From c278dada96d98310ce0bf2dc50b14c85f197568b Mon Sep 17 00:00:00 2001 From: Stefano Milizia Date: Wed, 2 Sep 2020 02:07:59 +0200 Subject: [PATCH] spirv-fuzz: Fix GetIdEquivalenceClasses (#3767) Pointer (if VariablePointers is enabled) to find sets of potential synonyms. However, some instructions with these types cannot be used in an OpPhi: - OpFunction cannot be used as a value - OpUndef should not be used, because it yields an undefined value for each use Fixes #3761. --- source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp | 9 +++++++++ test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp | 5 +++++ 2 files changed, 14 insertions(+) diff --git a/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp b/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp index 97adfb2409..88cc830fad 100644 --- a/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp +++ b/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp @@ -167,6 +167,15 @@ FuzzerPassAddOpPhiSynonyms::GetIdEquivalenceClasses() { continue; } + // Exclude OpFunction and OpUndef instructions, because: + // - OpFunction does not yield a value; + // - OpUndef yields an undefined value at each use, so it should never be a + // synonym of another id. + if (pair.second->opcode() == SpvOpFunction || + pair.second->opcode() == SpvOpUndef) { + continue; + } + // We need a new equivalence class for this id. std::set new_equivalence_class; diff --git a/test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp b/test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp index 9341b56d2f..39da98f646 100644 --- a/test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp +++ b/test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp @@ -76,6 +76,7 @@ std::string shader = R"( %5 = OpTypeBool %6 = OpConstantTrue %5 %7 = OpTypeInt 32 1 + %31 = OpTypeFunction %7 %8 = OpTypeInt 32 0 %9 = OpConstant %7 1 %10 = OpConstant %7 2 @@ -109,6 +110,10 @@ std::string shader = R"( %28 = OpLabel OpReturn OpFunctionEnd + %32 = OpFunction %7 None %31 + %33 = OpLabel + OpReturnValue %9 + OpFunctionEnd )"; TEST(FuzzerPassAddOpPhiSynonymsTest, HelperFunctions) {