T0b1/regalloc2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
0eb3deb384ef24ce5e091a0b86d5fee2842a32c5
regalloc2/fuzz/fuzz_targets/ion_checker.rs
Chris Fallin a5c48fda8a Support program moves, including pinned vregs, in the checker. (#43) 
The checker was built to validate programs produced by the fuzzing
testcase generator, which was built before regalloc2 supported special
handling of moves. (In a pure-SSA world, move elision is not needed,
because moves are not needed, and blockparams are the only way of
tying together vregs.)

Due to this, the checker works great for our independent regalloc2
fuzzing setup, but when used on regalloc inputs produced by Cranelift,
cannot prove correctness.

This PR extends the checker's analysis to properly handle "program
moves", which are distinct from regalloc-inserted moves in that they
are present in the original program and hence are semantically
relevant. A program move edits all sets of symbolic vregs at all
allocs, and where the source vreg appears, it inserts the dest vreg as
well. (It also removes the dest vreg from all other sets, since the
old value becomes stale, as is done for other defs.)

Given this, and given some additional checking for moves to/from
pinned vregs, the checker can now be used to fully validate
Cranelift-sourced regalloc2 invocations.
2022-04-18 10:36:26 -07:00

49 lines
1.3 KiB
Rust
Raw Blame History

/*
* Released under the terms of the Apache 2.0 license with LLVM
* exception. See `LICENSE` for details.
*/
#![no_main]
use libfuzzer_sys::arbitrary::{Arbitrary, Result, Unstructured};
use libfuzzer_sys::fuzz_target;
use regalloc2::fuzzing::checker::Checker;
use regalloc2::fuzzing::func::{Func, Options};
#[derive(Clone, Debug)]
struct TestCase {
func: Func,
}
impl Arbitrary for TestCase {
fn arbitrary(u: &mut Unstructured) -> Result<TestCase> {
Ok(TestCase {
func: Func::arbitrary_with_options(
u,
&Options {
reused_inputs: true,
fixed_regs: true,
clobbers: true,
control_flow: true,
reducible: false,
block_params: true,
always_local_uses: false,
reftypes: true,
},
)?,
})
}
}
fuzz_target!(|testcase: TestCase| {
let func = testcase.func;
let _ = env_logger::try_init();
log::trace!("func:\n{:?}", func);
let env = regalloc2::fuzzing::func::machine_env();
let out = regalloc2::fuzzing::ion::run(&func, &env, true).expect("regalloc did not succeed");
let mut checker = Checker::new(&func, &env);
checker.prepare(&out);
checker.run().expect("checker failed");
});
Reference in New Issue View Git Blame Copy Permalink