LLVM  15.0.0git
IRMutator.cpp
Go to the documentation of this file.
1 //===-- IRMutator.cpp -----------------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 
9 #include "llvm/FuzzMutate/IRMutator.h"
10 #include "llvm/ADT/Optional.h"
11 #include "llvm/Analysis/TargetLibraryInfo.h"
12 #include "llvm/Bitcode/BitcodeReader.h"
13 #include "llvm/Bitcode/BitcodeWriter.h"
14 #include "llvm/FuzzMutate/Operations.h"
15 #include "llvm/FuzzMutate/Random.h"
16 #include "llvm/FuzzMutate/RandomIRBuilder.h"
17 #include "llvm/IR/BasicBlock.h"
18 #include "llvm/IR/Function.h"
19 #include "llvm/IR/InstIterator.h"
20 #include "llvm/IR/Instructions.h"
21 #include "llvm/IR/Module.h"
22 #include "llvm/IR/Verifier.h"
23 #include "llvm/Support/MemoryBuffer.h"
24 #include "llvm/Support/SourceMgr.h"
25 #include "llvm/Transforms/Scalar/DCE.h"
26 
27 using namespace llvm;
28 
29 static void createEmptyFunction(Module &M) {
30  // TODO: Some arguments and a return value would probably be more interesting.
31  LLVMContext &Context = M.getContext();
32  Function *F = Function::Create(FunctionType::get(Type::getVoidTy(Context), {},
33  /*isVarArg=*/false),
34  GlobalValue::ExternalLinkage, "f", &M);
35  BasicBlock *BB = BasicBlock::Create(Context, "BB", F);
36  ReturnInst::Create(Context, BB);
37 }
38 
39 void IRMutationStrategy::mutate(Module &M, RandomIRBuilder &IB) {
40  auto RS = makeSampler<Function *>(IB.Rand);
41  for (Function &F : M)
42  if (!F.isDeclaration())
43  RS.sample(&F, /*Weight=*/1);
44 
45  if (RS.isEmpty())
46  createEmptyFunction(M);
47  else
48  mutate(*RS.getSelection(), IB);
49 }
50 
51 void IRMutationStrategy::mutate(Function &F, RandomIRBuilder &IB) {
52  mutate(*makeSampler(IB.Rand, make_pointer_range(F)).getSelection(), IB);
53 }
54 
55 void IRMutationStrategy::mutate(BasicBlock &BB, RandomIRBuilder &IB) {
56  mutate(*makeSampler(IB.Rand, make_pointer_range(BB)).getSelection(), IB);
57 }
58 
59 void IRMutator::mutateModule(Module &M, int Seed, size_t CurSize,
60  size_t MaxSize) {
61  std::vector<Type *> Types;
62  for (const auto &Getter : AllowedTypes)
63  Types.push_back(Getter(M.getContext()));
64  RandomIRBuilder IB(Seed, Types);
65 
66  auto RS = makeSampler<IRMutationStrategy *>(IB.Rand);
67  for (const auto &Strategy : Strategies)
68  RS.sample(Strategy.get(),
69  Strategy->getWeight(CurSize, MaxSize, RS.totalWeight()));
70  auto Strategy = RS.getSelection();
71 
72  Strategy->mutate(M, IB);
73 }
74 
75 static void eliminateDeadCode(Function &F) {
76  FunctionPassManager FPM;
77  FPM.addPass(DCEPass());
78  FunctionAnalysisManager FAM;
79  FAM.registerPass([&] { return TargetLibraryAnalysis(); });
80  FAM.registerPass([&] { return PassInstrumentationAnalysis(); });
81  FPM.run(F, FAM);
82 }
83 
84 void InjectorIRStrategy::mutate(Function &F, RandomIRBuilder &IB) {
85  IRMutationStrategy::mutate(F, IB);
86  eliminateDeadCode(F);
87 }
88 
89 std::vector<fuzzerop::OpDescriptor> InjectorIRStrategy::getDefaultOps() {
90  std::vector<fuzzerop::OpDescriptor> Ops;
91  describeFuzzerIntOps(Ops);
92  describeFuzzerFloatOps(Ops);
93  describeFuzzerControlFlowOps(Ops);
94  describeFuzzerPointerOps(Ops);
95  describeFuzzerAggregateOps(Ops);
96  describeFuzzerVectorOps(Ops);
97  return Ops;
98 }
99 
100 Optional<fuzzerop::OpDescriptor>
101 InjectorIRStrategy::chooseOperation(Value *Src, RandomIRBuilder &IB) {
102  auto OpMatchesPred = [&Src](fuzzerop::OpDescriptor &Op) {
103  return Op.SourcePreds[0].matches({}, Src);
104  };
105  auto RS = makeSampler(IB.Rand, make_filter_range(Operations, OpMatchesPred));
106  if (RS.isEmpty())
107  return None;
108  return *RS;
109 }
110 
111 void InjectorIRStrategy::mutate(BasicBlock &BB, RandomIRBuilder &IB) {
112  SmallVector<Instruction *, 32> Insts;
113  for (auto I = BB.getFirstInsertionPt(), E = BB.end(); I != E; ++I)
114  Insts.push_back(&*I);
115  if (Insts.size() < 1)
116  return;
117 
118  // Choose an insertion point for our new instruction.
119  size_t IP = uniform<size_t>(IB.Rand, 0, Insts.size() - 1);
120 
121  auto InstsBefore = makeArrayRef(Insts).slice(0, IP);
122  auto InstsAfter = makeArrayRef(Insts).slice(IP);
123 
124  // Choose a source, which will be used to constrain the operation selection.
125  SmallVector<Value *, 2> Srcs;
126  Srcs.push_back(IB.findOrCreateSource(BB, InstsBefore));
127 
128  // Choose an operation that's constrained to be valid for the type of the
129  // source, collect any other sources it needs, and then build it.
130  auto OpDesc = chooseOperation(Srcs[0], IB);
131  // Bail if no operation was found
132  if (!OpDesc)
133  return;
134 
135  for (const auto &Pred : makeArrayRef(OpDesc->SourcePreds).slice(1))
136  Srcs.push_back(IB.findOrCreateSource(BB, InstsBefore, Srcs, Pred));
137 
138  if (Value *Op = OpDesc->BuilderFunc(Srcs, Insts[IP])) {
139  // Find a sink and wire up the results of the operation.
140  IB.connectToSink(BB, InstsAfter, Op);
141  }
142 }
143 
144 uint64_t InstDeleterIRStrategy::getWeight(size_t CurrentSize, size_t MaxSize,
145  uint64_t CurrentWeight) {
146  // If we have less than 200 bytes, panic and try to always delete.
147  if (CurrentSize > MaxSize - 200)
148  return CurrentWeight ? CurrentWeight * 100 : 1;
149  // Draw a line starting from when we only have 1k left and increasing linearly
150  // to double the current weight.
151  int64_t Line = (-2 * static_cast<int64_t>(CurrentWeight)) *
152  (static_cast<int64_t>(MaxSize) -
153  static_cast<int64_t>(CurrentSize) - 1000) /
154  1000;
155  // Clamp negative weights to zero.
156  if (Line < 0)
157  return 0;
158  return Line;
159 }
160 
161 void InstDeleterIRStrategy::mutate(Function &F, RandomIRBuilder &IB) {
162  auto RS = makeSampler<Instruction *>(IB.Rand);
163  for (Instruction &Inst : instructions(F)) {
164  // TODO: We can't handle these instructions.
165  if (Inst.isTerminator() || Inst.isEHPad() ||
166  Inst.isSwiftError() || isa<PHINode>(Inst))
167  continue;
168 
169  RS.sample(&Inst, /*Weight=*/1);
170  }
171  if (RS.isEmpty())
172  return;
173 
174  // Delete the instruction.
175  mutate(*RS.getSelection(), IB);
176  // Clean up any dead code that's left over after removing the instruction.
177  eliminateDeadCode(F);
178 }
179 
180 void InstDeleterIRStrategy::mutate(Instruction &Inst, RandomIRBuilder &IB) {
181  assert(!Inst.isTerminator() && "Deleting terminators invalidates CFG");
182 
183  if (Inst.getType()->isVoidTy()) {
184  // Instructions with void type (ie, store) have no uses to worry about. Just
185  // erase it and move on.
186  Inst.eraseFromParent();
187  return;
188  }
189 
190  // Otherwise we need to find some other value with the right type to keep the
191  // users happy.
192  auto Pred = fuzzerop::onlyType(Inst.getType());
193  auto RS = makeSampler<Value *>(IB.Rand);
194  SmallVector<Instruction *, 32> InstsBefore;
195  BasicBlock *BB = Inst.getParent();
196  for (auto I = BB->getFirstInsertionPt(), E = Inst.getIterator(); I != E;
197  ++I) {
198  if (Pred.matches({}, &*I))
199  RS.sample(&*I, /*Weight=*/1);
200  InstsBefore.push_back(&*I);
201  }
202  if (!RS)
203  RS.sample(IB.newSource(*BB, InstsBefore, {}, Pred), /*Weight=*/1);
204 
205  Inst.replaceAllUsesWith(RS.getSelection());
206  Inst.eraseFromParent();
207 }
208 
209 void InstModificationIRStrategy::mutate(Instruction &Inst,
210  RandomIRBuilder &IB) {
211  SmallVector<std::function<void()>, 8> Modifications;
212  CmpInst *CI = nullptr;
213  GetElementPtrInst *GEP = nullptr;
214  switch (Inst.getOpcode()) {
215  default:
216  break;
217  case Instruction::Add:
218  case Instruction::Mul:
219  case Instruction::Sub:
220  case Instruction::Shl:
221  Modifications.push_back([&Inst]() { Inst.setHasNoSignedWrap(true); }),
222  Modifications.push_back([&Inst]() { Inst.setHasNoSignedWrap(false); });
223  Modifications.push_back([&Inst]() { Inst.setHasNoUnsignedWrap(true); });
224  Modifications.push_back([&Inst]() { Inst.setHasNoUnsignedWrap(false); });
225 
226  break;
227  case Instruction::ICmp:
228  CI = cast<ICmpInst>(&Inst);
229  Modifications.push_back([CI]() { CI->setPredicate(CmpInst::ICMP_EQ); });
230  Modifications.push_back([CI]() { CI->setPredicate(CmpInst::ICMP_NE); });
231  Modifications.push_back([CI]() { CI->setPredicate(CmpInst::ICMP_UGT); });
232  Modifications.push_back([CI]() { CI->setPredicate(CmpInst::ICMP_UGE); });
233  Modifications.push_back([CI]() { CI->setPredicate(CmpInst::ICMP_ULT); });
234  Modifications.push_back([CI]() { CI->setPredicate(CmpInst::ICMP_ULE); });
235  Modifications.push_back([CI]() { CI->setPredicate(CmpInst::ICMP_SGT); });
236  Modifications.push_back([CI]() { CI->setPredicate(CmpInst::ICMP_SGE); });
237  Modifications.push_back([CI]() { CI->setPredicate(CmpInst::ICMP_SLT); });
238  Modifications.push_back([CI]() { CI->setPredicate(CmpInst::ICMP_SLE); });
239  break;
240  case Instruction::GetElementPtr:
241  GEP = cast<GetElementPtrInst>(&Inst);
242  Modifications.push_back([GEP]() { GEP->setIsInBounds(true); });
243  Modifications.push_back([GEP]() { GEP->setIsInBounds(false); });
244  break;
245  }
246 
247  auto RS = makeSampler(IB.Rand, Modifications);
248  if (RS)
249  RS.getSelection()();
250 }
251 
252 std::unique_ptr<Module> llvm::parseModule(const uint8_t *Data, size_t Size,
253  LLVMContext &Context) {
254 
255  if (Size <= 1)
256  // We get bogus data given an empty corpus - just create a new module.
257  return std::make_unique<Module>("M", Context);
258 
259  auto Buffer = MemoryBuffer::getMemBuffer(
260  StringRef(reinterpret_cast<const char *>(Data), Size), "Fuzzer input",
261  /*RequiresNullTerminator=*/false);
262 
263  SMDiagnostic Err;
264  auto M = parseBitcodeFile(Buffer->getMemBufferRef(), Context);
265  if (Error E = M.takeError()) {
266  errs() << toString(std::move(E)) << "\n";
267  return nullptr;
268  }
269  return std::move(M.get());
270 }
271 
272 size_t llvm::writeModule(const Module &M, uint8_t *Dest, size_t MaxSize) {
273  std::string Buf;
274  {
275  raw_string_ostream OS(Buf);
276  WriteBitcodeToFile(M, OS);
277  }
278  if (Buf.size() > MaxSize)
279  return 0;
280  memcpy(Dest, Buf.data(), Buf.size());
281  return Buf.size();
282 }
283 
284 std::unique_ptr<Module> llvm::parseAndVerify(const uint8_t *Data, size_t Size,
285  LLVMContext &Context) {
286  auto M = parseModule(Data, Size, Context);
287  if (!M || verifyModule(*M, &errs()))
288  return nullptr;
289 
290  return M;
291 }
MemoryBuffer.h
llvm::Instruction::isTerminator
bool isTerminator() const
Definition: Instruction.h:160
IRMutator.h
llvm::DCEPass
Basic Dead Code Elimination pass.
Definition: DCE.h:23
llvm::parseModule
std::unique_ptr< Module > parseModule(const uint8_t *Data, size_t Size, LLVMContext &Context)
Fuzzer friendly interface for the llvm bitcode parser.
Definition: IRMutator.cpp:252
llvm::RandomIRBuilder::findOrCreateSource
Value * findOrCreateSource(BasicBlock &BB, ArrayRef< Instruction * > Insts)
Find a "source" for some operation, which will be used in one of the operation's operands.
Definition: RandomIRBuilder.cpp:21
llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AddressRanges.h:17
createEmptyFunction
static void createEmptyFunction(Module &M)
Definition: IRMutator.cpp:29
M
We currently emits eax Perhaps this is what we really should generate is Is imull three or four cycles eax eax The current instruction priority is based on pattern complexity The former is more complex because it folds a load so the latter will not be emitted Perhaps we should use AddedComplexity to give LEA32r a higher priority We should always try to match LEA first since the LEA matching code does some estimate to determine whether the match is profitable if we care more about code then imull is better It s two bytes shorter than movl leal On a Pentium M
Definition: README.txt:252
llvm::CmpInst::ICMP_EQ
@ ICMP_EQ
equal
Definition: InstrTypes.h:740
Optional.h
InstIterator.h
llvm::Function
Definition: Function.h:60
llvm::PassManager::addPass
LLVM_ATTRIBUTE_MINSIZE std::enable_if_t<!std::is_same< PassT, PassManager >::value > addPass(PassT &&Pass)
Definition: PassManager.h:550
llvm::raw_string_ostream
A raw_ostream that writes to an std::string.
Definition: raw_ostream.h:632
llvm::InstDeleterIRStrategy::getWeight
uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override
Provide a weight to bias towards choosing this strategy for a mutation.
Definition: IRMutator.cpp:144
llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1185
llvm::CmpInst::ICMP_NE
@ ICMP_NE
not equal
Definition: InstrTypes.h:741
llvm::FunctionType::get
static FunctionType * get(Type *Result, ArrayRef< Type * > Params, bool isVarArg)
This static method is the primary way of constructing a FunctionType.
Definition: Type.cpp:361
FAM
FunctionAnalysisManager FAM
Definition: PassBuilderBindings.cpp:59
llvm::CmpInst::ICMP_SGT
@ ICMP_SGT
signed greater than
Definition: InstrTypes.h:746
Module.h
llvm::InstModificationIRStrategy::mutate
void mutate(Instruction &Inst, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:209
llvm::Instruction::setHasNoUnsignedWrap
void setHasNoUnsignedWrap(bool b=true)
Set or clear the nuw flag on this instruction, which must be an operator which supports this flag.
Definition: Instruction.cpp:123
llvm::Optional
Definition: APInt.h:33
llvm::CmpInst::ICMP_SLE
@ ICMP_SLE
signed less or equal
Definition: InstrTypes.h:749
llvm::errs
raw_fd_ostream & errs()
This returns a reference to a raw_ostream for standard error.
Definition: raw_ostream.cpp:893
llvm::Data
@ Data
Definition: SIMachineScheduler.h:55
F
#define F(x, y, z)
Definition: MD5.cpp:55
llvm::BasicBlock
LLVM Basic Block Representation.
Definition: BasicBlock.h:55
Context
LLVMContext & Context
Definition: NVVMIntrRange.cpp:66
llvm::Instruction::getOpcode
unsigned getOpcode() const
Returns a member of one of the enums like Instruction::Add.
Definition: Instruction.h:157
llvm::MemoryBuffer::getMemBuffer
static std::unique_ptr< MemoryBuffer > getMemBuffer(StringRef InputData, StringRef BufferName="", bool RequiresNullTerminator=true)
Open the specified memory range as a MemoryBuffer.
Definition: MemoryBuffer.cpp:115
llvm::IRMutationStrategy::mutate
virtual void mutate(Function &F, RandomIRBuilder &IB)
Definition: IRMutator.cpp:51
llvm::describeFuzzerPointerOps
void describeFuzzerPointerOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Definition: Operations.cpp:75
E
static GCRegistry::Add< CoreCLRGC > E("coreclr", "CoreCLR-compatible GC")
llvm::Instruction::setHasNoSignedWrap
void setHasNoSignedWrap(bool b=true)
Set or clear the nsw flag on this instruction, which must be an operator which supports this flag.
Definition: Instruction.cpp:127
BitcodeWriter.h
llvm::CmpInst::ICMP_ULE
@ ICMP_ULE
unsigned less or equal
Definition: InstrTypes.h:745
llvm::SMDiagnostic
Instances of this class encapsulate one diagnostic report, allowing printing to a raw_ostream as a ca...
Definition: SourceMgr.h:281
IP
Definition: NVPTXLowerArgs.cpp:167
TargetLibraryInfo.h
llvm::fuzzerop::OpDescriptor
A description of some operation we can build while fuzzing IR.
Definition: OpDescriptor.h:88
llvm::Instruction
Definition: Instruction.h:42
llvm::InjectorIRStrategy::mutate
void mutate(Function &F, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:84
llvm::describeFuzzerIntOps
void describeFuzzerIntOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Getters for the default sets of operations, per general category.
Definition: Operations.cpp:18
llvm::None
const NoneType None
Definition: None.h:24
SourceMgr.h
llvm::CmpInst
This class is the base class for the comparison instructions.
Definition: InstrTypes.h:709
RandomIRBuilder.h
BasicBlock.h
llvm::instructions
inst_range instructions(Function *F)
Definition: InstIterator.h:133
Seed
static ManagedStatic< cl::opt< uint64_t >, CreateSeed > Seed
Definition: RandomNumberGenerator.cpp:40
llvm::Instruction::eraseFromParent
SymbolTableList< Instruction >::iterator eraseFromParent()
This method unlinks 'this' from the containing basic block and deletes it.
Definition: Instruction.cpp:77
uint64_t
llvm::parseBitcodeFile
Expected< std::unique_ptr< Module > > parseBitcodeFile(MemoryBufferRef Buffer, LLVMContext &Context, DataLayoutCallbackTy DataLayoutCallback=[](StringRef) { return None;})
Read the specified bitcode file, returning the module.
Definition: BitcodeReader.cpp:7547
move
compiles ldr LCPI1_0 ldr ldr mov lsr tst moveq r1 ldr LCPI1_1 and r0 bx lr It would be better to do something like to fold the shift into the conditional move
Definition: README.txt:546
llvm::LLVMContext
This is an important class for using LLVM in a threaded context.
Definition: LLVMContext.h:68
llvm::InstDeleterIRStrategy::mutate
void mutate(Function &F, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:161
I
#define I(x, y, z)
Definition: MD5.cpp:58
llvm::GetElementPtrInst
an instruction for type-safe pointer arithmetic to access elements of arrays and structs
Definition: Instructions.h:916
llvm::RandomIRBuilder::connectToSink
void connectToSink(BasicBlock &BB, ArrayRef< Instruction * > Insts, Value *V)
Find a viable user for V in Insts, which should all be contained in BB.
Definition: RandomIRBuilder.cpp:98
llvm::Function::Create
static Function * Create(FunctionType *Ty, LinkageTypes Linkage, unsigned AddrSpace, const Twine &N="", Module *M=nullptr)
Definition: Function.h:137
assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())
memcpy
<%struct.s * > cast struct s *S to sbyte *< sbyte * > sbyte uint cast struct s *agg result to sbyte *< sbyte * > sbyte uint cast struct s *memtmp to sbyte *< sbyte * > sbyte uint ret void llc ends up issuing two memcpy or custom lower memcpy(of small size) to be ldmia/stmia. I think option 2 is better but the current register allocator cannot allocate a chunk of registers at a time. A feasible temporary solution is to use specific physical registers at the lowering time for small(<
llvm::CmpInst::ICMP_UGE
@ ICMP_UGE
unsigned greater or equal
Definition: InstrTypes.h:743
function
print Print MemDeps of function
Definition: MemDepPrinter.cpp:82
llvm::Type::isVoidTy
bool isVoidTy() const
Return true if this is 'void'.
Definition: Type.h:139
llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:65
llvm::CmpInst::ICMP_SLT
@ ICMP_SLT
signed less than
Definition: InstrTypes.h:748
llvm::WriteBitcodeToFile
void WriteBitcodeToFile(const Module &M, raw_ostream &Out, bool ShouldPreserveUseListOrder=false, const ModuleSummaryIndex *Index=nullptr, bool GenerateHash=false, ModuleHash *ModHash=nullptr)
Write the specified module to the specified raw output stream.
Definition: BitcodeWriter.cpp:4688
llvm::make_pointer_range
iterator_range< pointer_iterator< WrappedIteratorT > > make_pointer_range(RangeT &&Range)
Definition: iterator.h:363
Mul
BinaryOperator * Mul
Definition: X86PartialReduction.cpp:70
llvm::StringRef
StringRef - Represent a constant reference to a string, i.e.
Definition: StringRef.h:58
llvm::CmpInst::ICMP_ULT
@ ICMP_ULT
unsigned less than
Definition: InstrTypes.h:744
llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition: Value.h:255
llvm::Value::replaceAllUsesWith
void replaceAllUsesWith(Value *V)
Change all uses of this to point to a new Value.
Definition: Value.cpp:529
llvm::BasicBlock::Create
static BasicBlock * Create(LLVMContext &Context, const Twine &Name="", Function *Parent=nullptr, BasicBlock *InsertBefore=nullptr)
Creates a new BasicBlock.
Definition: BasicBlock.h:97
llvm::ilist_node_impl::getIterator
self_iterator getIterator()
Definition: ilist_node.h:82
llvm::make_filter_range
iterator_range< filter_iterator< detail::IterOfRange< RangeT >, PredicateT > > make_filter_range(RangeT &&Range, PredicateT Pred)
Convenience function that takes a range of elements and a predicate, and return a new filter_iterator...
Definition: STLExtras.h:534
Operations.h
llvm::RandomIRBuilder
Definition: RandomIRBuilder.h:32
llvm::InjectorIRStrategy::getDefaultOps
static std::vector< fuzzerop::OpDescriptor > getDefaultOps()
Definition: IRMutator.cpp:89
llvm::describeFuzzerControlFlowOps
void describeFuzzerControlFlowOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Definition: Operations.cpp:70
llvm::PassManager< Function >
llvm::makeSampler
ReservoirSampler< ElT, GenT > makeSampler(GenT &RandGen, RangeT &&Items)
Definition: Random.h:75
Random.h
Verifier.h
llvm::toString
const char * toString(DWARFSectionKind Kind)
Definition: DWARFUnitIndex.h:67
llvm::AMDGPU::SendMsg::Op
Op
Definition: SIDefines.h:345
llvm::RandomIRBuilder::Rand
RandomEngine Rand
Definition: RandomIRBuilder.h:33
llvm::Error
Lightweight error class with error context and mandatory checking.
Definition: Error.h:155
Function.h
llvm::ReturnInst::Create
static ReturnInst * Create(LLVMContext &C, Value *retVal=nullptr, Instruction *InsertBefore=nullptr)
Definition: Instructions.h:3031
llvm::CmpInst::ICMP_SGE
@ ICMP_SGE
signed greater or equal
Definition: InstrTypes.h:747
llvm::AnalysisManager::registerPass
bool registerPass(PassBuilderT &&PassBuilder)
Register an analysis pass with the manager.
Definition: PassManager.h:842
llvm::MCID::Add
@ Add
Definition: MCInstrDesc.h:185
llvm::CmpInst::setPredicate
void setPredicate(Predicate P)
Set the predicate for this instruction to the specified value.
Definition: InstrTypes.h:812
llvm::PassManager::run
PreservedAnalyses run(IRUnitT &IR, AnalysisManagerT &AM, ExtraArgTs... ExtraArgs)
Run all of the passes in this manager over the given unit of IR.
Definition: PassManager.h:498
llvm::RandomIRBuilder::newSource
Value * newSource(BasicBlock &BB, ArrayRef< Instruction * > Insts, ArrayRef< Value * > Srcs, fuzzerop::SourcePred Pred)
Create some Value suitable as a source for some operation.
Definition: RandomIRBuilder.cpp:41
llvm::fuzzerop::onlyType
static SourcePred onlyType(Type *Only)
Definition: OpDescriptor.h:94
llvm::IRMutationStrategy::mutate
virtual void mutate(Module &M, RandomIRBuilder &IB)
Definition: IRMutator.cpp:39
llvm::makeArrayRef
ArrayRef< T > makeArrayRef(const T &OneElt)
Construct an ArrayRef from a single element.
Definition: ArrayRef.h:475
llvm::GlobalValue::ExternalLinkage
@ ExternalLinkage
Externally visible function.
Definition: GlobalValue.h:48
llvm::Type::getVoidTy
static Type * getVoidTy(LLVMContext &C)
Definition: Type.cpp:222
llvm::describeFuzzerVectorOps
void describeFuzzerVectorOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Definition: Operations.cpp:85
Instructions.h
llvm::CmpInst::ICMP_UGT
@ ICMP_UGT
unsigned greater than
Definition: InstrTypes.h:742
llvm::Instruction::getParent
const BasicBlock * getParent() const
Definition: Instruction.h:91
llvm::IRMutator::mutateModule
void mutateModule(Module &M, int Seed, size_t CurSize, size_t MaxSize)
Definition: IRMutator.cpp:59
eliminateDeadCode
static void eliminateDeadCode(Function &F)
Definition: IRMutator.cpp:75
llvm::AnalysisManager
A container for analyses that lazily runs them and caches their results.
Definition: InstructionSimplify.h:42
llvm::PassInstrumentationAnalysis
Pseudo-analysis pass that exposes the PassInstrumentation to pass managers.
Definition: PassManager.h:600
DCE.h
BB
Common register allocation spilling lr str ldr sxth r3 ldr mla r4 can lr mov lr str ldr sxth r3 mla r4 and then merge mul and lr str ldr sxth r3 mla r4 It also increase the likelihood the store may become dead bb27 Successors according to LLVM BB
Definition: README.txt:39
GEP
Hexagon Common GEP
Definition: HexagonCommonGEP.cpp:171
llvm::describeFuzzerFloatOps
void describeFuzzerFloatOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Definition: Operations.cpp:45
BitcodeReader.h
llvm::writeModule
size_t writeModule(const Module &M, uint8_t *Dest, size_t MaxSize)
Fuzzer friendly interface for the llvm bitcode printer.
Definition: IRMutator.cpp:272
llvm::describeFuzzerAggregateOps
void describeFuzzerAggregateOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Definition: Operations.cpp:79
llvm::Value
LLVM Value Representation.
Definition: Value.h:74
llvm::TargetLibraryAnalysis
Analysis pass providing the TargetLibraryInfo.
Definition: TargetLibraryInfo.h:443
llvm::parseAndVerify
std::unique_ptr< Module > parseAndVerify(const uint8_t *Data, size_t Size, LLVMContext &Context)
Try to parse module and verify it.
Definition: IRMutator.cpp:284
llvm::verifyModule
bool verifyModule(const Module &M, raw_ostream *OS=nullptr, bool *BrokenDebugInfo=nullptr)
Check a module for errors.
Definition: Verifier.cpp:6161
Generated on Sat Jun 25 2022 13:37:32 for LLVM by   doxygen 1.8.17