tint: transform::RemovePhonies: skip builtins with no side effects

This transform was attempting to remove builtins with no side effects, such as a call with abstract int/float args, which is unhandled by this transform. For example, this would cause the transform to ICE: _ = clamp(1, 2, 3); Fixes ClusterFuzz issue crbug.com/1348739. Bug: chromium:1348739 Change-Id: Ie355eb36c6c020417c2d93f2dc434c11dbb72d1f Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/97880 Kokoro: Kokoro <noreply+kokoro@google.com> Commit-Queue: Antonio Maiorano <amaiorano@google.com> Reviewed-by: Ben Clayton <bclayton@google.com>
2025-12-21 10:49:14 +00:00 · 2022-08-01 17:21:54 +00:00
parent 6315a27778
commit 239a92d2d0
14 changed files with 82 additions and 79 deletions
--- a/src/tint/transform/remove_phonies.cc
+++ b/src/tint/transform/remove_phonies.cc
@@ -97,7 +97,8 @@ void RemovePhonies::Run(CloneContext& ctx, const DataMap&, DataMap&) const {
                                // Just skip.
                                return ast::TraverseAction::Skip;
                            }
-                            if (call->Target()->IsAnyOf<sem::Function, sem::Builtin>()) {
+                            if (call->Target()->IsAnyOf<sem::Function, sem::Builtin>() &&
+                                call->HasSideEffects()) {
                                side_effects.push_back(expr);
                                return ast::TraverseAction::Skip;
                            }
--- a/src/tint/transform/remove_phonies_test.cc
+++ b/src/tint/transform/remove_phonies_test.cc
@@ -65,6 +65,8 @@ fn f() {
  _ = vec2<f32>(5.0);
  _ = vec3<i32>(6, 7, 8);
  _ = mat2x2<f32>(9.0, 10.0, 11.0, 12.0);
+  _ = atan2(1.0, 2.0);
+  _ = clamp(1.0, 2.0, 3.0);
 }
 )";