Commit Graph

35 Commits

Author SHA1 Message Date
Ben Clayton c33d10ae79 tint/resolver: Fix bad pointer deref (UAF)
Passing a dereferenced value from Hashmap::Find() directly into Hashmap::Add() is a potential cause of UAF, as the insertion may reallocate the map, invalidating the input reference.

I'll try to think of ways to make this foot-gun harder to do, but this CL fixes the immediate bug found by fuzzers.

Bug: chromium:1383755
Change-Id: I4f8b2fcb0745b008a47ef9947c330afb9ac4e78f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/110020
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
2022-11-13 18:26:25 +00:00
Ben Clayton 46ee63933c tint/transform: Implement div / mod polyfill
Prevents UB for divide-by-zero and integer overflow when dividing

Fixed: tint:1349
Change-Id: Ieef66d27d7aec3011628ced076b2bccc7770a8af
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108925
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
2022-11-09 22:04:11 +00:00
Ben Clayton ca98b1b1b9 tint/resolver: Resolve dependencies of parameter attributes
Fixed: chromium:1381883
Change-Id: If93840977407e349ab8d3ea5a2f51b9e03c7d0e5
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108920
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
2022-11-07 13:15:21 +00:00
Zhaoming Jiang 6ab5d3c151 Tint/transform: make AddBlockAttribute always do wrapping if possible
This CL make transform AddBlockAttribute always try to wrap types used
by buffer variables into a struct, in order to generate valid GLSL code
for assigning one buffer struct variable to another buffer struct
variable.

Fixed: tint:1735
Change-Id: I009d8a9ca7ecea1dc0ad6164275c964a18acb33f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108023
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
2022-11-02 02:25:38 +00:00
Ben Clayton c02feff258 tint/cmd: Add `--rename-all` flag
Renames all symbols

Add a test for tint:1725

Bug: tint:1725
Change-Id: Idac45c677d15361d76510068ad756e2f9bffacb0
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106880
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
2022-11-01 16:12:23 +00:00
Ben Clayton a92f4259d5 tint/writer/msl: Move packed_vector hacks to transform
Attempting to paper over all the MSL standard library holes for packed_vector in the MSL writer added complexity to the writer, produced messy output, and didn't actually catch all the cases where casts were needed.

Add a new PackedVec3 transform that applies the packed_vector -> vec casts in a smarter, more precise way.

Fixed: tint:1534
Change-Id: I73ce7e5a62fbc9cb04e1093133070f5fb8965dce
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107340
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
2022-10-27 14:36:49 +00:00
dan sinclair b3b027d3cd Update lexer to not include `-` in numbers.
This CL removes the parsing of a `-` in front of numerics when lexed.
This will cause the number to become a UnaryOperator negation then the
number instead of a negative number.

Bug: tint:1679, tint:1141, tint:1570
Change-Id: I217c0ffcbe5be934c8d56bd83141b47ade83bc60
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106463
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
2022-10-26 15:20:47 +00:00
Antonio Maiorano b6e1bc7d5d tint: Fix C++ UB when shifting abstract 0 left by >= 64
In WGSL, we can shift left abstracts by >= 64, as long as the result is
representable in the data type we choose for it. When shifting 0, we can
shift by any positive u32 value (result is always 0), but in C++, it's
UB to shift by more than the bit width of the data type, so we need to
handle this. This bug was caught by ClusterFuzz.

Bug: chromium:1372963
Change-Id: I638ca190b93538908ca6472f3735627ea8531c5a
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106266
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
2022-10-18 20:17:55 +00:00
Zhaoming Jiang 32718a5527 Tint/E2E: Fix testcases for bug/chromium/1367602
This CL rearranges testcases for E2E test/tint/bug/chromium/1367602,
now it has testcases for both function, private, and storage address
space array variable, with and without explicit initializer, and array
count less than 65536.

Bug: chromium:1367602
Change-Id: Ica0ec9c36586bc7eae0d46473575284e9b734092
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/105282
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
2022-10-14 02:50:38 +00:00
Ben Clayton d6daefc379 wgsl: Print abstract-floats with full precision.
Change-Id: Ie95547f065b896983b90ffd5455538fdd843b81a
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/104824
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2022-10-12 19:13:38 +00:00
dan sinclair 66d3efb669 Limit array element count to less then 65536 elements.
This CL adds element count limits to arrays. In FXC there is a maximum
of 65536 elements in an array. This limit is not yet in WGSL, but adding
this here allows us to fix the issue with large arrays and GLSL.

Bug: chromium:1367602
Change-Id: I7df9d3e4f6c3e5107420d5f8e576d1f33e453161
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/104240
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2022-10-03 17:25:42 +00:00
Stephen White 05d8b02b0f GLSL: implement host-visible memory padding.
Since GLSL ES does not support the offset= attribute, struct members
with explicit @align or @size attributes require adding explicit
padding members.  This in turn requires rewriting any constructor
calls to initialize the new padding to zero, handled in the same
transform.

Note that this is currently overly-verbose, and will add padding where
GLSL doesn't technically need it (e.g., padding a vec3 out to 16 bytes).

Bug: tint:1415
Change-Id: Ia9ba513066a0e84f4c43247fcbbe02f5fadd6630
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/101720
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Stephen White <senorblanco@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
2022-09-13 19:48:51 +00:00
Ben Clayton 4b70776aed tint: Fix transform errors when calling arrayLength() as a statement
Bug: chromium:1360925
Change-Id: If60fa4bb1cf4981c10dd15f8814c0aed70c0066e
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/101780
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2022-09-09 20:42:29 +00:00
Stephen White 863d9edf59 GLSL: Change Add[Spirv]BlockAttribute to support GLSL
Modify the AddSpirvBlockAttribute transform to fix top-level structure
access of uniform, storage and push-constant buffers for use in the
GLSL backend. The small change to the transform makes the transform
wrap host-sharable buffers, if they're also used as a
non-host-sharable structure. Also rename the transform to
AddBlockAttrbibute in order to reflect its wider applicability.

Change-Id: Ib2bf4ebf6bce72790791dbae9387032be765e4b9
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/101061
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Stephen White <senorblanco@chromium.org>
2022-09-02 19:19:10 +00:00
Zhaoming Jiang ff1330240b tint/transform: Fix index 0 accessing in DecomposeMemoryAccess
This patch fix a bug in DecomposeMemoryAccess, allowing access index 0
of a member in uniform and storage buffer being recognized as constant
index.

Bug: tint:1652
Change-Id: Ia428de17c860bdafe87c3af9e46426c74fe8fd68
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/99480
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Auto-Submit: Zhaoming Jiang <zhaoming.jiang@intel.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2022-08-17 18:15:00 +00:00
dan sinclair 3abad2c125 When emitting a MSL struct initializer emit the struct name.
This CL changes the MSL emission for struct initializers to emit the
struct name first.

`const a = {.f=float3(1)}` becomes `const a = Normals{.f=float3(1)}`.

This fixes an issues where the initialization happens inside an array
which the downstream compiler rejected without the explicit struct
naming.

Bug: tint:1641
Change-Id: I948b9ca94f4b89eac6d5bbbaa615b3d71d50c737
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/98760
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2022-08-11 02:28:01 +00:00
Antonio Maiorano a58d8c9fac tint: fix builtin calls and binary ops with abstract args of different type
If a call to atan2 with args of type AFloat and AInt is made, Resolver
would correctly select the atan2(AFloat, AFloat) overload, but if the
input args were of type (AFloat, AInt), it would attempt to constant
evaluate without first converting the AInt arg to AFloat. The same would
occur for a binary operation, say AFloat + AInt. Before constant
evaluating, the Resolver now converts AInt to AFloat if necessary.

Bug: chromium:1350147
Change-Id: I85390c5d7af7e706115278ece34b2b18b8574f9f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/98543
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
2022-08-10 20:01:17 +00:00
Zhaoming Jiang 20cddbf04c tint: Implement modf and frexp built-ins for f16 types
This patch implement modf and frexp built-ins for f16 types, and also
simplify their implementation for f32 in MSL and HLSL, and clean up
deprecated code in GLSL writer. Corresponding unittests are also
implemented, but end-to-end tests for f16 are not implemented yet.

Bug: tint:1473, tint:1502
Change-Id: I12887ae5303c6dc032a51f619e1afeb19b4603b6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/98102
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2022-08-05 15:11:44 +00:00
Antonio Maiorano 239a92d2d0 tint: transform::RemovePhonies: skip builtins with no side effects
This transform was attempting to remove builtins with no side
effects, such as a call with abstract int/float args, which is unhandled
by this transform. For example, this would cause the transform to ICE:

_ = clamp(1, 2, 3);

Fixes ClusterFuzz issue crbug.com/1348739.

Bug: chromium:1348739
Change-Id: Ie355eb36c6c020417c2d93f2dc434c11dbb72d1f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/97880
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2022-08-01 17:21:54 +00:00
Ben Clayton 7d34de88f1 tint/test-runner: Split expectations for FXC and DXC
Change tint's `--fxc` flag to take the path of the FXC compiler DLL.
Have tint attempt to validate with both FXC and DXC if `--validate` is
passed.

Fix the 'dirsWithNoPassExpectations' logic which looks like it got
broken with the tint -> dawn merge. It also incorrectly applied
filepath.FromSlash() on windows.

Change-Id: I0f46aa5c21bc48a2abc48402c41f846aff4a8633
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/96800
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
2022-07-22 17:43:27 +00:00
Ben Clayton 5716611bf0 tint/resolver: Materialize objects when indexed with non-const index
If an abstract-vector or abstract-matrix is indexed with a non-constant index expression, then the resulting value is non-constant, and so cannot be abstract.

In this situation the materialization cannot be done post-index, so materialization must happen on the object before indexing.

Bug: chromium:1345468
Change-Id: I9f29dc40301779a7ff8f173724374bd845a3a5b9
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/96684
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
2022-07-21 15:25:35 +00:00
Ben Clayton ac660c2794 tint: Implement const eval of unary complement
Bug: tint:1581
Bug: chromium:1343242
Change-Id: I76b4f041494ceb2afcf5a604fcda32e046ffca35
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/96100
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
2022-07-15 23:54:10 +00:00
Ben Clayton 63e6f820d8 tint/resolver: Evaluate const-expr swizzles
Bug: chromium:1341475
Change-Id: I2ac44824b08c460df759a96d0ba96f6045b60f74
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/95765
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
2022-07-07 17:49:02 +00:00
Ben Clayton c64ca23d94 tint: Deprecated module-scope 'let' for 'const'
Enable the parsing of 'const'.
Warn on use of module-scope 'let', and automatically replace with 'const'.

Fixed: tint:1580
Change-Id: I214aabca80686dc6b60ae21a7a57fbfb4898ea83
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/93786
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
2022-06-29 00:55:36 +00:00
Ben Clayton f47887d207 tint/writer/msl: Generate an array<T,N> helper
And remove the WrapArraysInStructs transform.

Wrapping arrays in structures becomes troublesome for `const` arrays, as
currently WGSL does not allow `const` structures.

MSL 2.0+ has a builtin array<> helper, but we're targetting MSL 1.2, so
we have to emit our own. Fortunately, it can be done with a few lines of
templated code.

This produces significantly cleaner output.

Change-Id: Ifc92ef21e09befa252a07c856c4b5afdc51cc2e4
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/94540
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
2022-06-24 17:01:59 +00:00
dan sinclair b29892be09 Update src/tint unittests to new @stage format.
This CL updates all of the Tint unittests to the new @stage shorter
syntax. This also updates the WGSL writer to emit the new short forms
instead of using the deprecated form.

Bug: tint:1503
Change-Id: I8c49e5319a19cccb5b4b5078f3ab39c50f31a9a8
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/92483
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
2022-06-07 13:55:34 +00:00
Ben Clayton 8e3485248e tint/writer/spirv: Inline constant expressions
This is required to handle materialized values, and for constant
expressions.

Bug: tint:1504
Change-Id: If0a49e9b03566c06aa6e4e4c284fc427e1541e91
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/92082
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
2022-06-01 15:57:22 +00:00
Ben Clayton e9f8b09063 tint/writer/hlsl: Inline constant expressions
This is required to handle materialized values, and for constant
expressions.

Bug: tint:1504
Change-Id: I79ad567954de2d1cfea09dda255894e4e2aa678e
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/92081
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
2022-06-01 13:14:39 +00:00
Ben Clayton cb6ddd2aa6 tint/writer/msl: Inline constant expressions
This is required to handle materialized values, and for constant
expressions.

Bug: tint:1504
Change-Id: Ic3ac62317241fa6f7009360128f222aeb56f62e4
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/92083
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
2022-06-01 10:08:29 +00:00
Ben Clayton 25b7e98d11 tint/writer/glsl: Inline constant expressions
This is required to handle materialized values, and for constant
expressions.

Bug: tint:1504
Change-Id: Ie0177f148e08a0e1a3f4d7e06e283f121655804b
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/92080
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
2022-06-01 01:11:59 +00:00
Antonio Maiorano 08f4b557fc Implement atomicCompareExchangeWeak returning struct instead of vec2
Also fixed implementation of this atomic in GLSL. It was emitting code
that would not compile because, as for HLSL, we must pass in the
variable directly to atomic funcs, not via an in/out arg to a function.

Bug: tint:1185
Change-Id: Id0e9f99d6368717511ef3a94473634c512e10cb8
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/91881
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
2022-05-31 13:20:28 +00:00
Stephen White 790e4c2d60 GLSL writer: emit gl_PointSize = 1 in all vertex shaders for OpenGL.
The OpenGL ES 3.1 spec says:

"The point size is taken from the shader built-in gl_PointSize written by the vertex shader, and clamped to the implementation-dependent point size range. If the value written to gl_PointSize is less than or equal to zero, or if no value is written, the point size is undefined."

ANGLE/D3D11 will emit a warning on this and abort processing, causing dawn_end2end tests to fail.

Bug: dawn:1390
Change-Id: I6a56467842ba80d8a070af7240ee07bb111089dd
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/87720
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Stephen White <senorblanco@chromium.org>
2022-04-22 21:25:02 +00:00
James Price 3b671cb377 wgsl: Separate struct members with commas
Use of semicolons is still supported, but deprecated.

Also updates the parsing methods for structures to better match the
WGSL grammar.

Bug: tint:1475
Change-Id: I7675ba42c13f91080b0ac173c352e0092021f80b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/84380
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
2022-03-28 14:31:22 +00:00
James Price bcd9ad2ebb Remove isNan, isInf, isFinite, and isNormal
These were deprecated in M98.

Fixed: tint:1312
Change-Id: Ieec17bfcc729f90d0a9aa8904a162167b9de54ed
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/82800
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
2022-03-05 00:39:14 +00:00
Ryan Harrison dbc13af287 tint->dawn: Shuffle source tree in preperation of merging repos
docs/    -> docs/tint/
fuzzers/ -> src/tint/fuzzers/
samples/ -> src/tint/cmd/
src/     -> src/tint/
test/    -> test/tint/

BUG=tint:1418,tint:1433

Change-Id: Id2aa79f989aef3245b80ef4aa37a27ff16cd700b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/80482
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2022-02-21 15:19:07 +00:00