diff options
| author | Igor Laevsky <igmyrj@gmail.com> | 2017-12-08 08:53:16 +0000 |
|---|---|---|
| committer | Igor Laevsky <igmyrj@gmail.com> | 2017-12-08 08:53:16 +0000 |
| commit | 76b36d3a7f4237e2b923c532e9c350202a0c78b4 (patch) | |
| tree | 98a1e4a98f2ea37f87488d0a7a11f0a931c59f48 | |
| parent | feed26ff07b77e89e810dcef8fff72efbad846f3 (diff) | |
| download | bcm5719-llvm-76b36d3a7f4237e2b923c532e9c350202a0c78b4.tar.gz bcm5719-llvm-76b36d3a7f4237e2b923c532e9c350202a0c78b4.zip | |
[FuzzMutate] Correctly insert sinks and sources around invoke instructions
Differential Revision: https://reviews.llvm.org/D40840
llvm-svn: 320136
| -rw-r--r-- | llvm/lib/FuzzMutate/RandomIRBuilder.cpp | 9 | ||||
| -rw-r--r-- | llvm/unittests/FuzzMutate/RandomIRBuilderTest.cpp | 36 |
2 files changed, 44 insertions, 1 deletions
diff --git a/llvm/lib/FuzzMutate/RandomIRBuilder.cpp b/llvm/lib/FuzzMutate/RandomIRBuilder.cpp index 7dfe4c63e0b..e3303cf3cac 100644 --- a/llvm/lib/FuzzMutate/RandomIRBuilder.cpp +++ b/llvm/lib/FuzzMutate/RandomIRBuilder.cpp @@ -51,8 +51,10 @@ Value *RandomIRBuilder::newSource(BasicBlock &BB, ArrayRef<Instruction *> Insts, if (Ptr) { // Create load from the chosen pointer auto IP = BB.getFirstInsertionPt(); - if (auto *I = dyn_cast<Instruction>(Ptr)) + if (auto *I = dyn_cast<Instruction>(Ptr)) { IP = ++I->getIterator(); + assert(IP != BB.end() && "guaranteed by the findPointer"); + } auto *NewLoad = new LoadInst(Ptr, "L", &*IP); // Only sample this load if it really matches the descriptor @@ -133,6 +135,11 @@ Value *RandomIRBuilder::findPointer(BasicBlock &BB, ArrayRef<Instruction *> Insts, ArrayRef<Value *> Srcs, SourcePred Pred) { auto IsMatchingPtr = [&Srcs, &Pred](Instruction *Inst) { + // Invoke instructions sometimes produce valid pointers but currently + // we can't insert loads or stores from them + if (isa<TerminatorInst>(Inst)) + return false; + if (auto PtrTy = dyn_cast<PointerType>(Inst->getType())) // TODO: Check if this is horribly expensive. return Pred.matches(Srcs, UndefValue::get(PtrTy->getElementType())); diff --git a/llvm/unittests/FuzzMutate/RandomIRBuilderTest.cpp b/llvm/unittests/FuzzMutate/RandomIRBuilderTest.cpp index 7d69bda91cc..cd0b96bf859 100644 --- a/llvm/unittests/FuzzMutate/RandomIRBuilderTest.cpp +++ b/llvm/unittests/FuzzMutate/RandomIRBuilderTest.cpp @@ -200,4 +200,40 @@ TEST(RandomIRBuilderTest, InsertValueArray) { } } +TEST(RandomIRBuilderTest, Invokes) { + // Check that we never generate load or store after invoke instruction + + LLVMContext Ctx; + const char *SourceCode = + "declare i32* @f()" + "declare i32 @personality_function()" + "define i32* @test() personality i32 ()* @personality_function {\n" + "entry:\n" + " %val = invoke i32* @f()\n" + " to label %normal unwind label %exceptional\n" + "normal:\n" + " ret i32* %val\n" + "exceptional:\n" + " %landing_pad4 = landingpad token cleanup\n" + " ret i32* undef\n" + "}"; + auto M = parseAssembly(SourceCode, Ctx); + + + std::vector<Type *> Types = {Type::getInt8Ty(Ctx)}; + RandomIRBuilder IB(Seed, Types); + + // Get first basic block of the test function + Function &F = *M->getFunction("test"); + BasicBlock &BB = *F.begin(); + + Instruction *Invoke = &*BB.begin(); + + // Find source but never insert new load after invoke + for (int i = 0; i < 10; ++i) { + (void)IB.findOrCreateSource(BB, {Invoke}, {}, fuzzerop::anyIntType()); + ASSERT_TRUE(!verifyModule(*M, &errs())); + } +} + } |
