doxygen/OpDescriptor_8h_source.html

//===-- OpDescriptor.h ------------------------------------------*- C++ -*-===//

//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//

//===----------------------------------------------------------------------===//

//

// Provides the fuzzerop::Descriptor class and related tools for describing

// operations an IR fuzzer can work with.

//

//===----------------------------------------------------------------------===//


#ifndef LLVM_FUZZMUTATE_OPDESCRIPTOR_H

#define LLVM_FUZZMUTATE_OPDESCRIPTOR_H


#include "llvm/ADT/ArrayRef.h"

#include "llvm/ADT/SmallVector.h"

#include "llvm/IR/Constants.h"

#include "llvm/IR/DerivedTypes.h"

#include "llvm/IR/Type.h"

#include "llvm/IR/Value.h"

#include <functional>


namespace llvm {

class Instruction;

namespace fuzzerop {


/// @{

/// Populate a small list of potentially interesting constants of a given type.

void makeConstantsWithType(Type *T, std::vector<Constant *> &Cs);

std::vector<Constant *> makeConstantsWithType(Type *T);

/// @}


/// A matcher/generator for finding suitable values for the next source in an

/// operation's partially completed argument list.

///

/// Given that we're building some operation X and may have already filled some

/// subset of its operands, this predicate determines if some value New is

/// suitable for the next operand or generates a set of values that are

/// suitable.

class SourcePred {

public:

  /// Given a list of already selected operands, returns whether a given new

  /// operand is suitable for the next operand.

  using PredT = std::function<bool(ArrayRef<Value *> Cur, const Value *New)>;

  /// Given a list of already selected operands and a set of valid base types

  /// for a fuzzer, generates a list of constants that could be used for the

  /// next operand.

  using MakeT = std::function<std::vector<Constant *>(

      ArrayRef<Value *> Cur, ArrayRef<Type *> BaseTypes)>;


private:

  PredT Pred;

  MakeT Make;


public:

  /// Create a fully general source predicate.

  SourcePred(PredT Pred, MakeT Make) : Pred(Pred), Make(Make) {}

  SourcePred(PredT Pred, std::nullopt_t) : Pred(Pred) {

    Make = [Pred](ArrayRef<Value *> Cur, ArrayRef<Type *> BaseTypes) {

      // Default filter just calls Pred on each of the base types.

      std::vector<Constant *> Result;

      for (Type *T : BaseTypes) {

        Constant *V = UndefValue::get(T);

        if (Pred(Cur, V))

          makeConstantsWithType(T, Result);

      }

      if (Result.empty())

        report_fatal_error("Predicate does not match for base types");

      return Result;

    };

  }


  /// Returns true if \c New is compatible for the argument after \c Cur

  bool matches(ArrayRef<Value *> Cur, const Value *New) {

    return Pred(Cur, New);

  }


  /// Generates a list of potential values for the argument after \c Cur.

  std::vector<Constant *> generate(ArrayRef<Value *> Cur,

                                   ArrayRef<Type *> BaseTypes) {

    return Make(Cur, BaseTypes);

  }

};


/// A description of some operation we can build while fuzzing IR.

struct OpDescriptor {

  unsigned Weight;

  SmallVector<SourcePred, 2> SourcePreds;

  std::function<Value *(ArrayRef<Value *>, Instruction *)> BuilderFunc;

};


static inline SourcePred onlyType(Type *Only) {

  auto Pred = [Only](ArrayRef<Value *>, const Value *V) {

    return V->getType() == Only;

  };

  auto Make = [Only](ArrayRef<Value *>, ArrayRef<Type *>) {

    return makeConstantsWithType(Only);

  };

  return {Pred, Make};

}


static inline SourcePred anyType() {

  auto Pred = [](ArrayRef<Value *>, const Value *V) {

    return !V->getType()->isVoidTy();

  };

  auto Make = std::nullopt;

  return {Pred, Make};

}


static inline SourcePred anyIntType() {

  auto Pred = [](ArrayRef<Value *>, const Value *V) {

    return V->getType()->isIntegerTy();

  };

  auto Make = std::nullopt;

  return {Pred, Make};

}


static inline SourcePred anyFloatType() {

  auto Pred = [](ArrayRef<Value *>, const Value *V) {

    return V->getType()->isFloatingPointTy();

  };

  auto Make = std::nullopt;

  return {Pred, Make};

}


static inline SourcePred anyPtrType() {

  auto Pred = [](ArrayRef<Value *>, const Value *V) {

    return V->getType()->isPointerTy() && !V->isSwiftError();

  };

  auto Make = [](ArrayRef<Value *>, ArrayRef<Type *> Ts) {

    std::vector<Constant *> Result;

    // TODO: Should these point at something?

    for (Type *T : Ts)

      Result.push_back(UndefValue::get(PointerType::getUnqual(T)));

    return Result;

  };

  return {Pred, Make};

}


static inline SourcePred sizedPtrType() {

  auto Pred = [](ArrayRef<Value *>, const Value *V) {

    if (V->isSwiftError())

      return false;


    if (const auto *PtrT = dyn_cast<PointerType>(V->getType()))

      return PtrT->isOpaque() ||

             PtrT->getNonOpaquePointerElementType()->isSized();

    return false;

  };

  auto Make = [](ArrayRef<Value *>, ArrayRef<Type *> Ts) {

    std::vector<Constant *> Result;


    for (Type *T : Ts)

      if (T->isSized())

        Result.push_back(UndefValue::get(PointerType::getUnqual(T)));


    return Result;

  };

  return {Pred, Make};

}


static inline SourcePred anyAggregateType() {

  auto Pred = [](ArrayRef<Value *>, const Value *V) {

    // We can't index zero sized arrays.

    if (isa<ArrayType>(V->getType()))

      return V->getType()->getArrayNumElements() > 0;


    // Structs can also be zero sized. I.e opaque types.

    if (isa<StructType>(V->getType()))

      return V->getType()->getStructNumElements() > 0;


    return V->getType()->isAggregateType();

  };

  // TODO: For now we only find aggregates in BaseTypes. It might be better to

  // manufacture them out of the base types in some cases.

  auto Find = std::nullopt;

  return {Pred, Find};

}


static inline SourcePred anyVectorType() {

  auto Pred = [](ArrayRef<Value *>, const Value *V) {

    return V->getType()->isVectorTy();

  };

  // TODO: For now we only find vectors in BaseTypes. It might be better to

  // manufacture vectors out of the base types, but it's tricky to be sure

  // that's actually a reasonable type.

  auto Make = std::nullopt;

  return {Pred, Make};

}


/// Match values that have the same type as the first source.

static inline SourcePred matchFirstType() {

  auto Pred = [](ArrayRef<Value *> Cur, const Value *V) {

    assert(!Cur.empty() && "No first source yet");

    return V->getType() == Cur[0]->getType();

  };

  auto Make = [](ArrayRef<Value *> Cur, ArrayRef<Type *>) {

    assert(!Cur.empty() && "No first source yet");

    return makeConstantsWithType(Cur[0]->getType());

  };

  return {Pred, Make};

}


/// Match values that have the first source's scalar type.

static inline SourcePred matchScalarOfFirstType() {

  auto Pred = [](ArrayRef<Value *> Cur, const Value *V) {

    assert(!Cur.empty() && "No first source yet");

    return V->getType() == Cur[0]->getType()->getScalarType();

  };

  auto Make = [](ArrayRef<Value *> Cur, ArrayRef<Type *>) {

    assert(!Cur.empty() && "No first source yet");

    return makeConstantsWithType(Cur[0]->getType()->getScalarType());

  };

  return {Pred, Make};

}


} // namespace fuzzerop

} // namespace llvm


#endif // LLVM_FUZZMUTATE_OPDESCRIPTOR_H

ArrayRef.h

Constants.h
This file contains the declarations for the subclasses of Constant, which represent the different fla...

DerivedTypes.h

Find
static const T * Find(StringRef S, ArrayRef< T > A)
Find KV in array using binary search.
Definition: MCSubtargetInfo.cpp:26

assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())

SmallVector.h
This file defines the SmallVector class.

getType
static SymbolRef::Type getType(const Symbol *Sym)
Definition: TapiFile.cpp:40

Type.h

Value.h

T

bool

llvm::ArrayRef
ArrayRef - Represent a constant reference to an array (0 or more elements consecutively in memory),...
Definition: ArrayRef.h:41

llvm::ArrayRef::empty
bool empty() const
empty - Check if the array is empty.
Definition: ArrayRef.h:158

llvm::Constant
This is an important base class in LLVM.
Definition: Constant.h:41

llvm::Instruction
Definition: Instruction.h:42

llvm::PointerType::getUnqual
static PointerType * getUnqual(Type *ElementType)
This constructs a pointer to an object of the specified type in the default address space (address sp...
Definition: DerivedTypes.h:651

llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1200

llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45

llvm::UndefValue::get
static UndefValue * get(Type *T)
Static factory methods - Return an 'undef' object of the specified type.
Definition: Constants.cpp:1731

llvm::Value
LLVM Value Representation.
Definition: Value.h:74

llvm::fuzzerop::SourcePred
A matcher/generator for finding suitable values for the next source in an operation's partially compl...
Definition: OpDescriptor.h:42

llvm::fuzzerop::SourcePred::matches
bool matches(ArrayRef< Value * > Cur, const Value *New)
Returns true if New is compatible for the argument after Cur.
Definition: OpDescriptor.h:76

llvm::fuzzerop::SourcePred::MakeT
std::function< std::vector< Constant * >(ArrayRef< Value * > Cur, ArrayRef< Type * > BaseTypes)> MakeT
Given a list of already selected operands and a set of valid base types for a fuzzer,...
Definition: OpDescriptor.h:51

llvm::fuzzerop::SourcePred::SourcePred
SourcePred(PredT Pred, MakeT Make)
Create a fully general source predicate.
Definition: OpDescriptor.h:59

llvm::fuzzerop::SourcePred::SourcePred
SourcePred(PredT Pred, std::nullopt_t)
Definition: OpDescriptor.h:60

llvm::fuzzerop::SourcePred::generate
std::vector< Constant * > generate(ArrayRef< Value * > Cur, ArrayRef< Type * > BaseTypes)
Generates a list of potential values for the argument after Cur.
Definition: OpDescriptor.h:81

llvm::fuzzerop::SourcePred::PredT
std::function< bool(ArrayRef< Value * > Cur, const Value *New)> PredT
Given a list of already selected operands, returns whether a given new operand is suitable for the ne...
Definition: OpDescriptor.h:46

llvm::fuzzerop::sizedPtrType
static SourcePred sizedPtrType()
Definition: OpDescriptor.h:142

llvm::fuzzerop::makeConstantsWithType
void makeConstantsWithType(Type *T, std::vector< Constant * > &Cs)
Definition: OpDescriptor.cpp:15

llvm::fuzzerop::anyAggregateType
static SourcePred anyAggregateType()
Definition: OpDescriptor.h:164

llvm::fuzzerop::anyIntType
static SourcePred anyIntType()
Definition: OpDescriptor.h:112

llvm::fuzzerop::matchScalarOfFirstType
static SourcePred matchScalarOfFirstType()
Match values that have the first source's scalar type.
Definition: OpDescriptor.h:207

llvm::fuzzerop::onlyType
static SourcePred onlyType(Type *Only)
Definition: OpDescriptor.h:94

llvm::fuzzerop::anyVectorType
static SourcePred anyVectorType()
Definition: OpDescriptor.h:182

llvm::fuzzerop::anyFloatType
static SourcePred anyFloatType()
Definition: OpDescriptor.h:120

llvm::fuzzerop::matchFirstType
static SourcePred matchFirstType()
Match values that have the same type as the first source.
Definition: OpDescriptor.h:194

llvm::fuzzerop::anyPtrType
static SourcePred anyPtrType()
Definition: OpDescriptor.h:128

llvm::fuzzerop::anyType
static SourcePred anyType()
Definition: OpDescriptor.h:104

llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AddressRanges.h:18

llvm::report_fatal_error
void report_fatal_error(Error Err, bool gen_crash_diag=true)
Report a serious error, calling any installed error handler.
Definition: Error.cpp:145

llvm::fuzzerop::OpDescriptor
A description of some operation we can build while fuzzing IR.
Definition: OpDescriptor.h:88

llvm::fuzzerop::OpDescriptor::Weight
unsigned Weight
Definition: OpDescriptor.h:89

llvm::fuzzerop::OpDescriptor::SourcePreds
SmallVector< SourcePred, 2 > SourcePreds
Definition: OpDescriptor.h:90

llvm::fuzzerop::OpDescriptor::BuilderFunc
std::function< Value *(ArrayRef< Value * >, Instruction *)> BuilderFunc
Definition: OpDescriptor.h:91