1 //===-- Mutator.h - Utils for randomly mutation IR --------------*- C++ -*-===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // Provides the Mutator class, which is used to mutate IR for fuzzing. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #ifndef LLVM_FUZZMUTATE_RANDOMIRBUILDER_H 15 #define LLVM_FUZZMUTATE_RANDOMIRBUILDER_H 16 17 #include "llvm/ADT/SmallPtrSet.h" 18 #include "llvm/FuzzMutate/IRMutator.h" 19 #include "llvm/FuzzMutate/Random.h" 20 #include <random> 21 22 namespace llvm { 23 24 using RandomEngine = std::mt19937; 25 26 struct RandomIRBuilder { 27 RandomEngine Rand; 28 SmallVector<Type *, 16> KnownTypes; 29 30 RandomIRBuilder(int Seed, ArrayRef<Type *> AllowedTypes) 31 : Rand(Seed), KnownTypes(AllowedTypes.begin(), AllowedTypes.end()) {} 32 33 // TODO: Try to make this a bit less of a random mishmash of functions. 34 35 /// Find a "source" for some operation, which will be used in one of the 36 /// operation's operands. This either selects an instruction in \c Insts or 37 /// returns some new arbitrary Value. 38 Value *findOrCreateSource(BasicBlock &BB, ArrayRef<Instruction *> Insts); 39 /// Find a "source" for some operation, which will be used in one of the 40 /// operation's operands. This either selects an instruction in \c Insts that 41 /// matches \c Pred, or returns some new Value that matches \c Pred. The 42 /// values in \c Srcs should be source operands that have already been 43 /// selected. 44 Value *findOrCreateSource(BasicBlock &BB, ArrayRef<Instruction *> Insts, 45 ArrayRef<Value *> Srcs, fuzzerop::SourcePred Pred); 46 /// Create some Value suitable as a source for some operation. 47 Value *newSource(BasicBlock &BB, ArrayRef<Instruction *> Insts, 48 ArrayRef<Value *> Srcs, fuzzerop::SourcePred Pred); 49 /// Find a viable user for \c V in \c Insts, which should all be contained in 50 /// \c BB. This may also create some new instruction in \c BB and use that. 51 void connectToSink(BasicBlock &BB, ArrayRef<Instruction *> Insts, Value *V); 52 /// Create a user for \c V in \c BB. 53 void newSink(BasicBlock &BB, ArrayRef<Instruction *> Insts, Value *V); 54 Value *findPointer(BasicBlock &BB, ArrayRef<Instruction *> Insts, 55 ArrayRef<Value *> Srcs, fuzzerop::SourcePred Pred); 56 Type *chooseType(LLVMContext &Context, ArrayRef<Value *> Srcs, 57 fuzzerop::SourcePred Pred); 58 }; 59 60 } // end llvm namespace 61 62 #endif // LLVM_FUZZMUTATE_RANDOMIRBUILDER_H 63