBB; j++) {
var k, bb=" bb"+j+":\n";
for (k=0; k<nI && j>0; k++)
bb += " " + rv() + "=" + ra() + rop() + ra() + ";\n";
bb += " switch (c=*_c++){\n";
if (bThreaded) {
for (k=0; k<nBB+nVar; k++)
bb += " case "+k+":goto bb"+k+";\n";
} else {
for (k=0; k<nBr; k++)
bb += " case "+k+":goto "+rbb()+";\n";
}
bb += " default:__builtin_unreachable();\n";
bb += " }\n\n";
bbs += bb;
}
var k;
for (k=0; k<nVar; k++)
bbs += " bb"+(j+k)+":return v"+k+";\n";
bbs = "unsigned int dummy_vm(unsigned int *_c) {\n" + vars + bbs + "}\n";
function r(u) Math.floor(Math.random()*u)
function re(a) a[r(a.length)];
function rv() "v"+r(nVar);
function ra() re([rn() + rv(), "(unsigned int)("+r(0xFFFFFFFF)+")"]);
function rbb() "bb"+r(nBB+nVar);
function rop() re(["+", "-", "*", "/", "%", "&", "|", "^"]);
function rn() re(["", "~"]);
document.write("<pre>/* LLVM-BB-fuzzer */\n\n"+bbs+"<pre>");
</script></body></html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment