mirror of
https://github.com/KhronosGroup/SPIRV-Tools
synced 2024-11-30 06:50:06 +00:00
bfd25ace08
To avoid problems where global and local variables of opaque or runtime-sized types are added to a module, this change introduces the notion of a 'basic type' -- a type made up from floats, ints, bools, or vectors, matrices, structs and fixed-size arrays of basic types. Added variables have to be of basic type.
249 lines
12 KiB
C++
249 lines
12 KiB
C++
// Copyright (c) 2019 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
#ifndef SOURCE_FUZZ_FUZZER_PASS_H_
|
|
#define SOURCE_FUZZ_FUZZER_PASS_H_
|
|
|
|
#include <functional>
|
|
#include <vector>
|
|
|
|
#include "source/fuzz/fuzzer_context.h"
|
|
#include "source/fuzz/protobufs/spirvfuzz_protobufs.h"
|
|
#include "source/fuzz/transformation_context.h"
|
|
#include "source/opt/ir_context.h"
|
|
|
|
namespace spvtools {
|
|
namespace fuzz {
|
|
|
|
// Interface for applying a pass of transformations to a module.
|
|
class FuzzerPass {
|
|
public:
|
|
FuzzerPass(opt::IRContext* ir_context,
|
|
TransformationContext* transformation_context,
|
|
FuzzerContext* fuzzer_context,
|
|
protobufs::TransformationSequence* transformations);
|
|
|
|
virtual ~FuzzerPass();
|
|
|
|
// Applies the pass to the module |ir_context_|, assuming and updating
|
|
// information from |transformation_context_|, and using |fuzzer_context_| to
|
|
// guide the process. Appends to |transformations_| all transformations that
|
|
// were applied during the pass.
|
|
virtual void Apply() = 0;
|
|
|
|
protected:
|
|
opt::IRContext* GetIRContext() const { return ir_context_; }
|
|
|
|
TransformationContext* GetTransformationContext() const {
|
|
return transformation_context_;
|
|
}
|
|
|
|
FuzzerContext* GetFuzzerContext() const { return fuzzer_context_; }
|
|
|
|
protobufs::TransformationSequence* GetTransformations() const {
|
|
return transformations_;
|
|
}
|
|
|
|
// Returns all instructions that are *available* at |inst_it|, which is
|
|
// required to be inside block |block| of function |function| - that is, all
|
|
// instructions at global scope and all instructions that strictly dominate
|
|
// |inst_it|.
|
|
//
|
|
// Filters said instructions to return only those that satisfy the
|
|
// |instruction_is_relevant| predicate. This, for instance, could ignore all
|
|
// instructions that have a particular decoration.
|
|
std::vector<opt::Instruction*> FindAvailableInstructions(
|
|
opt::Function* function, opt::BasicBlock* block,
|
|
const opt::BasicBlock::iterator& inst_it,
|
|
std::function<bool(opt::IRContext*, opt::Instruction*)>
|
|
instruction_is_relevant) const;
|
|
|
|
// A helper method that iterates through each instruction in each block, at
|
|
// all times tracking an instruction descriptor that allows the latest
|
|
// instruction to be located even if it has no result id.
|
|
//
|
|
// The code to manipulate the instruction descriptor is a bit fiddly. The
|
|
// point of this method is to avoiding having to duplicate it in multiple
|
|
// transformation passes.
|
|
//
|
|
// The function |action| is invoked for each instruction |inst_it| in block
|
|
// |block| of function |function| that is encountered. The
|
|
// |instruction_descriptor| parameter to the function object allows |inst_it|
|
|
// to be identified.
|
|
//
|
|
// In most intended use cases, the job of |action| is to randomly decide
|
|
// whether to try to apply some transformation, and then - if selected - to
|
|
// attempt to apply it.
|
|
void ForEachInstructionWithInstructionDescriptor(
|
|
std::function<
|
|
void(opt::Function* function, opt::BasicBlock* block,
|
|
opt::BasicBlock::iterator inst_it,
|
|
const protobufs::InstructionDescriptor& instruction_descriptor)>
|
|
action);
|
|
|
|
// A generic helper for applying a transformation that should be applicable
|
|
// by construction, and adding it to the sequence of applied transformations.
|
|
template <typename TransformationType>
|
|
void ApplyTransformation(const TransformationType& transformation) {
|
|
assert(transformation.IsApplicable(GetIRContext(),
|
|
*GetTransformationContext()) &&
|
|
"Transformation should be applicable by construction.");
|
|
transformation.Apply(GetIRContext(), GetTransformationContext());
|
|
*GetTransformations()->add_transformation() = transformation.ToMessage();
|
|
}
|
|
|
|
// Returns the id of an OpTypeBool instruction. If such an instruction does
|
|
// not exist, a transformation is applied to add it.
|
|
uint32_t FindOrCreateBoolType();
|
|
|
|
// Returns the id of an OpTypeInt instruction, with width 32 and signedness
|
|
// specified by |is_signed|. If such an instruction does not exist, a
|
|
// transformation is applied to add it.
|
|
uint32_t FindOrCreate32BitIntegerType(bool is_signed);
|
|
|
|
// Returns the id of an OpTypeFloat instruction, with width 32. If such an
|
|
// instruction does not exist, a transformation is applied to add it.
|
|
uint32_t FindOrCreate32BitFloatType();
|
|
|
|
// Returns the id of an OpTypeFunction %<return_type_id> %<...argument_id>
|
|
// instruction. If such an instruction doesn't exist, a transformation
|
|
// is applied to create a new one.
|
|
uint32_t FindOrCreateFunctionType(uint32_t return_type_id,
|
|
const std::vector<uint32_t>& argument_id);
|
|
|
|
// Returns the id of an OpTypeVector instruction, with |component_type_id|
|
|
// (which must already exist) as its base type, and |component_count|
|
|
// elements (which must be in the range [2, 4]). If such an instruction does
|
|
// not exist, a transformation is applied to add it.
|
|
uint32_t FindOrCreateVectorType(uint32_t component_type_id,
|
|
uint32_t component_count);
|
|
|
|
// Returns the id of an OpTypeMatrix instruction, with |column_count| columns
|
|
// and |row_count| rows (each of which must be in the range [2, 4]). If the
|
|
// float and vector types required to build this matrix type or the matrix
|
|
// type itself do not exist, transformations are applied to add them.
|
|
uint32_t FindOrCreateMatrixType(uint32_t column_count, uint32_t row_count);
|
|
|
|
// Returns the id of a pointer type with base type |base_type_id| (which must
|
|
// already exist) and storage class |storage_class|. A transformation is
|
|
// applied to add the pointer if it does not already exist.
|
|
uint32_t FindOrCreatePointerType(uint32_t base_type_id,
|
|
SpvStorageClass storage_class);
|
|
|
|
// Returns the id of an OpTypePointer instruction, with a 32-bit integer base
|
|
// type of signedness specified by |is_signed|. If the pointer type or
|
|
// required integer base type do not exist, transformations are applied to add
|
|
// them.
|
|
uint32_t FindOrCreatePointerTo32BitIntegerType(bool is_signed,
|
|
SpvStorageClass storage_class);
|
|
|
|
// Returns the id of an OpConstant instruction, with 32-bit integer type of
|
|
// signedness specified by |is_signed|, with |word| as its value. If either
|
|
// the required integer type or the constant do not exist, transformations are
|
|
// applied to add them.
|
|
uint32_t FindOrCreate32BitIntegerConstant(uint32_t word, bool is_signed);
|
|
|
|
// Returns the id of an OpConstant instruction, with 32-bit floating-point
|
|
// type, with |word| as its value. If either the required floating-point type
|
|
// or the constant do not exist, transformations are applied to add them.
|
|
uint32_t FindOrCreate32BitFloatConstant(uint32_t word);
|
|
|
|
// Returns the id of an OpConstantTrue or OpConstantFalse instruction,
|
|
// according to |value|. If either the required instruction or the bool
|
|
// type do not exist, transformations are applied to add them.
|
|
uint32_t FindOrCreateBoolConstant(bool value);
|
|
|
|
// Returns the result id of an instruction of the form:
|
|
// %id = OpUndef %|type_id|
|
|
// If no such instruction exists, a transformation is applied to add it.
|
|
uint32_t FindOrCreateGlobalUndef(uint32_t type_id);
|
|
|
|
// Define a *basic type* to be an integer, boolean or floating-point type,
|
|
// or a matrix, vector, struct or fixed-size array built from basic types. In
|
|
// particular, a basic type cannot contain an opaque type (such as an image),
|
|
// or a runtime-sized array.
|
|
//
|
|
// Yields a pair, (basic_type_ids, basic_type_ids_to_pointers), such that:
|
|
// - basic_type_ids captures every basic type declared in the module.
|
|
// - basic_type_ids_to_pointers maps every such basic type to the sequence
|
|
// of all pointer types that have storage class |storage_class| and the
|
|
// given basic type as their pointee type. The sequence may be empty for
|
|
// some basic types if no pointers to those types are defined for the given
|
|
// storage class, and the sequence will have multiple elements if there are
|
|
// repeated pointer declarations for the same basic type and storage class.
|
|
std::pair<std::vector<uint32_t>, std::map<uint32_t, std::vector<uint32_t>>>
|
|
GetAvailableBasicTypesAndPointers(SpvStorageClass storage_class) const;
|
|
|
|
// Given a type id, |scalar_or_composite_type_id|, which must correspond to
|
|
// some scalar or composite type, returns the result id of an instruction
|
|
// defining a constant of the given type that is zero or false at everywhere.
|
|
// If such an instruction does not yet exist, transformations are applied to
|
|
// add it.
|
|
//
|
|
// Examples:
|
|
// --------------+-------------------------------
|
|
// TYPE | RESULT is id corresponding to
|
|
// --------------+-------------------------------
|
|
// bool | false
|
|
// --------------+-------------------------------
|
|
// bvec4 | (false, false, false, false)
|
|
// --------------+-------------------------------
|
|
// float | 0.0
|
|
// --------------+-------------------------------
|
|
// vec2 | (0.0, 0.0)
|
|
// --------------+-------------------------------
|
|
// int[3] | [0, 0, 0]
|
|
// --------------+-------------------------------
|
|
// struct S { |
|
|
// int i; | S(0, false, (0u, 0u))
|
|
// bool b; |
|
|
// uint2 u; |
|
|
// } |
|
|
// --------------+-------------------------------
|
|
uint32_t FindOrCreateZeroConstant(uint32_t scalar_or_composite_type_id);
|
|
|
|
private:
|
|
// Array, matrix and vector are *homogeneous* composite types in the sense
|
|
// that every component of one of these types has the same type. Given a
|
|
// homogeneous composite type instruction, |composite_type_instruction|,
|
|
// returns the id of a composite constant instruction for which every element
|
|
// is zero/false. If such an instruction does not yet exist, transformations
|
|
// are applied to add it.
|
|
uint32_t GetZeroConstantForHomogeneousComposite(
|
|
const opt::Instruction& composite_type_instruction,
|
|
uint32_t component_type_id, uint32_t num_components);
|
|
|
|
// Helper to find an existing composite constant instruction of the given
|
|
// composite type with the given constant components, or to apply
|
|
// transformations to create such an instruction if it does not yet exist.
|
|
// Parameter |composite_type_instruction| must be a composite type
|
|
// instruction. The parameters |constants| and |constant_ids| must have the
|
|
// same size, and it must be the case that for each i, |constant_ids[i]| is
|
|
// the result id of an instruction that defines |constants[i]|.
|
|
uint32_t FindOrCreateCompositeConstant(
|
|
const opt::Instruction& composite_type_instruction,
|
|
const std::vector<const opt::analysis::Constant*>& constants,
|
|
const std::vector<uint32_t>& constant_ids);
|
|
|
|
opt::IRContext* ir_context_;
|
|
TransformationContext* transformation_context_;
|
|
FuzzerContext* fuzzer_context_;
|
|
protobufs::TransformationSequence* transformations_;
|
|
};
|
|
|
|
} // namespace fuzz
|
|
} // namespace spvtools
|
|
|
|
#endif // SOURCE_FUZZ_FUZZER_PASS_H_
|