Add replayer tool for spirv-fuzz. (#2664)
The replayer takes an existing sequence of transformations and applies them to a module. Replaying a sequence of transformations that were obtained via fuzzing should lead to an identical module to the module that was fuzzed. Tests have been added to check for this.
This commit is contained in:
Родитель
b4bf7bcf0a
Коммит
42830e5a68
|
@ -39,6 +39,7 @@ if(SPIRV_BUILD_FUZZER)
|
|||
protobufs/spirvfuzz_protobufs.h
|
||||
pseudo_random_generator.h
|
||||
random_generator.h
|
||||
replayer.h
|
||||
transformation_add_constant_boolean.h
|
||||
transformation_add_constant_scalar.h
|
||||
transformation_add_dead_break.h
|
||||
|
@ -63,6 +64,7 @@ if(SPIRV_BUILD_FUZZER)
|
|||
id_use_descriptor.cpp
|
||||
pseudo_random_generator.cpp
|
||||
random_generator.cpp
|
||||
replayer.cpp
|
||||
transformation_add_constant_boolean.cpp
|
||||
transformation_add_constant_scalar.cpp
|
||||
transformation_add_dead_break.cpp
|
||||
|
|
|
@ -0,0 +1,200 @@
|
|||
// Copyright (c) 2019 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "source/fuzz/replayer.h"
|
||||
|
||||
#include <utility>
|
||||
|
||||
#include "source/fuzz/fact_manager.h"
|
||||
#include "source/fuzz/protobufs/spirvfuzz_protobufs.h"
|
||||
#include "source/fuzz/transformation_add_constant_boolean.h"
|
||||
#include "source/fuzz/transformation_add_constant_scalar.h"
|
||||
#include "source/fuzz/transformation_add_dead_break.h"
|
||||
#include "source/fuzz/transformation_add_type_boolean.h"
|
||||
#include "source/fuzz/transformation_add_type_float.h"
|
||||
#include "source/fuzz/transformation_add_type_int.h"
|
||||
#include "source/fuzz/transformation_move_block_down.h"
|
||||
#include "source/fuzz/transformation_replace_boolean_constant_with_constant_binary.h"
|
||||
#include "source/fuzz/transformation_split_block.h"
|
||||
#include "source/opt/build_module.h"
|
||||
#include "source/util/make_unique.h"
|
||||
|
||||
namespace spvtools {
|
||||
namespace fuzz {
|
||||
|
||||
namespace {
|
||||
|
||||
// Returns true if and only if the precondition for |transformation| holds, with
|
||||
// respect to the given |context| and |fact_manager|.
|
||||
bool IsApplicable(const protobufs::Transformation& transformation,
|
||||
opt::IRContext* context, const FactManager& fact_manager) {
|
||||
switch (transformation.transformation_case()) {
|
||||
case protobufs::Transformation::TransformationCase::kAddConstantBoolean:
|
||||
return transformation::IsApplicable(transformation.add_constant_boolean(),
|
||||
context, fact_manager);
|
||||
case protobufs::Transformation::TransformationCase::kAddConstantScalar:
|
||||
return transformation::IsApplicable(transformation.add_constant_scalar(),
|
||||
context, fact_manager);
|
||||
case protobufs::Transformation::TransformationCase::kAddDeadBreak:
|
||||
return transformation::IsApplicable(transformation.add_dead_break(),
|
||||
context, fact_manager);
|
||||
case protobufs::Transformation::TransformationCase::kAddTypeBoolean:
|
||||
return transformation::IsApplicable(transformation.add_type_boolean(),
|
||||
context, fact_manager);
|
||||
case protobufs::Transformation::TransformationCase::kAddTypeFloat:
|
||||
return transformation::IsApplicable(transformation.add_type_float(),
|
||||
context, fact_manager);
|
||||
case protobufs::Transformation::TransformationCase::kAddTypeInt:
|
||||
return transformation::IsApplicable(transformation.add_type_int(),
|
||||
context, fact_manager);
|
||||
case protobufs::Transformation::TransformationCase::kMoveBlockDown:
|
||||
return transformation::IsApplicable(transformation.move_block_down(),
|
||||
context, fact_manager);
|
||||
case protobufs::Transformation::TransformationCase::
|
||||
kReplaceBooleanConstantWithConstantBinary:
|
||||
return transformation::IsApplicable(
|
||||
transformation.replace_boolean_constant_with_constant_binary(),
|
||||
context, fact_manager);
|
||||
case protobufs::Transformation::TransformationCase::kSplitBlock:
|
||||
return transformation::IsApplicable(transformation.split_block(), context,
|
||||
fact_manager);
|
||||
default:
|
||||
assert(transformation.transformation_case() ==
|
||||
protobufs::Transformation::TRANSFORMATION_NOT_SET &&
|
||||
"Unhandled transformation type.");
|
||||
assert(false && "An unset transformation was encountered.");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// Requires that IsApplicable holds. Applies |transformation| to the given
|
||||
// |context| and |fact_manager|.
|
||||
void Apply(const protobufs::Transformation& transformation,
|
||||
opt::IRContext* context, FactManager* fact_manager) {
|
||||
switch (transformation.transformation_case()) {
|
||||
case protobufs::Transformation::TransformationCase::kAddConstantBoolean:
|
||||
transformation::Apply(transformation.add_constant_boolean(), context,
|
||||
fact_manager);
|
||||
break;
|
||||
case protobufs::Transformation::TransformationCase::kAddConstantScalar:
|
||||
transformation::Apply(transformation.add_constant_scalar(), context,
|
||||
fact_manager);
|
||||
break;
|
||||
case protobufs::Transformation::TransformationCase::kAddDeadBreak:
|
||||
transformation::Apply(transformation.add_dead_break(), context,
|
||||
fact_manager);
|
||||
break;
|
||||
case protobufs::Transformation::TransformationCase::kAddTypeBoolean:
|
||||
transformation::Apply(transformation.add_type_boolean(), context,
|
||||
fact_manager);
|
||||
break;
|
||||
case protobufs::Transformation::TransformationCase::kAddTypeFloat:
|
||||
transformation::Apply(transformation.add_type_float(), context,
|
||||
fact_manager);
|
||||
break;
|
||||
case protobufs::Transformation::TransformationCase::kAddTypeInt:
|
||||
transformation::Apply(transformation.add_type_int(), context,
|
||||
fact_manager);
|
||||
break;
|
||||
case protobufs::Transformation::TransformationCase::kMoveBlockDown:
|
||||
transformation::Apply(transformation.move_block_down(), context,
|
||||
fact_manager);
|
||||
break;
|
||||
case protobufs::Transformation::TransformationCase::
|
||||
kReplaceBooleanConstantWithConstantBinary:
|
||||
transformation::Apply(
|
||||
transformation.replace_boolean_constant_with_constant_binary(),
|
||||
context, fact_manager);
|
||||
break;
|
||||
case protobufs::Transformation::TransformationCase::kSplitBlock:
|
||||
transformation::Apply(transformation.split_block(), context,
|
||||
fact_manager);
|
||||
break;
|
||||
default:
|
||||
assert(transformation.transformation_case() ==
|
||||
protobufs::Transformation::TRANSFORMATION_NOT_SET &&
|
||||
"Unhandled transformation type.");
|
||||
assert(false && "An unset transformation was encountered.");
|
||||
}
|
||||
}
|
||||
|
||||
} // namespace
|
||||
|
||||
struct Replayer::Impl {
|
||||
explicit Impl(spv_target_env env) : target_env(env) {}
|
||||
|
||||
const spv_target_env target_env; // Target environment.
|
||||
MessageConsumer consumer; // Message consumer.
|
||||
};
|
||||
|
||||
Replayer::Replayer(spv_target_env env) : impl_(MakeUnique<Impl>(env)) {}
|
||||
|
||||
Replayer::~Replayer() = default;
|
||||
|
||||
void Replayer::SetMessageConsumer(MessageConsumer c) {
|
||||
impl_->consumer = std::move(c);
|
||||
}
|
||||
|
||||
Replayer::ReplayerResultStatus Replayer::Run(
|
||||
const std::vector<uint32_t>& binary_in,
|
||||
const protobufs::FactSequence& initial_facts,
|
||||
const protobufs::TransformationSequence& transformation_sequence_in,
|
||||
std::vector<uint32_t>* binary_out,
|
||||
protobufs::TransformationSequence* transformation_sequence_out) const {
|
||||
// Check compatibility between the library version being linked with and the
|
||||
// header files being used.
|
||||
GOOGLE_PROTOBUF_VERIFY_VERSION;
|
||||
|
||||
spvtools::SpirvTools tools(impl_->target_env);
|
||||
if (!tools.IsValid()) {
|
||||
impl_->consumer(SPV_MSG_ERROR, nullptr, {},
|
||||
"Failed to create SPIRV-Tools interface; stopping.");
|
||||
return Replayer::ReplayerResultStatus::kFailedToCreateSpirvToolsInterface;
|
||||
}
|
||||
|
||||
// Initial binary should be valid.
|
||||
if (!tools.Validate(&binary_in[0], binary_in.size())) {
|
||||
impl_->consumer(SPV_MSG_INFO, nullptr, {},
|
||||
"Initial binary is invalid; stopping.");
|
||||
return Replayer::ReplayerResultStatus::kInitialBinaryInvalid;
|
||||
}
|
||||
|
||||
// Build the module from the input binary.
|
||||
std::unique_ptr<opt::IRContext> ir_context = BuildModule(
|
||||
impl_->target_env, impl_->consumer, binary_in.data(), binary_in.size());
|
||||
assert(ir_context);
|
||||
|
||||
FactManager fact_manager;
|
||||
if (!fact_manager.AddFacts(initial_facts, ir_context.get())) {
|
||||
return Replayer::ReplayerResultStatus::kInitialFactsInvalid;
|
||||
}
|
||||
|
||||
// Consider the transformation proto messages in turn.
|
||||
for (auto& transformation : transformation_sequence_in.transformation()) {
|
||||
// Check whether the transformation can be applied.
|
||||
if (IsApplicable(transformation, ir_context.get(), fact_manager)) {
|
||||
// The transformation is applicable, so apply it, and copy it to the
|
||||
// sequence of transformations that were applied.
|
||||
Apply(transformation, ir_context.get(), &fact_manager);
|
||||
*transformation_sequence_out->add_transformation() = transformation;
|
||||
}
|
||||
}
|
||||
|
||||
// Write out the module as a binary.
|
||||
ir_context->module()->ToBinary(binary_out, false);
|
||||
return Replayer::ReplayerResultStatus::kComplete;
|
||||
}
|
||||
|
||||
} // namespace fuzz
|
||||
} // namespace spvtools
|
|
@ -0,0 +1,74 @@
|
|||
// Copyright (c) 2019 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef SOURCE_FUZZ_REPLAYER_H_
|
||||
#define SOURCE_FUZZ_REPLAYER_H_
|
||||
|
||||
#include <memory>
|
||||
#include <vector>
|
||||
|
||||
#include "source/fuzz/protobufs/spirvfuzz_protobufs.h"
|
||||
#include "spirv-tools/libspirv.hpp"
|
||||
|
||||
namespace spvtools {
|
||||
namespace fuzz {
|
||||
|
||||
// Transforms a SPIR-V module into a semantically equivalent SPIR-V module by
|
||||
// applying a series of pre-defined transformations.
|
||||
class Replayer {
|
||||
public:
|
||||
// Possible statuses that can result from running the replayer.
|
||||
enum ReplayerResultStatus {
|
||||
kComplete,
|
||||
kFailedToCreateSpirvToolsInterface,
|
||||
kInitialBinaryInvalid,
|
||||
kInitialFactsInvalid,
|
||||
};
|
||||
|
||||
// Constructs a replayer from the given target environment.
|
||||
explicit Replayer(spv_target_env env);
|
||||
|
||||
// Disables copy/move constructor/assignment operations.
|
||||
Replayer(const Replayer&) = delete;
|
||||
Replayer(Replayer&&) = delete;
|
||||
Replayer& operator=(const Replayer&) = delete;
|
||||
Replayer& operator=(Replayer&&) = delete;
|
||||
|
||||
~Replayer();
|
||||
|
||||
// Sets the message consumer to the given |consumer|. The |consumer| will be
|
||||
// invoked once for each message communicated from the library.
|
||||
void SetMessageConsumer(MessageConsumer consumer);
|
||||
|
||||
// Transforms |binary_in| to |binary_out| by attempting to apply the
|
||||
// transformations from |transformation_sequence_in|. Initial facts about the
|
||||
// input binary and the context in which it will execute are provided via
|
||||
// |initial_facts|. The transformations that were successfully applied are
|
||||
// returned via |transformation_sequence_out|.
|
||||
ReplayerResultStatus Run(
|
||||
const std::vector<uint32_t>& binary_in,
|
||||
const protobufs::FactSequence& initial_facts,
|
||||
const protobufs::TransformationSequence& transformation_sequence_in,
|
||||
std::vector<uint32_t>* binary_out,
|
||||
protobufs::TransformationSequence* transformation_sequence_out) const;
|
||||
|
||||
private:
|
||||
struct Impl; // Opaque struct for holding internal data.
|
||||
std::unique_ptr<Impl> impl_; // Unique pointer to internal data.
|
||||
};
|
||||
|
||||
} // namespace fuzz
|
||||
} // namespace spvtools
|
||||
|
||||
#endif // SOURCE_FUZZ_REPLAYER_H_
|
|
@ -17,7 +17,7 @@ if (${SPIRV_BUILD_FUZZER})
|
|||
set(SOURCES
|
||||
fuzz_test_util.h
|
||||
|
||||
fuzzer_test.cpp
|
||||
fuzzer_replayer_test.cpp
|
||||
fact_manager_test.cpp
|
||||
fuzz_test_util.cpp
|
||||
transformation_add_constant_boolean_test.cpp
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
// limitations under the License.
|
||||
|
||||
#include "source/fuzz/fuzzer.h"
|
||||
#include "source/fuzz/replayer.h"
|
||||
#include "test/fuzz/fuzz_test_util.h"
|
||||
|
||||
namespace spvtools {
|
||||
|
@ -21,9 +22,11 @@ namespace {
|
|||
|
||||
// Assembles the given |shader| text, and then runs the fuzzer |num_runs|
|
||||
// times, using successive seeds starting from |initial_seed|. Checks that
|
||||
// the binary produced after each fuzzer run is valid.
|
||||
void RunFuzzer(const std::string& shader, uint32_t initial_seed,
|
||||
uint32_t num_runs) {
|
||||
// the binary produced after each fuzzer run is valid, and that replaying
|
||||
// the transformations that were applied during fuzzing leads to an
|
||||
// identical binary.
|
||||
void RunFuzzerAndReplayer(const std::string& shader, uint32_t initial_seed,
|
||||
uint32_t num_runs) {
|
||||
const auto env = SPV_ENV_UNIVERSAL_1_3;
|
||||
|
||||
std::vector<uint32_t> binary_in;
|
||||
|
@ -33,19 +36,38 @@ void RunFuzzer(const std::string& shader, uint32_t initial_seed,
|
|||
|
||||
for (uint32_t seed = initial_seed; seed < initial_seed + num_runs; seed++) {
|
||||
protobufs::FactSequence initial_facts;
|
||||
std::vector<uint32_t> binary_out;
|
||||
protobufs::TransformationSequence transformation_sequence_out;
|
||||
std::vector<uint32_t> fuzzer_binary_out;
|
||||
protobufs::TransformationSequence fuzzer_transformation_sequence_out;
|
||||
spvtools::FuzzerOptions fuzzer_options;
|
||||
spvFuzzerOptionsSetRandomSeed(fuzzer_options, seed);
|
||||
|
||||
Fuzzer fuzzer(env);
|
||||
fuzzer.Run(binary_in, initial_facts, &binary_out,
|
||||
&transformation_sequence_out, fuzzer_options);
|
||||
ASSERT_TRUE(t.Validate(binary_out));
|
||||
fuzzer.Run(binary_in, initial_facts, &fuzzer_binary_out,
|
||||
&fuzzer_transformation_sequence_out, fuzzer_options);
|
||||
ASSERT_TRUE(t.Validate(fuzzer_binary_out));
|
||||
|
||||
std::vector<uint32_t> replayer_binary_out;
|
||||
protobufs::TransformationSequence replayer_transformation_sequence_out;
|
||||
|
||||
Replayer replayer(env);
|
||||
replayer.Run(binary_in, initial_facts, fuzzer_transformation_sequence_out,
|
||||
&replayer_binary_out, &replayer_transformation_sequence_out);
|
||||
|
||||
// After replaying the transformations applied by the fuzzer, exactly those
|
||||
// transformations should have been applied, and the binary resulting from
|
||||
// replay should be identical to that which resulted from fuzzing.
|
||||
std::string fuzzer_transformations_string;
|
||||
std::string replayer_transformations_string;
|
||||
fuzzer_transformation_sequence_out.SerializeToString(
|
||||
&fuzzer_transformations_string);
|
||||
replayer_transformation_sequence_out.SerializeToString(
|
||||
&replayer_transformations_string);
|
||||
ASSERT_EQ(fuzzer_transformations_string, replayer_transformations_string);
|
||||
ASSERT_EQ(fuzzer_binary_out, replayer_binary_out);
|
||||
}
|
||||
}
|
||||
|
||||
TEST(FuzzerTest, Miscellaneous1) {
|
||||
TEST(FuzzerReplayerTest, Miscellaneous1) {
|
||||
// The SPIR-V came from this GLSL:
|
||||
//
|
||||
// #version 310 es
|
||||
|
@ -211,10 +233,10 @@ TEST(FuzzerTest, Miscellaneous1) {
|
|||
|
||||
// Do 10 fuzzer runs, starting from an initial seed of 0 (seed value chosen
|
||||
// arbitrarily).
|
||||
RunFuzzer(shader, 0, 10);
|
||||
RunFuzzerAndReplayer(shader, 0, 10);
|
||||
}
|
||||
|
||||
TEST(FuzzerTest, Miscellaneous2) {
|
||||
TEST(FuzzerReplayerTest, Miscellaneous2) {
|
||||
// The SPIR-V came from this GLSL, which was then optimized using spirv-opt
|
||||
// with the -O argument:
|
||||
//
|
||||
|
@ -456,7 +478,7 @@ TEST(FuzzerTest, Miscellaneous2) {
|
|||
|
||||
// Do 10 fuzzer runs, starting from an initial seed of 10 (seed value chosen
|
||||
// arbitrarily).
|
||||
RunFuzzer(shader, 10, 10);
|
||||
RunFuzzerAndReplayer(shader, 10, 10);
|
||||
}
|
||||
|
||||
} // namespace
|
|
@ -21,6 +21,7 @@
|
|||
|
||||
#include "source/fuzz/fuzzer.h"
|
||||
#include "source/fuzz/protobufs/spirvfuzz_protobufs.h"
|
||||
#include "source/fuzz/replayer.h"
|
||||
#include "source/opt/build_module.h"
|
||||
#include "source/opt/ir_context.h"
|
||||
#include "source/opt/log.h"
|
||||
|
@ -32,7 +33,11 @@
|
|||
namespace {
|
||||
|
||||
// Status and actions to perform after parsing command-line arguments.
|
||||
enum class FuzzActions { CONTINUE, STOP };
|
||||
enum class FuzzActions {
|
||||
FUZZ, // Run the fuzzer to apply transformations in a randomized fashion.
|
||||
REPLAY, // Replay an existing sequence of transformations.
|
||||
STOP // Do nothing.
|
||||
};
|
||||
|
||||
struct FuzzStatus {
|
||||
FuzzActions action;
|
||||
|
@ -60,6 +65,9 @@ Options (in lexicographical order):
|
|||
|
||||
-h, --help
|
||||
Print this help.
|
||||
--replay
|
||||
File from which to read a sequence of transformations to replay
|
||||
(instead of fuzzing)
|
||||
--seed
|
||||
Unsigned 32-bit integer seed to control random number
|
||||
generation.
|
||||
|
@ -90,6 +98,7 @@ bool EndsWithSpv(const std::string& filename) {
|
|||
|
||||
FuzzStatus ParseFlags(int argc, const char** argv, std::string* in_binary_file,
|
||||
std::string* out_binary_file,
|
||||
std::string* replay_transformations_file,
|
||||
spvtools::FuzzerOptions* fuzzer_options) {
|
||||
uint32_t positional_arg_index = 0;
|
||||
|
||||
|
@ -110,6 +119,9 @@ FuzzStatus ParseFlags(int argc, const char** argv, std::string* in_binary_file,
|
|||
PrintUsage(argv[0]);
|
||||
return {FuzzActions::STOP, 1};
|
||||
}
|
||||
} else if (0 == strncmp(cur_arg, "--replay=", sizeof("--replay=") - 1)) {
|
||||
const auto split_flag = spvtools::utils::SplitFlagArgs(cur_arg);
|
||||
*replay_transformations_file = std::string(split_flag.second);
|
||||
} else if (0 == strncmp(cur_arg, "--seed=", sizeof("--seed=") - 1)) {
|
||||
const auto split_flag = spvtools::utils::SplitFlagArgs(cur_arg);
|
||||
char* end = nullptr;
|
||||
|
@ -158,7 +170,64 @@ FuzzStatus ParseFlags(int argc, const char** argv, std::string* in_binary_file,
|
|||
return {FuzzActions::STOP, 1};
|
||||
}
|
||||
|
||||
return {FuzzActions::CONTINUE, 0};
|
||||
if (!replay_transformations_file->empty()) {
|
||||
// A replay transformations file was given, thus the tool is being invoked
|
||||
// in replay mode.
|
||||
return {FuzzActions::REPLAY, 0};
|
||||
}
|
||||
|
||||
return {FuzzActions::FUZZ, 0};
|
||||
}
|
||||
|
||||
bool Replay(const spv_target_env& target_env,
|
||||
const std::vector<uint>& binary_in,
|
||||
const spvtools::fuzz::protobufs::FactSequence& initial_facts,
|
||||
const std::string& replay_transformations_file,
|
||||
std::vector<uint32_t>* binary_out,
|
||||
spvtools::fuzz::protobufs::TransformationSequence*
|
||||
transformations_applied) {
|
||||
std::ifstream existing_transformations_file;
|
||||
existing_transformations_file.open(replay_transformations_file,
|
||||
std::ios::in | std::ios::binary);
|
||||
spvtools::fuzz::protobufs::TransformationSequence
|
||||
existing_transformation_sequence;
|
||||
auto parse_success = existing_transformation_sequence.ParseFromIstream(
|
||||
&existing_transformations_file);
|
||||
existing_transformations_file.close();
|
||||
if (!parse_success) {
|
||||
spvtools::Error(FuzzDiagnostic, nullptr, {},
|
||||
"Error reading transformations for replay");
|
||||
return false;
|
||||
}
|
||||
spvtools::fuzz::Replayer replayer(target_env);
|
||||
replayer.SetMessageConsumer(spvtools::utils::CLIMessageConsumer);
|
||||
auto replay_result_status =
|
||||
replayer.Run(binary_in, initial_facts, existing_transformation_sequence,
|
||||
binary_out, transformations_applied);
|
||||
if (replay_result_status !=
|
||||
spvtools::fuzz::Replayer::ReplayerResultStatus::kComplete) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
bool Fuzz(const spv_target_env& target_env,
|
||||
const spvtools::FuzzerOptions& fuzzer_options,
|
||||
const std::vector<uint>& binary_in,
|
||||
const spvtools::fuzz::protobufs::FactSequence& initial_facts,
|
||||
std::vector<uint32_t>* binary_out,
|
||||
spvtools::fuzz::protobufs::TransformationSequence*
|
||||
transformations_applied) {
|
||||
spvtools::fuzz::Fuzzer fuzzer(target_env);
|
||||
fuzzer.SetMessageConsumer(spvtools::utils::CLIMessageConsumer);
|
||||
auto fuzz_result_status = fuzzer.Run(binary_in, initial_facts, binary_out,
|
||||
transformations_applied, fuzzer_options);
|
||||
if (fuzz_result_status !=
|
||||
spvtools::fuzz::Fuzzer::FuzzerResultStatus::kComplete) {
|
||||
spvtools::Error(FuzzDiagnostic, nullptr, {}, "Error running fuzzer");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
} // namespace
|
||||
|
@ -168,12 +237,12 @@ const auto kDefaultEnvironment = SPV_ENV_UNIVERSAL_1_3;
|
|||
int main(int argc, const char** argv) {
|
||||
std::string in_binary_file;
|
||||
std::string out_binary_file;
|
||||
std::string replay_transformations_file;
|
||||
|
||||
spv_target_env target_env = kDefaultEnvironment;
|
||||
spvtools::FuzzerOptions fuzzer_options;
|
||||
|
||||
FuzzStatus status = ParseFlags(argc, argv, &in_binary_file, &out_binary_file,
|
||||
&fuzzer_options);
|
||||
&replay_transformations_file, &fuzzer_options);
|
||||
|
||||
if (status.action == FuzzActions::STOP) {
|
||||
return status.code;
|
||||
|
@ -205,15 +274,25 @@ int main(int argc, const char** argv) {
|
|||
std::vector<uint32_t> binary_out;
|
||||
spvtools::fuzz::protobufs::TransformationSequence transformations_applied;
|
||||
|
||||
spvtools::fuzz::Fuzzer fuzzer(target_env);
|
||||
fuzzer.SetMessageConsumer(spvtools::utils::CLIMessageConsumer);
|
||||
auto fuzz_result_status =
|
||||
fuzzer.Run(binary_in, initial_facts, &binary_out,
|
||||
&transformations_applied, fuzzer_options);
|
||||
if (fuzz_result_status !=
|
||||
spvtools::fuzz::Fuzzer::FuzzerResultStatus::kComplete) {
|
||||
spvtools::Error(FuzzDiagnostic, nullptr, {}, "Error running fuzzer");
|
||||
return 1;
|
||||
spv_target_env target_env = kDefaultEnvironment;
|
||||
|
||||
switch (status.action) {
|
||||
case FuzzActions::FUZZ:
|
||||
if (!Fuzz(target_env, fuzzer_options, binary_in, initial_facts,
|
||||
&binary_out, &transformations_applied)) {
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
case FuzzActions::REPLAY:
|
||||
if (!Replay(target_env, binary_in, initial_facts,
|
||||
replay_transformations_file, &binary_out,
|
||||
&transformations_applied)) {
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
assert(false && "Unknown fuzzer action.");
|
||||
break;
|
||||
}
|
||||
|
||||
if (!WriteFile<uint32_t>(out_binary_file.c_str(), "wb", binary_out.data(),
|
||||
|
|
Загрузка…
Ссылка в новой задаче