From 6dd34f7e34c8187144bf52766b86cb0a84a612d9 Mon Sep 17 00:00:00 2001 From: Ryan Harrison <rharrison@chromium.org> Date: Tue, 16 Feb 2021 19:19:58 +0000 Subject: [PATCH] Remove GLSL SPIRV-Cross fuzzer Releasing this configuration is no longer part of the PoR, so no need to fuzz it. BUG=dawn:683,chromium:904410 Change-Id: Ic499c68d48b88240361f4ffa937c878b3e3c8526 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/41760 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Austin Eng <enga@chromium.org> Auto-Submit: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Austin Eng <enga@chromium.org> --- src/fuzzers/BUILD.gn | 21 ---- src/fuzzers/DawnSPIRVCrossFuzzer.cpp | 108 ------------------- src/fuzzers/DawnSPIRVCrossFuzzer.h | 29 ----- src/fuzzers/DawnSPIRVCrossGLSLFastFuzzer.cpp | 50 --------- 4 files changed, 208 deletions(-) delete mode 100644 src/fuzzers/DawnSPIRVCrossFuzzer.cpp delete mode 100644 src/fuzzers/DawnSPIRVCrossFuzzer.h delete mode 100644 src/fuzzers/DawnSPIRVCrossGLSLFastFuzzer.cpp diff --git a/src/fuzzers/BUILD.gn b/src/fuzzers/BUILD.gn index 76d8f9f3dd..ee06dfedba 100644 --- a/src/fuzzers/BUILD.gn +++ b/src/fuzzers/BUILD.gn @@ -69,17 +69,6 @@ if (build_with_chromium) { } } -static_library("dawn_spirv_cross_fuzzer_common") { - sources = [ - "DawnSPIRVCrossFuzzer.cpp", - "DawnSPIRVCrossFuzzer.h", - ] - public_deps = [ - "${dawn_root}/third_party/gn/spirv_cross:spirv_cross", - "${dawn_spirv_tools_dir}:spvtools_val", - ] -} - static_library("dawn_wire_server_fuzzer_common") { sources = [ "DawnWireServerFuzzer.cpp", @@ -95,15 +84,6 @@ static_library("dawn_wire_server_fuzzer_common") { ] } -# TODO(rharrison): Remove asan_options once signal trap is no longer -# needed. -# Uses Dawn specific options and varies input data -dawn_fuzzer_test("dawn_spirv_cross_glsl_fast_fuzzer") { - sources = [ "DawnSPIRVCrossGLSLFastFuzzer.cpp" ] - deps = [ ":dawn_spirv_cross_fuzzer_common" ] - asan_options = [ "allow_user_segv_handler=1" ] -} - dawn_fuzzer_test("dawn_wire_server_and_frontend_fuzzer") { sources = [ "DawnWireServerAndFrontendFuzzer.cpp" ] @@ -134,7 +114,6 @@ dawn_fuzzer_test("dawn_wire_server_and_vulkan_backend_fuzzer") { group("dawn_fuzzers") { testonly = true deps = [ - ":dawn_spirv_cross_glsl_fast_fuzzer", ":dawn_wire_server_and_frontend_fuzzer", ":dawn_wire_server_and_vulkan_backend_fuzzer", ] diff --git a/src/fuzzers/DawnSPIRVCrossFuzzer.cpp b/src/fuzzers/DawnSPIRVCrossFuzzer.cpp deleted file mode 100644 index 749255f6e3..0000000000 --- a/src/fuzzers/DawnSPIRVCrossFuzzer.cpp +++ /dev/null @@ -1,108 +0,0 @@ -// Copyright 2018 The Dawn Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include <csetjmp> -#include <csignal> -#include <cstdint> -#include <sstream> -#include <string> -#include <vector> - -#include <spirv-tools/libspirv.hpp> -#ifdef DAWN_ENABLE_WGSL -# include <tint/tint.h> -#endif // DAWN_ENABLE_WGSL - -#include "DawnSPIRVCrossFuzzer.h" - -namespace { - - std::jmp_buf jump_buffer; - void (*old_signal_handler)(int); - - // Handler to trap signals, so that it doesn't crash the fuzzer when running - // the code under test. The code being fuzzed uses abort() to report errors - // like bad input instead of returning an error code. - [[noreturn]] static void sigabrt_trap(int) { - std::longjmp(jump_buffer, 1); - } - - // Setup the SIGABRT trap - void BeginSIGABRTTrap() { - old_signal_handler = signal(SIGABRT, sigabrt_trap); - if (old_signal_handler == SIG_ERR) - abort(); - } - - // Restore the previous signal handler - void EndSIGABRTTrap() { - signal(SIGABRT, old_signal_handler); - } - -} // namespace - -namespace DawnSPIRVCrossFuzzer { - - void ExecuteWithSignalTrap(std::function<void()> exec) { - BeginSIGABRTTrap(); - - // On the first pass through setjmp will return 0, if returning here - // from the longjmp in the signal handler it will return 1. - if (setjmp(jump_buffer) == 0) { - exec(); - } - - EndSIGABRTTrap(); - } - - int Run(const uint8_t* data, size_t size, Task task) { - size_t sizeInU32 = size / sizeof(uint32_t); - const uint32_t* u32Data = reinterpret_cast<const uint32_t*>(data); - std::vector<uint32_t> input(u32Data, u32Data + sizeInU32); - - // Using Tint SPIRV->SPIRV to normalize inputs if supported. -#ifdef DAWN_ENABLE_WGSL - tint::Program program = tint::reader::wgsl::Parse(file); - if (!program.IsValid()) { - return 0; - } - - tint::writer::spirv::Generator generator(&program); - if (!generator.Generate()) { - return 0; - } - - std::vector<uint32_t> spirv = generator.result(); -#else - std::vector<uint32_t> spirv = std::move(input); -#endif - - spvtools::SpirvTools spirvTools(SPV_ENV_VULKAN_1_1); - spirvTools.SetMessageConsumer( - [](spv_message_level_t, const char*, const spv_position_t&, const char*) {}); - - // Dawn is responsible to validating inputs before they go to - // SPIRV-Cross. - if (!spirvTools.Validate(spirv.data(), spirv.size())) { - return 0; - } - - if (spirv.size() != 0) { - task(spirv); - } - - return 0; - } - -} // namespace DawnSPIRVCrossFuzzer diff --git a/src/fuzzers/DawnSPIRVCrossFuzzer.h b/src/fuzzers/DawnSPIRVCrossFuzzer.h deleted file mode 100644 index 82b1adee46..0000000000 --- a/src/fuzzers/DawnSPIRVCrossFuzzer.h +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2018 The Dawn Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include <cstdint> -#include <functional> -#include <vector> - -namespace DawnSPIRVCrossFuzzer { - - using Task = std::function<int(const std::vector<uint32_t>&)>; - - // Used to wrap code that may fire a SIGABRT. Do not allocate anything local within |exec|, as - // it is not guaranteed to return. - void ExecuteWithSignalTrap(std::function<void()> exec); - - // Used to fuzz by mutating the input data, but with fixed options to the compiler - int Run(const uint8_t* data, size_t size, Task task); -} // namespace DawnSPIRVCrossFuzzer diff --git a/src/fuzzers/DawnSPIRVCrossGLSLFastFuzzer.cpp b/src/fuzzers/DawnSPIRVCrossGLSLFastFuzzer.cpp deleted file mode 100644 index 077ef78aac..0000000000 --- a/src/fuzzers/DawnSPIRVCrossGLSLFastFuzzer.cpp +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2018 The Dawn Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include <cstdint> -#include <string> -#include <vector> - -#include <spirv_glsl.hpp> - -#include "DawnSPIRVCrossFuzzer.h" - -namespace { - int GLSLFastFuzzTask(const std::vector<uint32_t>& input) { - // Values come from ShaderModuleGL.cpp - spirv_cross::CompilerGLSL::Options options; - options.vertex.flip_vert_y = true; - options.vertex.fixup_clipspace = true; -#if defined(DAWN_PLATFORM_APPLE) - options.version = 410; -#else - options.version = 440; -#endif - - spirv_cross::CompilerGLSL compiler(input); - compiler.set_common_options(options); - compiler.compile(); - - return 0; - } - -} // namespace - -extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) { - return 0; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - return DawnSPIRVCrossFuzzer::Run(data, size, GLSLFastFuzzTask); -}