Google Git
Sign in
llvm / llvm-project / llvm / refs/heads/main / . / include / llvm / FuzzMutate / RandomIRBuilder.h
blob: 1a422fcc0be6ed369f709411f80a9fbcfbc2bb58 [file] [log] [blame]
//===- RandomIRBuilder.h - Utils for randomly mutation IR -------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// Provides the Mutator class, which is used to mutate IR for fuzzing.
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_FUZZMUTATE_RANDOMIRBUILDER_H
#define LLVM_FUZZMUTATE_RANDOMIRBUILDER_H
#include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/SmallVector.h"
#include <random>
namespace llvm {
class AllocaInst;
class BasicBlock;
class Function;
class GlobalVariable;
class Instruction;
class LLVMContext;
class Module;
class Type;
class Value;
namespace fuzzerop {
class SourcePred;
}
using RandomEngine = std::mt19937;
struct RandomIRBuilder {
RandomEngine Rand;
SmallVector<Type *, 16> KnownTypes;
uint64_t MinArgNum = 0;
uint64_t MaxArgNum = 5;
uint64_t MinFunctionNum = 1;
RandomIRBuilder(int Seed, ArrayRef<Type *> AllowedTypes)
: Rand(Seed), KnownTypes(AllowedTypes.begin(), AllowedTypes.end()) {}
// TODO: Try to make this a bit less of a random mishmash of functions.
/// Create a stack memory at the head of the function, store \c Init to the
/// memory if provided.
AllocaInst *createStackMemory(Function *F, Type *Ty, Value *Init = nullptr);
/// Find or create a global variable. It will be initialized by random
/// constants that satisfies \c Pred. It will also report whether this global
/// variable found or created.
std::pair<GlobalVariable *, bool>
findOrCreateGlobalVariable(Module *M, ArrayRef<Value *> Srcs,
fuzzerop::SourcePred Pred);
enum SourceType {
SrcFromInstInCurBlock,
FunctionArgument,
InstInDominator,
SrcFromGlobalVariable,
NewConstOrStack,
EndOfValueSource,
};
/// Find a "source" for some operation, which will be used in one of the
/// operation's operands. This either selects an instruction in \c Insts or
/// returns some new arbitrary Value.
Value *findOrCreateSource(BasicBlock &BB, ArrayRef<Instruction *> Insts);
/// Find a "source" for some operation, which will be used in one of the
/// operation's operands. This either selects an instruction in \c Insts that
/// matches \c Pred, or returns some new Value that matches \c Pred. The
/// values in \c Srcs should be source operands that have already been
/// selected.
Value *findOrCreateSource(BasicBlock &BB, ArrayRef<Instruction *> Insts,
ArrayRef<Value *> Srcs, fuzzerop::SourcePred Pred,
bool allowConstant = true);
/// Create some Value suitable as a source for some operation.
Value *newSource(BasicBlock &BB, ArrayRef<Instruction *> Insts,
ArrayRef<Value *> Srcs, fuzzerop::SourcePred Pred,
bool allowConstant = true);
enum SinkType {
/// TODO: Also consider pointers in function argument.
SinkToInstInCurBlock,
PointersInDominator,
InstInDominatee,
NewStore,
SinkToGlobalVariable,
EndOfValueSink,
};
/// Find a viable user for \c V in \c Insts, which should all be contained in
/// \c BB. This may also create some new instruction in \c BB and use that.
Instruction *connectToSink(BasicBlock &BB, ArrayRef<Instruction *> Insts,
Value *V);
/// Create a user for \c V in \c BB.
Instruction *newSink(BasicBlock &BB, ArrayRef<Instruction *> Insts, Value *V);
Value *findPointer(BasicBlock &BB, ArrayRef<Instruction *> Insts);
/// Return a uniformly choosen type from \c AllowedTypes
Type *randomType();
Function *createFunctionDeclaration(Module &M, uint64_t ArgNum);
Function *createFunctionDeclaration(Module &M);
Function *createFunctionDefinition(Module &M, uint64_t ArgNum);
Function *createFunctionDefinition(Module &M);
};
} // namespace llvm
#endif // LLVM_FUZZMUTATE_RANDOMIRBUILDER_H