1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
// Copyright (c) 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "source/fuzz/fuzzer_pass_replace_loads_stores_with_copy_memories.h"
#include "source/fuzz/fuzzer_util.h"
#include "source/fuzz/instruction_descriptor.h"
#include "source/fuzz/transformation_replace_load_store_with_copy_memory.h"
#include "source/opt/instruction.h"
namespace spvtools {
namespace fuzz {
FuzzerPassReplaceLoadsStoresWithCopyMemories::
FuzzerPassReplaceLoadsStoresWithCopyMemories(
opt::IRContext* ir_context,
TransformationContext* transformation_context,
FuzzerContext* fuzzer_context,
protobufs::TransformationSequence* transformations,
bool ignore_inapplicable_transformations)
: FuzzerPass(ir_context, transformation_context, fuzzer_context,
transformations, ignore_inapplicable_transformations) {}
void FuzzerPassReplaceLoadsStoresWithCopyMemories::Apply() {
// We look for matching pairs of instructions OpLoad and
// OpStore within the same block. Potential instructions OpLoad to be matched
// are stored in a hash map. If we encounter instructions that write to memory
// or instructions of memory barriers that could operate on variables within
// unsafe storage classes we need to erase the hash map to avoid unsafe
// operations.
// A vector of matching OpLoad and OpStore instructions.
std::vector<std::pair<opt::Instruction*, opt::Instruction*>>
op_load_store_pairs;
for (auto& function : *GetIRContext()->module()) {
for (auto& block : function) {
// A hash map storing potential OpLoad instructions.
std::unordered_map<uint32_t, opt::Instruction*> current_op_loads;
for (auto& instruction : block) {
// Add a potential OpLoad instruction.
if (instruction.opcode() == SpvOpLoad) {
current_op_loads[instruction.result_id()] = &instruction;
} else if (instruction.opcode() == SpvOpStore) {
if (current_op_loads.find(instruction.GetSingleWordOperand(1)) !=
current_op_loads.end()) {
// We have found the matching OpLoad instruction to the current
// OpStore instruction.
op_load_store_pairs.push_back(std::make_pair(
current_op_loads[instruction.GetSingleWordOperand(1)],
&instruction));
}
}
if (TransformationReplaceLoadStoreWithCopyMemory::IsMemoryWritingOpCode(
instruction.opcode())) {
current_op_loads.clear();
} else if (TransformationReplaceLoadStoreWithCopyMemory::
IsMemoryBarrierOpCode(instruction.opcode())) {
for (auto it = current_op_loads.begin();
it != current_op_loads.end();) {
// Get the storage class.
opt::Instruction* source_id =
GetIRContext()->get_def_use_mgr()->GetDef(
it->second->GetSingleWordOperand(2));
SpvStorageClass storage_class =
fuzzerutil::GetStorageClassFromPointerType(
GetIRContext(), source_id->type_id());
if (!TransformationReplaceLoadStoreWithCopyMemory::
IsStorageClassSafeAcrossMemoryBarriers(storage_class)) {
it = current_op_loads.erase(it);
} else {
it++;
}
}
}
}
}
}
for (auto instr_pair : op_load_store_pairs) {
// Randomly decide to apply the transformation for the
// potential pairs.
if (!GetFuzzerContext()->ChoosePercentage(
GetFuzzerContext()
->GetChanceOfReplacingLoadStoreWithCopyMemory())) {
ApplyTransformation(TransformationReplaceLoadStoreWithCopyMemory(
MakeInstructionDescriptor(GetIRContext(), instr_pair.first),
MakeInstructionDescriptor(GetIRContext(), instr_pair.second)));
}
}
} // namespace fuzz
} // namespace fuzz
} // namespace spvtools
|