Instead of uploading separate black-box fuzzers for each target
language, it will be more convenient to have the target language chosen
based on the data file being processed. This change facilitates that.
Bug: https://crbug.com/1246587
Change-Id: I39f225835f8ca06cb8b8ea1c791b6c872f0f9d8f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66180
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
BUG=chromium:1255257,tint:1208
Change-Id: Ia5daeff8d839cbb7810bbbc12feab21039d0b681
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66060
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Removes an abort that was injected to confirm that a fuzzer target was
working.
Bug: https://crbug.com/1246587
Change-Id: Ibe5270eacb3dfa2832b5de4c1fcf7b220af91fcc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66121
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
This change resolves some type-related issues that were leading to
loss-of-precision warnings when compiling for i386 in OSS-Fuzz.
Change-Id: I77912d6b3824a0f942d0f54f1e62914f69e14d7d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66000
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Missed some fuzzers in my last fix, because I was trying to git grep
between repos...
This should fix any outstanding issues with
NULL being passed into SetTransformManager in TintCommonFuzzer.
BUG=chromium:1255313
Change-Id: Idf71bc34bb75041accec303df3da0bc6f9cd15cc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65940
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Missed this fuzzer when implementing this class.
BUG=chromium:1255122
Change-Id: Ic5c7ef031db04a779734faeffa1d72d972dd2254
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65880
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
An assertion failure had been injected to check that black box fuzzing
is working, but as ClusterFuzz runs a release mode build this was not
triggering. This change turns the assertion failure into an abort. Once
it has been established that the abort is triggered by the black box
fuzzers, it should be removed.
Bug: https://crbug.com/1246587
Change-Id: I5afcea97132e5a7f13df4ba353121deccc901e60
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65901
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Avoids downcasting issues for the seed on platforms where the random
engine is actually 32-bit.
Change-Id: Ia9e4cffb688e7c82f3f088b71f99002b76ad1df3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65640
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Also splits out various utility classes from tint_common_fuzzer and
uses consistent naming for utility classes.
BUG=tint:1106
Change-Id: Ic343741eea799366850c46834865d50885554a84
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65301
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
To test whether black-box fuzzing is working, this change injects an
assertion failure into tint_black_box_fuzzer_target. Once it has been
established that this failure is found by the black box fuzzers, it
should be removed.
Bug: https://crbug.com/1246587
Change-Id: I408bdb116e817879edcec025f644e6f0f6f8bb73
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65340
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Adds a return statement in the body of a randomly-chosen function.
The return value is a randomly-chosen identifier or literal from
the WGSL shader.
Fixes: tint:1115.
Change-Id: Icdc4ff669cda343244e158ce791b4085fd52f7b9
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61781
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Also removes assert if size == 0, since that case is now gracefully
handled.
BUG=chromium:1252351
Change-Id: I2c5d52a9373f34f377fda9f1689cca6096bc5e63
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64920
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Adds limited ability to hash C-style buffers, so that the seed can be
directly calculated on the provided input, instead of converting it to
a vector.
BUG=tint:1161
Change-Id: I1b9b0805665436a3242d5918fb563242b91b0f09
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63420
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
This is instead of consuming a portion of the input, so that the seed
corpus of valid shaders can be more effective.
BUG=tint:1098
Change-Id: If3696527c82c23b09edeea6ddd2a0f935e5e1ac7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63301
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Changes the spirv-tools fuzzer targets so that the target back-end
language (HLSL, MSL, SPIR-V or WGSL) is no longer passed as a command
line argument, but instead baked into the fuzzer's binary. This avoids
a problem whereby an OSS-Fuzz bug reproducer does not use the required
back-end command line argument.
Change-Id: I69970dfa7f133f8e310ec063c9b6869bd774e7d3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63343
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Random indices were being generated in a manner that assumed the upper
bound to a Random::GetUInt call was inclusive. Also, GetUInt64 was
being used needlessly when GetUInt32 would suffice. This change
addresses both issues.
Fixes https://crbug.com/1250904
Change-Id: I9ad8e5beb3b52bcb867aeb745dec520c251cba60
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64744
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
When preparing a corpus of SPIR-V shaders for fuzzing, spirv-as is
invoked repeatedly. It could be that a bug in spirv-as leads to
conversion failing for some of the shaders. This should not prevent the
overall corpus from being generated, as long as the number of overall
failures is reasonably small. This change adds some tolerance for such
failures.
Change-Id: I77750fdeab15a252201bff33e952e1bd44c42331
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64543
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This makes it possible to build the fuzzer in Chromium's asan builder
group by having it depend on the tint fuzzers group, and means that the
logic for when particular fuzz targets are built remains encapsulated in
the tint fuzzer build rules.
Change-Id: Ic8d6131ccf1759a25fc3d736ae507cd173931616
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64181
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Generating SPIR-V can cause validation failures when out-of-bounds
accesses are performed, since we are not running the robustness
transform.
Bug: chromium:1246061
Change-Id: Ied58d77d90079d10d5579d2d55854c3cfbc18db5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63640
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Missed rename from https://dawn-review.googlesource.com/c/tint/+/63180
In a prior CL I fixed tint_ast_fuzzer_libfuzzer_options
Change-Id: I4c3bc6e2046fc986ff2ce749ecbdae2a860f8d93
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63521
Reviewed-by: Sarah Mashayekhi <sarahmashay@google.com>
Commit-Queue: Sarah Mashayekhi <sarahmashay@google.com>
Auto-Submit: Sarah Mashayekhi <sarahmashay@google.com>
Kokoro: Sarah Mashayekhi <sarahmashay@google.com>
BUG=tint:1098
Change-Id: I84931804515487d931bbbb5f0d5239d03ca76dfc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63300
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Since the APIs being tested take in strings, using
onlyascii.
Restricting the size of test cases, so that we get more
diverse smaller test cases, instead of generating 1MB of 0s.
BUG=tint:1095,tint:1096
Change-Id: I0590bf0146c3395278ead362e2add328f669aea7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63180
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Adds a stand-alone executable that serves as an entry point for black
box fuzzing. It reads data from a given file, and then calls into the
same code that the libFuzzer fuzzer targets do.
Fixes: tint:1151
Change-Id: I23f4c5b4aa7040f434c791404136422f5c8ee12a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63341
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Changes various fuzz targets so that the target back-end language (HLSL,
MSL, SPIR-V or WGSL) is no longer passed as a command line argument, but
instead baked into the fuzzer's binary. This avoids a problem whereby a
ClusterFuzz bug reproducer does not use the required back-end command
line argument.
Change-Id: I64402a23391ca0f24c9d1ffd2aa2f218cc7106b1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63163
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Fuzzers that exercise the SPIR-V reader are being moved to OSS-Fuzz.
This change removes them from the Chromium build so that they cease to
be run by ClusterFuzz. The change also applies a small refactoring to
the fuzzer build rules, so that the tint_ast_clone fuzzer is specified
together with other fuzzers that require the WGSL reader and writer.
Bug: chromium:1243084
Change-Id: I4f5d12a679366634c7cad3e7ac18075bb046a8ba
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62800
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
On OSX, under ASAN the fuzzer is causing a null reference due to
.empty() being called on a null.
BUG=chromium:1237630
Change-Id: I73e627eadaa162af451f809c4abe8ec685d8b95c
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61681
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
This is to make sure that compiler won't crash when creating data
types using the result from GetNode function from node_id_map.
Change-Id: I96fad13d3494de4808e29d6952e5e88e697f8516
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61381
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Paul Thomson <paulthomson@google.com>
Commit-Queue: Paul Thomson <paulthomson@google.com>
This CL adjusts the scripts to be able to run AST and regex
fuzzer unit tests in Kokoro. Only clang is supported for now.
Change-Id: Ibc9ebb9cf0dc40f47317abf88875aa738811919d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61642
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Fixed: tint:1104
Change-Id: I4ea3aa283c1c4b5e55f507dbc104b21c8bedb63b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61521
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: James Price <jrprice@google.com>
I have checked the other fuzzers, and they appear to be correctly
using the generated inputs.
BUG=tint:1099
Fixed: 1099
Change-Id: I691e16ef4130e374894550fcf8e3d5565224a656
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61440
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Added function in node_id_map to check a given id is valid and fresh.
Currently, the structure of FindMutators declares node_id_map as const, which causes issues when we want to call `GetFreshId` from the argument that is passed by reference. A simple work around is to pass a non-const node_id_map as argument directly. That way `GetFreshId` function in node_id_map can continue to be non-const and conveniently update next fresh id whenever a fresh id has been taken.
Change-Id: Ia7e1d247cf92dfefd2ef7e7c1b4bf32363d9ce3f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61100
Reviewed-by: Paul Thomson <paulthomson@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Paul Thomson <paulthomson@google.com>
Fix the infinite loop caused by 6e459fecb7.
That commit changed the behaviour of a sem::Statement::Block method for
sem::BlockStatement instances. Now, the method returns the block itself
instead of the outer block which causes an infinite loop when iterating
over a chain of blocks.
Change-Id: I0eab3f7f166dbe38477bbefd222edb9cf0da53b5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61060
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
a value in the set {INT_MAX, INT_MIN, -1 or 0}.
A mutation that replaces the value of a randomly-chosen integer with a value
in the set {INT_MAX, INT_MIN, -1, 0}.
Fixes: tint:1093.
Change-Id: I5ec69e1813785760ed6e7b06d0cbd9c481f69ade
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60920
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
When enabled, the input spv/wgsl is dumped to a file named
"fuzzer_input_<hash of file>.spv/wgsl".
Note that this adds the setting to all the fuzzers in the root of
fuzzers/, but not to tint_ast_fuzzer, tint_regex_fuzzer, nor
tint_spirv_tools_fuzzer as they currently to their own CLI parsing.
Change-Id: I268ffd842b94be1cbb78eb199d5662712ff71053
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61000
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Mutates a WGSL-like string by replacing a randomly-selected identifier
with a different randomly-selected identifier.
Change-Id: Iecf45ad2800677cf3609b30d415520e5f2a05ba0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60561
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Changes the interval boundaries to exclude the first delimiter
that encloses a region.
Change-Id: Ia9186e584d9038b4220cad11d418fa9881e51e8d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60346
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
This reverts commit 5a53634764.
Reason for revert: This is making the Dawn -> Chromium roller fail.
https://github.com/KhronosGroup/SPIRV-Tools/pull/4407 introduces a new mandatory parameter to the spvtools::fuzz::Fuzzer constructor, which does not exist in Chromium's version of SPIRV-Tools (d9f89257855a2784323512cd9568b6610bcae581).
The roll of SPIRV-Tools into Chromium is currently blocked by another issue, and is a couple of weeks behind ToT. See https://autoroll.skia.org/r/vulkan-deps-chromium-autoroll.
Note, that https://github.com/KhronosGroup/SPIRV-Tools/pull/4407 is going to block the eventual roll of SPIRV-Tools in Chromium, as there's no way this code can compile for both pre and post roll.
I'll try and fix this after unblocking this roll
Original change's description:
> Update SPIR-V Tools fuzzer
>
> Updates spirv-tools DEPS to pull in some recent spirv-fuzz changes, and
> modifies the SPIR-V Tools fuzzer so that inapplicable transformations
> are ignored.
>
> Change-Id: Ibdea6e9bc35224efe148133eced341168f7ce7b7
> Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60209
> Auto-Submit: Alastair Donaldson <afdx@google.com>
> Kokoro: Kokoro <noreply+kokoro@google.com>
> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I4ebcfcfab16e760f64cb8dc622dfb6ef4f1eccf0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60560
Reviewed-by: Ben Clayton <bclayton@chromium.org>
Kokoro: Ben Clayton <bclayton@chromium.org>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Adds two transformations, one that deletes a random region enclosed
by a given delimiter and another one that duplicates a region by
inserting it at a position of the WGSL code after a delimiter.
Fixes: tint:1072.
Fixes: tint:1073.
Change-Id: Icb10a7f16a783d5eb8f75a48c4015eb87ea1d174
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60200
Reviewed-by: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Updates spirv-tools DEPS to pull in some recent spirv-fuzz changes, and
modifies the SPIR-V Tools fuzzer so that inapplicable transformations
are ignored.
Change-Id: Ibdea6e9bc35224efe148133eced341168f7ce7b7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60209
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Allows the tint regex fuzzer to be built using gn, so that it can be
deployed on ClusterFuzz.
Fixes: tint:1075
Change-Id: I88f8bd0eefe3044483b66784cc32feebcdc63928
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60202
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
A fuzzer that mutates a WGSL code by finding two regions enclosed by
semicolons and swapping them randomly.
Change-Id: I5b14eb21fd2924227d05ac516f806c6e2efa6198
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58395
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
ClusterFuzz will provide inputs to a fuzzer that did not necessarily
come from the current fuzzing run, thus the SPIR-V Tools mutator can be
presented with arbitrary inputs. This change causes it to validate
inputs before mutation, and reject invalid inputs.
Change-Id: Ic90e62e4f80f38826765b0d815e4f41de915b5df
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59661
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Implemented for all readers and writers.
Cleaned up some verbose code in sem::Function and the Inspector in the
process.
Fixed: tint:1032
Change-Id: Ia6f2f59e6d2e511c89160b97be990e8b7c9828d9
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59664
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
There is no need to take the null char into account when copying
mutated data with memcpy in AST fuzzer.
Change-Id: I78530c3679a31f252d2eaebd6de2a1261d346a57
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59449
Auto-Submit: Vasyl Teliman <vasniktel@gmail.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
The SPIR-V Tools fuzzer asserts that the binaries it receives have sizes
that are multiples of 4 bytes, as it should only ever run on valid
binaries. This is failing in ClusterFuzz, likely due to the fuzzer being
misconfigured, so for now these assertions have been replaced with early
exits. They should be reinstated once the fuzzer is correctly
configured.
Fixes: chromium:1232308
Change-Id: I1fa980d09ce9e5c349a2cfcebe0246ebad6613fb
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59440
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: Alastair Donaldson <afdx@google.com>
Diagnostics hold a pointer to the source, used for printing the source in the error message.
Because of this, the source must live at least as long as the diag::list.
Fixed: chromium:1232097
Change-Id: Iad8b30a2bd69f505dd8bb0eadc5a35115400d047
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59360
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
BUG=tint:973
Change-Id: I94dc136444e9650dcf3d1c81a52e6d4491b21a16
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59221
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Alastair Donaldson
Ryan Harrison
egj
James Price
Sarah
Shiyu Liu
Vasyl Teliman
Antonio Maiorano
Ben Clayton
Corentin Wallez
Ben Clayton