From 4d18c6b7c59b10de3a1680348a132e32ca254323 Mon Sep 17 00:00:00 2001
From: Alastair Donaldson <afdx@google.com>
Date: Tue, 21 Sep 2021 16:41:58 +0000
Subject: [PATCH] spirv-tools fuzzers: Avoid passing target backend

Changes the spirv-tools fuzzer targets so that the target back-end
language (HLSL, MSL, SPIR-V or WGSL) is no longer passed as a command
line argument, but instead baked into the fuzzer's binary. This avoids
a problem whereby an OSS-Fuzz bug reproducer does not use the required
back-end command line argument.

Change-Id: I69970dfa7f133f8e310ec063c9b6869bd774e7d3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63343
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
---
 .../tint_spirv_tools_fuzzer/CMakeLists.txt    | 21 ++++++++---
 fuzzers/tint_spirv_tools_fuzzer/fuzzer.cc     |  4 ++-
 .../override_cli_params.h                     | 36 +++++++++++++++++++
 .../tint_spirv_tools_fuzzer.cc                | 30 ++++++++++++++++
 .../tint_spirv_tools_hlsl_writer_fuzzer.cc    | 33 +++++++++++++++++
 .../tint_spirv_tools_msl_writer_fuzzer.cc     | 33 +++++++++++++++++
 .../tint_spirv_tools_spv_writer_fuzzer.cc     | 33 +++++++++++++++++
 .../tint_spirv_tools_wgsl_writer_fuzzer.cc    | 33 +++++++++++++++++
 8 files changed, 218 insertions(+), 5 deletions(-)
 create mode 100644 fuzzers/tint_spirv_tools_fuzzer/override_cli_params.h
 create mode 100644 fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_fuzzer.cc
 create mode 100644 fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_hlsl_writer_fuzzer.cc
 create mode 100644 fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_msl_writer_fuzzer.cc
 create mode 100644 fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_spv_writer_fuzzer.cc
 create mode 100644 fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_wgsl_writer_fuzzer.cc

diff --git a/fuzzers/tint_spirv_tools_fuzzer/CMakeLists.txt b/fuzzers/tint_spirv_tools_fuzzer/CMakeLists.txt
index 6bb2097eca..23d97417bd 100644
--- a/fuzzers/tint_spirv_tools_fuzzer/CMakeLists.txt
+++ b/fuzzers/tint_spirv_tools_fuzzer/CMakeLists.txt
@@ -28,6 +28,7 @@ set(FUZZER_SOURCES ${FUZZER_SOURCES}
         cli.h
         mutator.h
         mutator_cache.h
+        override_cli_params.h
         spirv_fuzz_mutator.h
         spirv_opt_mutator.h
         spirv_reduce_mutator.h
@@ -57,10 +58,22 @@ function(configure_spirv_tools_fuzzer_target NAME SOURCES)
             ${spirv-tools_BINARY_DIR})
 endfunction()
 
-configure_spirv_tools_fuzzer_target(tint_spirv_tools_fuzzer "${FUZZER_SOURCES}")
-target_compile_definitions(tint_spirv_tools_fuzzer PUBLIC CUSTOM_MUTATOR)
-target_compile_definitions(tint_spirv_tools_fuzzer PRIVATE TARGET_FUZZER)
-target_link_libraries(tint_spirv_tools_fuzzer libtint-fuzz)
+function(add_tint_spirv_tools_fuzzer NAME)
+  set(FUZZER_TARGET_SOURCES ${NAME}.cc ${FUZZER_SOURCES})
+  configure_spirv_tools_fuzzer_target(${NAME} "${FUZZER_TARGET_SOURCES}")
+  target_link_libraries(${NAME} libtint-fuzz)
+  target_compile_definitions(tint_spirv_tools_fuzzer PUBLIC CUSTOM_MUTATOR)
+  target_compile_definitions(tint_spirv_tools_fuzzer PRIVATE TARGET_FUZZER)
+endfunction()
+
+# Add libfuzzer targets.
+# Targets back-ends according to command line arguments.
+add_tint_spirv_tools_fuzzer(tint_spirv_tools_fuzzer)
+# Targets back-ends individually.
+add_tint_spirv_tools_fuzzer(tint_spirv_tools_hlsl_writer_fuzzer)
+add_tint_spirv_tools_fuzzer(tint_spirv_tools_msl_writer_fuzzer)
+add_tint_spirv_tools_fuzzer(tint_spirv_tools_spv_writer_fuzzer)
+add_tint_spirv_tools_fuzzer(tint_spirv_tools_wgsl_writer_fuzzer)
 
 set(DEBUGGER_SOURCES
         ../random_generator.cc
diff --git a/fuzzers/tint_spirv_tools_fuzzer/fuzzer.cc b/fuzzers/tint_spirv_tools_fuzzer/fuzzer.cc
index 0ffc9a2a1b..18c072a5f8 100644
--- a/fuzzers/tint_spirv_tools_fuzzer/fuzzer.cc
+++ b/fuzzers/tint_spirv_tools_fuzzer/fuzzer.cc
@@ -21,6 +21,7 @@
 #include "fuzzers/tint_common_fuzzer.h"
 #include "fuzzers/tint_spirv_tools_fuzzer/cli.h"
 #include "fuzzers/tint_spirv_tools_fuzzer/mutator_cache.h"
+#include "fuzzers/tint_spirv_tools_fuzzer/override_cli_params.h"
 #include "fuzzers/tint_spirv_tools_fuzzer/spirv_fuzz_mutator.h"
 #include "fuzzers/tint_spirv_tools_fuzzer/spirv_opt_mutator.h"
 #include "fuzzers/tint_spirv_tools_fuzzer/spirv_reduce_mutator.h"
@@ -33,7 +34,7 @@ namespace spvtools_fuzzer {
 namespace {
 
 struct Context {
-  const FuzzerCliParams params;
+  FuzzerCliParams params;
   std::unique_ptr<MutatorCache> mutator_cache;
 };
 
@@ -46,6 +47,7 @@ extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
           ? std::make_unique<MutatorCache>(params.mutator_cache_size)
           : nullptr;
   context = new Context{std::move(params), std::move(mutator_cache)};
+  OverrideCliParams(context->params);
   return 0;
 }
 
diff --git a/fuzzers/tint_spirv_tools_fuzzer/override_cli_params.h b/fuzzers/tint_spirv_tools_fuzzer/override_cli_params.h
new file mode 100644
index 0000000000..95218b7cff
--- /dev/null
+++ b/fuzzers/tint_spirv_tools_fuzzer/override_cli_params.h
@@ -0,0 +1,36 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef FUZZERS_TINT_SPIRV_TOOLS_FUZZER_OVERRIDE_CLI_PARAMS_H_
+#define FUZZERS_TINT_SPIRV_TOOLS_FUZZER_OVERRIDE_CLI_PARAMS_H_
+
+#include "fuzzers/tint_spirv_tools_fuzzer/cli.h"
+
+namespace tint {
+namespace fuzzers {
+namespace spvtools_fuzzer {
+
+/// @brief Allows CLI parameters to be overridden.
+///
+/// This function allows fuzz targets to override particular CLI parameters,
+/// for example forcing a particular back-end to be targeted.
+///
+/// @param cli_params - the parsed CLI parameters to be updated.
+void OverrideCliParams(FuzzerCliParams& cli_params);
+
+}  // namespace spvtools_fuzzer
+}  // namespace fuzzers
+}  // namespace tint
+
+#endif  // FUZZERS_TINT_SPIRV_TOOLS_FUZZER_OVERRIDE_CLI_PARAMS_H_
diff --git a/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_fuzzer.cc b/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_fuzzer.cc
new file mode 100644
index 0000000000..406d9fdcb2
--- /dev/null
+++ b/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_fuzzer.cc
@@ -0,0 +1,30 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <cassert>
+
+#include "fuzzers/tint_spirv_tools_fuzzer/cli.h"
+#include "fuzzers/tint_spirv_tools_fuzzer/override_cli_params.h"
+
+namespace tint {
+namespace fuzzers {
+namespace spvtools_fuzzer {
+
+void OverrideCliParams(FuzzerCliParams& /*unused*/) {
+  // Leave the CLI parameters unchanged.
+}
+
+}  // namespace spvtools_fuzzer
+}  // namespace fuzzers
+}  // namespace tint
diff --git a/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_hlsl_writer_fuzzer.cc b/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_hlsl_writer_fuzzer.cc
new file mode 100644
index 0000000000..d71777f73c
--- /dev/null
+++ b/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_hlsl_writer_fuzzer.cc
@@ -0,0 +1,33 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <cassert>
+
+#include "fuzzers/tint_spirv_tools_fuzzer/cli.h"
+#include "fuzzers/tint_spirv_tools_fuzzer/override_cli_params.h"
+
+namespace tint {
+namespace fuzzers {
+namespace spvtools_fuzzer {
+
+void OverrideCliParams(FuzzerCliParams& cli_params) {
+  assert(cli_params.fuzzing_target == FuzzingTarget::kAll &&
+         "The fuzzing target should not have been set by a CLI parameter: it "
+         "should have its default value.");
+  cli_params.fuzzing_target = FuzzingTarget::kHlsl;
+}
+
+}  // namespace spvtools_fuzzer
+}  // namespace fuzzers
+}  // namespace tint
diff --git a/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_msl_writer_fuzzer.cc b/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_msl_writer_fuzzer.cc
new file mode 100644
index 0000000000..91ab2a7d10
--- /dev/null
+++ b/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_msl_writer_fuzzer.cc
@@ -0,0 +1,33 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <cassert>
+
+#include "fuzzers/tint_spirv_tools_fuzzer/cli.h"
+#include "fuzzers/tint_spirv_tools_fuzzer/override_cli_params.h"
+
+namespace tint {
+namespace fuzzers {
+namespace spvtools_fuzzer {
+
+void OverrideCliParams(FuzzerCliParams& cli_params) {
+  assert(cli_params.fuzzing_target == FuzzingTarget::kAll &&
+         "The fuzzing target should not have been set by a CLI parameter: it "
+         "should have its default value.");
+  cli_params.fuzzing_target = FuzzingTarget::kMsl;
+}
+
+}  // namespace spvtools_fuzzer
+}  // namespace fuzzers
+}  // namespace tint
diff --git a/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_spv_writer_fuzzer.cc b/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_spv_writer_fuzzer.cc
new file mode 100644
index 0000000000..4cbc95534b
--- /dev/null
+++ b/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_spv_writer_fuzzer.cc
@@ -0,0 +1,33 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <cassert>
+
+#include "fuzzers/tint_spirv_tools_fuzzer/cli.h"
+#include "fuzzers/tint_spirv_tools_fuzzer/override_cli_params.h"
+
+namespace tint {
+namespace fuzzers {
+namespace spvtools_fuzzer {
+
+void OverrideCliParams(FuzzerCliParams& cli_params) {
+  assert(cli_params.fuzzing_target == FuzzingTarget::kAll &&
+         "The fuzzing target should not have been set by a CLI parameter: it "
+         "should have its default value.");
+  cli_params.fuzzing_target = FuzzingTarget::kSpv;
+}
+
+}  // namespace spvtools_fuzzer
+}  // namespace fuzzers
+}  // namespace tint
diff --git a/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_wgsl_writer_fuzzer.cc b/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_wgsl_writer_fuzzer.cc
new file mode 100644
index 0000000000..f1370e067b
--- /dev/null
+++ b/fuzzers/tint_spirv_tools_fuzzer/tint_spirv_tools_wgsl_writer_fuzzer.cc
@@ -0,0 +1,33 @@
+// Copyright 2021 The Tint Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <cassert>
+
+#include "fuzzers/tint_spirv_tools_fuzzer/cli.h"
+#include "fuzzers/tint_spirv_tools_fuzzer/override_cli_params.h"
+
+namespace tint {
+namespace fuzzers {
+namespace spvtools_fuzzer {
+
+void OverrideCliParams(FuzzerCliParams& cli_params) {
+  assert(cli_params.fuzzing_target == FuzzingTarget::kAll &&
+         "The fuzzing target should not have been set by a CLI parameter: it "
+         "should have its default value.");
+  cli_params.fuzzing_target = FuzzingTarget::kWgsl;
+}
+
+}  // namespace spvtools_fuzzer
+}  // namespace fuzzers
+}  // namespace tint