AuroraMiddleware/SPIRV-Tools
1
0
Fork 0
mirror of https://github.com/KhronosGroup/SPIRV-Tools synced 2024-11-27 05:40:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
2c1ff230c2
SPIRV-Tools/source/fuzz/transformation_split_block.cpp

167 lines
6.2 KiB
C++
Raw Normal View History

Add "split block" transformation. (#2633) With this pass, the fuzzer can split blocks in the input module. This is mainly useful in order to give other (future) transformations more opportunities to apply.
2019-05-29 15:42:46 +00:00
// Copyright (c) 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "source/fuzz/transformation_split_block.h"
#include <utility>
#include "source/fuzz/fuzzer_util.h"
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
#include "source/fuzz/instruction_descriptor.h"
Add "split block" transformation. (#2633) With this pass, the fuzzer can split blocks in the input module. This is mainly useful in order to give other (future) transformations more opportunities to apply.
2019-05-29 15:42:46 +00:00
#include "source/util/make_unique.h"
namespace spvtools {
namespace fuzz {
Refactor fuzzer transformations (#2694) Introduced abstract class for transformations, and refactored all transformations to inherit from this abstract class.
2019-06-25 19:49:46 +00:00
TransformationSplitBlock::TransformationSplitBlock(
const spvtools::fuzz::protobufs::TransformationSplitBlock& message)
: message_(message) {}
Add "split block" transformation. (#2633) With this pass, the fuzzer can split blocks in the input module. This is mainly useful in order to give other (future) transformations more opportunities to apply.
2019-05-29 15:42:46 +00:00
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
TransformationSplitBlock::TransformationSplitBlock(
const protobufs::InstructionDescriptor& instruction_to_split_before,
uint32_t fresh_id) {
*message_.mutable_instruction_to_split_before() = instruction_to_split_before;
Refactor fuzzer transformations (#2694) Introduced abstract class for transformations, and refactored all transformations to inherit from this abstract class.
2019-06-25 19:49:46 +00:00
message_.set_fresh_id(fresh_id);
}
Add "split block" transformation. (#2633) With this pass, the fuzzer can split blocks in the input module. This is mainly useful in order to give other (future) transformations more opportunities to apply.
2019-05-29 15:42:46 +00:00
Refactor fuzzer transformations (#2694) Introduced abstract class for transformations, and refactored all transformations to inherit from this abstract class.
2019-06-25 19:49:46 +00:00
bool TransformationSplitBlock::IsApplicable(
spirv-fuzz: Introduce TransformationContext (#3272) Some transformations (e.g. TransformationAddFunction) rely on running the validator to decide whether the transformation is applicable. A recent change allowed spirv-fuzz to take validator options, to cater for the case where a module should be considered valid under particular conditions. However, validation during the checking of transformations had no access to these validator options. This change introduced TransformationContext, which currently consists of a fact manager and a set of validator options, but could in the future have other fields corresponding to other objects that it is useful to have access to when applying transformations. Now, instead of checking and applying transformations in the context of a FactManager, a TransformationContext is used. This gives access to the fact manager as before, and also access to the validator options when they are needed.
2020-04-02 14:54:46 +00:00
opt::IRContext* ir_context, const TransformationContext& /*unused*/) const {
if (!fuzzerutil::IsFreshId(ir_context, message_.fresh_id())) {
Add "split block" transformation. (#2633) With this pass, the fuzzer can split blocks in the input module. This is mainly useful in order to give other (future) transformations more opportunities to apply.
2019-05-29 15:42:46 +00:00
// We require the id for the new block to be unused.
return false;
}
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
auto instruction_to_split_before =
spirv-fuzz: Introduce TransformationContext (#3272) Some transformations (e.g. TransformationAddFunction) rely on running the validator to decide whether the transformation is applicable. A recent change allowed spirv-fuzz to take validator options, to cater for the case where a module should be considered valid under particular conditions. However, validation during the checking of transformations had no access to these validator options. This change introduced TransformationContext, which currently consists of a fact manager and a set of validator options, but could in the future have other fields corresponding to other objects that it is useful to have access to when applying transformations. Now, instead of checking and applying transformations in the context of a FactManager, a TransformationContext is used. This gives access to the fact manager as before, and also access to the validator options when they are needed.
2020-04-02 14:54:46 +00:00
FindInstruction(message_.instruction_to_split_before(), ir_context);
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
if (!instruction_to_split_before) {
Add 'copy object' transformation (#2766) This transformation can introduce an instruction that uses OpCopyObject to make a copy of some other result id. This change introduces the transformation, but does not yet introduce a fuzzer pass to actually apply it.
2019-08-05 17:00:13 +00:00
// The instruction describing the block we should split does not exist.
return false;
}
spirv-fuzz: Introduce TransformationContext (#3272) Some transformations (e.g. TransformationAddFunction) rely on running the validator to decide whether the transformation is applicable. A recent change allowed spirv-fuzz to take validator options, to cater for the case where a module should be considered valid under particular conditions. However, validation during the checking of transformations had no access to these validator options. This change introduced TransformationContext, which currently consists of a fact manager and a set of validator options, but could in the future have other fields corresponding to other objects that it is useful to have access to when applying transformations. Now, instead of checking and applying transformations in the context of a FactManager, a TransformationContext is used. This gives access to the fact manager as before, and also access to the validator options when they are needed.
2020-04-02 14:54:46 +00:00
auto block_to_split =
ir_context->get_instr_block(instruction_to_split_before);
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
assert(block_to_split &&
"We should not have managed to find the "
"instruction if it was not contained in a block.");
Add 'copy object' transformation (#2766) This transformation can introduce an instruction that uses OpCopyObject to make a copy of some other result id. This change introduces the transformation, but does not yet introduce a fuzzer pass to actually apply it.
2019-08-05 17:00:13 +00:00
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
if (block_to_split->IsLoopHeader()) {
Add 'copy object' transformation (#2766) This transformation can introduce an instruction that uses OpCopyObject to make a copy of some other result id. This change introduces the transformation, but does not yet introduce a fuzzer pass to actually apply it.
2019-08-05 17:00:13 +00:00
// We cannot split a loop header block: back-edges would become invalid.
return false;
}
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
auto split_before = fuzzerutil::GetIteratorForInstruction(
block_to_split, instruction_to_split_before);
assert(split_before != block_to_split->end() &&
"At this point we know the"
" block split point exists.");
Add 'copy object' transformation (#2766) This transformation can introduce an instruction that uses OpCopyObject to make a copy of some other result id. This change introduces the transformation, but does not yet introduce a fuzzer pass to actually apply it.
2019-08-05 17:00:13 +00:00
if (split_before->PreviousNode() &&
split_before->PreviousNode()->opcode() == SpvOpSelectionMerge) {
// We cannot split directly after a selection merge: this would separate
// the merge from its associated branch or switch operation.
return false;
}
if (split_before->opcode() == SpvOpVariable) {
// We cannot split directly after a variable; variables in a function
// must be contiguous in the entry block.
return false;
}
// We cannot split before an OpPhi unless the OpPhi has exactly one
// associated incoming edge.
spirv-fuzz: Respect rules for OpSampledImage (#3287) The SPIR-V data rules say that all uses of an OpSampledImage instruction must be in the same block as the instruction, and highly restrict those instructions that can consume the result id of an OpSampledImage. This adapts the transformations that split blocks and create synonyms to avoid separating an OpSampledImage use from its definition, and to avoid synonym-creation instructions such as OpCopyObject consuming an OpSampledImage result id.
2020-04-14 19:17:42 +00:00
if (split_before->opcode() == SpvOpPhi &&
split_before->NumInOperands() != 2) {
return false;
}
// Splitting the block must not separate the definition of an OpSampledImage
// from its use: the SPIR-V data rules require them to be in the same block.
std::set<uint32_t> sampled_image_result_ids;
bool before_split = true;
for (auto& instruction : *block_to_split) {
if (&instruction == &*split_before) {
before_split = false;
}
if (before_split) {
if (instruction.opcode() == SpvOpSampledImage) {
sampled_image_result_ids.insert(instruction.result_id());
}
} else {
if (!instruction.WhileEachInId(
[&sampled_image_result_ids](uint32_t* id) -> bool {
return !sampled_image_result_ids.count(*id);
})) {
return false;
}
}
}
return true;
Add "split block" transformation. (#2633) With this pass, the fuzzer can split blocks in the input module. This is mainly useful in order to give other (future) transformations more opportunities to apply.
2019-05-29 15:42:46 +00:00
}
spirv-fuzz: Introduce TransformationContext (#3272) Some transformations (e.g. TransformationAddFunction) rely on running the validator to decide whether the transformation is applicable. A recent change allowed spirv-fuzz to take validator options, to cater for the case where a module should be considered valid under particular conditions. However, validation during the checking of transformations had no access to these validator options. This change introduced TransformationContext, which currently consists of a fact manager and a set of validator options, but could in the future have other fields corresponding to other objects that it is useful to have access to when applying transformations. Now, instead of checking and applying transformations in the context of a FactManager, a TransformationContext is used. This gives access to the fact manager as before, and also access to the validator options when they are needed.
2020-04-02 14:54:46 +00:00
void TransformationSplitBlock::Apply(
opt::IRContext* ir_context,
TransformationContext* transformation_context) const {
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
opt::Instruction* instruction_to_split_before =
spirv-fuzz: Introduce TransformationContext (#3272) Some transformations (e.g. TransformationAddFunction) rely on running the validator to decide whether the transformation is applicable. A recent change allowed spirv-fuzz to take validator options, to cater for the case where a module should be considered valid under particular conditions. However, validation during the checking of transformations had no access to these validator options. This change introduced TransformationContext, which currently consists of a fact manager and a set of validator options, but could in the future have other fields corresponding to other objects that it is useful to have access to when applying transformations. Now, instead of checking and applying transformations in the context of a FactManager, a TransformationContext is used. This gives access to the fact manager as before, and also access to the validator options when they are needed.
2020-04-02 14:54:46 +00:00
FindInstruction(message_.instruction_to_split_before(), ir_context);
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
opt::BasicBlock* block_to_split =
spirv-fuzz: Introduce TransformationContext (#3272) Some transformations (e.g. TransformationAddFunction) rely on running the validator to decide whether the transformation is applicable. A recent change allowed spirv-fuzz to take validator options, to cater for the case where a module should be considered valid under particular conditions. However, validation during the checking of transformations had no access to these validator options. This change introduced TransformationContext, which currently consists of a fact manager and a set of validator options, but could in the future have other fields corresponding to other objects that it is useful to have access to when applying transformations. Now, instead of checking and applying transformations in the context of a FactManager, a TransformationContext is used. This gives access to the fact manager as before, and also access to the validator options when they are needed.
2020-04-02 14:54:46 +00:00
ir_context->get_instr_block(instruction_to_split_before);
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
auto split_before = fuzzerutil::GetIteratorForInstruction(
block_to_split, instruction_to_split_before);
assert(split_before != block_to_split->end() &&
Add 'copy object' transformation (#2766) This transformation can introduce an instruction that uses OpCopyObject to make a copy of some other result id. This change introduces the transformation, but does not yet introduce a fuzzer pass to actually apply it.
2019-08-05 17:00:13 +00:00
"If the transformation is applicable, we should have an "
"instruction to split on.");
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
Add 'copy object' transformation (#2766) This transformation can introduce an instruction that uses OpCopyObject to make a copy of some other result id. This change introduces the transformation, but does not yet introduce a fuzzer pass to actually apply it.
2019-08-05 17:00:13 +00:00
// We need to make sure the module's id bound is large enough to add the
// fresh id.
spirv-fuzz: Introduce TransformationContext (#3272) Some transformations (e.g. TransformationAddFunction) rely on running the validator to decide whether the transformation is applicable. A recent change allowed spirv-fuzz to take validator options, to cater for the case where a module should be considered valid under particular conditions. However, validation during the checking of transformations had no access to these validator options. This change introduced TransformationContext, which currently consists of a fact manager and a set of validator options, but could in the future have other fields corresponding to other objects that it is useful to have access to when applying transformations. Now, instead of checking and applying transformations in the context of a FactManager, a TransformationContext is used. This gives access to the fact manager as before, and also access to the validator options when they are needed.
2020-04-02 14:54:46 +00:00
fuzzerutil::UpdateModuleIdBound(ir_context, message_.fresh_id());
Add 'copy object' transformation (#2766) This transformation can introduce an instruction that uses OpCopyObject to make a copy of some other result id. This change introduces the transformation, but does not yet introduce a fuzzer pass to actually apply it.
2019-08-05 17:00:13 +00:00
// Split the block.
spirv-fuzz: Introduce TransformationContext (#3272) Some transformations (e.g. TransformationAddFunction) rely on running the validator to decide whether the transformation is applicable. A recent change allowed spirv-fuzz to take validator options, to cater for the case where a module should be considered valid under particular conditions. However, validation during the checking of transformations had no access to these validator options. This change introduced TransformationContext, which currently consists of a fact manager and a set of validator options, but could in the future have other fields corresponding to other objects that it is useful to have access to when applying transformations. Now, instead of checking and applying transformations in the context of a FactManager, a TransformationContext is used. This gives access to the fact manager as before, and also access to the validator options when they are needed.
2020-04-02 14:54:46 +00:00
auto new_bb = block_to_split->SplitBasicBlock(ir_context, message_.fresh_id(),
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
split_before);
Add 'copy object' transformation (#2766) This transformation can introduce an instruction that uses OpCopyObject to make a copy of some other result id. This change introduces the transformation, but does not yet introduce a fuzzer pass to actually apply it.
2019-08-05 17:00:13 +00:00
// The split does not automatically add a branch between the two parts of
// the original block, so we add one.
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
block_to_split->AddInstruction(MakeUnique<opt::Instruction>(
spirv-fuzz: Introduce TransformationContext (#3272) Some transformations (e.g. TransformationAddFunction) rely on running the validator to decide whether the transformation is applicable. A recent change allowed spirv-fuzz to take validator options, to cater for the case where a module should be considered valid under particular conditions. However, validation during the checking of transformations had no access to these validator options. This change introduced TransformationContext, which currently consists of a fact manager and a set of validator options, but could in the future have other fields corresponding to other objects that it is useful to have access to when applying transformations. Now, instead of checking and applying transformations in the context of a FactManager, a TransformationContext is used. This gives access to the fact manager as before, and also access to the validator options when they are needed.
2020-04-02 14:54:46 +00:00
ir_context, SpvOpBranch, 0, 0,
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
std::initializer_list<opt::Operand>{opt::Operand(
spv_operand_type_t::SPV_OPERAND_TYPE_ID, {message_.fresh_id()})}));
Add 'copy object' transformation (#2766) This transformation can introduce an instruction that uses OpCopyObject to make a copy of some other result id. This change introduces the transformation, but does not yet introduce a fuzzer pass to actually apply it.
2019-08-05 17:00:13 +00:00
// If we split before OpPhi instructions, we need to update their
// predecessor operand so that the block they used to be inside is now the
// predecessor.
spirv-fuzz: Refactor 'split blocks' to identify instructions differently (#2961) This change refactors the 'split blocks' transformation so that an instruction is identified via a base, opcode, and number of those opcodes to be skipped when searching from the base, as opposed to the previous design which used a base and offset.
2019-10-14 16:00:46 +00:00
new_bb->ForEachPhiInst([block_to_split](opt::Instruction* phi_inst) {
// The following assertion is a sanity check. It is guaranteed to hold
// if IsApplicable holds.
assert(phi_inst->NumInOperands() == 2 &&
"We can only split a block before an OpPhi if block has exactly "
"one predecessor.");
phi_inst->SetInOperand(1, {block_to_split->id()});
});
spirv-fuzz: add dead blocks (#3135) This adds a new kind of fact to the fact manager that knows whether a block is dead - i.e. guaranteed to be statically unreachable - and a new transformation for adding a selection construct to a CFG that conditionally branches to a fresh, dead block, such that the branch will never be dynamically taken. Transformations that may create new blocks ('split block' and 'outline function') are updated to propagate dead block facts to newly-created blocks where appropriate. A fuzzer pass randomly adds dead blocks to the module. Future transformations will be able to exploit the fact that such blocks are known to be dead.
2020-01-13 22:04:01 +00:00
// If the block being split was dead, the new block arising from the split is
// also dead.
spirv-fuzz: Introduce TransformationContext (#3272) Some transformations (e.g. TransformationAddFunction) rely on running the validator to decide whether the transformation is applicable. A recent change allowed spirv-fuzz to take validator options, to cater for the case where a module should be considered valid under particular conditions. However, validation during the checking of transformations had no access to these validator options. This change introduced TransformationContext, which currently consists of a fact manager and a set of validator options, but could in the future have other fields corresponding to other objects that it is useful to have access to when applying transformations. Now, instead of checking and applying transformations in the context of a FactManager, a TransformationContext is used. This gives access to the fact manager as before, and also access to the validator options when they are needed.
2020-04-02 14:54:46 +00:00
if (transformation_context->GetFactManager()->BlockIsDead(
block_to_split->id())) {
transformation_context->GetFactManager()->AddFactBlockIsDead(
message_.fresh_id());
spirv-fuzz: add dead blocks (#3135) This adds a new kind of fact to the fact manager that knows whether a block is dead - i.e. guaranteed to be statically unreachable - and a new transformation for adding a selection construct to a CFG that conditionally branches to a fresh, dead block, such that the branch will never be dynamically taken. Transformations that may create new blocks ('split block' and 'outline function') are updated to propagate dead block facts to newly-created blocks where appropriate. A fuzzer pass randomly adds dead blocks to the module. Future transformations will be able to exploit the fact that such blocks are known to be dead.
2020-01-13 22:04:01 +00:00
}
Add 'copy object' transformation (#2766) This transformation can introduce an instruction that uses OpCopyObject to make a copy of some other result id. This change introduces the transformation, but does not yet introduce a fuzzer pass to actually apply it.
2019-08-05 17:00:13 +00:00
// Invalidate all analyses
spirv-fuzz: Introduce TransformationContext (#3272) Some transformations (e.g. TransformationAddFunction) rely on running the validator to decide whether the transformation is applicable. A recent change allowed spirv-fuzz to take validator options, to cater for the case where a module should be considered valid under particular conditions. However, validation during the checking of transformations had no access to these validator options. This change introduced TransformationContext, which currently consists of a fact manager and a set of validator options, but could in the future have other fields corresponding to other objects that it is useful to have access to when applying transformations. Now, instead of checking and applying transformations in the context of a FactManager, a TransformationContext is used. This gives access to the fact manager as before, and also access to the validator options when they are needed.
2020-04-02 14:54:46 +00:00
ir_context->InvalidateAnalysesExceptFor(
opt::IRContext::Analysis::kAnalysisNone);
Add "split block" transformation. (#2633) With this pass, the fuzzer can split blocks in the input module. This is mainly useful in order to give other (future) transformations more opportunities to apply.
2019-05-29 15:42:46 +00:00
}
Refactor fuzzer transformations (#2694) Introduced abstract class for transformations, and refactored all transformations to inherit from this abstract class.
2019-06-25 19:49:46 +00:00
protobufs::Transformation TransformationSplitBlock::ToMessage() const {
protobufs::Transformation result;
*result.mutable_split_block() = message_;
Add "split block" transformation. (#2633) With this pass, the fuzzer can split blocks in the input module. This is mainly useful in order to give other (future) transformations more opportunities to apply.
2019-05-29 15:42:46 +00:00
return result;
}
} // namespace fuzz
} // namespace spvtools
Reference in New Issue Copy Permalink