[mlir] Split parser fuzzer for bytecode & text

Enable fuzzing these independently. Currently still not linking in
dialects beyond Builtin.

mlir/tools/mlir-parser-fuzzer/CMakeLists.txt

@@ -1,14 +1,2 @@
-set(LLVM_LINK_COMPONENTS
-  FuzzerCLI
-  Support
-)
-add_llvm_fuzzer(mlir-parser-fuzzer
-  mlir-parser-fuzzer.cpp
-  DUMMY_MAIN DummyParserFuzzer.cpp
-)
-target_link_libraries(mlir-parser-fuzzer
-  PUBLIC
-  MLIRIR
-  MLIRParser
-  MLIRSupport
-)
+add_subdirectory(bytecode)
+add_subdirectory(text)

mlir/tools/mlir-parser-fuzzer/bytecode/CMakeLists.txt

@@ -0,0 +1,15 @@
+set(LLVM_LINK_COMPONENTS
+  FuzzerCLI
+  Support
+)
+add_llvm_fuzzer(mlir-bytecode-parser-fuzzer
+  mlir-bytecode-parser-fuzzer.cpp
+  DUMMY_MAIN DummyParserFuzzer.cpp
+)
+target_link_libraries(mlir-bytecode-parser-fuzzer
+  PUBLIC
+  MLIRIR
+  MLIRParser
+  MLIRSupport
+)
+

mlir/tools/mlir-parser-fuzzer/bytecode/mlir-bytecode-parser-fuzzer.cpp

@@ -0,0 +1,51 @@
+//===--- mlir-bytecode-parser-fuzzer.cpp - Entry point to parser fuzzer ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+// Implementation of main so we can build and test without linking libFuzzer.
+//
+//===----------------------------------------------------------------------===//
+
+#include "mlir/IR/BuiltinOps.h"
+#include "mlir/IR/Diagnostics.h"
+#include "mlir/IR/MLIRContext.h"
+#include "mlir/Parser/Parser.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/Compiler.h"
+
+using namespace mlir;
+
+extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerTestOneInput(const uint8_t *data,
+                                                          size_t size) {
+  // Skip empty inputs.
+  if (size <= 1 || data[size - 1] != 0)
+    return -1;
+  llvm::StringRef str(reinterpret_cast<const char *>(data), size - 1);
+  // Skip if not bytecode.
+  if (!str.startswith("ML\xefR"))
+    return -1;
+
+  // Create a null-terminated memory buffer from the input.
+  DialectRegistry registry;
+  MLIRContext context(registry);
+  context.allowUnregisteredDialects();
+
+  // Register diagnostic handler to avoid triggering exit behavior.
+  context.getDiagEngine().registerHandler(
+      [](mlir::Diagnostic &diag) { return; });
+
+  // Parse module. The parsed module isn't used, so it is discarded post parse
+  // (successful or failure). The returned module is wrapped in a unique_ptr
+  // such that it is freed upon exit if returned.
+  (void)parseSourceString<ModuleOp>(str, &context);
+  return 0;
+}
+
+extern "C" LLVM_ATTRIBUTE_USED int llvmFuzzerInitialize(int *argc,
+                                                        char ***argv) {
+  return 0;
+}

mlir/tools/mlir-parser-fuzzer/text/CMakeLists.txt

@@ -0,0 +1,15 @@
+set(LLVM_LINK_COMPONENTS
+  FuzzerCLI
+  Support
+)
+add_llvm_fuzzer(mlir-text-parser-fuzzer
+  mlir-text-parser-fuzzer.cpp
+  DUMMY_MAIN DummyParserFuzzer.cpp
+)
+target_link_libraries(mlir-text-parser-fuzzer
+  PUBLIC
+  MLIRIR
+  MLIRParser
+  MLIRSupport
+)
+

mlir/tools/mlir-parser-fuzzer/text/DummyParserFuzzer.cpp

@@ -0,0 +1,20 @@
+//===--- DummyParserFuzzer.cpp - Entry point to sanity check the fuzzer ---===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+// Implementation of main so we can build and test without linking libFuzzer.
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/FuzzMutate/FuzzerCLI.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+extern "C" int llvmFuzzerInitialize(int *argc, char ***argv);
+int main(int argc, char *argv[]) {
+  return llvm::runFuzzerOnInputs(argc, argv, LLVMFuzzerTestOneInput,
+                                 llvmFuzzerInitialize);
+}

mlir/tools/mlir-parser-fuzzer/text/mlir-text-parser-fuzzer.cpp

@@ -1,4 +1,4 @@
-//===--- mlir-parser-fuzzer.cpp - Entry point to parser fuzzer ------------===//
+//===--- mlir-text-parser-fuzzer.cpp - Entry point to parser fuzzer -------===//
 //
 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
 // See https://llvm.org/LICENSE.txt for license information.
@@ -12,7 +12,6 @@
 
 #include "mlir/IR/BuiltinOps.h"
 #include "mlir/IR/Diagnostics.h"
-#include "mlir/IR/Dialect.h"
 #include "mlir/IR/MLIRContext.h"
 #include "mlir/Parser/Parser.h"
 #include "llvm/ADT/StringRef.h"
@@ -24,8 +23,11 @@ extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerTestOneInput(const uint8_t *data,
                                                           size_t size) {
   // Skip empty inputs.
   if (size <= 1 || data[size - 1] != 0)
-    return 0;
-  --size;
+    return -1;
+  llvm::StringRef str(reinterpret_cast<const char *>(data), size - 1);
+  // Skip if bytecode.
+  if (str.startswith("ML\xefR"))
+    return -1;
 
   // Create a null-terminated memory buffer from the input.
   DialectRegistry registry;
@@ -36,8 +38,6 @@ extern "C" LLVM_ATTRIBUTE_USED int LLVMFuzzerTestOneInput(const uint8_t *data,
   context.getDiagEngine().registerHandler(
       [](mlir::Diagnostic &diag) { return; });
 
-  llvm::StringRef str(reinterpret_cast<const char *>(data), size);
-
   // Parse module. The parsed module isn't used, so it is discarded post parse
   // (successful or failure). The returned module is wrapped in a unique_ptr
   // such that it is freed upon exit if returned.