LLVM  10.0.0svn
IRMutator.h
Go to the documentation of this file.
1 //===-- IRMutator.h - Mutation engine for fuzzing IR ------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Provides the IRMutator class, which drives mutations on IR based on a
10 // configurable set of strategies. Some common strategies are also included
11 // here.
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #ifndef LLVM_FUZZMUTATE_IRMUTATOR_H
16 #define LLVM_FUZZMUTATE_IRMUTATOR_H
17 
18 #include "llvm/ADT/Optional.h"
21 
22 namespace llvm {
23 class BasicBlock;
24 class Function;
25 class Instruction;
26 class Module;
27 
28 struct RandomIRBuilder;
29 
30 /// Base class for describing how to mutate a module. mutation functions for
31 /// each IR unit forward to the contained unit.
33 public:
34  virtual ~IRMutationStrategy() = default;
35 
36  /// Provide a weight to bias towards choosing this strategy for a mutation.
37  ///
38  /// The value of the weight is arbitrary, but a good default is "the number of
39  /// distinct ways in which this strategy can mutate a unit". This can also be
40  /// used to prefer strategies that shrink the overall size of the result when
41  /// we start getting close to \c MaxSize.
42  virtual uint64_t getWeight(size_t CurrentSize, size_t MaxSize,
43  uint64_t CurrentWeight) = 0;
44 
45  /// @{
46  /// Mutators for each IR unit. By default these forward to a contained
47  /// instance of the next smaller unit.
48  virtual void mutate(Module &M, RandomIRBuilder &IB);
49  virtual void mutate(Function &F, RandomIRBuilder &IB);
50  virtual void mutate(BasicBlock &BB, RandomIRBuilder &IB);
51  virtual void mutate(Instruction &I, RandomIRBuilder &IB) {
52  llvm_unreachable("Strategy does not implement any mutators");
53  }
54  /// @}
55 };
56 
57 using TypeGetter = std::function<Type *(LLVMContext &)>;
58 
59 /// Entry point for configuring and running IR mutations.
60 class IRMutator {
61  std::vector<TypeGetter> AllowedTypes;
62  std::vector<std::unique_ptr<IRMutationStrategy>> Strategies;
63 
64 public:
65  IRMutator(std::vector<TypeGetter> &&AllowedTypes,
66  std::vector<std::unique_ptr<IRMutationStrategy>> &&Strategies)
67  : AllowedTypes(std::move(AllowedTypes)),
68  Strategies(std::move(Strategies)) {}
69 
70  void mutateModule(Module &M, int Seed, size_t CurSize, size_t MaxSize);
71 };
72 
73 /// Strategy that injects operations into the function.
75  std::vector<fuzzerop::OpDescriptor> Operations;
76 
77  Optional<fuzzerop::OpDescriptor> chooseOperation(Value *Src,
78  RandomIRBuilder &IB);
79 
80 public:
81  InjectorIRStrategy(std::vector<fuzzerop::OpDescriptor> &&Operations)
82  : Operations(std::move(Operations)) {}
83  static std::vector<fuzzerop::OpDescriptor> getDefaultOps();
84 
85  uint64_t getWeight(size_t CurrentSize, size_t MaxSize,
86  uint64_t CurrentWeight) override {
87  return Operations.size();
88  }
89 
91  void mutate(Function &F, RandomIRBuilder &IB) override;
92  void mutate(BasicBlock &BB, RandomIRBuilder &IB) override;
93 };
94 
96 public:
97  uint64_t getWeight(size_t CurrentSize, size_t MaxSize,
98  uint64_t CurrentWeight) override;
99 
101  void mutate(Function &F, RandomIRBuilder &IB) override;
102  void mutate(Instruction &Inst, RandomIRBuilder &IB) override;
103 };
104 
105 } // end llvm namespace
106 
107 #endif // LLVM_FUZZMUTATE_IRMUTATOR_H
This class represents lattice values for constants.
Definition: AllocatorList.h:23
Various leaf nodes.
Definition: ISDOpcodes.h:59
static cl::opt< uint64_t > Seed("rng-seed", cl::value_desc("seed"), cl::Hidden, cl::desc("Seed for the random number generator"), cl::init(0))
virtual ~IRMutationStrategy()=default
A Module instance is used to store all the information related to an LLVM module. ...
Definition: Module.h:65
Base class for describing how to mutate a module.
Definition: IRMutator.h:32
F(f)
Entry point for configuring and running IR mutations.
Definition: IRMutator.h:60
Definition: BitVector.h:937
IRMutator(std::vector< TypeGetter > &&AllowedTypes, std::vector< std::unique_ptr< IRMutationStrategy >> &&Strategies)
Definition: IRMutator.h:65
InjectorIRStrategy(std::vector< fuzzerop::OpDescriptor > &&Operations)
Definition: IRMutator.h:81
LLVM Basic Block Representation.
Definition: BasicBlock.h:57
uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override
Provide a weight to bias towards choosing this strategy for a mutation.
Definition: IRMutator.h:85
virtual void mutate(Instruction &I, RandomIRBuilder &IB)
Definition: IRMutator.h:51
#define llvm_unreachable(msg)
Marks that the current location is not supposed to be reachable.
virtual void mutate(Module &M, RandomIRBuilder &IB)
Definition: IRMutator.cpp:35
#define I(x, y, z)
Definition: MD5.cpp:58
Strategy that injects operations into the function.
Definition: IRMutator.h:74
LLVM Value Representation.
Definition: Value.h:73
virtual uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight)=0
Provide a weight to bias towards choosing this strategy for a mutation.
std::function< Type *(LLVMContext &)> TypeGetter
Definition: IRMutator.h:57