review.tizen.org Git - platform/upstream/llvm.git/commit

author	Henry Yu <hnryu@ucdavis.edu>
	Wed, 26 Apr 2023 23:43:48 +0000 (16:43 -0700)
committer	Peter Rong <PeterRong96@gmail.com>
	Wed, 26 Apr 2023 23:45:49 +0000 (16:45 -0700)
commit	66892f25af005e42adf55f9615d4919b0cd3ac7d
tree	400350b353a94b81959432a4b5321a0b7ae192fd	tree \| snapshot
parent	5b7fa4a48d4e1dc5d412add989ce5c1b2dc7a448	commit \| diff

[FuzzMutate] Skip EHPad during mutation and avoid replacing callee with pointer when sinking

This patch addresses 2 problems:

- In `ShuffleBlockStrategy`, when `BB` is an EHPad, `BB.getFirstInsertionPt()` will return `BB.end()`, which cannot be dereferenced and will cause crash in following loop.
- In `isCompatibleReplacement`, a call instruction's callee might be replaced by a pointer, causing 2 subproblems:
- we cannot guarantee that the pointer is a function pointer (even if it is, we cannot guarantee it matches the signature).
- after such a replacement, `getCalledFunction` will from then on return `nullptr` (since it's indirect call) which causes Segmentation Fault in the lines below.

This patch fixes the first problem by checking if a block to be mutated is an EHPad in base class `IRMutationStrategy` and skipping mutating it if so.

This patch fixes the second problem by avoiding replacing callee with pointer and adding a null check for indirect calls.

Reviewed By: Peter

Differential Revision: https://reviews.llvm.org/D148853

llvm/include/llvm/FuzzMutate/IRMutator.h		diff \| blob \| history
llvm/lib/FuzzMutate/IRMutator.cpp		diff \| blob \| history
llvm/lib/FuzzMutate/RandomIRBuilder.cpp		diff \| blob \| history
llvm/unittests/FuzzMutate/RandomIRBuilderTest.cpp		diff \| blob \| history
llvm/unittests/FuzzMutate/StrategiesTest.cpp		diff \| blob \| history