During HexFloat parsing, if exponent was too large, we would overflow
the signed integer being used to store its value. We now use an uint32_t
to avoid UB, then convert to int32_t when it's safe to do so.
Also error out if the input exponent is > INT_MAX - 127, which ensures
we will not wrap around and produce an invalid result when adding the
exponent bias of 127.
Bug: chromium:1240048
Bug: tint:1150
Change-Id: I1b57b2c965358b803ebb68ea70b76e759cdd3939
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63120
Reviewed-by: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
- Locally tested with each of the 6 options turned off alone, and fixed
the build.
- Added an incremental build to the Linux Kokoro build with all these
flags disabled, which will help catch a subset of build issues related
to these flags.
Bug: tint:1139
Change-Id: I40eaaea31d88879aa19eac3f17c47b7e7d7a477f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63241
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Adds casts to uint64_t so that a comparison between size_t and the
largest possible uint32_t value does not lead to a tautological warning
when building for i386.
Fixes tint:1162
Change-Id: Ib18140805d443d51bb7e48c9e345b21b9d5651fb
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63440
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
BUG=tint:1098
Change-Id: I84931804515487d931bbbb5f0d5239d03ca76dfc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63300
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Refactors the CMake rules for the tint fuzzers so that when OSS-Fuzz is
controlling the build process no specific fuzzer options are used. This
allows OSS-Fuzz to fully control the fuzzing engine.
Change-Id: Ic4423b981df12e66a14ca8f53c97168ac28bfa39
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63342
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Since the APIs being tested take in strings, using
onlyascii.
Restricting the size of test cases, so that we get more
diverse smaller test cases, instead of generating 1MB of 0s.
BUG=tint:1095,tint:1096
Change-Id: I0590bf0146c3395278ead362e2add328f669aea7
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63180
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Adds a stand-alone executable that serves as an entry point for black
box fuzzing. It reads data from a given file, and then calls into the
same code that the libFuzzer fuzzer targets do.
Fixes: tint:1151
Change-Id: I23f4c5b4aa7040f434c791404136422f5c8ee12a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63341
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Change-Id: Ib084dd47a7ad37a64d8abe9cc577f6b05b91a913
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63340
Auto-Submit: Alastair Donaldson <afdx@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Change ast::Array to use an ast::Expression for its `size` field. The
WGSL frontend now parses the array size as an `primary_expression`,
and the Resolver is responsible for validating the expression is a
signed or unsigned integer, and either a literal or a non-overridable
module-scope constant.
The Resolver evaluates the constant value of the size expression, and
so the resolved sem::Array type still has a constant size as before.
Fixed: tint:1068
Fixed: tint:1117
Change-Id: Icfa141482ea1e47ea8c21a25e9eb48221f176e9a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63061
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
WGSL only allows literals and identifiers as arguments to
workgroup_size.
Also, change "parameter" to "argument" in the workgroup_size error
messages.
Change-Id: Ibd252a7c2f08464d9cdea62707e64a8e4f12893a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63320
Auto-Submit: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
We can just use the top-level EmitExpression() here.
Change-Id: I3ab346525b6d49f6a986abb5d89aa792171c1db3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63060
Auto-Submit: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Changes various fuzz targets so that the target back-end language (HLSL,
MSL, SPIR-V or WGSL) is no longer passed as a command line argument, but
instead baked into the fuzzer's binary. This avoids a problem whereby a
ClusterFuzz bug reproducer does not use the required back-end command
line argument.
Change-Id: I64402a23391ca0f24c9d1ffd2aa2f218cc7106b1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63163
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
The clusterfuzz fuzzers are attempting to change the access control of a uniform variable, which produces a program that does not validate.
Create an error diagnostic tagged with diag::System::Transform, which the fuzzers recognise as being invalid configuration to the transform.
Fixed: chromium:1244999
Change-Id: I2d4f2dfd4f2218ac81172003872494acb027323b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63141
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
If enabled, will build targets in the samples subfolder, which currently
only includes the "tint" executable.
Bug: tint:1140
Change-Id: I354d9b6e39ca2cd243649effedaebe3e0b97fc2f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63240
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Fixes:tint:1124
Change-Id: I6cab684423081889d27b266628089c55918e1f9f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62320
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
SPIR-V supports them but WGSL does not.
Fixed: chromium:1230976
Change-Id: I27dbbf4a0f584bcff7355bf513bbd2b924dc349b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62922
Auto-Submit: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: James Price <jrprice@google.com>
Never create semantic types on the stack.
Always use ProgramBuilder::create().
These stack pointers have a tendency of being stored, either by other
types as sub-types, or by maps (see associated bug).
Also, there's a lot of logic that assumes that semantic types are
de-duplicated, and that you can compare pointers. Creating new instances
on the stack will break this in exciting ways.
Fixed: chromium:1243944
Change-Id: I40a652f8c424030106adad2e6531287af13c8714
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62943
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
While looking ahead to determine if a token is an integer, check the
number of digits to make sure that it can actually fit in the internal
representation.
This is an optimization on the existing code, to cause an early exit
and prevent pathological cases with huge integers from consuming too
much processing time, when they will never succeed.
From a functional perspective this has not effect on whether or not a
token will be accepted as an integer, so almost all of the tests do no
need an update. The one exception is a case where the lexer now
catches the invalid integer earlier in the tokenization, so the error
message is a shorter.
This does not handle the equivalent problem for float literals, though
I believe that only exists for non-hex floats.
BUG=chromium:1240715
Change-Id: I27e43711d5f5eda1d54a4128ba514f810abd0313
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62280
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
In https://dawn-review.googlesource.com/c/tint/+/62444 the Resolver validated that there are no parameters of the same function with the same name, but this also introduced validation that errors if parameters shadow a module-scope variable.
The WGSL spec allows for shadowing, but Tint so far has not implemented this support.
There are transforms that generate functions that presume parameter <-> module-scope variable shadowing is okay. DecomposeMemoryAccess is one of these.
This fixes those transforms which could generate programs that fail validation.
Bug: chromium:1242330
Fixed: tint:1136
Change-Id: Id6ec59bbdb398b3b2a23312115a7c1dadf433e98
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62900
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Polyfill this for HLSL using an atomic add with the operand negated.
Fixed: tint:1130
Change-Id: Ifa32d58973f1b48593ec0f6320f47f4358a5a3a9
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62760
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Fuzzers that exercise the SPIR-V reader are being moved to OSS-Fuzz.
This change removes them from the Chromium build so that they cease to
be run by ClusterFuzz. The change also applies a small refactoring to
the fuzzer build rules, so that the tint_ast_clone fuzzer is specified
together with other fuzzers that require the WGSL reader and writer.
Bug: chromium:1243084
Change-Id: I4f5d12a679366634c7cad3e7ac18075bb046a8ba
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62800
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
For these tests, we only really care that we can successfully consume
them and generate valid output for each backend. Having the expected
files in the tree generates significant churn for any change to how we
generate backend code, which makes it hard to inspect diffs.
Change-Id: Ic98c248081144c0fb1791f1303eaf6d459548e3d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62720
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
only picks 5 out of N.
Change-Id: I0e9d2e4bfa1050681dd88af918d040d42484f140
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62442
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
These operators are not defined in the metal namespace when the vector
operands are packed.
Fixed: tint:1121
Change-Id: I2e8f4302e08117ca41bac6c05fb24a70d1215740
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62480
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
MSL vectors with other widths already match WGSL's rules for alignment
and size.
Change-Id: I237052372463ea8323eab47c3b4ca90c6d8afcc3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62600
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
For the Is() overload that takes a predicate function, infer the cast target type from the single parameter of the predicate.
Removes noise.
Change-Id: Ie6248c776ca1f9d50808e03e9685056fd3819217
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62441
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Calls to functions and intrinsics that do not return a value must only be used by a call statement.
Fixed: chromium:1241460
Change-Id: I0f940c942b55a5212367dbf9e261083beb4560ec
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62440
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
This is in the metal namespace, which we import fully.
Change-Id: I986cdebbe1897ad0b433bc0260480dd8839f93e0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62400
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
These are never valid. The WGSL parser cannot produce them, but the
SPIR-V reader can since these are not always caught by spirv-val.
Fixed: chromium:1239557
Change-Id: Ie19e4534ffb73b61beaa42046b18b2b8a3f7f65b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/62020
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Sarah Mashayekhi <sarahmashay@google.com>
Reviewed-by: Sarah Mashayekhi <sarahmashay@google.com>
The storage type of an assignment has to be constructible, which
prevents stores to atomic or runtime-sized array types.
Change-Id: Ie7bb703bb4c6953a4ddf0286f39d0d3e17b5b1d2
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61801
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: James Price <jrprice@google.com>
Reviewed-by: Sarah Mashayekhi <sarahmashay@google.com>
The type of a type constructor must be constructible, which forbids
atomics. Add checks for non-constructible types when validating arrays
and structures, and then error on any type that isn't explicitly
matched in the outer function. Replaces the separate check for
pointers, which is no longer necessary.
This also removes the validation for "an expression must not evaluate
to an atomic type". The only test that we had for this is no longer
valid (since the type constructor it used is now rejected). There are
no other ways of hitting this particular error, since other validation
rules will always kick in first.
Change-Id: I2172b57ee4e8ee3066aaf0cedc4a26aaca642376
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61800
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: James Price <jrprice@google.com>
Commit-Queue: Sarah Mashayekhi <sarahmashay@google.com>
Reviewed-by: Sarah Mashayekhi <sarahmashay@google.com>
Remap all resources into a flat namespace, to allow tests to pass when
multiple resources use the same binding number.
Fixed: tint:959
Change-Id: I58ed07c789e1ea90fc370ceba73b9d8292902549
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61261
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
The location decoration in the test source was recently changed to fit
in MSL's allowed range.
Change-Id: Ia8ff2cc453f5af3ed084ede42546ef6750bd27a9
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61260
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
This was shared by the shader IO transforms, but is no longer used
after they were refactored.
Bug: tint:920
Change-Id: I879468bbacda6ecb59c4b49ef2434753df74644c
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61121
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
On OSX, under ASAN the fuzzer is causing a null reference due to
.empty() being called on a null.
BUG=chromium:1237630
Change-Id: I73e627eadaa162af451f809c4abe8ec685d8b95c
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61681
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
In these circumstances foo->type() may be null.
BUG=chromium:1238462
Change-Id: I77ed142e3f61f6af52a07e59e290f65613af3514
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61660
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: David Neto <dneto@google.com>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: James Price <jrprice@google.com>
This is to make sure that compiler won't crash when creating data
types using the result from GetNode function from node_id_map.
Change-Id: I96fad13d3494de4808e29d6952e5e88e697f8516
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61381
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Paul Thomson <paulthomson@google.com>
Commit-Queue: Paul Thomson <paulthomson@google.com>
This CL adjusts the scripts to be able to run AST and regex
fuzzer unit tests in Kokoro. Only clang is supported for now.
Change-Id: Ibc9ebb9cf0dc40f47317abf88875aa738811919d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61642
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Currently, it's impossible to move a tint::Program instance into a
variables that has been moved. This CL fixes that.
Bug: tint:1105
Change-Id: Idc04cf2bb569d1cffc2c309117fc4615c41ac76a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61640
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Fixed: tint:1104
Change-Id: I4ea3aa283c1c4b5e55f507dbc104b21c8bedb63b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61521
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: James Price <jrprice@google.com>
I have checked the other fuzzers, and they appear to be correctly
using the generated inputs.
BUG=tint:1099
Fixed: 1099
Change-Id: I691e16ef4130e374894550fcf8e3d5565224a656
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61440
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Added function in node_id_map to check a given id is valid and fresh.
Currently, the structure of FindMutators declares node_id_map as const, which causes issues when we want to call `GetFreshId` from the argument that is passed by reference. A simple work around is to pass a non-const node_id_map as argument directly. That way `GetFreshId` function in node_id_map can continue to be non-const and conveniently update next fresh id whenever a fresh id has been taken.
Change-Id: Ia7e1d247cf92dfefd2ef7e7c1b4bf32363d9ce3f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61100
Reviewed-by: Paul Thomson <paulthomson@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Paul Thomson <paulthomson@google.com>