405 lines
14 KiB
C++
405 lines
14 KiB
C++
|
//===- OperationsTest.cpp - Tests for fuzzer operations -------------------===//
|
||
|
//
|
||
|
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
|
||
|
// See https://llvm.org/LICENSE.txt for license information.
|
||
|
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
||
|
//
|
||
|
//===----------------------------------------------------------------------===//
|
||
|
|
||
|
#include "llvm/FuzzMutate/Operations.h"
|
||
|
#include "llvm/AsmParser/Parser.h"
|
||
|
#include "llvm/FuzzMutate/OpDescriptor.h"
|
||
|
#include "llvm/IR/Constants.h"
|
||
|
#include "llvm/IR/Instructions.h"
|
||
|
#include "llvm/IR/Module.h"
|
||
|
#include "llvm/IR/Verifier.h"
|
||
|
#include "llvm/Support/SourceMgr.h"
|
||
|
#include "gmock/gmock.h"
|
||
|
#include "gtest/gtest.h"
|
||
|
#include <iostream>
|
||
|
|
||
|
// Define some pretty printers to help with debugging failures.
|
||
|
namespace llvm {
|
||
|
void PrintTo(Type *T, ::std::ostream *OS) {
|
||
|
raw_os_ostream ROS(*OS);
|
||
|
T->print(ROS);
|
||
|
}
|
||
|
|
||
|
void PrintTo(BasicBlock *BB, ::std::ostream *OS) {
|
||
|
raw_os_ostream ROS(*OS);
|
||
|
ROS << BB << " (" << BB->getName() << ")";
|
||
|
}
|
||
|
|
||
|
void PrintTo(Value *V, ::std::ostream *OS) {
|
||
|
raw_os_ostream ROS(*OS);
|
||
|
ROS << V << " (";
|
||
|
V->print(ROS);
|
||
|
ROS << ")";
|
||
|
}
|
||
|
void PrintTo(Constant *C, ::std::ostream *OS) { PrintTo(cast<Value>(C), OS); }
|
||
|
|
||
|
} // namespace llvm
|
||
|
|
||
|
using namespace llvm;
|
||
|
|
||
|
using testing::AllOf;
|
||
|
using testing::AnyOf;
|
||
|
using testing::ElementsAre;
|
||
|
using testing::Eq;
|
||
|
using testing::Ge;
|
||
|
using testing::Each;
|
||
|
using testing::Truly;
|
||
|
using testing::NotNull;
|
||
|
using testing::PrintToString;
|
||
|
using testing::SizeIs;
|
||
|
|
||
|
namespace {
|
||
|
std::unique_ptr<Module> parseAssembly(
|
||
|
const char *Assembly, LLVMContext &Context) {
|
||
|
|
||
|
SMDiagnostic Error;
|
||
|
std::unique_ptr<Module> M = parseAssemblyString(Assembly, Error, Context);
|
||
|
|
||
|
std::string ErrMsg;
|
||
|
raw_string_ostream OS(ErrMsg);
|
||
|
Error.print("", OS);
|
||
|
|
||
|
assert(M && !verifyModule(*M, &errs()));
|
||
|
return M;
|
||
|
}
|
||
|
|
||
|
MATCHER_P(TypesMatch, V, "has type " + PrintToString(V->getType())) {
|
||
|
return arg->getType() == V->getType();
|
||
|
}
|
||
|
|
||
|
MATCHER_P(HasType, T, "") { return arg->getType() == T; }
|
||
|
|
||
|
TEST(OperationsTest, SourcePreds) {
|
||
|
using namespace llvm::fuzzerop;
|
||
|
|
||
|
LLVMContext Ctx;
|
||
|
|
||
|
Constant *i1 = ConstantInt::getFalse(Ctx);
|
||
|
Constant *i8 = ConstantInt::get(Type::getInt8Ty(Ctx), 3);
|
||
|
Constant *i16 = ConstantInt::get(Type::getInt16Ty(Ctx), 1 << 15);
|
||
|
Constant *i32 = ConstantInt::get(Type::getInt32Ty(Ctx), 0);
|
||
|
Constant *i64 = ConstantInt::get(Type::getInt64Ty(Ctx),
|
||
|
std::numeric_limits<uint64_t>::max());
|
||
|
Constant *f16 = ConstantFP::getInfinity(Type::getHalfTy(Ctx));
|
||
|
Constant *f32 = ConstantFP::get(Type::getFloatTy(Ctx), 0.0);
|
||
|
Constant *f64 = ConstantFP::get(Type::getDoubleTy(Ctx), 123.45);
|
||
|
Constant *s =
|
||
|
ConstantStruct::get(StructType::create(Ctx, "OpaqueStruct"));
|
||
|
Constant *a =
|
||
|
ConstantArray::get(ArrayType::get(i32->getType(), 2), {i32, i32});
|
||
|
Constant *v8i8 = ConstantVector::getSplat(ElementCount::getFixed(8), i8);
|
||
|
Constant *v4f16 = ConstantVector::getSplat(ElementCount::getFixed(4), f16);
|
||
|
Constant *p0i32 =
|
||
|
ConstantPointerNull::get(PointerType::get(i32->getType(), 0));
|
||
|
|
||
|
auto OnlyI32 = onlyType(i32->getType());
|
||
|
EXPECT_TRUE(OnlyI32.matches({}, i32));
|
||
|
EXPECT_FALSE(OnlyI32.matches({}, i64));
|
||
|
EXPECT_FALSE(OnlyI32.matches({}, p0i32));
|
||
|
EXPECT_FALSE(OnlyI32.matches({}, a));
|
||
|
|
||
|
EXPECT_THAT(OnlyI32.generate({}, {}),
|
||
|
AllOf(SizeIs(Ge(1u)), Each(TypesMatch(i32))));
|
||
|
|
||
|
auto AnyType = anyType();
|
||
|
EXPECT_TRUE(AnyType.matches({}, i1));
|
||
|
EXPECT_TRUE(AnyType.matches({}, f64));
|
||
|
EXPECT_TRUE(AnyType.matches({}, s));
|
||
|
EXPECT_TRUE(AnyType.matches({}, v8i8));
|
||
|
EXPECT_TRUE(AnyType.matches({}, p0i32));
|
||
|
|
||
|
EXPECT_THAT(
|
||
|
AnyType.generate({}, {i32->getType(), f16->getType(), v8i8->getType()}),
|
||
|
Each(AnyOf(TypesMatch(i32), TypesMatch(f16), TypesMatch(v8i8))));
|
||
|
|
||
|
auto AnyInt = anyIntType();
|
||
|
EXPECT_TRUE(AnyInt.matches({}, i1));
|
||
|
EXPECT_TRUE(AnyInt.matches({}, i64));
|
||
|
EXPECT_FALSE(AnyInt.matches({}, f32));
|
||
|
EXPECT_FALSE(AnyInt.matches({}, v4f16));
|
||
|
|
||
|
EXPECT_THAT(
|
||
|
AnyInt.generate({}, {i32->getType(), f16->getType(), v8i8->getType()}),
|
||
|
AllOf(SizeIs(Ge(1u)), Each(TypesMatch(i32))));
|
||
|
|
||
|
auto AnyFP = anyFloatType();
|
||
|
EXPECT_TRUE(AnyFP.matches({}, f16));
|
||
|
EXPECT_TRUE(AnyFP.matches({}, f32));
|
||
|
EXPECT_FALSE(AnyFP.matches({}, i16));
|
||
|
EXPECT_FALSE(AnyFP.matches({}, p0i32));
|
||
|
EXPECT_FALSE(AnyFP.matches({}, v4f16));
|
||
|
|
||
|
EXPECT_THAT(
|
||
|
AnyFP.generate({}, {i32->getType(), f16->getType(), v8i8->getType()}),
|
||
|
AllOf(SizeIs(Ge(1u)), Each(TypesMatch(f16))));
|
||
|
|
||
|
auto AnyPtr = anyPtrType();
|
||
|
EXPECT_TRUE(AnyPtr.matches({}, p0i32));
|
||
|
EXPECT_FALSE(AnyPtr.matches({}, i8));
|
||
|
EXPECT_FALSE(AnyPtr.matches({}, a));
|
||
|
EXPECT_FALSE(AnyPtr.matches({}, v8i8));
|
||
|
|
||
|
auto isPointer = [](Value *V) { return V->getType()->isPointerTy(); };
|
||
|
EXPECT_THAT(
|
||
|
AnyPtr.generate({}, {i32->getType(), f16->getType(), v8i8->getType()}),
|
||
|
AllOf(SizeIs(Ge(3u)), Each(Truly(isPointer))));
|
||
|
|
||
|
auto AnyVec = anyVectorType();
|
||
|
EXPECT_TRUE(AnyVec.matches({}, v8i8));
|
||
|
EXPECT_TRUE(AnyVec.matches({}, v4f16));
|
||
|
EXPECT_FALSE(AnyVec.matches({}, i8));
|
||
|
EXPECT_FALSE(AnyVec.matches({}, a));
|
||
|
EXPECT_FALSE(AnyVec.matches({}, s));
|
||
|
|
||
|
EXPECT_THAT(AnyVec.generate({}, {v8i8->getType()}),
|
||
|
ElementsAre(TypesMatch(v8i8)));
|
||
|
|
||
|
auto First = matchFirstType();
|
||
|
EXPECT_TRUE(First.matches({i8}, i8));
|
||
|
EXPECT_TRUE(First.matches({s, a}, s));
|
||
|
EXPECT_FALSE(First.matches({f16}, f32));
|
||
|
EXPECT_FALSE(First.matches({v4f16, f64}, f64));
|
||
|
|
||
|
EXPECT_THAT(First.generate({i8}, {}), Each(TypesMatch(i8)));
|
||
|
EXPECT_THAT(First.generate({f16}, {i8->getType()}),
|
||
|
Each(TypesMatch(f16)));
|
||
|
EXPECT_THAT(First.generate({v8i8, i32}, {}), Each(TypesMatch(v8i8)));
|
||
|
}
|
||
|
|
||
|
TEST(OperationsTest, SplitBlock) {
|
||
|
LLVMContext Ctx;
|
||
|
|
||
|
Module M("M", Ctx);
|
||
|
Function *F = Function::Create(FunctionType::get(Type::getVoidTy(Ctx), {},
|
||
|
/*isVarArg=*/false),
|
||
|
GlobalValue::ExternalLinkage, "f", &M);
|
||
|
auto SBOp = fuzzerop::splitBlockDescriptor(1);
|
||
|
|
||
|
// Create a block with only a return and split it on the return.
|
||
|
auto *BB = BasicBlock::Create(Ctx, "BB", F);
|
||
|
auto *RI = ReturnInst::Create(Ctx, BB);
|
||
|
SBOp.BuilderFunc({UndefValue::get(Type::getInt1Ty(Ctx))}, RI);
|
||
|
|
||
|
// We should end up with an unconditional branch from BB to BB1, and the
|
||
|
// return ends up in BB1.
|
||
|
auto *UncondBr = cast<BranchInst>(BB->getTerminator());
|
||
|
ASSERT_TRUE(UncondBr->isUnconditional());
|
||
|
auto *BB1 = UncondBr->getSuccessor(0);
|
||
|
ASSERT_THAT(RI->getParent(), Eq(BB1));
|
||
|
|
||
|
// Now add an instruction to BB1 and split on that.
|
||
|
auto *AI = new AllocaInst(Type::getInt8Ty(Ctx), 0, "a", RI);
|
||
|
Value *Cond = ConstantInt::getFalse(Ctx);
|
||
|
SBOp.BuilderFunc({Cond}, AI);
|
||
|
|
||
|
// We should end up with a loop back on BB1 and the instruction we split on
|
||
|
// moves to BB2.
|
||
|
auto *CondBr = cast<BranchInst>(BB1->getTerminator());
|
||
|
EXPECT_THAT(CondBr->getCondition(), Eq(Cond));
|
||
|
ASSERT_THAT(CondBr->getNumSuccessors(), Eq(2u));
|
||
|
ASSERT_THAT(CondBr->getSuccessor(0), Eq(BB1));
|
||
|
auto *BB2 = CondBr->getSuccessor(1);
|
||
|
EXPECT_THAT(AI->getParent(), Eq(BB2));
|
||
|
EXPECT_THAT(RI->getParent(), Eq(BB2));
|
||
|
|
||
|
EXPECT_FALSE(verifyModule(M, &errs()));
|
||
|
}
|
||
|
|
||
|
TEST(OperationsTest, SplitEHBlock) {
|
||
|
// Check that we will not try to branch back to the landingpad block using
|
||
|
// regular branch instruction
|
||
|
|
||
|
LLVMContext Ctx;
|
||
|
const char *SourceCode =
|
||
|
"declare i32* @f()"
|
||
|
"declare i32 @personality_function()"
|
||
|
"define i32* @test() personality i32 ()* @personality_function {\n"
|
||
|
"entry:\n"
|
||
|
" %val = invoke i32* @f()\n"
|
||
|
" to label %normal unwind label %exceptional\n"
|
||
|
"normal:\n"
|
||
|
" ret i32* %val\n"
|
||
|
"exceptional:\n"
|
||
|
" %landing_pad4 = landingpad token cleanup\n"
|
||
|
" ret i32* undef\n"
|
||
|
"}";
|
||
|
auto M = parseAssembly(SourceCode, Ctx);
|
||
|
|
||
|
// Get the landingpad block
|
||
|
BasicBlock &BB = *std::next(M->getFunction("test")->begin(), 2);
|
||
|
|
||
|
fuzzerop::OpDescriptor Descr = fuzzerop::splitBlockDescriptor(1);
|
||
|
|
||
|
Descr.BuilderFunc({ConstantInt::getTrue(Ctx)},&*BB.getFirstInsertionPt());
|
||
|
ASSERT_TRUE(!verifyModule(*M, &errs()));
|
||
|
}
|
||
|
|
||
|
TEST(OperationsTest, SplitBlockWithPhis) {
|
||
|
LLVMContext Ctx;
|
||
|
|
||
|
Type *Int8Ty = Type::getInt8Ty(Ctx);
|
||
|
|
||
|
Module M("M", Ctx);
|
||
|
Function *F = Function::Create(FunctionType::get(Type::getVoidTy(Ctx), {},
|
||
|
/*isVarArg=*/false),
|
||
|
GlobalValue::ExternalLinkage, "f", &M);
|
||
|
auto SBOp = fuzzerop::splitBlockDescriptor(1);
|
||
|
|
||
|
// Create 3 blocks with an if-then branch.
|
||
|
auto *BB1 = BasicBlock::Create(Ctx, "BB1", F);
|
||
|
auto *BB2 = BasicBlock::Create(Ctx, "BB2", F);
|
||
|
auto *BB3 = BasicBlock::Create(Ctx, "BB3", F);
|
||
|
BranchInst::Create(BB2, BB3, ConstantInt::getFalse(Ctx), BB1);
|
||
|
BranchInst::Create(BB3, BB2);
|
||
|
|
||
|
// Set up phi nodes selecting values for the incoming edges.
|
||
|
auto *PHI1 = PHINode::Create(Int8Ty, /*NumReservedValues=*/2, "p1", BB3);
|
||
|
PHI1->addIncoming(ConstantInt::get(Int8Ty, 0), BB1);
|
||
|
PHI1->addIncoming(ConstantInt::get(Int8Ty, 1), BB2);
|
||
|
auto *PHI2 = PHINode::Create(Int8Ty, /*NumReservedValues=*/2, "p2", BB3);
|
||
|
PHI2->addIncoming(ConstantInt::get(Int8Ty, 1), BB1);
|
||
|
PHI2->addIncoming(ConstantInt::get(Int8Ty, 0), BB2);
|
||
|
auto *RI = ReturnInst::Create(Ctx, BB3);
|
||
|
|
||
|
// Now we split the block with PHI nodes, making sure they're all updated.
|
||
|
Value *Cond = ConstantInt::getFalse(Ctx);
|
||
|
SBOp.BuilderFunc({Cond}, RI);
|
||
|
|
||
|
// Make sure the PHIs are updated with a value for the third incoming edge.
|
||
|
EXPECT_THAT(PHI1->getNumIncomingValues(), Eq(3u));
|
||
|
EXPECT_THAT(PHI2->getNumIncomingValues(), Eq(3u));
|
||
|
EXPECT_FALSE(verifyModule(M, &errs()));
|
||
|
}
|
||
|
|
||
|
TEST(OperationsTest, GEP) {
|
||
|
LLVMContext Ctx;
|
||
|
|
||
|
Type *Int8PtrTy = Type::getInt8PtrTy(Ctx);
|
||
|
Type *Int32Ty = Type::getInt32Ty(Ctx);
|
||
|
|
||
|
Module M("M", Ctx);
|
||
|
Function *F = Function::Create(FunctionType::get(Type::getVoidTy(Ctx), {},
|
||
|
/*isVarArg=*/false),
|
||
|
GlobalValue::ExternalLinkage, "f", &M);
|
||
|
auto *BB = BasicBlock::Create(Ctx, "BB", F);
|
||
|
auto *RI = ReturnInst::Create(Ctx, BB);
|
||
|
|
||
|
auto GEPOp = fuzzerop::gepDescriptor(1);
|
||
|
EXPECT_TRUE(GEPOp.SourcePreds[0].matches({}, UndefValue::get(Int8PtrTy)));
|
||
|
EXPECT_TRUE(GEPOp.SourcePreds[1].matches({UndefValue::get(Int8PtrTy)},
|
||
|
ConstantInt::get(Int32Ty, 0)));
|
||
|
|
||
|
GEPOp.BuilderFunc({UndefValue::get(Int8PtrTy), ConstantInt::get(Int32Ty, 0)},
|
||
|
RI);
|
||
|
EXPECT_FALSE(verifyModule(M, &errs()));
|
||
|
}
|
||
|
|
||
|
|
||
|
TEST(OperationsTest, GEPPointerOperand) {
|
||
|
// Check that we only pick sized pointers for the GEP instructions
|
||
|
|
||
|
LLVMContext Ctx;
|
||
|
const char *SourceCode =
|
||
|
"declare void @f()\n"
|
||
|
"define void @test() {\n"
|
||
|
" %v = bitcast void ()* @f to i64 (i8 addrspace(4)*)*\n"
|
||
|
" %a = alloca i64, i32 10\n"
|
||
|
" ret void\n"
|
||
|
"}";
|
||
|
auto M = parseAssembly(SourceCode, Ctx);
|
||
|
|
||
|
fuzzerop::OpDescriptor Descr = fuzzerop::gepDescriptor(1);
|
||
|
|
||
|
// Get first basic block of the test function
|
||
|
Function &F = *M->getFunction("test");
|
||
|
BasicBlock &BB = *F.begin();
|
||
|
|
||
|
// Don't match %v
|
||
|
ASSERT_FALSE(Descr.SourcePreds[0].matches({}, &*BB.begin()));
|
||
|
|
||
|
// Match %a
|
||
|
ASSERT_TRUE(Descr.SourcePreds[0].matches({}, &*std::next(BB.begin())));
|
||
|
}
|
||
|
|
||
|
TEST(OperationsTest, ExtractAndInsertValue) {
|
||
|
LLVMContext Ctx;
|
||
|
|
||
|
Type *Int8PtrTy = Type::getInt8PtrTy(Ctx);
|
||
|
Type *Int32Ty = Type::getInt32Ty(Ctx);
|
||
|
Type *Int64Ty = Type::getInt64Ty(Ctx);
|
||
|
|
||
|
Type *StructTy = StructType::create(Ctx, {Int8PtrTy, Int32Ty});
|
||
|
Type *OpaqueTy = StructType::create(Ctx, "OpaqueStruct");
|
||
|
Type *ZeroSizedArrayTy = ArrayType::get(Int64Ty, 0);
|
||
|
Type *ArrayTy = ArrayType::get(Int64Ty, 4);
|
||
|
Type *VectorTy = FixedVectorType::get(Int32Ty, 2);
|
||
|
|
||
|
auto EVOp = fuzzerop::extractValueDescriptor(1);
|
||
|
auto IVOp = fuzzerop::insertValueDescriptor(1);
|
||
|
|
||
|
// Sanity check the source preds.
|
||
|
Constant *SVal = UndefValue::get(StructTy);
|
||
|
Constant *OVal = UndefValue::get(OpaqueTy);
|
||
|
Constant *AVal = UndefValue::get(ArrayTy);
|
||
|
Constant *ZAVal = UndefValue::get(ZeroSizedArrayTy);
|
||
|
Constant *VVal = UndefValue::get(VectorTy);
|
||
|
|
||
|
EXPECT_TRUE(EVOp.SourcePreds[0].matches({}, SVal));
|
||
|
EXPECT_FALSE(EVOp.SourcePreds[0].matches({}, OVal));
|
||
|
EXPECT_TRUE(EVOp.SourcePreds[0].matches({}, AVal));
|
||
|
EXPECT_FALSE(EVOp.SourcePreds[0].matches({}, VVal));
|
||
|
EXPECT_TRUE(IVOp.SourcePreds[0].matches({}, SVal));
|
||
|
EXPECT_FALSE(IVOp.SourcePreds[0].matches({}, OVal));
|
||
|
EXPECT_TRUE(IVOp.SourcePreds[0].matches({}, AVal));
|
||
|
EXPECT_FALSE(IVOp.SourcePreds[0].matches({}, VVal));
|
||
|
|
||
|
// Don't consider zero sized arrays as viable sources
|
||
|
EXPECT_FALSE(EVOp.SourcePreds[0].matches({}, ZAVal));
|
||
|
EXPECT_FALSE(IVOp.SourcePreds[0].matches({}, ZAVal));
|
||
|
|
||
|
// Make sure we're range checking appropriately.
|
||
|
EXPECT_TRUE(
|
||
|
EVOp.SourcePreds[1].matches({SVal}, ConstantInt::get(Int32Ty, 0)));
|
||
|
EXPECT_TRUE(
|
||
|
EVOp.SourcePreds[1].matches({SVal}, ConstantInt::get(Int32Ty, 1)));
|
||
|
EXPECT_FALSE(
|
||
|
EVOp.SourcePreds[1].matches({SVal}, ConstantInt::get(Int32Ty, 2)));
|
||
|
EXPECT_FALSE(
|
||
|
EVOp.SourcePreds[1].matches({OVal}, ConstantInt::get(Int32Ty, 0)));
|
||
|
EXPECT_FALSE(
|
||
|
EVOp.SourcePreds[1].matches({OVal}, ConstantInt::get(Int32Ty, 65536)));
|
||
|
EXPECT_TRUE(
|
||
|
EVOp.SourcePreds[1].matches({AVal}, ConstantInt::get(Int32Ty, 0)));
|
||
|
EXPECT_TRUE(
|
||
|
EVOp.SourcePreds[1].matches({AVal}, ConstantInt::get(Int32Ty, 3)));
|
||
|
EXPECT_FALSE(
|
||
|
EVOp.SourcePreds[1].matches({AVal}, ConstantInt::get(Int32Ty, 4)));
|
||
|
|
||
|
EXPECT_THAT(
|
||
|
EVOp.SourcePreds[1].generate({SVal}, {}),
|
||
|
ElementsAre(ConstantInt::get(Int32Ty, 0), ConstantInt::get(Int32Ty, 1)));
|
||
|
|
||
|
// InsertValue should accept any type in the struct, but only in positions
|
||
|
// where it makes sense.
|
||
|
EXPECT_TRUE(IVOp.SourcePreds[1].matches({SVal}, UndefValue::get(Int8PtrTy)));
|
||
|
EXPECT_TRUE(IVOp.SourcePreds[1].matches({SVal}, UndefValue::get(Int32Ty)));
|
||
|
EXPECT_FALSE(IVOp.SourcePreds[1].matches({SVal}, UndefValue::get(Int64Ty)));
|
||
|
EXPECT_FALSE(IVOp.SourcePreds[2].matches({SVal, UndefValue::get(Int32Ty)},
|
||
|
ConstantInt::get(Int32Ty, 0)));
|
||
|
EXPECT_TRUE(IVOp.SourcePreds[2].matches({SVal, UndefValue::get(Int32Ty)},
|
||
|
ConstantInt::get(Int32Ty, 1)));
|
||
|
|
||
|
EXPECT_THAT(IVOp.SourcePreds[1].generate({SVal}, {}),
|
||
|
Each(AnyOf(HasType(Int32Ty), HasType(Int8PtrTy))));
|
||
|
EXPECT_THAT(
|
||
|
IVOp.SourcePreds[2].generate({SVal, ConstantInt::get(Int32Ty, 0)}, {}),
|
||
|
ElementsAre(ConstantInt::get(Int32Ty, 1)));
|
||
|
}
|
||
|
|
||
|
}
|