1 //===- InjectorIRStrategyTest.cpp - Tests for injector strategy -----------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8
9 #include "llvm/ADT/StringRef.h"
10 #include "llvm/AsmParser/Parser.h"
11 #include "llvm/AsmParser/SlotMapping.h"
12 #include "llvm/FuzzMutate/IRMutator.h"
13 #include "llvm/FuzzMutate/Operations.h"
14 #include "llvm/IR/Instructions.h"
15 #include "llvm/IR/LLVMContext.h"
16 #include "llvm/IR/Module.h"
17 #include "llvm/IR/Verifier.h"
18 #include "llvm/Support/SourceMgr.h"
19
20 #include "gtest/gtest.h"
21
22 using namespace llvm;
23
24 static constexpr int Seed = 5;
25
26 namespace {
27
createInjectorMutator()28 std::unique_ptr<IRMutator> createInjectorMutator() {
29 std::vector<TypeGetter> Types{
30 Type::getInt1Ty, Type::getInt8Ty, Type::getInt16Ty, Type::getInt32Ty,
31 Type::getInt64Ty, Type::getFloatTy, Type::getDoubleTy};
32
33 std::vector<std::unique_ptr<IRMutationStrategy>> Strategies;
34 Strategies.push_back(
35 std::make_unique<InjectorIRStrategy>(
36 InjectorIRStrategy::getDefaultOps()));
37
38 return std::make_unique<IRMutator>(std::move(Types), std::move(Strategies));
39 }
40
createDeleterMutator()41 std::unique_ptr<IRMutator> createDeleterMutator() {
42 std::vector<TypeGetter> Types{
43 Type::getInt1Ty, Type::getInt8Ty, Type::getInt16Ty, Type::getInt32Ty,
44 Type::getInt64Ty, Type::getFloatTy, Type::getDoubleTy};
45
46 std::vector<std::unique_ptr<IRMutationStrategy>> Strategies;
47 Strategies.push_back(std::make_unique<InstDeleterIRStrategy>());
48
49 return std::make_unique<IRMutator>(std::move(Types), std::move(Strategies));
50 }
51
createInstModifierMutator()52 std::unique_ptr<IRMutator> createInstModifierMutator() {
53 std::vector<TypeGetter> Types{
54 Type::getInt1Ty, Type::getInt8Ty, Type::getInt16Ty, Type::getInt32Ty,
55 Type::getInt64Ty, Type::getFloatTy, Type::getDoubleTy};
56
57 std::vector<std::unique_ptr<IRMutationStrategy>> Strategies;
58 Strategies.push_back(std::make_unique<InstModificationIRStrategy>());
59
60 return std::make_unique<IRMutator>(std::move(Types), std::move(Strategies));
61 }
62
parseAssembly(const char * Assembly,LLVMContext & Context)63 std::unique_ptr<Module> parseAssembly(
64 const char *Assembly, LLVMContext &Context) {
65
66 SMDiagnostic Error;
67 std::unique_ptr<Module> M = parseAssemblyString(Assembly, Error, Context);
68
69 std::string ErrMsg;
70 raw_string_ostream OS(ErrMsg);
71 Error.print("", OS);
72
73 assert(M && !verifyModule(*M, &errs()));
74 return M;
75 }
76
IterateOnSource(StringRef Source,IRMutator & Mutator)77 void IterateOnSource(StringRef Source, IRMutator &Mutator) {
78 LLVMContext Ctx;
79
80 for (int i = 0; i < 10; ++i) {
81 auto M = parseAssembly(Source.data(), Ctx);
82 ASSERT_TRUE(M && !verifyModule(*M, &errs()));
83
84 Mutator.mutateModule(*M, Seed, Source.size(), Source.size() + 100);
85 EXPECT_TRUE(!verifyModule(*M, &errs()));
86 }
87 }
88
TEST(InjectorIRStrategyTest,EmptyModule)89 TEST(InjectorIRStrategyTest, EmptyModule) {
90 // Test that we can inject into empty module
91
92 LLVMContext Ctx;
93 auto M = std::make_unique<Module>("M", Ctx);
94 ASSERT_TRUE(M && !verifyModule(*M, &errs()));
95
96 auto Mutator = createInjectorMutator();
97 ASSERT_TRUE(Mutator);
98
99 Mutator->mutateModule(*M, Seed, 1, 1);
100 EXPECT_TRUE(!verifyModule(*M, &errs()));
101 }
102
TEST(InstDeleterIRStrategyTest,EmptyFunction)103 TEST(InstDeleterIRStrategyTest, EmptyFunction) {
104 // Test that we don't crash even if we can't remove from one of the functions.
105
106 StringRef Source = ""
107 "define <8 x i32> @func1() {\n"
108 "ret <8 x i32> undef\n"
109 "}\n"
110 "\n"
111 "define i32 @func2() {\n"
112 "%A9 = alloca i32\n"
113 "%L6 = load i32, i32* %A9\n"
114 "ret i32 %L6\n"
115 "}\n";
116
117 auto Mutator = createDeleterMutator();
118 ASSERT_TRUE(Mutator);
119
120 IterateOnSource(Source, *Mutator);
121 }
122
TEST(InstDeleterIRStrategyTest,PhiNodes)123 TEST(InstDeleterIRStrategyTest, PhiNodes) {
124 // Test that inst deleter works correctly with the phi nodes.
125
126 LLVMContext Ctx;
127 StringRef Source = "\n\
128 define i32 @earlyreturncrash(i32 %x) {\n\
129 entry:\n\
130 switch i32 %x, label %sw.epilog [\n\
131 i32 1, label %sw.bb1\n\
132 ]\n\
133 \n\
134 sw.bb1:\n\
135 br label %sw.epilog\n\
136 \n\
137 sw.epilog:\n\
138 %a.0 = phi i32 [ 7, %entry ], [ 9, %sw.bb1 ]\n\
139 %b.0 = phi i32 [ 10, %entry ], [ 4, %sw.bb1 ]\n\
140 ret i32 %a.0\n\
141 }";
142
143 auto Mutator = createDeleterMutator();
144 ASSERT_TRUE(Mutator);
145
146 IterateOnSource(Source, *Mutator);
147 }
148
checkModifyNoUnsignedAndNoSignedWrap(StringRef Opc)149 static void checkModifyNoUnsignedAndNoSignedWrap(StringRef Opc) {
150 LLVMContext Ctx;
151 std::string Source = std::string("\n\
152 define i32 @test(i32 %x) {\n\
153 %a = ") + Opc.str() +
154 std::string(" i32 %x, 10\n\
155 ret i32 %a\n\
156 }");
157
158 auto Mutator = createInstModifierMutator();
159 ASSERT_TRUE(Mutator);
160
161 auto M = parseAssembly(Source.data(), Ctx);
162 auto &F = *M->begin();
163 auto *AddI = &*F.begin()->begin();
164 ASSERT_TRUE(M && !verifyModule(*M, &errs()));
165 bool FoundNUW = false;
166 bool FoundNSW = false;
167 for (int i = 0; i < 100; ++i) {
168 Mutator->mutateModule(*M, Seed + i, Source.size(), Source.size() + 100);
169 EXPECT_TRUE(!verifyModule(*M, &errs()));
170 FoundNUW |= AddI->hasNoUnsignedWrap();
171 FoundNSW |= AddI->hasNoSignedWrap();
172 }
173
174 // The mutator should have added nuw and nsw during some mutations.
175 EXPECT_TRUE(FoundNUW);
176 EXPECT_TRUE(FoundNSW);
177 }
TEST(InstModificationIRStrategyTest,Add)178 TEST(InstModificationIRStrategyTest, Add) {
179 checkModifyNoUnsignedAndNoSignedWrap("add");
180 }
181
TEST(InstModificationIRStrategyTest,Sub)182 TEST(InstModificationIRStrategyTest, Sub) {
183 checkModifyNoUnsignedAndNoSignedWrap("sub");
184 }
185
TEST(InstModificationIRStrategyTest,Mul)186 TEST(InstModificationIRStrategyTest, Mul) {
187 checkModifyNoUnsignedAndNoSignedWrap("mul");
188 }
189
TEST(InstModificationIRStrategyTest,Shl)190 TEST(InstModificationIRStrategyTest, Shl) {
191 checkModifyNoUnsignedAndNoSignedWrap("shl");
192 }
193
TEST(InstModificationIRStrategyTest,ICmp)194 TEST(InstModificationIRStrategyTest, ICmp) {
195 LLVMContext Ctx;
196 StringRef Source = "\n\
197 define i1 @test(i32 %x) {\n\
198 %a = icmp eq i32 %x, 10\n\
199 ret i1 %a\n\
200 }";
201
202 auto Mutator = createInstModifierMutator();
203 ASSERT_TRUE(Mutator);
204
205 auto M = parseAssembly(Source.data(), Ctx);
206 auto &F = *M->begin();
207 CmpInst *CI = cast<CmpInst>(&*F.begin()->begin());
208 ASSERT_TRUE(M && !verifyModule(*M, &errs()));
209 bool FoundNE = false;
210 for (int i = 0; i < 100; ++i) {
211 Mutator->mutateModule(*M, Seed + i, Source.size(), Source.size() + 100);
212 EXPECT_TRUE(!verifyModule(*M, &errs()));
213 FoundNE |= CI->getPredicate() == CmpInst::ICMP_NE;
214 }
215
216 EXPECT_TRUE(FoundNE);
217 }
218
TEST(InstModificationIRStrategyTest,GEP)219 TEST(InstModificationIRStrategyTest, GEP) {
220 LLVMContext Ctx;
221 StringRef Source = "\n\
222 define i32* @test(i32* %ptr) {\n\
223 %gep = getelementptr i32, i32* %ptr, i32 10\n\
224 ret i32* %gep\n\
225 }";
226
227 auto Mutator = createInstModifierMutator();
228 ASSERT_TRUE(Mutator);
229
230 auto M = parseAssembly(Source.data(), Ctx);
231 auto &F = *M->begin();
232 GetElementPtrInst *GEP = cast<GetElementPtrInst>(&*F.begin()->begin());
233 ASSERT_TRUE(M && !verifyModule(*M, &errs()));
234 bool FoundInbounds = false;
235 for (int i = 0; i < 100; ++i) {
236 Mutator->mutateModule(*M, Seed + i, Source.size(), Source.size() + 100);
237 EXPECT_TRUE(!verifyModule(*M, &errs()));
238 FoundInbounds |= GEP->isInBounds();
239 }
240
241 EXPECT_TRUE(FoundInbounds);
242 }
243 }
244