1 // Copyright (c) 2020 Stefano Milizia
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef SOURCE_FUZZ_FUZZER_PASS_MERGE_FUNCTION_RETURNS_H_
16 #define SOURCE_FUZZ_FUZZER_PASS_MERGE_FUNCTION_RETURNS_H_
17 
18 #include "source/fuzz/fuzzer_pass.h"
19 
20 namespace spvtools {
21 namespace fuzz {
22 
23 // A fuzzer pass for changing functions in the module so that they don't have an
24 // early return.  When handling a function the pass first eliminates early
25 // terminator instructions, such as OpKill, by wrapping them in functions and
26 // replacing them with a function call followed by a return.  The return
27 // instructions that arise are then modified so that the function does not have
28 // early returns.
29 class FuzzerPassMergeFunctionReturns : public FuzzerPass {
30  public:
31   FuzzerPassMergeFunctionReturns(
32       opt::IRContext* ir_context, TransformationContext* transformation_context,
33       FuzzerContext* fuzzer_context,
34       protobufs::TransformationSequence* transformations,
35       bool ignore_inapplicable_transformations);
36 
37   void Apply() override;
38 
39  private:
40   // Returns a map from type ids to a list of ids with that type and which are
41   // available at the end of the entry block of |function|.
42   std::map<uint32_t, std::vector<uint32_t>>
43   GetTypesToIdsAvailableAfterEntryBlock(opt::Function* function) const;
44 
45   // Returns the set of all the loop merge blocks whose corresponding loops
46   // contain at least one of the blocks in |blocks|.
47   std::set<uint32_t> GetMergeBlocksOfLoopsContainingBlocks(
48       const std::set<uint32_t>& blocks) const;
49 
50   // Returns a list of ReturnMergingInfo messages, containing the information
51   // needed by the transformation for each of the relevant merge blocks.
52   // If a new id is created (because |ids_available_after_entry_block| does not
53   // have an entry for the corresponding type), a new entry is added to
54   // |ids_available_after_entry_block|, mapping its type to a singleton set
55   // containing it.
56   std::vector<protobufs::ReturnMergingInfo> GetInfoNeededForMergeBlocks(
57       const std::vector<uint32_t>& merge_blocks,
58       std::map<uint32_t, std::vector<uint32_t>>*
59           ids_available_after_entry_block);
60 
61   // Returns true if and only if |function| is a wrapper for an early terminator
62   // instruction such as OpKill.
63   bool IsEarlyTerminatorWrapper(const opt::Function& function) const;
64 };
65 }  // namespace fuzz
66 }  // namespace spvtools
67 
68 #endif  // SOURCE_FUZZ_FUZZER_PASS_MERGE_FUNCTION_RETURNS_H_
69