This is an archive of the discontinued LLVM Phabricator instance.

[FuzzMutate] RandomIRBuilder has more source and sink type now.
ClosedPublic

Authored by Peter on Dec 12 2022, 7:04 PM.

Details

Summary

Source and Sink are required when generating a new instruction.
(Term defined by previous author, in LLVM terms it's probably Use and User.)
Previously, only instructions in the same block is considered when taking source and sink.

In this patch, more source and sink types are considered.
For source, we have SrcFromInstInCurBlock, FunctionArgument, InstInDominator, SrcFromGlobalVariable, and NewConstOrStack.
For sink, we have SinkToInstInCurBlock, PointersInDominator, InstInDominatee, NewStore, and SinkToGlobalVariable.

A unit test to make sure source always dominates an instruction, and the instruction always dominates the sink is included.

Diff Detail

Event Timeline

Peter created this revision.Dec 12 2022, 7:04 PM
Herald added a project: Restricted Project. · View Herald TranscriptDec 12 2022, 7:04 PM
Peter requested review of this revision.Dec 12 2022, 7:04 PM
Herald added a project: Restricted Project. · View Herald TranscriptDec 12 2022, 7:04 PM
Peter updated this revision to Diff 482340.Dec 12 2022, 7:07 PM

add comment for new functions

arsenm requested changes to this revision.Dec 12 2022, 7:08 PM
arsenm added inline comments.
llvm/include/llvm/FuzzMutate/RandomIRBuilder.h
46–48 ↗(On Diff #482338)

return std::pair instead of using bool out argument?

llvm/lib/FuzzMutate/RandomIRBuilder.cpp
63 ↗(On Diff #482338)

Alloca address space, not program

96 ↗(On Diff #482338)

Should use datalayout's default global address space

134 ↗(On Diff #482338)

With the range do you really need to make the args vector? If so you can just initialize with Args(F->arg_begin(), F->arg_end())

176 ↗(On Diff #482338)

No else after return

This revision now requires changes to proceed.Dec 12 2022, 7:08 PM
Peter updated this revision to Diff 482712.Dec 13 2022, 9:41 PM
Peter marked 3 inline comments as done.Dec 13 2022, 9:41 PM

Use pair for return type

llvm/lib/FuzzMutate/RandomIRBuilder.cpp
134 ↗(On Diff #482338)

What's annoying about built in ranges is that they are ranges of references, which a) can be used to initialize a pointer vector and b) causes a ton of type conversion and use of copy constructor issues.

176 ↗(On Diff #482338)

Do you mean we don't need to remove the newly created Global Variable, even if we didn't use it? I am worried the random module will be filled with them pretty soon...

Peter updated this revision to Diff 482716.Dec 13 2022, 9:58 PM

no else after return

Peter marked an inline comment as done.Dec 13 2022, 9:59 PM
Peter added inline comments.
llvm/lib/FuzzMutate/RandomIRBuilder.cpp
176 ↗(On Diff #482338)

nvm, thanks for pointing out.

arsenm requested changes to this revision.Dec 22 2022, 5:26 AM
arsenm added inline comments.
llvm/lib/FuzzMutate/RandomIRBuilder.cpp
42 ↗(On Diff #482716)

You shouldn't need this template stuff, you're operating directly on IR with the IR version of the tree?

129 ↗(On Diff #482716)

SmallVector

176 ↗(On Diff #482716)

use_empty

317 ↗(On Diff #482716)

Shouldn't bother handling typed pointers?

342 ↗(On Diff #482716)

Dead break

353 ↗(On Diff #482716)

Extra ;

llvm/unittests/FuzzMutate/RandomIRBuilderTest.cpp
238

I think there is an ASSERT_NE

This revision now requires changes to proceed.Dec 22 2022, 5:26 AM
Peter marked 7 inline comments as done.Dec 26 2022, 3:59 PM
Peter added inline comments.
llvm/lib/FuzzMutate/RandomIRBuilder.cpp
42 ↗(On Diff #482716)

Ah yes. The template is there just in case I need PostDominatorTree. I can add it back when I need it in the future.

317 ↗(On Diff #482716)

I'm sorry I don't fully understand. What do you mean we shouldn't handle typed pointers? Since we have no knowledge what we are mutating on, I think we should consider the possibility that the pointer is typed.

Peter updated this revision to Diff 485319.Dec 26 2022, 3:59 PM
Peter marked an inline comment as done.

Update

arsenm added inline comments.Jan 4 2023, 5:49 AM
llvm/include/llvm/FuzzMutate/RandomIRBuilder.h
21–29 ↗(On Diff #485319)

clang-format should sort these alphabetically for you

llvm/lib/FuzzMutate/RandomIRBuilder.cpp
127 ↗(On Diff #485319)

Use default size, or something larger

128 ↗(On Diff #485319)

Args(F.args()) or Args(F.arg_begin, F.arg_end()) should work to do this in the constructor

345 ↗(On Diff #485319)

dead break

llvm/unittests/FuzzMutate/RandomIRBuilderTest.cpp
238

Don't see why this needs to be ASSERT, and not EXPECT

319

Try adding some vector, pointer, FP, and aggregate types?

Peter updated this revision to Diff 487120.Jan 7 2023, 2:00 PM
Peter marked 6 inline comments as done.

update unit tests.
mod code style.

Peter marked an inline comment as done.Jan 7 2023, 2:00 PM
Peter added inline comments.
llvm/lib/FuzzMutate/RandomIRBuilder.cpp
128 ↗(On Diff #485319)

As we have discussed before, both methods you mentioned gives a reference range. While makeSampler down below doesn't work well with references as it declared std::remove_reference_t, implicitly calling a copy constructor when sampling.

Peter added a comment.Jan 11 2023, 4:44 PM

@arsenm Hey Matt does these changes look to you?

Peter updated this revision to Diff 505391.Mar 15 2023, 1:23 AM

Fix a bug when we call Initializer of a GV, it may not have one.

We use it's type to construct a UndefValue now.

Peter added a comment.Mar 28 2023, 5:28 AM

@arsenm Hi Matt, Would you mind spend some time and review this patch?

arsenm added inline comments.Mar 31 2023, 2:08 PM
llvm/lib/FuzzMutate/RandomIRBuilder.cpp
125–126 ↗(On Diff #505391)

Drop comment

141–142 ↗(On Diff #505391)

Drop comment

284–286 ↗(On Diff #505391)

Not really, you just need to avoid touching immarg parameters

317 ↗(On Diff #482716)

You can just drop the isOpaqueOrPointeeTypeMatches check, pointers are always opaque now

llvm/unittests/FuzzMutate/RandomIRBuilderTest.cpp
326

Can just use a regular array or std::array, you never resize these

Peter updated this revision to Diff 510159.Mar 31 2023, 6:19 PM
Peter marked 4 inline comments as done.

Update tests and comments.

Peter added inline comments.Mar 31 2023, 6:21 PM
llvm/lib/FuzzMutate/RandomIRBuilder.cpp
284–286 ↗(On Diff #505391)

I am not sure how to determine if an operand of an intrinsic should be immarg or not, would you please elabrate?

arsenm added inline comments.Apr 3 2023, 6:56 PM
llvm/lib/FuzzMutate/RandomIRBuilder.cpp
284–286 ↗(On Diff #505391)

Something like F.hasParamAttr(i, Attribute::ImmArg) should work

Peter updated this revision to Diff 511202.Apr 5 2023, 1:51 PM
Peter marked 2 inline comments as done.

Allow sink into Intrinsic now

llvm/lib/FuzzMutate/RandomIRBuilder.cpp
284–286 ↗(On Diff #505391)

This rule is now added to isCompatibleReplacement

arsenm added inline comments.Apr 8 2023, 5:02 AM
llvm/lib/FuzzMutate/RandomIRBuilder.cpp
311 ↗(On Diff #511202)

Braces

312 ↗(On Diff #511202)

Braecs

arsenm added inline comments.Apr 8 2023, 5:04 AM
llvm/lib/FuzzMutate/RandomIRBuilder.cpp
268 ↗(On Diff #511202)

Allowing replacement of immarg with any Constant is too broad, it only allows ConstantInt. Additionally, replacing the value may be a bit risky. Might as well just skip all immarg arguments

Peter updated this revision to Diff 512198.Apr 10 2023, 10:54 AM
Peter marked 3 inline comments as done.

Forbits replacement of immarg

Peter updated this revision to Diff 513755.Apr 14 2023, 2:59 PM

rebase to upstream/main

arsenm accepted this revision.Apr 15 2023, 6:25 AM
This revision is now accepted and ready to land.Apr 15 2023, 6:25 AM
This revision was landed with ongoing or failed builds.Apr 15 2023, 3:46 PM
This revision was automatically updated to reflect the committed changes.
thakis added a subscriber: thakis.Apr 16 2023, 6:38 AM

This breaks tests on Mac (m1): http://45.33.8.238/macm1/58752/step_11.txt

Please take a look and revert for now if it takes a while to fix.

Peter reopened this revision.Apr 16 2023, 9:10 AM

Thanks for mentioning. It has been reverted in the upstream.

The problems seem to be unit testing, not the code. When we have explicit pointer types, we check that we cannot load to a function pointer. Now that we default to opaque pointers, that check may fail.

This revision is now accepted and ready to land.Apr 16 2023, 9:10 AM
Peter updated this revision to Diff 514034.Apr 16 2023, 9:37 AM

Remove unit tests that checks for pointer type match, they are all opaque pointers now.

Peter updated this revision to Diff 514348.Apr 17 2023, 11:56 AM

remove tests

Peter updated this revision to Diff 514352.Apr 17 2023, 12:05 PM
  • Remove pointer tests since they are all opaque now
Peter updated this revision to Diff 514355.Apr 17 2023, 12:11 PM

Remove pointer tests as they are opaque now

This revision was landed with ongoing or failed builds.Apr 17 2023, 2:45 PM
This revision was automatically updated to reflect the committed changes.