Changes the spirv-tools fuzzer targets so that the target back-end
language (HLSL, MSL, SPIR-V or WGSL) is no longer passed as a command
line argument, but instead baked into the fuzzer's binary. This avoids
a problem whereby an OSS-Fuzz bug reproducer does not use the required
back-end command line argument.
Change-Id: I69970dfa7f133f8e310ec063c9b6869bd774e7d3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63343
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Random indices were being generated in a manner that assumed the upper
bound to a Random::GetUInt call was inclusive. Also, GetUInt64 was
being used needlessly when GetUInt32 would suffice. This change
addresses both issues.
Fixes https://crbug.com/1250904
Change-Id: I9ad8e5beb3b52bcb867aeb745dec520c251cba60
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64744
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Allow the third_party directory to be controlled by the outer sub-project.
Change-Id: I11030c75254c264c1955150bdf1983771b33b614
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64500
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
tmpfs is where the real disk space lives.
Fixes spurious out-of-disk errors.
Change-Id: Icd82b58888f5ffa26680c9f68cd65e7b53874bf5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64541
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Update one test to avoid this error.
Fixed: tint:1179
Change-Id: Id41b0eb0f404648de4e86a835fe43f1729cb4696
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64464
Auto-Submit: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: David Neto <dneto@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
When preparing a corpus of SPIR-V shaders for fuzzing, spirv-as is
invoked repeatedly. It could be that a bug in spirv-as leads to
conversion failing for some of the shaders. This should not prevent the
overall corpus from being generated, as long as the number of overall
failures is reasonably small. This change adds some tolerance for such
failures.
Change-Id: I77750fdeab15a252201bff33e952e1bd44c42331
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64543
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This makes it possible to build the fuzzer in Chromium's asan builder
group by having it depend on the tint fuzzers group, and means that the
logic for when particular fuzz targets are built remains encapsulated in
the tint fuzzer build rules.
Change-Id: Ic8d6131ccf1759a25fc3d736ae507cd173931616
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64181
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Use a threadgroup memory argument for any workgroup variable that
contains a matrix.
The generator now provides a list of threadgroup memory arguments for
each entry point, so that the runtime knows how many bytes to allocate
for each argument.
Bug: tint:938
Change-Id: Ia4af33cd6a44c4f74258793443eb737c2931f5eb
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64042
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Dawn needs to know if a given entry point uses this builtin, so that
it can pass this information via a root constant for HLSL.
Bug: tint:752
Change-Id: I8bcd3a343db16774ffedd9db9813451f97f10aba
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64040
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
For HLSL, use the new NumWorkgroupsFromUniform transform, and expose
the binding point to use for the generated uniform as a backend
option.
The MSL mapping is trivial, and it was already implemented for WGSL
and SPIR-V.
Bug: tint:752
Change-Id: I4bd37b5d26181629d72b152fe064a60caf8ecdc5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63962
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
This transform scans entry points for struct parameters that contain
the num_workgroups builtin, and replace accesses to these members with
a value loaded from a uniform buffer.
This will be used by the HLSL backend to implement the num_workgroups
builtin.
Bug: tint:752
Change-Id: Iefab3b14af8a08a6135348fded368a06d932e915
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63961
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
The subsequent commits will implement this for all remaining backends.
Bug: tint:752
Change-Id: Id26f920fea93b5678466705612dcbfc229dc878a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63921
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: James Price <jrprice@google.com>
Ensure that remapped access modes are valid enum values.
NB: This is hard to test, as UBSan flags an out-of-range enum value as
a hard error.
Fixed: chromium:1248754, chromium:1248755
Change-Id: I2e686843134e6a285fb8316a1960fc4eadff2a93
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64120
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
We were sorting the inputs twice.
Also make use the UniqueVector::operator std::vector() to simplify the code a little.
Doesn't appear to change any tests.
Just spotted while looking through code.
Change-Id: Iddb433b9c8c429f32b40a10cf466c712fde7a317
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63701
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
Invoke the required transforms directly in the SPIR-V backend.
Change-Id: I78dc667d5c4c9c1d4da13ef5a99ece831c103982
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63801
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Invoke the required transforms directly in the HLSL backend.
Change-Id: I9465fef375dd4dad6a91c1e7e16ede6401b9bfc0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63800
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Will requires updating the WGSL spec, which currently has rules looser than SPIR-V.
Fixed: tint:1167
Bug: chromium:1246163
Change-Id: Ie8fcfabc0bb89c7fb69c345475ff99c07fa04172
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63560
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Invoke the required transforms directly in the MSL backend.
Change-Id: Id8026b1a64415fbe363f8f8a5790e8216cd12c68
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63620
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Generating SPIR-V can cause validation failures when out-of-bounds
accesses are performed, since we are not running the robustness
transform.
Bug: chromium:1246061
Change-Id: Ied58d77d90079d10d5579d2d55854c3cfbc18db5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63640
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
This CL changes the way that the resolver traverses expressions to avoid stack overflows for deeply nested expressions.
Instead of having the expression resolver methods call back into
Expression(), add a TraverseExpressions() method that collects all the
expression nodes with a simple DFS.
This currently only changes the way that Expressions are traversed. We
may need to do the same for statements.
Bug: chromium:1246375
Change-Id: Ie81905da1b790b6dd1df9f1ac42e06593d397c21
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63700
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
When the magnitude is zero, then we don't care about the magnitude
of the exponent. The result value is always zero, without emitting
an error.
Fixed: tint:1166
Change-Id: I303d7c336e7ea42719571854f0a22cbfd19da32c
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63520
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: David Neto <dneto@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
This is easy to do while we are processing builtins in the main
transform now that we use wrapper functions.
This is step towards removing the sanitizers completely.
Change-Id: If5472ce552e3cce1e5905916eeffa8fef90461c9
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63585
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
This is the HandleModuleScopeVars() part of the MSL sanitizer moved
verbatim to a standalone transform. The transform code is unchanged,
but some expected test outputs are different as this is now tested in
isolation instead of along with the rest of the sanitizer transforms.
This is step towards removing the sanitizers completely.
Change-Id: I7be826e2119451fc2ce2891740cc94f978e7d5a1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63583
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Use this from the HLSL and SPIR-V sanitizers, instead of duplicating
this logic for them.
This is step towards removing the sanitizers completely.
Change-Id: Ifa9f23d84fd3505d30a928c260181a699c5f1783
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63582
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
No new tests or any changes, just moving to a separate file in
preparation for adding lots more of these tests soon.
Change-Id: Iaa7eef52384e702c395a6db312fef19e22507644
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63580
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: James Price <jrprice@google.com>
Missed rename from https://dawn-review.googlesource.com/c/tint/+/63180
In a prior CL I fixed tint_ast_fuzzer_libfuzzer_options
Change-Id: I4c3bc6e2046fc986ff2ce749ecbdae2a860f8d93
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63521
Reviewed-by: Sarah Mashayekhi <sarahmashay@google.com>
Commit-Queue: Sarah Mashayekhi <sarahmashay@google.com>
Auto-Submit: Sarah Mashayekhi <sarahmashay@google.com>
Kokoro: Sarah Mashayekhi <sarahmashay@google.com>
During HexFloat parsing, if exponent was too large, we would overflow
the signed integer being used to store its value. We now use an uint32_t
to avoid UB, then convert to int32_t when it's safe to do so.
Also error out if the input exponent is > INT_MAX - 127, which ensures
we will not wrap around and produce an invalid result when adding the
exponent bias of 127.
Bug: chromium:1240048
Bug: tint:1150
Change-Id: I1b57b2c965358b803ebb68ea70b76e759cdd3939
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63120
Reviewed-by: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
- Locally tested with each of the 6 options turned off alone, and fixed
the build.
- Added an incremental build to the Linux Kokoro build with all these
flags disabled, which will help catch a subset of build issues related
to these flags.
Bug: tint:1139
Change-Id: I40eaaea31d88879aa19eac3f17c47b7e7d7a477f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63241
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Adds casts to uint64_t so that a comparison between size_t and the
largest possible uint32_t value does not lead to a tautological warning
when building for i386.
Fixes tint:1162
Change-Id: Ib18140805d443d51bb7e48c9e345b21b9d5651fb
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63440
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
BUG=tint:1098
Change-Id: I84931804515487d931bbbb5f0d5239d03ca76dfc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63300
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Refactors the CMake rules for the tint fuzzers so that when OSS-Fuzz is
controlling the build process no specific fuzzer options are used. This
allows OSS-Fuzz to fully control the fuzzing engine.
Change-Id: Ic4423b981df12e66a14ca8f53c97168ac28bfa39
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63342
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Since the APIs being tested take in strings, using
onlyascii.
Restricting the size of test cases, so that we get more
diverse smaller test cases, instead of generating 1MB of 0s.
BUG=tint:1095,tint:1096
Change-Id: I0590bf0146c3395278ead362e2add328f669aea7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63180
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Adds a stand-alone executable that serves as an entry point for black
box fuzzing. It reads data from a given file, and then calls into the
same code that the libFuzzer fuzzer targets do.
Fixes: tint:1151
Change-Id: I23f4c5b4aa7040f434c791404136422f5c8ee12a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63341
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Change-Id: Ib084dd47a7ad37a64d8abe9cc577f6b05b91a913
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63340
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Change ast::Array to use an ast::Expression for its `size` field. The
WGSL frontend now parses the array size as an `primary_expression`,
and the Resolver is responsible for validating the expression is a
signed or unsigned integer, and either a literal or a non-overridable
module-scope constant.
The Resolver evaluates the constant value of the size expression, and
so the resolved sem::Array type still has a constant size as before.
Fixed: tint:1068
Fixed: tint:1117
Change-Id: Icfa141482ea1e47ea8c21a25e9eb48221f176e9a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63061
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
WGSL only allows literals and identifiers as arguments to
workgroup_size.
Also, change "parameter" to "argument" in the workgroup_size error
messages.
Change-Id: Ibd252a7c2f08464d9cdea62707e64a8e4f12893a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63320
Auto-Submit: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
We can just use the top-level EmitExpression() here.
Change-Id: I3ab346525b6d49f6a986abb5d89aa792171c1db3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63060
Auto-Submit: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Changes various fuzz targets so that the target back-end language (HLSL,
MSL, SPIR-V or WGSL) is no longer passed as a command line argument, but
instead baked into the fuzzer's binary. This avoids a problem whereby a
ClusterFuzz bug reproducer does not use the required back-end command
line argument.
Change-Id: I64402a23391ca0f24c9d1ffd2aa2f218cc7106b1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63163
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
The clusterfuzz fuzzers are attempting to change the access control of a uniform variable, which produces a program that does not validate.
Create an error diagnostic tagged with diag::System::Transform, which the fuzzers recognise as being invalid configuration to the transform.
Fixed: chromium:1244999
Change-Id: I2d4f2dfd4f2218ac81172003872494acb027323b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63141
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>