encounter
/
dawn-cmake
mirror of https://github.com/encounter/dawn-cmake.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix SPIRV-Tools fuzzer 

This CL fixes a regression in SPIRV-Tools fuzzer after the changes in https://dawn-review.googlesource.com/c/tint/+/57101. Additionally, a bunch of sanity fixes are added to the CommonFuzzer.

Change-Id: Ie6512ddca20572d23634c4b5265b39540a42b4bd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58224
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
This commit is contained in:
Vasyl Teliman 2021-07-16 09:25:14 +00:00 committed by Tint LUCI CQ
parent 4c9b440515
commit 365af046ca
4 changed files with 38 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fuzzers/tint_ast_fuzzer/fuzzer.cc
View File

@ -90,7 +90,7 @@ extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data,
<< result.error << std::endl;
return 0;
}
*mutator_state.mutable_program() = result.wgsl;
*mutator_state.mutable_program() = std::move(result.wgsl);
}
if (mutator_state.ByteSizeLong() > max_size) {
@ -125,7 +125,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
auto result = writer::wgsl::Generate(&program, options);
assert(result.success &&
"Can't generate a shader for the valid tint::Program");
program_text = result.wgsl;
program_text = std::move(result.wgsl);
} else {
program_text.assign(data, data + size);
}

37
fuzzers/tint_common_fuzzer.cc
View File

@ -35,10 +35,10 @@ namespace fuzzers {
namespace {
[[noreturn]] void FatalError(const tint::diag::List& diags,
std::string msg = "") {
const std::string& msg = "") {
auto printer = tint::diag::Printer::create(stderr, true);
if (msg.size()) {
printer->write((msg + "\n").c_str(), {diag::Color::kRed, true});
if (!msg.empty()) {
printer->write(msg + "\n", {diag::Color::kRed, true});
}
tint::diag::Formatter().format(diags, printer.get());
__builtin_trap();
@ -51,7 +51,7 @@ namespace {
transform::VertexAttributeDescriptor ExtractVertexAttributeDescriptor(
Reader* r) {
transform::VertexAttributeDescriptor desc;
transform::VertexAttributeDescriptor desc{};
desc.format = r->enum_class<transform::VertexFormat>(
static_cast<uint8_t>(transform::VertexFormat::kLastEntry) + 1);
desc.offset = r->read<uint32_t>();
@ -70,7 +70,7 @@ transform::VertexBufferLayoutDescriptor ExtractVertexBufferLayoutDescriptor(
}
bool SPIRVToolsValidationCheck(const tint::Program& program,
std::vector<uint32_t> spirv) {
const std::vector<uint32_t>& spirv) {
spvtools::SpirvTools tools(SPV_ENV_VULKAN_1_1);
const tint::diag::List& diags = program.Diagnostics();
tools.SetMessageConsumer([diags](spv_message_level_t, const char*,
@ -186,9 +186,8 @@ int CommonFuzzer::Run(const uint8_t* data, size_t size) {
#endif // TINT_BUILD_WGSL_READER
#if TINT_BUILD_SPV_READER
size_t u32_size = size / sizeof(uint32_t);
const uint32_t* u32_data = reinterpret_cast<const uint32_t*>(data);
std::vector<uint32_t> spirv_input(u32_data, u32_data + u32_size);
std::vector<uint32_t> spirv_input(size / sizeof(uint32_t));
std::memcpy(spirv_input.data(), data, size);
#endif // TINT_BUILD_SPV_READER
@ -203,7 +202,7 @@ int CommonFuzzer::Run(const uint8_t* data, size_t size) {
#endif // TINT_BUILD_WGSL_READER
#if TINT_BUILD_SPV_READER
case InputFormat::kSpv: {
if (spirv_input.size() != 0) {
if (spirv_input.empty()) {
program = reader::spirv::Parse(spirv_input);
}
break;
@ -307,7 +306,7 @@ int CommonFuzzer::Run(const uint8_t* data, size_t size) {
if (!out.program.IsValid()) {
// Transforms can produce error messages for bad input.
// Catch ICEs and errors from non transform systems.
for (auto diag : out.program.Diagnostics()) {
for (const auto& diag : out.program.Diagnostics()) {
if (diag.severity > diag::Severity::Error ||
diag.system != diag::System::Transform) {
FatalError(out.program.Diagnostics(),
@ -325,8 +324,9 @@ int CommonFuzzer::Run(const uint8_t* data, size_t size) {
#if TINT_BUILD_WGSL_WRITER
writer::wgsl::Options options;
auto result = writer::wgsl::Generate(&program, options);
generated_wgsl_ = std::move(result.wgsl);
if (!result.success) {
errors_ = writer_->error();
errors_ = result.error;
return 0;
}
#endif // TINT_BUILD_WGSL_WRITER
@ -336,11 +336,12 @@ int CommonFuzzer::Run(const uint8_t* data, size_t size) {
#if TINT_BUILD_SPV_WRITER
writer::spirv::Options options;
auto result = writer::spirv::Generate(&program, options);
generated_spirv_ = std::move(result.spirv);
if (!result.success) {
errors_ = writer_->error();
errors_ = result.error;
return 0;
}
if (!SPIRVToolsValidationCheck(program, result.spirv)) {
if (!SPIRVToolsValidationCheck(program, generated_spirv_)) {
FatalError(program.Diagnostics(),
"Fuzzing detected invalid spirv being emitted by Tint");
}
@ -352,8 +353,9 @@ int CommonFuzzer::Run(const uint8_t* data, size_t size) {
#if TINT_BUILD_HLSL_WRITER
writer::hlsl::Options options;
auto result = writer::hlsl::Generate(&program, options);
generated_hlsl_ = std::move(result.hlsl);
if (!result.success) {
errors_ = writer_->error();
errors_ = result.error;
return 0;
}
#endif // TINT_BUILD_HLSL_WRITER
@ -363,8 +365,9 @@ int CommonFuzzer::Run(const uint8_t* data, size_t size) {
#if TINT_BUILD_MSL_WRITER
writer::msl::Options options;
auto result = writer::msl::Generate(&program, options);
generated_msl_ = std::move(result.msl);
if (!result.success) {
errors_ = writer_->error();
errors_ = result.error;
return 0;
}
#endif // TINT_BUILD_MSL_WRITER
@ -377,9 +380,5 @@ int CommonFuzzer::Run(const uint8_t* data, size_t size) {
return 0;
}
const writer::Writer* CommonFuzzer::GetWriter() const {
return writer_.get();
}
} // namespace fuzzers
} // namespace tint

23
fuzzers/tint_common_fuzzer.h
View File

@ -16,7 +16,6 @@
#define FUZZERS_TINT_COMMON_FUZZER_H_
#include <cstring>
#include <memory>
#include <string>
#include <utility>
#include <vector>
@ -30,9 +29,9 @@ class Reader {
public:
Reader(const uint8_t* data, size_t size);
bool failed() { return failed_; }
bool failed() const { return failed_; }
const uint8_t* data() { return data_; }
size_t size() { return size_; }
size_t size() const { return size_; }
template <typename T>
T read() {
@ -109,20 +108,32 @@ class CommonFuzzer {
int Run(const uint8_t* data, size_t size);
const writer::Writer* GetWriter() const;
const std::string& GetErrors() const { return errors_; }
const std::vector<uint32_t>& GetGeneratedSpirv() const {
return generated_spirv_;
}
const std::string& GetGeneratedWgsl() const { return generated_wgsl_; }
const std::string& GetGeneratedHlsl() const { return generated_hlsl_; }
const std::string& GetGeneratedMsl() const { return generated_msl_; }
bool HasErrors() const { return !errors_.empty(); }
private:
InputFormat input_;
OutputFormat output_;
std::unique_ptr<writer::Writer> writer_;
transform::Manager* transform_manager_;
transform::DataMap transform_inputs_;
bool inspector_enabled_;
std::string errors_;
std::vector<uint32_t> generated_spirv_;
std::string generated_wgsl_;
std::string generated_hlsl_;
std::string generated_msl_;
};
} // namespace fuzzers

9
fuzzers/tint_spirv_tools_fuzzer/fuzzer.cc
View File

@ -12,7 +12,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#include <iostream>
#include <memory>
#include <random>
#include <string>
@ -179,13 +178,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
return 0;
}
const auto* writer =
static_cast<const writer::wgsl::Generator*>(spv_to_wgsl.GetWriter());
assert(writer && writer->error().empty() &&
"Errors should have already been handled");
auto wgsl = writer->result();
const auto& wgsl = spv_to_wgsl.GetGeneratedWgsl();
std::pair<FuzzingTarget, OutputFormat> targets[] = {
{FuzzingTarget::kHlsl, OutputFormat::kHLSL},