Google Git
Sign in
swiftshader / SwiftShader / 94692cd39626ab736f55352d22bf928a6d70aff8 / . / third_party / SPIRV-Tools / test / fuzz / transformation_load_test.cpp
blob: 370826eb8255ded4cd4772e8b60eaf2c523749e1 [file] [log] [blame]
// Copyright (c) 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "source/fuzz/transformation_load.h"
#include "gtest/gtest.h"
#include "source/fuzz/fuzzer_util.h"
#include "source/fuzz/instruction_descriptor.h"
#include "test/fuzz/fuzz_test_util.h"
namespace spvtools {
namespace fuzz {
namespace {
TEST(TransformationLoadTest, BasicTest) {
std::string shader = R"(
OpCapability Shader
OpCapability VariablePointers
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 310
%2 = OpTypeVoid
%3 = OpTypeFunction %2
%6 = OpTypeInt 32 1
%7 = OpTypeFloat 32
%8 = OpTypeStruct %6 %7
%9 = OpTypePointer Function %8
%10 = OpTypeFunction %6 %9
%14 = OpConstant %6 0
%15 = OpTypePointer Function %6
%51 = OpTypePointer Private %6
%21 = OpConstant %6 2
%23 = OpConstant %6 1
%24 = OpConstant %7 1
%25 = OpTypePointer Function %7
%50 = OpTypePointer Private %7
%34 = OpTypeBool
%35 = OpConstantFalse %34
%60 = OpConstantNull %50
%52 = OpVariable %50 Private
%53 = OpVariable %51 Private
%4 = OpFunction %2 None %3
%5 = OpLabel
%20 = OpVariable %9 Function
%27 = OpVariable %9 Function ; irrelevant
%22 = OpAccessChain %15 %20 %14
%44 = OpCopyObject %9 %20
%26 = OpAccessChain %25 %20 %23
%29 = OpFunctionCall %6 %12 %27
%30 = OpAccessChain %15 %20 %14
%45 = OpCopyObject %15 %30
%33 = OpAccessChain %15 %20 %14
OpSelectionMerge %37 None
OpBranchConditional %35 %36 %37
%36 = OpLabel
%38 = OpAccessChain %15 %20 %14
%40 = OpAccessChain %15 %20 %14
%43 = OpAccessChain %15 %20 %14
OpBranch %37
%37 = OpLabel
OpReturn
OpFunctionEnd
%12 = OpFunction %6 None %10
%11 = OpFunctionParameter %9 ; irrelevant
%13 = OpLabel
%46 = OpCopyObject %9 %11 ; irrelevant
%16 = OpAccessChain %15 %11 %14 ; irrelevant
OpReturnValue %21
OpFunctionEnd
)";
const auto env = SPV_ENV_UNIVERSAL_1_4;
const auto consumer = nullptr;
const auto context = BuildModule(env, consumer, shader, kFuzzAssembleOption);
spvtools::ValidatorOptions validator_options;
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(context.get(), validator_options,
kConsoleMessageConsumer));
TransformationContext transformation_context(
MakeUnique<FactManager>(context.get()), validator_options);
transformation_context.GetFactManager()->AddFactValueOfPointeeIsIrrelevant(
27);
transformation_context.GetFactManager()->AddFactValueOfPointeeIsIrrelevant(
11);
transformation_context.GetFactManager()->AddFactValueOfPointeeIsIrrelevant(
46);
transformation_context.GetFactManager()->AddFactValueOfPointeeIsIrrelevant(
16);
transformation_context.GetFactManager()->AddFactValueOfPointeeIsIrrelevant(
52);
transformation_context.GetFactManager()->AddFactBlockIsDead(36);
// Variables with pointee types:
// 52 - ptr_to(7)
// 53 - ptr_to(6)
// 20 - ptr_to(8)
// 27 - ptr_to(8) - irrelevant
// Access chains with pointee type:
// 22 - ptr_to(6)
// 26 - ptr_to(6)
// 30 - ptr_to(6)
// 33 - ptr_to(6)
// 38 - ptr_to(6)
// 40 - ptr_to(6)
// 43 - ptr_to(6)
// 16 - ptr_to(6) - irrelevant
// Copied object with pointee type:
// 44 - ptr_to(8)
// 45 - ptr_to(6)
// 46 - ptr_to(8) - irrelevant
// Function parameters with pointee type:
// 11 - ptr_to(8) - irrelevant
// Pointers that cannot be used:
// 60 - null
// Bad: id is not fresh
ASSERT_FALSE(
TransformationLoad(33, 33, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: attempt to load from 11 from outside its function
ASSERT_FALSE(
TransformationLoad(100, 11, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: pointer is not available
ASSERT_FALSE(
TransformationLoad(100, 33, false, 0, 0,
MakeInstructionDescriptor(45, SpvOpCopyObject, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: attempt to insert before OpVariable
ASSERT_FALSE(
TransformationLoad(100, 27, false, 0, 0,
MakeInstructionDescriptor(27, SpvOpVariable, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: pointer id does not exist
ASSERT_FALSE(
TransformationLoad(100, 1000, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: pointer id exists but does not have a type
ASSERT_FALSE(
TransformationLoad(100, 5, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: pointer id exists and has a type, but is not a pointer
ASSERT_FALSE(
TransformationLoad(100, 24, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: attempt to load from null pointer
ASSERT_FALSE(
TransformationLoad(100, 60, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: %40 is not available at the program point
ASSERT_FALSE(TransformationLoad(100, 40, false, 0, 0,
MakeInstructionDescriptor(37, SpvOpReturn, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: The described instruction does not exist
ASSERT_FALSE(
TransformationLoad(100, 33, false, 0, 0,
MakeInstructionDescriptor(1000, SpvOpReturn, 0))
.IsApplicable(context.get(), transformation_context));
{
TransformationLoad transformation(
100, 33, false, 0, 0,
MakeInstructionDescriptor(38, SpvOpAccessChain, 0));
ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(),
&transformation_context);
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(
context.get(), validator_options, kConsoleMessageConsumer));
}
{
TransformationLoad transformation(
101, 46, false, 0, 0,
MakeInstructionDescriptor(16, SpvOpReturnValue, 0));
ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(),
&transformation_context);
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(
context.get(), validator_options, kConsoleMessageConsumer));
}
{
TransformationLoad transformation(
102, 16, false, 0, 0,
MakeInstructionDescriptor(16, SpvOpReturnValue, 0));
ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(),
&transformation_context);
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(
context.get(), validator_options, kConsoleMessageConsumer));
}
{
TransformationLoad transformation(
103, 40, false, 0, 0,
MakeInstructionDescriptor(43, SpvOpAccessChain, 0));
ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(),
&transformation_context);
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(
context.get(), validator_options, kConsoleMessageConsumer));
}
std::string after_transformation = R"(
OpCapability Shader
OpCapability VariablePointers
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 310
%2 = OpTypeVoid
%3 = OpTypeFunction %2
%6 = OpTypeInt 32 1
%7 = OpTypeFloat 32
%8 = OpTypeStruct %6 %7
%9 = OpTypePointer Function %8
%10 = OpTypeFunction %6 %9
%14 = OpConstant %6 0
%15 = OpTypePointer Function %6
%51 = OpTypePointer Private %6
%21 = OpConstant %6 2
%23 = OpConstant %6 1
%24 = OpConstant %7 1
%25 = OpTypePointer Function %7
%50 = OpTypePointer Private %7
%34 = OpTypeBool
%35 = OpConstantFalse %34
%60 = OpConstantNull %50
%52 = OpVariable %50 Private
%53 = OpVariable %51 Private
%4 = OpFunction %2 None %3
%5 = OpLabel
%20 = OpVariable %9 Function
%27 = OpVariable %9 Function ; irrelevant
%22 = OpAccessChain %15 %20 %14
%44 = OpCopyObject %9 %20
%26 = OpAccessChain %25 %20 %23
%29 = OpFunctionCall %6 %12 %27
%30 = OpAccessChain %15 %20 %14
%45 = OpCopyObject %15 %30
%33 = OpAccessChain %15 %20 %14
OpSelectionMerge %37 None
OpBranchConditional %35 %36 %37
%36 = OpLabel
%100 = OpLoad %6 %33
%38 = OpAccessChain %15 %20 %14
%40 = OpAccessChain %15 %20 %14
%103 = OpLoad %6 %40
%43 = OpAccessChain %15 %20 %14
OpBranch %37
%37 = OpLabel
OpReturn
OpFunctionEnd
%12 = OpFunction %6 None %10
%11 = OpFunctionParameter %9 ; irrelevant
%13 = OpLabel
%46 = OpCopyObject %9 %11 ; irrelevant
%16 = OpAccessChain %15 %11 %14 ; irrelevant
%101 = OpLoad %8 %46
%102 = OpLoad %6 %16
OpReturnValue %21
OpFunctionEnd
)";
ASSERT_TRUE(IsEqual(env, after_transformation, context.get()));
}
TEST(TransformationLoadTest, AtomicLoadTestCase) {
const std::string shader = R"(
OpCapability Shader
OpCapability Int8
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 320
%2 = OpTypeVoid
%3 = OpTypeFunction %2
%6 = OpTypeInt 32 1
%7 = OpTypeInt 8 1
%9 = OpTypeInt 32 0
%26 = OpTypeFloat 32
%8 = OpTypeStruct %6
%10 = OpTypePointer StorageBuffer %8
%11 = OpVariable %10 StorageBuffer
%19 = OpConstant %26 0
%18 = OpConstant %9 1
%12 = OpConstant %6 0
%13 = OpTypePointer StorageBuffer %6
%15 = OpConstant %6 4
%16 = OpConstant %6 7
%17 = OpConstant %7 4
%20 = OpConstant %9 64
%4 = OpFunction %2 None %3
%5 = OpLabel
%14 = OpAccessChain %13 %11 %12
%24 = OpAccessChain %13 %11 %12
OpReturn
OpFunctionEnd
)";
const auto env = SPV_ENV_UNIVERSAL_1_3;
const auto consumer = nullptr;
const auto context = BuildModule(env, consumer, shader, kFuzzAssembleOption);
spvtools::ValidatorOptions validator_options;
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(context.get(), validator_options,
kConsoleMessageConsumer));
TransformationContext transformation_context(
MakeUnique<FactManager>(context.get()), validator_options);
// Bad: id is not fresh.
ASSERT_FALSE(
TransformationLoad(14, 14, true, 15, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: id 100 of memory scope instruction does not exist.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 100, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: id 100 of memory semantics instruction does not exist.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 15, 100,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: memory scope should be |OpConstant| opcode.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 5, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: memory semantics should be |OpConstant| opcode.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 15, 5,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: The memory scope instruction must have an Integer operand.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 15, 19,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: The memory memory semantics instruction must have an Integer operand.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 19, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: Integer size of the memory scope must be equal to 32 bits.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 17, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: Integer size of memory semantics must be equal to 32 bits.
ASSERT_FALSE(
TransformationLoad(21, 14, true, 15, 17,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: memory scope value must be 4 (SpvScopeInvocation).
ASSERT_FALSE(
TransformationLoad(21, 14, true, 16, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: memory semantics value must be either:
// 64 (SpvMemorySemanticsUniformMemoryMask)
// 256 (SpvMemorySemanticsWorkgroupMemoryMask)
ASSERT_FALSE(
TransformationLoad(21, 14, true, 15, 16,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: The described instruction does not exist
ASSERT_FALSE(
TransformationLoad(21, 14, false, 15, 20,
MakeInstructionDescriptor(150, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Successful transformations.
{
TransformationLoad transformation(
21, 14, true, 15, 20,
MakeInstructionDescriptor(24, SpvOpAccessChain, 0));
ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(),
&transformation_context);
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(
context.get(), validator_options, kConsoleMessageConsumer));
}
const std::string after_transformation = R"(
OpCapability Shader
OpCapability Int8
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 320
%2 = OpTypeVoid
%3 = OpTypeFunction %2
%6 = OpTypeInt 32 1
%7 = OpTypeInt 8 1
%9 = OpTypeInt 32 0
%26 = OpTypeFloat 32
%8 = OpTypeStruct %6
%10 = OpTypePointer StorageBuffer %8
%11 = OpVariable %10 StorageBuffer
%19 = OpConstant %26 0
%18 = OpConstant %9 1
%12 = OpConstant %6 0
%13 = OpTypePointer StorageBuffer %6
%15 = OpConstant %6 4
%16 = OpConstant %6 7
%17 = OpConstant %7 4
%20 = OpConstant %9 64
%4 = OpFunction %2 None %3
%5 = OpLabel
%14 = OpAccessChain %13 %11 %12
%21 = OpAtomicLoad %6 %14 %15 %20
%24 = OpAccessChain %13 %11 %12
OpReturn
OpFunctionEnd
)";
ASSERT_TRUE(IsEqual(env, after_transformation, context.get()));
}
TEST(TransformationLoadTest, AtomicLoadTestCaseForWorkgroupMemory) {
std::string shader = R"(
OpCapability Shader
OpCapability Int8
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 310
%2 = OpTypeVoid
%3 = OpTypeFunction %2
%6 = OpTypeInt 32 1
%26 = OpTypeFloat 32
%27 = OpTypeInt 8 1
%7 = OpTypeInt 32 0 ; 0 means unsigned
%8 = OpConstant %7 0
%17 = OpConstant %27 4
%19 = OpConstant %26 0
%9 = OpTypePointer Function %6
%13 = OpTypeStruct %6
%12 = OpTypePointer Workgroup %13
%11 = OpVariable %12 Workgroup
%14 = OpConstant %6 0
%15 = OpTypePointer Function %6
%51 = OpTypePointer Private %6
%21 = OpConstant %6 4
%23 = OpConstant %6 256
%25 = OpTypePointer Function %7
%50 = OpTypePointer Workgroup %6
%34 = OpTypeBool
%35 = OpConstantFalse %34
%53 = OpVariable %51 Private
%4 = OpFunction %2 None %3
%5 = OpLabel
OpSelectionMerge %37 None
OpBranchConditional %35 %36 %37
%36 = OpLabel
%38 = OpAccessChain %50 %11 %14
%40 = OpAccessChain %50 %11 %14
OpBranch %37
%37 = OpLabel
OpReturn
OpFunctionEnd
)";
const auto env = SPV_ENV_UNIVERSAL_1_3;
const auto consumer = nullptr;
const auto context = BuildModule(env, consumer, shader, kFuzzAssembleOption);
spvtools::ValidatorOptions validator_options;
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(context.get(), validator_options,
kConsoleMessageConsumer));
TransformationContext transformation_context(
MakeUnique<FactManager>(context.get()), validator_options);
// Bad: Can't insert OpAccessChain before the id 23 of memory scope.
ASSERT_FALSE(
TransformationLoad(60, 38, true, 21, 23,
MakeInstructionDescriptor(23, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Bad: Can't insert OpAccessChain before the id 23 of memory semantics.
ASSERT_FALSE(
TransformationLoad(60, 38, true, 21, 23,
MakeInstructionDescriptor(21, SpvOpAccessChain, 0))
.IsApplicable(context.get(), transformation_context));
// Successful transformations.
{
TransformationLoad transformation(
60, 38, true, 21, 23,
MakeInstructionDescriptor(40, SpvOpAccessChain, 0));
ASSERT_TRUE(
transformation.IsApplicable(context.get(), transformation_context));
ApplyAndCheckFreshIds(transformation, context.get(),
&transformation_context);
ASSERT_TRUE(fuzzerutil::IsValidAndWellFormed(
context.get(), validator_options, kConsoleMessageConsumer));
}
std::string after_transformation = R"(
OpCapability Shader
OpCapability Int8
%1 = OpExtInstImport "GLSL.std.450"
OpMemoryModel Logical GLSL450
OpEntryPoint Fragment %4 "main"
OpExecutionMode %4 OriginUpperLeft
OpSource ESSL 310
%2 = OpTypeVoid
%3 = OpTypeFunction %2
%6 = OpTypeInt 32 1
%26 = OpTypeFloat 32
%27 = OpTypeInt 8 1
%7 = OpTypeInt 32 0 ; 0 means unsigned
%8 = OpConstant %7 0
%17 = OpConstant %27 4
%19 = OpConstant %26 0
%9 = OpTypePointer Function %6
%13 = OpTypeStruct %6
%12 = OpTypePointer Workgroup %13
%11 = OpVariable %12 Workgroup
%14 = OpConstant %6 0
%15 = OpTypePointer Function %6
%51 = OpTypePointer Private %6
%21 = OpConstant %6 4
%23 = OpConstant %6 256
%25 = OpTypePointer Function %7
%50 = OpTypePointer Workgroup %6
%34 = OpTypeBool
%35 = OpConstantFalse %34
%53 = OpVariable %51 Private
%4 = OpFunction %2 None %3
%5 = OpLabel
OpSelectionMerge %37 None
OpBranchConditional %35 %36 %37
%36 = OpLabel
%38 = OpAccessChain %50 %11 %14
%60 = OpAtomicLoad %6 %38 %21 %23
%40 = OpAccessChain %50 %11 %14
OpBranch %37
%37 = OpLabel
OpReturn
OpFunctionEnd
)";
ASSERT_TRUE(IsEqual(env, after_transformation, context.get()));
}
} // namespace
} // namespace fuzz
} // namespace spvtools