This CL changes the prefix of CLI parameters in AST and SPIRV-Tools
fuzzers from `--` to `-` to make these fuzzers compatible with ClusterFuzz.
Additionally, a `tint_` prefix was added to all CLI arguments to prevent their
name collisions with LibFuzzer arguments.
Change-Id: Id2e087e59f04b495d5a7edb3b62d55de652c1acd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58226
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
This CL fixes a regression in SPIRV-Tools fuzzer after the changes in https://dawn-review.googlesource.com/c/tint/+/57101. Additionally, a bunch of sanity fixes are added to the CommonFuzzer.
Change-Id: Ie6512ddca20572d23634c4b5265b39540a42b4bd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58224
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Setting precision to `std::numeric_limits<float>::max_digits10` is valid
when using the `scientific` floatfield format when printing values.
However, we used `fixed` to make our floats more human-readable. This
change keeps the output in `fixed`, except if doing so loses precision,
in which case we fall back to `scientific`.
This fixes the rendering differences seen in the Babylon.js examples
(https://crbug.com/tint/944) between Dawn using Tint vs SPIRV-Cross, as
Tint's output was emitting values that had lost too much precision
(e.g. very small numbers being output as 0).
Bug: tint:944
Change-Id: I8deea23ad876825bbe390fc26907d4bbbd4b966e
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58321
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
For loop initializers and continuing statements do not have a BlockStatement as their parent.
Handle removal of these statements with a new Transform::RemoveStatement() helper
Fixed: tint:990
Change-Id: I24e7b18dcf71d3ef0a4d3ee68b9f68518e0eb5e8
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58063
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Some methods passed by pointer, others by reference. Standarize to pass-by-reference.
Also remove CloneWithStatementsAtStart().
CloneContext::InsertFront() is a better replacement.
Change-Id: Ibbf7caaa7a1b42c2d0a0cddaa3d6e76ca0e12a17
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58062
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Much like sem::Type, it greatly simplifies downstream logic if we can compare sem::Intrinsic pointers to know if they refer to the same intrinsic overload.
Change-Id: If236247cd3979bbde821d9294f304ab85ba4938e
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58061
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
And call these helpers instead of inlining complex statements.
Cleans up output, and helps prevent for-loops decaying to while loops.
Change-Id: I6ac31b18ce6c5fac0e54e982f7db3bb298f7edb2
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58060
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
CloneContext::Replace(T* what, T* with) is bug-prone, as complex transforms may want to clone `what` multiple times, or not at all. In both cases, this will likely result in an ICE as either the replacement will be reachable multiple times, or not at all.
The CTS test: webgpu:shader,execution,robust_access:linear_memory:storageClass="storage";storageMode="read_write";access="read";atomic=true;baseType="i32"
Was triggering this brokenness with DecomposeMemoryAccess's use of CloneContext::Replace(T*, T*).
Switch the usage of CloneContext::Replace(T*, T*) to the new function form.
As std::function is copyable, it cannot hold a captured std::unique_ptr.
This prevented the Replace() lambdas from capturing the necessary `BufferAccess` data, as this held a `std::unique_ptr<Offset>`.
To fix this, use a `BlockAllocator` for Offsets, and use raw pointers instead.
Because the function passed to Replace() is called just before the node is cloned, insertion of new functions will occur just before the currently evaluated module-scope entity.
This allows us to remove the "insert_after" arguments to LoadFunc(), StoreFunc(), and AtomicFunc().
We can also kill the icky InsertGlobal() and TypeDeclOf() helpers.
Bug: tint:993
Change-Id: I60972bc13a2fa819a163ee2671f61e82d0e68d2a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58222
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Before and after each transform of a transform::Manager.
This change makes the transforms use the Castable system so we can get the transform name.
Change-Id: I2cf9335960f1aca56f1d32c5ba0d104db4cc46c1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/54581
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Replace(T* what, T* with) is bug-prone, as more complex transforms may want to clone `what` multiple times, or not at all. In both cases, this will likely result in an ICE as either the replacement will be reachable multiple times, or not at all.
This is the cause of some of the CTS failures reported in crbug.com/tint/993.
Bug: tint:993
Change-Id: I880ece45faab0e7f07230a1b4436f4e9846edc84
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58221
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
This is a reland of fd5829e5ea
Original change's description:
> Validate storage class constraints
>
> As defined by https://gpuweb.github.io/gpuweb/wgsl/#storage-class-layout-constraints
>
> Bug: tint:643
> Change-Id: I9c78ba69a792a80c263a17b0a6e9b4810fdb7f30
> Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/56780
> Kokoro: Kokoro <noreply+kokoro@google.com>
> Commit-Queue: Antonio Maiorano <amaiorano@google.com>
> Reviewed-by: Ben Clayton <bclayton@google.com>
Bug: tint:643
Change-Id: I62036d615a062597339a9d130b7ccf49b5be26c7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58120
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Clamp the `level` and `array_index` arguments to `textureLoad()` and `textureStore()`.
Also fix the off-by-one error for the coordinates.
See: https://github.com/gpuweb/gpuweb/pull/1906
Fixed: tint:748
Change-Id: Id7505578b632dcaf75b2a3a020fc0190c612972c
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57700
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
It appears that I didn't do a great job cleaning up the removal of ShareableCloneable in https://dawn-review.googlesource.com/c/tint/+/51484.
Cloning nodes shouldn't return the same pointer. Remove bad comments.
Clean up leftover logic from CloneWithoutTransform().
Change-Id: Ibbc5f625c5978e9c11da59e7aa6197f39b6f0363
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58220
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: James Price <jrprice@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Gives you juicy stats for contributions to the project.
Change-Id: I4f3e7f03cc43947675e916a8036317af4a894d12
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57883
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: David Neto <dneto@google.com>
Reviewed-by: David Neto <dneto@google.com>
This uses FXC compilation failure mitigation for _any_ vector index assignment that has a non-constant index. FXC can still fall over if the loop calls a function that performs the dynamic index.
Use some vector swizzle logic to avoid branches in the helper.
Fixed: tint:980
Change-Id: I2a759d88a7d884bc61b4631cf57feb4acc8178de
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57882
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
The UBO must have a stride that is a multiple of 16 bytes.
Note that this change was part of https://dawn-review.googlesource.com/c/tint/+/56780
but the CL was reverted because it broke Dawn. This CL relands part of
the change, and adds the macro TINT_EXPECTS_UBOS_TO_BE_MULTIPLE_OF_16 so
that Dawn can conditionally compile against it.
Bug: tint:984
Bug: tint:643
Change-Id: I303b3fe81ff97c4933c489736d5d5432a59ce9b7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57921
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
R=rharrison
Bug: chromium:1216166
Change-Id: I6bbe4795ad2435d9cb8a9cb929669c2791f649ae
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57467
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Kokoro: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
This was just echoing back the source that was provided to the
validation routine, and is no longer uses by any callers.
Change-Id: I55aeb7c41405ebbe1b21b9654b94607b651ff118
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57281
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
This is a reland of the CL:
https://dawn-review.googlesource.com/c/tint/+/55402
Now that sanitizers are no longer exposed externally, the Inspector no
longer needs to handle this post-sanitizer world.
Bug: tint:697
Change-Id: Ic02ebb9c529aa132a238285bdd0d0df8686e219b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57104
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Make the sanitizer transforms internal, as the new generator API
automatically runs them.
Change-Id: Ia2674762328b5d91d8370b8c18c31693936e8566
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57102
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
This change adds a comment related to the use of host_toolchain to
account for cross compilation, and removes a print statement that had
been accidentally left in a build script.
Bug: tint:966
Change-Id: I6334225864632d9983ab197bb28fcb972d5ba1d4
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58000
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
This change introduces sem::CompoundStatement, a new base class for
statements that can hold other statements.
sem::BlockStatements now derives from sem::CompoundStatement, and
this change introduces the following new CompoundStatements:
* `sem::IfStatement`
* `sem::ElseStatement`
* `sem::ForLoopStatement`
* `sem::LoopStatement`
* `sem::SwitchStatement`.
These new CompoundStatements are now inserted into the semantic
tree as now documented in `docs/compound_statements.md`.
The `sem::BlockStatement::FindFirstParent()` methods have been
moved down to `sem::Statement`.
The `Resolver::BlockScope()` method has been replaced with
`Resolver::Scope()` which now maintains the `current_statement_`,
`current_compound_statement_ ` and `current_block_`. This
simplifies statement nesting.
The most significant change in behavior is that statements now
always have a parent, so calling Block() on the initializer or
continuing of a for-loop statement will now return the
BlockStatement that holds the for-loop. Before this would
return nullptr.
Fixed: tint:979
Change-Id: I90e38fd719da2a281ed9210e975ab96171cb6842
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57707
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: James Price <jrprice@google.com>
Case statements cannot be used as regular statements. They must exist inside a switch.
Change-Id: Ica2e0573ad926c3e257f02c95397a8666dfcd547
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57705
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: James Price <jrprice@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Fixes build when using clang 12
Change-Id: Ia60e8690e0b6dbe7c33879dfdf1b41bfcf71f6f6
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57884
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Add a script that generates corpora of SPIR-V shaders for the tint
SPIR-V fuzzers, from test cases in the repository.
Fixes: tint:966
Change-Id: I3be5a868ed8ac9c9cfe3b1d5d7d5607e2e26168d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57881
Auto-Submit: Alastair Donaldson <afdx@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Adds scripts that generate corpora of WGSL shaders for the tint
WGSL fuzzers, from test cases in the repository.
Bug: tint:966
Change-Id: Icf8293472ff04ca15111acacda8582b11c0723be
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57880
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: Alastair Donaldson <afdx@google.com>
The original problem appears to be fixed.
Fixed: tint:219
Change-Id: I8d16fbb715da3ca149769699c86f86a4bed85b4f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57703
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This class is very large, so factoring it out into its own seperate
file.
Also renaming it to InspectorBuilder, in anticipation of adding tests
that don't build their state through explicitly calling into the
ProgramBuilder.
BUG=tint:967
Change-Id: I316458a969479200edf6962ab2008180f9a1e7e2
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57800
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
This also creates a new commit to test 20% of realms :)
R=rharrison
Bug: chromium:1216166
Change-Id: I5f0f9b9b4865bd9d30592a387499b2f909b3fa72
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57466
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
ConstantValueOf() obtains the constant value from the logic in resolver_constants.cc. This is better tested, and is the foundation of Tint's constant folder.
Change-Id: I42036f3ff4ab684b4864cd69856de1715b38d246
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57702
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Use the new semantic constant value information to significantly reduce the complex indexing logic emitted for UBO accesses.
This will dramatically reduce the number of `for` loops that are decayed to `while` loops.
Change-Id: I1b0adb5edde2b4ed39c6beafc2e28106b86e0edd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57701
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Move the bulk of the constant evaulation logic out of transform::FoldConstants and into Resolver and sem::Expression.
transform::FoldConstants now replace TypeConstructor nodes that have a constant value on the expression.
This is ground work to:
* Cleaning up the HLSL uniform buffer indexing, which is `/` and `%` arithmatic heavy
* Prepares us to handle `constexpr` when it lands in the spec
* Provide a centralized place to do constant evaluation, instead of the
having similar logic scattered around the codebase.
Change-Id: I3e2f542be692046a8d243b62a82556db519953e7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57426
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: James Price <jrprice@google.com>
This change implements a new fuzzer. It mutates a WGSL shader by traversing
the AST of a program and applying various transformations that might or might not
be semantics preserving.
Change-Id: I6b144bd1067444c3f0b815ba1a646aaf6e739b52
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/52160
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Alastair Donaldson <allydonaldson@googlemail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Remove sanitizer transform fuzzers, as these will no longer be
publicly visible. We should fuzz the generator options instead.
Change-Id: If8f2c70f505bdaecd62a2f53a6586c3b84bd1c33
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57760
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
This reverts commit fd5829e5ea.
Reason for revert: Temporarily reverting as this is preventing a tint->dawn roll, which is needed to fix the dawn->chrome roll.
Original change's description:
> Validate storage class constraints
>
> As defined by https://gpuweb.github.io/gpuweb/wgsl/#storage-class-layout-constraints
>
> Bug: tint:643
> Change-Id: I9c78ba69a792a80c263a17b0a6e9b4810fdb7f30
> Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/56780
> Kokoro: Kokoro <noreply+kokoro@google.com>
> Commit-Queue: Antonio Maiorano <amaiorano@google.com>
> Reviewed-by: Ben Clayton <bclayton@google.com>
TBR=bclayton@google.com,amaiorano@google.com,noreply+kokoro@google.com,tint-scoped@luci-project-accounts.iam.gserviceaccount.com
Change-Id: I8dbd0e46b3e3291ef08797a196d0d9abd2a78845
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: tint:643
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57704
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
R=rharrison
Bug: chromium:1216166
Change-Id: I4103a26046163a1d71ac9a1e039dfe4c06ceb100
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57425
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: Andrii Shyshkalov <tandrii@google.com>
... once the maximum number of errors have been reached.
https://dawn-review.googlesource.com/c/tint/+/56070 introduced maybe_set_synchronized(), which only set synchronized_ when the number of errors reported was less than max_errors_, but it seems the fuzzers have found ways to generate an excessive number of errors that keep the parser synchronized.
Revert 56070, and instead check the synchronized state along with the error count for every unbounded loop in the parser.
Fixed: chromium:1226655
Fixed: chromium:1226379
Change-Id: I178d758ac1424d4d19923fe6a3d9e123879b9eae
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57427
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Report whether one was generated so that Dawn knows to use the
`-fpreserve-invariance` compiler option.
Bug: tint:772
Change-Id: Ife1eb05265646727dc864f12f983781af4df3777
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57644
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Sarah
Vasyl Teliman
Antonio Maiorano
Ben Clayton
David Neto
Andrii Shyshkalov
James Price
Alastair Donaldson
Ryan Harrison