This toggle controls if the fuzzer will throw a fatal error in the
case that the shader becomes invalid.
Currently the fuzzers do no guarantee that the options that are
provided are correct/valid, so there are many uninteresting cases that
become invalid due to the limited nature of the fuzzers, not due to
bugs in the code. The default off state of this toggle will suppress
this noise.
Once https://bugs.chromium.org/p/tint/issues/detail?id=1356 is
implemented this toggle can be default on.
BUG=tint:1357,chromium:1294533
Change-Id: I7170e5a30691105c97e20d8337aadf81ac2bc3bc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/79840
Reviewed-by: Ben Clayton <bclayton@google.com>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
This is a check that has been added to newer versions of clang and is
tripping for me locally. The actual issue is in code being generated
by protobuf.
Updating protobufs has cross-dependency issues with spriv-tools, so is
non-trivial. There is already a special case suppression for internal
protobuf issues, so I am just adding to the carve out.
BUG=tint:1419
Change-Id: I3ecd111a778fb4c65a113382ded8d6160deab462
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/79841
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Add google benchmark to the DEPs.
Implement a basic set of benchmarks for each of the writers and the WGSL parser.
Add build rules for CMake. GN build rules TODO.
Add a simple go tool (ported from Marl) to diff two benchmarks. Less
noisy than the one provided by google benchmark.
Bug: tint:1378
Change-Id: I73cf92c5d9fd2d3bfac8f264864fd774afbd5d01
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/76840
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
The default implementation of this was generating random data for
the underlying pointers of std::unordered_map, leading to crashes
when the map was accessed. This CL populates the map in a
structured manner with pseudo-random data.
Bug: chromium:1273001
Change-Id: Ic20ecab85bedba2a59587ebe4a5016be6e53e6f8
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/70701
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Austin Eng <enga@chromium.org>
The semantic nodes cannot be fully immutable, as they contain cyclic
references. Remove Resolver::CreateSemanticNodes(), and instead
construct and mutate the semantic nodes in the single traversal pass.
Give up on trying to maintain the 'authored' type names (aliased names).
These are a nightmare to maintain, and provided limited use.
Significantly simplfies the Resolver, and allows us to generate more
semantic to semantic references, reducing sem -> ast -> sem hops.
Note: This change introduces constant value propagation across constant
variables. This is unlocked by the earlier construction of the
sem::Variable.
Change-Id: I592092fdc47fe24d30e512952511c9ab7c16d7a1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/68406
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
It is always on now when using tint::CommonFuzzer, and runs before &
after the transform step.
This CL also adds missing API coverage to the Inspector fuzzing code.
Errors found with the Inspector are now reported as fuzzer failures
and should generate bug reports.
BUG=tint:1250,tint:1251,tint:1250
Change-Id: I1c1bcbddf81a35620f89c5b7a648c44e6a1f2952
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66980
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
And remove a whole load of const_cast hackery.
Semantic nodes may contain internally mutable fields (although only ever modified during resolving), so these are always passed by `const` pointer.
While all AST nodes are internally immutable, we have decided that pointers to AST nodes should also be marked `const`, for consistency.
There's still a collection of const_cast calls in the Resolver. These will be fixed up in a later change.
Bug: tint:745
Change-Id: I046309b8e586772605fc0fe6b2d27f28806d40ef
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66606
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
Methods and functions are `CamelCase()`
Public fields are `snake_case` with no trailing `_`
Private fields are `snake_case` with a trailing `_`
Remove pointless getters on fully immutable fields.
They provide no value, and just add `()` noise on use.
Remove unused methods.
Bug: tint:1231
Change-Id: If32efd039df48938efd5bc2186d51fe4853e9840
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66600
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
An assertion failure had been injected to check that black box fuzzing
is working, but as ClusterFuzz runs a release mode build this was not
triggering. This change turns the assertion failure into an abort. Once
it has been established that the abort is triggered by the black box
fuzzers, it should be removed.
Bug: https://crbug.com/1246587
Change-Id: I5afcea97132e5a7f13df4ba353121deccc901e60
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65901
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Adds a return statement in the body of a randomly-chosen function.
The return value is a randomly-chosen identifier or literal from
the WGSL shader.
Fixes: tint:1115.
Change-Id: Icdc4ff669cda343244e158ce791b4085fd52f7b9
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61781
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Changes the spirv-tools fuzzer targets so that the target back-end
language (HLSL, MSL, SPIR-V or WGSL) is no longer passed as a command
line argument, but instead baked into the fuzzer's binary. This avoids
a problem whereby an OSS-Fuzz bug reproducer does not use the required
back-end command line argument.
Change-Id: I69970dfa7f133f8e310ec063c9b6869bd774e7d3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63343
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
When preparing a corpus of SPIR-V shaders for fuzzing, spirv-as is
invoked repeatedly. It could be that a bug in spirv-as leads to
conversion failing for some of the shaders. This should not prevent the
overall corpus from being generated, as long as the number of overall
failures is reasonably small. This change adds some tolerance for such
failures.
Change-Id: I77750fdeab15a252201bff33e952e1bd44c42331
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64543
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This makes it possible to build the fuzzer in Chromium's asan builder
group by having it depend on the tint fuzzers group, and means that the
logic for when particular fuzz targets are built remains encapsulated in
the tint fuzzer build rules.
Change-Id: Ic8d6131ccf1759a25fc3d736ae507cd173931616
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64181
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
