It is always on now when using tint::CommonFuzzer, and runs before &
after the transform step.
This CL also adds missing API coverage to the Inspector fuzzing code.
Errors found with the Inspector are now reported as fuzzer failures
and should generate bug reports.
BUG=tint:1250,tint:1251,tint:1250
Change-Id: I1c1bcbddf81a35620f89c5b7a648c44e6a1f2952
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66980
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Missed some fuzzers in my last fix, because I was trying to git grep
between repos...
This should fix any outstanding issues with
NULL being passed into SetTransformManager in TintCommonFuzzer.
BUG=chromium:1255313
Change-Id: Idf71bc34bb75041accec303df3da0bc6f9cd15cc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65940
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Also splits out various utility classes from tint_common_fuzzer and
uses consistent naming for utility classes.
BUG=tint:1106
Change-Id: Ic343741eea799366850c46834865d50885554a84
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65301
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
BUG=tint:1098
Change-Id: I84931804515487d931bbbb5f0d5239d03ca76dfc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63300
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Changes various fuzz targets so that the target back-end language (HLSL,
MSL, SPIR-V or WGSL) is no longer passed as a command line argument, but
instead baked into the fuzzer's binary. This avoids a problem whereby a
ClusterFuzz bug reproducer does not use the required back-end command
line argument.
Change-Id: I64402a23391ca0f24c9d1ffd2aa2f218cc7106b1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63163
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Fixed: tint:1104
Change-Id: I4ea3aa283c1c4b5e55f507dbc104b21c8bedb63b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61521
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: James Price <jrprice@google.com>
There is no need to take the null char into account when copying
mutated data with memcpy in AST fuzzer.
Change-Id: I78530c3679a31f252d2eaebd6de2a1261d346a57
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59449
Auto-Submit: Vasyl Teliman <vasniktel@gmail.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Fuzzers like to generate silly long source, and formatting large spans of these can take considerable time.
Only format the diagnostic if it is going to be displayed.
Significantly speeds up some fuzzing tests, fixing some timeouts.
Also add a minor optimization to the formatter repeat() implementation.
Fixed: chromium:1230313
Change-Id: Ib1f6ac0b31010f86cb7f4e1432dc703ecbe52cb0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58841
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Currently, AST fuzzer requires that all fuzzed binaries are serialized protobuf messages.
In principle, we don't need this when we don't record mutations (which is the case right
now). Hence, this CL removes that requirement.
Change-Id: Ibe677d1ac7d34d640d6e3a368af50df5b4fe474a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58225
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
This CL changes the prefix of CLI parameters in AST and SPIRV-Tools
fuzzers from `--` to `-` to make these fuzzers compatible with ClusterFuzz.
Additionally, a `tint_` prefix was added to all CLI arguments to prevent their
name collisions with LibFuzzer arguments.
Change-Id: Id2e087e59f04b495d5a7edb3b62d55de652c1acd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58226
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
This CL fixes a regression in SPIRV-Tools fuzzer after the changes in https://dawn-review.googlesource.com/c/tint/+/57101. Additionally, a bunch of sanity fixes are added to the CommonFuzzer.
Change-Id: Ie6512ddca20572d23634c4b5265b39540a42b4bd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58224
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
This change implements a new fuzzer. It mutates a WGSL shader by traversing
the AST of a program and applying various transformations that might or might not
be semantics preserving.
Change-Id: I6b144bd1067444c3f0b815ba1a646aaf6e739b52
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/52160
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Alastair Donaldson <allydonaldson@googlemail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Ryan Harrison
Alastair Donaldson
Vasyl Teliman
Ben Clayton
James Price