• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include "source/fuzz/fuzzer_pass_adjust_memory_operands_masks.h"
16 
17 #include "source/fuzz/instruction_descriptor.h"
18 #include "source/fuzz/transformation_set_memory_operands_mask.h"
19 
20 namespace spvtools {
21 namespace fuzz {
22 
FuzzerPassAdjustMemoryOperandsMasks(opt::IRContext * ir_context,TransformationContext * transformation_context,FuzzerContext * fuzzer_context,protobufs::TransformationSequence * transformations,bool ignore_inapplicable_transformations)23 FuzzerPassAdjustMemoryOperandsMasks::FuzzerPassAdjustMemoryOperandsMasks(
24     opt::IRContext* ir_context, TransformationContext* transformation_context,
25     FuzzerContext* fuzzer_context,
26     protobufs::TransformationSequence* transformations,
27     bool ignore_inapplicable_transformations)
28     : FuzzerPass(ir_context, transformation_context, fuzzer_context,
29                  transformations, ignore_inapplicable_transformations) {}
30 
Apply()31 void FuzzerPassAdjustMemoryOperandsMasks::Apply() {
32   // Consider every block in every function.
33   for (auto& function : *GetIRContext()->module()) {
34     for (auto& block : function) {
35       // Consider every instruction in this block, using an explicit iterator so
36       // that when we find an instruction of interest we can search backwards to
37       // create an id descriptor for it.
38       for (auto inst_it = block.cbegin(); inst_it != block.cend(); ++inst_it) {
39         if (!TransformationSetMemoryOperandsMask::IsMemoryAccess(*inst_it)) {
40           // We are only interested in memory access instructions.
41           continue;
42         }
43 
44         std::vector<uint32_t> indices_of_available_masks_to_adjust;
45         // All memory instructions have at least one memory operands mask.
46         indices_of_available_masks_to_adjust.push_back(0);
47         // From SPIR-V 1.4 onwards, OpCopyMemory and OpCopyMemorySized have a
48         // second mask.
49         switch (inst_it->opcode()) {
50           case spv::Op::OpCopyMemory:
51           case spv::Op::OpCopyMemorySized:
52             if (TransformationSetMemoryOperandsMask::
53                     MultipleMemoryOperandMasksAreSupported(GetIRContext())) {
54               indices_of_available_masks_to_adjust.push_back(1);
55             }
56             break;
57           default:
58             break;
59         }
60 
61         // Consider the available masks
62         for (auto mask_index : indices_of_available_masks_to_adjust) {
63           // Randomly decide whether to adjust this mask.
64           if (!GetFuzzerContext()->ChoosePercentage(
65                   GetFuzzerContext()
66                       ->GetChanceOfAdjustingMemoryOperandsMask())) {
67             continue;
68           }
69           // Get the existing mask, using None if there was no mask present at
70           // all.
71           auto existing_mask_in_operand_index =
72               TransformationSetMemoryOperandsMask::GetInOperandIndexForMask(
73                   *inst_it, mask_index);
74           auto existing_mask =
75               existing_mask_in_operand_index < inst_it->NumInOperands()
76                   ? inst_it->GetSingleWordInOperand(
77                         existing_mask_in_operand_index)
78                   : static_cast<uint32_t>(spv::MemoryAccessMask::MaskNone);
79 
80           // There are two things we can do to a mask:
81           // - add Volatile if not already present
82           // - toggle Nontemporal
83           // The following ensures that we do at least one of these
84           bool add_volatile =
85               !(existing_mask & uint32_t(spv::MemoryAccessMask::Volatile)) &&
86               GetFuzzerContext()->ChooseEven();
87           bool toggle_nontemporal =
88               !add_volatile || GetFuzzerContext()->ChooseEven();
89 
90           // These bitwise operations use '|' to add Volatile if desired, and
91           // '^' to toggle Nontemporal if desired.
92           uint32_t new_mask =
93               (existing_mask |
94                (add_volatile ? uint32_t(spv::MemoryAccessMask::Volatile)
95                              : uint32_t(spv::MemoryAccessMask::MaskNone))) ^
96               (toggle_nontemporal ? uint32_t(spv::MemoryAccessMask::Nontemporal)
97                                   : uint32_t(spv::MemoryAccessMask::MaskNone));
98 
99           TransformationSetMemoryOperandsMask transformation(
100               MakeInstructionDescriptor(block, inst_it), new_mask, mask_index);
101           ApplyTransformation(transformation);
102         }
103       }
104     }
105   }
106 }
107 
108 }  // namespace fuzz
109 }  // namespace spvtools
110