Home Explore Help
Sign In
cpp
/
bgfx
mirror of https://github.com/bkaradzic/bgfx.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 75bbd23e53
Branches Tags
bgfx
/
3rdparty
/
spirv-tools
/
source
/
fuzz
/
fuzzer.h

fuzzer.h 2.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. // Copyright (c) 2019 Google LLC
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. #ifndef SOURCE_FUZZ_FUZZER_H_
    16. 

  16. #define SOURCE_FUZZ_FUZZER_H_
    17. 

  17. 

  18. #include <memory>
    19. 

  19. #include <vector>
    20. 

  20. 

  21. #include "source/fuzz/fuzzer_util.h"
    22. 

  22. #include "source/fuzz/protobufs/spirvfuzz_protobufs.h"
    23. 

  23. #include "spirv-tools/libspirv.hpp"
    24. 

  24. 

  25. namespace spvtools {
    26. 

  26. namespace fuzz {
    27. 

  27. 

  28. // Transforms a SPIR-V module into a semantically equivalent SPIR-V module by
    29. 

  29. // running a number of randomized fuzzer passes.
    30. 

  30. class Fuzzer {
    31. 

  31.  public:
    32. 

  32.   // Possible statuses that can result from running the fuzzer.
    33. 

  33.   enum class FuzzerResultStatus {
    34. 

  34.     kComplete,
    35. 

  35.     kFailedToCreateSpirvToolsInterface,
    36. 

  36.     kFuzzerPassLedToInvalidModule,
    37. 

  37.     kInitialBinaryInvalid,
    38. 

  38.   };
    39. 

  39. 

  40.   // Constructs a fuzzer from the given target environment |env|.  |seed| is a
    41. 

  41.   // seed for pseudo-random number generation.
    42. 

  42.   // |validate_after_each_fuzzer_pass| controls whether the validator will be
    43. 

  43.   // invoked after every fuzzer pass is applied.
    44. 

  44.   Fuzzer(spv_target_env env, uint32_t seed,
    45. 

  45.          bool validate_after_each_fuzzer_pass,
    46. 

  46.          spv_validator_options validator_options);
    47. 

  47. 

  48.   // Disables copy/move constructor/assignment operations.
    49. 

  49.   Fuzzer(const Fuzzer&) = delete;
    50. 

  50.   Fuzzer(Fuzzer&&) = delete;
    51. 

  51.   Fuzzer& operator=(const Fuzzer&) = delete;
    52. 

  52.   Fuzzer& operator=(Fuzzer&&) = delete;
    53. 

  53. 

  54.   ~Fuzzer();
    55. 

  55. 

  56.   // Sets the message consumer to the given |consumer|. The |consumer| will be
    57. 

  57.   // invoked once for each message communicated from the library.
    58. 

  58.   void SetMessageConsumer(MessageConsumer consumer);
    59. 

  59. 

  60.   // Transforms |binary_in| to |binary_out| by running a number of randomized
    61. 

  61.   // fuzzer passes.  Initial facts about the input binary and the context in
    62. 

  62.   // which it will execute are provided via |initial_facts|.  A source of donor
    63. 

  63.   // modules to be used by transformations is provided via |donor_suppliers|.
    64. 

  64.   // The transformation sequence that was applied is returned via
    65. 

  65.   // |transformation_sequence_out|.
    66. 

  66.   FuzzerResultStatus Run(
    67. 

  67.       const std::vector<uint32_t>& binary_in,
    68. 

  68.       const protobufs::FactSequence& initial_facts,
    69. 

  69.       const std::vector<fuzzerutil::ModuleSupplier>& donor_suppliers,
    70. 

  70.       std::vector<uint32_t>* binary_out,
    71. 

  71.       protobufs::TransformationSequence* transformation_sequence_out) const;
    72. 

  72. 

  73.  private:
    74. 

  74.   struct Impl;                  // Opaque struct for holding internal data.
    75. 

  75.   std::unique_ptr<Impl> impl_;  // Unique pointer to internal data.
    76. 

  76. };
    77. 

  77. 

  78. }  // namespace fuzz
    79. 

  79. }  // namespace spvtools
    80. 

  80. 

  81. #endif  // SOURCE_FUZZ_FUZZER_H_
    82.