Commit Graph

22 Commits

Author SHA1 Message Date
Ryan Harrison 6839cba568 Add toggle to control if validity is expected in fuzzer
This toggle controls if the fuzzer will throw a fatal error in the
case that the shader becomes invalid.

Currently the fuzzers do no guarantee that the options that are
provided are correct/valid, so there are many uninteresting cases that
become invalid due to the limited nature of the fuzzers, not due to
bugs in the code. The default off state of this toggle will suppress
this noise.

Once https://bugs.chromium.org/p/tint/issues/detail?id=1356 is
implemented this toggle can be default on.

BUG=tint:1357,chromium:1294533

Change-Id: I7170e5a30691105c97e20d8337aadf81ac2bc3bc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/79840
Reviewed-by: Ben Clayton <bclayton@google.com>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2022-02-09 19:45:17 +00:00
Ryan Harrison c57642cbd5 Refactor fuzzer transform generation
Also splits out various utility classes from tint_common_fuzzer and
uses consistent naming for utility classes.

BUG=tint:1106

Change-Id: Ic343741eea799366850c46834865d50885554a84
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65301
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
2021-09-30 18:58:32 +00:00
Ryan Harrison a617d0f0fc Convert fuzzer to generating configuration data
This is instead of consuming a portion of the input, so that the seed
corpus of valid shaders can be more effective.

BUG=tint:1098

Change-Id: If3696527c82c23b09edeea6ddd2a0f935e5e1ac7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63301
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-09-22 14:37:46 +00:00
Antonio Maiorano 15e89fa7b7 Add '-tint_dump_input=true/false' to fuzzers to dump input spv/wgsl to a file
When enabled, the input spv/wgsl is dumped to a file named
"fuzzer_input_<hash of file>.spv/wgsl".

Note that this adds the setting to all the fuzzers in the root of
fuzzers/, but not to tint_ast_fuzzer, tint_regex_fuzzer, nor
tint_spirv_tools_fuzzer as they currently to their own CLI parsing.

Change-Id: I268ffd842b94be1cbb78eb199d5662712ff71053
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61000
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
2021-08-05 15:52:58 +00:00
James Price 54d1ee6f11 fuzzers: Switch fuzzers to new generator API
Remove sanitizer transform fuzzers, as these will no longer be
publicly visible. We should fuzz the generator options instead.

Change-Id: If8f2c70f505bdaecd62a2f53a6586c3b84bd1c33
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57760
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
2021-07-12 21:07:41 +00:00
Ben Clayton 0273f1a604 transform: Rename BoundArrayAccessors to Robustness
We will want this transform to do more bounds and argument sanitization.

Bug: tint:748
Change-Id: I38cb9623622e9f5ab85d8cd420d669ca6be77099
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/56543
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
2021-06-30 13:23:36 +00:00
Ryan Harrison 593c87b414 Remove fuzzing for transform::EmitVertPointSize
BUG=tint:753

Change-Id: Idb1f942defe6233421ea735a56bab8da8add8024
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/50360
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2021-05-07 15:48:04 +00:00
Ryan Harrison a0174e613f Add fuzzing for transform::VertexPulling
Includes a significant refactoring of helper functions in
tint_common_fuzzer.cc/.h

BUG=tint:722

Change-Id: I1fdab0113bae02c4a0bf8da0d1b7729f05a2fc5b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49902
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-05-06 15:43:33 +00:00
Ryan Harrison 52456c69c8 Add fuzzing for transform::SingleEntryPoint
BUG=tint:722

Change-Id: I83dfb2cb196f6e80ffb48dc41ff385621a5d629e
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49580
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-29 20:49:25 +00:00
Ryan Harrison bc5461d731 Add fuzzing for transform::Renamer
BUG=tint:722

Change-Id: I6886913e01f579e48d6b13c152230dc4e23dfcd2
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49540
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-29 20:43:45 +00:00
Ryan Harrison fc57979d70 Add fuzzing for transform::Spirv
BUG=tint:722

Change-Id: Icf47d061b85ad68adc311b8873eb75ad2cd4a451
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49463
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-29 20:12:05 +00:00
Ryan Harrison b67d0494b5 Add fuzzing for transform::Msl
BUG=tint:722

Change-Id: I1d1ceb9770a2a071522b0eb11521041d23dc1c84
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49462
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-29 20:06:25 +00:00
Ryan Harrison dcd6b4d669 Add fuzzing for transform::Hlsl
BUG=tint:722

Change-Id: Iaf107077a596dd607c2f785d8787177279e0bcef
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49461
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-29 20:03:35 +00:00
Ryan Harrison da43604eab Remove fuzzers for transforms that should only be invoked by sanitizers
Also mark code elements that should be removed as part of
https://crbug.com/tint/753

BUG=tint:722

Change-Id: I52aedeffcb06e302f8399d83986909b36749ca5e
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49560
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-29 19:59:55 +00:00
Ryan Harrison 23c73b0b32 Add fuzzing for transform::CanonicalizeEntryPointIO
BUG=tint:722

Change-Id: Id6ca2a8c5b807c84658969a09ca75281f62221d1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49381
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-28 18:13:03 +00:00
Ryan Harrison be303e9265 Add fuzzing for transform::CalculateArrayLength
BUG=tint:722

Change-Id: Ide83964646f303c03a9cc780f3828f1816baa288
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49380
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-28 17:57:23 +00:00
Ryan Harrison b5c908f700 Add fuzzing for transform::BindingRemapper
BUG=tint:722

Change-Id: I742f1e536ef0429c2e7b8c9ea6c13b836a2ec0c2
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49360
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-28 15:35:43 +00:00
Ryan Harrison a810d71df5 Make params for FirstIndexOffset fuzzing dynamic
The preamble size in tint_all_transforms_fuzzers is dynamic in
anticipation of more complex preamble calculations in future CLs.

BUG=tint:722

Change-Id: I24a0b00a77aa565b5fe1f146015f017481916c1c
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49200
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-27 17:24:47 +00:00
Ben Clayton 5d5ec24571 src/transform: Remove deprecated APIs
These have now been removed from Dawn.

Change-Id: I50e784141e6eb07f4f0d3f508bb8c6199429dd63
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/48044
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-04-26 20:38:36 +00:00
Ryan Harrison 0b5d1dd5d8 Re-land fuzzing work with fix
Revert "Revert 3 fuzzing CLs, since they are preventing rolling into Chromium."

This reverts commit 1d9935cf37.

Also adjusts BUILD.gn file, so that Chromium build can find all the
needed symbols.

BUG=tint:58,tint:59,tint:193,tint:194,tint:199,tint:436

Change-Id: I3fe71ff52c8156f30fccfaab0bf7f647f158aea4
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/37460
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-12 16:23:48 +00:00
Ryan Harrison 1d9935cf37 Revert 3 fuzzing CLs, since they are preventing rolling into Chromium.
Revert "Adding fuzzing for Transforms"

This reverts commit 4a29008c7e.

Revert "Add fuzzers for various emission paths"

This reverts commit 39545b7e7c.

Revert "Create common utility class for fuzzing"

This reverts commit 766e31d507.

Change-Id: Ia4e4ea2a4a5f423ea5bfa8ca9659c4028b558b45
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/37180
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-11 15:22:19 +00:00
Ryan Harrison 4a29008c7e Adding fuzzing for Transforms
Fuzz all transforms being applied together, and fuzz each transform
separately.

BUG=tint:436

Change-Id: I53cf2e05c69f495f27bfa428f55ec033a85a612a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/36945
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-08 02:42:43 +00:00