//===-- IRMutator.h - Mutation engine for fuzzing IR ------------*- C++ -*-===// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// // // Provides the IRMutator class, which drives mutations on IR based on a // configurable set of strategies. Some common strategies are also included // here. // // Fuzzer-friendly (de)serialization functions are also provided, as these // are usually needed when mutating IR. // //===----------------------------------------------------------------------===// #ifndef LLVM_FUZZMUTATE_IRMUTATOR_H #define LLVM_FUZZMUTATE_IRMUTATOR_H #include "llvm/FuzzMutate/OpDescriptor.h" #include "llvm/Support/ErrorHandling.h" #include <optional> namespace llvm { class BasicBlock; class Function; class Instruction; class Module; struct RandomIRBuilder; /// Base class for describing how to mutate a module. mutation functions for /// each IR unit forward to the contained unit. class IRMutationStrategy { … }; TypeGetter; /// Entry point for configuring and running IR mutations. class IRMutator { … }; /// Strategy that injects operations into the function. class InjectorIRStrategy : public IRMutationStrategy { … }; /// Strategy that deletes instructions when the Module is too large. class InstDeleterIRStrategy : public IRMutationStrategy { … }; /// Strategy that modifies instruction attributes and operands. class InstModificationIRStrategy : public IRMutationStrategy { … }; /// Strategy that generates new function calls and inserts function signatures /// to the modules. If any signatures are present in the module it will be /// called. class InsertFunctionStrategy : public IRMutationStrategy { … }; /// Strategy to split a random block and insert a random CFG in between. class InsertCFGStrategy : public IRMutationStrategy { … }; /// Strategy to insert PHI Nodes at the head of each basic block. class InsertPHIStrategy : public IRMutationStrategy { … }; /// Strategy to select a random instruction and add a new sink (user) to it to /// increate data dependency. class SinkInstructionStrategy : public IRMutationStrategy { … }; /// Strategy to randomly select a block and shuffle the operations without /// affecting data dependency. class ShuffleBlockStrategy : public IRMutationStrategy { … }; /// Fuzzer friendly interface for the llvm bitcode parser. /// /// \param Data Bitcode we are going to parse /// \param Size Size of the 'Data' in bytes /// \return New module or nullptr in case of error std::unique_ptr<Module> parseModule(const uint8_t *Data, size_t Size, LLVMContext &Context); /// Fuzzer friendly interface for the llvm bitcode printer. /// /// \param M Module to print /// \param Dest Location to store serialized module /// \param MaxSize Size of the destination buffer /// \return Number of bytes that were written. When module size exceeds MaxSize /// returns 0 and leaves Dest unchanged. size_t writeModule(const Module &M, uint8_t *Dest, size_t MaxSize); /// Try to parse module and verify it. May output verification errors to the /// errs(). /// \return New module or nullptr in case of error. std::unique_ptr<Module> parseAndVerify(const uint8_t *Data, size_t Size, LLVMContext &Context); } // namespace llvm #endif // LLVM_FUZZMUTATE_IRMUTATOR_H
Codebase Browser
llvm