xref: /freebsd/contrib/llvm-project/llvm/include/llvm/FuzzMutate/RandomIRBuilder.h (revision 06c3fb2749bda94cb5201f81ffdb8fa6c3161b2e) 
1 //===- RandomIRBuilder.h - Utils for randomly mutation IR -------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // Provides the Mutator class, which is used to mutate IR for fuzzing.
10 //
11 //===----------------------------------------------------------------------===//
12 
13 #ifndef LLVM_FUZZMUTATE_RANDOMIRBUILDER_H
14 #define LLVM_FUZZMUTATE_RANDOMIRBUILDER_H
15 
16 #include "llvm/ADT/ArrayRef.h"
17 #include "llvm/ADT/SmallVector.h"
18 #include <random>
19 
20 namespace llvm {
21 class AllocaInst;
22 class BasicBlock;
23 class Function;
24 class GlobalVariable;
25 class Instruction;
26 class LLVMContext;
27 class Module;
28 class Type;
29 class Value;
30 
31 namespace fuzzerop {
32 class SourcePred;
33 }
34 
35 using RandomEngine = std::mt19937;
36 
37 struct RandomIRBuilder {
38   RandomEngine Rand;
39   SmallVector<Type *, 16> KnownTypes;
40 
41   uint64_t MinArgNum = 0;
42   uint64_t MaxArgNum = 5;
43   uint64_t MinFunctionNum = 1;
44 
RandomIRBuilderRandomIRBuilder45   RandomIRBuilder(int Seed, ArrayRef<Type *> AllowedTypes)
46       : Rand(Seed), KnownTypes(AllowedTypes.begin(), AllowedTypes.end()) {}
47 
48   // TODO: Try to make this a bit less of a random mishmash of functions.
49 
50   /// Create a stack memory at the head of the function, store \c Init to the
51   /// memory if provided.
52   AllocaInst *createStackMemory(Function *F, Type *Ty, Value *Init = nullptr);
53   /// Find or create a global variable. It will be initialized by random
54   /// constants that satisfies \c Pred. It will also report whether this global
55   /// variable found or created.
56   std::pair<GlobalVariable *, bool>
57   findOrCreateGlobalVariable(Module *M, ArrayRef<Value *> Srcs,
58                              fuzzerop::SourcePred Pred);
59   enum SourceType {
60     SrcFromInstInCurBlock,
61     FunctionArgument,
62     InstInDominator,
63     SrcFromGlobalVariable,
64     NewConstOrStack,
65     EndOfValueSource,
66   };
67   /// Find a "source" for some operation, which will be used in one of the
68   /// operation's operands. This either selects an instruction in \c Insts or
69   /// returns some new arbitrary Value.
70   Value *findOrCreateSource(BasicBlock &BB, ArrayRef<Instruction *> Insts);
71   /// Find a "source" for some operation, which will be used in one of the
72   /// operation's operands. This either selects an instruction in \c Insts that
73   /// matches \c Pred, or returns some new Value that matches \c Pred. The
74   /// values in \c Srcs should be source operands that have already been
75   /// selected.
76   Value *findOrCreateSource(BasicBlock &BB, ArrayRef<Instruction *> Insts,
77                             ArrayRef<Value *> Srcs, fuzzerop::SourcePred Pred,
78                             bool allowConstant = true);
79   /// Create some Value suitable as a source for some operation.
80   Value *newSource(BasicBlock &BB, ArrayRef<Instruction *> Insts,
81                    ArrayRef<Value *> Srcs, fuzzerop::SourcePred Pred,
82                    bool allowConstant = true);
83 
84   enum SinkType {
85     /// TODO: Also consider pointers in function argument.
86     SinkToInstInCurBlock,
87     PointersInDominator,
88     InstInDominatee,
89     NewStore,
90     SinkToGlobalVariable,
91     EndOfValueSink,
92   };
93   /// Find a viable user for \c V in \c Insts, which should all be contained in
94   /// \c BB. This may also create some new instruction in \c BB and use that.
95   Instruction *connectToSink(BasicBlock &BB, ArrayRef<Instruction *> Insts,
96                              Value *V);
97   /// Create a user for \c V in \c BB.
98   Instruction *newSink(BasicBlock &BB, ArrayRef<Instruction *> Insts, Value *V);
99   Value *findPointer(BasicBlock &BB, ArrayRef<Instruction *> Insts);
100   /// Return a uniformly choosen type from \c AllowedTypes
101   Type *randomType();
102   Function *createFunctionDeclaration(Module &M, uint64_t ArgNum);
103   Function *createFunctionDeclaration(Module &M);
104   Function *createFunctionDefinition(Module &M, uint64_t ArgNum);
105   Function *createFunctionDefinition(Module &M);
106 };
107 
108 } // namespace llvm
109 
110 #endif // LLVM_FUZZMUTATE_RANDOMIRBUILDER_H
111