[llvm-mc-fuzzer] Support untested instruction discovery for variable length instruction sets like microMIPS.

Summary:
For fixed length instructions, we can use -max_len to limit the fuzzer to a
single instruction. This doesn't work for variable length instruction sets
since a 4-byte input could consist of one 4-byte instruction or two 2-byte
instructions.

This patch adds a --insn-limit to llvm-mc-fuzzer to limit the input in
terms of instructions processed.

Reviewers: kcc

Subscribers: kcc, llvm-commits

Differential Revision: http://reviews.llvm.org/D12960

llvm-svn: 248253

1 files changed, 11 insertions, 0 deletions

diff --git a/llvm/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp b/llvm/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp
index 7b891325571..f2bbe4f1af3 100644
--- a/llvm/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp
+++ b/llvm/tools/llvm-mc-fuzzer/llvm-mc-fuzzer.cpp
@@ -44,6 +44,12 @@ static cl::opt<std::string>
          cl::desc("Target a specific cpu type (-mcpu=help for details)"),
          cl::value_desc("cpu-name"), cl::init(""));
 
+// This is useful for variable-length instruction sets.
+static cl::opt<unsigned> InsnLimit(
+    "insn-limit",
+    cl::desc("Limit the number of instructions to process (0 for no limit)"),
+    cl::value_desc("count"), cl::init(0));
+
 static cl::list<std::string>
     MAttrs("mattr", cl::CommaSeparated,
            cl::desc("Target specific attributes (-mattr=help for details)"),
@@ -67,11 +73,16 @@ void DisassembleOneInput(const uint8_t *Data, size_t Size) {
   assert(Ctx);
   uint8_t *p = DataCopy.data();
   unsigned Consumed;
+  unsigned InstructionsProcessed = 0;
   do {
     Consumed = LLVMDisasmInstruction(Ctx, p, Size, 0, AssemblyText,
                                      AssemblyTextBufSize);
     Size -= Consumed;
     p += Consumed;
+
+    InstructionsProcessed ++;
+    if (InsnLimit != 0 && InstructionsProcessed < InsnLimit)
+      break;
   } while (Consumed != 0);
   LLVMDisasmDispose(Ctx);
 }