1 // Copyright (c) 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "source/fuzz/fuzzer_pass_add_dead_continues.h"
16
17 #include "source/fuzz/fuzzer_util.h"
18 #include "source/fuzz/transformation_add_dead_continue.h"
19 #include "source/opt/ir_context.h"
20
21 namespace spvtools {
22 namespace fuzz {
23
FuzzerPassAddDeadContinues(opt::IRContext * ir_context,TransformationContext * transformation_context,FuzzerContext * fuzzer_context,protobufs::TransformationSequence * transformations,bool ignore_inapplicable_transformations)24 FuzzerPassAddDeadContinues::FuzzerPassAddDeadContinues(
25 opt::IRContext* ir_context, TransformationContext* transformation_context,
26 FuzzerContext* fuzzer_context,
27 protobufs::TransformationSequence* transformations,
28 bool ignore_inapplicable_transformations)
29 : FuzzerPass(ir_context, transformation_context, fuzzer_context,
30 transformations, ignore_inapplicable_transformations) {}
31
Apply()32 void FuzzerPassAddDeadContinues::Apply() {
33 // Consider every block in every function.
34 for (auto& function : *GetIRContext()->module()) {
35 for (auto& block : function) {
36 // Get the label id of the continue target of the innermost loop.
37 auto continue_block_id =
38 block.IsLoopHeader()
39 ? block.ContinueBlockId()
40 : GetIRContext()->GetStructuredCFGAnalysis()->LoopContinueBlock(
41 block.id());
42
43 // This transformation is not applicable if current block is not inside a
44 // loop.
45 if (continue_block_id == 0) {
46 continue;
47 }
48
49 auto* continue_block =
50 fuzzerutil::MaybeFindBlock(GetIRContext(), continue_block_id);
51 assert(continue_block && "Continue block is null");
52
53 // Analyze return type of each OpPhi instruction in the continue target
54 // and provide an id for the transformation if needed.
55 std::vector<uint32_t> phi_ids;
56 // Check whether current block has an edge to the continue target.
57 // If this is the case, we don't need to do anything.
58 if (!block.IsSuccessor(continue_block)) {
59 continue_block->ForEachPhiInst([this, &phi_ids](opt::Instruction* phi) {
60 // Add an additional operand for OpPhi instruction. Use a constant
61 // if possible, and an undef otherwise.
62 if (fuzzerutil::CanCreateConstant(GetIRContext(), phi->type_id())) {
63 // We mark the constant as irrelevant so that we can replace it with
64 // a more interesting value later.
65 phi_ids.push_back(FindOrCreateZeroConstant(phi->type_id(), true));
66 } else {
67 phi_ids.push_back(FindOrCreateGlobalUndef(phi->type_id()));
68 }
69 });
70 }
71
72 // Make sure the module contains a boolean constant equal to
73 // |condition_value|.
74 bool condition_value = GetFuzzerContext()->ChooseEven();
75 FindOrCreateBoolConstant(condition_value, false);
76
77 // Make a transformation to add a dead continue from this node; if the
78 // node turns out to be inappropriate (e.g. by not being in a loop) the
79 // precondition for the transformation will fail and it will be ignored.
80 auto candidate_transformation = TransformationAddDeadContinue(
81 block.id(), condition_value, std::move(phi_ids));
82 // Probabilistically decide whether to apply the transformation in the
83 // case that it is applicable.
84 if (GetFuzzerContext()->ChoosePercentage(
85 GetFuzzerContext()->GetChanceOfAddingDeadContinue())) {
86 MaybeApplyTransformation(candidate_transformation);
87 }
88 }
89 }
90 }
91
92 } // namespace fuzz
93 } // namespace spvtools
94