1 // Copyright (c) 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include "source/fuzz/fuzzer_pass_adjust_loop_controls.h"
16 
17 #include "source/fuzz/transformation_set_loop_control.h"
18 
19 namespace spvtools {
20 namespace fuzz {
21 
FuzzerPassAdjustLoopControls(opt::IRContext * ir_context,TransformationContext * transformation_context,FuzzerContext * fuzzer_context,protobufs::TransformationSequence * transformations)22 FuzzerPassAdjustLoopControls::FuzzerPassAdjustLoopControls(
23     opt::IRContext* ir_context, TransformationContext* transformation_context,
24     FuzzerContext* fuzzer_context,
25     protobufs::TransformationSequence* transformations)
26     : FuzzerPass(ir_context, transformation_context, fuzzer_context,
27                  transformations) {}
28 
29 FuzzerPassAdjustLoopControls::~FuzzerPassAdjustLoopControls() = default;
30 
Apply()31 void FuzzerPassAdjustLoopControls::Apply() {
32   // Consider every merge instruction in the module (via looking through all
33   // functions and blocks).
34   for (auto& function : *GetIRContext()->module()) {
35     for (auto& block : function) {
36       if (auto merge_inst = block.GetMergeInst()) {
37         // Ignore the instruction if it is not a loop merge.
38         if (merge_inst->opcode() != SpvOpLoopMerge) {
39           continue;
40         }
41 
42         // Decide randomly whether to adjust this loop merge.
43         if (!GetFuzzerContext()->ChoosePercentage(
44                 GetFuzzerContext()->GetChanceOfAdjustingLoopControl())) {
45           continue;
46         }
47 
48         uint32_t existing_mask = merge_inst->GetSingleWordOperand(
49             TransformationSetLoopControl::kLoopControlMaskInOperandIndex);
50 
51         // First, set the new mask to one of None, Unroll or DontUnroll.
52         std::vector<uint32_t> basic_masks = {SpvLoopControlMaskNone,
53                                              SpvLoopControlUnrollMask,
54                                              SpvLoopControlDontUnrollMask};
55         uint32_t new_mask =
56             basic_masks[GetFuzzerContext()->RandomIndex(basic_masks)];
57 
58         // For the loop controls that depend on guarantees about what the loop
59         // does, check which of these were present in the existing mask and
60         // randomly decide whether to keep them.  They are just hints, so
61         // removing them should not change the semantics of the module.
62         for (auto mask_bit :
63              {SpvLoopControlDependencyInfiniteMask,
64               SpvLoopControlDependencyLengthMask,
65               SpvLoopControlMinIterationsMask, SpvLoopControlMaxIterationsMask,
66               SpvLoopControlIterationMultipleMask}) {
67           if ((existing_mask & mask_bit) && GetFuzzerContext()->ChooseEven()) {
68             // The mask bits we are considering are not available in all SPIR-V
69             // versions.  However, we only include a mask bit if it was present
70             // in the original loop control mask, and we work under the
71             // assumption that we are transforming a valid module, thus we don't
72             // need to actually check whether the SPIR-V version being used
73             // supports these loop control mask bits.
74             new_mask |= mask_bit;
75           }
76         }
77 
78         // We use 0 for peel count and partial count in the case that we choose
79         // not to set these controls.
80         uint32_t peel_count = 0;
81         uint32_t partial_count = 0;
82 
83         // PeelCount and PartialCount are not compatible with DontUnroll, so
84         // we check whether DontUnroll is set.
85         if (!(new_mask & SpvLoopControlDontUnrollMask)) {
86           // If PeelCount is supported by this SPIR-V version, randomly choose
87           // whether to set it.  If it was set in the original mask and is not
88           // selected for setting here, that amounts to dropping it.
89           if (TransformationSetLoopControl::PeelCountIsSupported(
90                   GetIRContext()) &&
91               GetFuzzerContext()->ChooseEven()) {
92             new_mask |= SpvLoopControlPeelCountMask;
93             // The peel count is chosen randomly - if PeelCount was already set
94             // this will overwrite whatever peel count was previously used.
95             peel_count = GetFuzzerContext()->GetRandomLoopControlPeelCount();
96           }
97           // Similar, but for PartialCount.
98           if (TransformationSetLoopControl::PartialCountIsSupported(
99                   GetIRContext()) &&
100               GetFuzzerContext()->ChooseEven()) {
101             new_mask |= SpvLoopControlPartialCountMask;
102             partial_count =
103                 GetFuzzerContext()->GetRandomLoopControlPartialCount();
104           }
105         }
106 
107         // Apply the transformation and add it to the output transformation
108         // sequence.
109         TransformationSetLoopControl transformation(block.id(), new_mask,
110                                                     peel_count, partial_count);
111         ApplyTransformation(transformation);
112       }
113     }
114   }
115 }
116 
117 }  // namespace fuzz
118 }  // namespace spvtools
119