85 строки
3.1 KiB
C++
85 строки
3.1 KiB
C++
// Copyright (c) 2021 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
#include "test/fuzzers/spvtools_opt_fuzzer_common.h"
|
|
|
|
#include "source/opt/build_module.h"
|
|
#include "test/fuzzers/random_generator.h"
|
|
|
|
namespace spvtools {
|
|
namespace fuzzers {
|
|
|
|
int OptFuzzerTestOneInput(
|
|
const uint8_t* data, size_t size,
|
|
const std::function<void(spvtools::Optimizer&)>& register_passes) {
|
|
if (size < 1) {
|
|
return 0;
|
|
}
|
|
|
|
spvtools::fuzzers::RandomGenerator random_gen(data, size);
|
|
auto target_env = random_gen.GetTargetEnv();
|
|
spvtools::Optimizer optimizer(target_env);
|
|
optimizer.SetMessageConsumer([](spv_message_level_t, const char*,
|
|
const spv_position_t&, const char*) {});
|
|
|
|
std::vector<uint32_t> input;
|
|
input.resize(size >> 2);
|
|
|
|
size_t count = 0;
|
|
for (size_t i = 0; (i + 3) < size; i += 4) {
|
|
input[count++] = data[i] | (data[i + 1] << 8) | (data[i + 2] << 16) |
|
|
(data[i + 3]) << 24;
|
|
}
|
|
|
|
// The largest possible id bound is used when running the optimizer, to avoid
|
|
// the problem of id overflows.
|
|
const size_t kFinalIdLimit = UINT32_MAX;
|
|
|
|
// The input is scanned to check that it does not already use an id too close
|
|
// to this limit. This still gives the optimizer a large set of ids to
|
|
// consume. It is thus very unlikely that id overflow will occur during
|
|
// fuzzing. If it does, then the initial id limit should be decreased.
|
|
const size_t kInitialIdLimit = kFinalIdLimit - 1000000U;
|
|
|
|
// Build the module and scan it to check that all used ids are below the
|
|
// initial limit.
|
|
auto ir_context =
|
|
spvtools::BuildModule(target_env, nullptr, input.data(), input.size());
|
|
if (ir_context == nullptr) {
|
|
// It was not possible to build a valid module; that's OK - skip this input.
|
|
return 0;
|
|
}
|
|
if (ir_context->module()->id_bound() >= kInitialIdLimit) {
|
|
// The input already has a very large id bound. The input is thus abandoned,
|
|
// to avoid the possibility of ending up hitting the id bound limit.
|
|
return 0;
|
|
}
|
|
|
|
// Set the optimizer and its validator up with the largest possible id bound
|
|
// limit.
|
|
spvtools::ValidatorOptions validator_options;
|
|
spvtools::OptimizerOptions optimizer_options;
|
|
optimizer_options.set_max_id_bound(kFinalIdLimit);
|
|
validator_options.SetUniversalLimit(spv_validator_limit_max_id_bound,
|
|
kFinalIdLimit);
|
|
optimizer_options.set_validator_options(validator_options);
|
|
register_passes(optimizer);
|
|
optimizer.Run(input.data(), input.size(), &input, optimizer_options);
|
|
|
|
return 0;
|
|
}
|
|
|
|
} // namespace fuzzers
|
|
} // namespace spvtools
|