1 // Copyright (c) 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef SOURCE_FUZZ_FUZZER_PASS_OBFUSCATE_CONSTANTS_H_
16 #define SOURCE_FUZZ_FUZZER_PASS_OBFUSCATE_CONSTANTS_H_
17 
18 #include <vector>
19 
20 #include "source/fuzz/fuzzer_pass.h"
21 
22 namespace spvtools {
23 namespace fuzz {
24 
25 // A fuzzer pass for turning uses of constants into more complex forms.
26 // Examples include replacing 'true' with '42 < 52', and replacing '42' with
27 // 'a.b.c' if 'a.b.c' is known to hold the value '42'.
28 class FuzzerPassObfuscateConstants : public FuzzerPass {
29  public:
30   FuzzerPassObfuscateConstants(
31       opt::IRContext* ir_context, TransformationContext* transformation_context,
32       FuzzerContext* fuzzer_context,
33       protobufs::TransformationSequence* transformations);
34 
35   ~FuzzerPassObfuscateConstants() override;
36 
37   void Apply() override;
38 
39  private:
40   // Applies 0 or more transformations to potentially obfuscate the constant
41   // use represented by |constant_use|.  The |depth| parameter controls how
42   // deeply obfuscation can recurse.
43   void ObfuscateConstant(uint32_t depth,
44                          const protobufs::IdUseDescriptor& constant_use);
45 
46   // This method will try to turn |constant_use|, required to be a use of a
47   // boolean constant, into a binary expression on scalar constants, which may
48   // themselves be recursively obfuscated.
49   void ObfuscateBoolConstant(uint32_t depth,
50                              const protobufs::IdUseDescriptor& constant_use);
51 
52   // This method will try to turn |constant_use|, required to be a use of a
53   // scalar constant, into the value loaded from a uniform known to have the
54   // same value as the constant (if one exists).
55   void ObfuscateScalarConstant(uint32_t depth,
56                                const protobufs::IdUseDescriptor& constant_use);
57 
58   // Applies a transformation to replace the boolean constant usage represented
59   // by |bool_constant_use| with a binary expression involving
60   // |float_constant_id_1| and |float_constant_id_2|, which must not be equal
61   // to one another.  Possibly further obfuscates the uses of these float
62   // constants.  The |depth| parameter controls how deeply obfuscation can
63   // recurse.
64   void ObfuscateBoolConstantViaFloatConstantPair(
65       uint32_t depth, const protobufs::IdUseDescriptor& bool_constant_use,
66       uint32_t float_constant_id_1, uint32_t float_constant_id_2);
67 
68   // Similar to the above, but for signed int constants.
69   void ObfuscateBoolConstantViaSignedIntConstantPair(
70       uint32_t depth, const protobufs::IdUseDescriptor& bool_constant_use,
71       uint32_t signed_int_constant_id_1, uint32_t signed_int_constant_id_2);
72 
73   // Similar to the above, but for unsigned int constants.
74   void ObfuscateBoolConstantViaUnsignedIntConstantPair(
75       uint32_t depth, const protobufs::IdUseDescriptor& bool_constant_use,
76       uint32_t unsigned_int_constant_id_1, uint32_t unsigned_int_constant_id_2);
77 
78   // A helper method to capture the common parts of the above methods.
79   // The method is used to obfuscate the boolean constant usage represented by
80   // |bool_constant_use| by replacing it with '|constant_id_1| OP
81   // |constant_id_2|', where 'OP' is chosen from either |greater_than_opcodes|
82   // or |less_than_opcodes|.
83   //
84   // The two constant ids must not represent the same value, and thus
85   // |greater_than_opcodes| may include 'greater than or equal' opcodes
86   // (similar for |less_than_opcodes|).
87   void ObfuscateBoolConstantViaConstantPair(
88       uint32_t depth, const protobufs::IdUseDescriptor& bool_constant_use,
89       const std::vector<SpvOp>& greater_than_opcodes,
90       const std::vector<SpvOp>& less_than_opcodes, uint32_t constant_id_1,
91       uint32_t constant_id_2, bool first_constant_is_larger);
92 
93   // A helper method to determine whether input operand |in_operand_index| of
94   // |inst| is the id of a constant, and add an id use descriptor to
95   // |candidate_constant_uses| if so.  The other parameters are used for id use
96   // descriptor construction.
97   void MaybeAddConstantIdUse(
98       const opt::Instruction& inst, uint32_t in_operand_index,
99       uint32_t base_instruction_result_id,
100       const std::map<SpvOp, uint32_t>& skipped_opcode_count,
101       std::vector<protobufs::IdUseDescriptor>* constant_uses);
102 
103   // Returns a vector of unique words that denote constants. Every such constant
104   // is used in |FactConstantUniform| and has type with id equal to |type_id|.
105   std::vector<std::vector<uint32_t>> GetConstantWordsFromUniformsForType(
106       uint32_t type_id);
107 };
108 
109 }  // namespace fuzz
110 }  // namespace spvtools
111 
112 #endif  // SOURCE_FUZZ_FUZZER_PASS_OBFUSCATE_CONSTANTS_H_
113