spirv-fuzz: Support AtomicStore (#4440)
Adds support for atomic operations in TransformationStore and its associated fuzzer pass. Fixes #4337.
This commit is contained in:
Mostafa Ashraf
GitHub
Родитель
366d1be5e8
Коммит
07f1302352
|
|
@ -43,6 +43,7 @@ const std::pair<uint32_t, uint32_t> kChanceOfAddingAnotherStructField = {20,
|
|||
90};
|
||||
const std::pair<uint32_t, uint32_t> kChanceOfAddingArrayOrStructType = {20, 90};
|
||||
const std::pair<uint32_t, uint32_t> KChanceOfAddingAtomicLoad = {30, 90};
|
||||
const std::pair<uint32_t, uint32_t> KChanceOfAddingAtomicStore = {20, 90};
|
||||
const std::pair<uint32_t, uint32_t> kChanceOfAddingBitInstructionSynonym = {5,
|
||||
20};
|
||||
const std::pair<uint32_t, uint32_t>
|
||||
|
|
@ -219,6 +220,8 @@ FuzzerContext::FuzzerContext(std::unique_ptr<RandomGenerator> random_generator,
|
|||
ChooseBetweenMinAndMax(kChanceOfAddingArrayOrStructType);
|
||||
chance_of_adding_atomic_load_ =
|
||||
ChooseBetweenMinAndMax(KChanceOfAddingAtomicLoad);
|
||||
chance_of_adding_atomic_store_ =
|
||||
ChooseBetweenMinAndMax(KChanceOfAddingAtomicStore);
|
||||
chance_of_adding_bit_instruction_synonym_ =
|
||||
ChooseBetweenMinAndMax(kChanceOfAddingBitInstructionSynonym);
|
||||
chance_of_adding_both_branches_when_replacing_opselect_ =
|
||||
|
|
|
|||
|
|
@ -145,6 +145,9 @@ class FuzzerContext {
|
|||
uint32_t GetChanceOfAddingAtomicLoad() const {
|
||||
return chance_of_adding_atomic_load_;
|
||||
}
|
||||
uint32_t GetChanceOfAddingAtomicStore() const {
|
||||
return chance_of_adding_atomic_store_;
|
||||
}
|
||||
uint32_t GetChanceOfAddingBitInstructionSynonym() const {
|
||||
return chance_of_adding_bit_instruction_synonym_;
|
||||
}
|
||||
|
|
@ -496,6 +499,7 @@ class FuzzerContext {
|
|||
uint32_t chance_of_adding_another_struct_field_;
|
||||
uint32_t chance_of_adding_array_or_struct_type_;
|
||||
uint32_t chance_of_adding_atomic_load_;
|
||||
uint32_t chance_of_adding_atomic_store_;
|
||||
uint32_t chance_of_adding_bit_instruction_synonym_;
|
||||
uint32_t chance_of_adding_both_branches_when_replacing_opselect_;
|
||||
uint32_t chance_of_adding_composite_extract_;
|
||||
|
|
|
|||
|
|
@ -92,10 +92,11 @@ void FuzzerPassAddLoads::Apply() {
|
|||
uint32_t memory_scope_id = 0;
|
||||
uint32_t memory_semantics_id = 0;
|
||||
|
||||
auto storage_class = GetIRContext()
|
||||
->get_def_use_mgr()
|
||||
->GetDef(chosen_instruction->type_id())
|
||||
->GetSingleWordInOperand(0);
|
||||
auto storage_class = static_cast<SpvStorageClass>(
|
||||
GetIRContext()
|
||||
->get_def_use_mgr()
|
||||
->GetDef(chosen_instruction->type_id())
|
||||
->GetSingleWordInOperand(0));
|
||||
|
||||
switch (storage_class) {
|
||||
case SpvStorageClassStorageBuffer:
|
||||
|
|
@ -115,8 +116,8 @@ void FuzzerPassAddLoads::Apply() {
|
|||
|
||||
memory_semantics_id = FindOrCreateConstant(
|
||||
{static_cast<uint32_t>(
|
||||
TransformationLoad::GetMemorySemanticsForStorageClass(
|
||||
static_cast<SpvStorageClass>(storage_class)))},
|
||||
fuzzerutil::GetMemorySemanticsForStorageClass(
|
||||
storage_class))},
|
||||
FindOrCreateIntegerType(32, GetFuzzerContext()->ChooseEven()),
|
||||
false);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,16 +39,20 @@ void FuzzerPassAddStores::Apply() {
|
|||
"The opcode of the instruction we might insert before must be "
|
||||
"the same as the opcode in the descriptor for the instruction");
|
||||
|
||||
// Randomly decide whether to try inserting a store here.
|
||||
if (!GetFuzzerContext()->ChoosePercentage(
|
||||
GetFuzzerContext()->GetChanceOfAddingStore())) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Check whether it is legitimate to insert a store before this
|
||||
// instruction.
|
||||
if (!fuzzerutil::CanInsertOpcodeBeforeInstruction(SpvOpStore,
|
||||
inst_it)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Randomly decide whether to try inserting a store here.
|
||||
if (!GetFuzzerContext()->ChoosePercentage(
|
||||
GetFuzzerContext()->GetChanceOfAddingStore())) {
|
||||
if (!fuzzerutil::CanInsertOpcodeBeforeInstruction(SpvOpAtomicStore,
|
||||
inst_it)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -117,10 +121,49 @@ void FuzzerPassAddStores::Apply() {
|
|||
return;
|
||||
}
|
||||
|
||||
// Choose a value at random, and create and apply a storing
|
||||
// transformation based on it and the pointer.
|
||||
bool is_atomic_store = false;
|
||||
uint32_t memory_scope_id = 0;
|
||||
uint32_t memory_semantics_id = 0;
|
||||
|
||||
auto storage_class =
|
||||
static_cast<SpvStorageClass>(GetIRContext()
|
||||
->get_def_use_mgr()
|
||||
->GetDef(pointer->type_id())
|
||||
->GetSingleWordInOperand(0));
|
||||
|
||||
switch (storage_class) {
|
||||
case SpvStorageClassStorageBuffer:
|
||||
case SpvStorageClassPhysicalStorageBuffer:
|
||||
case SpvStorageClassWorkgroup:
|
||||
case SpvStorageClassCrossWorkgroup:
|
||||
case SpvStorageClassAtomicCounter:
|
||||
case SpvStorageClassImage:
|
||||
if (GetFuzzerContext()->ChoosePercentage(
|
||||
GetFuzzerContext()->GetChanceOfAddingAtomicStore())) {
|
||||
is_atomic_store = true;
|
||||
|
||||
memory_scope_id = FindOrCreateConstant(
|
||||
{SpvScopeInvocation},
|
||||
FindOrCreateIntegerType(32, GetFuzzerContext()->ChooseEven()),
|
||||
false);
|
||||
|
||||
memory_semantics_id = FindOrCreateConstant(
|
||||
{static_cast<uint32_t>(
|
||||
fuzzerutil::GetMemorySemanticsForStorageClass(
|
||||
storage_class))},
|
||||
FindOrCreateIntegerType(32, GetFuzzerContext()->ChooseEven()),
|
||||
false);
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
// Create and apply the transformation.
|
||||
ApplyTransformation(TransformationStore(
|
||||
pointer->result_id(),
|
||||
pointer->result_id(), is_atomic_store, memory_scope_id,
|
||||
memory_semantics_id,
|
||||
relevant_values[GetFuzzerContext()->RandomIndex(relevant_values)]
|
||||
->result_id(),
|
||||
instruction_descriptor));
|
||||
|
|
|
|||
|
|
@ -455,6 +455,30 @@ uint32_t GetBoundForCompositeIndex(const opt::Instruction& composite_type_inst,
|
|||
}
|
||||
}
|
||||
|
||||
SpvMemorySemanticsMask GetMemorySemanticsForStorageClass(
|
||||
SpvStorageClass storage_class) {
|
||||
switch (storage_class) {
|
||||
case SpvStorageClassWorkgroup:
|
||||
return SpvMemorySemanticsWorkgroupMemoryMask;
|
||||
|
||||
case SpvStorageClassStorageBuffer:
|
||||
case SpvStorageClassPhysicalStorageBuffer:
|
||||
return SpvMemorySemanticsUniformMemoryMask;
|
||||
|
||||
case SpvStorageClassCrossWorkgroup:
|
||||
return SpvMemorySemanticsCrossWorkgroupMemoryMask;
|
||||
|
||||
case SpvStorageClassAtomicCounter:
|
||||
return SpvMemorySemanticsAtomicCounterMemoryMask;
|
||||
|
||||
case SpvStorageClassImage:
|
||||
return SpvMemorySemanticsImageMemoryMask;
|
||||
|
||||
default:
|
||||
return SpvMemorySemanticsMaskNone;
|
||||
}
|
||||
}
|
||||
|
||||
bool IsValid(const opt::IRContext* context,
|
||||
spv_validator_options validator_options,
|
||||
MessageConsumer consumer) {
|
||||
|
|
|
|||
|
|
@ -169,6 +169,10 @@ uint32_t GetArraySize(const opt::Instruction& array_type_instruction,
|
|||
uint32_t GetBoundForCompositeIndex(const opt::Instruction& composite_type_inst,
|
||||
opt::IRContext* ir_context);
|
||||
|
||||
// Returns memory semantics mask for specific storage class.
|
||||
SpvMemorySemanticsMask GetMemorySemanticsForStorageClass(
|
||||
SpvStorageClass storage_class);
|
||||
|
||||
// Returns true if and only if |context| is valid, according to the validator
|
||||
// instantiated with |validator_options|. |consumer| is used for error
|
||||
// reporting.
|
||||
|
|
|
|||
|
|
@ -2245,17 +2245,26 @@ message TransformationSplitBlock {
|
|||
|
||||
message TransformationStore {
|
||||
|
||||
// Transformation that adds an OpStore instruction of an id to a pointer.
|
||||
// Transformation that adds an OpStore or OpAtomicStore instruction of an id to a pointer.
|
||||
|
||||
// The pointer to be stored to
|
||||
// The pointer to be stored to.
|
||||
uint32 pointer_id = 1;
|
||||
|
||||
// The value to be stored
|
||||
uint32 value_id = 2;
|
||||
// True if and only if the load should be atomic.
|
||||
bool is_atomic = 2;
|
||||
|
||||
// The memory scope for the atomic load. Ignored unless |is_atomic| is true.
|
||||
uint32 memory_scope_id = 3;
|
||||
|
||||
// The memory semantics for the atomic load. Ignored unless |is_atomic| is true.
|
||||
uint32 memory_semantics_id = 4;
|
||||
|
||||
// The value to be stored.
|
||||
uint32 value_id = 5;
|
||||
|
||||
// A descriptor for an instruction in a block before which the new OpStore
|
||||
// instruction should be inserted
|
||||
InstructionDescriptor instruction_to_insert_before = 3;
|
||||
// instruction should be inserted.
|
||||
InstructionDescriptor instruction_to_insert_before = 6;
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -158,8 +158,9 @@ bool TransformationLoad::IsApplicable(
|
|||
auto memory_semantics_const_value = static_cast<SpvMemorySemanticsMask>(
|
||||
memory_semantics_instruction->GetSingleWordInOperand(0));
|
||||
if (memory_semantics_const_value !=
|
||||
GetMemorySemanticsForStorageClass(static_cast<SpvStorageClass>(
|
||||
pointer_type->GetSingleWordInOperand(0)))) {
|
||||
fuzzerutil::GetMemorySemanticsForStorageClass(
|
||||
static_cast<SpvStorageClass>(
|
||||
pointer_type->GetSingleWordInOperand(0)))) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -213,30 +214,6 @@ void TransformationLoad::Apply(opt::IRContext* ir_context,
|
|||
}
|
||||
}
|
||||
|
||||
SpvMemorySemanticsMask TransformationLoad::GetMemorySemanticsForStorageClass(
|
||||
SpvStorageClass storage_class) {
|
||||
switch (storage_class) {
|
||||
case SpvStorageClassWorkgroup:
|
||||
return SpvMemorySemanticsWorkgroupMemoryMask;
|
||||
|
||||
case SpvStorageClassStorageBuffer:
|
||||
case SpvStorageClassPhysicalStorageBuffer:
|
||||
return SpvMemorySemanticsUniformMemoryMask;
|
||||
|
||||
case SpvStorageClassCrossWorkgroup:
|
||||
return SpvMemorySemanticsCrossWorkgroupMemoryMask;
|
||||
|
||||
case SpvStorageClassAtomicCounter:
|
||||
return SpvMemorySemanticsAtomicCounterMemoryMask;
|
||||
|
||||
case SpvStorageClassImage:
|
||||
return SpvMemorySemanticsImageMemoryMask;
|
||||
|
||||
default:
|
||||
return SpvMemorySemanticsMaskNone;
|
||||
}
|
||||
}
|
||||
|
||||
protobufs::Transformation TransformationLoad::ToMessage() const {
|
||||
protobufs::Transformation result;
|
||||
*result.mutable_load() = message_;
|
||||
|
|
|
|||
|
|
@ -58,10 +58,6 @@ class TransformationLoad : public Transformation {
|
|||
void Apply(opt::IRContext* ir_context,
|
||||
TransformationContext* transformation_context) const override;
|
||||
|
||||
// Returns memory semantics mask for specific storage class.
|
||||
static SpvMemorySemanticsMask GetMemorySemanticsForStorageClass(
|
||||
SpvStorageClass storage_class);
|
||||
|
||||
std::unordered_set<uint32_t> GetFreshIds() const override;
|
||||
|
||||
protobufs::Transformation ToMessage() const override;
|
||||
|
|
|
|||
|
|
@ -24,9 +24,13 @@ TransformationStore::TransformationStore(protobufs::TransformationStore message)
|
|||
: message_(std::move(message)) {}
|
||||
|
||||
TransformationStore::TransformationStore(
|
||||
uint32_t pointer_id, uint32_t value_id,
|
||||
uint32_t pointer_id, bool is_atomic, uint32_t memory_scope,
|
||||
uint32_t memory_semantics, uint32_t value_id,
|
||||
const protobufs::InstructionDescriptor& instruction_to_insert_before) {
|
||||
message_.set_pointer_id(pointer_id);
|
||||
message_.set_is_atomic(is_atomic);
|
||||
message_.set_memory_scope_id(memory_scope);
|
||||
message_.set_memory_semantics_id(memory_semantics);
|
||||
message_.set_value_id(value_id);
|
||||
*message_.mutable_instruction_to_insert_before() =
|
||||
instruction_to_insert_before;
|
||||
|
|
@ -70,8 +74,12 @@ bool TransformationStore::IsApplicable(
|
|||
return false;
|
||||
}
|
||||
// ... and it must be legitimate to insert a store before it.
|
||||
if (!fuzzerutil::CanInsertOpcodeBeforeInstruction(SpvOpStore,
|
||||
insert_before)) {
|
||||
if (!message_.is_atomic() && !fuzzerutil::CanInsertOpcodeBeforeInstruction(
|
||||
SpvOpStore, insert_before)) {
|
||||
return false;
|
||||
}
|
||||
if (message_.is_atomic() && !fuzzerutil::CanInsertOpcodeBeforeInstruction(
|
||||
SpvOpAtomicStore, insert_before)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -102,6 +110,87 @@ bool TransformationStore::IsApplicable(
|
|||
return false;
|
||||
}
|
||||
|
||||
if (message_.is_atomic()) {
|
||||
// Check the exists of memory scope and memory semantics ids.
|
||||
auto memory_scope_instruction =
|
||||
ir_context->get_def_use_mgr()->GetDef(message_.memory_scope_id());
|
||||
auto memory_semantics_instruction =
|
||||
ir_context->get_def_use_mgr()->GetDef(message_.memory_semantics_id());
|
||||
|
||||
if (!memory_scope_instruction) {
|
||||
return false;
|
||||
}
|
||||
if (!memory_semantics_instruction) {
|
||||
return false;
|
||||
}
|
||||
// The memory scope and memory semantics instructions must have the
|
||||
// 'OpConstant' opcode.
|
||||
if (memory_scope_instruction->opcode() != SpvOpConstant) {
|
||||
return false;
|
||||
}
|
||||
if (memory_semantics_instruction->opcode() != SpvOpConstant) {
|
||||
return false;
|
||||
}
|
||||
// The memory scope and memory semantics need to be available before
|
||||
// |insert_before|.
|
||||
if (!fuzzerutil::IdIsAvailableBeforeInstruction(
|
||||
ir_context, insert_before, message_.memory_scope_id())) {
|
||||
return false;
|
||||
}
|
||||
if (!fuzzerutil::IdIsAvailableBeforeInstruction(
|
||||
ir_context, insert_before, message_.memory_semantics_id())) {
|
||||
return false;
|
||||
}
|
||||
// The memory scope and memory semantics instructions must have an Integer
|
||||
// operand type with signedness does not matters.
|
||||
if (ir_context->get_def_use_mgr()
|
||||
->GetDef(memory_scope_instruction->type_id())
|
||||
->opcode() != SpvOpTypeInt) {
|
||||
return false;
|
||||
}
|
||||
if (ir_context->get_def_use_mgr()
|
||||
->GetDef(memory_semantics_instruction->type_id())
|
||||
->opcode() != SpvOpTypeInt) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// The size of the integer for memory scope and memory semantics
|
||||
// instructions must be equal to 32 bits.
|
||||
auto memory_scope_int_width =
|
||||
ir_context->get_def_use_mgr()
|
||||
->GetDef(memory_scope_instruction->type_id())
|
||||
->GetSingleWordInOperand(0);
|
||||
auto memory_semantics_int_width =
|
||||
ir_context->get_def_use_mgr()
|
||||
->GetDef(memory_semantics_instruction->type_id())
|
||||
->GetSingleWordInOperand(0);
|
||||
|
||||
if (memory_scope_int_width != 32) {
|
||||
return false;
|
||||
}
|
||||
if (memory_semantics_int_width != 32) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// The memory scope constant value must be that of SpvScopeInvocation.
|
||||
auto memory_scope_const_value =
|
||||
memory_scope_instruction->GetSingleWordInOperand(0);
|
||||
if (memory_scope_const_value != SpvScopeInvocation) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// The memory semantics constant value must match the storage class of the
|
||||
// pointer being loaded from.
|
||||
auto memory_semantics_const_value = static_cast<SpvMemorySemanticsMask>(
|
||||
memory_semantics_instruction->GetSingleWordInOperand(0));
|
||||
if (memory_semantics_const_value !=
|
||||
fuzzerutil::GetMemorySemanticsForStorageClass(
|
||||
static_cast<SpvStorageClass>(
|
||||
pointer_type->GetSingleWordInOperand(0)))) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// The value needs to be available at the insertion point.
|
||||
return fuzzerutil::IdIsAvailableBeforeInstruction(ir_context, insert_before,
|
||||
message_.value_id());
|
||||
|
|
@ -109,20 +198,43 @@ bool TransformationStore::IsApplicable(
|
|||
|
||||
void TransformationStore::Apply(opt::IRContext* ir_context,
|
||||
TransformationContext* /*unused*/) const {
|
||||
auto insert_before =
|
||||
FindInstruction(message_.instruction_to_insert_before(), ir_context);
|
||||
auto new_instruction = MakeUnique<opt::Instruction>(
|
||||
ir_context, SpvOpStore, 0, 0,
|
||||
opt::Instruction::OperandList(
|
||||
{{SPV_OPERAND_TYPE_ID, {message_.pointer_id()}},
|
||||
{SPV_OPERAND_TYPE_ID, {message_.value_id()}}}));
|
||||
auto new_instruction_ptr = new_instruction.get();
|
||||
insert_before->InsertBefore(std::move(new_instruction));
|
||||
// Inform the def-use manager about the new instruction and record its basic
|
||||
// block.
|
||||
ir_context->get_def_use_mgr()->AnalyzeInstDefUse(new_instruction_ptr);
|
||||
ir_context->set_instr_block(new_instruction_ptr,
|
||||
ir_context->get_instr_block(insert_before));
|
||||
if (message_.is_atomic()) {
|
||||
// OpAtomicStore instruction.
|
||||
auto insert_before =
|
||||
FindInstruction(message_.instruction_to_insert_before(), ir_context);
|
||||
auto new_instruction = MakeUnique<opt::Instruction>(
|
||||
ir_context, SpvOpAtomicStore, 0, 0,
|
||||
opt::Instruction::OperandList(
|
||||
{{SPV_OPERAND_TYPE_ID, {message_.pointer_id()}},
|
||||
{SPV_OPERAND_TYPE_SCOPE_ID, {message_.memory_scope_id()}},
|
||||
{SPV_OPERAND_TYPE_MEMORY_SEMANTICS_ID,
|
||||
{message_.memory_semantics_id()}},
|
||||
{SPV_OPERAND_TYPE_ID, {message_.value_id()}}}));
|
||||
auto new_instruction_ptr = new_instruction.get();
|
||||
insert_before->InsertBefore(std::move(new_instruction));
|
||||
// Inform the def-use manager about the new instruction and record its basic
|
||||
// block.
|
||||
ir_context->get_def_use_mgr()->AnalyzeInstDefUse(new_instruction_ptr);
|
||||
ir_context->set_instr_block(new_instruction_ptr,
|
||||
ir_context->get_instr_block(insert_before));
|
||||
|
||||
} else {
|
||||
// OpStore instruction.
|
||||
auto insert_before =
|
||||
FindInstruction(message_.instruction_to_insert_before(), ir_context);
|
||||
auto new_instruction = MakeUnique<opt::Instruction>(
|
||||
ir_context, SpvOpStore, 0, 0,
|
||||
opt::Instruction::OperandList(
|
||||
{{SPV_OPERAND_TYPE_ID, {message_.pointer_id()}},
|
||||
{SPV_OPERAND_TYPE_ID, {message_.value_id()}}}));
|
||||
auto new_instruction_ptr = new_instruction.get();
|
||||
insert_before->InsertBefore(std::move(new_instruction));
|
||||
// Inform the def-use manager about the new instruction and record its basic
|
||||
// block.
|
||||
ir_context->get_def_use_mgr()->AnalyzeInstDefUse(new_instruction_ptr);
|
||||
ir_context->set_instr_block(new_instruction_ptr,
|
||||
ir_context->get_instr_block(insert_before));
|
||||
}
|
||||
}
|
||||
|
||||
protobufs::Transformation TransformationStore::ToMessage() const {
|
||||
|
|
|
|||
|
|
@ -28,12 +28,21 @@ class TransformationStore : public Transformation {
|
|||
explicit TransformationStore(protobufs::TransformationStore message);
|
||||
|
||||
TransformationStore(
|
||||
uint32_t pointer_id, uint32_t value_id,
|
||||
uint32_t pointer_id, bool is_atomic, uint32_t memory_scope,
|
||||
uint32_t memory_semantics, uint32_t value_id,
|
||||
const protobufs::InstructionDescriptor& instruction_to_insert_before);
|
||||
|
||||
// - |message_.pointer_id| must be the id of a pointer
|
||||
// - The pointer type must not have read-only storage class
|
||||
// - The pointer must not be OpConstantNull or OpUndef
|
||||
// - |message_.is_atomic| must be true if want to work with OpAtomicStore.
|
||||
// - If |is_atomic| is true then |message_memory_scope_id| must be the id of
|
||||
// an OpConstant 32 bit integer instruction with the value
|
||||
// SpvScopeInvocation.
|
||||
// - If |is_atomic| is true then |message_.memory_semantics_id| must be the id
|
||||
// of an OpConstant 32 bit integer instruction with the values
|
||||
// SpvMemorySemanticsWorkgroupMemoryMask or
|
||||
// SpvMemorySemanticsUniformMemoryMask.
|
||||
// - |message_.value_id| must be an instruction result id that has the same
|
||||
// type as the pointee type of |message_.pointer_id|
|
||||
// - |message_.instruction_to_insert_before| must identify an instruction
|
||||
|
|
|
|||
|
|
@ -148,90 +148,107 @@ TEST(TransformationStoreTest, BasicTest) {
|
|||
// 61 - undefined
|
||||
|
||||
// Bad: attempt to store to 11 from outside its function
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
11, 80, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(11, false, 0, 0, 80,
|
||||
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: pointer is not available
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
81, 80, MakeInstructionDescriptor(45, SpvOpCopyObject, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(81, false, 0, 0, 80,
|
||||
MakeInstructionDescriptor(45, SpvOpCopyObject, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: attempt to insert before OpVariable
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
52, 24, MakeInstructionDescriptor(27, SpvOpVariable, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(52, false, 0, 0, 24,
|
||||
MakeInstructionDescriptor(27, SpvOpVariable, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: pointer id does not exist
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
1000, 24, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(1000, false, 0, 0, 24,
|
||||
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: pointer id exists but does not have a type
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
5, 24, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(5, false, 0, 0, 24,
|
||||
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: pointer id exists and has a type, but is not a pointer
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
24, 24, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(24, false, 0, 0, 24,
|
||||
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: attempt to store to a null pointer
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
60, 24, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(60, false, 0, 0, 24,
|
||||
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: attempt to store to an undefined pointer
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
61, 21, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(61, false, 0, 0, 21,
|
||||
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: %82 is not available at the program point
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(82, 80, MakeInstructionDescriptor(37, SpvOpReturn, 0))
|
||||
TransformationStore(82, false, 0, 0, 80,
|
||||
MakeInstructionDescriptor(37, SpvOpReturn, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: value id does not exist
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
27, 1000, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(27, false, 0, 0, 1000,
|
||||
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: value id exists but does not have a type
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
27, 15, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(27, false, 0, 0, 15,
|
||||
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: value id exists but has the wrong type
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
27, 14, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(27, false, 0, 0, 14,
|
||||
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: attempt to store to read-only variable
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
92, 93, MakeInstructionDescriptor(40, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(92, false, 0, 0, 93,
|
||||
MakeInstructionDescriptor(40, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: value is not available
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
27, 95, MakeInstructionDescriptor(40, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(27, false, 0, 0, 95,
|
||||
MakeInstructionDescriptor(40, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: variable being stored to does not have an irrelevant pointee value,
|
||||
// and the store is not in a dead block.
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
20, 95, MakeInstructionDescriptor(45, SpvOpCopyObject, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(20, false, 0, 0, 95,
|
||||
MakeInstructionDescriptor(45, SpvOpCopyObject, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// The described instruction does not exist.
|
||||
ASSERT_FALSE(TransformationStore(
|
||||
27, 80, MakeInstructionDescriptor(1000, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(27, false, 0, 0, 80,
|
||||
MakeInstructionDescriptor(1000, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
{
|
||||
// Store to irrelevant variable from dead block.
|
||||
TransformationStore transformation(
|
||||
27, 80, MakeInstructionDescriptor(38, SpvOpAccessChain, 0));
|
||||
27, false, 0, 0, 80,
|
||||
MakeInstructionDescriptor(38, SpvOpAccessChain, 0));
|
||||
ASSERT_TRUE(
|
||||
transformation.IsApplicable(context.get(), transformation_context));
|
||||
ApplyAndCheckFreshIds(transformation, context.get(),
|
||||
|
|
@ -243,7 +260,8 @@ TEST(TransformationStoreTest, BasicTest) {
|
|||
{
|
||||
// Store to irrelevant variable from live block.
|
||||
TransformationStore transformation(
|
||||
11, 95, MakeInstructionDescriptor(95, SpvOpReturnValue, 0));
|
||||
11, false, 0, 0, 95,
|
||||
MakeInstructionDescriptor(95, SpvOpReturnValue, 0));
|
||||
ASSERT_TRUE(
|
||||
transformation.IsApplicable(context.get(), transformation_context));
|
||||
ApplyAndCheckFreshIds(transformation, context.get(),
|
||||
|
|
@ -255,7 +273,8 @@ TEST(TransformationStoreTest, BasicTest) {
|
|||
{
|
||||
// Store to irrelevant variable from live block.
|
||||
TransformationStore transformation(
|
||||
46, 80, MakeInstructionDescriptor(95, SpvOpReturnValue, 0));
|
||||
46, false, 0, 0, 80,
|
||||
MakeInstructionDescriptor(95, SpvOpReturnValue, 0));
|
||||
ASSERT_TRUE(
|
||||
transformation.IsApplicable(context.get(), transformation_context));
|
||||
ApplyAndCheckFreshIds(transformation, context.get(),
|
||||
|
|
@ -267,7 +286,8 @@ TEST(TransformationStoreTest, BasicTest) {
|
|||
{
|
||||
// Store to irrelevant variable from live block.
|
||||
TransformationStore transformation(
|
||||
16, 21, MakeInstructionDescriptor(95, SpvOpReturnValue, 0));
|
||||
16, false, 0, 0, 21,
|
||||
MakeInstructionDescriptor(95, SpvOpReturnValue, 0));
|
||||
ASSERT_TRUE(
|
||||
transformation.IsApplicable(context.get(), transformation_context));
|
||||
ApplyAndCheckFreshIds(transformation, context.get(),
|
||||
|
|
@ -279,7 +299,8 @@ TEST(TransformationStoreTest, BasicTest) {
|
|||
{
|
||||
// Store to non-irrelevant variable from dead block.
|
||||
TransformationStore transformation(
|
||||
53, 21, MakeInstructionDescriptor(38, SpvOpAccessChain, 0));
|
||||
53, false, 0, 0, 21,
|
||||
MakeInstructionDescriptor(38, SpvOpAccessChain, 0));
|
||||
ASSERT_TRUE(
|
||||
transformation.IsApplicable(context.get(), transformation_context));
|
||||
ApplyAndCheckFreshIds(transformation, context.get(),
|
||||
|
|
@ -414,16 +435,190 @@ TEST(TransformationStoreTest, DoNotAllowStoresToReadOnlyMemory) {
|
|||
transformation_context.GetFactManager()->AddFactBlockIsDead(5);
|
||||
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(15, 13, MakeInstructionDescriptor(27, SpvOpReturn, 0))
|
||||
TransformationStore(15, false, 0, 0, 13,
|
||||
MakeInstructionDescriptor(27, SpvOpReturn, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(19, 50, MakeInstructionDescriptor(27, SpvOpReturn, 0))
|
||||
TransformationStore(19, false, 0, 0, 50,
|
||||
MakeInstructionDescriptor(27, SpvOpReturn, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(27, 50, MakeInstructionDescriptor(27, SpvOpReturn, 0))
|
||||
TransformationStore(27, false, 0, 0, 50,
|
||||
MakeInstructionDescriptor(27, SpvOpReturn, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
}
|
||||
|
||||
TEST(TransformationStoreTest, SupportAtomicStore) {
|
||||
const std::string shader = R"(
|
||||
OpCapability Shader
|
||||
OpCapability Int8
|
||||
%1 = OpExtInstImport "GLSL.std.450"
|
||||
OpMemoryModel Logical GLSL450
|
||||
OpEntryPoint Fragment %4 "main"
|
||||
OpExecutionMode %4 OriginUpperLeft
|
||||
OpSource ESSL 320
|
||||
%2 = OpTypeVoid
|
||||
%3 = OpTypeFunction %2
|
||||
%6 = OpTypeInt 32 1
|
||||
%7 = OpTypeInt 8 1
|
||||
%9 = OpTypeInt 32 0
|
||||
%26 = OpTypeFloat 32
|
||||
%8 = OpTypeStruct %6
|
||||
%10 = OpTypePointer StorageBuffer %8
|
||||
%11 = OpVariable %10 StorageBuffer
|
||||
%19 = OpConstant %26 0
|
||||
%18 = OpConstant %9 1
|
||||
%12 = OpConstant %6 0
|
||||
%13 = OpTypePointer StorageBuffer %6
|
||||
%15 = OpConstant %6 4
|
||||
%16 = OpConstant %6 7
|
||||
%17 = OpConstant %7 4
|
||||
%20 = OpConstant %9 64
|
||||
%21 = OpConstant %6 15
|
||||
%4 = OpFunction %2 None %3
|
||||
%5 = OpLabel
|
||||
%14 = OpAccessChain %13 %11 %12
|
||||
%24 = OpAccessChain %13 %11 %12
|
||||
OpReturn
|
||||
OpFunctionEnd
|
||||
)";
|
||||
const auto env = SPV_ENV_UNIVERSAL_1_3;
|
||||
const auto consumer = nullptr;
|
||||
const auto context = BuildModule(env, consumer, shader, kFuzzAssembleOption);
|
||||
spvtools::ValidatorOptions validator_options;
|
||||
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(context.get(), validator_options,
|
||||
kConsoleMessageConsumer));
|
||||
TransformationContext transformation_context(
|
||||
MakeUnique<FactManager>(context.get()), validator_options);
|
||||
|
||||
transformation_context.GetFactManager()->AddFactValueOfPointeeIsIrrelevant(
|
||||
14);
|
||||
|
||||
// Bad: id 100 of memory scope instruction does not exist.
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 100, 20, 21,
|
||||
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
// Bad: id 100 of memory semantics instruction does not exist.
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 15, 100, 21,
|
||||
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
// Bad: memory scope should be |OpConstant| opcode.
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 5, 20, 21,
|
||||
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
// Bad: memory semantics should be |OpConstant| opcode.
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 15, 5, 21,
|
||||
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: The memory scope instruction must have an Integer operand.
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 15, 19, 21,
|
||||
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
// Bad: The memory memory semantics instruction must have an Integer operand.
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 19, 20, 21,
|
||||
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: Integer size of the memory scope must be equal to 32 bits.
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 17, 20, 21,
|
||||
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: Integer size of memory semantics must be equal to 32 bits.
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 15, 17, 21,
|
||||
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: memory scope value must be 4 (SpvScopeInvocation).
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 16, 20, 21,
|
||||
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: memory semantics value must be either:
|
||||
// 64 (SpvMemorySemanticsUniformMemoryMask)
|
||||
// 256 (SpvMemorySemanticsWorkgroupMemoryMask)
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 15, 16, 21,
|
||||
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
// Bad: The described instruction does not exist
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 15, 20, 21,
|
||||
MakeInstructionDescriptor(150, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: Can't insert OpAccessChain before the id 15 of memory scope.
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 15, 20, 21,
|
||||
MakeInstructionDescriptor(15, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Bad: Can't insert OpAccessChain before the id 20 of memory semantics.
|
||||
ASSERT_FALSE(
|
||||
TransformationStore(14, true, 15, 20, 21,
|
||||
MakeInstructionDescriptor(20, SpvOpAccessChain, 0))
|
||||
.IsApplicable(context.get(), transformation_context));
|
||||
|
||||
// Successful transformations.
|
||||
{
|
||||
TransformationStore transformation(
|
||||
14, true, 15, 20, 21, MakeInstructionDescriptor(24, SpvOpReturn, 0));
|
||||
ASSERT_TRUE(
|
||||
transformation.IsApplicable(context.get(), transformation_context));
|
||||
ApplyAndCheckFreshIds(transformation, context.get(),
|
||||
&transformation_context);
|
||||
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(
|
||||
context.get(), validator_options, kConsoleMessageConsumer));
|
||||
}
|
||||
|
||||
const std::string after_transformation = R"(
|
||||
OpCapability Shader
|
||||
OpCapability Int8
|
||||
%1 = OpExtInstImport "GLSL.std.450"
|
||||
OpMemoryModel Logical GLSL450
|
||||
OpEntryPoint Fragment %4 "main"
|
||||
OpExecutionMode %4 OriginUpperLeft
|
||||
OpSource ESSL 320
|
||||
%2 = OpTypeVoid
|
||||
%3 = OpTypeFunction %2
|
||||
%6 = OpTypeInt 32 1
|
||||
%7 = OpTypeInt 8 1
|
||||
%9 = OpTypeInt 32 0
|
||||
%26 = OpTypeFloat 32
|
||||
%8 = OpTypeStruct %6
|
||||
%10 = OpTypePointer StorageBuffer %8
|
||||
%11 = OpVariable %10 StorageBuffer
|
||||
%19 = OpConstant %26 0
|
||||
%18 = OpConstant %9 1
|
||||
%12 = OpConstant %6 0
|
||||
%13 = OpTypePointer StorageBuffer %6
|
||||
%15 = OpConstant %6 4
|
||||
%16 = OpConstant %6 7
|
||||
%17 = OpConstant %7 4
|
||||
%20 = OpConstant %9 64
|
||||
%21 = OpConstant %6 15
|
||||
%4 = OpFunction %2 None %3
|
||||
%5 = OpLabel
|
||||
%14 = OpAccessChain %13 %11 %12
|
||||
%24 = OpAccessChain %13 %11 %12
|
||||
OpAtomicStore %14 %15 %20 %21
|
||||
OpReturn
|
||||
OpFunctionEnd
|
||||
)";
|
||||
|
||||
ASSERT_TRUE(IsEqual(env, after_transformation, context.get()));
|
||||
}
|
||||
|
||||
} // namespace
|
||||
} // namespace fuzz
|
||||
} // namespace spvtools
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче