• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef SOURCE_FUZZ_FUZZER_PASS_OBFUSCATE_CONSTANTS_H_
16 #define SOURCE_FUZZ_FUZZER_PASS_OBFUSCATE_CONSTANTS_H_
17 
18 #include <vector>
19 
20 #include "source/fuzz/fuzzer_pass.h"
21 
22 namespace spvtools {
23 namespace fuzz {
24 
25 // A fuzzer pass for turning uses of constants into more complex forms.
26 // Examples include replacing 'true' with '42 < 52', and replacing '42' with
27 // 'a.b.c' if 'a.b.c' is known to hold the value '42'.
28 class FuzzerPassObfuscateConstants : public FuzzerPass {
29  public:
30   FuzzerPassObfuscateConstants(
31       opt::IRContext* ir_context, TransformationContext* transformation_context,
32       FuzzerContext* fuzzer_context,
33       protobufs::TransformationSequence* transformations,
34       bool ignore_inapplicable_transformations);
35 
36   void Apply() override;
37 
38  private:
39   // Applies 0 or more transformations to potentially obfuscate the constant
40   // use represented by |constant_use|.  The |depth| parameter controls how
41   // deeply obfuscation can recurse.
42   void ObfuscateConstant(uint32_t depth,
43                          const protobufs::IdUseDescriptor& constant_use);
44 
45   // This method will try to turn |constant_use|, required to be a use of a
46   // boolean constant, into a binary expression on scalar constants, which may
47   // themselves be recursively obfuscated.
48   void ObfuscateBoolConstant(uint32_t depth,
49                              const protobufs::IdUseDescriptor& constant_use);
50 
51   // This method will try to turn |constant_use|, required to be a use of a
52   // scalar constant, into the value loaded from a uniform known to have the
53   // same value as the constant (if one exists).
54   void ObfuscateScalarConstant(uint32_t depth,
55                                const protobufs::IdUseDescriptor& constant_use);
56 
57   // Applies a transformation to replace the boolean constant usage represented
58   // by |bool_constant_use| with a binary expression involving
59   // |float_constant_id_1| and |float_constant_id_2|, which must not be equal
60   // to one another.  Possibly further obfuscates the uses of these float
61   // constants.  The |depth| parameter controls how deeply obfuscation can
62   // recurse.
63   void ObfuscateBoolConstantViaFloatConstantPair(
64       uint32_t depth, const protobufs::IdUseDescriptor& bool_constant_use,
65       uint32_t float_constant_id_1, uint32_t float_constant_id_2);
66 
67   // Similar to the above, but for signed int constants.
68   void ObfuscateBoolConstantViaSignedIntConstantPair(
69       uint32_t depth, const protobufs::IdUseDescriptor& bool_constant_use,
70       uint32_t signed_int_constant_id_1, uint32_t signed_int_constant_id_2);
71 
72   // Similar to the above, but for unsigned int constants.
73   void ObfuscateBoolConstantViaUnsignedIntConstantPair(
74       uint32_t depth, const protobufs::IdUseDescriptor& bool_constant_use,
75       uint32_t unsigned_int_constant_id_1, uint32_t unsigned_int_constant_id_2);
76 
77   // A helper method to capture the common parts of the above methods.
78   // The method is used to obfuscate the boolean constant usage represented by
79   // |bool_constant_use| by replacing it with '|constant_id_1| OP
80   // |constant_id_2|', where 'OP' is chosen from either |greater_than_opcodes|
81   // or |less_than_opcodes|.
82   //
83   // The two constant ids must not represent the same value, and thus
84   // |greater_than_opcodes| may include 'greater than or equal' opcodes
85   // (similar for |less_than_opcodes|).
86   void ObfuscateBoolConstantViaConstantPair(
87       uint32_t depth, const protobufs::IdUseDescriptor& bool_constant_use,
88       const std::vector<SpvOp>& greater_than_opcodes,
89       const std::vector<SpvOp>& less_than_opcodes, uint32_t constant_id_1,
90       uint32_t constant_id_2, bool first_constant_is_larger);
91 
92   // A helper method to determine whether input operand |in_operand_index| of
93   // |inst| is the id of a constant, and add an id use descriptor to
94   // |candidate_constant_uses| if so.  The other parameters are used for id use
95   // descriptor construction.
96   void MaybeAddConstantIdUse(
97       const opt::Instruction& inst, uint32_t in_operand_index,
98       uint32_t base_instruction_result_id,
99       const std::map<SpvOp, uint32_t>& skipped_opcode_count,
100       std::vector<protobufs::IdUseDescriptor>* constant_uses);
101 
102   // Returns a vector of unique words that denote constants. Every such constant
103   // is used in |FactConstantUniform| and has type with id equal to |type_id|.
104   std::vector<std::vector<uint32_t>> GetConstantWordsFromUniformsForType(
105       uint32_t type_id);
106 };
107 
108 }  // namespace fuzz
109 }  // namespace spvtools
110 
111 #endif  // SOURCE_FUZZ_FUZZER_PASS_OBFUSCATE_CONSTANTS_H_
112