spirv-fuzz: Fix GetIdEquivalenceClasses (#3767)

Pointer (if VariablePointers is enabled) to find sets of potential synonyms. However, some instructions with these types cannot be used in an OpPhi: - OpFunction cannot be used as a value - OpUndef should not be used, because it yields an undefined value for each use Fixes #3761.
KhronosGroup · Sep 2, 2020 · c278dad · c278dad
1 parent 7884684
commit c278dad
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp b/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp
@@ -167,6 +167,15 @@ FuzzerPassAddOpPhiSynonyms::GetIdEquivalenceClasses() {
       continue;
     }
 
+    // Exclude OpFunction and OpUndef instructions, because:
+    // - OpFunction does not yield a value;
+    // - OpUndef yields an undefined value at each use, so it should never be a
+    //   synonym of another id.
+    if (pair.second->opcode() == SpvOpFunction ||
+        pair.second->opcode() == SpvOpUndef) {
+      continue;
+    }
+
     // We need a new equivalence class for this id.
     std::set<uint32_t> new_equivalence_class;
 

diff --git a/test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp b/test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp
@@ -76,6 +76,7 @@ std::string shader = R"(
           %5 = OpTypeBool
           %6 = OpConstantTrue %5
           %7 = OpTypeInt 32 1
+         %31 = OpTypeFunction %7
           %8 = OpTypeInt 32 0
           %9 = OpConstant %7 1
          %10 = OpConstant %7 2
@@ -109,6 +110,10 @@ std::string shader = R"(
          %28 = OpLabel
                OpReturn
                OpFunctionEnd
+         %32 = OpFunction %7 None %31
+         %33 = OpLabel
+               OpReturnValue %9
+               OpFunctionEnd
 )";
 
 TEST(FuzzerPassAddOpPhiSynonymsTest, HelperFunctions) {