Fuzz multiple targets in cranelift-icache (#5482)

Fuzz additional targets in the cranelift-icache target. The list of targets fuzzed is controlled by the targets enabled in fuzz/Cargo.toml. This PR also reworks how instruction disabling is done in function generator, moving the deny-list to a function to make the decision at runtime instead of compile time.
2023-01-05 10:49:23 -08:00
parent ee6a909ccb
commit 36e5bdfd0e
8 changed files with 341 additions and 242 deletions
--- a/fuzz/fuzz_targets/cranelift-icache.rs
+++ b/fuzz/fuzz_targets/cranelift-icache.rs
@@ -4,39 +4,14 @@ use cranelift_codegen::{
    cursor::{Cursor, FuncCursor},
    incremental_cache as icache,
    ir::{self, immediates::Imm64, ExternalName},
-    isa,
-    settings::{self, Configurable as _},
    Context,
 };
 use libfuzzer_sys::fuzz_target;

 use cranelift_fuzzgen::*;
-use target_lexicon::Triple;

-fuzz_target!(|func: SingleFunction| {
-    let mut func = func.0;
-
-    let flags = settings::Flags::new({
-        let mut builder = settings::builder();
-        // We need llvm ABI extensions for i128 values on x86
-        builder.set("enable_llvm_abi_extensions", "true").unwrap();
-
-        // This is the default, but we should ensure that it wasn't accidentally turned off anywhere.
-        builder.set("enable_verifier", "true").unwrap();
-
-        builder
-    });
-
-    let isa_builder = isa::lookup(Triple::host())
-        .map_err(|err| match err {
-            isa::LookupError::SupportDisabled => {
-                "support for architecture disabled at compile time"
-            }
-            isa::LookupError::Unsupported => "unsupported architecture",
-        })
-        .unwrap();
-
-    let isa = isa_builder.finish(flags).unwrap();
+fuzz_target!(|func: FunctionWithIsa| {
+    let FunctionWithIsa { mut func, isa } = func;

    let cache_key_hash = icache::compute_cache_key(&*isa, &mut func);