AuroraMiddleware/SPIRV-Tools
1
0
Fork 0
mirror of https://github.com/KhronosGroup/SPIRV-Tools synced 2024-10-20 12:00:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
11d5924227
SPIRV-Tools/source/fuzz/transformation_add_opphi_synonym.cpp
Alastair Donaldson fcb22ecf0f
spirv-fuzz: Report fresh ids in transformations (#3856) 
Adds a virtual method, GetFreshIds(), to Transformation. Every
transformation uses this to indicate which ids in its protobuf message
are fresh ids. This means that when replaying a sequence of
transformations the replayer can obtain a smallest id that is not in
use by the module already and that will not be used by any
transformation by necessity. Ids greater than or equal to this id
can be used as overflow ids.

Fixes #3851.
2020-09-29 22:12:49 +01:00

203 lines
6.9 KiB
C++
Raw Blame History

// Copyright (c) 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "source/fuzz/transformation_add_opphi_synonym.h"
#include "source/fuzz/fuzzer_util.h"
namespace spvtools {
namespace fuzz {
TransformationAddOpPhiSynonym::TransformationAddOpPhiSynonym(
const protobufs::TransformationAddOpPhiSynonym& message)
: message_(message) {}
TransformationAddOpPhiSynonym::TransformationAddOpPhiSynonym(
uint32_t block_id, const std::map<uint32_t, uint32_t>& preds_to_ids,
uint32_t fresh_id) {
message_.set_block_id(block_id);
*message_.mutable_pred_to_id() =
fuzzerutil::MapToRepeatedUInt32Pair(preds_to_ids);
message_.set_fresh_id(fresh_id);
}
bool TransformationAddOpPhiSynonym::IsApplicable(
opt::IRContext* ir_context,
const TransformationContext& transformation_context) const {
// Check that |message_.block_id| is a block label id.
auto block = fuzzerutil::MaybeFindBlock(ir_context, message_.block_id());
if (!block) {
return false;
}
// Check that |message_.fresh_id| is actually fresh.
if (!fuzzerutil::IsFreshId(ir_context, message_.fresh_id())) {
return false;
}
// Check that |message_.pred_to_id| contains a mapping for all of the block's
// predecessors.
std::vector<uint32_t> predecessors = ir_context->cfg()->preds(block->id());
// There must be at least one predecessor.
if (predecessors.empty()) {
return false;
}
std::map<uint32_t, uint32_t> preds_to_ids =
fuzzerutil::RepeatedUInt32PairToMap(message_.pred_to_id());
// There must not be repeated key values in |message_.pred_to_id|.
if (preds_to_ids.size() != static_cast<size_t>(message_.pred_to_id_size())) {
return false;
}
// Check that each predecessor has a corresponding mapping and all of the
// corresponding ids exist.
for (uint32_t pred : predecessors) {
if (preds_to_ids.count(pred) == 0) {
return false;
}
// Check that the id exists in the module.
if (!ir_context->get_def_use_mgr()->GetDef(preds_to_ids[pred])) {
return false;
}
}
// Get the first id and its type (which should be the same as all the other
// ones) and check that the transformation supports this type.
uint32_t first_id = preds_to_ids[predecessors[0]];
uint32_t type_id = ir_context->get_def_use_mgr()->GetDef(first_id)->type_id();
if (!CheckTypeIsAllowed(ir_context, type_id)) {
return false;
}
// Check that the ids corresponding to predecessors are all synonymous, have
// the same type and are available to use at the end of the predecessor.
for (uint32_t pred : predecessors) {
auto id = preds_to_ids[pred];
// Check that the id has the same type as the other ones.
if (ir_context->get_def_use_mgr()->GetDef(id)->type_id() != type_id) {
return false;
}
// Check that the id is synonymous with the others by checking that it is
// synonymous with the first one (or it is the same id).
if (id != first_id &&
!transformation_context.GetFactManager()->IsSynonymous(
MakeDataDescriptor(id, {}), MakeDataDescriptor(first_id, {}))) {
return false;
}
// Check that the id is available at the end of the corresponding
// predecessor block.
auto pred_block = ir_context->get_instr_block(pred);
// We should always be able to find the predecessor block, since it is in
// the predecessors list of |block|.
assert(pred_block && "Could not find one of the predecessor blocks.");
if (!fuzzerutil::IdIsAvailableBeforeInstruction(
ir_context, pred_block->terminator(), id)) {
return false;
}
}
return true;
}
void TransformationAddOpPhiSynonym::Apply(
opt::IRContext* ir_context,
TransformationContext* transformation_context) const {
// Get the type id from one of the ids.
uint32_t first_id = message_.pred_to_id(0).second();
uint32_t type_id = ir_context->get_def_use_mgr()->GetDef(first_id)->type_id();
// Define the operand list.
opt::Instruction::OperandList operand_list;
// For each predecessor, add the corresponding operands.
for (auto& pair : message_.pred_to_id()) {
operand_list.emplace_back(
opt::Operand{SPV_OPERAND_TYPE_ID, {pair.second()}});
operand_list.emplace_back(
opt::Operand{SPV_OPERAND_TYPE_ID, {pair.first()}});
}
// Add a new OpPhi instructions at the beginning of the block.
ir_context->get_instr_block(message_.block_id())
->begin()
.InsertBefore(MakeUnique<opt::Instruction>(ir_context, SpvOpPhi, type_id,
message_.fresh_id(),
std::move(operand_list)));
// Update the module id bound.
fuzzerutil::UpdateModuleIdBound(ir_context, message_.fresh_id());
// Invalidate all analyses, since we added an instruction to the module.
ir_context->InvalidateAnalysesExceptFor(
opt::IRContext::Analysis::kAnalysisNone);
// Record the fact that the new id is synonym with the other ones by declaring
// that it is a synonym of the first one.
transformation_context->GetFactManager()->AddFactDataSynonym(
MakeDataDescriptor(message_.fresh_id(), {}),
MakeDataDescriptor(first_id, {}));
}
protobufs::Transformation TransformationAddOpPhiSynonym::ToMessage() const {
protobufs::Transformation result;
*result.mutable_add_opphi_synonym() = message_;
return result;
}
bool TransformationAddOpPhiSynonym::CheckTypeIsAllowed(
opt::IRContext* ir_context, uint32_t type_id) {
auto type = ir_context->get_type_mgr()->GetType(type_id);
if (!type) {
return false;
}
// We allow the following types: Bool, Integer, Float, Vector, Matrix, Array,
// Struct.
if (type->AsBool() || type->AsInteger() || type->AsFloat() ||
type->AsVector() || type->AsMatrix() || type->AsArray() ||
type->AsStruct()) {
return true;
}
// We allow pointer types if the VariablePointers capability is enabled and
// the pointer has the correct storage class (Workgroup or StorageBuffer).
if (type->AsPointer()) {
auto storage_class = type->AsPointer()->storage_class();
return ir_context->get_feature_mgr()->HasCapability(
SpvCapabilityVariablePointers) &&
(storage_class == SpvStorageClassWorkgroup ||
storage_class == SpvStorageClassStorageBuffer);
}
// We do not allow other types.
return false;
}
std::unordered_set<uint32_t> TransformationAddOpPhiSynonym::GetFreshIds()
const {
return {message_.fresh_id()};
}
} // namespace fuzz
} // namespace spvtools
Reference in New Issue View Git Blame Copy Permalink