The default implementation of this was generating random data for
the underlying pointers of std::unordered_map, leading to crashes
when the map was accessed. This CL populates the map in a
structured manner with pseudo-random data.
Bug: chromium:1273001
Change-Id: Ic20ecab85bedba2a59587ebe4a5016be6e53e6f8
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/70701
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Austin Eng <enga@chromium.org>
The semantic nodes cannot be fully immutable, as they contain cyclic
references. Remove Resolver::CreateSemanticNodes(), and instead
construct and mutate the semantic nodes in the single traversal pass.
Give up on trying to maintain the 'authored' type names (aliased names).
These are a nightmare to maintain, and provided limited use.
Significantly simplfies the Resolver, and allows us to generate more
semantic to semantic references, reducing sem -> ast -> sem hops.
Note: This change introduces constant value propagation across constant
variables. This is unlocked by the earlier construction of the
sem::Variable.
Change-Id: I592092fdc47fe24d30e512952511c9ab7c16d7a1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/68406
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
It is always on now when using tint::CommonFuzzer, and runs before &
after the transform step.
This CL also adds missing API coverage to the Inspector fuzzing code.
Errors found with the Inspector are now reported as fuzzer failures
and should generate bug reports.
BUG=tint:1250,tint:1251,tint:1250
Change-Id: I1c1bcbddf81a35620f89c5b7a648c44e6a1f2952
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66980
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
And remove a whole load of const_cast hackery.
Semantic nodes may contain internally mutable fields (although only ever modified during resolving), so these are always passed by `const` pointer.
While all AST nodes are internally immutable, we have decided that pointers to AST nodes should also be marked `const`, for consistency.
There's still a collection of const_cast calls in the Resolver. These will be fixed up in a later change.
Bug: tint:745
Change-Id: I046309b8e586772605fc0fe6b2d27f28806d40ef
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66606
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
Methods and functions are `CamelCase()`
Public fields are `snake_case` with no trailing `_`
Private fields are `snake_case` with a trailing `_`
Remove pointless getters on fully immutable fields.
They provide no value, and just add `()` noise on use.
Remove unused methods.
Bug: tint:1231
Change-Id: If32efd039df48938efd5bc2186d51fe4853e9840
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66600
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
An assertion failure had been injected to check that black box fuzzing
is working, but as ClusterFuzz runs a release mode build this was not
triggering. This change turns the assertion failure into an abort. Once
it has been established that the abort is triggered by the black box
fuzzers, it should be removed.
Bug: https://crbug.com/1246587
Change-Id: I5afcea97132e5a7f13df4ba353121deccc901e60
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65901
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Adds a return statement in the body of a randomly-chosen function.
The return value is a randomly-chosen identifier or literal from
the WGSL shader.
Fixes: tint:1115.
Change-Id: Icdc4ff669cda343244e158ce791b4085fd52f7b9
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61781
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Changes the spirv-tools fuzzer targets so that the target back-end
language (HLSL, MSL, SPIR-V or WGSL) is no longer passed as a command
line argument, but instead baked into the fuzzer's binary. This avoids
a problem whereby an OSS-Fuzz bug reproducer does not use the required
back-end command line argument.
Change-Id: I69970dfa7f133f8e310ec063c9b6869bd774e7d3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63343
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
When preparing a corpus of SPIR-V shaders for fuzzing, spirv-as is
invoked repeatedly. It could be that a bug in spirv-as leads to
conversion failing for some of the shaders. This should not prevent the
overall corpus from being generated, as long as the number of overall
failures is reasonably small. This change adds some tolerance for such
failures.
Change-Id: I77750fdeab15a252201bff33e952e1bd44c42331
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64543
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This makes it possible to build the fuzzer in Chromium's asan builder
group by having it depend on the tint fuzzers group, and means that the
logic for when particular fuzz targets are built remains encapsulated in
the tint fuzzer build rules.
Change-Id: Ic8d6131ccf1759a25fc3d736ae507cd173931616
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64181
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Changes various fuzz targets so that the target back-end language (HLSL,
MSL, SPIR-V or WGSL) is no longer passed as a command line argument, but
instead baked into the fuzzer's binary. This avoids a problem whereby a
ClusterFuzz bug reproducer does not use the required back-end command
line argument.
Change-Id: I64402a23391ca0f24c9d1ffd2aa2f218cc7106b1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63163
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Fuzzers that exercise the SPIR-V reader are being moved to OSS-Fuzz.
This change removes them from the Chromium build so that they cease to
be run by ClusterFuzz. The change also applies a small refactoring to
the fuzzer build rules, so that the tint_ast_clone fuzzer is specified
together with other fuzzers that require the WGSL reader and writer.
Bug: chromium:1243084
Change-Id: I4f5d12a679366634c7cad3e7ac18075bb046a8ba
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62800
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
