1fd4e5da5Sopenharmony_ci// Copyright (c) 2021 Google LLC
2fd4e5da5Sopenharmony_ci//
3fd4e5da5Sopenharmony_ci// Licensed under the Apache License, Version 2.0 (the "License");
4fd4e5da5Sopenharmony_ci// you may not use this file except in compliance with the License.
5fd4e5da5Sopenharmony_ci// You may obtain a copy of the License at
6fd4e5da5Sopenharmony_ci//
7fd4e5da5Sopenharmony_ci//     http://www.apache.org/licenses/LICENSE-2.0
8fd4e5da5Sopenharmony_ci//
9fd4e5da5Sopenharmony_ci// Unless required by applicable law or agreed to in writing, software
10fd4e5da5Sopenharmony_ci// distributed under the License is distributed on an "AS IS" BASIS,
11fd4e5da5Sopenharmony_ci// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12fd4e5da5Sopenharmony_ci// See the License for the specific language governing permissions and
13fd4e5da5Sopenharmony_ci// limitations under the License.
14fd4e5da5Sopenharmony_ci
15fd4e5da5Sopenharmony_ci#include "test/fuzzers/spvtools_opt_fuzzer_common.h"
16fd4e5da5Sopenharmony_ci
17fd4e5da5Sopenharmony_ci#include "source/opt/build_module.h"
18fd4e5da5Sopenharmony_ci#include "test/fuzzers/random_generator.h"
19fd4e5da5Sopenharmony_ci
20fd4e5da5Sopenharmony_cinamespace spvtools {
21fd4e5da5Sopenharmony_cinamespace fuzzers {
22fd4e5da5Sopenharmony_ci
23fd4e5da5Sopenharmony_ciint OptFuzzerTestOneInput(
24fd4e5da5Sopenharmony_ci    const uint8_t* data, size_t size,
25fd4e5da5Sopenharmony_ci    const std::function<void(spvtools::Optimizer&)>& register_passes) {
26fd4e5da5Sopenharmony_ci  if (size < 1) {
27fd4e5da5Sopenharmony_ci    return 0;
28fd4e5da5Sopenharmony_ci  }
29fd4e5da5Sopenharmony_ci
30fd4e5da5Sopenharmony_ci  spvtools::fuzzers::RandomGenerator random_gen(data, size);
31fd4e5da5Sopenharmony_ci  auto target_env = random_gen.GetTargetEnv();
32fd4e5da5Sopenharmony_ci  spvtools::Optimizer optimizer(target_env);
33fd4e5da5Sopenharmony_ci  optimizer.SetMessageConsumer([](spv_message_level_t, const char*,
34fd4e5da5Sopenharmony_ci                                  const spv_position_t&, const char*) {});
35fd4e5da5Sopenharmony_ci
36fd4e5da5Sopenharmony_ci  std::vector<uint32_t> input;
37fd4e5da5Sopenharmony_ci  input.resize(size >> 2);
38fd4e5da5Sopenharmony_ci
39fd4e5da5Sopenharmony_ci  size_t count = 0;
40fd4e5da5Sopenharmony_ci  for (size_t i = 0; (i + 3) < size; i += 4) {
41fd4e5da5Sopenharmony_ci    input[count++] = data[i] | (data[i + 1] << 8) | (data[i + 2] << 16) |
42fd4e5da5Sopenharmony_ci                     (data[i + 3]) << 24;
43fd4e5da5Sopenharmony_ci  }
44fd4e5da5Sopenharmony_ci
45fd4e5da5Sopenharmony_ci  // The largest possible id bound is used when running the optimizer, to avoid
46fd4e5da5Sopenharmony_ci  // the problem of id overflows.
47fd4e5da5Sopenharmony_ci  const size_t kFinalIdLimit = UINT32_MAX;
48fd4e5da5Sopenharmony_ci
49fd4e5da5Sopenharmony_ci  // The input is scanned to check that it does not already use an id too close
50fd4e5da5Sopenharmony_ci  // to this limit. This still gives the optimizer a large set of ids to
51fd4e5da5Sopenharmony_ci  // consume. It is thus very unlikely that id overflow will occur during
52fd4e5da5Sopenharmony_ci  // fuzzing. If it does, then the initial id limit should be decreased.
53fd4e5da5Sopenharmony_ci  const size_t kInitialIdLimit = kFinalIdLimit - 1000000U;
54fd4e5da5Sopenharmony_ci
55fd4e5da5Sopenharmony_ci  // Build the module and scan it to check that all used ids are below the
56fd4e5da5Sopenharmony_ci  // initial limit.
57fd4e5da5Sopenharmony_ci  auto ir_context =
58fd4e5da5Sopenharmony_ci      spvtools::BuildModule(target_env, nullptr, input.data(), input.size());
59fd4e5da5Sopenharmony_ci  if (ir_context == nullptr) {
60fd4e5da5Sopenharmony_ci    // It was not possible to build a valid module; that's OK - skip this input.
61fd4e5da5Sopenharmony_ci    return 0;
62fd4e5da5Sopenharmony_ci  }
63fd4e5da5Sopenharmony_ci  if (ir_context->module()->id_bound() >= kInitialIdLimit) {
64fd4e5da5Sopenharmony_ci    // The input already has a very large id bound. The input is thus abandoned,
65fd4e5da5Sopenharmony_ci    // to avoid the possibility of ending up hitting the id bound limit.
66fd4e5da5Sopenharmony_ci    return 0;
67fd4e5da5Sopenharmony_ci  }
68fd4e5da5Sopenharmony_ci
69fd4e5da5Sopenharmony_ci  // Set the optimizer and its validator up with the largest possible id bound
70fd4e5da5Sopenharmony_ci  // limit.
71fd4e5da5Sopenharmony_ci  spvtools::ValidatorOptions validator_options;
72fd4e5da5Sopenharmony_ci  spvtools::OptimizerOptions optimizer_options;
73fd4e5da5Sopenharmony_ci  optimizer_options.set_max_id_bound(kFinalIdLimit);
74fd4e5da5Sopenharmony_ci  validator_options.SetUniversalLimit(spv_validator_limit_max_id_bound,
75fd4e5da5Sopenharmony_ci                                      kFinalIdLimit);
76fd4e5da5Sopenharmony_ci  optimizer_options.set_validator_options(validator_options);
77fd4e5da5Sopenharmony_ci  register_passes(optimizer);
78fd4e5da5Sopenharmony_ci  optimizer.Run(input.data(), input.size(), &input, optimizer_options);
79fd4e5da5Sopenharmony_ci
80fd4e5da5Sopenharmony_ci  return 0;
81fd4e5da5Sopenharmony_ci}
82fd4e5da5Sopenharmony_ci
83fd4e5da5Sopenharmony_ci}  // namespace fuzzers
84fd4e5da5Sopenharmony_ci}  // namespace spvtools
85