Commit Graph

20 Commits

Author SHA1 Message Date
Ryan Harrison 8645953be2 Refactor Inspector fuzzing
It is always on now when using tint::CommonFuzzer, and runs before &
after the transform step.

This CL also adds missing API coverage to the Inspector fuzzing code.

Errors found with the Inspector are now reported as fuzzer failures
and should generate bug reports.

BUG=tint:1250,tint:1251,tint:1250

Change-Id: I1c1bcbddf81a35620f89c5b7a648c44e6a1f2952
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66980
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
2021-10-20 05:01:03 +00:00
Alastair Donaldson 54180d6631 Remove WGSL and SPIR-V reader fuzzers
Fuzzing of the WGSL and SPIR-V readers is well covered by fuzzers that
do both reading and writing. This change removes the fuzzers that only
do reading.

Fixes: tint:1254
Change-Id: Ice93016a6e95be7a2e8418387c35f20be13266e5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66923
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-10-20 00:59:31 +00:00
Alastair Donaldson 08146e2300 Fixes for 32-bit build of fuzzers
This change resolves some type-related issues that were leading to
loss-of-precision warnings when compiling for i386 in OSS-Fuzz.

Change-Id: I77912d6b3824a0f942d0f54f1e62914f69e14d7d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66000
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-10-06 17:54:28 +00:00
Alastair Donaldson 4d18c6b7c5 spirv-tools fuzzers: Avoid passing target backend
Changes the spirv-tools fuzzer targets so that the target back-end
language (HLSL, MSL, SPIR-V or WGSL) is no longer passed as a command
line argument, but instead baked into the fuzzer's binary. This avoids
a problem whereby an OSS-Fuzz bug reproducer does not use the required
back-end command line argument.

Change-Id: I69970dfa7f133f8e310ec063c9b6869bd774e7d3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63343
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-09-21 16:41:58 +00:00
Ryan Harrison 5dc0ea7cce Unify fuzzer random number generation into a single class
BUG=tint:1098

Change-Id: I84931804515487d931bbbb5f0d5239d03ca76dfc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63300
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
2021-09-03 00:59:35 +00:00
Alastair Donaldson a96dce9c89 Remove SPIR-V reader fuzzers
Fuzzers that exercise the SPIR-V reader are being moved to OSS-Fuzz.
This change removes them from the Chromium build so that they cease to
be run by ClusterFuzz. The change also applies a small refactoring to
the fuzzer build rules, so that the tint_ast_clone fuzzer is specified
together with other fuzzers that require the WGSL reader and writer.

Bug: chromium:1243084
Change-Id: I4f5d12a679366634c7cad3e7ac18075bb046a8ba
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62800
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-08-25 16:14:43 +00:00
Ryan Harrison b73a12cc5d Ensure that string and container are initialized before use
On OSX, under ASAN the fuzzer is causing a null reference due to
.empty() being called on a null.

BUG=chromium:1237630

Change-Id: I73e627eadaa162af451f809c4abe8ec685d8b95c
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61681
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-08-12 03:40:31 +00:00
Ben Clayton 8ebff3dc85 Revert "Update SPIR-V Tools fuzzer"
This reverts commit 5a53634764.

Reason for revert: This is making the Dawn -> Chromium roller fail.

https://github.com/KhronosGroup/SPIRV-Tools/pull/4407 introduces a new mandatory parameter to the spvtools::fuzz::Fuzzer constructor, which does not exist in Chromium's version of SPIRV-Tools (d9f89257855a2784323512cd9568b6610bcae581).

The roll of SPIRV-Tools into Chromium is currently blocked by another issue, and is a couple of weeks behind ToT. See https://autoroll.skia.org/r/vulkan-deps-chromium-autoroll.

Note, that https://github.com/KhronosGroup/SPIRV-Tools/pull/4407 is going to block the eventual roll of SPIRV-Tools in Chromium, as there's no way this code can compile for both pre and post roll.
I'll try and fix this after unblocking this roll

Original change's description:
> Update SPIR-V Tools fuzzer
>
> Updates spirv-tools DEPS to pull in some recent spirv-fuzz changes, and
> modifies the SPIR-V Tools fuzzer so that inapplicable transformations
> are ignored.
>
> Change-Id: Ibdea6e9bc35224efe148133eced341168f7ce7b7
> Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60209
> Auto-Submit: Alastair Donaldson <afdx@google.com>
> Kokoro: Kokoro <noreply+kokoro@google.com>
> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
> Commit-Queue: Ryan Harrison <rharrison@chromium.org>

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: I4ebcfcfab16e760f64cb8dc622dfb6ef4f1eccf0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60560
Reviewed-by: Ben Clayton <bclayton@chromium.org>
Kokoro: Ben Clayton <bclayton@chromium.org>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
2021-08-02 11:13:49 +00:00
Alastair Donaldson 5a53634764 Update SPIR-V Tools fuzzer
Updates spirv-tools DEPS to pull in some recent spirv-fuzz changes, and
modifies the SPIR-V Tools fuzzer so that inapplicable transformations
are ignored.

Change-Id: Ibdea6e9bc35224efe148133eced341168f7ce7b7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/60209
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-07-29 15:14:27 +00:00
Alastair Donaldson 3647df3fb7 SPIR-V Tools fuzzer: validate before mutation
ClusterFuzz will provide inputs to a fuzzer that did not necessarily
come from the current fuzzing run, thus the SPIR-V Tools mutator can be
presented with arbitrary inputs. This change causes it to validate
inputs before mutation, and reject invalid inputs.

Change-Id: Ic90e62e4f80f38826765b0d815e4f41de915b5df
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59661
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-07-27 16:32:59 +00:00
Alastair Donaldson bd3edb564f Disable size assertions in SPIR-V Tools fuzzer
The SPIR-V Tools fuzzer asserts that the binaries it receives have sizes
that are multiples of 4 bytes, as it should only ever run on valid
binaries. This is failing in ClusterFuzz, likely due to the fuzzer being
misconfigured, so for now these assertions have been replaced with early
exits. They should be reinstated once the fuzzer is correctly
configured.

Fixes: chromium:1232308
Change-Id: I1fa980d09ce9e5c349a2cfcebe0246ebad6613fb
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59440
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: Alastair Donaldson <afdx@google.com>
2021-07-23 11:21:41 +00:00
Alastair Donaldson 8800ba091d Fix assertion strings and tidy up memcpy call
These changes were intended for submission as part of 58386.

Change-Id: I23f7ada1e8940dce6855176724ade1f2bb7687f8
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59024
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-07-21 13:23:51 +00:00
Ben Clayton f3fffdaded Build fixes
fuzzer: GetErrors() was replaced with Diagnostics()
remote-compile: Add missing header for macOS
Change-Id: I7697fd41b3cc4e3b59e10a6c395d610a51ec8daf
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59025
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
2021-07-21 09:40:41 +00:00
Alastair Donaldson 0c7332b2ba SPIR-V Tools fuzzer: check binary size
Adds assertions to check that the SPIR-V Tools fuzzer is not
inadvertently applied to SPIR-V binaries of an invalid size, which
guards against the fuzzer being run in a misconfigured fashion.

The CL also moves a memcpy that populates a SPIR-V binary buffer so
that the memcpy only happens when the input really is SPIR-V. This
avoids frequent redundant memory copies when fuzzing WGSL.

Change-Id: Iafccaa107ff34941d8878ed5be72a2e6d38d0f49
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58386
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-07-20 20:56:30 +00:00
Alastair Donaldson 86dc88725a Add gn build support for spirv-tools + AST fuzzers
Allows the new transformation-based fuzzers to be built using gn, so
that they can be deployed on ClusterFuzz.

Fixes: tint:1002
Fixes: tint:1006

Change-Id: Ib9624e507e40836541eb424e710705345a198db1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58387
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-07-16 20:56:55 +00:00
Vasyl Teliman 979a0b4446 Fix CLI parameters in fuzzers
This CL changes the prefix of CLI parameters in AST and SPIRV-Tools
fuzzers from `--` to `-` to make these fuzzers compatible with ClusterFuzz.
Additionally, a `tint_` prefix was added to all CLI arguments to prevent their
name collisions with LibFuzzer arguments.

Change-Id: Id2e087e59f04b495d5a7edb3b62d55de652c1acd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58226
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-07-16 10:26:34 +00:00
Vasyl Teliman 365af046ca Fix SPIRV-Tools fuzzer
This CL fixes a regression in SPIRV-Tools fuzzer after the changes in https://dawn-review.googlesource.com/c/tint/+/57101. Additionally, a bunch of sanity fixes are added to the CommonFuzzer.

Change-Id: Ie6512ddca20572d23634c4b5265b39540a42b4bd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58224
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
2021-07-16 09:25:14 +00:00
Vasyl Teliman 67993b955e Improve docs in the spirv_tools_fuzzer
Add more docs to the cli.h file in SPIRV-Tools fuzzer.

Change-Id: I327c0f6919c07724ecb471655fb1a284fc6c43ae
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/56065
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
2021-06-28 09:47:57 +00:00
Ben Clayton e225b556c6 fuzzers: Silence doxygen warnings
There's a lot of missing doxygen in the cli.h file. Add a TODO and disable it for now.

Change-Id: Iebd2bf76be73ad0233e4a7dbd893fc3603efa172
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/56061
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-06-25 12:28:56 +00:00
Vasyl Teliman 0b3611b8c8 Add spirv-tools fuzzer
This change adds a new tint fuzzer that uses SPIRV-Tools to fuzz SPIR-V binaries.
The fuzzer works on a corpus of SPIR-V shaders. For each shader from the corpus it uses
one of `spirv-fuzz`, `spirv-reduce` or `spirv-opt` to mutate and then runs the shader through
the Tint compiler in two steps:
- Converts the mutated shader to WGSL.
- Converts WGSL to some target language specified in the CLI arguments.

The list of all supported CLI arguments and their description is in the cli.h file.

Change-Id: I95c0741b78ccc600dd9a73c371d520bdf7814352
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/41945
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: Alastair Donaldson <allydonaldson@googlemail.com>
2021-06-24 18:10:46 +00:00