Commit Graph

49 Commits

Author SHA1 Message Date
Ryan Harrison 6839cba568 Add toggle to control if validity is expected in fuzzer
This toggle controls if the fuzzer will throw a fatal error in the
case that the shader becomes invalid.

Currently the fuzzers do no guarantee that the options that are
provided are correct/valid, so there are many uninteresting cases that
become invalid due to the limited nature of the fuzzers, not due to
bugs in the code. The default off state of this toggle will suppress
this noise.

Once https://bugs.chromium.org/p/tint/issues/detail?id=1356 is
implemented this toggle can be default on.

BUG=tint:1357,chromium:1294533

Change-Id: I7170e5a30691105c97e20d8337aadf81ac2bc3bc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/79840
Reviewed-by: Ben Clayton <bclayton@google.com>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2022-02-09 19:45:17 +00:00
Ben Clayton 98fe545826 fuzzers: Hook up the Program::printer
When TINT_BUILD_WGSL_WRITER is enabled.
This allows printing of the AST for debugging purposes.

Change-Id: I92b5911c16cb1e5fd22e81def00de33e9257f575
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/78541
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
2022-01-28 16:49:46 +00:00
Ben Clayton e0a560c8da transform: Don't consider type-ctor/casts as having side-effects
RemovePhonies was transforming:

_ = f32(1)
_ = vec2<f32>(1.0, 2.0)

into:

f32(1)
vec2<f32>(1.0, 2.0)

Which the resolver gets grumpy about, as these are expressions, not statements.

Fixed: chromium:1273230
Change-Id: Ie85d3cee705fa3f792db686c021d76331e241f17
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/70960
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: Ben Clayton <bclayton@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
2021-11-25 16:10:28 +00:00
Ben Clayton 042bd02747 fuzzers: Fix build
error: identifier 'writeonly__bindings' is reserved because it contains '__' [-Werror,-Wreserved-identifier]

I see no reason for the local variables, so I've just removed them.

Change-Id: Ib4047e12d5b55a204c56b06196052fef04def97d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/67200
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
2021-10-21 17:21:04 +00:00
Peter Kasting 0da0c95dc3 Silence -Wunused-but-set-variable in new code.
Bug: chromium:1203071
Change-Id: Id94bf93784f939c212c8da2be4755160cfb9f8e0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/67081
Auto-Submit: Peter Kasting <pkasting@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-10-20 19:33:53 +00:00
Ryan Harrison 8645953be2 Refactor Inspector fuzzing
It is always on now when using tint::CommonFuzzer, and runs before &
after the transform step.

This CL also adds missing API coverage to the Inspector fuzzing code.

Errors found with the Inspector are now reported as fuzzer failures
and should generate bug reports.

BUG=tint:1250,tint:1251,tint:1250

Change-Id: I1c1bcbddf81a35620f89c5b7a648c44e6a1f2952
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66980
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
2021-10-20 05:01:03 +00:00
Alastair Donaldson 54180d6631 Remove WGSL and SPIR-V reader fuzzers
Fuzzing of the WGSL and SPIR-V readers is well covered by fuzzers that
do both reading and writing. This change removes the fuzzers that only
do reading.

Fixes: tint:1254
Change-Id: Ice93016a6e95be7a2e8418387c35f20be13266e5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66923
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-10-20 00:59:31 +00:00
Alastair Donaldson c34f08dd45 Turn fuzzers' FatalError into a macro
To enable better bug de-duplication with ClusterFuzz, FatalError has
been turned into a macro. This means that frames one step further down
the stack are considered by the de-duplicator.

Change-Id: Ib5e4a87c9333960178fa17fafff38815293fb053
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66921
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-10-19 20:58:43 +00:00
Ryan Harrison c57642cbd5 Refactor fuzzer transform generation
Also splits out various utility classes from tint_common_fuzzer and
uses consistent naming for utility classes.

BUG=tint:1106

Change-Id: Ic343741eea799366850c46834865d50885554a84
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65301
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
2021-09-30 18:58:32 +00:00
Ryan Harrison a617d0f0fc Convert fuzzer to generating configuration data
This is instead of consuming a portion of the input, so that the seed
corpus of valid shaders can be more effective.

BUG=tint:1098

Change-Id: If3696527c82c23b09edeea6ddd2a0f935e5e1ac7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63301
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-09-22 14:37:46 +00:00
Antonio Maiorano 15e89fa7b7 Add '-tint_dump_input=true/false' to fuzzers to dump input spv/wgsl to a file
When enabled, the input spv/wgsl is dumped to a file named
"fuzzer_input_<hash of file>.spv/wgsl".

Note that this adds the setting to all the fuzzers in the root of
fuzzers/, but not to tint_ast_fuzzer, tint_regex_fuzzer, nor
tint_spirv_tools_fuzzer as they currently to their own CLI parsing.

Change-Id: I268ffd842b94be1cbb78eb199d5662712ff71053
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61000
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
2021-08-05 15:52:58 +00:00
Corentin Wallez c6cbe3fda6 Remove InputStepMode (it was deprecated in favor of VertexStepMode)
Bug: dawn:1023
Change-Id: Ie5bb84f34f62143f92b59a816c7976f358b5c102
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59665
Auto-Submit: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
2021-07-27 07:33:19 +00:00
Ben Clayton ba93d14c9a fuzzers: Fix use-after-free
Diagnostics hold a pointer to the source, used for printing the source in the error message.
Because of this, the source must live at least as long as the diag::list.

Fixed: chromium:1232097
Change-Id: Iad8b30a2bd69f505dd8bb0eadc5a35115400d047
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59360
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
2021-07-22 22:53:24 +00:00
Ryan Harrison 18d7e785d3 Fuzz WGSL and MSL generator options
BUG=tint:973

Change-Id: I94dc136444e9650dcf3d1c81a52e6d4491b21a16
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59221
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2021-07-22 13:25:54 +00:00
Alastair Donaldson 8800ba091d Fix assertion strings and tidy up memcpy call
These changes were intended for submission as part of 58386.

Change-Id: I23f7ada1e8940dce6855176724ade1f2bb7687f8
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59024
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-07-21 13:23:51 +00:00
Alastair Donaldson 0c7332b2ba SPIR-V Tools fuzzer: check binary size
Adds assertions to check that the SPIR-V Tools fuzzer is not
inadvertently applied to SPIR-V binaries of an invalid size, which
guards against the fuzzer being run in a misconfigured fashion.

The CL also moves a memcpy that populates a SPIR-V binary buffer so
that the memcpy only happens when the input really is SPIR-V. This
avoids frequent redundant memory copies when fuzzing WGSL.

Change-Id: Iafccaa107ff34941d8878ed5be72a2e6d38d0f49
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58386
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-07-20 20:56:30 +00:00
Ben Clayton b29396e472 fuzzers: Don't pointlessly format diagnostics
Fuzzers like to generate silly long source, and formatting large spans of these can take considerable time.
Only format the diagnostic if it is going to be displayed.

Significantly speeds up some fuzzing tests, fixing some timeouts.

Also add a minor optimization to the formatter repeat() implementation.

Fixed: chromium:1230313
Change-Id: Ib1f6ac0b31010f86cb7f4e1432dc703ecbe52cb0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58841
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-07-20 14:39:50 +00:00
Ben Clayton 73f0dde6d0 fuzzers: Fix memcpy in Reader::read
We were copying to the address-of the `out` pointer parameter, not the actual pointer.
It's seriously troubling that the fuzzers didn't fail sooner on this.

Fixed: chromium:1230266
Fixed: chromium:1230352
Fixed: chromium:1230356
Fixed: chromium:1230358
Fixed: chromium:1230376
Fixed: chromium:1230377
Fixed: chromium:1230378
Fixed: chromium:1230384
Fixed: chromium:1230395
Fixed: chromium:1230406
Change-Id: I4f67f10127e89f873ab628e5af76b7455d113276
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58681
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2021-07-19 10:38:39 +00:00
Ben Clayton 8f144a09f6 fuzzers: Fix buffer overrun
Fixed: tint:1005
Change-Id: I3655ee7b54811b55736cbf0e05c63cb27de6cd72
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58391
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
2021-07-16 21:15:24 +00:00
Ben Clayton 50b6d024d6 fuzzers: Don't drop writter errors on the floor
A writer shouldn't error. If the input is invalid, then this should be caught by the parser or resolver.
Fail the test if the writer errors.

Change-Id: I89da602dc96fa7be2a8efa288a90310a61745124
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58389
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2021-07-16 21:07:25 +00:00
Alastair Donaldson 5d71531abe Fix SPIR-V emptiness condition in fuzzer
Fixes a problem where the fuzzer was ignoring non-empty SPIR-V
binaries.

Fixes: tint:1004
Change-Id: I9fa98764b7408dbd53d5b56424805e2fa331a118
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58385
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
2021-07-16 20:34:55 +00:00
Vasyl Teliman 365af046ca Fix SPIRV-Tools fuzzer
This CL fixes a regression in SPIRV-Tools fuzzer after the changes in https://dawn-review.googlesource.com/c/tint/+/57101. Additionally, a bunch of sanity fixes are added to the CommonFuzzer.

Change-Id: Ie6512ddca20572d23634c4b5265b39540a42b4bd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58224
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
2021-07-16 09:25:14 +00:00
James Price 54d1ee6f11 fuzzers: Switch fuzzers to new generator API
Remove sanitizer transform fuzzers, as these will no longer be
publicly visible. We should fuzz the generator options instead.

Change-Id: If8f2c70f505bdaecd62a2f53a6586c3b84bd1c33
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57760
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
2021-07-12 21:07:41 +00:00
Ryan Harrison 3d9f0e99c2 [fuzzers] Add checks that bad SPIRV isn't getting through
BUG=tint:963

Change-Id: I3cac636c194a36581f372ee22acad36d5e94eb07
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57500
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-07-08 22:11:09 +00:00
Ben Clayton d960328f07 transform/VertexPulling: Implement remaining work
Implement missing formats.
Implement vector width conversions.
Implement unaligned loads.

Bug: dawn:805
Change-Id: I89724b3027c637c99999c8ecdbf0d8ca4f571afc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/56062
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
2021-06-29 12:37:45 +00:00
Vasyl Teliman 0b3611b8c8 Add spirv-tools fuzzer
This change adds a new tint fuzzer that uses SPIRV-Tools to fuzz SPIR-V binaries.
The fuzzer works on a corpus of SPIR-V shaders. For each shader from the corpus it uses
one of `spirv-fuzz`, `spirv-reduce` or `spirv-opt` to mutate and then runs the shader through
the Tint compiler in two steps:
- Converts the mutated shader to WGSL.
- Converts WGSL to some target language specified in the CLI arguments.

The list of all supported CLI arguments and their description is in the cli.h file.

Change-Id: I95c0741b78ccc600dd9a73c371d520bdf7814352
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/41945
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: Alastair Donaldson <allydonaldson@googlemail.com>
2021-06-24 18:10:46 +00:00
Ben Clayton ffd28e2e1a diag: Add System enumerator to all diagnostics
Describes what Tint system raised the diagnostic.

Use this information in the fuzzers to distinguish between expected and unexpected failure cases in the Transform fuzzer tests.

Fixed: chromium:1206407
Fixed: chromium:1207154
Change-Id: I3b807acafe384a2fc363d2a4165a29693450b3cf
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/55254
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-06-24 11:27:36 +00:00
Ben Clayton 6b358c3f21 Fix tint fuzzer build
Enable the fuzzers for Kokoro presubmits so we can actually know when we break it.

Change-Id: I7270390045353f79c27a7f661afcc7e888628fcd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/53385
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
2021-06-07 08:07:11 +00:00
Ben Clayton 93e8f527ee wgsl: Deprecate [[access]] decorations
Handle access control on var declarations instead of via [[access]]
decorations. This change does the minimal work to migrate the WGSL
parser over to the new syntax. Additional changes will be needed
to correctly generate defaulted access qualifiers, as well as
validating access usage.

The [[access]] decorations are still supported by the WGSL parser,
with new deprecated warnings, but not for aliases. Example:
   var x : [[access(x)]] alias_to_struct;

Making this work is far more effort than I want to dedicate to backwards
compatibility, and I do not beleive any real-world usage will be doing
this.

Still TODO:
* Adding access control as the optional, third parameter to ptr<>.
* Calculating default accesses for the various storage types.
* Validating usage of variables against the different accesses.

Bug: tint:846
Change-Id: If8ca82e5d16ec319ecd01f9a2cafffd930963bde
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/53088
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: James Price <jrprice@google.com>
Reviewed-by: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2021-06-04 20:41:47 +00:00
Ryan Harrison a0174e613f Add fuzzing for transform::VertexPulling
Includes a significant refactoring of helper functions in
tint_common_fuzzer.cc/.h

BUG=tint:722

Change-Id: I1fdab0113bae02c4a0bf8da0d1b7729f05a2fc5b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49902
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-05-06 15:43:33 +00:00
Ryan Harrison bc94cd68f8 Interrupt fuzzer if invalid program is generated
If a a valid shader is input into Tint an valid shader should be
output, if the output is invalid then there is a bug in Tint.

BUG=tint:721

Change-Id: Id3fe80eeb65fa55276d74e2f4868e276bd52ec86
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/50000
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-05-05 21:12:22 +00:00
Ryan Harrison 52456c69c8 Add fuzzing for transform::SingleEntryPoint
BUG=tint:722

Change-Id: I83dfb2cb196f6e80ffb48dc41ff385621a5d629e
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49580
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-29 20:49:25 +00:00
Ryan Harrison b5c908f700 Add fuzzing for transform::BindingRemapper
BUG=tint:722

Change-Id: I742f1e536ef0429c2e7b8c9ea6c13b836a2ec0c2
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49360
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-28 15:35:43 +00:00
Ben Clayton 5d5ec24571 src/transform: Remove deprecated APIs
These have now been removed from Dawn.

Change-Id: I50e784141e6eb07f4f0d3f508bb8c6199429dd63
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/48044
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-04-26 20:38:36 +00:00
Antonio Maiorano d15391e802 Remove tint's usage of Validator
Also update comments and arch design to remove references to the
Validator.

Bug: tint:642
Change-Id: Ic0b4779ae4712a393ff209014daf25e23f32be6d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/47061
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
2021-04-08 14:08:47 +00:00
Ryan Harrison 0f5c26d5fd Add checking for ICEs in fuzzers
BUG=tint:668

Change-Id: I6b0bf79873b01140b1e87ea60abeb623b031af23
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/45942
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-03-25 11:40:07 +00:00
Ben Clayton eb496d0a4d transform: API cleanup
Transforms are meant to be reusable. Those that hold state cannot be used concurrently.
State leakage between runs is dangerous.
To fix this:
* Add transform::Data - A new base class for extra information emitted by transforms.
* Add transform::DataMap - A container of Data, keyed by type.
* Add a transform::DataMap field to Transform::Output.
* Have FirstIndexOffset emit a FirstIndexOffset::Data.
* Deprecate the getters on the transform.

Mutability of the transform config is also dangerous as setters can be called while a transform is actively running on another thread.
To fix:
* Expose a VertexPulling::Config structure and add a constructor that accepts this.
* Deprecate the setters on VertexPulling.

Also deprecate Transform::Output::diagnostics.
Put all the transform diagnostics into the returned Program. Reduces error handling of the client.

Change-Id: Ibd228dc2fbf004ede4720e2d6019c024bc5934d1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/42264
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
2021-02-24 15:55:24 +00:00
Ben Clayton 527a0bbf25 Have Program::IsValid() return false unless built
An unbuilt program doesn't have an ast::Module, so Program::AST() will just explode.

* Have a Program default to false for IsValid()
* Initialize the ast_ field to nullptr. This was previously floating.
* Return from CommonFuzzer::Run() earlier if the InputFormat is not recognised.

Fixed: chromium:1180130
Fixed: chromium:1180157
Change-Id: I9b67daa10746f386f44919a7b9ac5c171092d6e5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/42028
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: David Neto <dneto@google.com>
2021-02-19 19:04:18 +00:00
Ben Clayton 7206e25798 Remove deprecated APIs
Remove the Parser classes from the wgsl and spirv namespaces.
These have been replaced with a Parse() method.

Remove the TypeDeterminer::Run() method, this was not called by tint and
the TypeDeterminer is now non-public API.

Change-Id: I5ddb82768da04398ab3958d1647be44f9fe30c21
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/41840
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-02-17 20:15:25 +00:00
Ben Clayton dd69ac3505 Automatically run the TypeDeterminer when building programs
Removes the need for Dawn to use the TypeDeterminer directly.
TypeDeterminer errors will be added to the Program diagnostics list.

Change-Id: I4cfb405e7e6b0e94727296eea872a3ddc4412b66
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/38921
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-27 19:23:55 +00:00
Ben Clayton a6b9a8eb2f Split Program into Program and ProgramBuilder
Program is now immutable*, and remains part of the public Tint
interface.

ProgramBuilder is the mutable builder for Programs, and is not part of
the public Tint interface. ast::Builder has been folded into
ProgramBuilder.

Immutable Programs can be cloned into a mutable ProgramBuilder with
Program::CloneAsBuilder().

Mutable ProgramBuilders can be moved into immutable Programs.

* - mostly immutable. It still has a move constructor and move
  assignment operator - required for practical usage - and the
  semantic information on AST nodes is still mutable.

Bug: tint:390
Change-Id: Ia856c50b1880c2f95c91467a9eef5024cbc380c6
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/38240
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-26 16:57:10 +00:00
Ben Clayton c40f627bea Migrate from using ast::Module to Program
Enforce all places where Dawn passes in or returns a ast::Module, now takes a `const Program* ` or returns a `Program`.

As the end goal of all this is to have immutable Programs, all Program inputs take a pointer instead of moving the actual object.

As consumers of a Program are now all const, we have to const_cast to work around all the places we've been incorrectly mutating a ast::Module.
These const_casts are temporary, and will be fixed in the next set of changes.

Depends on https://dawn-review.googlesource.com/c/dawn/+/38522

Bug: tint:390
Change-Id: Ie05b112b16134937d1b601e9b713ea4ec4e1c677
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/38541
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-26 16:57:10 +00:00
Ryan Harrison 7edf1fbc20 Initialize transform manager to null in fuzzer
BUG=chromium:1167337,chromium:1167634,chromium:1167759

Change-Id: Id7eeab225bd29862e43d18f1e44c6ec8b99e26d2
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/38160
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-18 19:48:54 +00:00
Ryan Harrison 1870a48d5f Add fuzzer for Inspector
BUG=tint:445

Change-Id: Ic342c7e83827bcc57bfd134dec92b03cb9708a70
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/37540
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-01-13 15:50:11 +00:00
Ryan Harrison 0b5d1dd5d8 Re-land fuzzing work with fix
Revert "Revert 3 fuzzing CLs, since they are preventing rolling into Chromium."

This reverts commit 1d9935cf37.

Also adjusts BUILD.gn file, so that Chromium build can find all the
needed symbols.

BUG=tint:58,tint:59,tint:193,tint:194,tint:199,tint:436

Change-Id: I3fe71ff52c8156f30fccfaab0bf7f647f158aea4
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/37460
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-12 16:23:48 +00:00
Ryan Harrison 1d9935cf37 Revert 3 fuzzing CLs, since they are preventing rolling into Chromium.
Revert "Adding fuzzing for Transforms"

This reverts commit 4a29008c7e.

Revert "Add fuzzers for various emission paths"

This reverts commit 39545b7e7c.

Revert "Create common utility class for fuzzing"

This reverts commit 766e31d507.

Change-Id: Ia4e4ea2a4a5f423ea5bfa8ca9659c4028b558b45
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/37180
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-11 15:22:19 +00:00
Ryan Harrison 4a29008c7e Adding fuzzing for Transforms
Fuzz all transforms being applied together, and fuzz each transform
separately.

BUG=tint:436

Change-Id: I53cf2e05c69f495f27bfa428f55ec033a85a612a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/36945
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-08 02:42:43 +00:00
Ryan Harrison 39545b7e7c Add fuzzers for various emission paths
BUG=tint:58,tint:59,tint:194,tint:195

Change-Id: Ibca5efbcd608489dcb7c6c45a5fcf596b97165dc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/36901
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
2021-01-07 20:33:22 +00:00
Ryan Harrison 766e31d507 Create common utility class for fuzzing
This moves the usage of Tint in the fuzzers into a single class. This
will be expanded in the future to support emitting shaders, so fuzzing
tests, just need to indicate which reader & writer they want to use,
instead of having each test implement all of the API usage logic
directly.

BUG=tint:199

Change-Id: Id081a374014b7640a07b267e544ddeba3e6329dd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/36760
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
2021-01-07 16:20:32 +00:00