Commit Graph

16 Commits

Author SHA1 Message Date
Ryan Harrison 1c1b9762ce Add tests for fuzzers::RandomGenerator
BUG=tint:1019

Change-Id: Ia462080877a97348c5589bfa71231a832a7ebfd3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/70081
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
2021-11-24 14:55:05 +00:00
Ryan Harrison 8645953be2 Refactor Inspector fuzzing
It is always on now when using tint::CommonFuzzer, and runs before &
after the transform step.

This CL also adds missing API coverage to the Inspector fuzzing code.

Errors found with the Inspector are now reported as fuzzer failures
and should generate bug reports.

BUG=tint:1250,tint:1251,tint:1250

Change-Id: I1c1bcbddf81a35620f89c5b7a648c44e6a1f2952
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66980
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
2021-10-20 05:01:03 +00:00
Ryan Harrison 71763c84c2 Update remaining fuzzers to use TransforBuilder
Missed some fuzzers in my last fix, because I was trying to git grep
between repos...

This should fix any outstanding issues with
NULL being passed into SetTransformManager in TintCommonFuzzer.

BUG=chromium:1255313

Change-Id: Idf71bc34bb75041accec303df3da0bc6f9cd15cc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65940
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-10-05 19:19:26 +00:00
Ryan Harrison c57642cbd5 Refactor fuzzer transform generation
Also splits out various utility classes from tint_common_fuzzer and
uses consistent naming for utility classes.

BUG=tint:1106

Change-Id: Ic343741eea799366850c46834865d50885554a84
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65301
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
2021-09-30 18:58:32 +00:00
egj 2228ad19af Regex fuzzer: Add return statement inside a randomly-chosen function
Adds a return statement in the body of a randomly-chosen function.
The return value is a randomly-chosen identifier or literal from
the WGSL shader.

Fixes: tint:1115.

Change-Id: Icdc4ff669cda343244e158ce791b4085fd52f7b9
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61781
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-09-28 14:57:54 +00:00
Alastair Donaldson 0118b964f3 Fix generation of random indices in regex fuzzer
Random indices were being generated in a manner that assumed the upper
bound to a Random::GetUInt call was inclusive. Also, GetUInt64 was
being used needlessly when GetUInt32 would suffice. This change
addresses both issues.

Fixes https://crbug.com/1250904

Change-Id: I9ad8e5beb3b52bcb867aeb745dec520c251cba60
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/64744
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2021-09-21 16:16:58 +00:00
Ryan Harrison 5dc0ea7cce Unify fuzzer random number generation into a single class
BUG=tint:1098

Change-Id: I84931804515487d931bbbb5f0d5239d03ca76dfc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63300
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
2021-09-03 00:59:35 +00:00
Alastair Donaldson 44a0adf9b4 Fuzzers: Avoid passing target backend as parameter
Changes various fuzz targets so that the target back-end language (HLSL,
MSL, SPIR-V or WGSL) is no longer passed as a command line argument, but
instead baked into the fuzzer's binary. This avoids a problem whereby a
ClusterFuzz bug reproducer does not use the required back-end command
line argument.

Change-Id: I64402a23391ca0f24c9d1ffd2aa2f218cc7106b1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63163
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-08-31 22:07:17 +00:00
Vasyl Teliman 4ebede411e Run fuzzer unit tests in Kokoro
This CL adjusts the scripts to be able to run AST and regex
fuzzer unit tests in Kokoro. Only clang is supported for now.

Change-Id: Ibc9ebb9cf0dc40f47317abf88875aa738811919d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61642
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
2021-08-11 14:10:05 +00:00
Ryan Harrison 5085efb748 Add robustness pass to ast and regex fuzzers
Fixed: tint:1104
Change-Id: I4ea3aa283c1c4b5e55f507dbc104b21c8bedb63b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61521
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: James Price <jrprice@google.com>
2021-08-11 13:02:45 +00:00
egj 608738d59b Regex fuzzer: replace the value of an integer with
a value in the set {INT_MAX, INT_MIN, -1 or 0}.

A mutation that replaces the value of a randomly-chosen integer with a value
in the set {INT_MAX, INT_MIN, -1, 0}.

Fixes: tint:1093.

Change-Id: I5ec69e1813785760ed6e7b06d0cbd9c481f69ade
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60920
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-08-05 22:24:20 +00:00
egj 98fbf241d8 Regex fuzzer: identifier mutation
Mutates a WGSL-like string by replacing a randomly-selected identifier
with a different randomly-selected identifier.

Change-Id: Iecf45ad2800677cf3609b30d415520e5f2a05ba0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60561
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-08-04 07:12:20 +00:00
egj b75e4b96a6 Regex fuzzer: Change the region boundaries
Changes the interval boundaries to exclude the first delimiter
that encloses a region.

Change-Id: Ia9186e584d9038b4220cad11d418fa9881e51e8d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60346
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-08-02 20:56:39 +00:00
egj f5490c732d Regex fuzzer: region deletion and duplication
Adds two transformations, one that deletes a random region enclosed
by a given delimiter and another one that duplicates a region by
inserting it at a position of the WGSL code after a delimiter.

Fixes: tint:1072.
Fixes: tint:1073.

Change-Id: Icb10a7f16a783d5eb8f75a48c4015eb87ea1d174
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60200
Reviewed-by: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-07-29 15:40:57 +00:00
Alastair Donaldson 1f0200a3ff Add gn support for regex fuzzer
Allows the tint regex fuzzer to be built using gn, so that it can be
deployed on ClusterFuzz.

Fixes: tint:1075
Change-Id: I88f8bd0eefe3044483b66784cc32feebcdc63928
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60202
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-07-29 11:58:18 +00:00
egj cc6d5b464d Add regex fuzzer
A fuzzer that mutates a WGSL code by finding two regions enclosed by
semicolons and swapping them randomly.

Change-Id: I5b14eb21fd2924227d05ac516f806c6e2efa6198
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58395
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-07-28 11:11:26 +00:00