1fd4e5da5Sopenharmony_ci// Copyright (c) 2021 Google LLC
2fd4e5da5Sopenharmony_ci//
3fd4e5da5Sopenharmony_ci// Licensed under the Apache License, Version 2.0 (the "License");
4fd4e5da5Sopenharmony_ci// you may not use this file except in compliance with the License.
5fd4e5da5Sopenharmony_ci// You may obtain a copy of the License at
6fd4e5da5Sopenharmony_ci//
7fd4e5da5Sopenharmony_ci//     http://www.apache.org/licenses/LICENSE-2.0
8fd4e5da5Sopenharmony_ci//
9fd4e5da5Sopenharmony_ci// Unless required by applicable law or agreed to in writing, software
10fd4e5da5Sopenharmony_ci// distributed under the License is distributed on an "AS IS" BASIS,
11fd4e5da5Sopenharmony_ci// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12fd4e5da5Sopenharmony_ci// See the License for the specific language governing permissions and
13fd4e5da5Sopenharmony_ci// limitations under the License.
14fd4e5da5Sopenharmony_ci
15fd4e5da5Sopenharmony_ci#include <cstdint>
16fd4e5da5Sopenharmony_ci#include <vector>
17fd4e5da5Sopenharmony_ci
18fd4e5da5Sopenharmony_ci#include "source/fuzz/fuzzer.h"
19fd4e5da5Sopenharmony_ci#include "source/fuzz/pseudo_random_generator.h"
20fd4e5da5Sopenharmony_ci#include "spirv-tools/libspirv.hpp"
21fd4e5da5Sopenharmony_ci#include "test/fuzzers/random_generator.h"
22fd4e5da5Sopenharmony_ci
23fd4e5da5Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
24fd4e5da5Sopenharmony_ci  if (size == 0 || (size % sizeof(uint32_t)) != 0) {
25fd4e5da5Sopenharmony_ci    // An empty binary, or a binary whose size is not a multiple of word-size,
26fd4e5da5Sopenharmony_ci    // cannot be valid, so can be rejected immediately.
27fd4e5da5Sopenharmony_ci    return 0;
28fd4e5da5Sopenharmony_ci  }
29fd4e5da5Sopenharmony_ci
30fd4e5da5Sopenharmony_ci  std::vector<uint32_t> initial_binary(size / sizeof(uint32_t));
31fd4e5da5Sopenharmony_ci  memcpy(initial_binary.data(), data, size);
32fd4e5da5Sopenharmony_ci
33fd4e5da5Sopenharmony_ci  spvtools::ValidatorOptions validator_options;
34fd4e5da5Sopenharmony_ci
35fd4e5da5Sopenharmony_ci  spvtools::MessageConsumer message_consumer =
36fd4e5da5Sopenharmony_ci      [](spv_message_level_t, const char*, const spv_position_t&, const char*) {
37fd4e5da5Sopenharmony_ci      };
38fd4e5da5Sopenharmony_ci
39fd4e5da5Sopenharmony_ci  spvtools::fuzzers::RandomGenerator random_gen(data, size);
40fd4e5da5Sopenharmony_ci  auto target_env = random_gen.GetTargetEnv();
41fd4e5da5Sopenharmony_ci  std::unique_ptr<spvtools::opt::IRContext> ir_context;
42fd4e5da5Sopenharmony_ci  if (!spvtools::fuzz::fuzzerutil::BuildIRContext(
43fd4e5da5Sopenharmony_ci          target_env, message_consumer, initial_binary, validator_options,
44fd4e5da5Sopenharmony_ci          &ir_context)) {
45fd4e5da5Sopenharmony_ci    // The input is invalid - give up.
46fd4e5da5Sopenharmony_ci    return 0;
47fd4e5da5Sopenharmony_ci  }
48fd4e5da5Sopenharmony_ci
49fd4e5da5Sopenharmony_ci  std::vector<spvtools::fuzz::fuzzerutil::ModuleSupplier> donor_suppliers = {
50fd4e5da5Sopenharmony_ci      [&initial_binary, message_consumer, target_env,
51fd4e5da5Sopenharmony_ci       &validator_options]() -> std::unique_ptr<spvtools::opt::IRContext> {
52fd4e5da5Sopenharmony_ci        std::unique_ptr<spvtools::opt::IRContext> result;
53fd4e5da5Sopenharmony_ci        if (!spvtools::fuzz::fuzzerutil::BuildIRContext(
54fd4e5da5Sopenharmony_ci                target_env, message_consumer, initial_binary, validator_options,
55fd4e5da5Sopenharmony_ci                &result)) {
56fd4e5da5Sopenharmony_ci          // The input was successfully parsed and validated first time around,
57fd4e5da5Sopenharmony_ci          // so something is wrong if it is now invalid.
58fd4e5da5Sopenharmony_ci          abort();
59fd4e5da5Sopenharmony_ci        }
60fd4e5da5Sopenharmony_ci        return result;
61fd4e5da5Sopenharmony_ci      }};
62fd4e5da5Sopenharmony_ci
63fd4e5da5Sopenharmony_ci  uint32_t seed = random_gen.GetUInt32(std::numeric_limits<uint32_t>::max());
64fd4e5da5Sopenharmony_ci  auto fuzzer_context = spvtools::MakeUnique<spvtools::fuzz::FuzzerContext>(
65fd4e5da5Sopenharmony_ci      spvtools::MakeUnique<spvtools::fuzz::PseudoRandomGenerator>(seed),
66fd4e5da5Sopenharmony_ci      spvtools::fuzz::FuzzerContext::GetMinFreshId(ir_context.get()), false);
67fd4e5da5Sopenharmony_ci
68fd4e5da5Sopenharmony_ci  auto transformation_context =
69fd4e5da5Sopenharmony_ci      spvtools::MakeUnique<spvtools::fuzz::TransformationContext>(
70fd4e5da5Sopenharmony_ci          spvtools::MakeUnique<spvtools::fuzz::FactManager>(ir_context.get()),
71fd4e5da5Sopenharmony_ci          validator_options);
72fd4e5da5Sopenharmony_ci
73fd4e5da5Sopenharmony_ci  spvtools::fuzz::Fuzzer fuzzer(
74fd4e5da5Sopenharmony_ci      std::move(ir_context), std::move(transformation_context),
75fd4e5da5Sopenharmony_ci      std::move(fuzzer_context), message_consumer, donor_suppliers, false,
76fd4e5da5Sopenharmony_ci      spvtools::fuzz::RepeatedPassStrategy::kLoopedWithRecommendations, true,
77fd4e5da5Sopenharmony_ci      validator_options);
78fd4e5da5Sopenharmony_ci  fuzzer.Run(0);
79fd4e5da5Sopenharmony_ci  return 0;
80fd4e5da5Sopenharmony_ci}
81