You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
299 lines
9.2 KiB
299 lines
9.2 KiB
//===- RandomIRBuilderTest.cpp - Tests for injector strategy --------------===//
|
|
//
|
|
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
|
|
// See https://llvm.org/LICENSE.txt for license information.
|
|
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
|
//
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
#include "llvm/FuzzMutate/RandomIRBuilder.h"
|
|
#include "llvm/ADT/StringRef.h"
|
|
#include "llvm/AsmParser/Parser.h"
|
|
#include "llvm/AsmParser/SlotMapping.h"
|
|
#include "llvm/FuzzMutate/IRMutator.h"
|
|
#include "llvm/FuzzMutate/OpDescriptor.h"
|
|
#include "llvm/FuzzMutate/Operations.h"
|
|
#include "llvm/IR/Constants.h"
|
|
#include "llvm/IR/Instructions.h"
|
|
#include "llvm/IR/LLVMContext.h"
|
|
#include "llvm/IR/Module.h"
|
|
#include "llvm/IR/Verifier.h"
|
|
#include "llvm/Support/SourceMgr.h"
|
|
|
|
#include "gtest/gtest.h"
|
|
|
|
using namespace llvm;
|
|
|
|
static constexpr int Seed = 5;
|
|
|
|
namespace {
|
|
|
|
std::unique_ptr<Module> parseAssembly(
|
|
const char *Assembly, LLVMContext &Context) {
|
|
|
|
SMDiagnostic Error;
|
|
std::unique_ptr<Module> M = parseAssemblyString(Assembly, Error, Context);
|
|
|
|
std::string ErrMsg;
|
|
raw_string_ostream OS(ErrMsg);
|
|
Error.print("", OS);
|
|
|
|
assert(M && !verifyModule(*M, &errs()));
|
|
return M;
|
|
}
|
|
|
|
TEST(RandomIRBuilderTest, ShuffleVectorIncorrectOperands) {
|
|
// Test that we don't create load instruction as a source for the shuffle
|
|
// vector operation.
|
|
|
|
LLVMContext Ctx;
|
|
const char *Source =
|
|
"define <2 x i32> @test(<2 x i1> %cond, <2 x i32> %a) {\n"
|
|
" %A = alloca <2 x i32>\n"
|
|
" %I = insertelement <2 x i32> %a, i32 1, i32 1\n"
|
|
" ret <2 x i32> undef\n"
|
|
"}";
|
|
auto M = parseAssembly(Source, Ctx);
|
|
|
|
fuzzerop::OpDescriptor Descr = fuzzerop::shuffleVectorDescriptor(1);
|
|
|
|
// Empty known types since we ShuffleVector descriptor doesn't care about them
|
|
RandomIRBuilder IB(Seed, {});
|
|
|
|
// Get first basic block of the first function
|
|
Function &F = *M->begin();
|
|
BasicBlock &BB = *F.begin();
|
|
|
|
SmallVector<Instruction *, 32> Insts;
|
|
for (auto I = BB.getFirstInsertionPt(), E = BB.end(); I != E; ++I)
|
|
Insts.push_back(&*I);
|
|
|
|
// Pick first and second sources
|
|
SmallVector<Value *, 2> Srcs;
|
|
ASSERT_TRUE(Descr.SourcePreds[0].matches(Srcs, Insts[1]));
|
|
Srcs.push_back(Insts[1]);
|
|
ASSERT_TRUE(Descr.SourcePreds[1].matches(Srcs, Insts[1]));
|
|
Srcs.push_back(Insts[1]);
|
|
|
|
// Create new source. Check that it always matches with the descriptor.
|
|
// Run some iterations to account for random decisions.
|
|
for (int i = 0; i < 10; ++i) {
|
|
Value *LastSrc = IB.newSource(BB, Insts, Srcs, Descr.SourcePreds[2]);
|
|
ASSERT_TRUE(Descr.SourcePreds[2].matches(Srcs, LastSrc));
|
|
}
|
|
}
|
|
|
|
TEST(RandomIRBuilderTest, InsertValueIndexes) {
|
|
// Check that we will generate correct indexes for the insertvalue operation
|
|
|
|
LLVMContext Ctx;
|
|
const char *Source =
|
|
"%T = type {i8, i32, i64}\n"
|
|
"define void @test() {\n"
|
|
" %A = alloca %T\n"
|
|
" %L = load %T, %T* %A"
|
|
" ret void\n"
|
|
"}";
|
|
auto M = parseAssembly(Source, Ctx);
|
|
|
|
fuzzerop::OpDescriptor IVDescr = fuzzerop::insertValueDescriptor(1);
|
|
|
|
std::vector<Type *> Types =
|
|
{Type::getInt8Ty(Ctx), Type::getInt32Ty(Ctx), Type::getInt64Ty(Ctx)};
|
|
RandomIRBuilder IB(Seed, Types);
|
|
|
|
// Get first basic block of the first function
|
|
Function &F = *M->begin();
|
|
BasicBlock &BB = *F.begin();
|
|
|
|
// Pick first source
|
|
Instruction *Src = &*std::next(BB.begin());
|
|
|
|
SmallVector<Value *, 2> Srcs(2);
|
|
ASSERT_TRUE(IVDescr.SourcePreds[0].matches({}, Src));
|
|
Srcs[0] = Src;
|
|
|
|
// Generate constants for each of the types and check that we pick correct
|
|
// index for the given type
|
|
for (auto *T: Types) {
|
|
// Loop to account for possible random decisions
|
|
for (int i = 0; i < 10; ++i) {
|
|
// Create value we want to insert. Only it's type matters.
|
|
Srcs[1] = ConstantInt::get(T, 5);
|
|
|
|
// Try to pick correct index
|
|
Value *Src = IB.findOrCreateSource(
|
|
BB, &*BB.begin(), Srcs, IVDescr.SourcePreds[2]);
|
|
ASSERT_TRUE(IVDescr.SourcePreds[2].matches(Srcs, Src));
|
|
}
|
|
}
|
|
}
|
|
|
|
TEST(RandomIRBuilderTest, ShuffleVectorSink) {
|
|
// Check that we will never use shuffle vector mask as a sink form the
|
|
// unrelated operation.
|
|
|
|
LLVMContext Ctx;
|
|
const char *SourceCode =
|
|
"define void @test(<4 x i32> %a) {\n"
|
|
" %S1 = shufflevector <4 x i32> %a, <4 x i32> %a, <4 x i32> undef\n"
|
|
" %S2 = shufflevector <4 x i32> %a, <4 x i32> %a, <4 x i32> undef\n"
|
|
" ret void\n"
|
|
"}";
|
|
auto M = parseAssembly(SourceCode, Ctx);
|
|
|
|
fuzzerop::OpDescriptor IVDescr = fuzzerop::insertValueDescriptor(1);
|
|
|
|
RandomIRBuilder IB(Seed, {});
|
|
|
|
// Get first basic block of the first function
|
|
Function &F = *M->begin();
|
|
BasicBlock &BB = *F.begin();
|
|
|
|
// Source is %S1
|
|
Instruction *Source = &*BB.begin();
|
|
// Sink is %S2
|
|
SmallVector<Instruction *, 1> Sinks = {&*std::next(BB.begin())};
|
|
|
|
// Loop to account for random decisions
|
|
for (int i = 0; i < 10; ++i) {
|
|
// Try to connect S1 to S2. We should always create new sink.
|
|
IB.connectToSink(BB, Sinks, Source);
|
|
ASSERT_TRUE(!verifyModule(*M, &errs()));
|
|
}
|
|
}
|
|
|
|
TEST(RandomIRBuilderTest, InsertValueArray) {
|
|
// Check that we can generate insertvalue for the vector operations
|
|
|
|
LLVMContext Ctx;
|
|
const char *SourceCode =
|
|
"define void @test() {\n"
|
|
" %A = alloca [8 x i32]\n"
|
|
" %L = load [8 x i32], [8 x i32]* %A"
|
|
" ret void\n"
|
|
"}";
|
|
auto M = parseAssembly(SourceCode, Ctx);
|
|
|
|
fuzzerop::OpDescriptor Descr = fuzzerop::insertValueDescriptor(1);
|
|
|
|
std::vector<Type *> Types =
|
|
{Type::getInt8Ty(Ctx), Type::getInt32Ty(Ctx), Type::getInt64Ty(Ctx)};
|
|
RandomIRBuilder IB(Seed, Types);
|
|
|
|
// Get first basic block of the first function
|
|
Function &F = *M->begin();
|
|
BasicBlock &BB = *F.begin();
|
|
|
|
// Pick first source
|
|
Instruction *Source = &*std::next(BB.begin());
|
|
ASSERT_TRUE(Descr.SourcePreds[0].matches({}, Source));
|
|
|
|
SmallVector<Value *, 2> Srcs(2);
|
|
|
|
// Check that we can always pick the last two operands.
|
|
for (int i = 0; i < 10; ++i) {
|
|
Srcs[0] = Source;
|
|
Srcs[1] = IB.findOrCreateSource(BB, {Source}, Srcs, Descr.SourcePreds[1]);
|
|
IB.findOrCreateSource(BB, {}, Srcs, Descr.SourcePreds[2]);
|
|
}
|
|
}
|
|
|
|
TEST(RandomIRBuilderTest, Invokes) {
|
|
// Check that we never generate load or store after invoke instruction
|
|
|
|
LLVMContext Ctx;
|
|
const char *SourceCode =
|
|
"declare i32* @f()"
|
|
"declare i32 @personality_function()"
|
|
"define i32* @test() personality i32 ()* @personality_function {\n"
|
|
"entry:\n"
|
|
" %val = invoke i32* @f()\n"
|
|
" to label %normal unwind label %exceptional\n"
|
|
"normal:\n"
|
|
" ret i32* %val\n"
|
|
"exceptional:\n"
|
|
" %landing_pad4 = landingpad token cleanup\n"
|
|
" ret i32* undef\n"
|
|
"}";
|
|
auto M = parseAssembly(SourceCode, Ctx);
|
|
|
|
|
|
std::vector<Type *> Types = {Type::getInt8Ty(Ctx)};
|
|
RandomIRBuilder IB(Seed, Types);
|
|
|
|
// Get first basic block of the test function
|
|
Function &F = *M->getFunction("test");
|
|
BasicBlock &BB = *F.begin();
|
|
|
|
Instruction *Invoke = &*BB.begin();
|
|
|
|
// Find source but never insert new load after invoke
|
|
for (int i = 0; i < 10; ++i) {
|
|
(void)IB.findOrCreateSource(BB, {Invoke}, {}, fuzzerop::anyIntType());
|
|
ASSERT_TRUE(!verifyModule(*M, &errs()));
|
|
}
|
|
}
|
|
|
|
TEST(RandomIRBuilderTest, FirstClassTypes) {
|
|
// Check that we never insert new source as a load from non first class
|
|
// or unsized type.
|
|
|
|
LLVMContext Ctx;
|
|
const char *SourceCode = "%Opaque = type opaque\n"
|
|
"define void @test(i8* %ptr) {\n"
|
|
"entry:\n"
|
|
" %tmp = bitcast i8* %ptr to i32* (i32*)*\n"
|
|
" %tmp1 = bitcast i8* %ptr to %Opaque*\n"
|
|
" ret void\n"
|
|
"}";
|
|
auto M = parseAssembly(SourceCode, Ctx);
|
|
|
|
std::vector<Type *> Types = {Type::getInt8Ty(Ctx)};
|
|
RandomIRBuilder IB(Seed, Types);
|
|
|
|
Function &F = *M->getFunction("test");
|
|
BasicBlock &BB = *F.begin();
|
|
// Non first class type
|
|
Instruction *FuncPtr = &*BB.begin();
|
|
// Unsized type
|
|
Instruction *OpaquePtr = &*std::next(BB.begin());
|
|
|
|
for (int i = 0; i < 10; ++i) {
|
|
Value *V = IB.findOrCreateSource(BB, {FuncPtr, OpaquePtr});
|
|
ASSERT_FALSE(isa<LoadInst>(V));
|
|
}
|
|
}
|
|
|
|
TEST(RandomIRBuilderTest, SwiftError) {
|
|
// Check that we never pick swifterror value as a source for operation
|
|
// other than load, store and call.
|
|
|
|
LLVMContext Ctx;
|
|
const char *SourceCode = "declare void @use(i8** swifterror %err)"
|
|
"define void @test() {\n"
|
|
"entry:\n"
|
|
" %err = alloca swifterror i8*, align 8\n"
|
|
" call void @use(i8** swifterror %err)\n"
|
|
" ret void\n"
|
|
"}";
|
|
auto M = parseAssembly(SourceCode, Ctx);
|
|
|
|
std::vector<Type *> Types = {Type::getInt8Ty(Ctx)};
|
|
RandomIRBuilder IB(Seed, Types);
|
|
|
|
// Get first basic block of the test function
|
|
Function &F = *M->getFunction("test");
|
|
BasicBlock &BB = *F.begin();
|
|
Instruction *Alloca = &*BB.begin();
|
|
|
|
fuzzerop::OpDescriptor Descr = fuzzerop::gepDescriptor(1);
|
|
|
|
for (int i = 0; i < 10; ++i) {
|
|
Value *V = IB.findOrCreateSource(BB, {Alloca}, {}, Descr.SourcePreds[0]);
|
|
ASSERT_FALSE(isa<AllocaInst>(V));
|
|
}
|
|
}
|
|
|
|
}
|