AuroraMiddleware/SPIRV-Tools
1
0
Fork 0
mirror of https://github.com/KhronosGroup/SPIRV-Tools synced 2024-12-26 01:31:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

spirv-fuzz: support AtomicLoad (#4330)

Browse Source 
Enhances the TransformationLoad transformation and associated
fuzzer pass to support atomic operations.

Fixes #4324.
This commit is contained in:
Mostafa Ashraf 2021-08-03 22:51:25 +02:00 committed by GitHub
parent affe280c22
commit 0065c5672d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 586 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
source/fuzz/fuzzer_context.cpp
View File

@ -42,6 +42,7 @@ const std::pair<uint32_t, uint32_t> kChanceOfAddingAnotherPassToPassLoop = {50,
const std::pair<uint32_t, uint32_t> kChanceOfAddingAnotherStructField = {20, const std::pair<uint32_t, uint32_t> kChanceOfAddingAnotherStructField = {20,
90}; 90};
const std::pair<uint32_t, uint32_t> kChanceOfAddingArrayOrStructType = {20, 90}; const std::pair<uint32_t, uint32_t> kChanceOfAddingArrayOrStructType = {20, 90};
const std::pair<uint32_t, uint32_t> KChanceOfAddingAtomicLoad = {30, 90};
const std::pair<uint32_t, uint32_t> kChanceOfAddingBitInstructionSynonym = {5, const std::pair<uint32_t, uint32_t> kChanceOfAddingBitInstructionSynonym = {5,
20}; 20};
const std::pair<uint32_t, uint32_t> const std::pair<uint32_t, uint32_t>
@ -216,6 +217,8 @@ FuzzerContext::FuzzerContext(std::unique_ptr<RandomGenerator> random_generator,
ChooseBetweenMinAndMax(kChanceOfAddingAnotherStructField); ChooseBetweenMinAndMax(kChanceOfAddingAnotherStructField);
chance_of_adding_array_or_struct_type_ = chance_of_adding_array_or_struct_type_ =
ChooseBetweenMinAndMax(kChanceOfAddingArrayOrStructType); ChooseBetweenMinAndMax(kChanceOfAddingArrayOrStructType);
chance_of_adding_atomic_load_ =
ChooseBetweenMinAndMax(KChanceOfAddingAtomicLoad);
chance_of_adding_bit_instruction_synonym_ = chance_of_adding_bit_instruction_synonym_ =
ChooseBetweenMinAndMax(kChanceOfAddingBitInstructionSynonym); ChooseBetweenMinAndMax(kChanceOfAddingBitInstructionSynonym);
chance_of_adding_both_branches_when_replacing_opselect_ = chance_of_adding_both_branches_when_replacing_opselect_ =

4
source/fuzz/fuzzer_context.h
View File

@ -142,6 +142,9 @@ class FuzzerContext {
uint32_t GetChanceOfAddingArrayOrStructType() const { uint32_t GetChanceOfAddingArrayOrStructType() const {
return chance_of_adding_array_or_struct_type_; return chance_of_adding_array_or_struct_type_;
} }
uint32_t GetChanceOfAddingAtomicLoad() const {
return chance_of_adding_atomic_load_;
}
uint32_t GetChanceOfAddingBitInstructionSynonym() const { uint32_t GetChanceOfAddingBitInstructionSynonym() const {
return chance_of_adding_bit_instruction_synonym_; return chance_of_adding_bit_instruction_synonym_;
} }
@ -492,6 +495,7 @@ class FuzzerContext {
uint32_t chance_of_adding_another_pass_to_pass_loop_; uint32_t chance_of_adding_another_pass_to_pass_loop_;
uint32_t chance_of_adding_another_struct_field_; uint32_t chance_of_adding_another_struct_field_;
uint32_t chance_of_adding_array_or_struct_type_; uint32_t chance_of_adding_array_or_struct_type_;
uint32_t chance_of_adding_atomic_load_;
uint32_t chance_of_adding_bit_instruction_synonym_; uint32_t chance_of_adding_bit_instruction_synonym_;
uint32_t chance_of_adding_both_branches_when_replacing_opselect_; uint32_t chance_of_adding_both_branches_when_replacing_opselect_;
uint32_t chance_of_adding_composite_extract_; uint32_t chance_of_adding_composite_extract_;

67
source/fuzz/fuzzer_pass_add_loads.cpp
View File

@ -39,18 +39,22 @@ void FuzzerPassAddLoads::Apply() {
"The opcode of the instruction we might insert before must be " "The opcode of the instruction we might insert before must be "
"the same as the opcode in the descriptor for the instruction"); "the same as the opcode in the descriptor for the instruction");
// Check whether it is legitimate to insert a load before this
// instruction.
if (!fuzzerutil::CanInsertOpcodeBeforeInstruction(SpvOpLoad, inst_it)) {
return;
}
// Randomly decide whether to try inserting a load here. // Randomly decide whether to try inserting a load here.
if (!GetFuzzerContext()->ChoosePercentage( if (!GetFuzzerContext()->ChoosePercentage(
GetFuzzerContext()->GetChanceOfAddingLoad())) { GetFuzzerContext()->GetChanceOfAddingLoad())) {
return; return;
} }
// Check whether it is legitimate to insert a load or atomic load before
// this instruction.
if (!fuzzerutil::CanInsertOpcodeBeforeInstruction(SpvOpLoad, inst_it)) {
return;
}
if (!fuzzerutil::CanInsertOpcodeBeforeInstruction(SpvOpAtomicLoad,
inst_it)) {
return;
}
std::vector<opt::Instruction*> relevant_instructions = std::vector<opt::Instruction*> relevant_instructions =
FindAvailableInstructions( FindAvailableInstructions(
function, block, inst_it, function, block, inst_it,
@ -80,13 +84,52 @@ void FuzzerPassAddLoads::Apply() {
return; return;
} }
// Choose a pointer at random, and create and apply a loading auto chosen_instruction =
// transformation based on it.
ApplyTransformation(TransformationLoad(
GetFuzzerContext()->GetFreshId(),
relevant_instructions[GetFuzzerContext()->RandomIndex( relevant_instructions[GetFuzzerContext()->RandomIndex(
relevant_instructions)] relevant_instructions)];
->result_id(),
bool is_atomic_load = false;
uint32_t memory_scope_id = 0;
uint32_t memory_semantics_id = 0;
auto storage_class = GetIRContext()
->get_def_use_mgr()
->GetDef(chosen_instruction->type_id())
->GetSingleWordInOperand(0);
switch (storage_class) {
case SpvStorageClassStorageBuffer:
case SpvStorageClassPhysicalStorageBuffer:
case SpvStorageClassWorkgroup:
case SpvStorageClassCrossWorkgroup:
case SpvStorageClassAtomicCounter:
case SpvStorageClassImage:
if (GetFuzzerContext()->ChoosePercentage(
GetFuzzerContext()->GetChanceOfAddingAtomicLoad())) {
is_atomic_load = true;
memory_scope_id = FindOrCreateConstant(
{SpvScopeInvocation},
FindOrCreateIntegerType(32, GetFuzzerContext()->ChooseEven()),
false);
memory_semantics_id = FindOrCreateConstant(
{static_cast<uint32_t>(
TransformationLoad::GetMemorySemanticsForStorageClass(
static_cast<SpvStorageClass>(storage_class)))},
FindOrCreateIntegerType(32, GetFuzzerContext()->ChooseEven()),
false);
}
break;
default:
break;
}
// Create and apply the transformation.
ApplyTransformation(TransformationLoad(
GetFuzzerContext()->GetFreshId(), chosen_instruction->result_id(),
is_atomic_load, memory_scope_id, memory_semantics_id,
instruction_descriptor)); instruction_descriptor));
}); });
} }

19
source/fuzz/protobufs/spvtoolsfuzz.proto
View File

@ -1569,17 +1569,26 @@ message TransformationInvertComparisonOperator {
message TransformationLoad { message TransformationLoad {
// Transformation that adds an OpLoad instruction from a pointer into an id. // Transformation that adds an OpLoad or OpAtomicLoad instruction from a pointer into an id.
// The result of the load instruction // The result of the load instruction.
uint32 fresh_id = 1; uint32 fresh_id = 1;
// The pointer to be loaded from // The pointer to be loaded from.
uint32 pointer_id = 2; uint32 pointer_id = 2;
// True if and only if the load should be atomic.
bool is_atomic = 3;
// The memory scope for the atomic load. Ignored unless |is_atomic| is true.
uint32 memory_scope_id = 4;
// The memory semantics for the atomic load. Ignored unless |is_atomic| is true.
uint32 memory_semantics_id = 5;
// A descriptor for an instruction in a block before which the new OpLoad // A descriptor for an instruction in a block before which the new OpLoad
// instruction should be inserted // instruction should be inserted.
InstructionDescriptor instruction_to_insert_before = 3; InstructionDescriptor instruction_to_insert_before = 6;
} }

177
source/fuzz/transformation_load.cpp
View File

@ -24,10 +24,15 @@ TransformationLoad::TransformationLoad(protobufs::TransformationLoad message)
: message_(std::move(message)) {} : message_(std::move(message)) {}
TransformationLoad::TransformationLoad( TransformationLoad::TransformationLoad(
uint32_t fresh_id, uint32_t pointer_id, uint32_t fresh_id, uint32_t pointer_id, bool is_atomic,
uint32_t memory_scope, uint32_t memory_semantics,
const protobufs::InstructionDescriptor& instruction_to_insert_before) { const protobufs::InstructionDescriptor& instruction_to_insert_before) {
message_.set_fresh_id(fresh_id); message_.set_fresh_id(fresh_id);
message_.set_pointer_id(pointer_id); message_.set_pointer_id(pointer_id);
message_.set_is_atomic(is_atomic);
message_.set_memory_scope_id(memory_scope);
message_.set_memory_semantics_id(memory_semantics);
*message_.mutable_instruction_to_insert_before() = *message_.mutable_instruction_to_insert_before() =
instruction_to_insert_before; instruction_to_insert_before;
} }
@ -68,11 +73,97 @@ bool TransformationLoad::IsApplicable(
if (!insert_before) { if (!insert_before) {
return false; return false;
} }
// ... and it must be legitimate to insert a store before it. // ... and it must be legitimate to insert a load before it.
if (!fuzzerutil::CanInsertOpcodeBeforeInstruction(SpvOpLoad, insert_before)) { if (!message_.is_atomic() &&
!fuzzerutil::CanInsertOpcodeBeforeInstruction(SpvOpLoad, insert_before)) {
return false; return false;
} }
if (message_.is_atomic() && !fuzzerutil::CanInsertOpcodeBeforeInstruction(
SpvOpAtomicLoad, insert_before)) {
return false;
}
if (message_.is_atomic()) {
// Check the exists of memory scope and memory semantics ids.
auto memory_scope_instruction =
ir_context->get_def_use_mgr()->GetDef(message_.memory_scope_id());
auto memory_semantics_instruction =
ir_context->get_def_use_mgr()->GetDef(message_.memory_semantics_id());
if (!memory_scope_instruction) {
return false;
}
if (!memory_semantics_instruction) {
return false;
}
// The memory scope and memory semantics instructions must have the
// 'OpConstant' opcode.
if (memory_scope_instruction->opcode() != SpvOpConstant) {
return false;
}
if (memory_semantics_instruction->opcode() != SpvOpConstant) {
return false;
}
// The memory scope and memory semantics need to be available before
// |insert_before|.
if (!fuzzerutil::IdIsAvailableBeforeInstruction(
ir_context, insert_before, message_.memory_scope_id())) {
return false;
}
if (!fuzzerutil::IdIsAvailableBeforeInstruction(
ir_context, insert_before, message_.memory_semantics_id())) {
return false;
}
// The memory scope and memory semantics instructions must have an Integer
// operand type with signedness does not matters.
if (ir_context->get_def_use_mgr()
->GetDef(memory_scope_instruction->type_id())
->opcode() != SpvOpTypeInt) {
return false;
}
if (ir_context->get_def_use_mgr()
->GetDef(memory_semantics_instruction->type_id())
->opcode() != SpvOpTypeInt) {
return false;
}
// The size of the integer for memory scope and memory semantics
// instructions must be equal to 32 bits.
auto memory_scope_int_width =
ir_context->get_def_use_mgr()
->GetDef(memory_scope_instruction->type_id())
->GetSingleWordInOperand(0);
auto memory_semantics_int_width =
ir_context->get_def_use_mgr()
->GetDef(memory_semantics_instruction->type_id())
->GetSingleWordInOperand(0);
if (memory_scope_int_width != 32) {
return false;
}
if (memory_semantics_int_width != 32) {
return false;
}
// The memory scope constant value must be that of SpvScopeInvocation.
auto memory_scope_const_value =
memory_scope_instruction->GetSingleWordInOperand(0);
if (memory_scope_const_value != SpvScopeInvocation) {
return false;
}
// The memory semantics constant value must match the storage class of the
// pointer being loaded from.
auto memory_semantics_const_value = static_cast<SpvMemorySemanticsMask>(
memory_semantics_instruction->GetSingleWordInOperand(0));
if (memory_semantics_const_value !=
GetMemorySemanticsForStorageClass(static_cast<SpvStorageClass>(
pointer_type->GetSingleWordInOperand(0)))) {
return false;
}
}
// The pointer needs to be available at the insertion point. // The pointer needs to be available at the insertion point.
return fuzzerutil::IdIsAvailableBeforeInstruction(ir_context, insert_before, return fuzzerutil::IdIsAvailableBeforeInstruction(ir_context, insert_before,
message_.pointer_id()); message_.pointer_id());
@ -80,22 +171,70 @@ bool TransformationLoad::IsApplicable(
void TransformationLoad::Apply(opt::IRContext* ir_context, void TransformationLoad::Apply(opt::IRContext* ir_context,
TransformationContext* /*unused*/) const { TransformationContext* /*unused*/) const {
uint32_t result_type = fuzzerutil::GetPointeeTypeIdFromPointerType( if (message_.is_atomic()) {
ir_context, fuzzerutil::GetTypeId(ir_context, message_.pointer_id())); // OpAtomicLoad instruction.
fuzzerutil::UpdateModuleIdBound(ir_context, message_.fresh_id()); uint32_t result_type = fuzzerutil::GetPointeeTypeIdFromPointerType(
auto insert_before = ir_context, fuzzerutil::GetTypeId(ir_context, message_.pointer_id()));
FindInstruction(message_.instruction_to_insert_before(), ir_context); fuzzerutil::UpdateModuleIdBound(ir_context, message_.fresh_id());
auto new_instruction = MakeUnique<opt::Instruction>( auto insert_before =
ir_context, SpvOpLoad, result_type, message_.fresh_id(), FindInstruction(message_.instruction_to_insert_before(), ir_context);
opt::Instruction::OperandList( auto new_instruction = MakeUnique<opt::Instruction>(
{{SPV_OPERAND_TYPE_ID, {message_.pointer_id()}}})); ir_context, SpvOpAtomicLoad, result_type, message_.fresh_id(),
auto new_instruction_ptr = new_instruction.get(); opt::Instruction::OperandList(
insert_before->InsertBefore(std::move(new_instruction)); {{SPV_OPERAND_TYPE_ID, {message_.pointer_id()}},
// Inform the def-use manager about the new instruction and record its basic {SPV_OPERAND_TYPE_SCOPE_ID, {message_.memory_scope_id()}},
// block. {SPV_OPERAND_TYPE_MEMORY_SEMANTICS_ID,
ir_context->get_def_use_mgr()->AnalyzeInstDefUse(new_instruction_ptr); {message_.memory_semantics_id()}}}));
ir_context->set_instr_block(new_instruction_ptr, auto new_instruction_ptr = new_instruction.get();
ir_context->get_instr_block(insert_before)); insert_before->InsertBefore(std::move(new_instruction));
// Inform the def-use manager about the new instruction and record its basic
// block.
ir_context->get_def_use_mgr()->AnalyzeInstDefUse(new_instruction_ptr);
ir_context->set_instr_block(new_instruction_ptr,
ir_context->get_instr_block(insert_before));
} else {
// OpLoad instruction.
uint32_t result_type = fuzzerutil::GetPointeeTypeIdFromPointerType(
ir_context, fuzzerutil::GetTypeId(ir_context, message_.pointer_id()));
fuzzerutil::UpdateModuleIdBound(ir_context, message_.fresh_id());
auto insert_before =
FindInstruction(message_.instruction_to_insert_before(), ir_context);
auto new_instruction = MakeUnique<opt::Instruction>(
ir_context, SpvOpLoad, result_type, message_.fresh_id(),
opt::Instruction::OperandList(
{{SPV_OPERAND_TYPE_ID, {message_.pointer_id()}}}));
auto new_instruction_ptr = new_instruction.get();
insert_before->InsertBefore(std::move(new_instruction));
// Inform the def-use manager about the new instruction and record its basic
// block.
ir_context->get_def_use_mgr()->AnalyzeInstDefUse(new_instruction_ptr);
ir_context->set_instr_block(new_instruction_ptr,
ir_context->get_instr_block(insert_before));
}
}
SpvMemorySemanticsMask TransformationLoad::GetMemorySemanticsForStorageClass(
SpvStorageClass storage_class) {
switch (storage_class) {
case SpvStorageClassWorkgroup:
return SpvMemorySemanticsWorkgroupMemoryMask;
case SpvStorageClassStorageBuffer:
case SpvStorageClassPhysicalStorageBuffer:
return SpvMemorySemanticsUniformMemoryMask;
case SpvStorageClassCrossWorkgroup:
return SpvMemorySemanticsCrossWorkgroupMemoryMask;
case SpvStorageClassAtomicCounter:
return SpvMemorySemanticsAtomicCounterMemoryMask;
case SpvStorageClassImage:
return SpvMemorySemanticsImageMemoryMask;
default:
return SpvMemorySemanticsMaskNone;
}
} }
protobufs::Transformation TransformationLoad::ToMessage() const { protobufs::Transformation TransformationLoad::ToMessage() const {

15
source/fuzz/transformation_load.h
View File

@ -28,11 +28,20 @@ class TransformationLoad : public Transformation {
explicit TransformationLoad(protobufs::TransformationLoad message); explicit TransformationLoad(protobufs::TransformationLoad message);
TransformationLoad( TransformationLoad(
uint32_t fresh_id, uint32_t pointer_id, uint32_t fresh_id, uint32_t pointer_id, bool is_atomic,
uint32_t memory_scope, uint32_t memory_semantics,
const protobufs::InstructionDescriptor& instruction_to_insert_before); const protobufs::InstructionDescriptor& instruction_to_insert_before);
// - |message_.fresh_id| must be fresh // - |message_.fresh_id| must be fresh
// - |message_.pointer_id| must be the id of a pointer // - |message_.pointer_id| must be the id of a pointer
// - |message_.is_atomic| must be true if want to work with OpAtomicLoad
// - If |is_atomic| is true then |message_memory_scope_id| must be the id of
// an OpConstant 32 bit integer instruction with the value
// SpvScopeInvocation.
// - If |is_atomic| is true then |message_.memory_semantics_id| must be the id
// of an OpConstant 32 bit integer instruction with the values
// SpvMemorySemanticsWorkgroupMemoryMask or
// SpvMemorySemanticsUniformMemoryMask.
// - The pointer must not be OpConstantNull or OpUndef // - The pointer must not be OpConstantNull or OpUndef
// - |message_.instruction_to_insert_before| must identify an instruction // - |message_.instruction_to_insert_before| must identify an instruction
// before which it is valid to insert an OpLoad, and where // before which it is valid to insert an OpLoad, and where
@ -49,6 +58,10 @@ class TransformationLoad : public Transformation {
void Apply(opt::IRContext* ir_context, void Apply(opt::IRContext* ir_context,
TransformationContext* transformation_context) const override; TransformationContext* transformation_context) const override;
// Returns memory semantics mask for specific storage class.
static SpvMemorySemanticsMask GetMemorySemanticsForStorageClass(
SpvStorageClass storage_class);
std::unordered_set<uint32_t> GetFreshIds() const override; std::unordered_set<uint32_t> GetFreshIds() const override;
protobufs::Transformation ToMessage() const override; protobufs::Transformation ToMessage() const override;

375
test/fuzz/transformation_load_test.cpp
View File

@ -129,61 +129,69 @@ TEST(TransformationLoadTest, BasicTest) {
// Pointers that cannot be used: // Pointers that cannot be used:
// 60 - null // 60 - null
// 61 - undefined
// Bad: id is not fresh // Bad: id is not fresh
ASSERT_FALSE(TransformationLoad( ASSERT_FALSE(
33, 33, MakeInstructionDescriptor(38, SpvOpAccessChain, 0)) TransformationLoad(33, 33, false, 0, 0,
.IsApplicable(context.get(), transformation_context)); MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: attempt to load from 11 from outside its function // Bad: attempt to load from 11 from outside its function
ASSERT_FALSE(TransformationLoad( ASSERT_FALSE(
100, 11, MakeInstructionDescriptor(38, SpvOpAccessChain, 0)) TransformationLoad(100, 11, false, 0, 0,
.IsApplicable(context.get(), transformation_context)); MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: pointer is not available // Bad: pointer is not available
ASSERT_FALSE(TransformationLoad( ASSERT_FALSE(
100, 33, MakeInstructionDescriptor(45, SpvOpCopyObject, 0)) TransformationLoad(100, 33, false, 0, 0,
.IsApplicable(context.get(), transformation_context)); MakeInstructionDescriptor(45, SpvOpCopyObject, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: attempt to insert before OpVariable // Bad: attempt to insert before OpVariable
ASSERT_FALSE(TransformationLoad( ASSERT_FALSE(
100, 27, MakeInstructionDescriptor(27, SpvOpVariable, 0)) TransformationLoad(100, 27, false, 0, 0,
.IsApplicable(context.get(), transformation_context)); MakeInstructionDescriptor(27, SpvOpVariable, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: pointer id does not exist // Bad: pointer id does not exist
ASSERT_FALSE( ASSERT_FALSE(
TransformationLoad(100, 1000, TransformationLoad(100, 1000, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0)) MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context)); .IsApplicable(context.get(), transformation_context));
// Bad: pointer id exists but does not have a type // Bad: pointer id exists but does not have a type
ASSERT_FALSE(TransformationLoad(
100, 5, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: pointer id exists and has a type, but is not a pointer
ASSERT_FALSE(TransformationLoad(
100, 24, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: attempt to load from null pointer
ASSERT_FALSE(TransformationLoad(
100, 60, MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: %40 is not available at the program point
ASSERT_FALSE( ASSERT_FALSE(
TransformationLoad(100, 40, MakeInstructionDescriptor(37, SpvOpReturn, 0)) TransformationLoad(100, 5, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context)); .IsApplicable(context.get(), transformation_context));
// Bad: The described instruction does not exist // Bad: pointer id exists and has a type, but is not a pointer
ASSERT_FALSE(TransformationLoad( ASSERT_FALSE(
100, 33, MakeInstructionDescriptor(1000, SpvOpReturn, 0)) TransformationLoad(100, 24, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: attempt to load from null pointer
ASSERT_FALSE(
TransformationLoad(100, 60, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: %40 is not available at the program point
ASSERT_FALSE(TransformationLoad(100, 40, false, 0, 0,
MakeInstructionDescriptor(37, SpvOpReturn, 0))
.IsApplicable(context.get(), transformation_context)); .IsApplicable(context.get(), transformation_context));
// Bad: The described instruction does not exist
ASSERT_FALSE(
TransformationLoad(100, 33, false, 0, 0,
MakeInstructionDescriptor(1000, SpvOpReturn, 0))
.IsApplicable(context.get(), transformation_context));
{ {
TransformationLoad transformation( TransformationLoad transformation(
100, 33, MakeInstructionDescriptor(38, SpvOpAccessChain, 0)); 100, 33, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0));
ASSERT_TRUE( ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context)); transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(), ApplyAndCheckFreshIds(transformation, context.get(),
@ -194,7 +202,8 @@ TEST(TransformationLoadTest, BasicTest) {
{ {
TransformationLoad transformation( TransformationLoad transformation(
101, 46, MakeInstructionDescriptor(16, SpvOpReturnValue, 0)); 101, 46, false, 0, 0,
MakeInstructionDescriptor(16, SpvOpReturnValue, 0));
ASSERT_TRUE( ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context)); transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(), ApplyAndCheckFreshIds(transformation, context.get(),
@ -205,7 +214,8 @@ TEST(TransformationLoadTest, BasicTest) {
{ {
TransformationLoad transformation( TransformationLoad transformation(
102, 16, MakeInstructionDescriptor(16, SpvOpReturnValue, 0)); 102, 16, false, 0, 0,
MakeInstructionDescriptor(16, SpvOpReturnValue, 0));
ASSERT_TRUE( ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context)); transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(), ApplyAndCheckFreshIds(transformation, context.get(),
@ -216,7 +226,8 @@ TEST(TransformationLoadTest, BasicTest) {
{ {
TransformationLoad transformation( TransformationLoad transformation(
103, 40, MakeInstructionDescriptor(43, SpvOpAccessChain, 0)); 103, 40, false, 0, 0,
MakeInstructionDescriptor(43, SpvOpAccessChain, 0));
ASSERT_TRUE( ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context)); transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(), ApplyAndCheckFreshIds(transformation, context.get(),
@ -289,6 +300,296 @@ TEST(TransformationLoadTest, BasicTest) {
ASSERT_TRUE(IsEqual(env, after_transformation, context.get())); ASSERT_TRUE(IsEqual(env, after_transformation, context.get()));
} }
TEST(TransformationLoadTest, AtomicLoadTestCase) {
const std::string shader = R"(
OpCapability Shader
OpCapability Int8
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 320
%2 = OpTypeVoid
%3 = OpTypeFunction %2
%6 = OpTypeInt 32 1
%7 = OpTypeInt 8 1
%9 = OpTypeInt 32 0
%26 = OpTypeFloat 32
%8 = OpTypeStruct %6
%10 = OpTypePointer StorageBuffer %8
%11 = OpVariable %10 StorageBuffer
%19 = OpConstant %26 0
%18 = OpConstant %9 1
%12 = OpConstant %6 0
%13 = OpTypePointer StorageBuffer %6
%15 = OpConstant %6 4
%16 = OpConstant %6 7
%17 = OpConstant %7 4
%20 = OpConstant %9 64
%4 = OpFunction %2 None %3
%5 = OpLabel
%14 = OpAccessChain %13 %11 %12
%24 = OpAccessChain %13 %11 %12
OpReturn
OpFunctionEnd
)";
const auto env = SPV_ENV_UNIVERSAL_1_3;
const auto consumer = nullptr;
const auto context = BuildModule(env, consumer, shader, kFuzzAssembleOption);
spvtools::ValidatorOptions validator_options;
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(context.get(), validator_options,
kConsoleMessageConsumer));
TransformationContext transformation_context(
MakeUnique<FactManager>(context.get()), validator_options);
// Bad: id is not fresh.
ASSERT_FALSE(
TransformationLoad(14, 14, true, 15, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: id 100 of memory scope instruction does not exist.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 100, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: id 100 of memory semantics instruction does not exist.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 15, 100,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: memory scope should be |OpConstant| opcode.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 5, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: memory semantics should be |OpConstant| opcode.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 15, 5,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: The memory scope instruction must have an Integer operand.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 15, 19,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: The memory memory semantics instruction must have an Integer operand.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 19, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: Integer size of the memory scope must be equal to 32 bits.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 17, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: Integer size of memory semantics must be equal to 32 bits.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 15, 17,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: memory scope value must be 4 (SpvScopeInvocation).
ASSERT_FALSE(
TransformationLoad(21, 14, true, 16, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: memory semantics value must be either:
// 64 (SpvMemorySemanticsUniformMemoryMask)
// 256 (SpvMemorySemanticsWorkgroupMemoryMask)
ASSERT_FALSE(
TransformationLoad(21, 14, true, 15, 16,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: The described instruction does not exist
ASSERT_FALSE(
TransformationLoad(21, 14, false, 15, 20,
MakeInstructionDescriptor(150, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Successful transformations.
{
TransformationLoad transformation(
21, 14, true, 15, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0));
ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(),
&transformation_context);
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(
context.get(), validator_options, kConsoleMessageConsumer));
}
const std::string after_transformation = R"(
OpCapability Shader
OpCapability Int8
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 320
%2 = OpTypeVoid
%3 = OpTypeFunction %2
%6 = OpTypeInt 32 1
%7 = OpTypeInt 8 1
%9 = OpTypeInt 32 0
%26 = OpTypeFloat 32
%8 = OpTypeStruct %6
%10 = OpTypePointer StorageBuffer %8
%11 = OpVariable %10 StorageBuffer
%19 = OpConstant %26 0
%18 = OpConstant %9 1
%12 = OpConstant %6 0
%13 = OpTypePointer StorageBuffer %6
%15 = OpConstant %6 4
%16 = OpConstant %6 7
%17 = OpConstant %7 4
%20 = OpConstant %9 64
%4 = OpFunction %2 None %3
%5 = OpLabel
%14 = OpAccessChain %13 %11 %12
%21 = OpAtomicLoad %6 %14 %15 %20
%24 = OpAccessChain %13 %11 %12
OpReturn
OpFunctionEnd
)";
ASSERT_TRUE(IsEqual(env, after_transformation, context.get()));
}
TEST(TransformationLoadTest, AtomicLoadTestCaseForWorkgroupMemory) {
std::string shader = R"(
OpCapability Shader
OpCapability Int8
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 310
%2 = OpTypeVoid
%3 = OpTypeFunction %2
%6 = OpTypeInt 32 1
%26 = OpTypeFloat 32
%27 = OpTypeInt 8 1
%7 = OpTypeInt 32 0 ; 0 means unsigned
%8 = OpConstant %7 0
%17 = OpConstant %27 4
%19 = OpConstant %26 0
%9 = OpTypePointer Function %6
%13 = OpTypeStruct %6
%12 = OpTypePointer Workgroup %13
%11 = OpVariable %12 Workgroup
%14 = OpConstant %6 0
%15 = OpTypePointer Function %6
%51 = OpTypePointer Private %6
%21 = OpConstant %6 4
%23 = OpConstant %6 256
%25 = OpTypePointer Function %7
%50 = OpTypePointer Workgroup %6
%34 = OpTypeBool
%35 = OpConstantFalse %34
%53 = OpVariable %51 Private
%4 = OpFunction %2 None %3
%5 = OpLabel
OpSelectionMerge %37 None
OpBranchConditional %35 %36 %37
%36 = OpLabel
%38 = OpAccessChain %50 %11 %14
%40 = OpAccessChain %50 %11 %14
OpBranch %37
%37 = OpLabel
OpReturn
OpFunctionEnd
)";
const auto env = SPV_ENV_UNIVERSAL_1_3;
const auto consumer = nullptr;
const auto context = BuildModule(env, consumer, shader, kFuzzAssembleOption);
spvtools::ValidatorOptions validator_options;
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(context.get(), validator_options,
kConsoleMessageConsumer));
TransformationContext transformation_context(
MakeUnique<FactManager>(context.get()), validator_options);
// Bad: Can't insert OpAccessChain before the id 23 of memory scope.
ASSERT_FALSE(
TransformationLoad(60, 38, true, 21, 23,
MakeInstructionDescriptor(23, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: Can't insert OpAccessChain before the id 23 of memory semantics.
ASSERT_FALSE(
TransformationLoad(60, 38, true, 21, 23,
MakeInstructionDescriptor(21, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Successful transformations.
{
TransformationLoad transformation(
60, 38, true, 21, 23,
MakeInstructionDescriptor(40, SpvOpAccessChain, 0));
ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(),
&transformation_context);
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(
context.get(), validator_options, kConsoleMessageConsumer));
}
std::string after_transformation = R"(
OpCapability Shader
OpCapability Int8
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 310
%2 = OpTypeVoid
%3 = OpTypeFunction %2
%6 = OpTypeInt 32 1
%26 = OpTypeFloat 32
%27 = OpTypeInt 8 1
%7 = OpTypeInt 32 0 ; 0 means unsigned
%8 = OpConstant %7 0
%17 = OpConstant %27 4
%19 = OpConstant %26 0
%9 = OpTypePointer Function %6
%13 = OpTypeStruct %6
%12 = OpTypePointer Workgroup %13
%11 = OpVariable %12 Workgroup
%14 = OpConstant %6 0
%15 = OpTypePointer Function %6
%51 = OpTypePointer Private %6
%21 = OpConstant %6 4
%23 = OpConstant %6 256
%25 = OpTypePointer Function %7
%50 = OpTypePointer Workgroup %6
%34 = OpTypeBool
%35 = OpConstantFalse %34
%53 = OpVariable %51 Private
%4 = OpFunction %2 None %3
%5 = OpLabel
OpSelectionMerge %37 None
OpBranchConditional %35 %36 %37
%36 = OpLabel
%38 = OpAccessChain %50 %11 %14
%60 = OpAtomicLoad %6 %38 %21 %23
%40 = OpAccessChain %50 %11 %14
OpBranch %37
%37 = OpLabel
OpReturn
OpFunctionEnd
)";
ASSERT_TRUE(IsEqual(env, after_transformation, context.get()));
}
} // namespace } // namespace
} // namespace fuzz } // namespace fuzz
} // namespace spvtools } // namespace spvtools