From 0afed924f07479eab2db93c214c18cf77b478b28 Mon Sep 17 00:00:00 2001
From: Stefano Milizia <stefanomil@google.com>
Date: Tue, 1 Sep 2020 16:51:04 +0200
Subject: [PATCH 1/2] Exclude OpFunction and OpUndef instructions when
 computing equivalence classes

---
 source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp    | 6 ++++++
 test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp b/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp
index 97adfb2409..7e75a1383f 100644
--- a/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp
+++ b/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp
@@ -167,6 +167,12 @@ FuzzerPassAddOpPhiSynonyms::GetIdEquivalenceClasses() {
       continue;
     }
 
+    // Exclude OpFunction and OpUndef instructions.
+    if (pair.second->opcode() == SpvOpFunction ||
+        pair.second->opcode() == SpvOpUndef) {
+      continue;
+    }
+
     // We need a new equivalence class for this id.
     std::set<uint32_t> new_equivalence_class;
 
diff --git a/test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp b/test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp
index 9341b56d2f..39da98f646 100644
--- a/test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp
+++ b/test/fuzz/fuzzer_pass_add_opphi_synonyms_test.cpp
@@ -76,6 +76,7 @@ std::string shader = R"(
           %5 = OpTypeBool
           %6 = OpConstantTrue %5
           %7 = OpTypeInt 32 1
+         %31 = OpTypeFunction %7
           %8 = OpTypeInt 32 0
           %9 = OpConstant %7 1
          %10 = OpConstant %7 2
@@ -109,6 +110,10 @@ std::string shader = R"(
          %28 = OpLabel
                OpReturn
                OpFunctionEnd
+         %32 = OpFunction %7 None %31
+         %33 = OpLabel
+               OpReturnValue %9
+               OpFunctionEnd
 )";
 
 TEST(FuzzerPassAddOpPhiSynonymsTest, HelperFunctions) {

From 2b50f78d4a551f46e7d10f14dcf36740b9244f9d Mon Sep 17 00:00:00 2001
From: Stefano Milizia <stefanomil@google.com>
Date: Tue, 1 Sep 2020 17:19:12 +0200
Subject: [PATCH 2/2] Add short explanation to comment

---
 source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp b/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp
index 7e75a1383f..88cc830fad 100644
--- a/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp
+++ b/source/fuzz/fuzzer_pass_add_opphi_synonyms.cpp
@@ -167,7 +167,10 @@ FuzzerPassAddOpPhiSynonyms::GetIdEquivalenceClasses() {
       continue;
     }
 
-    // Exclude OpFunction and OpUndef instructions.
+    // Exclude OpFunction and OpUndef instructions, because:
+    // - OpFunction does not yield a value;
+    // - OpUndef yields an undefined value at each use, so it should never be a
+    //   synonym of another id.
     if (pair.second->opcode() == SpvOpFunction ||
         pair.second->opcode() == SpvOpUndef) {
       continue;