xref: /llvm-project/llvm/unittests/FuzzMutate/RandomIRBuilderTest.cpp (revision d209ff981473ae4733c4521e80c427c6ada8a8a3) 
1 //===- RandomIRBuilderTest.cpp - Tests for injector strategy --------------===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 
10 #include "llvm/FuzzMutate/RandomIRBuilder.h"
11 #include "llvm/ADT/StringRef.h"
12 #include "llvm/AsmParser/Parser.h"
13 #include "llvm/AsmParser/SlotMapping.h"
14 #include "llvm/FuzzMutate/IRMutator.h"
15 #include "llvm/FuzzMutate/OpDescriptor.h"
16 #include "llvm/FuzzMutate/Operations.h"
17 #include "llvm/IR/Constants.h"
18 #include "llvm/IR/Instructions.h"
19 #include "llvm/IR/LLVMContext.h"
20 #include "llvm/IR/Module.h"
21 #include "llvm/IR/Verifier.h"
22 #include "llvm/Support/SourceMgr.h"
23 
24 #include "gtest/gtest.h"
25 
26 using namespace llvm;
27 
28 static constexpr int Seed = 5;
29 
30 namespace {
31 
32 std::unique_ptr<Module> parseAssembly(
33     const char *Assembly, LLVMContext &Context) {
34 
35   SMDiagnostic Error;
36   std::unique_ptr<Module> M = parseAssemblyString(Assembly, Error, Context);
37 
38   std::string ErrMsg;
39   raw_string_ostream OS(ErrMsg);
40   Error.print("", OS);
41 
42   assert(M && !verifyModule(*M, &errs()));
43   return M;
44 }
45 
46 TEST(RandomIRBuilderTest, ShuffleVectorIncorrectOperands) {
47   // Test that we don't create load instruction as a source for the shuffle
48   // vector operation.
49 
50   LLVMContext Ctx;
51   const char *Source =
52       "define <2 x i32> @test(<2 x i1> %cond, <2 x i32> %a) {\n"
53       "  %A = alloca <2 x i32>\n"
54       "  %I = insertelement <2 x i32> %a, i32 1, i32 1\n"
55       "  ret <2 x i32> undef\n"
56       "}";
57   auto M = parseAssembly(Source, Ctx);
58 
59   fuzzerop::OpDescriptor Descr = fuzzerop::shuffleVectorDescriptor(1);
60 
61   // Empty known types since we ShuffleVector descriptor doesn't care about them
62   RandomIRBuilder IB(Seed, {});
63 
64   // Get first basic block of the first function
65   Function &F = *M->begin();
66   BasicBlock &BB = *F.begin();
67 
68   SmallVector<Instruction *, 32> Insts;
69   for (auto I = BB.getFirstInsertionPt(), E = BB.end(); I != E; ++I)
70     Insts.push_back(&*I);
71 
72   // Pick first and second sources
73   SmallVector<Value *, 2> Srcs;
74   ASSERT_TRUE(Descr.SourcePreds[0].matches(Srcs, Insts[1]));
75   Srcs.push_back(Insts[1]);
76   ASSERT_TRUE(Descr.SourcePreds[1].matches(Srcs, Insts[1]));
77   Srcs.push_back(Insts[1]);
78 
79   // Create new source. Check that it always matches with the descriptor.
80   // Run some iterations to account for random decisions.
81   for (int i = 0; i < 10; ++i) {
82     Value *LastSrc = IB.newSource(BB, Insts, Srcs, Descr.SourcePreds[2]);
83     ASSERT_TRUE(Descr.SourcePreds[2].matches(Srcs, LastSrc));
84   }
85 }
86 
87 TEST(RandomIRBuilderTest, InsertValueIndexes) {
88   // Check that we will generate correct indexes for the insertvalue operation
89 
90   LLVMContext Ctx;
91   const char *Source =
92       "%T = type {i8, i32, i64}\n"
93       "define void @test() {\n"
94       "  %A = alloca %T\n"
95       "  %L = load %T, %T* %A"
96       "  ret void\n"
97       "}";
98   auto M = parseAssembly(Source, Ctx);
99 
100   fuzzerop::OpDescriptor IVDescr = fuzzerop::insertValueDescriptor(1);
101 
102   std::vector<Type *> Types =
103       {Type::getInt8Ty(Ctx), Type::getInt32Ty(Ctx), Type::getInt64Ty(Ctx)};
104   RandomIRBuilder IB(Seed, Types);
105 
106   // Get first basic block of the first function
107   Function &F = *M->begin();
108   BasicBlock &BB = *F.begin();
109 
110   // Pick first source
111   Instruction *Src = &*std::next(BB.begin());
112 
113   SmallVector<Value *, 2> Srcs(2);
114   ASSERT_TRUE(IVDescr.SourcePreds[0].matches({}, Src));
115   Srcs[0] = Src;
116 
117   // Generate constants for each of the types and check that we pick correct
118   // index for the given type
119   for (auto *T: Types) {
120     // Loop to account for possible random decisions
121     for (int i = 0; i < 10; ++i) {
122       // Create value we want to insert. Only it's type matters.
123       Srcs[1] = ConstantInt::get(T, 5);
124 
125       // Try to pick correct index
126       Value *Src = IB.findOrCreateSource(
127           BB, &*BB.begin(), Srcs, IVDescr.SourcePreds[2]);
128       ASSERT_TRUE(IVDescr.SourcePreds[2].matches(Srcs, Src));
129     }
130   }
131 }
132 
133 TEST(RandomIRBuilderTest, ShuffleVectorSink) {
134   // Check that we will never use shuffle vector mask as a sink form the
135   // unrelated operation.
136 
137   LLVMContext Ctx;
138   const char *SourceCode =
139       "define void @test(<4 x i32> %a) {\n"
140       "  %S1 = shufflevector <4 x i32> %a, <4 x i32> %a, <4 x i32> undef\n"
141       "  %S2 = shufflevector <4 x i32> %a, <4 x i32> %a, <4 x i32> undef\n"
142       "  ret void\n"
143       "}";
144   auto M = parseAssembly(SourceCode, Ctx);
145 
146   fuzzerop::OpDescriptor IVDescr = fuzzerop::insertValueDescriptor(1);
147 
148   RandomIRBuilder IB(Seed, {});
149 
150   // Get first basic block of the first function
151   Function &F = *M->begin();
152   BasicBlock &BB = *F.begin();
153 
154   // Source is %S1
155   Instruction *Source = &*BB.begin();
156   // Sink is %S2
157   SmallVector<Instruction *, 1> Sinks = {&*std::next(BB.begin())};
158 
159   // Loop to account for random decisions
160   for (int i = 0; i < 10; ++i) {
161     // Try to connect S1 to S2. We should always create new sink.
162     IB.connectToSink(BB, Sinks, Source);
163     ASSERT_TRUE(!verifyModule(*M, &errs()));
164   }
165 }
166 
167 TEST(RandomIRBuilderTest, InsertValueArray) {
168   // Check that we can generate insertvalue for the vector operations
169 
170   LLVMContext Ctx;
171   const char *SourceCode =
172       "define void @test() {\n"
173       "  %A = alloca [8 x i32]\n"
174       "  %L = load [8 x i32], [8 x i32]* %A"
175       "  ret void\n"
176       "}";
177   auto M = parseAssembly(SourceCode, Ctx);
178 
179   fuzzerop::OpDescriptor Descr = fuzzerop::insertValueDescriptor(1);
180 
181   std::vector<Type *> Types =
182       {Type::getInt8Ty(Ctx), Type::getInt32Ty(Ctx), Type::getInt64Ty(Ctx)};
183   RandomIRBuilder IB(Seed, Types);
184 
185   // Get first basic block of the first function
186   Function &F = *M->begin();
187   BasicBlock &BB = *F.begin();
188 
189   // Pick first source
190   Instruction *Source = &*std::next(BB.begin());
191   ASSERT_TRUE(Descr.SourcePreds[0].matches({}, Source));
192 
193   SmallVector<Value *, 2> Srcs(2);
194 
195   // Check that we can always pick the last two operands.
196   for (int i = 0; i < 10; ++i) {
197     Srcs[0] = Source;
198     Srcs[1] = IB.findOrCreateSource(BB, {Source}, Srcs, Descr.SourcePreds[1]);
199     IB.findOrCreateSource(BB, {}, Srcs, Descr.SourcePreds[2]);
200   }
201 }
202 
203 TEST(RandomIRBuilderTest, Invokes) {
204   // Check that we never generate load or store after invoke instruction
205 
206   LLVMContext Ctx;
207   const char *SourceCode =
208       "declare i32* @f()"
209       "declare i32 @personality_function()"
210       "define i32* @test() personality i32 ()* @personality_function {\n"
211       "entry:\n"
212       "  %val = invoke i32* @f()\n"
213       "          to label %normal unwind label %exceptional\n"
214       "normal:\n"
215       "  ret i32* %val\n"
216       "exceptional:\n"
217       "  %landing_pad4 = landingpad token cleanup\n"
218       "  ret i32* undef\n"
219       "}";
220   auto M = parseAssembly(SourceCode, Ctx);
221 
222 
223   std::vector<Type *> Types = {Type::getInt8Ty(Ctx)};
224   RandomIRBuilder IB(Seed, Types);
225 
226   // Get first basic block of the test function
227   Function &F = *M->getFunction("test");
228   BasicBlock &BB = *F.begin();
229 
230   Instruction *Invoke = &*BB.begin();
231 
232   // Find source but never insert new load after invoke
233   for (int i = 0; i < 10; ++i) {
234     (void)IB.findOrCreateSource(BB, {Invoke}, {}, fuzzerop::anyIntType());
235     ASSERT_TRUE(!verifyModule(*M, &errs()));
236   }
237 }
238 
239 TEST(RandomIRBuilderTest, FirstClassTypes) {
240   // Check that we never insert new source as a load from non first class
241   // or unsized type.
242 
243   LLVMContext Ctx;
244   const char *SourceCode = "%Opaque = type opaque\n"
245                            "define void @test(i8* %ptr) {\n"
246                            "entry:\n"
247                            "  %tmp = bitcast i8* %ptr to i32* (i32*)*\n"
248                            "  %tmp1 = bitcast i8* %ptr to %Opaque*\n"
249                            "  ret void\n"
250                            "}";
251   auto M = parseAssembly(SourceCode, Ctx);
252 
253   std::vector<Type *> Types = {Type::getInt8Ty(Ctx)};
254   RandomIRBuilder IB(Seed, Types);
255 
256   Function &F = *M->getFunction("test");
257   BasicBlock &BB = *F.begin();
258   // Non first class type
259   Instruction *FuncPtr = &*BB.begin();
260   // Unsized type
261   Instruction *OpaquePtr = &*std::next(BB.begin());
262 
263   for (int i = 0; i < 10; ++i) {
264     Value *V = IB.findOrCreateSource(BB, {FuncPtr, OpaquePtr});
265     ASSERT_FALSE(isa<LoadInst>(V));
266   }
267 }
268 
269 }
270