During HexFloat parsing, if exponent was too large, we would overflow
the signed integer being used to store its value. We now use an uint32_t
to avoid UB, then convert to int32_t when it's safe to do so.
Also error out if the input exponent is > INT_MAX - 127, which ensures
we will not wrap around and produce an invalid result when adding the
exponent bias of 127.
Bug: chromium:1240048
Bug: tint:1150
Change-Id: I1b57b2c965358b803ebb68ea70b76e759cdd3939
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63120
Reviewed-by: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
- Locally tested with each of the 6 options turned off alone, and fixed
the build.
- Added an incremental build to the Linux Kokoro build with all these
flags disabled, which will help catch a subset of build issues related
to these flags.
Bug: tint:1139
Change-Id: I40eaaea31d88879aa19eac3f17c47b7e7d7a477f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63241
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Refactors the CMake rules for the tint fuzzers so that when OSS-Fuzz is
controlling the build process no specific fuzzer options are used. This
allows OSS-Fuzz to fully control the fuzzing engine.
Change-Id: Ic4423b981df12e66a14ca8f53c97168ac28bfa39
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63342
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Change ast::Array to use an ast::Expression for its `size` field. The
WGSL frontend now parses the array size as an `primary_expression`,
and the Resolver is responsible for validating the expression is a
signed or unsigned integer, and either a literal or a non-overridable
module-scope constant.
The Resolver evaluates the constant value of the size expression, and
so the resolved sem::Array type still has a constant size as before.
Fixed: tint:1068
Fixed: tint:1117
Change-Id: Icfa141482ea1e47ea8c21a25e9eb48221f176e9a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63061
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
The clusterfuzz fuzzers are attempting to change the access control of a uniform variable, which produces a program that does not validate.
Create an error diagnostic tagged with diag::System::Transform, which the fuzzers recognise as being invalid configuration to the transform.
Fixed: chromium:1244999
Change-Id: I2d4f2dfd4f2218ac81172003872494acb027323b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63141
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
Never create semantic types on the stack.
Always use ProgramBuilder::create().
These stack pointers have a tendency of being stored, either by other
types as sub-types, or by maps (see associated bug).
Also, there's a lot of logic that assumes that semantic types are
de-duplicated, and that you can compare pointers. Creating new instances
on the stack will break this in exciting ways.
Fixed: chromium:1243944
Change-Id: I40a652f8c424030106adad2e6531287af13c8714
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62943
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
While looking ahead to determine if a token is an integer, check the
number of digits to make sure that it can actually fit in the internal
representation.
This is an optimization on the existing code, to cause an early exit
and prevent pathological cases with huge integers from consuming too
much processing time, when they will never succeed.
From a functional perspective this has not effect on whether or not a
token will be accepted as an integer, so almost all of the tests do no
need an update. The one exception is a case where the lexer now
catches the invalid integer earlier in the tokenization, so the error
message is a shorter.
This does not handle the equivalent problem for float literals, though
I believe that only exists for non-hex floats.
BUG=chromium:1240715
Change-Id: I27e43711d5f5eda1d54a4128ba514f810abd0313
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62280
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
In https://dawn-review.googlesource.com/c/tint/+/62444 the Resolver validated that there are no parameters of the same function with the same name, but this also introduced validation that errors if parameters shadow a module-scope variable.
The WGSL spec allows for shadowing, but Tint so far has not implemented this support.
There are transforms that generate functions that presume parameter <-> module-scope variable shadowing is okay. DecomposeMemoryAccess is one of these.
This fixes those transforms which could generate programs that fail validation.
Bug: chromium:1242330
Fixed: tint:1136
Change-Id: Id6ec59bbdb398b3b2a23312115a7c1dadf433e98
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62900
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
The type of a type constructor must be constructible, which forbids
atomics. Add checks for non-constructible types when validating arrays
and structures, and then error on any type that isn't explicitly
matched in the outer function. Replaces the separate check for
pointers, which is no longer necessary.
This also removes the validation for "an expression must not evaluate
to an atomic type". The only test that we had for this is no longer
valid (since the type constructor it used is now rejected). There are
no other ways of hitting this particular error, since other validation
rules will always kick in first.
Change-Id: I2172b57ee4e8ee3066aaf0cedc4a26aaca642376
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61800
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: James Price <jrprice@google.com>
Commit-Queue: Sarah Mashayekhi <sarahmashay@google.com>
Reviewed-by: Sarah Mashayekhi <sarahmashay@google.com>
SPIR-V spec states:
> Each structure-type member that is a matrix or array-of-matrices must have be decorated with a MatrixStride Decoration
As already pointed out in https://dawn-review.googlesource.com/c/tint/+/59840, we were not handling arrays-of-matrices.
To do this correctly, we need the ast::StrideDecoration to be placed on the Matrix type, which is a much bigger change to support.
For now, chase the type, and error if we have a custom MatrixStride on an array of matrices, otherwise drop the decoration.
Bug: tint:1049
Fixed: tint:1088
Change-Id: Idcb75b3df88040836a03a14e0ca402ebee7be9a7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60923
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: David Neto <dneto@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
This patch adds the missing input [[sample_mask]] to EntryPoint in
the Inspector and the related unittests to inspector_test.cc.
According to the latest WGSL SPEC [[sample_mask]] can be used as
both fragment shader input and output.
Bug: dawn:802, dawn:1032
Change-Id: I80640f26c7d771e35039fd7f3c941859729f26ce
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61020
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Jiawei Shao <jiawei.shao@intel.com>
The refactored CanonicalizeEntryPointIO transform makes it much easier
to handle SPIR-V style IO as well, and doing this removes a lot of
duplicated code. Remove all of the SPIR-V transform code for shader IO
and vertex point size.
Bug: tint:920
Change-Id: Id1b97517619b4d2fd09b45d5aee848259f3dfa77
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60840
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
This patch adds all the fragment builtin inputs (position, front_face,
sample_index) to EntryPoint for the validation on the total number of
fragment inputs. According to Vulkan SPEC: "All variables in both the
built-in interface block and the user-defined variable interface count
against these limits".
BUG=dawn:802
Change-Id: I8a8503c1a33646b50f010c6b6e38d74de9a40ff5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59421
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Jiawei Shao <jiawei.shao@intel.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
This is a major reworking of this transform. The old transform code
was getting unwieldy, with part of the complication coming from the
handling of multiple return statements. By generating a wrapper
function instead, we can avoid a lot of this complexity.
The original entry point function is stripped of all shader IO
attributes (as well as `stage` and `workgroup_size`), but the body is
left unmodified. A new entry point wrapper function is introduced
which calls the original function, packing/unpacking the shader inputs
as necessary, and propagates the result to the corresponding shader
outputs.
The new code has been refactored to use a state object with the
different parts of the transform split into separate functions, which
makes it much more manageable.
Fixed: tint:1076
Bug: tint:920
Change-Id: I3490a0ea7a3509a4e198ce730e476516649d8d96
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60521
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Fix the Renamer to preserve builtin structure member names.
Fix the HLSL writer to emit the modf / frexp result type even if there is no private / function storage usage of the types.
Fixed: chromium:1236161
Change-Id: I93b9d92980682f9a9cb090d07b04e4c3f6a2f705
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60922
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Make ParserImp::const_literal() bubble up any error by the tokenizer.
These were being ignored.
Also:
* Detect and report significand too large
* Detect and report missing exponent
* Fix invalid mantissa overflow detection for fractional trailing zeroes
* Fix zero with non-zero exponent triggering an assert, and instead,
make the result zero (added tests for this).
Bug: chromium:1235132
Bug: tint:77
Change-Id: I364a4c944121a2c55ff3161de1bb50126c8a5526
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60680
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
