Update CreateASTTypeFor() to handle a potential edge-case described in tint:1764.
We haven't seen this issue happen in production, nor can I find a way to trigger this with the tint executable, but try to handle this before we encounter a nasty bug.
Fixed: tint:1764
Change-Id: I496932955a6fdcbe26eacef8dcd04988f92545a1
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/111040
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
There's a reason the overload of `ctx.Replace()` that takes a pointer to the replacement is deprecated - it doesn't play well when used as part of another replacement.
Switch to using the callback overload of Replace() to fix bad transform output.
Bug: tint:1386647
Change-Id: I94292eeb65d24d7b2446b16b8b4ad13bdd27965a
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/111000
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Passing a dereferenced value from Hashmap::Find() directly into Hashmap::Add() is a potential cause of UAF, as the insertion may reallocate the map, invalidating the input reference.
I'll try to think of ways to make this foot-gun harder to do, but this CL fixes the immediate bug found by fuzzers.
Bug: chromium:1383755
Change-Id: I4f8b2fcb0745b008a47ef9947c330afb9ac4e78f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/110020
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Discard statements no longer affect the behavior or uniformity
analysis. Update the resolver, validator, and several tests to reflect
this.
Some E2E tests were removed as they had loops that are now considered
to be infinite.
Use the DemoteToHelper transform to emulate the correct semantics on
platforms where discard is (or may) terminate the invocation in a
manner that would affect derivative operations.
We no longer need the UnwindDiscardFunctions transform for HLSL, which
already implements the correct semantics. However, we still run the
DemoteToHelper transform for the HLSL backend due to issues with FXC's
handling of discard statements (see crbug.com/tint/1118).
Fixed: tint:1723
Change-Id: Ib49ff187919ae81c4af8675e1b66acd57e2ff7d2
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109003
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Replace the ShouldRun() method with Apply() which will do the
transformation if it needs to be done, otherwise returns
'SkipTransform'.
This reduces a bunch of duplicated scanning between the old ShouldRun()
and Transform().
This change also adjusts code style to make the transforms more
consistent.
Change-Id: I9a6b10cb8b4ed62676b12ef30fb7764d363386c6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107681
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
This CL make transform AddBlockAttribute always try to wrap types used
by buffer variables into a struct, in order to generate valid GLSL code
for assigning one buffer struct variable to another buffer struct
variable.
Fixed: tint:1735
Change-Id: I009d8a9ca7ecea1dc0ad6164275c964a18acb33f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108023
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Attempting to paper over all the MSL standard library holes for packed_vector in the MSL writer added complexity to the writer, produced messy output, and didn't actually catch all the cases where casts were needed.
Add a new PackedVec3 transform that applies the packed_vector -> vec casts in a smarter, more precise way.
Fixed: tint:1534
Change-Id: I73ce7e5a62fbc9cb04e1093133070f5fb8965dce
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107340
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
This CL removes the parsing of a `-` in front of numerics when lexed.
This will cause the number to become a UnaryOperator negation then the
number instead of a negative number.
Bug: tint:1679, tint:1141, tint:1570
Change-Id: I217c0ffcbe5be934c8d56bd83141b47ade83bc60
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106463
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
This CL fix the spv code generated for atomicCompareExchangeWeak,
specifically the emulated `exchanged` field of the returned struct.
It should be true if and only if the `old_value`, i.e. the return value
of spv `OpAtomicCompareExchange`, equals to the comparator, rather than
equals to new value.
Fixed: tint:1663
Change-Id: I1cb0de6bb6b90ae681f5053b8bdd6f6b247146f6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107180
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
In WGSL, we can shift left abstracts by >= 64, as long as the result is
representable in the data type we choose for it. When shifting 0, we can
shift by any positive u32 value (result is always 0), but in C++, it's
UB to shift by more than the bit width of the data type, so we need to
handle this. This bug was caught by ClusterFuzz.
Bug: chromium:1372963
Change-Id: I638ca190b93538908ca6472f3735627ea8531c5a
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106266
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
This CL rearranges testcases for E2E test/tint/bug/chromium/1367602,
now it has testcases for both function, private, and storage address
space array variable, with and without explicit initializer, and array
count less than 65536.
Bug: chromium:1367602
Change-Id: Ica0ec9c36586bc7eae0d46473575284e9b734092
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/105282
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
This CL adds element count limits to arrays. In FXC there is a maximum
of 65536 elements in an array. This limit is not yet in WGSL, but adding
this here allows us to fix the issue with large arrays and GLSL.
Bug: chromium:1367602
Change-Id: I7df9d3e4f6c3e5107420d5f8e576d1f33e453161
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/104240
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Currently in the MSL backend we cast int values to uint in order to get
the correct WGSL behaviour for over/under flow. This fails in the case
of host shareable buffers as they use `packed` types which need to get
cast to the non-packed version first.
Bug: tint:1677
Change-Id: I57b70abaa8ca614472a26d63f19c1aef2bd64668
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/103986
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
I added the forcing of the "loop" attribute to all loops to address FXC
failing on uniformity errors related to gradients in loops. Since then,
Tint now implements UA and it recently became an error, so we no longer
need this hack. As a result, FXC is now better able to cope with loops
that it determines executes 0 times.
Most e2e tests are affected because so many use loops, but 27 tests that
were previously failing are now passing with this change:
tint/bug/tint/1538.wgsl.expected.fxc.hlsl
tint/bug/tint/1604.wgsl.expected.fxc.hlsl
tint/bug/tint/1605.wgsl.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserCFGTest_ClassifyCFGEdges_LoopBreak_FromLoopHeader_SingleBlockLoop_TrueBranch.spvasm.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserCFGTest_ComputeBlockOrder_Loop_HeaderHasBreakUnless.spvasm.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserCFGTest_EmitBody_IfSelection_TrueBranch_LoopBreak.spvasm.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserCFGTest_FindIfSelectionInternalHeaders_TrueBranch_LoopBreak_Ok.spvasm.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserFunctionVarTest_EmitStatement_Phi_MultiBlockLoopIndex.spvasm.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserFunctionVarTest_EmitStatement_Phi_SingleBlockLoopIndex.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/cov-dead-code-unreachable-merge/0-opt.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/cov-dead-code-unreachable-merge/0-opt.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/similar-nested-ifs/0-opt.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/similar-nested-ifs/0-opt.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/spv-load-from-frag-color/1.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/spv-load-from-frag-color/1.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-false-if-discard-loop/0.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-false-if-discard-loop/0.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-fragcoord-less-than-zero/0.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-fragcoord-less-than-zero/0.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-fragcoord-less-than-zero/1.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-fragcoord-less-than-zero/1.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-with-loop-read-write-global/0-opt.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-with-loop-read-write-global/0-opt.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-with-loop-read-write-global/1.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-with-loop-read-write-global/1.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/write-red-after-search/0-opt.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/write-red-after-search/0-opt.wgsl.expected.fxc.hlsl
Bug: tint:1522
Bug: tint:1538
Bug: tint:1604
Bug: tint:1605
Change-Id: I530b846b6b8df122ab351ff7b85d3e1c9ac11526
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/104121
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
