LLVM  14.0.0git
IRMutator.h
Go to the documentation of this file.
1 //===-- IRMutator.h - Mutation engine for fuzzing IR ------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Provides the IRMutator class, which drives mutations on IR based on a
10 // configurable set of strategies. Some common strategies are also included
11 // here.
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #ifndef LLVM_FUZZMUTATE_IRMUTATOR_H
16 #define LLVM_FUZZMUTATE_IRMUTATOR_H
17 
18 #include "llvm/ADT/Optional.h"
21 
22 namespace llvm {
23 class BasicBlock;
24 class Function;
25 class Instruction;
26 class Module;
27 
28 struct RandomIRBuilder;
29 
30 /// Base class for describing how to mutate a module. mutation functions for
31 /// each IR unit forward to the contained unit.
33 public:
34  virtual ~IRMutationStrategy() = default;
35 
36  /// Provide a weight to bias towards choosing this strategy for a mutation.
37  ///
38  /// The value of the weight is arbitrary, but a good default is "the number of
39  /// distinct ways in which this strategy can mutate a unit". This can also be
40  /// used to prefer strategies that shrink the overall size of the result when
41  /// we start getting close to \c MaxSize.
42  virtual uint64_t getWeight(size_t CurrentSize, size_t MaxSize,
43  uint64_t CurrentWeight) = 0;
44 
45  /// @{
46  /// Mutators for each IR unit. By default these forward to a contained
47  /// instance of the next smaller unit.
48  virtual void mutate(Module &M, RandomIRBuilder &IB);
49  virtual void mutate(Function &F, RandomIRBuilder &IB);
50  virtual void mutate(BasicBlock &BB, RandomIRBuilder &IB);
51  virtual void mutate(Instruction &I, RandomIRBuilder &IB) {
52  llvm_unreachable("Strategy does not implement any mutators");
53  }
54  /// @}
55 };
56 
58 
59 /// Entry point for configuring and running IR mutations.
60 class IRMutator {
61  std::vector<TypeGetter> AllowedTypes;
62  std::vector<std::unique_ptr<IRMutationStrategy>> Strategies;
63 
64 public:
65  IRMutator(std::vector<TypeGetter> &&AllowedTypes,
66  std::vector<std::unique_ptr<IRMutationStrategy>> &&Strategies)
67  : AllowedTypes(std::move(AllowedTypes)),
68  Strategies(std::move(Strategies)) {}
69 
70  void mutateModule(Module &M, int Seed, size_t CurSize, size_t MaxSize);
71 };
72 
73 /// Strategy that injects operations into the function.
75  std::vector<fuzzerop::OpDescriptor> Operations;
76 
77  Optional<fuzzerop::OpDescriptor> chooseOperation(Value *Src,
78  RandomIRBuilder &IB);
79 
80 public:
81  InjectorIRStrategy(std::vector<fuzzerop::OpDescriptor> &&Operations)
82  : Operations(std::move(Operations)) {}
83  static std::vector<fuzzerop::OpDescriptor> getDefaultOps();
84 
85  uint64_t getWeight(size_t CurrentSize, size_t MaxSize,
86  uint64_t CurrentWeight) override {
87  return Operations.size();
88  }
89 
91  void mutate(Function &F, RandomIRBuilder &IB) override;
92  void mutate(BasicBlock &BB, RandomIRBuilder &IB) override;
93 };
94 
96 public:
97  uint64_t getWeight(size_t CurrentSize, size_t MaxSize,
98  uint64_t CurrentWeight) override;
99 
101  void mutate(Function &F, RandomIRBuilder &IB) override;
102  void mutate(Instruction &Inst, RandomIRBuilder &IB) override;
103 };
104 
106 public:
107  uint64_t getWeight(size_t CurrentSize, size_t MaxSize,
108  uint64_t CurrentWeight) override {
109  return 4;
110  }
111 
113  void mutate(Instruction &Inst, RandomIRBuilder &IB) override;
114 };
115 
116 } // end llvm namespace
117 
118 #endif // LLVM_FUZZMUTATE_IRMUTATOR_H
OpDescriptor.h
llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AllocatorList.h:23
M
We currently emits eax Perhaps this is what we really should generate is Is imull three or four cycles eax eax The current instruction priority is based on pattern complexity The former is more complex because it folds a load so the latter will not be emitted Perhaps we should use AddedComplexity to give LEA32r a higher priority We should always try to match LEA first since the LEA matching code does some estimate to determine whether the match is profitable if we care more about code then imull is better It s two bytes shorter than movl leal On a Pentium M
Definition: README.txt:252
Optional.h
llvm::InstModificationIRStrategy::getWeight
uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override
Provide a weight to bias towards choosing this strategy for a mutation.
Definition: IRMutator.h:107
llvm::Function
Definition: Function.h:62
llvm::InstDeleterIRStrategy::getWeight
uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override
Provide a weight to bias towards choosing this strategy for a mutation.
Definition: IRMutator.cpp:139
ErrorHandling.h
llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45
llvm::InstModificationIRStrategy::mutate
void mutate(Instruction &Inst, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:204
llvm::Optional
Definition: APInt.h:33
F
#define F(x, y, z)
Definition: MD5.cpp:56
llvm::BasicBlock
LLVM Basic Block Representation.
Definition: BasicBlock.h:58
llvm::InjectorIRStrategy::InjectorIRStrategy
InjectorIRStrategy(std::vector< fuzzerop::OpDescriptor > &&Operations)
Definition: IRMutator.h:81
llvm::InjectorIRStrategy::getWeight
uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight) override
Provide a weight to bias towards choosing this strategy for a mutation.
Definition: IRMutator.h:85
llvm::Instruction
Definition: Instruction.h:45
llvm::InjectorIRStrategy
Strategy that injects operations into the function.
Definition: IRMutator.h:74
llvm::TypeGetter
std::function< Type *(LLVMContext &)> TypeGetter
Definition: IRMutator.h:57
llvm::IRMutationStrategy::mutate
virtual void mutate(Instruction &I, RandomIRBuilder &IB)
Definition: IRMutator.h:51
llvm::InjectorIRStrategy::mutate
void mutate(Function &F, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:79
Seed
static ManagedStatic< cl::opt< uint64_t >, CreateSeed > Seed
Definition: RandomNumberGenerator.cpp:40
llvm::InstDeleterIRStrategy
Definition: IRMutator.h:95
llvm::IRMutator
Entry point for configuring and running IR mutations.
Definition: IRMutator.h:60
uint64_t
llvm::InstModificationIRStrategy
Definition: IRMutator.h:105
llvm::LLVMContext
This is an important class for using LLVM in a threaded context.
Definition: LLVMContext.h:68
llvm::IRMutationStrategy::getWeight
virtual uint64_t getWeight(size_t CurrentSize, size_t MaxSize, uint64_t CurrentWeight)=0
Provide a weight to bias towards choosing this strategy for a mutation.
llvm::InstDeleterIRStrategy::mutate
void mutate(Function &F, RandomIRBuilder &IB) override
Definition: IRMutator.cpp:156
I
#define I(x, y, z)
Definition: MD5.cpp:59
llvm::move
OutputIt move(R &&Range, OutputIt Out)
Provide wrappers to std::move which take ranges instead of having to pass begin/end explicitly.
Definition: STLExtras.h:1658
llvm::ISD::BasicBlock
@ BasicBlock
Various leaf nodes.
Definition: ISDOpcodes.h:71
function
print Print MemDeps of function
Definition: MemDepPrinter.cpp:83
llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:67
llvm::IRMutationStrategy
Base class for describing how to mutate a module.
Definition: IRMutator.h:32
llvm::IRMutationStrategy::~IRMutationStrategy
virtual ~IRMutationStrategy()=default
llvm_unreachable
#define llvm_unreachable(msg)
Marks that the current location is not supposed to be reachable.
Definition: ErrorHandling.h:134
Module
Machine Check Debug Module
Definition: MachineCheckDebugify.cpp:122
llvm::RandomIRBuilder
Definition: RandomIRBuilder.h:25
llvm::InjectorIRStrategy::getDefaultOps
static std::vector< fuzzerop::OpDescriptor > getDefaultOps()
Definition: IRMutator.cpp:84
std
Definition: BitVector.h:838
llvm::IRMutationStrategy::mutate
virtual void mutate(Module &M, RandomIRBuilder &IB)
Definition: IRMutator.cpp:35
llvm::IRMutator::mutateModule
void mutateModule(Module &M, int Seed, size_t CurSize, size_t MaxSize)
Definition: IRMutator.cpp:54
BB
Common register allocation spilling lr str ldr sxth r3 ldr mla r4 can lr mov lr str ldr sxth r3 mla r4 and then merge mul and lr str ldr sxth r3 mla r4 It also increase the likelihood the store may become dead bb27 Successors according to LLVM BB
Definition: README.txt:39
llvm::IRMutator::IRMutator
IRMutator(std::vector< TypeGetter > &&AllowedTypes, std::vector< std::unique_ptr< IRMutationStrategy >> &&Strategies)
Definition: IRMutator.h:65
llvm::Value
LLVM Value Representation.
Definition: Value.h:74
llvm::codeview::PublicSymFlags::Function
@ Function