From fc57979d7055a241fb93cfb43727bff1f4171b8e Mon Sep 17 00:00:00 2001 From: Ryan Harrison Date: Thu, 29 Apr 2021 20:12:05 +0000 Subject: [PATCH] Add fuzzing for transform::Spirv BUG=tint:722 Change-Id: Icf47d061b85ad68adc311b8873eb75ad2cd4a451 Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49463 Commit-Queue: Ryan Harrison Auto-Submit: Ryan Harrison Reviewed-by: Ben Clayton --- fuzzers/BUILD.gn | 6 +++++ fuzzers/CMakeLists.txt | 1 + fuzzers/tint_all_transforms_fuzzer.cc | 18 +++++++++++++++ fuzzers/tint_spirv_transform_fuzzer.cc | 31 ++++++++++++++++++++++++++ 4 files changed, 56 insertions(+) create mode 100644 fuzzers/tint_spirv_transform_fuzzer.cc diff --git a/fuzzers/BUILD.gn b/fuzzers/BUILD.gn index e42be8aa6b..8c5e89b4b9 100644 --- a/fuzzers/BUILD.gn +++ b/fuzzers/BUILD.gn @@ -91,6 +91,11 @@ if (build_with_chromium) { sources = [ "tint_inspector_fuzzer.cc" ] deps = [ ":tint_fuzzer_common" ] } + + fuzzer_test("tint_spirv_transform_fuzzer") { + sources = [ "tint_spirv_transform_fuzzer.cc" ] + deps = [ ":tint_fuzzer_common" ] + } } if (tint_build_wgsl_reader && tint_build_hlsl_writer) { @@ -178,6 +183,7 @@ if (build_with_chromium) { # transform used by sanitizers ":tint_first_index_offset_fuzzer", ":tint_inspector_fuzzer", + ":tint_spirv_transform_fuzzer", ":tint_wgsl_reader_spv_writer_fuzzer", ] } diff --git a/fuzzers/CMakeLists.txt b/fuzzers/CMakeLists.txt index 78958decf3..1e65ca85c7 100644 --- a/fuzzers/CMakeLists.txt +++ b/fuzzers/CMakeLists.txt @@ -36,6 +36,7 @@ if (${TINT_BUILD_WGSL_READER} AND ${TINT_BUILD_SPV_WRITER}) add_tint_fuzzer(tint_emit_vertex_point_size_fuzzer) # TODO(tint:753): Remove once transform used by sanitizers add_tint_fuzzer(tint_first_index_offset_fuzzer) add_tint_fuzzer(tint_inspector_fuzzer) + add_tint_fuzzer(tint_spirv_transform_fuzzer) add_tint_fuzzer(tint_wgsl_reader_spv_writer_fuzzer) endif() diff --git a/fuzzers/tint_all_transforms_fuzzer.cc b/fuzzers/tint_all_transforms_fuzzer.cc index d524610f90..08087773af 100644 --- a/fuzzers/tint_all_transforms_fuzzer.cc +++ b/fuzzers/tint_all_transforms_fuzzer.cc @@ -98,6 +98,24 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { fuzzer.Run(config.data, config.size); } #endif // TINT_BUILD_MSL_WRITER +#if TINT_BUILD_SPV_WRITER + { + Config config; + config.data = data; + config.size = size; + + if (!AddPlatformIndependentPasses(&config)) { + return 0; + } + + config.manager.Add(); + + fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv); + fuzzer.SetTransformManager(&config.manager, std::move(config.inputs)); + + fuzzer.Run(config.data, config.size); + } +#endif // TINT_BUILD_SPV_WRITER return 0; } diff --git a/fuzzers/tint_spirv_transform_fuzzer.cc b/fuzzers/tint_spirv_transform_fuzzer.cc new file mode 100644 index 0000000000..7e12e95837 --- /dev/null +++ b/fuzzers/tint_spirv_transform_fuzzer.cc @@ -0,0 +1,31 @@ +// Copyright 2021 The Tint Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "fuzzers/tint_common_fuzzer.h" + +namespace tint { +namespace fuzzers { + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + transform::Manager transform_manager; + transform_manager.Add(); + + fuzzers::CommonFuzzer fuzzer(InputFormat::kWGSL, OutputFormat::kSpv); + fuzzer.SetTransformManager(&transform_manager, {}); + + return fuzzer.Run(data, size); +} + +} // namespace fuzzers +} // namespace tint