spirv-fuzz: Handle invalid ids in fact manager#3742
Merged
afd merged 2 commits intoKhronosGroup:masterfrom Sep 15, 2020
Merged
Conversation
Vasniktel
commented
Aug 24, 2020
055e30e to
a35a601
Compare
afd
suggested changes
Sep 2, 2020
Contributor
afd
left a comment
There was a problem hiding this comment.
This is a really important issue for us to fix, and as it's a bit unclear how best to proceed I think it's really important we have a simple PR for the proposed fix, with a test case that exposes the problem.
I thus wonder whether you could:
(a) do a separate PR containing all the changes here that are about cleaning up data_synonym_and_id_equation_facts (those changes look good, but I wasn't sure which were related to the fix)
(b) turn this into a smaller PR that just contributes the fix, and also contributes a test case that exposes the problem. But could the test case expose the problem by applying some transformations, not by killing an instruction? For example I think you said that block merging can lead to OpPhi instructions disappearing; could you write a test based on that?
a35a601 to
3f086b8
Compare
Collaborator
Author
|
@afd, I've updated the description. Regarding the points mentioned in your previous comment:
Let me know if you need any clarification. |
dneto0
pushed a commit
to dneto0/SPIRV-Tools
that referenced
this pull request
Sep 14, 2024
Roll third_party/glslang/ 517f39e..142cb87 (35 commits) KhronosGroup/glslang@517f39e...142cb87 $ git log 517f39e..142cb87 --date=short --no-merges --format='%ad %ae %s' 2020-10-23 rex.xu HLSL: Add support for printf(). 2020-10-21 bclayton Fix GN build and presubmits 2020-10-20 john SPV: Update to the latest SPIR-V header, includes variable-rate shading 2020-07-02 laddoc Add GL_EXT_fragment_shading_rate 2020-10-20 bclayton Kokoro: Add configurations for GN presubmit 2020-10-19 bclayton Fix uninitialized use of TIntermediate::resource (KhronosGroup#2424) 2020-10-16 bclayton Add GN build instructions to README.md 2020-10-16 bclayton Add basic GN configurations 2020-10-12 hwguy.siplus SPIR-V: Remove SpvTools.h include from disassemble.cpp (KhronosGroup#2417) 2020-10-12 rverschelde Remove executable bits from code/data files (KhronosGroup#2420) 2020-10-07 dneto Add test case for read-only storage texture passed to helper function (KhronosGroup#2414) 2020-10-07 8729214+jonahryandavis Disable -Wno-conversion on MSVC compiler (KhronosGroup#2410) 2020-10-05 cepheus Revert "Add new SpirvToolsDisassemble API interface + Improve Doc on existing API interface (KhronosGroup#2408)" 2020-10-05 dev Add new SpirvToolsDisassemble API interface + Improve Doc on existing API interface (KhronosGroup#2408) 2020-09-27 cepheus Revert "Add more flexible SpirvToolsDisassemble interface to allow specifying spv_target_env for disassembly output. (KhronosGroup#2406)" 2020-09-27 dev Add more flexible SpirvToolsDisassemble interface to allow specifying spv_target_env for disassembly output. (KhronosGroup#2406) 2020-09-26 cstout [spirv-remap] Fix undefined behavior in hashing (KhronosGroup#2403) 2020-09-26 cstout [Wconversion] Suppress glslang issue (KhronosGroup#2404) 2020-09-24 greg Update spirv-tools and spirv-headers known goods (KhronosGroup#2401) 2020-09-18 rex.xu SPIRV: Add more utility functions to build some opcodes (KhronosGroup#2398) 2020-09-15 laddoc Preprocessor related issue fix (KhronosGroup#2378) 2020-09-14 rex.xu SPIRV: Add disassembly support for multiple literal strings (KhronosGroup#2397) 2020-09-14 laddoc Fix scope definition in ES 100. (KhronosGroup#2379) 2020-09-14 john Fix KhronosGroup#2385: guard against constant_id on non-const. 2020-09-12 shuizhuyuanluo Try to find python interpreter from host first 2020-09-11 ShabbyX Allow subpassLoad for ANGLE 2020-09-09 greg Add texture sample to nonuniform test 2020-09-08 greg Add buffer store to nonuniform tests 2020-09-03 bas SPV: Add NonUniform decoration for constructors. 2020-09-03 bas SPV: Add NonUniform decoration for OpImages created during lowering. 2020-08-24 bas SPV: Add NonUniform decorations for stores. 2020-09-08 tobias.hector Added missing copyright amendment 2020-09-07 rex.xu SPIRV: Fix some disassembly issues 2020-09-03 tobias.hector Error when initializing rayQuery with assignment 2020-09-02 rex.xu Parser: Fix wrong names of extension macros Created with: roll-dep third_party/glslang Roll third_party/googletest/ df6b75949..282877317 (41 commits) google/googletest@df6b759...2828773 $ git log df6b75949..282877317 --date=short --no-merges --format='%ad %ae %s' 2020-10-27 absl-team Googletest export 2020-10-26 absl-team Googletest export 2020-10-20 sonzogniarthur Fix typo "definedin in" => "defined in" 2020-10-15 absl-team Googletest export 2020-10-15 absl-team Googletest export 2020-10-15 dmauro Googletest export 2020-10-14 absl-team Googletest export 2020-10-14 dmauro Googletest export 2020-10-14 dmauro Googletest export 2020-10-14 absl-team Googletest export 2020-10-14 dmauro Googletest export 2020-10-14 absl-team Googletest export 2020-10-13 dmauro Googletest export 2020-10-13 dmauro Googletest export 2020-10-13 absl-team Googletest export 2020-10-13 absl-team Googletest export 2020-10-09 ofats Googletest export 2020-10-09 absl-team Googletest export 2020-10-08 absl-team Googletest export 2020-10-12 peternewman Fix a typo 2020-10-07 manavrion Improve FilePath::Normalize method 2020-10-07 pravin1992 Issue 2135: Change template args in NiceMock, NaggyMock and StrictMock from A1, A2, ... to TArg1, TArg2,... to avoid clash with legacy header files 2020-09-29 absl-team Googletest export 2020-10-01 63450189+ranodeepbanerjee A slight Gramatical change. 2020-09-29 dmauro Googletest export 2020-09-29 absl-team Googletest export 2020-09-25 absl-team Googletest export 2020-09-27 56075233+keshavgbpecdelhi Update cook_book.md 2020-09-23 absl-team Googletest export 2020-09-23 absl-team Googletest export 2020-09-21 absl-team Googletest export 2020-09-24 thomas.barbier Fix warning maybe-uninitialized 2020-09-18 absl-team Googletest export 2020-09-17 absl-team Googletest export 2020-09-18 63900998+JethroSama Update README.md, added missing 'a' 2020-09-08 absl-team Googletest export 2020-09-02 dmauro Googletest export 2020-09-01 absl-team Googletest export 2020-09-01 absl-team Googletest export 2020-08-25 27jf Add timestamp to in old method mock macro guide 2020-05-05 igor.n.nazarenko Detect proto messages based on presense of DebugString. Created with: roll-dep third_party/googletest Roll third_party/re2/ ca11026a0..166dbbeb3 (25 commits) google/re2@ca11026...166dbbe $ git log ca11026a0..166dbbeb3 --date=short --no-merges --format='%ad %ae %s' 2020-10-26 junyer Fix symbol visibility and add test coverage. 2020-10-13 junyer Get the conditional right this time. Sigh. 2020-10-13 junyer Don't support ParseFrom() on MSVC. It can cause ICEs. 2020-10-09 junyer Ensure that RE2::Arg works even with overloaded ParseFrom(). 2020-10-08 junyer Refactor the RE2::Arg templates for readability. 2020-10-07 junyer Rename namespace internal to namespace re2_internal. 2020-10-07 junyer Address `-Wunused-parameter' warnings. 2020-10-07 junyer Add missing #include. Mea culpa. 2020-10-07 junyer Rework RE2::Arg with templates instead of macros. 2020-10-06 junyer Write `typename' in templates rather than `class'. 2020-09-27 junyer Fix some indentation. 2020-09-27 junyer Set BAZELISK_GITHUB_TOKEN. 2020-09-25 junyer Point to the official Python wrapper. 2020-09-25 junyer Disable fail-fast in GitHub Actions. 2020-09-25 junyer Fix a template that will break with GCC 11.x. 2020-09-22 junyer Try to use the Clang packages instead. 2020-09-22 junyer Try to make the Clang containers work. 2020-09-22 junyer Configure a build matrix for Clang using containers. 2020-09-22 junyer Address `-Wclass-memaccess' warnings from GCC 10.x. 2020-09-22 junyer Configure a build matrix for GCC using containers. 2020-09-22 junyer Migrate from Kokoro to GitHub Actions for Bazel. 2020-09-22 junyer Migrate from Kokoro to GitHub Actions for CMake. 2020-09-22 junyer Remove Travis CI configuration. 2020-09-22 junyer Initial GitHub Actions CI configuration. 2020-09-22 junyer Improve the comments for RE2::FullMatch() et al. Created with: roll-dep third_party/re2 Roll third_party/spirv-headers/ 3fdabd0..7845730 (7 commits) KhronosGroup/SPIRV-Headers@3fdabd0...7845730 $ git log 3fdabd0..7845730 --date=short --no-merges --format='%ad %ae %s' 2020-10-23 john Bump revision to 4, for SPIR-V 1.5. 2020-10-19 TobyHector Add SPV_EXT_shader_image_int64 (KhronosGroup#170) 2020-10-19 TobyHector Added SPV_KHR_fragment_shading_rate (KhronosGroup#172) 2020-10-12 hwguy.siplus Register the Xenia emulator as a generator (KhronosGroup#171) 2020-09-27 atyuwen Register the Messiah SPIR-V CodeGen (KhronosGroup#169) 2020-09-10 syoussefi Register the ANGLE compiler (KhronosGroup#168) 2020-09-08 cepheus Rebuild of latest headers, which slightly moves OpTerminateInvocation Created with: roll-dep third_party/spirv-headers Roll third_party/spirv-tools/ 8a0ebd4..f7da527 (138 commits) KhronosGroup/SPIRV-Tools@8a0ebd4...f7da527 $ git log 8a0ebd4..f7da527 --date=short --no-merges --format='%ad %ae %s' 2020-10-30 jaebaek Temporarily add EmptyPass to prevent glslang from failing (KhronosGroup#4004) 2020-10-30 Junda.Liu spirv-opt: Add support to prevent functions from being inlined if they have DontInline flag (KhronosGroup#3858) 2020-10-29 jaebaek Propagate OpLine to all applied instructions in spirv-opt (KhronosGroup#3951) 2020-10-29 bclayton CMake: Add SPIRV_TOOLS_BUILD_STATIC flag (KhronosGroup#3910) 2020-10-29 dneto Avoid copying a ref in a loop (KhronosGroup#4000) 2020-10-28 justsid spirv-val: Allow the ViewportIndex and Layer built-ins on SPIR-V 1.5 (KhronosGroup#3986) 2020-10-28 dnovillo Simplify logic to decide whether CCP modified the IR (KhronosGroup#3997) 2020-10-27 jaebaek Add DebugValue for DebugDecl invisible to value assignment (KhronosGroup#3973) 2020-10-26 greg Fix bounds check instrumentation to handle 16-bit values (KhronosGroup#3983) 2020-10-23 andreperezmaselco.developer spirv-fuzz: Add expand vector reduction transformation (KhronosGroup#3869) 2020-10-23 vasniktel spirv-fuzz: Don't replace irrelevant indices in OpAccessChain (KhronosGroup#3988) 2020-10-23 vasniktel spirv-fuzz: Add FuzzerPassAddCompositeExtract (KhronosGroup#3904) 2020-10-22 afdx spirv-fuzz: Fix mismatch with shrinker step limit (KhronosGroup#3985) 2020-10-22 afdx spirv-fuzz: Fix off-by-one error in replayer (KhronosGroup#3982) 2020-10-22 afdx spirv-fuzz: Get order right for OpSelect arguments (KhronosGroup#3974) 2020-10-22 afdx spirv-fuzz: Do not add synonym-creating loops in dead blocks (KhronosGroup#3975) 2020-10-22 afdx spirv-fuzz: Skip OpTypeSampledImage when propagating up (KhronosGroup#3976) 2020-10-22 afdx spirv-fuzz: Pass OpUndef in function call if needed (KhronosGroup#3978) 2020-10-22 afdx spirv-fuzz: Fix off-by-one in TransformationCompositeConstruct (KhronosGroup#3979) 2020-10-22 afdx spirv-fuzz: Tolerate absent ids in data synonym fact management (KhronosGroup#3966) 2020-10-21 afdx spirv-fuzz: Fix to id availability (KhronosGroup#3971) 2020-10-21 afdx spirv-fuzz: Fix operand types (KhronosGroup#3962) 2020-10-21 8729214+jonahryandavis Update SPIRV-Headers revision in DEPS file (KhronosGroup#3961) 2020-10-21 afdx spirv-fuzz: Don't flatten conditional if condition is irrelevant (KhronosGroup#3944) 2020-10-21 afdx spirv-fuzz: Do not produce OpPhis of type OpTypeSampledImage (KhronosGroup#3964) 2020-10-21 afdx spirv-fuzz: Restrict fuzzer pass to reachable blocks (KhronosGroup#3970) 2020-10-21 afdx spirv-fuzz: Handle more types when extending OpPhi instructions (KhronosGroup#3969) 2020-10-21 afdx spirv-fuzz: Skip early terminator wrappers when merging returns (KhronosGroup#3968) 2020-10-21 afdx spirv-fuzz: Avoid irrelevant constants in synonym-creating loops (KhronosGroup#3967) 2020-10-21 afdx spirv-fuzz: Skip dead blocks in FuzzerPassAddOpPhiSynonyms (KhronosGroup#3965) 2020-10-21 afdx spirv-fuzz: Avoid the type manager when looking for struct types (KhronosGroup#3963) 2020-10-20 afdx spirv-fuzz: Fix to TransformationDuplicateRegionWithSelection (KhronosGroup#3941) 2020-10-20 afdx spirv-fuzz: Skip OpFunction when replacing irrelevant ids (KhronosGroup#3932) 2020-10-20 afdx spirv-fuzz: Use component-wise selectors when flattening conditional branches (KhronosGroup#3921) 2020-10-20 TobyHector Add SPV_EXT_shader_image_int64 (KhronosGroup#3852) 2020-10-20 TobyHector Support SPV_KHR_fragment_shading_rate (KhronosGroup#3943) 2020-10-19 afdx spirv-val: Fix validation of OpPhi instructions (KhronosGroup#3919) 2020-10-19 afdx spirv-fuzz: Avoid void struct member when outlining functions (KhronosGroup#3936) 2020-10-19 afdx spirv-fuzz: Do not allow Block-decorated structs when adding parameters (KhronosGroup#3931) 2020-10-19 afdx spirv-fuzz: Fix to operand id type (KhronosGroup#3937) 2020-10-19 afdx spirv-fuzz: Handle dead blocks in TransformationEquationInstruction (KhronosGroup#3933) 2020-10-19 afdx spirv-fuzz: Do not allow sampled image load when flattening conditionals (KhronosGroup#3930) 2020-10-19 afdx spirv-fuzz: Take care of OpPhi instructions when inlining (KhronosGroup#3939) 2020-10-16 afdx spirv-fuzz: Fix to TransformationInlineFunction (KhronosGroup#3913) 2020-10-16 afdx spirv-fuzz: Wrap early terminators before merging returns (KhronosGroup#3925) 2020-10-16 jaebaek Add DebugValue for function param regardless of scope (KhronosGroup#3923) 2020-10-16 afdx Temporary fix to make GoogleTest compile. (KhronosGroup#3922) 2020-10-15 afdx spirv-fuzz: Lower probability of adding bit instruction synonyms (KhronosGroup#3917) 2020-10-15 afdx spirv-fuzz: Fix handling of OpPhi in FlattenConditionalBranch (KhronosGroup#3916) 2020-10-13 afdx spirv-fuzz: Avoid creating blocks without parents (KhronosGroup#3908) (...) 2020-09-24 ehsannas Start SPIRV-Tools v2020.6 2020-09-24 ehsannas Finalize SPIRV-Tools v2020.5 2020-09-24 ehsannas Update CHANGES 2020-09-24 vasniktel spirv-fuzz: Support dead blocks in TransformationAddSynonym (KhronosGroup#3832) 2020-09-24 vasniktel spirv-fuzz: Move IRContext parameter into constructor (KhronosGroup#3837) 2020-09-24 Simran-B Add missing backticks around <result-id> (KhronosGroup#3840) 2020-09-23 rharrison Validate SPIRV Version number when parsing binary header (KhronosGroup#3834) 2020-09-23 stefanomil spirv-fuzz: Create synonym of int constant using a loop (KhronosGroup#3790) 2020-09-22 58573781+richard-lunarg Fix compiler error on macOS with XCode12 (KhronosGroup#3836) 2020-09-22 vasniktel spirv-fuzz: Handle OpPhis in TransformationInlineFunction (KhronosGroup#3833) 2020-09-22 stevenperron Update CHANGES 2020-09-22 afdx spirv-fuzz: Refactor fuzzer, replayer and shrinker (KhronosGroup#3818) 2020-09-18 afdx spirv-fuzz: Add pass recommendations (KhronosGroup#3757) 2020-09-18 stefanomil spirv-fuzz: Consider all ids from dead blocks irrelevant (KhronosGroup#3795) 2020-09-18 afdx Fix header guard macros (KhronosGroup#3811) 2020-09-18 antonikarp spirv-fuzz: Fix TransformationDuplicateRegionWithSelection (KhronosGroup#3815) 2020-09-17 46493288+sfricke-samsung spirv-val: Add DeviceIndex (KhronosGroup#3812) 2020-09-16 rharrison Fix missed modification flagging (KhronosGroup#3814) 2020-09-16 andreperezmaselco.developer spirv-fuzz: Use an irrelevant id for the unused components (KhronosGroup#3810) 2020-09-16 stefanomil spirv-fuzz: Improvements to random number generation (KhronosGroup#3809) 2020-09-16 greg Add buffer oob check to bindless instrumentation (KhronosGroup#3800) 2020-09-16 vasniktel spirv-fuzz: Remove CanFindOrCreateZeroConstant (KhronosGroup#3807) 2020-09-15 andreperezmaselco.developer spirv-fuzz: Add bit instruction synonym transformation (KhronosGroup#3775) 2020-09-16 vasniktel spirv-fuzz: Skip unreachable blocks (KhronosGroup#3729) 2020-09-15 afdx Fix build errors (KhronosGroup#3804) 2020-09-15 vasniktel spirv-fuzz: Handle invalid ids in fact manager (KhronosGroup#3742) 2020-09-15 vasniktel spirv-fuzz: Support memory instructions MoveInstructionDown (KhronosGroup#3700) 2020-09-15 stefanomil spirv-fuzz: Pass submanagers to other submanagers when necessary (KhronosGroup#3796) 2020-09-15 stefanomil spirv-fuzz: Transformation to flatten conditional branch (KhronosGroup#3667) 2020-09-14 46493288+sfricke-samsung spirv-val: Add BaseInstance, BaseVertex, DrawIndex, and ViewIndex (KhronosGroup#3782) 2020-09-14 dnovillo Properly mark IR changed if instruction folder creates more than one constant. (KhronosGroup#3799) 2020-09-11 afdx Add missing file to BUILD.gn (KhronosGroup#3798) 2020-09-11 antonikarp spirv-fuzz: Add TransformationDuplicateRegionWithSelection (KhronosGroup#3773) 2020-09-11 afdx spirv-reduce: Support reducing a specific function (KhronosGroup#3774) 2020-09-10 afdx spirv-reduce: Refactoring (KhronosGroup#3793) 2020-09-10 afdx Favour 'integrity' over 'coherence' as a replacement for 'sanity'. (KhronosGroup#3619) 2020-09-10 antonikarp spirv-fuzz: Fix header guards in transformations/fuzzer passes (KhronosGroup#3784) 2020-09-10 paulthomson spirv-fuzz: Add SPIRV_FUZZ_PROTOC_COMMAND (KhronosGroup#3789) 2020-09-10 paulthomson Add missing include (KhronosGroup#3788) 2020-09-09 paulthomson Improve spirv-fuzz CMake code (KhronosGroup#3781) 2020-09-08 stevenperron Allow SPV_KHR_8bit_storage extension. (KhronosGroup#3780) 2020-09-08 stefanomil spirv-opt: Add function to compute nesting depth of a block (KhronosGroup#3771) 2020-09-03 stefanomil spirv-fuzz: Transformation to convert OpSelect to conditional branch (KhronosGroup#3681) 2020-09-02 46493288+sfricke-samsung spirv-val: Add Vulkan VUID labels to BuiltIn (KhronosGroup#3756) 2020-09-02 vasniktel spirv-fuzz: Add support for BuiltIn decoration (KhronosGroup#3736) 2020-09-02 stefanomil spirv-fuzz: Fix GetIdEquivalenceClasses (KhronosGroup#3767) 2020-09-02 stefanomil spirv-fuzz: Replace id in OpPhi coming from a dead predecessor (KhronosGroup#3744) 2020-09-01 stefanomil spirv-fuzz: Transformation to replace the use of an irrelevant id (KhronosGroup#3697) 2020-09-01 vasniktel spirv-fuzz: TransformationMutatePointer (KhronosGroup#3737) 2020-09-01 stefanomil spirv-fuzz: Compute interprocedural loop nesting depth of blocks (KhronosGroup#3753) Created with: roll-dep third_party/spirv-tools
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #3741.
This PR fixes two bugs:
SPIRV-Tools/source/fuzz/fuzzer_util.cpp
Lines 574 to 576 in 4c239bd
result_iddoesn't exist in the module. The bug is triggered inSPIRV-Tools/source/fuzz/fact_manager/data_synonym_and_id_equation_facts.cpp
Line 290 in 4c239bd
representative->object()doesn't exist in the module. This can happen in certain cases if we applyTransformationMergeBlocksfirst.SPIRV-Tools/source/fuzz/fact_manager/data_synonym_and_id_equation_facts.cpp
Line 769 in 4c239bd
SPIRV-Tools/source/fuzz/fact_manager/data_synonym_and_id_equation_facts.cpp
Line 772 in 4c239bd
dd1.object()ordd2.object()doesn't exist in the module. This can happen whenAddDataSynonymFactRecursiveis called recursively fromComputeConversionDataSynonymFacts. This bug is described in spirv-fuzz: The fact manager doesn't handle invalid ids #3741.