Add fuzzing for transform::BindingRemapper
BUG=tint:722 Change-Id: I742f1e536ef0429c2e7b8c9ea6c13b836a2ec0c2 Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49360 Auto-Submit: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Ben Clayton <bclayton@google.com> Kokoro: Kokoro <noreply+kokoro@google.com> Reviewed-by: Ben Clayton <bclayton@google.com>
This commit is contained in:
Ryan Harrison
Commit Bot service account
parent
0949bdf68f
commit
b5c908f700
|
|
@ -66,6 +66,11 @@ if (build_with_chromium) {
|
|||
deps = [ ":tint_fuzzer_common" ]
|
||||
}
|
||||
|
||||
fuzzer_test("tint_binding_remapper_fuzzer") {
|
||||
sources = [ "tint_binding_remapper_fuzzer.cc" ]
|
||||
deps = [ ":tint_fuzzer_common" ]
|
||||
}
|
||||
|
||||
fuzzer_test("tint_bound_array_accessors_fuzzer") {
|
||||
sources = [ "tint_bound_array_accessors_fuzzer.cc" ]
|
||||
deps = [ ":tint_fuzzer_common" ]
|
||||
|
|
@ -156,6 +161,7 @@ if (build_with_chromium) {
|
|||
if (tint_build_wgsl_reader && tint_build_spv_writer) {
|
||||
deps += [
|
||||
":tint_all_transforms_fuzzer",
|
||||
":tint_binding_remapper_fuzzer",
|
||||
":tint_bound_array_accessors_fuzzer",
|
||||
":tint_emit_vertex_point_size_fuzzer",
|
||||
":tint_first_index_offset_fuzzer",
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ endif()
|
|||
|
||||
if (${TINT_BUILD_WGSL_READER} AND ${TINT_BUILD_SPV_WRITER})
|
||||
add_tint_fuzzer(tint_all_transforms_fuzzer)
|
||||
add_tint_fuzzer(tint_binding_remapper_fuzzer)
|
||||
add_tint_fuzzer(tint_bound_array_accessors_fuzzer)
|
||||
add_tint_fuzzer(tint_emit_vertex_point_size_fuzzer)
|
||||
add_tint_fuzzer(tint_first_index_offset_fuzzer)
|
||||
|
|
|
|||
|
|
@ -18,25 +18,22 @@ namespace tint {
|
|||
namespace fuzzers {
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
struct Config {
|
||||
uint32_t group;
|
||||
uint32_t binding;
|
||||
};
|
||||
if (size < sizeof(Config)) {
|
||||
return 0;
|
||||
}
|
||||
auto* config = reinterpret_cast<const Config*>(data);
|
||||
data += sizeof(Config);
|
||||
size -= sizeof(Config);
|
||||
|
||||
tint::transform::Manager transform_manager;
|
||||
tint::transform::DataMap transform_inputs;
|
||||
|
||||
transform_inputs.Add<tint::transform::FirstIndexOffset::BindingPoint>(
|
||||
config->binding, config->group);
|
||||
if (!ExtractFirstIndexOffsetInputs(&data, &size, &transform_inputs)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!ExtractBindingRemapperInputs(&data, &size, &transform_inputs)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
transform_manager.Add<tint::transform::BoundArrayAccessors>();
|
||||
transform_manager.Add<tint::transform::EmitVertexPointSize>();
|
||||
transform_manager.Add<tint::transform::FirstIndexOffset>();
|
||||
transform_manager.Add<tint::transform::BindingRemapper>();
|
||||
|
||||
tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
|
||||
fuzzer.SetTransformManager(&transform_manager, std::move(transform_inputs));
|
||||
|
|
|
|||
|
|
@ -0,0 +1,37 @@
|
|||
// Copyright 2021 The Tint Authors.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include "fuzzers/tint_common_fuzzer.h"
|
||||
|
||||
namespace tint {
|
||||
namespace fuzzers {
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
transform::Manager transform_manager;
|
||||
transform::DataMap transform_inputs;
|
||||
|
||||
if (!ExtractBindingRemapperInputs(&data, &size, &transform_inputs)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
transform_manager.Add<tint::transform::BindingRemapper>();
|
||||
|
||||
fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
|
||||
fuzzer.SetTransformManager(&transform_manager, std::move(transform_inputs));
|
||||
|
||||
return fuzzer.Run(data, size);
|
||||
}
|
||||
|
||||
} // namespace fuzzers
|
||||
} // namespace tint
|
||||
|
|
@ -33,6 +33,74 @@ namespace fuzzers {
|
|||
__builtin_trap();
|
||||
}
|
||||
|
||||
bool ExtractBindingRemapperInputs(const uint8_t** data,
|
||||
size_t* size,
|
||||
tint::transform::DataMap* inputs) {
|
||||
if ((*size) < sizeof(uint8_t)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
auto count = *reinterpret_cast<const uint8_t*>(*data);
|
||||
(*data) += sizeof(uint8_t);
|
||||
(*size) -= sizeof(uint8_t);
|
||||
|
||||
struct Config {
|
||||
uint32_t old_group;
|
||||
uint32_t old_binding;
|
||||
uint32_t new_group;
|
||||
uint32_t new_binding;
|
||||
ast::AccessControl::Access new_ac;
|
||||
};
|
||||
|
||||
if ((*size) < count * sizeof(Config)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
std::vector<Config> configs(count);
|
||||
|
||||
memcpy(configs.data(), *data, count * sizeof(Config));
|
||||
|
||||
(*data) += count * sizeof(Config);
|
||||
(*size) -= count * sizeof(Config);
|
||||
|
||||
transform::BindingRemapper::BindingPoints binding_points;
|
||||
transform::BindingRemapper::AccessControls access_controls;
|
||||
for (const auto& config : configs) {
|
||||
binding_points[{config.old_binding, config.old_group}] = {
|
||||
config.new_binding, config.new_group};
|
||||
access_controls[{config.old_binding, config.old_group}] = config.new_ac;
|
||||
}
|
||||
|
||||
inputs->Add<transform::BindingRemapper::Remappings>(binding_points,
|
||||
access_controls);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool ExtractFirstIndexOffsetInputs(const uint8_t** data,
|
||||
size_t* size,
|
||||
tint::transform::DataMap* inputs) {
|
||||
struct Config {
|
||||
uint32_t group;
|
||||
uint32_t binding;
|
||||
};
|
||||
|
||||
if ((*size) < sizeof(Config)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
Config config;
|
||||
memcpy(&config, data, sizeof(config));
|
||||
|
||||
(*data) += sizeof(Config);
|
||||
(*size) -= sizeof(Config);
|
||||
|
||||
inputs->Add<tint::transform::FirstIndexOffset::BindingPoint>(config.binding,
|
||||
config.group);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
CommonFuzzer::CommonFuzzer(InputFormat input, OutputFormat output)
|
||||
: input_(input),
|
||||
output_(output),
|
||||
|
|
|
|||
|
|
@ -22,6 +22,13 @@
|
|||
namespace tint {
|
||||
namespace fuzzers {
|
||||
|
||||
bool ExtractBindingRemapperInputs(const uint8_t** data,
|
||||
size_t* size,
|
||||
tint::transform::DataMap* inputs);
|
||||
bool ExtractFirstIndexOffsetInputs(const uint8_t** data,
|
||||
size_t* size,
|
||||
tint::transform::DataMap* inputs);
|
||||
|
||||
enum class InputFormat { kWGSL, kSpv, kNone };
|
||||
|
||||
enum class OutputFormat { kWGSL, kSpv, kHLSL, kMSL, kNone };
|
||||
|
|
|
|||
|
|
@ -18,21 +18,13 @@ namespace tint {
|
|||
namespace fuzzers {
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
struct Config {
|
||||
uint32_t group;
|
||||
uint32_t binding;
|
||||
};
|
||||
if (size < sizeof(Config)) {
|
||||
return 0;
|
||||
}
|
||||
auto* config = reinterpret_cast<const Config*>(data);
|
||||
data += sizeof(Config);
|
||||
size -= sizeof(Config);
|
||||
|
||||
tint::transform::Manager transform_manager;
|
||||
tint::transform::DataMap transform_inputs;
|
||||
transform_inputs.Add<tint::transform::FirstIndexOffset::BindingPoint>(
|
||||
config->binding, config->group);
|
||||
|
||||
if (!ExtractFirstIndexOffsetInputs(&data, &size, &transform_inputs)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
transform_manager.Add<tint::transform::FirstIndexOffset>();
|
||||
|
||||
tint::fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv);
|
||||
|
|
|
|||
Loading…
Reference in New Issue