mirror of
https://github.com/KhronosGroup/SPIRV-Tools
synced 2024-12-04 08:20:06 +00:00
983b5b4fcc
The passes that add dead breaks and continues suffer from the challenge that a new control flow graph edge can change dominance information, leading to the potenital for definitions to no longer dominate their uses. The attempt at guarding against this was known to be incomplete. This change calls on the SPIR-V validator to do the necessary checking: in deciding whether adding such an edge would be legitimate, we clone the module, add the edge, and use the validator to check whether the transformed clone is valid. This strategy is heavy-weight, and should be used sparingly, but seems like a good option when the validity of transformations is intricate, to avoid reimplementing swathes of validation logic in the fuzzer. Fixes #2919.
85 lines
3.6 KiB
C++
85 lines
3.6 KiB
C++
// Copyright (c) 2019 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
#ifndef SOURCE_FUZZ_TRANSFORMATION_ADD_DEAD_BREAK_H_
|
|
#define SOURCE_FUZZ_TRANSFORMATION_ADD_DEAD_BREAK_H_
|
|
|
|
#include <vector>
|
|
|
|
#include "source/fuzz/fact_manager.h"
|
|
#include "source/fuzz/protobufs/spirvfuzz_protobufs.h"
|
|
#include "source/fuzz/transformation.h"
|
|
#include "source/opt/ir_context.h"
|
|
|
|
namespace spvtools {
|
|
namespace fuzz {
|
|
|
|
class TransformationAddDeadBreak : public Transformation {
|
|
public:
|
|
explicit TransformationAddDeadBreak(
|
|
const protobufs::TransformationAddDeadBreak& message);
|
|
|
|
TransformationAddDeadBreak(uint32_t from_block, uint32_t to_block,
|
|
bool break_condition_value,
|
|
std::vector<uint32_t> phi_id);
|
|
|
|
// - |message_.from_block| must be the id of a block a in the given module.
|
|
// - |message_.to_block| must be the id of a block b in the given module.
|
|
// - if |message_.break_condition_value| holds (does not hold) then
|
|
// OpConstantTrue (OpConstantFalse) must be present in the module
|
|
// - |message_.phi_ids| must be a list of ids that are all available at
|
|
// |message_.from_block|
|
|
// - a and b must be in the same function.
|
|
// - b must be a merge block.
|
|
// - a must end with an unconditional branch to some block c.
|
|
// - replacing this branch with a conditional branch to b or c, with
|
|
// the boolean constant associated with |message_.break_condition_value| as
|
|
// the condition, and the ids in |message_.phi_ids| used to extend
|
|
// any OpPhi instructions at b as a result of the edge from a, must
|
|
// maintain validity of the module.
|
|
// In particular, the new branch must not lead to violations of the rule
|
|
// that a use must be dominated by its definition.
|
|
bool IsApplicable(opt::IRContext* context,
|
|
const FactManager& fact_manager) const override;
|
|
|
|
// Replaces the terminator of a with a conditional branch to b or c.
|
|
// The boolean constant associated with |message_.break_condition_value| is
|
|
// used as the condition, and the order of b and c is arranged such that
|
|
// control is guaranteed to jump to c.
|
|
void Apply(opt::IRContext* context, FactManager* fact_manager) const override;
|
|
|
|
protobufs::Transformation ToMessage() const override;
|
|
|
|
private:
|
|
// Returns true if and only if adding an edge from |bb_from| to
|
|
// |message_.to_block| respects structured control flow.
|
|
bool AddingBreakRespectsStructuredControlFlow(opt::IRContext* context,
|
|
opt::BasicBlock* bb_from) const;
|
|
|
|
// Used by 'Apply' to actually apply the transformation to the module of
|
|
// interest, and by 'IsApplicable' to do a dry-run of the transformation on a
|
|
// cloned module, in order to check that the transformation leads to a valid
|
|
// module. This is only invoked by 'IsApplicable' after certain basic
|
|
// applicability checks have been made, ensuring that the invocation of this
|
|
// method is legal.
|
|
void ApplyImpl(opt::IRContext* context) const;
|
|
|
|
protobufs::TransformationAddDeadBreak message_;
|
|
};
|
|
|
|
} // namespace fuzz
|
|
} // namespace spvtools
|
|
|
|
#endif // SOURCE_FUZZ_TRANSFORMATION_ADD_DEAD_BREAK_H_
|