It is always on now when using tint::CommonFuzzer, and runs before &
after the transform step.
This CL also adds missing API coverage to the Inspector fuzzing code.
Errors found with the Inspector are now reported as fuzzer failures
and should generate bug reports.
BUG=tint:1250,tint:1251,tint:1250
Change-Id: I1c1bcbddf81a35620f89c5b7a648c44e6a1f2952
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66980
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Fuzzing of the WGSL and SPIR-V readers is well covered by fuzzers that
do both reading and writing. This change removes the fuzzers that only
do reading.
Fixes: tint:1254
Change-Id: Ice93016a6e95be7a2e8418387c35f20be13266e5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66923
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
This change resolves some type-related issues that were leading to
loss-of-precision warnings when compiling for i386 in OSS-Fuzz.
Change-Id: I77912d6b3824a0f942d0f54f1e62914f69e14d7d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66000
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Changes the spirv-tools fuzzer targets so that the target back-end
language (HLSL, MSL, SPIR-V or WGSL) is no longer passed as a command
line argument, but instead baked into the fuzzer's binary. This avoids
a problem whereby an OSS-Fuzz bug reproducer does not use the required
back-end command line argument.
Change-Id: I69970dfa7f133f8e310ec063c9b6869bd774e7d3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63343
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
BUG=tint:1098
Change-Id: I84931804515487d931bbbb5f0d5239d03ca76dfc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63300
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Fuzzers that exercise the SPIR-V reader are being moved to OSS-Fuzz.
This change removes them from the Chromium build so that they cease to
be run by ClusterFuzz. The change also applies a small refactoring to
the fuzzer build rules, so that the tint_ast_clone fuzzer is specified
together with other fuzzers that require the WGSL reader and writer.
Bug: chromium:1243084
Change-Id: I4f5d12a679366634c7cad3e7ac18075bb046a8ba
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62800
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
On OSX, under ASAN the fuzzer is causing a null reference due to
.empty() being called on a null.
BUG=chromium:1237630
Change-Id: I73e627eadaa162af451f809c4abe8ec685d8b95c
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61681
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
This reverts commit 5a53634764.
Reason for revert: This is making the Dawn -> Chromium roller fail.
https://github.com/KhronosGroup/SPIRV-Tools/pull/4407 introduces a new mandatory parameter to the spvtools::fuzz::Fuzzer constructor, which does not exist in Chromium's version of SPIRV-Tools (d9f89257855a2784323512cd9568b6610bcae581).
The roll of SPIRV-Tools into Chromium is currently blocked by another issue, and is a couple of weeks behind ToT. See https://autoroll.skia.org/r/vulkan-deps-chromium-autoroll.
Note, that https://github.com/KhronosGroup/SPIRV-Tools/pull/4407 is going to block the eventual roll of SPIRV-Tools in Chromium, as there's no way this code can compile for both pre and post roll.
I'll try and fix this after unblocking this roll
Original change's description:
> Update SPIR-V Tools fuzzer
>
> Updates spirv-tools DEPS to pull in some recent spirv-fuzz changes, and
> modifies the SPIR-V Tools fuzzer so that inapplicable transformations
> are ignored.
>
> Change-Id: Ibdea6e9bc35224efe148133eced341168f7ce7b7
> Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60209
> Auto-Submit: Alastair Donaldson <afdx@google.com>
> Kokoro: Kokoro <noreply+kokoro@google.com>
> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I4ebcfcfab16e760f64cb8dc622dfb6ef4f1eccf0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60560
Reviewed-by: Ben Clayton <bclayton@chromium.org>
Kokoro: Ben Clayton <bclayton@chromium.org>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Updates spirv-tools DEPS to pull in some recent spirv-fuzz changes, and
modifies the SPIR-V Tools fuzzer so that inapplicable transformations
are ignored.
Change-Id: Ibdea6e9bc35224efe148133eced341168f7ce7b7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60209
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
ClusterFuzz will provide inputs to a fuzzer that did not necessarily
come from the current fuzzing run, thus the SPIR-V Tools mutator can be
presented with arbitrary inputs. This change causes it to validate
inputs before mutation, and reject invalid inputs.
Change-Id: Ic90e62e4f80f38826765b0d815e4f41de915b5df
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59661
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
The SPIR-V Tools fuzzer asserts that the binaries it receives have sizes
that are multiples of 4 bytes, as it should only ever run on valid
binaries. This is failing in ClusterFuzz, likely due to the fuzzer being
misconfigured, so for now these assertions have been replaced with early
exits. They should be reinstated once the fuzzer is correctly
configured.
Fixes: chromium:1232308
Change-Id: I1fa980d09ce9e5c349a2cfcebe0246ebad6613fb
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59440
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: Alastair Donaldson <afdx@google.com>
These changes were intended for submission as part of 58386.
Change-Id: I23f7ada1e8940dce6855176724ade1f2bb7687f8
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59024
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Adds assertions to check that the SPIR-V Tools fuzzer is not
inadvertently applied to SPIR-V binaries of an invalid size, which
guards against the fuzzer being run in a misconfigured fashion.
The CL also moves a memcpy that populates a SPIR-V binary buffer so
that the memcpy only happens when the input really is SPIR-V. This
avoids frequent redundant memory copies when fuzzing WGSL.
Change-Id: Iafccaa107ff34941d8878ed5be72a2e6d38d0f49
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58386
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Allows the new transformation-based fuzzers to be built using gn, so
that they can be deployed on ClusterFuzz.
Fixes: tint:1002
Fixes: tint:1006
Change-Id: Ib9624e507e40836541eb424e710705345a198db1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58387
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
This CL changes the prefix of CLI parameters in AST and SPIRV-Tools
fuzzers from `--` to `-` to make these fuzzers compatible with ClusterFuzz.
Additionally, a `tint_` prefix was added to all CLI arguments to prevent their
name collisions with LibFuzzer arguments.
Change-Id: Id2e087e59f04b495d5a7edb3b62d55de652c1acd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58226
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
This CL fixes a regression in SPIRV-Tools fuzzer after the changes in https://dawn-review.googlesource.com/c/tint/+/57101. Additionally, a bunch of sanity fixes are added to the CommonFuzzer.
Change-Id: Ie6512ddca20572d23634c4b5265b39540a42b4bd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58224
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Add more docs to the cli.h file in SPIRV-Tools fuzzer.
Change-Id: I327c0f6919c07724ecb471655fb1a284fc6c43ae
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/56065
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
There's a lot of missing doxygen in the cli.h file. Add a TODO and disable it for now.
Change-Id: Iebd2bf76be73ad0233e4a7dbd893fc3603efa172
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/56061
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
This change adds a new tint fuzzer that uses SPIRV-Tools to fuzz SPIR-V binaries.
The fuzzer works on a corpus of SPIR-V shaders. For each shader from the corpus it uses
one of `spirv-fuzz`, `spirv-reduce` or `spirv-opt` to mutate and then runs the shader through
the Tint compiler in two steps:
- Converts the mutated shader to WGSL.
- Converts WGSL to some target language specified in the CLI arguments.
The list of all supported CLI arguments and their description is in the cli.h file.
Change-Id: I95c0741b78ccc600dd9a73c371d520bdf7814352
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/41945
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: Alastair Donaldson <allydonaldson@googlemail.com>