Home Explore Help
Sign In
cpp
/
anki-3d-engine
mirror of https://github.com/godlikepanos/anki-3d-engine.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
anki-3d-engine
/
ThirdParty
/
SpirvTools
/
source
/
fuzz
/
fuzzer_pass_add_composite_extract.cpp

fuzzer_pass_add_composite_extract.cpp 6.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. // Copyright (c) 2020 Vasyl Teliman
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. #include "source/fuzz/fuzzer_pass_add_composite_extract.h"
    16. 

  16. 

  17. #include "source/fuzz/available_instructions.h"
    18. 

  18. #include "source/fuzz/fuzzer_context.h"
    19. 

  19. #include "source/fuzz/fuzzer_util.h"
    20. 

  20. #include "source/fuzz/instruction_descriptor.h"
    21. 

  21. #include "source/fuzz/transformation_composite_extract.h"
    22. 

  22. 

  23. namespace spvtools {
    24. 

  24. namespace fuzz {
    25. 

  25. 

  26. FuzzerPassAddCompositeExtract::FuzzerPassAddCompositeExtract(
    27. 

  27.     opt::IRContext* ir_context, TransformationContext* transformation_context,
    28. 

  28.     FuzzerContext* fuzzer_context,
    29. 

  29.     protobufs::TransformationSequence* transformations,
    30. 

  30.     bool ignore_inapplicable_transformations)
    31. 

  31.     : FuzzerPass(ir_context, transformation_context, fuzzer_context,
    32. 

  32.                  transformations, ignore_inapplicable_transformations) {}
    33. 

  33. 

  34. void FuzzerPassAddCompositeExtract::Apply() {
    35. 

  35.   std::vector<const protobufs::DataDescriptor*> composite_synonyms;
    36. 

  36.   for (const auto* dd :
    37. 

  37.        GetTransformationContext()->GetFactManager()->GetAllSynonyms()) {
    38. 

  38.     // |dd| must describe a component of a composite.
    39. 

  39.     if (!dd->index().empty()) {
    40. 

  40.       composite_synonyms.push_back(dd);
    41. 

  41.     }
    42. 

  42.   }
    43. 

  43. 

  44.   AvailableInstructions available_composites(
    45. 

  45.       GetIRContext(), [](opt::IRContext* ir_context, opt::Instruction* inst) {
    46. 

  46.         return inst->type_id() && inst->result_id() &&
    47. 

  47.                fuzzerutil::IsCompositeType(
    48. 

  48.                    ir_context->get_type_mgr()->GetType(inst->type_id()));
    49. 

  49.       });
    50. 

  50. 

  51.   ForEachInstructionWithInstructionDescriptor(
    52. 

  52.       [this, &available_composites, &composite_synonyms](
    53. 

  53.           opt::Function* /*unused*/, opt::BasicBlock* /*unused*/,
    54. 

  54.           opt::BasicBlock::iterator inst_it,
    55. 

  55.           const protobufs::InstructionDescriptor& instruction_descriptor) {
    56. 

  56.         if (!fuzzerutil::CanInsertOpcodeBeforeInstruction(
    57. 

  57.                 spv::Op::OpCompositeExtract, inst_it)) {
    58. 

  58.           return;
    59. 

  59.         }
    60. 

  60. 

  61.         if (!GetFuzzerContext()->ChoosePercentage(
    62. 

  62.                 GetFuzzerContext()->GetChanceOfAddingCompositeExtract())) {
    63. 

  63.           return;
    64. 

  64.         }
    65. 

  65. 

  66.         std::vector<const protobufs::DataDescriptor*> available_synonyms;
    67. 

  67.         for (const auto* dd : composite_synonyms) {
    68. 

  68.           if (fuzzerutil::IdIsAvailableBeforeInstruction(
    69. 

  69.                   GetIRContext(), &*inst_it, dd->object())) {
    70. 

  70.             available_synonyms.push_back(dd);
    71. 

  71.           }
    72. 

  72.         }
    73. 

  73. 

  74.         auto candidate_composites =
    75. 

  75.             available_composites.GetAvailableBeforeInstruction(&*inst_it);
    76. 

  76. 

  77.         if (available_synonyms.empty() && candidate_composites.empty()) {
    78. 

  78.           return;
    79. 

  79.         }
    80. 

  80. 

  81.         uint32_t composite_id = 0;
    82. 

  82.         std::vector<uint32_t> indices;
    83. 

  83. 

  84.         if (available_synonyms.empty() || (!candidate_composites.empty() &&
    85. 

  85.                                            GetFuzzerContext()->ChooseEven())) {
    86. 

  86.           const auto* inst =
    87. 

  87.               candidate_composites[GetFuzzerContext()->RandomIndex(
    88. 

  88.                   candidate_composites)];
    89. 

  89.           composite_id = inst->result_id();
    90. 

  90. 

  91.           auto type_id = inst->type_id();
    92. 

  92.           do {
    93. 

  93.             uint32_t number_of_members = 0;
    94. 

  94. 

  95.             const auto* type_inst =
    96. 

  96.                 GetIRContext()->get_def_use_mgr()->GetDef(type_id);
    97. 

  97.             assert(type_inst && "Composite instruction has invalid type id");
    98. 

  98. 

  99.             switch (type_inst->opcode()) {
    100. 

  100.               case spv::Op::OpTypeArray:
    101. 

  101.                 number_of_members =
    102. 

  102.                     fuzzerutil::GetArraySize(*type_inst, GetIRContext());
    103. 

  103.                 break;
    104. 

  104.               case spv::Op::OpTypeVector:
    105. 

  105.               case spv::Op::OpTypeMatrix:
    106. 

  106.                 number_of_members = type_inst->GetSingleWordInOperand(1);
    107. 

  107.                 break;
    108. 

  108.               case spv::Op::OpTypeStruct:
    109. 

  109.                 number_of_members = type_inst->NumInOperands();
    110. 

  110.                 break;
    111. 

  111.               default:
    112. 

  112.                 assert(false && "|type_inst| is not a composite");
    113. 

  113.                 return;
    114. 

  114.             }
    115. 

  115. 

  116.             if (number_of_members == 0) {
    117. 

  117.               return;
    118. 

  118.             }
    119. 

  119. 

  120.             indices.push_back(
    121. 

  121.                 GetFuzzerContext()->GetRandomCompositeExtractIndex(
    122. 

  122.                     number_of_members));
    123. 

  123. 

  124.             switch (type_inst->opcode()) {
    125. 

  125.               case spv::Op::OpTypeArray:
    126. 

  126.               case spv::Op::OpTypeVector:
    127. 

  127.               case spv::Op::OpTypeMatrix:
    128. 

  128.                 type_id = type_inst->GetSingleWordInOperand(0);
    129. 

  129.                 break;
    130. 

  130.               case spv::Op::OpTypeStruct:
    131. 

  131.                 type_id = type_inst->GetSingleWordInOperand(indices.back());
    132. 

  132.                 break;
    133. 

  133.               default:
    134. 

  134.                 assert(false && "|type_inst| is not a composite");
    135. 

  135.                 return;
    136. 

  136.             }
    137. 

  137.           } while (fuzzerutil::IsCompositeType(
    138. 

  138.                        GetIRContext()->get_type_mgr()->GetType(type_id)) &&
    139. 

  139.                    GetFuzzerContext()->ChoosePercentage(
    140. 

  140.                        GetFuzzerContext()
    141. 

  141.                            ->GetChanceOfGoingDeeperToExtractComposite()));
    142. 

  142.         } else {
    143. 

  143.           const auto* dd = available_synonyms[GetFuzzerContext()->RandomIndex(
    144. 

  144.               available_synonyms)];
    145. 

  145. 

  146.           composite_id = dd->object();
    147. 

  147.           indices.assign(dd->index().begin(), dd->index().end());
    148. 

  148.         }
    149. 

  149. 

  150.         assert(composite_id != 0 && !indices.empty() &&
    151. 

  151.                "Composite object should have been chosen correctly");
    152. 

  152. 

  153.         ApplyTransformation(TransformationCompositeExtract(
    154. 

  154.             instruction_descriptor, GetFuzzerContext()->GetFreshId(),
    155. 

  155.             composite_id, indices));
    156. 

  156.       });
    157. 

  157. }
    158. 

  158. 

  159. }  // namespace fuzz
    160. 

  160. }  // namespace spvtools
    161.