1//===- RandomIRBuilder.h - Utils for randomly mutation IR -------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// Provides the Mutator class, which is used to mutate IR for fuzzing.
10//
11//===----------------------------------------------------------------------===//
12
13#ifndef LLVM_FUZZMUTATE_RANDOMIRBUILDER_H
14#define LLVM_FUZZMUTATE_RANDOMIRBUILDER_H
15
16#include "llvm/ADT/ArrayRef.h"
17#include "llvm/ADT/SmallVector.h"
18#include <random>
19
20namespace llvm {
21class AllocaInst;
22class BasicBlock;
23class Function;
24class GlobalVariable;
25class Instruction;
26class LLVMContext;
27class Module;
28class Type;
29class Value;
30
31namespace fuzzerop {
32class SourcePred;
33}
34
35using RandomEngine = std::mt19937;
36
37struct RandomIRBuilder {
38 RandomEngine Rand;
39 SmallVector<Type *, 16> KnownTypes;
40
41 uint64_t MinArgNum = 0;
42 uint64_t MaxArgNum = 5;
43 uint64_t MinFunctionNum = 1;
44
45 RandomIRBuilder(int Seed, ArrayRef<Type *> AllowedTypes)
46 : Rand(Seed), KnownTypes(AllowedTypes.begin(), AllowedTypes.end()) {}
47
48 // TODO: Try to make this a bit less of a random mishmash of functions.
49
50 /// Create a stack memory at the head of the function, store \c Init to the
51 /// memory if provided.
52 AllocaInst *createStackMemory(Function *F, Type *Ty, Value *Init = nullptr);
53 /// Find or create a global variable. It will be initialized by random
54 /// constants that satisfies \c Pred. It will also report whether this global
55 /// variable found or created.
56 std::pair<GlobalVariable *, bool>
57 findOrCreateGlobalVariable(Module *M, ArrayRef<Value *> Srcs,
58 fuzzerop::SourcePred Pred);
59 enum SourceType {
60 SrcFromInstInCurBlock,
61 FunctionArgument,
62 InstInDominator,
63 SrcFromGlobalVariable,
64 NewConstOrStack,
65 EndOfValueSource,
66 };
67 /// Find a "source" for some operation, which will be used in one of the
68 /// operation's operands. This either selects an instruction in \c Insts or
69 /// returns some new arbitrary Value.
70 Value *findOrCreateSource(BasicBlock &BB, ArrayRef<Instruction *> Insts);
71 /// Find a "source" for some operation, which will be used in one of the
72 /// operation's operands. This either selects an instruction in \c Insts that
73 /// matches \c Pred, or returns some new Value that matches \c Pred. The
74 /// values in \c Srcs should be source operands that have already been
75 /// selected.
76 Value *findOrCreateSource(BasicBlock &BB, ArrayRef<Instruction *> Insts,
77 ArrayRef<Value *> Srcs, fuzzerop::SourcePred Pred,
78 bool allowConstant = true);
79 /// Create some Value suitable as a source for some operation.
80 Value *newSource(BasicBlock &BB, ArrayRef<Instruction *> Insts,
81 ArrayRef<Value *> Srcs, fuzzerop::SourcePred Pred,
82 bool allowConstant = true);
83
84 enum SinkType {
85 /// TODO: Also consider pointers in function argument.
86 SinkToInstInCurBlock,
87 PointersInDominator,
88 InstInDominatee,
89 NewStore,
90 SinkToGlobalVariable,
91 EndOfValueSink,
92 };
93 /// Find a viable user for \c V in \c Insts, which should all be contained in
94 /// \c BB. This may also create some new instruction in \c BB and use that.
95 Instruction *connectToSink(BasicBlock &BB, ArrayRef<Instruction *> Insts,
96 Value *V);
97 /// Create a user for \c V in \c BB.
98 Instruction *newSink(BasicBlock &BB, ArrayRef<Instruction *> Insts, Value *V);
99 Value *findPointer(BasicBlock &BB, ArrayRef<Instruction *> Insts);
100 /// Return a uniformly choosen type from \c AllowedTypes
101 Type *randomType();
102 Function *createFunctionDeclaration(Module &M, uint64_t ArgNum);
103 Function *createFunctionDeclaration(Module &M);
104 Function *createFunctionDefinition(Module &M, uint64_t ArgNum);
105 Function *createFunctionDefinition(Module &M);
106};
107
108} // namespace llvm
109
110#endif // LLVM_FUZZMUTATE_RANDOMIRBUILDER_H
111