EpicGames
/
SPIRV-Tools
зеркало из https://github.com/EpicGames/SPIRV-Tools.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

spirv-fuzz: Implement FuzzerPassAddParameters (#3399) 

Fixes #3384.
This commit is contained in:
Vasyl Teliman 2020-06-23 19:40:44 +03:00 коммит произвёл GitHub
Родитель 71a5b6770d
Коммит 29ba53f2a2
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
13 изменённых файлов: 699 добавлений и 1 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
source/fuzz/CMakeLists.txt
Просмотреть файл

@ -48,6 +48,7 @@ if(SPIRV_BUILD_FUZZER)
fuzzer_pass_add_loads.h
fuzzer_pass_add_local_variables.h
fuzzer_pass_add_no_contraction_decorations.h
fuzzer_pass_add_parameters.h
fuzzer_pass_add_stores.h
fuzzer_pass_add_vector_shuffle_instructions.h
fuzzer_pass_adjust_branch_weights.h
@ -94,6 +95,7 @@ if(SPIRV_BUILD_FUZZER)
transformation_add_global_variable.h
transformation_add_local_variable.h
transformation_add_no_contraction_decoration.h
transformation_add_parameters.h
transformation_add_spec_constant_op.h
transformation_add_type_array.h
transformation_add_type_boolean.h
@ -154,6 +156,7 @@ if(SPIRV_BUILD_FUZZER)
fuzzer_pass_add_loads.cpp
fuzzer_pass_add_local_variables.cpp
fuzzer_pass_add_no_contraction_decorations.cpp
fuzzer_pass_add_parameters.cpp
fuzzer_pass_add_stores.cpp
fuzzer_pass_add_vector_shuffle_instructions.cpp
fuzzer_pass_adjust_branch_weights.cpp
@ -199,6 +202,7 @@ if(SPIRV_BUILD_FUZZER)
transformation_add_global_variable.cpp
transformation_add_local_variable.cpp
transformation_add_no_contraction_decoration.cpp
transformation_add_parameters.cpp
transformation_add_spec_constant_op.cpp
transformation_add_type_array.cpp
transformation_add_type_boolean.cpp

4
source/fuzz/fuzzer.cpp
Просмотреть файл

@ -32,6 +32,7 @@
#include "source/fuzz/fuzzer_pass_add_loads.h"
#include "source/fuzz/fuzzer_pass_add_local_variables.h"
#include "source/fuzz/fuzzer_pass_add_no_contraction_decorations.h"
#include "source/fuzz/fuzzer_pass_add_parameters.h"
#include "source/fuzz/fuzzer_pass_add_stores.h"
#include "source/fuzz/fuzzer_pass_add_vector_shuffle_instructions.h"
#include "source/fuzz/fuzzer_pass_adjust_branch_weights.h"
@ -224,6 +225,9 @@ Fuzzer::FuzzerResultStatus Fuzzer::Run(
MaybeAddPass<FuzzerPassAddLocalVariables>(
&passes, ir_context.get(), &transformation_context, &fuzzer_context,
transformation_sequence_out);
MaybeAddPass<FuzzerPassAddParameters>(
&passes, ir_context.get(), &transformation_context, &fuzzer_context,
transformation_sequence_out);
MaybeAddPass<FuzzerPassAddStores>(&passes, ir_context.get(),
&transformation_context, &fuzzer_context,
transformation_sequence_out);

9
source/fuzz/fuzzer_context.cpp
Просмотреть файл

@ -38,6 +38,7 @@ const std::pair<uint32_t, uint32_t> kChanceOfAddingLocalVariable = {20, 90};
const std::pair<uint32_t, uint32_t> kChanceOfAddingMatrixType = {20, 70};
const std::pair<uint32_t, uint32_t> kChanceOfAddingNoContractionDecoration = {
5, 70};
const std::pair<uint32_t, uint32_t> kChanceOfAddingParameters = {5, 70};
const std::pair<uint32_t, uint32_t> kChanceOfAddingStore = {5, 50};
const std::pair<uint32_t, uint32_t> kChanceOfAddingVectorType = {20, 70};
const std::pair<uint32_t, uint32_t> kChanceOfAddingVectorShuffle = {20, 70};
@ -81,6 +82,10 @@ const uint32_t kDefaultMaxLoopControlPartialCount = 100;
const uint32_t kDefaultMaxLoopControlPeelCount = 100;
const uint32_t kDefaultMaxLoopLimit = 20;
const uint32_t kDefaultMaxNewArraySizeLimit = 100;
// TODO(https://github.com/KhronosGroup/SPIRV-Tools/issues/3424):
// think whether there is a better limit on the maximum number of parameters.
const uint32_t kDefaultMaxNumberOfFunctionParameters = 128;
const uint32_t kDefaultMaxNumberOfNewParameters = 15;
// Default functions for controlling how deep to go during recursive
// generation/transformation. Keep them in alphabetical order.
@ -104,6 +109,8 @@ FuzzerContext::FuzzerContext(RandomGenerator* random_generator,
max_loop_control_peel_count_(kDefaultMaxLoopControlPeelCount),
max_loop_limit_(kDefaultMaxLoopLimit),
max_new_array_size_limit_(kDefaultMaxNewArraySizeLimit),
max_number_of_function_parameters_(kDefaultMaxNumberOfFunctionParameters),
max_number_of_new_parameters_(kDefaultMaxNumberOfNewParameters),
go_deeper_in_constant_obfuscation_(
kDefaultGoDeeperInConstantObfuscation) {
chance_of_adding_access_chain_ =
@ -129,6 +136,8 @@ FuzzerContext::FuzzerContext(RandomGenerator* random_generator,
ChooseBetweenMinAndMax(kChanceOfAddingMatrixType);
chance_of_adding_no_contraction_decoration_ =
ChooseBetweenMinAndMax(kChanceOfAddingNoContractionDecoration);
chance_of_adding_parameters =
ChooseBetweenMinAndMax(kChanceOfAddingParameters);
chance_of_adding_store_ = ChooseBetweenMinAndMax(kChanceOfAddingStore);
chance_of_adding_vector_shuffle_ =
ChooseBetweenMinAndMax(kChanceOfAddingVectorShuffle);

13
source/fuzz/fuzzer_context.h
Просмотреть файл

@ -135,6 +135,7 @@ class FuzzerContext {
uint32_t GetChanceOfAddingNoContractionDecoration() {
return chance_of_adding_no_contraction_decoration_;
}
uint32_t GetChanceOfAddingParameters() { return chance_of_adding_parameters; }
uint32_t GetChanceOfAddingStore() { return chance_of_adding_store_; }
uint32_t GetChanceOfAddingVectorShuffle() {
return chance_of_adding_vector_shuffle_;
@ -210,6 +211,9 @@ class FuzzerContext {
uint32_t GetMaximumEquivalenceClassSizeForDataSynonymFactClosure() {
return max_equivalence_class_size_for_data_synonym_fact_closure_;
}
uint32_t GetMaximumNumberOfFunctionParameters() {
return max_number_of_function_parameters_;
}
std::pair<uint32_t, uint32_t> GetRandomBranchWeights() {
std::pair<uint32_t, uint32_t> branch_weights = {0, 0};
@ -245,6 +249,12 @@ class FuzzerContext {
uint32_t GetRandomLoopLimit() {
return random_generator_->RandomUint32(max_loop_limit_);
}
uint32_t GetRandomNumberOfNewParameters(uint32_t num_of_params) {
assert(num_of_params < GetMaximumNumberOfFunctionParameters());
return ChooseBetweenMinAndMax(
{1, std::min(max_number_of_new_parameters_,
GetMaximumNumberOfFunctionParameters() - num_of_params)});
}
uint32_t GetRandomSizeForNewArray() {
// Ensure that the array size is non-zero.
return random_generator_->RandomUint32(max_new_array_size_limit_ - 1) + 1;
@ -273,6 +283,7 @@ class FuzzerContext {
uint32_t chance_of_adding_local_variable_;
uint32_t chance_of_adding_matrix_type_;
uint32_t chance_of_adding_no_contraction_decoration_;
uint32_t chance_of_adding_parameters;
uint32_t chance_of_adding_store_;
uint32_t chance_of_adding_vector_shuffle_;
uint32_t chance_of_adding_vector_type_;
@ -309,6 +320,8 @@ class FuzzerContext {
uint32_t max_loop_control_peel_count_;
uint32_t max_loop_limit_;
uint32_t max_new_array_size_limit_;
uint32_t max_number_of_function_parameters_;
uint32_t max_number_of_new_parameters_;
// Functions to determine with what probability to go deeper when generating
// or mutating constructs recursively.

143
source/fuzz/fuzzer_pass_add_parameters.cpp Normal file
Просмотреть файл

@ -0,0 +1,143 @@
// Copyright (c) 2020 Vasyl Teliman
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "source/fuzz/fuzzer_pass_add_parameters.h"
#include "source/fuzz/fuzzer_context.h"
#include "source/fuzz/fuzzer_util.h"
#include "source/fuzz/instruction_descriptor.h"
#include "source/fuzz/transformation_add_parameters.h"
namespace spvtools {
namespace fuzz {
FuzzerPassAddParameters::FuzzerPassAddParameters(
opt::IRContext* ir_context, TransformationContext* transformation_context,
FuzzerContext* fuzzer_context,
protobufs::TransformationSequence* transformations)
: FuzzerPass(ir_context, transformation_context, fuzzer_context,
transformations) {}
FuzzerPassAddParameters::~FuzzerPassAddParameters() = default;
void FuzzerPassAddParameters::Apply() {
const auto& type_candidates = ComputeTypeCandidates();
if (type_candidates.empty()) {
// The module contains no suitable types to use in new parameters.
return;
}
// Iterate over all functions in the module.
for (const auto& function : *GetIRContext()->module()) {
// Skip all entry-point functions - we don't want to change those.
if (fuzzerutil::FunctionIsEntryPoint(GetIRContext(),
function.result_id())) {
continue;
}
if (GetNumberOfParameters(function) >=
GetFuzzerContext()->GetMaximumNumberOfFunctionParameters()) {
continue;
}
if (!GetFuzzerContext()->ChoosePercentage(
GetFuzzerContext()->GetChanceOfAddingParameters())) {
continue;
}
const auto* type_inst =
fuzzerutil::GetFunctionType(GetIRContext(), &function);
assert(type_inst);
// -1 because we don't take return type into account.
auto num_old_parameters = type_inst->NumInOperands() - 1;
auto num_new_parameters =
GetFuzzerContext()->GetRandomNumberOfNewParameters(
GetNumberOfParameters(function));
std::vector<uint32_t> all_types(num_old_parameters);
std::vector<uint32_t> new_types(num_new_parameters);
std::vector<uint32_t> parameter_ids(num_new_parameters);
std::vector<uint32_t> constant_ids(num_new_parameters);
// Get type ids for old parameters.
for (uint32_t i = 0; i < num_old_parameters; ++i) {
// +1 since we don't take return type into account.
all_types[i] = type_inst->GetSingleWordInOperand(i + 1);
}
for (uint32_t i = 0; i < num_new_parameters; ++i) {
// Get type ids for new parameters.
new_types[i] =
type_candidates[GetFuzzerContext()->RandomIndex(type_candidates)];
// Create constants to initialize new parameters from.
constant_ids[i] = FindOrCreateZeroConstant(new_types[i]);
}
// Append new parameters to the old ones.
all_types.insert(all_types.end(), new_types.begin(), new_types.end());
// Generate result ids for new parameters.
for (auto& id : parameter_ids) {
id = GetFuzzerContext()->GetFreshId();
}
auto result_type_id = type_inst->GetSingleWordInOperand(0);
ApplyTransformation(TransformationAddParameters(
function.result_id(),
FindOrCreateFunctionType(result_type_id, all_types),
std::move(new_types), std::move(parameter_ids),
std::move(constant_ids)));
}
}
std::vector<uint32_t> FuzzerPassAddParameters::ComputeTypeCandidates() const {
std::vector<uint32_t> result;
for (const auto* type_inst : GetIRContext()->module()->GetTypes()) {
// TODO(https://github.com/KhronosGroup/SPIRV-Tools/issues/3403):
// the number of types we support here is limited by the number of types
// supported by |FindOrCreateZeroConstant|.
switch (type_inst->opcode()) {
case SpvOpTypeBool:
case SpvOpTypeInt:
case SpvOpTypeFloat:
case SpvOpTypeArray:
case SpvOpTypeMatrix:
case SpvOpTypeVector:
case SpvOpTypeStruct: {
result.push_back(type_inst->result_id());
} break;
default:
// Ignore other types.
break;
}
}
return result;
}
uint32_t FuzzerPassAddParameters::GetNumberOfParameters(
const opt::Function& function) const {
const auto* type = GetIRContext()->get_type_mgr()->GetType(
function.DefInst().GetSingleWordInOperand(1));
assert(type && type->AsFunction());
return static_cast<uint32_t>(type->AsFunction()->param_types().size());
}
} // namespace fuzz
} // namespace spvtools

51
source/fuzz/fuzzer_pass_add_parameters.h Normal file
Просмотреть файл

@ -0,0 +1,51 @@
// Copyright (c) 2020 Vasyl Teliman
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef SOURCE_FUZZ_FUZZER_PASS_ADD_PARAMETERS_H_
#define SOURCE_FUZZ_FUZZER_PASS_ADD_PARAMETERS_H_
#include <vector>
#include "source/fuzz/fuzzer_pass.h"
namespace spvtools {
namespace fuzz {
// Randomly decides for each non-entry-point function in the module whether to
// add new parameters to it. If so, randomly determines the number of parameters
// to add, their type and creates constants used to initialize them.
class FuzzerPassAddParameters : public FuzzerPass {
public:
FuzzerPassAddParameters(opt::IRContext* ir_context,
TransformationContext* transformation_context,
FuzzerContext* fuzzer_context,
protobufs::TransformationSequence* transformations);
~FuzzerPassAddParameters() override;
void Apply() override;
private:
// Uses types, defined in the module, to compute a vector of their ids, which
// will be used as type ids of new parameters.
std::vector<uint32_t> ComputeTypeCandidates() const;
// Returns number of parameters of |function|.
uint32_t GetNumberOfParameters(const opt::Function& function) const;
};
} // namespace fuzz
} // namespace spvtools
#endif // SOURCE_FUZZ_FUZZER_PASS_ADD_PARAMETERS_H_

2
source/fuzz/fuzzer_pass_permute_function_parameters.h
Просмотреть файл

@ -34,7 +34,7 @@ class FuzzerPassPermuteFunctionParameters : public FuzzerPass {
FuzzerContext* fuzzer_context,
protobufs::TransformationSequence* transformations);
~FuzzerPassPermuteFunctionParameters();
~FuzzerPassPermuteFunctionParameters() override;
void Apply() override;
};

22
source/fuzz/protobufs/spvtoolsfuzz.proto
Просмотреть файл

@ -380,6 +380,7 @@ message Transformation {
TransformationReplaceLinearAlgebraInstruction replace_linear_algebra_instruction = 49;
TransformationSwapConditionalBranchOperands swap_conditional_branch_operands = 50;
TransformationPermutePhiOperands permute_phi_operands = 51;
TransformationAddParameters add_parameters = 52;
// Add additional option using the next available number.
}
}
@ -623,6 +624,27 @@ message TransformationAddNoContractionDecoration {
}
message TransformationAddParameters {
// Adds new parameters into the function.
// Result id of the function to add parameters to.
uint32 function_id = 1;
// New type of the function.
uint32 new_type_id = 2;
// Type ids of parameters to add to the function.
repeated uint32 new_parameter_type = 3;
// Result ids for new parameters.
repeated uint32 new_parameter_id = 4;
// Constants to initialize new parameters from.
repeated uint32 constant_id = 5;
}
message TransformationAddSpecConstantOp {
// Adds OpSpecConstantOp into the module.

3
source/fuzz/transformation.cpp
Просмотреть файл

@ -30,6 +30,7 @@
#include "source/fuzz/transformation_add_global_variable.h"
#include "source/fuzz/transformation_add_local_variable.h"
#include "source/fuzz/transformation_add_no_contraction_decoration.h"
#include "source/fuzz/transformation_add_parameters.h"
#include "source/fuzz/transformation_add_spec_constant_op.h"
#include "source/fuzz/transformation_add_type_array.h"
#include "source/fuzz/transformation_add_type_boolean.h"
@ -114,6 +115,8 @@ std::unique_ptr<Transformation> Transformation::FromMessage(
kAddNoContractionDecoration:
return MakeUnique<TransformationAddNoContractionDecoration>(
message.add_no_contraction_decoration());
case protobufs::Transformation::TransformationCase::kAddParameters:
return MakeUnique<TransformationAddParameters>(message.add_parameters());
case protobufs::Transformation::TransformationCase::kAddSpecConstantOp:
return MakeUnique<TransformationAddSpecConstantOp>(
message.add_spec_constant_op());

201
source/fuzz/transformation_add_parameters.cpp Normal file
Просмотреть файл

@ -0,0 +1,201 @@
// Copyright (c) 2020 Vasyl Teliman
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "source/fuzz/transformation_add_parameters.h"
#include <source/spirv_constant.h>
#include "source/fuzz/fuzzer_util.h"
namespace spvtools {
namespace fuzz {
TransformationAddParameters::TransformationAddParameters(
const protobufs::TransformationAddParameters& message)
: message_(message) {}
TransformationAddParameters::TransformationAddParameters(
uint32_t function_id, uint32_t new_type_id,
const std::vector<uint32_t>& new_parameter_type,
const std::vector<uint32_t>& new_parameter_id,
const std::vector<uint32_t>& constant_id) {
message_.set_function_id(function_id);
message_.set_new_type_id(new_type_id);
for (auto id : new_parameter_type) {
message_.add_new_parameter_type(id);
}
for (auto id : new_parameter_id) {
message_.add_new_parameter_id(id);
}
for (auto id : constant_id) {
message_.add_constant_id(id);
}
}
bool TransformationAddParameters::IsApplicable(
opt::IRContext* ir_context, const TransformationContext& /*unused*/) const {
// Check that function exists
const auto* function =
fuzzerutil::FindFunction(ir_context, message_.function_id());
if (!function ||
fuzzerutil::FunctionIsEntryPoint(ir_context, function->result_id())) {
return false;
}
// Validate new parameters.
const auto& new_type_ids = message_.new_parameter_type();
const auto& new_parameter_ids = message_.new_parameter_id();
const auto& constant_ids = message_.constant_id();
// All three vectors must have the same size.
if (new_type_ids.size() != new_parameter_ids.size() ||
new_type_ids.size() != constant_ids.size()) {
return false;
}
// Vectors must have at least one component.
if (new_type_ids.empty()) {
return false;
}
// Check that type ids exist in the module and are not OpTypeVoid.
for (auto id : new_type_ids) {
const auto* type = ir_context->get_type_mgr()->GetType(id);
if (!type || type->AsVoid()) {
return false;
}
}
// Check that all parameter ids are fresh.
for (auto id : new_parameter_ids) {
if (!fuzzerutil::IsFreshId(ir_context, id)) {
return false;
}
}
// Check that constants exist and have valid type.
for (int i = 0, n = constant_ids.size(); i < n; ++i) {
const auto* inst = ir_context->get_def_use_mgr()->GetDef(constant_ids[i]);
if (!inst || inst->type_id() != new_type_ids[i]) {
return false;
}
}
// Validate new function type.
const auto* old_type_inst = fuzzerutil::GetFunctionType(ir_context, function);
const auto* new_type_inst =
ir_context->get_def_use_mgr()->GetDef(message_.new_type_id());
// Both types must exist.
assert(old_type_inst && old_type_inst->opcode() == SpvOpTypeFunction);
if (!new_type_inst || new_type_inst->opcode() != SpvOpTypeFunction) {
return false;
}
auto num_old_parameters = old_type_inst->NumInOperands();
auto num_new_parameters = new_type_ids.size();
// New function type has been added to the module which means that it's valid.
// Thus, we don't need to check whether the limit on the number of arguments
// is satisfied.
// New type = old type + new parameters.
if (new_type_inst->NumInOperands() !=
num_old_parameters + num_new_parameters) {
return false;
}
// Check that old parameters and the return type are preserved.
for (uint32_t i = 0; i < num_old_parameters; ++i) {
if (new_type_inst->GetSingleWordInOperand(i) !=
old_type_inst->GetSingleWordInOperand(i)) {
return false;
}
}
// Check that new parameters have been appended.
for (int i = 0; i < num_new_parameters; ++i) {
if (new_type_inst->GetSingleWordInOperand(i + num_old_parameters) !=
new_type_ids[i]) {
return false;
}
}
return true;
}
void TransformationAddParameters::Apply(
opt::IRContext* ir_context, TransformationContext* /*unused*/) const {
// Retrieve all data from the message
auto function_id = message_.function_id();
const auto& new_parameter_type = message_.new_parameter_type();
const auto& new_parameter_id = message_.new_parameter_id();
const auto& constant_id = message_.constant_id();
// Find the function that will be transformed
auto* function = fuzzerutil::FindFunction(ir_context, function_id);
assert(function && "Can't find the function");
// Change function's type
function->DefInst().SetInOperand(1, {message_.new_type_id()});
// Add new parameters to the function.
for (int i = 0, n = new_parameter_id.size(); i < n; ++i) {
function->AddParameter(MakeUnique<opt::Instruction>(
ir_context, SpvOpFunctionParameter, new_parameter_type[i],
new_parameter_id[i], opt::Instruction::OperandList()));
// TODO(https://github.com/KhronosGroup/SPIRV-Tools/issues/3403):
// Add an PointeeValueIsIrrelevant fact if the parameter is a pointer.
}
// Fix all OpFunctionCall instructions.
ir_context->get_def_use_mgr()->ForEachUser(
&function->DefInst(),
[function_id, &constant_id](opt::Instruction* call) {
if (call->opcode() != SpvOpFunctionCall ||
call->GetSingleWordInOperand(0) != function_id) {
return;
}
for (auto id : constant_id) {
// TODO(https://github.com/KhronosGroup/SPIRV-Tools/issues/3177):
// it would be good to mark this usage of |id| as irrelevant, so that
// we can perform some interesting transformations on it later.
call->AddOperand({SPV_OPERAND_TYPE_ID, {id}});
}
});
// Update module's id bound. We can safely dereference the result of
// max_element since |new_parameter_id| is guaranteed to have elements.
fuzzerutil::UpdateModuleIdBound(
ir_context,
*std::max_element(new_parameter_id.begin(), new_parameter_id.end()));
// Make sure our changes are analyzed.
ir_context->InvalidateAnalysesExceptFor(
opt::IRContext::Analysis::kAnalysisNone);
}
protobufs::Transformation TransformationAddParameters::ToMessage() const {
protobufs::Transformation result;
*result.mutable_add_parameters() = message_;
return result;
}
} // namespace fuzz
} // namespace spvtools

70
source/fuzz/transformation_add_parameters.h Normal file
Просмотреть файл

@ -0,0 +1,70 @@
// Copyright (c) 2020 Vasyl Teliman
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef SOURCE_FUZZ_TRANSFORMATION_ADD_PARAMETERS_H_
#define SOURCE_FUZZ_TRANSFORMATION_ADD_PARAMETERS_H_
#include "source/fuzz/protobufs/spirvfuzz_protobufs.h"
#include "source/fuzz/transformation.h"
#include "source/fuzz/transformation_context.h"
#include "source/opt/ir_context.h"
namespace spvtools {
namespace fuzz {
class TransformationAddParameters : public Transformation {
public:
explicit TransformationAddParameters(
const protobufs::TransformationAddParameters& message);
TransformationAddParameters(uint32_t function_id, uint32_t new_type_id,
const std::vector<uint32_t>& new_parameter_type,
const std::vector<uint32_t>& new_parameter_id,
const std::vector<uint32_t>& constant_id);
// - |function_id| must be a valid result id of some non-entry-point function
// in the module.
// - |new_type_id| must be a result id of OpTypeFunction instruction.
// - New type of the function must have the same return type. New function
// parameters must be appended to the old ones.
// - |new_parameter_type| contains result ids of some OpType* instructions in
// the module. It may not contain result ids of OpTypeVoid.
// - |new_parameter_id| contains fresh ids.
// - |constant_id| contains result ids used to initialize new parameters. Type
// ids of these instructions must be the same as |new_parameter_type| (i.e.
// |new_parameter_type[i] == GetDef(constant_id[i])->type_id()|).
// - |new_parameter_id|, |new_parameter_type| and |constant_id| should all
// have the same size and may not be empty.
bool IsApplicable(
opt::IRContext* ir_context,
const TransformationContext& transformation_context) const override;
// - Creates new OpFunctionParameter instructions for the function with
// |function_id|.
// - Changes type of the function to |new_type_id|.
// - Adds ids from |constant_id| to every OpFunctionCall instruction that
// calls the function.
void Apply(opt::IRContext* ir_context,
TransformationContext* transformation_context) const override;
protobufs::Transformation ToMessage() const override;
private:
protobufs::TransformationAddParameters message_;
};
} // namespace fuzz
} // namespace spvtools
#endif // SOURCE_FUZZ_TRANSFORMATION_ADD_PARAMETERS_H_

1
test/fuzz/CMakeLists.txt
Просмотреть файл

@ -37,6 +37,7 @@ if (${SPIRV_BUILD_FUZZER})
transformation_add_global_variable_test.cpp
transformation_add_local_variable_test.cpp
transformation_add_no_contraction_decoration_test.cpp
transformation_add_parameters_test.cpp
transformation_add_type_array_test.cpp
transformation_add_type_boolean_test.cpp
transformation_add_type_float_test.cpp

177
test/fuzz/transformation_add_parameters_test.cpp Normal file
Просмотреть файл

@ -0,0 +1,177 @@
// Copyright (c) 2020 Vasyl Teliman
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "source/fuzz/transformation_add_parameters.h"
#include "test/fuzz/fuzz_test_util.h"
namespace spvtools {
namespace fuzz {
namespace {
TEST(TransformationAddParametersTest, BasicTest) {
std::string shader = R"(
OpCapability Shader
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 310
OpName %4 "main"
%2 = OpTypeVoid
%7 = OpTypeBool
%11 = OpTypeInt 32 1
%3 = OpTypeFunction %2
%20 = OpTypeFunction %2 %7
%6 = OpTypeFunction %7 %7
%12 = OpTypeFunction %7 %7 %11
%13 = OpTypeFunction %7 %7 %7
%14 = OpTypeFunction %11 %7 %11
%15 = OpTypeFunction %7 %11 %11
%16 = OpTypeFunction %7 %7 %11 %11
%8 = OpConstant %11 23
%17 = OpConstantTrue %7
%4 = OpFunction %2 None %3
%5 = OpLabel
%18 = OpFunctionCall %7 %9 %17
OpReturn
OpFunctionEnd
%9 = OpFunction %7 None %6
%19 = OpFunctionParameter %7
%10 = OpLabel
OpReturnValue %17
OpFunctionEnd
)";
const auto env = SPV_ENV_UNIVERSAL_1_3;
const auto consumer = nullptr;
const auto context = BuildModule(env, consumer, shader, kFuzzAssembleOption);
ASSERT_TRUE(IsValid(env, context.get()));
FactManager fact_manager;
spvtools::ValidatorOptions validator_options;
TransformationContext transformation_context(&fact_manager,
validator_options);
// Can't modify entry point function.
ASSERT_FALSE(TransformationAddParameters(4, 6, {20}, {21}, {17})
.IsApplicable(context.get(), transformation_context));
// There is no function with result id 10.
ASSERT_FALSE(TransformationAddParameters(29, 12, {11}, {21}, {8})
.IsApplicable(context.get(), transformation_context));
// There is no OpTypeFunction instruction with result id 21.
ASSERT_FALSE(TransformationAddParameters(9, 21, {11}, {21}, {8})
.IsApplicable(context.get(), transformation_context));
// Function type with id 6 has fewer parameters than required.
ASSERT_FALSE(TransformationAddParameters(9, 6, {11}, {21}, {8})
.IsApplicable(context.get(), transformation_context));
// Function type with id 16 has more parameters than required.
ASSERT_FALSE(TransformationAddParameters(9, 16, {11}, {21}, {8})
.IsApplicable(context.get(), transformation_context));
// New function type is not OpTypeFunction instruction.
ASSERT_FALSE(TransformationAddParameters(9, 11, {11}, {21}, {8})
.IsApplicable(context.get(), transformation_context));
// Return type is invalid.
ASSERT_FALSE(TransformationAddParameters(9, 14, {11}, {21}, {8})
.IsApplicable(context.get(), transformation_context));
// Types of original parameters are invalid.
ASSERT_FALSE(TransformationAddParameters(9, 15, {11}, {21}, {8})
.IsApplicable(context.get(), transformation_context));
// Types of new parameters are invalid.
ASSERT_FALSE(TransformationAddParameters(9, 13, {11}, {21}, {8})
.IsApplicable(context.get(), transformation_context));
// OpTypeVoid can't be the type of function parameter.
ASSERT_FALSE(TransformationAddParameters(9, 12, {2}, {21}, {8})
.IsApplicable(context.get(), transformation_context));
// Vectors, that describe parameters, have different sizes.
ASSERT_FALSE(TransformationAddParameters(9, 12, {}, {21}, {8})
.IsApplicable(context.get(), transformation_context));
ASSERT_FALSE(TransformationAddParameters(9, 12, {11}, {}, {8})
.IsApplicable(context.get(), transformation_context));
ASSERT_FALSE(TransformationAddParameters(9, 12, {11}, {21}, {})
.IsApplicable(context.get(), transformation_context));
// Vectors cannot be empty.
ASSERT_FALSE(TransformationAddParameters(9, 12, {}, {}, {})
.IsApplicable(context.get(), transformation_context));
// Parameters' ids are not fresh.
ASSERT_FALSE(TransformationAddParameters(9, 12, {11}, {20}, {8})
.IsApplicable(context.get(), transformation_context));
// Constants for parameters don't exist.
ASSERT_FALSE(TransformationAddParameters(9, 12, {11}, {21}, {21})
.IsApplicable(context.get(), transformation_context));
// Constants for parameters have invalid type.
ASSERT_FALSE(TransformationAddParameters(9, 12, {11}, {21}, {17})
.IsApplicable(context.get(), transformation_context));
// Correct transformation.
TransformationAddParameters correct(9, 12, {11}, {21}, {8});
ASSERT_TRUE(correct.IsApplicable(context.get(), transformation_context));
correct.Apply(context.get(), &transformation_context);
// The module remains valid.
ASSERT_TRUE(IsValid(env, context.get()));
std::string expected_shader = R"(
OpCapability Shader
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 310
OpName %4 "main"
%2 = OpTypeVoid
%7 = OpTypeBool
%11 = OpTypeInt 32 1
%3 = OpTypeFunction %2
%20 = OpTypeFunction %2 %7
%6 = OpTypeFunction %7 %7
%12 = OpTypeFunction %7 %7 %11
%13 = OpTypeFunction %7 %7 %7
%14 = OpTypeFunction %11 %7 %11
%15 = OpTypeFunction %7 %11 %11
%16 = OpTypeFunction %7 %7 %11 %11
%8 = OpConstant %11 23
%17 = OpConstantTrue %7
%4 = OpFunction %2 None %3
%5 = OpLabel
%18 = OpFunctionCall %7 %9 %17 %8
OpReturn
OpFunctionEnd
%9 = OpFunction %7 None %12
%19 = OpFunctionParameter %7
%21 = OpFunctionParameter %11
%10 = OpLabel
OpReturnValue %17
OpFunctionEnd
)";
ASSERT_TRUE(IsEqual(env, expected_shader, context.get()));
}
} // namespace
} // namespace fuzz
} // namespace spvtools