1 //===- RandomIRBuilderTest.cpp - Tests for injector strategy --------------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9
10 #include "llvm/FuzzMutate/RandomIRBuilder.h"
11 #include "llvm/ADT/StringRef.h"
12 #include "llvm/AsmParser/Parser.h"
13 #include "llvm/AsmParser/SlotMapping.h"
14 #include "llvm/FuzzMutate/IRMutator.h"
15 #include "llvm/FuzzMutate/OpDescriptor.h"
16 #include "llvm/FuzzMutate/Operations.h"
17 #include "llvm/IR/Constants.h"
18 #include "llvm/IR/Instructions.h"
19 #include "llvm/IR/LLVMContext.h"
20 #include "llvm/IR/Module.h"
21 #include "llvm/IR/Verifier.h"
22 #include "llvm/Support/SourceMgr.h"
23
24 #include "gtest/gtest.h"
25
26 using namespace llvm;
27
28 static constexpr int Seed = 5;
29
30 namespace {
31
parseAssembly(const char * Assembly,LLVMContext & Context)32 std::unique_ptr<Module> parseAssembly(
33 const char *Assembly, LLVMContext &Context) {
34
35 SMDiagnostic Error;
36 std::unique_ptr<Module> M = parseAssemblyString(Assembly, Error, Context);
37
38 std::string ErrMsg;
39 raw_string_ostream OS(ErrMsg);
40 Error.print("", OS);
41
42 assert(M && !verifyModule(*M, &errs()));
43 return M;
44 }
45
TEST(RandomIRBuilderTest,ShuffleVectorIncorrectOperands)46 TEST(RandomIRBuilderTest, ShuffleVectorIncorrectOperands) {
47 // Test that we don't create load instruction as a source for the shuffle
48 // vector operation.
49
50 LLVMContext Ctx;
51 const char *Source =
52 "define <2 x i32> @test(<2 x i1> %cond, <2 x i32> %a) {\n"
53 " %A = alloca <2 x i32>\n"
54 " %I = insertelement <2 x i32> %a, i32 1, i32 1\n"
55 " ret <2 x i32> undef\n"
56 "}";
57 auto M = parseAssembly(Source, Ctx);
58
59 fuzzerop::OpDescriptor Descr = fuzzerop::shuffleVectorDescriptor(1);
60
61 // Empty known types since we ShuffleVector descriptor doesn't care about them
62 RandomIRBuilder IB(Seed, {});
63
64 // Get first basic block of the first function
65 Function &F = *M->begin();
66 BasicBlock &BB = *F.begin();
67
68 SmallVector<Instruction *, 32> Insts;
69 for (auto I = BB.getFirstInsertionPt(), E = BB.end(); I != E; ++I)
70 Insts.push_back(&*I);
71
72 // Pick first and second sources
73 SmallVector<Value *, 2> Srcs;
74 ASSERT_TRUE(Descr.SourcePreds[0].matches(Srcs, Insts[1]));
75 Srcs.push_back(Insts[1]);
76 ASSERT_TRUE(Descr.SourcePreds[1].matches(Srcs, Insts[1]));
77 Srcs.push_back(Insts[1]);
78
79 // Create new source. Check that it always matches with the descriptor.
80 // Run some iterations to account for random decisions.
81 for (int i = 0; i < 10; ++i) {
82 Value *LastSrc = IB.newSource(BB, Insts, Srcs, Descr.SourcePreds[2]);
83 ASSERT_TRUE(Descr.SourcePreds[2].matches(Srcs, LastSrc));
84 }
85 }
86
TEST(RandomIRBuilderTest,InsertValueIndexes)87 TEST(RandomIRBuilderTest, InsertValueIndexes) {
88 // Check that we will generate correct indexes for the insertvalue operation
89
90 LLVMContext Ctx;
91 const char *Source =
92 "%T = type {i8, i32, i64}\n"
93 "define void @test() {\n"
94 " %A = alloca %T\n"
95 " %L = load %T, %T* %A"
96 " ret void\n"
97 "}";
98 auto M = parseAssembly(Source, Ctx);
99
100 fuzzerop::OpDescriptor IVDescr = fuzzerop::insertValueDescriptor(1);
101
102 std::vector<Type *> Types =
103 {Type::getInt8Ty(Ctx), Type::getInt32Ty(Ctx), Type::getInt64Ty(Ctx)};
104 RandomIRBuilder IB(Seed, Types);
105
106 // Get first basic block of the first function
107 Function &F = *M->begin();
108 BasicBlock &BB = *F.begin();
109
110 // Pick first source
111 Instruction *Src = &*std::next(BB.begin());
112
113 SmallVector<Value *, 2> Srcs(2);
114 ASSERT_TRUE(IVDescr.SourcePreds[0].matches({}, Src));
115 Srcs[0] = Src;
116
117 // Generate constants for each of the types and check that we pick correct
118 // index for the given type
119 for (auto *T: Types) {
120 // Loop to account for possible random decisions
121 for (int i = 0; i < 10; ++i) {
122 // Create value we want to insert. Only it's type matters.
123 Srcs[1] = ConstantInt::get(T, 5);
124
125 // Try to pick correct index
126 Value *Src = IB.findOrCreateSource(
127 BB, &*BB.begin(), Srcs, IVDescr.SourcePreds[2]);
128 ASSERT_TRUE(IVDescr.SourcePreds[2].matches(Srcs, Src));
129 }
130 }
131 }
132
TEST(RandomIRBuilderTest,ShuffleVectorSink)133 TEST(RandomIRBuilderTest, ShuffleVectorSink) {
134 // Check that we will never use shuffle vector mask as a sink form the
135 // unrelated operation.
136
137 LLVMContext Ctx;
138 const char *SourceCode =
139 "define void @test(<4 x i32> %a) {\n"
140 " %S1 = shufflevector <4 x i32> %a, <4 x i32> %a, <4 x i32> undef\n"
141 " %S2 = shufflevector <4 x i32> %a, <4 x i32> %a, <4 x i32> undef\n"
142 " ret void\n"
143 "}";
144 auto M = parseAssembly(SourceCode, Ctx);
145
146 fuzzerop::OpDescriptor IVDescr = fuzzerop::insertValueDescriptor(1);
147
148 RandomIRBuilder IB(Seed, {});
149
150 // Get first basic block of the first function
151 Function &F = *M->begin();
152 BasicBlock &BB = *F.begin();
153
154 // Source is %S1
155 Instruction *Source = &*BB.begin();
156 // Sink is %S2
157 SmallVector<Instruction *, 1> Sinks = {&*std::next(BB.begin())};
158
159 // Loop to account for random decisions
160 for (int i = 0; i < 10; ++i) {
161 // Try to connect S1 to S2. We should always create new sink.
162 IB.connectToSink(BB, Sinks, Source);
163 ASSERT_TRUE(!verifyModule(*M, &errs()));
164 }
165 }
166
TEST(RandomIRBuilderTest,InsertValueArray)167 TEST(RandomIRBuilderTest, InsertValueArray) {
168 // Check that we can generate insertvalue for the vector operations
169
170 LLVMContext Ctx;
171 const char *SourceCode =
172 "define void @test() {\n"
173 " %A = alloca [8 x i32]\n"
174 " %L = load [8 x i32], [8 x i32]* %A"
175 " ret void\n"
176 "}";
177 auto M = parseAssembly(SourceCode, Ctx);
178
179 fuzzerop::OpDescriptor Descr = fuzzerop::insertValueDescriptor(1);
180
181 std::vector<Type *> Types =
182 {Type::getInt8Ty(Ctx), Type::getInt32Ty(Ctx), Type::getInt64Ty(Ctx)};
183 RandomIRBuilder IB(Seed, Types);
184
185 // Get first basic block of the first function
186 Function &F = *M->begin();
187 BasicBlock &BB = *F.begin();
188
189 // Pick first source
190 Instruction *Source = &*std::next(BB.begin());
191 ASSERT_TRUE(Descr.SourcePreds[0].matches({}, Source));
192
193 SmallVector<Value *, 2> Srcs(2);
194
195 // Check that we can always pick the last two operands.
196 for (int i = 0; i < 10; ++i) {
197 Srcs[0] = Source;
198 Srcs[1] = IB.findOrCreateSource(BB, {Source}, Srcs, Descr.SourcePreds[1]);
199 IB.findOrCreateSource(BB, {}, Srcs, Descr.SourcePreds[2]);
200 }
201 }
202
TEST(RandomIRBuilderTest,Invokes)203 TEST(RandomIRBuilderTest, Invokes) {
204 // Check that we never generate load or store after invoke instruction
205
206 LLVMContext Ctx;
207 const char *SourceCode =
208 "declare i32* @f()"
209 "declare i32 @personality_function()"
210 "define i32* @test() personality i32 ()* @personality_function {\n"
211 "entry:\n"
212 " %val = invoke i32* @f()\n"
213 " to label %normal unwind label %exceptional\n"
214 "normal:\n"
215 " ret i32* %val\n"
216 "exceptional:\n"
217 " %landing_pad4 = landingpad token cleanup\n"
218 " ret i32* undef\n"
219 "}";
220 auto M = parseAssembly(SourceCode, Ctx);
221
222
223 std::vector<Type *> Types = {Type::getInt8Ty(Ctx)};
224 RandomIRBuilder IB(Seed, Types);
225
226 // Get first basic block of the test function
227 Function &F = *M->getFunction("test");
228 BasicBlock &BB = *F.begin();
229
230 Instruction *Invoke = &*BB.begin();
231
232 // Find source but never insert new load after invoke
233 for (int i = 0; i < 10; ++i) {
234 (void)IB.findOrCreateSource(BB, {Invoke}, {}, fuzzerop::anyIntType());
235 ASSERT_TRUE(!verifyModule(*M, &errs()));
236 }
237 }
238
TEST(RandomIRBuilderTest,FirstClassTypes)239 TEST(RandomIRBuilderTest, FirstClassTypes) {
240 // Check that we never insert new source as a load from non first class
241 // or unsized type.
242
243 LLVMContext Ctx;
244 const char *SourceCode = "%Opaque = type opaque\n"
245 "define void @test(i8* %ptr) {\n"
246 "entry:\n"
247 " %tmp = bitcast i8* %ptr to i32* (i32*)*\n"
248 " %tmp1 = bitcast i8* %ptr to %Opaque*\n"
249 " ret void\n"
250 "}";
251 auto M = parseAssembly(SourceCode, Ctx);
252
253 std::vector<Type *> Types = {Type::getInt8Ty(Ctx)};
254 RandomIRBuilder IB(Seed, Types);
255
256 Function &F = *M->getFunction("test");
257 BasicBlock &BB = *F.begin();
258 // Non first class type
259 Instruction *FuncPtr = &*BB.begin();
260 // Unsized type
261 Instruction *OpaquePtr = &*std::next(BB.begin());
262
263 for (int i = 0; i < 10; ++i) {
264 Value *V = IB.findOrCreateSource(BB, {FuncPtr, OpaquePtr});
265 ASSERT_FALSE(isa<LoadInst>(V));
266 }
267 }
268
TEST(RandomIRBuilderTest,SwiftError)269 TEST(RandomIRBuilderTest, SwiftError) {
270 // Check that we never pick swifterror value as a source for operation
271 // other than load, store and call.
272
273 LLVMContext Ctx;
274 const char *SourceCode = "declare void @use(i8** swifterror %err)"
275 "define void @test() {\n"
276 "entry:\n"
277 " %err = alloca swifterror i8*, align 8\n"
278 " call void @use(i8** swifterror %err)\n"
279 " ret void\n"
280 "}";
281 auto M = parseAssembly(SourceCode, Ctx);
282
283 std::vector<Type *> Types = {Type::getInt8Ty(Ctx)};
284 RandomIRBuilder IB(Seed, Types);
285
286 // Get first basic block of the test function
287 Function &F = *M->getFunction("test");
288 BasicBlock &BB = *F.begin();
289 Instruction *Alloca = &*BB.begin();
290
291 fuzzerop::OpDescriptor Descr = fuzzerop::gepDescriptor(1);
292
293 for (int i = 0; i < 10; ++i) {
294 Value *V = IB.findOrCreateSource(BB, {Alloca}, {}, Descr.SourcePreds[0]);
295 ASSERT_FALSE(isa<AllocaInst>(V));
296 }
297 }
298
299 }
300