spirv-fuzz: Segmentation fault in FuzzerPassInterchangeZeroLikeConstants::FindOrCreateToggledConstant

[andreperezmaselco]

Program received signal SIGSEGV, Segmentation fault.
0x0000555555daae30 in
spvtools::fuzz::FuzzerPassInterchangeZeroLikeConstants::FindOrCreateToggledConstant
at source/fuzz/fuzzer_pass_interchange_zero_like_constants.cpp:41

Debugging spirv-fuzz, I found that the segmentation fault is caused because FindDeclaredConstant returns a null pointer that is used to call a function.

auto constant = GetIRContext()->get_constant_mgr()->FindDeclaredConstant(declaration->result_id());

if (!constant->IsZero()) {
  return 0;
}

declaration is %10 = OpSpecConstant %5 1, but opt::analysis::ConstantManager does not support OpSpecConstant.

[paulthomson]

FuzzerPassInterchangeSignednessOfIntegerOperands and FuzzerPassInterchangeZeroLikeConstants both included specialization constants when trying to find integer constants with known values. However, this is incorrect behavior because we do not know the value of specialization constants. Furthermore, ConstantManager does not support them, and this led to crashes where we assumed we could look up specialization constants via the ConstantManager.