Passing a dereferenced value from Hashmap::Find() directly into Hashmap::Add() is a potential cause of UAF, as the insertion may reallocate the map, invalidating the input reference.
I'll try to think of ways to make this foot-gun harder to do, but this CL fixes the immediate bug found by fuzzers.
Bug: chromium:1383755
Change-Id: I4f8b2fcb0745b008a47ef9947c330afb9ac4e78f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/110020
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
This CL adds const-eval for `tan` and `tanh`.
Bug: tint:1581
Change-Id: I3d3506a6e7462bba1557cb88065d696ddc21b0f6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109562
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This CL adds const-eval for `cos` and `cosh`.
Bug: tint:1581
Change-Id: I8df8f979a7b351288cadccda88940fdb5a20d18f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109561
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
This CL adds const-eval for `sin` and `sinh`.
Bug: tint:1581
Change-Id: I96345378c826e2c49ffae688b5185764019967d5
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109560
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
This CL adds const-eval for the `acosh` test case. The generation of
`f16` values into test files is also fixed because `acosh` requires the
value to be `>= 1.0`
Bug: tint:1581
Change-Id: Iba2ca4d9d114034845475679346f042c8c66e571
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109341
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
The generator script was not using the test values for `f16`, they
always got a zero initialization. This CL fixes the script to generate
`f16` values.
Change-Id: I95e8f2c7007251a646de05b4f7fe0aad14e740f8
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109342
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
This CL adds const-eval for pack and unpack of 2x16 float values.
Bug: tint:1581
Change-Id: I59a1925148124e628c3771ca96d309fad045f27d
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109280
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Discard statements no longer affect the behavior or uniformity
analysis. Update the resolver, validator, and several tests to reflect
this.
Some E2E tests were removed as they had loops that are now considered
to be infinite.
Use the DemoteToHelper transform to emulate the correct semantics on
platforms where discard is (or may) terminate the invocation in a
manner that would affect derivative operations.
We no longer need the UnwindDiscardFunctions transform for HLSL, which
already implements the correct semantics. However, we still run the
DemoteToHelper transform for the HLSL backend due to issues with FXC's
handling of discard statements (see crbug.com/tint/1118).
Fixed: tint:1723
Change-Id: Ib49ff187919ae81c4af8675e1b66acd57e2ff7d2
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109003
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
This CL fix insertBits polyfill to handle with the left-shifting
behavior in HLSL, i.e. `(1u << 32u) == (1u << 0u) == 1u` where we want
the result to be `0u`.
Fixed: tint:1743
Change-Id: Ibb82abe4ab2f76dbb0fa06057fb19f15f961d969
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108166
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This CL moves reserved words from a deprecation to an error.
Bug: tint:1463
Change-Id: I5c66baa15dc748215877c8152171c690495bc0c2
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108861
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
This CL moves module-scope let from a deprecation to an error.
Change-Id: Iffecbb667cf79515234b6510ce7c5bbbb6e673bc
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108862
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
This Cl changes the default acos test value so it equals `cos(.25)`
instead of `cos(.5)`. The `.5` result was slightly different on
various machines.
Bug: tint:1581
Change-Id: I768141ae87a63b2c35ec4d61eb030edad77e11e4
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108863
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Where the intrinsic uses the fixed-dimension form of the types.
Change-Id: I1709382f762fe7394bbd88f428f09b15a1a8a643
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108642
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Abstract int and abstract float were around the wrong way.
Credit goes to amaiorano@ for finding this!
Change-Id: Ifaeeca86b0d15ead295b714e0c178fa6d0bfb68b
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108641
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This Cl adds const-eval for the `floor` builtin.
Bug: tint:1581
Change-Id: I992eba3aa6c66707e923907a4bb912c2f6f8d290
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108343
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
This CL adds const-eval for the `ceil` builtin
Bug: tint:1581
Change-Id: I32957d17000df1a8a59ce37f49b6177d1087406c
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108342
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
This CL adds const-eval for the `acos` builtin.
Bug: tint:1581
Change-Id: I01c0f48e73eedf87cf9c912715487f8eea44f64e
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108341
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This CL adds const-eval for the `abs` builtin.
Bug: tint:1581
Change-Id: I6ee25c07620990f72a6962441aec62ae7665653e
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108340
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This CL adds const-eval for the `all` builtin.
Bug: tint:1581
Change-Id: Ib1d857ba24114c61e1a90b30dd66d063edfa136d
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107464
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Replace the ShouldRun() method with Apply() which will do the
transformation if it needs to be done, otherwise returns
'SkipTransform'.
This reduces a bunch of duplicated scanning between the old ShouldRun()
and Transform().
This change also adjusts code style to make the transforms more
consistent.
Change-Id: I9a6b10cb8b4ed62676b12ef30fb7764d363386c6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107681
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Involves expanding the source range of a variable declaration so we can point at something that can include the 'const'.
Fixed: tint:1740
Change-Id: Ie8f784de34a1792002aaa708c1b77053be54f1b5
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108120
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
This CL make transform AddBlockAttribute always try to wrap types used
by buffer variables into a struct, in order to generate valid GLSL code
for assigning one buffer struct variable to another buffer struct
variable.
Fixed: tint:1735
Change-Id: I009d8a9ca7ecea1dc0ad6164275c964a18acb33f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108023
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Renames all symbols
Add a test for tint:1725
Bug: tint:1725
Change-Id: Idac45c677d15361d76510068ad756e2f9bffacb0
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106880
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
...to `min(max(e, low), high)` as defined by the WGSL spec.
Fixed: tint:1479
Fixed: tint:1539
Change-Id: I39406d5256a155a781e44bd9d6081ce7a9bf5a68
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107640
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
I got the rules around this wrong. This should be allowed, but the array types cannot compare equal if they are unnamed override-expressions.
Fixed tint:1737
Change-Id: I83dc49703eed015e9c183e804474886da5dad7b9
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107685
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This CL adds const-eval for the `any` builtin.
Bug: tint:1581
Change-Id: I32d8946b3cd5c6d210b75104fa37c4d1ef6a6f84
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107542
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
We don't want to replace builtins that are constant-expression
evaluated, as the replacement cannot be used as a constant expression.
Fixed: tint:1667
Change-Id: I554d9884fc41890247ee64b47a70621be5fcdbe5
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107680
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
For "vec3(vec3<T>) -> vec3<T>", this CL makes T also include abstract
int and float (all scalars).
Bug: tint:1731
Change-Id: I776c7ba6872c3d680982dbec6b0970389e720611
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107540
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
This CL adds const-eval for the `sign` builtin.
Bug: tint:1581
Change-Id: I5d9bfd3f3f742bcba69fbb0d7f47dc57ce18e134
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107460
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
The value of 1 for the `asin` is providing a slightly different result on OSX
compared to the Windows and Linux results. This CL updates the test case to use
asin(0.479425538604) = 0.5
Bug: tint:1581
Change-Id: Ibf7a921d1476c0d24da696eb6cc2b491c1ca1516
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107541
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
This CL adds const-eval for the `saturate` builtin.
Bug: tint:1581
Change-Id: I3729ea5b381b04b73bbe1bc8e03e5ce65c27e082
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107362
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>