source/fuzz/transformation_composite_insert.cpp - external/github.com/KhronosGroup/SPIRV-Tools - Git at Google

 // Copyright (c) 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 #include "transformation_composite_insert.h"

 #include "source/fuzz/fuzzer_util.h"
 #include "source/fuzz/instruction_descriptor.h"

 namespace spvtools {
 namespace fuzz {

 TransformationCompositeInsert::TransformationCompositeInsert(
     protobufs::TransformationCompositeInsert message)
     : message_(std::move(message)) {}

 TransformationCompositeInsert::TransformationCompositeInsert(
     const protobufs::InstructionDescriptor& instruction_to_insert_before,
     uint32_t fresh_id, uint32_t composite_id, uint32_t object_id,
     const std::vector<uint32_t>& index) {
   *message_.mutable_instruction_to_insert_before() =
       instruction_to_insert_before;
   message_.set_fresh_id(fresh_id);
   message_.set_composite_id(composite_id);
   message_.set_object_id(object_id);
   for (auto an_index : index) {
     message_.add_index(an_index);
   }
 }

 bool TransformationCompositeInsert::IsApplicable(
     opt::IRContext* ir_context, const TransformationContext& /*unused*/) const {
   // |message_.fresh_id| must be fresh.
   if (!fuzzerutil::IsFreshId(ir_context, message_.fresh_id())) {
     return false;
   }

   // |message_.composite_id| must refer to an existing composite value.
   auto composite =
       ir_context->get_def_use_mgr()->GetDef(message_.composite_id());

   if (!IsCompositeInstructionSupported(ir_context, composite)) {
     return false;
   }

   // The indices in |message_.index| must be suitable for indexing into
   // |composite->type_id()|.
   auto component_to_be_replaced_type_id = fuzzerutil::WalkCompositeTypeIndices(
       ir_context, composite->type_id(), message_.index());
   if (component_to_be_replaced_type_id == 0) {
     return false;
   }

   // The instruction having the id of |message_.object_id| must be defined.
   auto object_instruction =
       ir_context->get_def_use_mgr()->GetDef(message_.object_id());
   if (object_instruction == nullptr || object_instruction->type_id() == 0) {
     return false;
   }

   // We ignore pointers for now.
   auto object_instruction_type =
       ir_context->get_type_mgr()->GetType(object_instruction->type_id());
   if (object_instruction_type->AsPointer() != nullptr) {
     return false;
   }

   // The type id of the object having |message_.object_id| and the type id of
   // the component of the composite at index |message_.index| must be the same.
   if (component_to_be_replaced_type_id != object_instruction->type_id()) {
     return false;
   }

   // |message_.instruction_to_insert_before| must be a defined instruction.
   auto instruction_to_insert_before =
       FindInstruction(message_.instruction_to_insert_before(), ir_context);
   if (instruction_to_insert_before == nullptr) {
     return false;
   }

   // |message_.composite_id| and |message_.object_id| must be available before
   // the |message_.instruction_to_insert_before|.
   if (!fuzzerutil::IdIsAvailableBeforeInstruction(
           ir_context, instruction_to_insert_before, message_.composite_id())) {
     return false;
   }
   if (!fuzzerutil::IdIsAvailableBeforeInstruction(
           ir_context, instruction_to_insert_before, message_.object_id())) {
     return false;
   }

   // It must be possible to insert an OpCompositeInsert before this
   // instruction.
   return fuzzerutil::CanInsertOpcodeBeforeInstruction(
       SpvOpCompositeInsert, instruction_to_insert_before);
 }

 void TransformationCompositeInsert::Apply(
     opt::IRContext* ir_context,
     TransformationContext* transformation_context) const {
   // |message_.struct_fresh_id| must be fresh.
   assert(fuzzerutil::IsFreshId(ir_context, message_.fresh_id()) &&
          "|message_.fresh_id| must be fresh");

   std::vector<uint32_t> index =
       fuzzerutil::RepeatedFieldToVector(message_.index());
   opt::Instruction::OperandList in_operands;
   in_operands.push_back({SPV_OPERAND_TYPE_ID, {message_.object_id()}});
   in_operands.push_back({SPV_OPERAND_TYPE_ID, {message_.composite_id()}});
   for (auto i : index) {
     in_operands.push_back({SPV_OPERAND_TYPE_LITERAL_INTEGER, {i}});
   }
   auto composite_type_id =
       fuzzerutil::GetTypeId(ir_context, message_.composite_id());

   auto insert_before =
       FindInstruction(message_.instruction_to_insert_before(), ir_context);
   auto new_instruction = MakeUnique<opt::Instruction>(
       ir_context, SpvOpCompositeInsert, composite_type_id, message_.fresh_id(),
       std::move(in_operands));
   auto new_instruction_ptr = new_instruction.get();
   insert_before->InsertBefore(std::move(new_instruction));

   fuzzerutil::UpdateModuleIdBound(ir_context, message_.fresh_id());

   // Inform the def-use manager about the new instruction and record its basic
   // block.
   ir_context->get_def_use_mgr()->AnalyzeInstDefUse(new_instruction_ptr);
   ir_context->set_instr_block(new_instruction_ptr,
                               ir_context->get_instr_block(insert_before));

   // Add data synonym facts that arise from the insertion.
   AddDataSynonymFacts(ir_context, transformation_context);
 }

 protobufs::Transformation TransformationCompositeInsert::ToMessage() const {
   protobufs::Transformation result;
   *result.mutable_composite_insert() = message_;
   return result;
 }

 bool TransformationCompositeInsert::IsCompositeInstructionSupported(
     opt::IRContext* ir_context, opt::Instruction* instruction) {
   if (instruction == nullptr) {
     return false;
   }
   if (instruction->result_id() == 0 || instruction->type_id() == 0) {
     return false;
   }
   auto composite_type =
       ir_context->get_type_mgr()->GetType(instruction->type_id());
   if (!fuzzerutil::IsCompositeType(composite_type)) {
     return false;
   }

   // Empty composites are not supported.
   auto instruction_type_inst =
       ir_context->get_def_use_mgr()->GetDef(instruction->type_id());
   if (fuzzerutil::GetBoundForCompositeIndex(*instruction_type_inst,
                                             ir_context) == 0) {
     return false;
   }
   return true;
 }

 std::unordered_set<uint32_t> TransformationCompositeInsert::GetFreshIds()
     const {
   return {message_.fresh_id()};
 }

 void TransformationCompositeInsert::AddDataSynonymFacts(
     opt::IRContext* ir_context,
     TransformationContext* transformation_context) const {
   // If the result id arising from the insertion is irrelevant then do not add
   // any data synonym facts.  (The result id can be irrelevant if the insertion
   // occurs in a dead block.)
   if (transformation_context->GetFactManager()->IdIsIrrelevant(
           message_.fresh_id())) {
     return;
   }

   // So long as the |message_.composite_id| is suitable for participating in
   // synonyms, every every element of the insertion result except for at the
   // index being inserted into is synonymous with the corresponding element of
   // |message_.composite_id|.  In that case, for every index that is a prefix of
   // |index|, the components different from the one that contains the inserted
   // object are synonymous with corresponding elements in the original
   // composite.
   uint32_t current_node_type_id =
       fuzzerutil::GetTypeId(ir_context, message_.composite_id());
   std::vector<uint32_t> current_index;

   std::vector<uint32_t> index =
       fuzzerutil::RepeatedFieldToVector(message_.index());

   for (uint32_t current_level : index) {
     auto current_node_type_inst =
         ir_context->get_def_use_mgr()->GetDef(current_node_type_id);
     uint32_t index_to_skip = current_level;
     uint32_t num_of_components = fuzzerutil::GetBoundForCompositeIndex(
         *current_node_type_inst, ir_context);

     // Update the current_node_type_id.
     current_node_type_id = fuzzerutil::WalkOneCompositeTypeIndex(
         ir_context, current_node_type_id, index_to_skip);

     for (uint32_t i = 0; i < num_of_components; i++) {
       if (i == index_to_skip) {
         continue;
       }
       current_index.push_back(i);
       if (fuzzerutil::CanMakeSynonymOf(ir_context, *transformation_context,
                                        *ir_context->get_def_use_mgr()->GetDef(
                                            message_.composite_id()))) {
         transformation_context->GetFactManager()->AddFactDataSynonym(
             MakeDataDescriptor(message_.fresh_id(), current_index),
             MakeDataDescriptor(message_.composite_id(), current_index));
       }
       current_index.pop_back();
     }
     // Store the prefix of the |index|.
     current_index.push_back(current_level);
   }
   // If the object being inserted supports synonym creation then it is
   // synonymous with the result of the insert instruction at the given index.
   if (fuzzerutil::CanMakeSynonymOf(
           ir_context, *transformation_context,
           *ir_context->get_def_use_mgr()->GetDef(message_.object_id()))) {
     transformation_context->GetFactManager()->AddFactDataSynonym(
         MakeDataDescriptor(message_.object_id(), {}),
         MakeDataDescriptor(message_.fresh_id(), index));
   }
 }

 }  // namespace fuzz
 }  // namespace spvtools
	// Copyright (c) 2020 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	#include "transformation_composite_insert.h"

	#include "source/fuzz/fuzzer_util.h"
	#include "source/fuzz/instruction_descriptor.h"

	namespace spvtools {
	namespace fuzz {

	TransformationCompositeInsert::TransformationCompositeInsert(
	protobufs::TransformationCompositeInsert message)
	: message_(std::move(message)) {}

	TransformationCompositeInsert::TransformationCompositeInsert(
	const protobufs::InstructionDescriptor& instruction_to_insert_before,
	uint32_t fresh_id, uint32_t composite_id, uint32_t object_id,
	const std::vector<uint32_t>& index) {
	*message_.mutable_instruction_to_insert_before() =
	instruction_to_insert_before;
	message_.set_fresh_id(fresh_id);
	message_.set_composite_id(composite_id);
	message_.set_object_id(object_id);
	for (auto an_index : index) {
	message_.add_index(an_index);
	}
	}

	bool TransformationCompositeInsert::IsApplicable(
	opt::IRContext* ir_context, const TransformationContext& /unused/) const {
	// \|message_.fresh_id\| must be fresh.
	if (!fuzzerutil::IsFreshId(ir_context, message_.fresh_id())) {
	return false;
	}

	// \|message_.composite_id\| must refer to an existing composite value.
	auto composite =
	ir_context->get_def_use_mgr()->GetDef(message_.composite_id());

	if (!IsCompositeInstructionSupported(ir_context, composite)) {
	return false;
	}

	// The indices in \|message_.index\| must be suitable for indexing into
	// \|composite->type_id()\|.
	auto component_to_be_replaced_type_id = fuzzerutil::WalkCompositeTypeIndices(
	ir_context, composite->type_id(), message_.index());
	if (component_to_be_replaced_type_id == 0) {
	return false;
	}

	// The instruction having the id of \|message_.object_id\| must be defined.
	auto object_instruction =
	ir_context->get_def_use_mgr()->GetDef(message_.object_id());
	if (object_instruction == nullptr \|\| object_instruction->type_id() == 0) {
	return false;
	}

	// We ignore pointers for now.
	auto object_instruction_type =
	ir_context->get_type_mgr()->GetType(object_instruction->type_id());
	if (object_instruction_type->AsPointer() != nullptr) {
	return false;
	}

	// The type id of the object having \|message_.object_id\| and the type id of
	// the component of the composite at index \|message_.index\| must be the same.
	if (component_to_be_replaced_type_id != object_instruction->type_id()) {
	return false;
	}

	// \|message_.instruction_to_insert_before\| must be a defined instruction.
	auto instruction_to_insert_before =
	FindInstruction(message_.instruction_to_insert_before(), ir_context);
	if (instruction_to_insert_before == nullptr) {
	return false;
	}

	// \|message_.composite_id\| and \|message_.object_id\| must be available before
	// the \|message_.instruction_to_insert_before\|.
	if (!fuzzerutil::IdIsAvailableBeforeInstruction(
	ir_context, instruction_to_insert_before, message_.composite_id())) {
	return false;
	}
	if (!fuzzerutil::IdIsAvailableBeforeInstruction(
	ir_context, instruction_to_insert_before, message_.object_id())) {
	return false;
	}

	// It must be possible to insert an OpCompositeInsert before this
	// instruction.
	return fuzzerutil::CanInsertOpcodeBeforeInstruction(
	SpvOpCompositeInsert, instruction_to_insert_before);
	}

	void TransformationCompositeInsert::Apply(
	opt::IRContext* ir_context,
	TransformationContext* transformation_context) const {
	// \|message_.struct_fresh_id\| must be fresh.
	assert(fuzzerutil::IsFreshId(ir_context, message_.fresh_id()) &&
	"\|message_.fresh_id\| must be fresh");

	std::vector<uint32_t> index =
	fuzzerutil::RepeatedFieldToVector(message_.index());
	opt::Instruction::OperandList in_operands;
	in_operands.push_back({SPV_OPERAND_TYPE_ID, {message_.object_id()}});
	in_operands.push_back({SPV_OPERAND_TYPE_ID, {message_.composite_id()}});
	for (auto i : index) {
	in_operands.push_back({SPV_OPERAND_TYPE_LITERAL_INTEGER, {i}});
	}
	auto composite_type_id =
	fuzzerutil::GetTypeId(ir_context, message_.composite_id());

	auto insert_before =
	FindInstruction(message_.instruction_to_insert_before(), ir_context);
	auto new_instruction = MakeUnique<opt::Instruction>(
	ir_context, SpvOpCompositeInsert, composite_type_id, message_.fresh_id(),
	std::move(in_operands));
	auto new_instruction_ptr = new_instruction.get();
	insert_before->InsertBefore(std::move(new_instruction));

	fuzzerutil::UpdateModuleIdBound(ir_context, message_.fresh_id());

	// Inform the def-use manager about the new instruction and record its basic
	// block.
	ir_context->get_def_use_mgr()->AnalyzeInstDefUse(new_instruction_ptr);
	ir_context->set_instr_block(new_instruction_ptr,
	ir_context->get_instr_block(insert_before));

	// Add data synonym facts that arise from the insertion.
	AddDataSynonymFacts(ir_context, transformation_context);
	}

	protobufs::Transformation TransformationCompositeInsert::ToMessage() const {
	protobufs::Transformation result;
	*result.mutable_composite_insert() = message_;
	return result;
	}

	bool TransformationCompositeInsert::IsCompositeInstructionSupported(
	opt::IRContext* ir_context, opt::Instruction* instruction) {
	if (instruction == nullptr) {
	return false;
	}
	if (instruction->result_id() == 0 \|\| instruction->type_id() == 0) {
	return false;
	}
	auto composite_type =
	ir_context->get_type_mgr()->GetType(instruction->type_id());
	if (!fuzzerutil::IsCompositeType(composite_type)) {
	return false;
	}

	// Empty composites are not supported.
	auto instruction_type_inst =
	ir_context->get_def_use_mgr()->GetDef(instruction->type_id());
	if (fuzzerutil::GetBoundForCompositeIndex(*instruction_type_inst,
	ir_context) == 0) {
	return false;
	}
	return true;
	}

	std::unordered_set<uint32_t> TransformationCompositeInsert::GetFreshIds()
	const {
	return {message_.fresh_id()};
	}

	void TransformationCompositeInsert::AddDataSynonymFacts(
	opt::IRContext* ir_context,
	TransformationContext* transformation_context) const {
	// If the result id arising from the insertion is irrelevant then do not add
	// any data synonym facts. (The result id can be irrelevant if the insertion
	// occurs in a dead block.)
	if (transformation_context->GetFactManager()->IdIsIrrelevant(
	message_.fresh_id())) {
	return;
	}

	// So long as the \|message_.composite_id\| is suitable for participating in
	// synonyms, every every element of the insertion result except for at the
	// index being inserted into is synonymous with the corresponding element of
	// \|message_.composite_id\|. In that case, for every index that is a prefix of
	// \|index\|, the components different from the one that contains the inserted
	// object are synonymous with corresponding elements in the original
	// composite.
	uint32_t current_node_type_id =
	fuzzerutil::GetTypeId(ir_context, message_.composite_id());
	std::vector<uint32_t> current_index;

	std::vector<uint32_t> index =
	fuzzerutil::RepeatedFieldToVector(message_.index());

	for (uint32_t current_level : index) {
	auto current_node_type_inst =
	ir_context->get_def_use_mgr()->GetDef(current_node_type_id);
	uint32_t index_to_skip = current_level;
	uint32_t num_of_components = fuzzerutil::GetBoundForCompositeIndex(
	*current_node_type_inst, ir_context);

	// Update the current_node_type_id.
	current_node_type_id = fuzzerutil::WalkOneCompositeTypeIndex(
	ir_context, current_node_type_id, index_to_skip);

	for (uint32_t i = 0; i < num_of_components; i++) {
	if (i == index_to_skip) {
	continue;
	}
	current_index.push_back(i);
	if (fuzzerutil::CanMakeSynonymOf(ir_context, *transformation_context,
	*ir_context->get_def_use_mgr()->GetDef(
	message_.composite_id()))) {
	transformation_context->GetFactManager()->AddFactDataSynonym(
	MakeDataDescriptor(message_.fresh_id(), current_index),
	MakeDataDescriptor(message_.composite_id(), current_index));
	}
	current_index.pop_back();
	}
	// Store the prefix of the \|index\|.
	current_index.push_back(current_level);
	}
	// If the object being inserted supports synonym creation then it is
	// synonymous with the result of the insert instruction at the given index.
	if (fuzzerutil::CanMakeSynonymOf(
	ir_context, *transformation_context,
	*ir_context->get_def_use_mgr()->GetDef(message_.object_id()))) {
	transformation_context->GetFactManager()->AddFactDataSynonym(
	MakeDataDescriptor(message_.object_id(), {}),
	MakeDataDescriptor(message_.fresh_id(), index));
	}
	}

	} // namespace fuzz
	} // namespace spvtools