• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef SOURCE_FUZZ_FUZZER_PASS_DONATE_MODULES_H_
16 #define SOURCE_FUZZ_FUZZER_PASS_DONATE_MODULES_H_
17 
18 #include <vector>
19 
20 #include "source/fuzz/fuzzer_pass.h"
21 #include "source/fuzz/fuzzer_util.h"
22 
23 namespace spvtools {
24 namespace fuzz {
25 
26 // A fuzzer pass that randomly adds code from other SPIR-V modules to the module
27 // being transformed.
28 class FuzzerPassDonateModules : public FuzzerPass {
29  public:
30   FuzzerPassDonateModules(
31       opt::IRContext* ir_context, FactManager* fact_manager,
32       FuzzerContext* fuzzer_context,
33       protobufs::TransformationSequence* transformations,
34       const std::vector<fuzzerutil::ModuleSupplier>& donor_suppliers);
35 
36   ~FuzzerPassDonateModules();
37 
38   void Apply() override;
39 
40   // Donates the global declarations and functions of |donor_ir_context| into
41   // the fuzzer pass's IR context.  |make_livesafe| dictates whether the
42   // functions of the donated module will be made livesafe (see
43   // FactFunctionIsLivesafe).
44   void DonateSingleModule(opt::IRContext* donor_ir_context, bool make_livesafe);
45 
46  private:
47   // Adapts a storage class coming from a donor module so that it will work
48   // in a recipient module, e.g. by changing Uniform to Private.
49   static SpvStorageClass AdaptStorageClass(SpvStorageClass donor_storage_class);
50 
51   // Identifies all external instruction set imports in |donor_ir_context| and
52   // populates |original_id_to_donated_id| with a mapping from the donor's id
53   // for such an import to a corresponding import in the recipient.  Aborts if
54   // no such corresponding import is available.
55   void HandleExternalInstructionImports(
56       opt::IRContext* donor_ir_context,
57       std::map<uint32_t, uint32_t>* original_id_to_donated_id);
58 
59   // Considers all types, globals, constants and undefs in |donor_ir_context|.
60   // For each instruction, uses |original_to_donated_id| to map its result id to
61   // either (1) the id of an existing identical instruction in the recipient, or
62   // (2) to a fresh id, in which case the instruction is also added to the
63   // recipient (with any operand ids that it uses being remapped via
64   // |original_id_to_donated_id|).
65   void HandleTypesAndValues(
66       opt::IRContext* donor_ir_context,
67       std::map<uint32_t, uint32_t>* original_id_to_donated_id);
68 
69   // Assumes that |donor_ir_context| does not exhibit recursion.  Considers the
70   // functions in |donor_ir_context|'s call graph in a reverse-topologically-
71   // sorted order (leaves-to-root), adding each function to the recipient
72   // module, rewritten to use fresh ids and using |original_id_to_donated_id| to
73   // remap ids.  The |make_livesafe| argument captures whether the functions in
74   // the module are required to be made livesafe before being added to the
75   // recipient.
76   void HandleFunctions(opt::IRContext* donor_ir_context,
77                        std::map<uint32_t, uint32_t>* original_id_to_donated_id,
78                        bool make_livesafe);
79 
80   // Returns the ids of all functions in |context| in a topological order in
81   // relation to the call graph of |context|, which is assumed to be recursion-
82   // free.
83   static std::vector<uint32_t> GetFunctionsInCallGraphTopologicalOrder(
84       opt::IRContext* context);
85 
86   // Functions that supply SPIR-V modules
87   std::vector<fuzzerutil::ModuleSupplier> donor_suppliers_;
88 };
89 
90 }  // namespace fuzz
91 }  // namespace spvtools
92 
93 #endif  // SOURCE_FUZZ_FUZZER_PASS_DONATE_MODULES_H_
94