LLVM 19.0.0git
IRMutator.cpp
Go to the documentation of this file.
1//===-- IRMutator.cpp -----------------------------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8
9#include "llvm/FuzzMutate/IRMutator.h"
10#include "llvm/ADT/STLExtras.h"
11#include "llvm/ADT/SmallSet.h"
12#include "llvm/Analysis/TargetLibraryInfo.h"
13#include "llvm/Bitcode/BitcodeReader.h"
14#include "llvm/Bitcode/BitcodeWriter.h"
15#include "llvm/FuzzMutate/Operations.h"
16#include "llvm/FuzzMutate/Random.h"
17#include "llvm/FuzzMutate/RandomIRBuilder.h"
18#include "llvm/IR/BasicBlock.h"
19#include "llvm/IR/FMF.h"
20#include "llvm/IR/Function.h"
21#include "llvm/IR/InstIterator.h"
22#include "llvm/IR/Instructions.h"
23#include "llvm/IR/Module.h"
24#include "llvm/IR/Operator.h"
25#include "llvm/IR/PassInstrumentation.h"
26#include "llvm/IR/Verifier.h"
27#include "llvm/Support/MemoryBuffer.h"
28#include "llvm/Support/SourceMgr.h"
29#include "llvm/Transforms/Scalar/DCE.h"
30#include "llvm/Transforms/Utils/BasicBlockUtils.h"
31#include <map>
32#include <optional>
33
34using namespace llvm;
35
36void IRMutationStrategy::mutate(Module &M, RandomIRBuilder &IB) {
37 auto RS = makeSampler<Function *>(IB.Rand);
38 for (Function &F : M)
39 if (!F.isDeclaration())
40 RS.sample(&F, /*Weight=*/1);
41
42 while (RS.totalWeight() < IB.MinFunctionNum) {
43 Function *F = IB.createFunctionDefinition(M);
44 RS.sample(F, /*Weight=*/1);
45 }
46 mutate(*RS.getSelection(), IB);
47}
48
49void IRMutationStrategy::mutate(Function &F, RandomIRBuilder &IB) {
50 auto Range = make_filter_range(make_pointer_range(F),
51 [](BasicBlock *BB) { return !BB->isEHPad(); });
52
53 mutate(*makeSampler(IB.Rand, Range).getSelection(), IB);
54}
55
56void IRMutationStrategy::mutate(BasicBlock &BB, RandomIRBuilder &IB) {
57 mutate(*makeSampler(IB.Rand, make_pointer_range(BB)).getSelection(), IB);
58}
59
60size_t llvm::IRMutator::getModuleSize(const Module &M) {
61 return M.getInstructionCount() + M.size() + M.global_size() + M.alias_size();
62}
63
64void IRMutator::mutateModule(Module &M, int Seed, size_t MaxSize) {
65 std::vector<Type *> Types;
66 for (const auto &Getter : AllowedTypes)
67 Types.push_back(Getter(M.getContext()));
68 RandomIRBuilder IB(Seed, Types);
69
70 size_t CurSize = IRMutator::getModuleSize(M);
71 auto RS = makeSampler<IRMutationStrategy *>(IB.Rand);
72 for (const auto &Strategy : Strategies)
73 RS.sample(Strategy.get(),
74 Strategy->getWeight(CurSize, MaxSize, RS.totalWeight()));
75 if (RS.totalWeight() == 0)
76 return;
77 auto Strategy = RS.getSelection();
78
79 Strategy->mutate(M, IB);
80}
81
82static void eliminateDeadCode(Function &F) {
83 FunctionPassManager FPM;
84 FPM.addPass(DCEPass());
85 FunctionAnalysisManager FAM;
86 FAM.registerPass([&] { return TargetLibraryAnalysis(); });
87 FAM.registerPass([&] { return PassInstrumentationAnalysis(); });
88 FPM.run(F, FAM);
89}
90
91void InjectorIRStrategy::mutate(Function &F, RandomIRBuilder &IB) {
92 IRMutationStrategy::mutate(F, IB);
93 eliminateDeadCode(F);
94}
95
96std::vector<fuzzerop::OpDescriptor> InjectorIRStrategy::getDefaultOps() {
97 std::vector<fuzzerop::OpDescriptor> Ops;
98 describeFuzzerIntOps(Ops);
99 describeFuzzerFloatOps(Ops);
100 describeFuzzerControlFlowOps(Ops);
101 describeFuzzerPointerOps(Ops);
102 describeFuzzerAggregateOps(Ops);
103 describeFuzzerVectorOps(Ops);
104 return Ops;
105}
106
107std::optional<fuzzerop::OpDescriptor>
108InjectorIRStrategy::chooseOperation(Value *Src, RandomIRBuilder &IB) {
109 auto OpMatchesPred = [&Src](fuzzerop::OpDescriptor &Op) {
110 return Op.SourcePreds[0].matches({}, Src);
111 };
112 auto RS = makeSampler(IB.Rand, make_filter_range(Operations, OpMatchesPred));
113 if (RS.isEmpty())
114 return std::nullopt;
115 return *RS;
116}
117
118static inline iterator_range<BasicBlock::iterator>
119getInsertionRange(BasicBlock &BB) {
120 auto End = BB.getTerminatingMustTailCall() ? std::prev(BB.end()) : BB.end();
121 return make_range(BB.getFirstInsertionPt(), End);
122}
123
124void InjectorIRStrategy::mutate(BasicBlock &BB, RandomIRBuilder &IB) {
125 SmallVector<Instruction *, 32> Insts;
126 for (Instruction &I : getInsertionRange(BB))
127 Insts.push_back(&I);
128 if (Insts.size() < 1)
129 return;
130
131 // Choose an insertion point for our new instruction.
132 size_t IP = uniform<size_t>(IB.Rand, 0, Insts.size() - 1);
133
134 auto InstsBefore = ArrayRef(Insts).slice(0, IP);
135 auto InstsAfter = ArrayRef(Insts).slice(IP);
136
137 // Choose a source, which will be used to constrain the operation selection.
138 SmallVector<Value *, 2> Srcs;
139 Srcs.push_back(IB.findOrCreateSource(BB, InstsBefore));
140
141 // Choose an operation that's constrained to be valid for the type of the
142 // source, collect any other sources it needs, and then build it.
143 auto OpDesc = chooseOperation(Srcs[0], IB);
144 // Bail if no operation was found
145 if (!OpDesc)
146 return;
147
148 for (const auto &Pred : ArrayRef(OpDesc->SourcePreds).slice(1))
149 Srcs.push_back(IB.findOrCreateSource(BB, InstsBefore, Srcs, Pred));
150
151 if (Value *Op = OpDesc->BuilderFunc(Srcs, Insts[IP])) {
152 // Find a sink and wire up the results of the operation.
153 IB.connectToSink(BB, InstsAfter, Op);
154 }
155}
156
157uint64_t InstDeleterIRStrategy::getWeight(size_t CurrentSize, size_t MaxSize,
158 uint64_t CurrentWeight) {
159 // If we have less than 200 bytes, panic and try to always delete.
160 if (CurrentSize > MaxSize - 200)
161 return CurrentWeight ? CurrentWeight * 100 : 1;
162 // Draw a line starting from when we only have 1k left and increasing linearly
163 // to double the current weight.
164 int64_t Line = (-2 * static_cast<int64_t>(CurrentWeight)) *
165 (static_cast<int64_t>(MaxSize) -
166 static_cast<int64_t>(CurrentSize) - 1000) /
167 1000;
168 // Clamp negative weights to zero.
169 if (Line < 0)
170 return 0;
171 return Line;
172}
173
174void InstDeleterIRStrategy::mutate(Function &F, RandomIRBuilder &IB) {
175 auto RS = makeSampler<Instruction *>(IB.Rand);
176 for (Instruction &Inst : instructions(F)) {
177 // TODO: We can't handle these instructions.
178 if (Inst.isTerminator() || Inst.isEHPad() || Inst.isSwiftError() ||
179 isa<PHINode>(Inst))
180 continue;
181
182 RS.sample(&Inst, /*Weight=*/1);
183 }
184 if (RS.isEmpty())
185 return;
186
187 // Delete the instruction.
188 mutate(*RS.getSelection(), IB);
189 // Clean up any dead code that's left over after removing the instruction.
190 eliminateDeadCode(F);
191}
192
193void InstDeleterIRStrategy::mutate(Instruction &Inst, RandomIRBuilder &IB) {
194 assert(!Inst.isTerminator() && "Deleting terminators invalidates CFG");
195
196 if (Inst.getType()->isVoidTy()) {
197 // Instructions with void type (ie, store) have no uses to worry about. Just
198 // erase it and move on.
199 Inst.eraseFromParent();
200 return;
201 }
202
203 // Otherwise we need to find some other value with the right type to keep the
204 // users happy.
205 auto Pred = fuzzerop::onlyType(Inst.getType());
206 auto RS = makeSampler<Value *>(IB.Rand);
207 SmallVector<Instruction *, 32> InstsBefore;
208 BasicBlock *BB = Inst.getParent();
209 for (auto I = BB->getFirstInsertionPt(), E = Inst.getIterator(); I != E;
210 ++I) {
211 if (Pred.matches({}, &*I))
212 RS.sample(&*I, /*Weight=*/1);
213 InstsBefore.push_back(&*I);
214 }
215 if (!RS)
216 RS.sample(IB.newSource(*BB, InstsBefore, {}, Pred), /*Weight=*/1);
217
218 Inst.replaceAllUsesWith(RS.getSelection());
219 Inst.eraseFromParent();
220}
221
222void InstModificationIRStrategy::mutate(Instruction &Inst,
223 RandomIRBuilder &IB) {
224 SmallVector<std::function<void()>, 8> Modifications;
225 CmpInst *CI = nullptr;
226 GetElementPtrInst *GEP = nullptr;
227 switch (Inst.getOpcode()) {
228 default:
229 break;
230 // Add nsw, nuw flag
231 case Instruction::Add:
232 case Instruction::Mul:
233 case Instruction::Sub:
234 case Instruction::Shl:
235 Modifications.push_back(
236 [&Inst]() { Inst.setHasNoSignedWrap(!Inst.hasNoSignedWrap()); });
237 Modifications.push_back(
238 [&Inst]() { Inst.setHasNoUnsignedWrap(!Inst.hasNoUnsignedWrap()); });
239 break;
240 case Instruction::ICmp:
241 CI = cast<ICmpInst>(&Inst);
242 for (unsigned p = CmpInst::FIRST_ICMP_PREDICATE;
243 p <= CmpInst::LAST_ICMP_PREDICATE; p++) {
244 Modifications.push_back(
245 [CI, p]() { CI->setPredicate(static_cast<CmpInst::Predicate>(p)); });
246 }
247 break;
248 // Add inbound flag.
249 case Instruction::GetElementPtr:
250 GEP = cast<GetElementPtrInst>(&Inst);
251 Modifications.push_back(
252 [GEP]() { GEP->setIsInBounds(!GEP->isInBounds()); });
253 break;
254 // Add exact flag.
255 case Instruction::UDiv:
256 case Instruction::SDiv:
257 case Instruction::LShr:
258 case Instruction::AShr:
259 Modifications.push_back([&Inst] { Inst.setIsExact(!Inst.isExact()); });
260 break;
261
262 case Instruction::FCmp:
263 CI = cast<FCmpInst>(&Inst);
264 for (unsigned p = CmpInst::FIRST_FCMP_PREDICATE;
265 p <= CmpInst::LAST_FCMP_PREDICATE; p++) {
266 Modifications.push_back(
267 [CI, p]() { CI->setPredicate(static_cast<CmpInst::Predicate>(p)); });
268 }
269 break;
270 }
271
272 // Add fast math flag if possible.
273 if (isa<FPMathOperator>(&Inst)) {
274 // Try setting everything unless they are already on.
275 Modifications.push_back(
276 [&Inst] { Inst.setFast(!Inst.getFastMathFlags().all()); });
277 // Try unsetting everything unless they are already off.
278 Modifications.push_back(
279 [&Inst] { Inst.setFast(!Inst.getFastMathFlags().none()); });
280 // Individual setting by flipping the bit
281 Modifications.push_back(
282 [&Inst] { Inst.setHasAllowReassoc(!Inst.hasAllowReassoc()); });
283 Modifications.push_back([&Inst] { Inst.setHasNoNaNs(!Inst.hasNoNaNs()); });
284 Modifications.push_back([&Inst] { Inst.setHasNoInfs(!Inst.hasNoInfs()); });
285 Modifications.push_back(
286 [&Inst] { Inst.setHasNoSignedZeros(!Inst.hasNoSignedZeros()); });
287 Modifications.push_back(
288 [&Inst] { Inst.setHasAllowReciprocal(!Inst.hasAllowReciprocal()); });
289 Modifications.push_back(
290 [&Inst] { Inst.setHasAllowContract(!Inst.hasAllowContract()); });
291 Modifications.push_back(
292 [&Inst] { Inst.setHasApproxFunc(!Inst.hasApproxFunc()); });
293 }
294
295 // Randomly switch operands of instructions
296 std::pair<int, int> NoneItem({-1, -1}), ShuffleItems(NoneItem);
297 switch (Inst.getOpcode()) {
298 case Instruction::SDiv:
299 case Instruction::UDiv:
300 case Instruction::SRem:
301 case Instruction::URem:
302 case Instruction::FDiv:
303 case Instruction::FRem: {
304 // Verify that the after shuffle the second operand is not
305 // constant 0.
306 Value *Operand = Inst.getOperand(0);
307 if (Constant *C = dyn_cast<Constant>(Operand)) {
308 if (!C->isZeroValue()) {
309 ShuffleItems = {0, 1};
310 }
311 }
312 break;
313 }
314 case Instruction::Select:
315 ShuffleItems = {1, 2};
316 break;
317 case Instruction::Add:
318 case Instruction::Sub:
319 case Instruction::Mul:
320 case Instruction::Shl:
321 case Instruction::LShr:
322 case Instruction::AShr:
323 case Instruction::And:
324 case Instruction::Or:
325 case Instruction::Xor:
326 case Instruction::FAdd:
327 case Instruction::FSub:
328 case Instruction::FMul:
329 case Instruction::ICmp:
330 case Instruction::FCmp:
331 case Instruction::ShuffleVector:
332 ShuffleItems = {0, 1};
333 break;
334 }
335 if (ShuffleItems != NoneItem) {
336 Modifications.push_back([&Inst, &ShuffleItems]() {
337 Value *Op0 = Inst.getOperand(ShuffleItems.first);
338 Inst.setOperand(ShuffleItems.first, Inst.getOperand(ShuffleItems.second));
339 Inst.setOperand(ShuffleItems.second, Op0);
340 });
341 }
342
343 auto RS = makeSampler(IB.Rand, Modifications);
344 if (RS)
345 RS.getSelection()();
346}
347
348/// Return a case value that is not already taken to make sure we don't have two
349/// cases with same value.
350static uint64_t getUniqueCaseValue(SmallSet<uint64_t, 4> &CasesTaken,
351 uint64_t MaxValue, RandomIRBuilder &IB) {
352 uint64_t tmp;
353 do {
354 tmp = uniform<uint64_t>(IB.Rand, 0, MaxValue);
355 } while (CasesTaken.count(tmp) != 0);
356 CasesTaken.insert(tmp);
357 return tmp;
358}
359
360void InsertFunctionStrategy::mutate(BasicBlock &BB, RandomIRBuilder &IB) {
361 Module *M = BB.getParent()->getParent();
362 // If nullptr is selected, we will create a new function declaration.
363 SmallVector<Function *, 32> Functions({nullptr});
364 for (Function &F : M->functions()) {
365 Functions.push_back(&F);
366 }
367
368 auto RS = makeSampler(IB.Rand, Functions);
369 Function *F = RS.getSelection();
370 // Some functions accept metadata type or token type as arguments.
371 // We don't call those functions for now.
372 // For example, `@llvm.dbg.declare(metadata, metadata, metadata)`
373 // https://llvm.org/docs/SourceLevelDebugging.html#llvm-dbg-declare
374 auto IsUnsupportedTy = [](Type *T) {
375 return T->isMetadataTy() || T->isTokenTy();
376 };
377 if (!F || IsUnsupportedTy(F->getReturnType()) ||
378 any_of(F->getFunctionType()->params(), IsUnsupportedTy)) {
379 F = IB.createFunctionDeclaration(*M);
380 }
381
382 FunctionType *FTy = F->getFunctionType();
383 SmallVector<fuzzerop::SourcePred, 2> SourcePreds;
384 if (!F->arg_empty()) {
385 for (Type *ArgTy : FTy->params()) {
386 SourcePreds.push_back(fuzzerop::onlyType(ArgTy));
387 }
388 }
389 bool isRetVoid = (F->getReturnType() == Type::getVoidTy(M->getContext()));
390 auto BuilderFunc = [FTy, F, isRetVoid](ArrayRef<Value *> Srcs,
391 Instruction *Inst) {
392 StringRef Name = isRetVoid ? nullptr : "C";
393 CallInst *Call = CallInst::Create(FTy, F, Srcs, Name, Inst);
394 // Don't return this call inst if it return void as it can't be sinked.
395 return isRetVoid ? nullptr : Call;
396 };
397
398 SmallVector<Instruction *, 32> Insts;
399 for (Instruction &I : getInsertionRange(BB))
400 Insts.push_back(&I);
401 if (Insts.size() < 1)
402 return;
403
404 // Choose an insertion point for our new call instruction.
405 uint64_t IP = uniform<uint64_t>(IB.Rand, 0, Insts.size() - 1);
406
407 auto InstsBefore = ArrayRef(Insts).slice(0, IP);
408 auto InstsAfter = ArrayRef(Insts).slice(IP);
409
410 // Choose a source, which will be used to constrain the operation selection.
411 SmallVector<Value *, 2> Srcs;
412
413 for (const auto &Pred : ArrayRef(SourcePreds)) {
414 Srcs.push_back(IB.findOrCreateSource(BB, InstsBefore, Srcs, Pred));
415 }
416
417 if (Value *Op = BuilderFunc(Srcs, Insts[IP])) {
418 // Find a sink and wire up the results of the operation.
419 IB.connectToSink(BB, InstsAfter, Op);
420 }
421}
422
423void InsertCFGStrategy::mutate(BasicBlock &BB, RandomIRBuilder &IB) {
424 SmallVector<Instruction *, 32> Insts;
425 for (Instruction &I : getInsertionRange(BB))
426 Insts.push_back(&I);
427 if (Insts.size() < 1)
428 return;
429
430 // Choose a point where we split the block.
431 uint64_t IP = uniform<uint64_t>(IB.Rand, 0, Insts.size() - 1);
432 auto InstsBeforeSplit = ArrayRef(Insts).slice(0, IP);
433
434 // `Sink` inherits Blocks' terminator, `Source` will have a BranchInst
435 // directly jumps to `Sink`. Here, we have to create a new terminator for
436 // `Source`.
437 BasicBlock *Block = Insts[IP]->getParent();
438 BasicBlock *Source = Block;
439 BasicBlock *Sink = Block->splitBasicBlock(Insts[IP], "BB");
440
441 Function *F = BB.getParent();
442 LLVMContext &C = F->getParent()->getContext();
443 // A coin decides if it is branch or switch
444 if (uniform<uint64_t>(IB.Rand, 0, 1)) {
445 // Branch
446 BasicBlock *IfTrue = BasicBlock::Create(C, "T", F);
447 BasicBlock *IfFalse = BasicBlock::Create(C, "F", F);
448 Value *Cond =
449 IB.findOrCreateSource(*Source, InstsBeforeSplit, {},
450 fuzzerop::onlyType(Type::getInt1Ty(C)), false);
451 BranchInst *Branch = BranchInst::Create(IfTrue, IfFalse, Cond);
452 // Remove the old terminator.
453 ReplaceInstWithInst(Source->getTerminator(), Branch);
454 // Connect these blocks to `Sink`
455 connectBlocksToSink({IfTrue, IfFalse}, Sink, IB);
456 } else {
457 // Switch
458 // Determine Integer type, it IS possible we use a boolean to switch.
459 auto RS =
460 makeSampler(IB.Rand, make_filter_range(IB.KnownTypes, [](Type *Ty) {
461 return Ty->isIntegerTy();
462 }));
463 assert(RS && "There is no integer type in all allowed types, is the "
464 "setting correct?");
465 Type *Ty = RS.getSelection();
466 IntegerType *IntTy = cast<IntegerType>(Ty);
467
468 uint64_t BitSize = IntTy->getBitWidth();
469 uint64_t MaxCaseVal =
470 (BitSize >= 64) ? (uint64_t)-1 : ((uint64_t)1 << BitSize) - 1;
471 // Create Switch inst in Block
472 Value *Cond = IB.findOrCreateSource(*Source, InstsBeforeSplit, {},
473 fuzzerop::onlyType(IntTy), false);
474 BasicBlock *DefaultBlock = BasicBlock::Create(C, "SW_D", F);
475 uint64_t NumCases = uniform<uint64_t>(IB.Rand, 1, MaxNumCases);
476 NumCases = (NumCases > MaxCaseVal) ? MaxCaseVal + 1 : NumCases;
477 SwitchInst *Switch = SwitchInst::Create(Cond, DefaultBlock, NumCases);
478 // Remove the old terminator.
479 ReplaceInstWithInst(Source->getTerminator(), Switch);
480
481 // Create blocks, for each block assign a case value.
482 SmallVector<BasicBlock *, 4> Blocks({DefaultBlock});
483 SmallSet<uint64_t, 4> CasesTaken;
484 for (uint64_t i = 0; i < NumCases; i++) {
485 uint64_t CaseVal = getUniqueCaseValue(CasesTaken, MaxCaseVal, IB);
486 BasicBlock *CaseBlock = BasicBlock::Create(C, "SW_C", F);
487 ConstantInt *OnValue = ConstantInt::get(IntTy, CaseVal);
488 Switch->addCase(OnValue, CaseBlock);
489 Blocks.push_back(CaseBlock);
490 }
491
492 // Connect these blocks to `Sink`
493 connectBlocksToSink(Blocks, Sink, IB);
494 }
495}
496
497/// The caller has to guarantee that these blocks are "empty", i.e. it doesn't
498/// even have terminator.
499void InsertCFGStrategy::connectBlocksToSink(ArrayRef<BasicBlock *> Blocks,
500 BasicBlock *Sink,
501 RandomIRBuilder &IB) {
502 uint64_t DirectSinkIdx = uniform<uint64_t>(IB.Rand, 0, Blocks.size() - 1);
503 for (uint64_t i = 0; i < Blocks.size(); i++) {
504 // We have at least one block that directly goes to sink.
505 CFGToSink ToSink = (i == DirectSinkIdx)
506 ? CFGToSink::DirectSink
507 : static_cast<CFGToSink>(uniform<uint64_t>(
508 IB.Rand, 0, CFGToSink::EndOfCFGToLink - 1));
509 BasicBlock *BB = Blocks[i];
510 Function *F = BB->getParent();
511 LLVMContext &C = F->getParent()->getContext();
512 switch (ToSink) {
513 case CFGToSink::Return: {
514 Type *RetTy = F->getReturnType();
515 Value *RetValue = nullptr;
516 if (!RetTy->isVoidTy())
517 RetValue =
518 IB.findOrCreateSource(*BB, {}, {}, fuzzerop::onlyType(RetTy));
519 ReturnInst::Create(C, RetValue, BB);
520 break;
521 }
522 case CFGToSink::DirectSink: {
523 BranchInst::Create(Sink, BB);
524 break;
525 }
526 case CFGToSink::SinkOrSelfLoop: {
527 SmallVector<BasicBlock *, 2> Branches({Sink, BB});
528 // A coin decides which block is true branch.
529 uint64_t coin = uniform<uint64_t>(IB.Rand, 0, 1);
530 Value *Cond = IB.findOrCreateSource(
531 *BB, {}, {}, fuzzerop::onlyType(Type::getInt1Ty(C)), false);
532 BranchInst::Create(Branches[coin], Branches[1 - coin], Cond, BB);
533 break;
534 }
535 case CFGToSink::EndOfCFGToLink:
536 llvm_unreachable("EndOfCFGToLink executed, something's wrong.");
537 }
538 }
539}
540
541void InsertPHIStrategy::mutate(BasicBlock &BB, RandomIRBuilder &IB) {
542 // Can't insert PHI node to entry node.
543 if (&BB == &BB.getParent()->getEntryBlock())
544 return;
545 Type *Ty = IB.randomType();
546 PHINode *PHI = PHINode::Create(Ty, llvm::pred_size(&BB), "", &BB.front());
547
548 // Use a map to make sure the same incoming basic block has the same value.
549 DenseMap<BasicBlock *, Value *> IncomingValues;
550 for (BasicBlock *Pred : predecessors(&BB)) {
551 Value *Src = IncomingValues[Pred];
552 // If `Pred` is not in the map yet, we'll get a nullptr.
553 if (!Src) {
554 SmallVector<Instruction *, 32> Insts;
555 for (auto I = Pred->begin(); I != Pred->end(); ++I)
556 Insts.push_back(&*I);
557 // There is no need to inform IB what previously used values are if we are
558 // using `onlyType`
559 Src = IB.findOrCreateSource(*Pred, Insts, {}, fuzzerop::onlyType(Ty));
560 IncomingValues[Pred] = Src;
561 }
562 PHI->addIncoming(Src, Pred);
563 }
564 SmallVector<Instruction *, 32> InstsAfter;
565 for (Instruction &I : getInsertionRange(BB))
566 InstsAfter.push_back(&I);
567 IB.connectToSink(BB, InstsAfter, PHI);
568}
569
570void SinkInstructionStrategy::mutate(Function &F, RandomIRBuilder &IB) {
571 for (BasicBlock &BB : F) {
572 this->mutate(BB, IB);
573 }
574}
575void SinkInstructionStrategy::mutate(BasicBlock &BB, RandomIRBuilder &IB) {
576 SmallVector<Instruction *, 32> Insts;
577 for (Instruction &I : getInsertionRange(BB))
578 Insts.push_back(&I);
579 if (Insts.size() < 1)
580 return;
581 // Choose an Instruction to mutate.
582 uint64_t Idx = uniform<uint64_t>(IB.Rand, 0, Insts.size() - 1);
583 Instruction *Inst = Insts[Idx];
584 // `Idx + 1` so we don't sink to ourselves.
585 auto InstsAfter = ArrayRef(Insts).slice(Idx + 1);
586 Type *Ty = Inst->getType();
587 // Don't sink terminators, void function calls, token, etc.
588 if (!Ty->isVoidTy() && !Ty->isTokenTy())
589 // Find a new sink and wire up the results of the operation.
590 IB.connectToSink(BB, InstsAfter, Inst);
591}
592
593void ShuffleBlockStrategy::mutate(BasicBlock &BB, RandomIRBuilder &IB) {
594 // A deterministic alternative to SmallPtrSet with the same lookup
595 // performance.
596 std::map<size_t, Instruction *> AliveInsts;
597 std::map<Instruction *, size_t> AliveInstsLookup;
598 size_t InsertIdx = 0;
599 for (auto &I : make_early_inc_range(make_range(
600 BB.getFirstInsertionPt(), BB.getTerminator()->getIterator()))) {
601 // First gather all instructions that can be shuffled. Don't take
602 // terminator.
603 AliveInsts.insert({InsertIdx, &I});
604 AliveInstsLookup.insert({&I, InsertIdx++});
605 // Then remove these instructions from the block
606 I.removeFromParent();
607 }
608
609 // Shuffle these instructions using topological sort.
610 // Returns false if all current instruction's dependencies in this block have
611 // been shuffled. If so, this instruction can be shuffled too.
612 auto hasAliveParent = [&AliveInsts, &AliveInstsLookup](size_t Index) {
613 for (Value *O : AliveInsts[Index]->operands()) {
614 Instruction *P = dyn_cast<Instruction>(O);
615 if (P && AliveInstsLookup.count(P))
616 return true;
617 }
618 return false;
619 };
620 // Get all alive instructions that depend on the current instruction.
621 // Takes Instruction* instead of index because the instruction is already
622 // shuffled.
623 auto getAliveChildren = [&AliveInstsLookup](Instruction *I) {
624 SmallSetVector<size_t, 8> Children;
625 for (Value *U : I->users()) {
626 Instruction *P = dyn_cast<Instruction>(U);
627 if (P && AliveInstsLookup.count(P))
628 Children.insert(AliveInstsLookup[P]);
629 }
630 return Children;
631 };
632 SmallSet<size_t, 8> RootIndices;
633 SmallVector<Instruction *, 8> Insts;
634 for (const auto &[Index, Inst] : AliveInsts) {
635 if (!hasAliveParent(Index))
636 RootIndices.insert(Index);
637 }
638 // Topological sort by randomly selecting a node without a parent, or root.
639 while (!RootIndices.empty()) {
640 auto RS = makeSampler<size_t>(IB.Rand);
641 for (size_t RootIdx : RootIndices)
642 RS.sample(RootIdx, 1);
643 size_t RootIdx = RS.getSelection();
644
645 RootIndices.erase(RootIdx);
646 Instruction *Root = AliveInsts[RootIdx];
647 AliveInsts.erase(RootIdx);
648 AliveInstsLookup.erase(Root);
649 Insts.push_back(Root);
650
651 for (size_t Child : getAliveChildren(Root)) {
652 if (!hasAliveParent(Child)) {
653 RootIndices.insert(Child);
654 }
655 }
656 }
657
658 Instruction *Terminator = BB.getTerminator();
659 // Then put instructions back.
660 for (Instruction *I : Insts) {
661 I->insertBefore(Terminator);
662 }
663}
664
665std::unique_ptr<Module> llvm::parseModule(const uint8_t *Data, size_t Size,
666 LLVMContext &Context) {
667
668 if (Size <= 1)
669 // We get bogus data given an empty corpus - just create a new module.
670 return std::make_unique<Module>("M", Context);
671
672 auto Buffer = MemoryBuffer::getMemBuffer(
673 StringRef(reinterpret_cast<const char *>(Data), Size), "Fuzzer input",
674 /*RequiresNullTerminator=*/false);
675
676 SMDiagnostic Err;
677 auto M = parseBitcodeFile(Buffer->getMemBufferRef(), Context);
678 if (Error E = M.takeError()) {
679 errs() << toString(std::move(E)) << "\n";
680 return nullptr;
681 }
682 return std::move(M.get());
683}
684
685size_t llvm::writeModule(const Module &M, uint8_t *Dest, size_t MaxSize) {
686 std::string Buf;
687 {
688 raw_string_ostream OS(Buf);
689 WriteBitcodeToFile(M, OS);
690 }
691 if (Buf.size() > MaxSize)
692 return 0;
693 memcpy(Dest, Buf.data(), Buf.size());
694 return Buf.size();
695}
696
697std::unique_ptr<Module> llvm::parseAndVerify(const uint8_t *Data, size_t Size,
698 LLVMContext &Context) {
699 auto M = parseModule(Data, Size, Context);
700 if (!M || verifyModule(*M, &errs()))
701 return nullptr;
702
703 return M;
704}
PHI
Rewrite undef for PHI
Definition: AMDGPURewriteUndefForPHI.cpp:100
instructions
Expand Atomic instructions
Definition: AtomicExpandPass.cpp:172
RetTy
return RetTy
Definition: DeadArgumentElimination.cpp:362
Idx
Returns the sub type a function will return at a given Idx Should correspond to the result type of an ExtractValue instruction executed with just that one unsigned Idx
Definition: DeadArgumentElimination.cpp:354
Name
std::string Name
Definition: ELFObjHandler.cpp:77
Size
uint64_t Size
Definition: ELFObjHandler.cpp:81
End
bool End
Definition: ELF_riscv.cpp:480
Blocks
DenseMap< Block *, BlockRelaxAux > Blocks
Definition: ELF_riscv.cpp:507
GEP
Hexagon Common GEP
Definition: HexagonCommonGEP.cpp:171
eliminateDeadCode
static void eliminateDeadCode(Function &F)
Definition: IRMutator.cpp:82
getInsertionRange
static iterator_range< BasicBlock::iterator > getInsertionRange(BasicBlock &BB)
Definition: IRMutator.cpp:119
getUniqueCaseValue
static uint64_t getUniqueCaseValue(SmallSet< uint64_t, 4 > &CasesTaken, uint64_t MaxValue, RandomIRBuilder &IB)
Return a case value that is not already taken to make sure we don't have two cases with same value.
Definition: IRMutator.cpp:350
F
#define F(x, y, z)
Definition: MD5.cpp:55
I
#define I(x, y, z)
Definition: MD5.cpp:58
Module.h
Module.h This file contains the declarations for the Module class.
Range
ConstantRange Range(APInt(BitWidth, Low), APInt(BitWidth, High))
P
#define P(N)
FAM
FunctionAnalysisManager FAM
Definition: PassBuilderBindings.cpp:59
PassInstrumentation.h
This file defines the Pass Instrumentation classes that provide instrumentation points into the pass ...
Cond
const SmallVectorImpl< MachineOperand > & Cond
Definition: RISCVRedundantCopyElimination.cpp:75
Seed
static ManagedStatic< cl::opt< uint64_t >, CreateSeed > Seed
Definition: RandomNumberGenerator.cpp:42
assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())
STLExtras.h
This file contains some templates that are useful if you are working with the STL at all.
OS
raw_pwrite_stream & OS
Definition: SampleProfWriter.cpp:53
SmallSet.h
This file defines the SmallSet class.
llvm::AnalysisManager
A container for analyses that lazily runs them and caches their results.
Definition: PassManager.h:253
llvm::AnalysisManager::registerPass
bool registerPass(PassBuilderT &&PassBuilder)
Register an analysis pass with the manager.
Definition: PassManager.h:467
llvm::ArrayRef
ArrayRef - Represent a constant reference to an array (0 or more elements consecutively in memory),...
Definition: ArrayRef.h:41
llvm::ArrayRef::slice
ArrayRef< T > slice(size_t N, size_t M) const
slice(n, m) - Chop off the first N elements of the array, and keep M elements in the array.
Definition: ArrayRef.h:195
llvm::BasicBlock
LLVM Basic Block Representation.
Definition: BasicBlock.h:61
llvm::BasicBlock::end
iterator end()
Definition: BasicBlock.h:451
llvm::BasicBlock::getFirstInsertionPt
const_iterator getFirstInsertionPt() const
Returns an iterator to the first instruction in this block that is suitable for inserting a non-PHI i...
Definition: BasicBlock.cpp:414
llvm::BasicBlock::front
const Instruction & front() const
Definition: BasicBlock.h:461
llvm::BasicBlock::Create
static BasicBlock * Create(LLVMContext &Context, const Twine &Name="", Function *Parent=nullptr, BasicBlock *InsertBefore=nullptr)
Creates a new BasicBlock.
Definition: BasicBlock.h:202
llvm::BasicBlock::getParent
const Function * getParent() const
Return the enclosing method, or null if none.
Definition: BasicBlock.h:209
llvm::BasicBlock::isEHPad
bool isEHPad() const
Return true if this basic block is an exception handling block.
Definition: BasicBlock.h:665
llvm::BasicBlock::getTerminator
const Instruction * getTerminator() const LLVM_READONLY
Returns the terminator instruction if the block is well formed or null if the block is not well forme...
Definition: BasicBlock.h:229
llvm::BasicBlock::getTerminatingMustTailCall
const CallInst * getTerminatingMustTailCall() const
Returns the call instruction marked 'musttail' prior to the terminating return instruction of this ba...
Definition: BasicBlock.cpp:298
llvm::BranchInst
Conditional or Unconditional Branch instruction.
Definition: Instructions.h:2906
llvm::BranchInst::Create
static BranchInst * Create(BasicBlock *IfTrue, InsertPosition InsertBefore=nullptr)
Definition: Instructions.h:2962
llvm::CallInst
This class represents a function call, abstracting a target machine's calling convention.
Definition: Instructions.h:1397
llvm::CallInst::Create
static CallInst * Create(FunctionType *Ty, Value *F, const Twine &NameStr="", InsertPosition InsertBefore=nullptr)
Definition: Instructions.h:1430
llvm::CmpInst
This class is the base class for the comparison instructions.
Definition: InstrTypes.h:747
llvm::CmpInst::setPredicate
void setPredicate(Predicate P)
Set the predicate for this instruction to the specified value.
Definition: InstrTypes.h:850
llvm::CmpInst::Predicate
Predicate
This enumeration lists the possible predicates for CmpInst subclasses.
Definition: InstrTypes.h:757
llvm::CmpInst::FIRST_ICMP_PREDICATE
@ FIRST_ICMP_PREDICATE
Definition: InstrTypes.h:788
llvm::CmpInst::FIRST_FCMP_PREDICATE
@ FIRST_FCMP_PREDICATE
Definition: InstrTypes.h:775
llvm::ConstantInt
This is the shared class of boolean and integer constants.
Definition: Constants.h:81
llvm::Constant
This is an important base class in LLVM.
Definition: Constant.h:41
llvm::DCEPass
Basic Dead Code Elimination pass.
Definition: DCE.h:23
llvm::DWARFExpression::Operation
This class represents an Operation in the Expression.
Definition: DWARFExpression.h:32
llvm::Error
Lightweight error class with error context and mandatory checking.
Definition: Error.h:160
llvm::FastMathFlags::none
bool none() const
Definition: FMF.h:58
llvm::FastMathFlags::all
bool all() const
Definition: FMF.h:59
llvm::FunctionType
Class to represent function types.
Definition: DerivedTypes.h:103
llvm::FunctionType::params
ArrayRef< Type * > params() const
Definition: DerivedTypes.h:130
llvm::Function::getEntryBlock
const BasicBlock & getEntryBlock() const
Definition: Function.h:800
llvm::GetElementPtrInst
an instruction for type-safe pointer arithmetic to access elements of arrays and structs
Definition: Instructions.h:914
llvm::GlobalValue::getParent
Module * getParent()
Get the module that this global value is contained inside of...
Definition: GlobalValue.h:656
llvm::IRMutationStrategy::mutate
virtual void mutate(Module &M, RandomIRBuilder &IB)
Definition: IRMutator.cpp:36
llvm::IRMutator::mutateModule
void mutateModule(Module &M, int Seed, size_t MaxSize)
Mutate given module.
Definition: IRMutator.cpp:64
llvm::IRMutator::getModuleSize
static size_t getModuleSize(const Module &M)
Calculate the size of module as the number of objects in it, i.e.
Definition: IRMutator.cpp:60
llvm::InjectorIRStrategy::getDefaultOps
static std::vector< fuzzerop::OpDescriptor > getDefaultOps()
Definition: IRMutator.cpp:96
llvm::InjectorIRStrategy::mutate
void mutate(Function &F, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:91
llvm::InsertCFGStrategy::mutate
void mutate(BasicBlock &BB, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:423
llvm::InsertFunctionStrategy::mutate
void mutate(BasicBlock &BB, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:360
llvm::InsertPHIStrategy::mutate
void mutate(BasicBlock &BB, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:541
llvm::InstDeleterIRStrategy::getWeight
uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override
Provide a weight to bias towards choosing this strategy for a mutation.
Definition: IRMutator.cpp:157
llvm::InstDeleterIRStrategy::mutate
void mutate(Function &F, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:174
llvm::InstModificationIRStrategy::mutate
void mutate(Instruction &Inst, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:222
llvm::Instruction::setHasNoUnsignedWrap
void setHasNoUnsignedWrap(bool b=true)
Set or clear the nuw flag on this instruction, which must be an operator which supports this flag.
Definition: Instruction.cpp:363
llvm::Instruction::hasNoNaNs
bool hasNoNaNs() const LLVM_READONLY
Determine whether the no-NaNs flag is set.
Definition: Instruction.cpp:580
llvm::Instruction::hasNoUnsignedWrap
bool hasNoUnsignedWrap() const LLVM_READONLY
Determine whether the no unsigned wrap flag is set.
Definition: Instruction.cpp:387
llvm::Instruction::hasNoInfs
bool hasNoInfs() const LLVM_READONLY
Determine whether the no-infs flag is set.
Definition: Instruction.cpp:585
llvm::Instruction::setHasNoSignedZeros
void setHasNoSignedZeros(bool B)
Set or clear the no-signed-zeros flag on this instruction, which must be an operator which supports t...
Definition: Instruction.cpp:540
llvm::Instruction::hasNoSignedZeros
bool hasNoSignedZeros() const LLVM_READONLY
Determine whether the no-signed-zeros flag is set.
Definition: Instruction.cpp:590
llvm::Instruction::hasNoSignedWrap
bool hasNoSignedWrap() const LLVM_READONLY
Determine whether the no signed wrap flag is set.
Definition: Instruction.cpp:394
llvm::Instruction::setHasAllowContract
void setHasAllowContract(bool B)
Set or clear the allow-contract flag on this instruction, which must be an operator which supports th...
Definition: Instruction.cpp:550
llvm::Instruction::setHasNoSignedWrap
void setHasNoSignedWrap(bool b=true)
Set or clear the nsw flag on this instruction, which must be an operator which supports this flag.
Definition: Instruction.cpp:370
llvm::Instruction::setHasNoNaNs
void setHasNoNaNs(bool B)
Set or clear the no-nans flag on this instruction, which must be an operator which supports this flag...
Definition: Instruction.cpp:530
llvm::Instruction::setHasApproxFunc
void setHasApproxFunc(bool B)
Set or clear the approximate-math-functions flag on this instruction, which must be an operator which...
Definition: Instruction.cpp:555
llvm::Instruction::setHasAllowReassoc
void setHasAllowReassoc(bool B)
Set or clear the reassociation flag on this instruction, which must be an operator which supports thi...
Definition: Instruction.cpp:525
llvm::Instruction::eraseFromParent
InstListType::iterator eraseFromParent()
This method unlinks 'this' from the containing basic block and deletes it.
Definition: Instruction.cpp:92
llvm::Instruction::isExact
bool isExact() const LLVM_READONLY
Determine whether the exact flag is set.
Definition: Instruction.cpp:516
llvm::Instruction::isTerminator
bool isTerminator() const
Definition: Instruction.h:277
llvm::Instruction::hasAllowReciprocal
bool hasAllowReciprocal() const LLVM_READONLY
Determine whether the allow-reciprocal flag is set.
Definition: Instruction.cpp:595
llvm::Instruction::setHasNoInfs
void setHasNoInfs(bool B)
Set or clear the no-infs flag on this instruction, which must be an operator which supports this flag...
Definition: Instruction.cpp:535
llvm::Instruction::getFastMathFlags
FastMathFlags getFastMathFlags() const LLVM_READONLY
Convenience function for getting all the fast-math flags, which must be an operator which supports th...
Definition: Instruction.cpp:610
llvm::Instruction::hasApproxFunc
bool hasApproxFunc() const LLVM_READONLY
Determine whether the approximate-math-functions flag is set.
Definition: Instruction.cpp:605
llvm::Instruction::getOpcode
unsigned getOpcode() const
Returns a member of one of the enums like Instruction::Add.
Definition: Instruction.h:274
llvm::Instruction::setIsExact
void setIsExact(bool b=true)
Set or clear the exact flag on this instruction, which must be an operator which supports this flag.
Definition: Instruction.cpp:377
llvm::Instruction::setHasAllowReciprocal
void setHasAllowReciprocal(bool B)
Set or clear the allow-reciprocal flag on this instruction, which must be an operator which supports ...
Definition: Instruction.cpp:545
llvm::Instruction::hasAllowContract
bool hasAllowContract() const LLVM_READONLY
Determine whether the allow-contract flag is set.
Definition: Instruction.cpp:600
llvm::Instruction::setFast
void setFast(bool B)
Set or clear all fast-math-flags on this instruction, which must be an operator which supports this f...
Definition: Instruction.cpp:520
llvm::Instruction::hasAllowReassoc
bool hasAllowReassoc() const LLVM_READONLY
Determine whether the allow-reassociation flag is set.
Definition: Instruction.cpp:575
llvm::IntegerType
Class to represent integer types.
Definition: DerivedTypes.h:40
llvm::IntegerType::getBitWidth
unsigned getBitWidth() const
Get the number of bits in this IntegerType.
Definition: DerivedTypes.h:72
llvm::LLVMContext
This is an important class for using LLVM in a threaded context.
Definition: LLVMContext.h:67
llvm::MemoryBuffer::getMemBuffer
static std::unique_ptr< MemoryBuffer > getMemBuffer(StringRef InputData, StringRef BufferName="", bool RequiresNullTerminator=true)
Open the specified memory range as a MemoryBuffer.
Definition: MemoryBuffer.cpp:130
llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:65
llvm::PHINode::Create
static PHINode * Create(Type *Ty, unsigned NumReservedValues, const Twine &NameStr="", InsertPosition InsertBefore=nullptr)
Constructors - NumReservedValues is a hint for the number of incoming edges that this phi node will h...
Definition: Instructions.h:2526
llvm::PassInstrumentationAnalysis
Pseudo-analysis pass that exposes the PassInstrumentation to pass managers.
Definition: PassInstrumentation.h:349
llvm::PassManager::addPass
LLVM_ATTRIBUTE_MINSIZE std::enable_if_t<!std::is_same_v< PassT, PassManager > > addPass(PassT &&Pass)
Definition: PassManager.h:195
llvm::PassManager::run
PreservedAnalyses run(IRUnitT &IR, AnalysisManagerT &AM, ExtraArgTs... ExtraArgs)
Run all of the passes in this manager over the given unit of IR.
Definition: PassManagerImpl.h:29
llvm::ReturnInst::Create
static ReturnInst * Create(LLVMContext &C, Value *retVal=nullptr, InsertPosition InsertBefore=nullptr)
Definition: Instructions.h:2856
llvm::SMDiagnostic
Instances of this class encapsulate one diagnostic report, allowing printing to a raw_ostream as a ca...
Definition: SourceMgr.h:281
llvm::ShuffleBlockStrategy::mutate
void mutate(BasicBlock &BB, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:593
llvm::SinkInstructionStrategy::mutate
void mutate(Function &F, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:570
llvm::SmallSetVector
A SetVector that performs no allocations if smaller than a certain size.
Definition: SetVector.h:370
llvm::SmallSet
SmallSet - This maintains a set of unique values, optimizing for the case when the set is small (less...
Definition: SmallSet.h:135
llvm::SmallSet::count
size_type count(const T &V) const
count - Return 1 if the element is in the set, 0 otherwise.
Definition: SmallSet.h:166
llvm::SmallSet::empty
bool empty() const
Definition: SmallSet.h:159
llvm::SmallSet::insert
std::pair< const_iterator, bool > insert(const T &V)
insert - Insert an element into the set if it isn't already there.
Definition: SmallSet.h:179
llvm::SmallVectorBase::size
size_t size() const
Definition: SmallVector.h:91
llvm::SmallVectorTemplateBase::push_back
void push_back(const T &Elt)
Definition: SmallVector.h:426
llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1209
llvm::StringRef
StringRef - Represent a constant reference to a string, i.e.
Definition: StringRef.h:50
llvm::SwitchInst
Multiway switch.
Definition: Instructions.h:3042
llvm::SwitchInst::Create
static SwitchInst * Create(Value *Value, BasicBlock *Default, unsigned NumCases, InsertPosition InsertBefore=nullptr)
Definition: Instructions.h:3224
llvm::TargetLibraryAnalysis
Analysis pass providing the TargetLibraryInfo.
Definition: TargetLibraryInfo.h:597
llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45
llvm::Type::getInt1Ty
static IntegerType * getInt1Ty(LLVMContext &C)
llvm::Type::getVoidTy
static Type * getVoidTy(LLVMContext &C)
llvm::Type::isTokenTy
bool isTokenTy() const
Return true if this is 'token'.
Definition: Type.h:225
llvm::Type::isVoidTy
bool isVoidTy() const
Return true if this is 'void'.
Definition: Type.h:140
llvm::User::setOperand
void setOperand(unsigned i, Value *Val)
Definition: User.h:174
llvm::User::getOperand
Value * getOperand(unsigned i) const
Definition: User.h:169
llvm::Value
LLVM Value Representation.
Definition: Value.h:74
llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition: Value.h:255
llvm::Value::replaceAllUsesWith
void replaceAllUsesWith(Value *V)
Change all uses of this to point to a new Value.
Definition: Value.cpp:534
llvm::ilist_detail::node_parent_access::getParent
const ParentTy * getParent() const
Definition: ilist_node.h:32
llvm::ilist_node_impl::getIterator
self_iterator getIterator()
Definition: ilist_node.h:132
llvm::iterator_range
A range adaptor for a pair of iterators.
Definition: iterator_range.h:42
llvm::raw_string_ostream
A raw_ostream that writes to an std::string.
Definition: raw_ostream.h:661
uint64_t
llvm_unreachable
#define llvm_unreachable(msg)
Marks that the current location is not supposed to be reachable.
Definition: ErrorHandling.h:143
llvm::CallingConv::C
@ C
The default llvm calling convention, compatible with C.
Definition: CallingConv.h:34
llvm::dwarf::toString
std::optional< const char * > toString(const std::optional< DWARFFormValue > &V)
Take an optional DWARFFormValue and try to extract a string value from it.
Definition: DWARFFormValue.h:179
llvm::fuzzerop::onlyType
static SourcePred onlyType(Type *Only)
Definition: OpDescriptor.h:95
llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AddressRanges.h:18
llvm::ReplaceInstWithInst
void ReplaceInstWithInst(BasicBlock *BB, BasicBlock::iterator &BI, Instruction *I)
Replace the instruction specified by BI with the instruction specified by I.
Definition: BasicBlockUtils.cpp:722
llvm::describeFuzzerIntOps
void describeFuzzerIntOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Getters for the default sets of operations, per general category.
Definition: Operations.cpp:18
llvm::parseBitcodeFile
Expected< std::unique_ptr< Module > > parseBitcodeFile(MemoryBufferRef Buffer, LLVMContext &Context, ParserCallbacks Callbacks={})
Read the specified bitcode file, returning the module.
Definition: BitcodeReader.cpp:8541
llvm::WriteBitcodeToFile
void WriteBitcodeToFile(const Module &M, raw_ostream &Out, bool ShouldPreserveUseListOrder=false, const ModuleSummaryIndex *Index=nullptr, bool GenerateHash=false, ModuleHash *ModHash=nullptr)
Write the specified module to the specified raw output stream.
Definition: BitcodeWriter.cpp:5078
llvm::parseAndVerify
std::unique_ptr< Module > parseAndVerify(const uint8_t *Data, size_t Size, LLVMContext &Context)
Try to parse module and verify it.
Definition: IRMutator.cpp:697
llvm::make_range
iterator_range< T > make_range(T x, T y)
Convenience function for iterating over sub-ranges.
Definition: iterator_range.h:76
llvm::parseModule
std::unique_ptr< Module > parseModule(const uint8_t *Data, size_t Size, LLVMContext &Context)
Fuzzer friendly interface for the llvm bitcode parser.
Definition: IRMutator.cpp:665
llvm::make_early_inc_range
iterator_range< early_inc_iterator_impl< detail::IterOfRange< RangeT > > > make_early_inc_range(RangeT &&Range)
Make a range that does early increment to allow mutation of the underlying range without disrupting i...
Definition: STLExtras.h:656
llvm::describeFuzzerAggregateOps
void describeFuzzerAggregateOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Definition: Operations.cpp:88
llvm::writeModule
size_t writeModule(const Module &M, uint8_t *Dest, size_t MaxSize)
Fuzzer friendly interface for the llvm bitcode printer.
Definition: IRMutator.cpp:685
llvm::any_of
bool any_of(R &&range, UnaryPredicate P)
Provide wrappers to std::any_of which take ranges instead of having to pass begin/end explicitly.
Definition: STLExtras.h:1729
llvm::makeSampler
ReservoirSampler< ElT, GenT > makeSampler(GenT &RandGen, RangeT &&Items)
Definition: Random.h:75
llvm::describeFuzzerVectorOps
void describeFuzzerVectorOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Definition: Operations.cpp:94
llvm::make_filter_range
iterator_range< filter_iterator< detail::IterOfRange< RangeT >, PredicateT > > make_filter_range(RangeT &&Range, PredicateT Pred)
Convenience function that takes a range of elements and a predicate, and return a new filter_iterator...
Definition: STLExtras.h:572
llvm::errs
raw_fd_ostream & errs()
This returns a reference to a raw_ostream for standard error.
Definition: raw_ostream.cpp:908
llvm::Op
DWARFExpression::Operation Op
Definition: DWARFExpression.cpp:22
llvm::describeFuzzerFloatOps
void describeFuzzerFloatOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Definition: Operations.cpp:45
llvm::describeFuzzerControlFlowOps
void describeFuzzerControlFlowOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Definition: Operations.cpp:75
llvm::predecessors
auto predecessors(const MachineBasicBlock *BB)
Definition: MachineBasicBlock.h:1310
llvm::make_pointer_range
iterator_range< pointer_iterator< WrappedIteratorT > > make_pointer_range(RangeT &&Range)
Definition: iterator.h:363
llvm::describeFuzzerPointerOps
void describeFuzzerPointerOps(std::vector< fuzzerop::OpDescriptor > &Ops)
Definition: Operations.cpp:84
llvm::pred_size
unsigned pred_size(const MachineBasicBlock *BB)
Definition: MachineSSAContext.h:30
llvm::verifyModule
bool verifyModule(const Module &M, raw_ostream *OS=nullptr, bool *BrokenDebugInfo=nullptr)
Check a module for errors.
Definition: Verifier.cpp:7106
llvm::fuzzerop::OpDescriptor
A description of some operation we can build while fuzzing IR.
Definition: OpDescriptor.h:89
Generated on Sat Jun 29 2024 08:11:39 for LLVM by doxygen 1.9.6