SPIRV-Tools/source/fuzz/transformation_wrap_vector_synonym.cpp
alan-baker d35a78db57
Switch SPIRV-Tools to use spirv.hpp11 internally (#4981)
Fixes #4960

* Switches to using enum classes with an underlying type to avoid
  undefined behaviour
2022-11-04 17:27:10 -04:00

201 lines
7.2 KiB
C++

// Copyright (c) 2021 Shiyu Liu
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "source/fuzz/transformation_wrap_vector_synonym.h"
#include "source/fuzz/data_descriptor.h"
#include "source/fuzz/fuzzer_util.h"
#include "source/opt/instruction.h"
namespace spvtools {
namespace fuzz {
TransformationWrapVectorSynonym::TransformationWrapVectorSynonym(
protobufs::TransformationWrapVectorSynonym message)
: message_(std::move(message)) {}
TransformationWrapVectorSynonym::TransformationWrapVectorSynonym(
uint32_t instruction_id, uint32_t vector_operand1, uint32_t vector_operand2,
uint32_t fresh_id, uint32_t pos) {
message_.set_instruction_id(instruction_id);
message_.set_vector_operand1(vector_operand1);
message_.set_vector_operand2(vector_operand2);
message_.set_fresh_id(fresh_id);
message_.set_scalar_position(pos);
}
bool TransformationWrapVectorSynonym::IsApplicable(
opt::IRContext* ir_context,
const TransformationContext& transformation_context) const {
// |fresh_id| must be fresh.
if (!fuzzerutil::IsFreshId(ir_context, message_.fresh_id())) {
return false;
}
const opt::Instruction* instruction =
ir_context->get_def_use_mgr()->GetDef(message_.instruction_id());
// |instruction_id| must refer to an existing instruction.
if (instruction == nullptr) {
return false;
}
if (!IsInstructionSupported(ir_context, *instruction)) {
return false;
}
// It must be possible to make a synonym of the result id of the scalar
// operation
if (!fuzzerutil::CanMakeSynonymOf(ir_context, transformation_context,
*instruction)) {
return false;
}
// |vector_operand1| and |vector_operand2| must exist.
auto vec1 = ir_context->get_def_use_mgr()->GetDef(message_.vector_operand1());
auto vec2 = ir_context->get_def_use_mgr()->GetDef(message_.vector_operand2());
if (vec1 == nullptr || vec2 == nullptr) {
return false;
}
// The 2 vectors must have compatible vector types.
auto vec1_type_id = vec1->type_id();
auto vec2_type_id = vec2->type_id();
for (auto operand_index : {0, 1}) {
if (!fuzzerutil::TypesAreCompatible(ir_context, instruction->opcode(),
operand_index, vec1_type_id,
vec2_type_id)) {
return false;
}
}
auto vec1_type = ir_context->get_def_use_mgr()->GetDef(vec1_type_id);
if (vec1_type->opcode() != spv::Op::OpTypeVector) {
return false;
}
// A suitable vector for the result type of the new vector instruction must
// exist in the module. This is a vector of the right length, whose element
// type matches the result type of the scalar instruction.
uint32_t vector_size = vec1_type->GetSingleWordInOperand(1);
if (!fuzzerutil::MaybeGetVectorType(ir_context, instruction->type_id(),
vector_size)) {
return false;
}
// |scalar_position| needs to be a non-negative integer less than the vector
// length.
// OpTypeVector instruction has the component count at index 2.
if (message_.scalar_position() >= ir_context->get_def_use_mgr()
->GetDef(vec1_type_id)
->GetSingleWordInOperand(1)) {
return false;
}
if (!transformation_context.GetFactManager()->IsSynonymous(
MakeDataDescriptor(message_.vector_operand1(),
{message_.scalar_position()}),
MakeDataDescriptor(instruction->GetSingleWordInOperand(0), {}))) {
return false;
}
if (!transformation_context.GetFactManager()->IsSynonymous(
MakeDataDescriptor(message_.vector_operand2(),
{message_.scalar_position()}),
MakeDataDescriptor(instruction->GetSingleWordInOperand(1), {}))) {
return false;
}
return true;
}
void TransformationWrapVectorSynonym::Apply(
opt::IRContext* ir_context,
TransformationContext* transformation_context) const {
// Create an instruction descriptor for the original instruction.
auto instruction =
ir_context->get_def_use_mgr()->GetDef(message_.instruction_id());
auto destination_block = ir_context->get_instr_block(instruction);
// Populate input operand list with two vectors for vector operation.
opt::Instruction::OperandList in_operands;
in_operands.push_back({SPV_OPERAND_TYPE_ID, {message_.vector_operand1()}});
in_operands.push_back({SPV_OPERAND_TYPE_ID, {message_.vector_operand2()}});
// Make a new arithmetic instruction: %fresh_id = OpXX %type_id %result_id1
// %result_id2.
auto vector_operand_type = ir_context->get_def_use_mgr()->GetDef(
fuzzerutil::GetTypeId(ir_context, message_.vector_operand1()));
uint32_t vector_size = vector_operand_type->GetSingleWordInOperand(1);
auto vec_type_id = fuzzerutil::MaybeGetVectorType(
ir_context, instruction->type_id(), vector_size);
auto new_instruction = MakeUnique<opt::Instruction>(
ir_context, instruction->opcode(), vec_type_id, message_.fresh_id(),
std::move(in_operands));
auto new_instruction_ptr = new_instruction.get();
instruction->InsertBefore(std::move(new_instruction));
ir_context->get_def_use_mgr()->AnalyzeInstDefUse(new_instruction_ptr);
ir_context->set_instr_block(new_instruction_ptr, destination_block);
// Add |fresh_id| to id bound.
fuzzerutil::UpdateModuleIdBound(ir_context, message_.fresh_id());
// Add synonyms between |fresh_id| and |instruction_id|.
transformation_context->GetFactManager()->AddFactDataSynonym(
MakeDataDescriptor(message_.fresh_id(), {message_.scalar_position()}),
MakeDataDescriptor(message_.instruction_id(), {}));
}
protobufs::Transformation TransformationWrapVectorSynonym::ToMessage() const {
protobufs::Transformation result;
*result.mutable_wrap_vector_synonym() = message_;
return result;
}
std::unordered_set<uint32_t> TransformationWrapVectorSynonym::GetFreshIds()
const {
return std::unordered_set<uint32_t>{message_.fresh_id()};
}
bool TransformationWrapVectorSynonym::IsInstructionSupported(
opt::IRContext* ir_context, const opt::Instruction& instruction) {
if (!instruction.result_id() || !instruction.type_id()) {
return false;
}
auto type_instruction =
ir_context->get_def_use_mgr()->GetDef(instruction.type_id());
if ((type_instruction->opcode() != spv::Op::OpTypeInt &&
type_instruction->opcode() != spv::Op::OpTypeFloat)) {
return false;
}
switch (instruction.opcode()) {
case spv::Op::OpIAdd:
case spv::Op::OpISub:
case spv::Op::OpIMul:
case spv::Op::OpFAdd:
case spv::Op::OpFSub:
case spv::Op::OpFMul:
return true;
default:
return false;
}
}
} // namespace fuzz
} // namespace spvtools