File: spvtools_fuzz_fuzzer.cpp

package info (click to toggle)
spirv-tools 2026.1-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 28,900 kB
  • sloc: cpp: 477,281; javascript: 5,908; python: 3,326; ansic: 488; sh: 450; ruby: 88; makefile: 18; lisp: 9
file content (80 lines) | stat: -rw-r--r-- 3,199 bytes parent folder | download | duplicates (16) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
// Copyright (c) 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <cstdint>
#include <vector>

#include "source/fuzz/fuzzer.h"
#include "source/fuzz/pseudo_random_generator.h"
#include "spirv-tools/libspirv.hpp"
#include "test/fuzzers/random_generator.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  if (size == 0 || (size % sizeof(uint32_t)) != 0) {
    // An empty binary, or a binary whose size is not a multiple of word-size,
    // cannot be valid, so can be rejected immediately.
    return 0;
  }

  std::vector<uint32_t> initial_binary(size / sizeof(uint32_t));
  memcpy(initial_binary.data(), data, size);

  spvtools::ValidatorOptions validator_options;

  spvtools::MessageConsumer message_consumer =
      [](spv_message_level_t, const char*, const spv_position_t&, const char*) {
      };

  spvtools::fuzzers::RandomGenerator random_gen(data, size);
  auto target_env = random_gen.GetTargetEnv();
  std::unique_ptr<spvtools::opt::IRContext> ir_context;
  if (!spvtools::fuzz::fuzzerutil::BuildIRContext(
          target_env, message_consumer, initial_binary, validator_options,
          &ir_context)) {
    // The input is invalid - give up.
    return 0;
  }

  std::vector<spvtools::fuzz::fuzzerutil::ModuleSupplier> donor_suppliers = {
      [&initial_binary, message_consumer, target_env,
       &validator_options]() -> std::unique_ptr<spvtools::opt::IRContext> {
        std::unique_ptr<spvtools::opt::IRContext> result;
        if (!spvtools::fuzz::fuzzerutil::BuildIRContext(
                target_env, message_consumer, initial_binary, validator_options,
                &result)) {
          // The input was successfully parsed and validated first time around,
          // so something is wrong if it is now invalid.
          abort();
        }
        return result;
      }};

  uint32_t seed = random_gen.GetUInt32(std::numeric_limits<uint32_t>::max());
  auto fuzzer_context = spvtools::MakeUnique<spvtools::fuzz::FuzzerContext>(
      spvtools::MakeUnique<spvtools::fuzz::PseudoRandomGenerator>(seed),
      spvtools::fuzz::FuzzerContext::GetMinFreshId(ir_context.get()), false);

  auto transformation_context =
      spvtools::MakeUnique<spvtools::fuzz::TransformationContext>(
          spvtools::MakeUnique<spvtools::fuzz::FactManager>(ir_context.get()),
          validator_options);

  spvtools::fuzz::Fuzzer fuzzer(
      std::move(ir_context), std::move(transformation_context),
      std::move(fuzzer_context), message_consumer, donor_suppliers, false,
      spvtools::fuzz::RepeatedPassStrategy::kLoopedWithRecommendations, true,
      validator_options);
  fuzzer.Run(0);
  return 0;
}