Commit Graph

18 Commits

Author SHA1 Message Date
Ben Clayton ba93d14c9a fuzzers: Fix use-after-free
Diagnostics hold a pointer to the source, used for printing the source in the error message.
Because of this, the source must live at least as long as the diag::list.

Fixed: chromium:1232097
Change-Id: Iad8b30a2bd69f505dd8bb0eadc5a35115400d047
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59360
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
2021-07-22 22:53:24 +00:00
Ryan Harrison 18d7e785d3 Fuzz WGSL and MSL generator options
BUG=tint:973

Change-Id: I94dc136444e9650dcf3d1c81a52e6d4491b21a16
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59221
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: James Price <jrprice@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2021-07-22 13:25:54 +00:00
Ben Clayton 88bd8a1690 fuzzers: Fix Reader::vector<T>()
count != size

Bug: chromium:1231169
Change-Id: I11420fd665db787546df5616ab3f884b5c972abf
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59020
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-07-20 18:59:10 +00:00
Ben Clayton b29396e472 fuzzers: Don't pointlessly format diagnostics
Fuzzers like to generate silly long source, and formatting large spans of these can take considerable time.
Only format the diagnostic if it is going to be displayed.

Significantly speeds up some fuzzing tests, fixing some timeouts.

Also add a minor optimization to the formatter repeat() implementation.

Fixed: chromium:1230313
Change-Id: Ib1f6ac0b31010f86cb7f4e1432dc703ecbe52cb0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58841
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-07-20 14:39:50 +00:00
Ben Clayton cdcec6d08c fuzzers: Don't call data() on empty std::vector
UBSAN takes objection to this.

Fixed: chromium:1230344
Fixed: chromium:1230346
Fixed: chromium:1230372
Fixed: chromium:1230439
Fixed: chromium:1230457
Change-Id: I351bca06911f2e87f929f08d2aa78a1d8d43d296
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58399
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
2021-07-19 09:33:19 +00:00
Vasyl Teliman 365af046ca Fix SPIRV-Tools fuzzer
This CL fixes a regression in SPIRV-Tools fuzzer after the changes in https://dawn-review.googlesource.com/c/tint/+/57101. Additionally, a bunch of sanity fixes are added to the CommonFuzzer.

Change-Id: Ie6512ddca20572d23634c4b5265b39540a42b4bd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58224
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
2021-07-16 09:25:14 +00:00
Vasyl Teliman 0b3611b8c8 Add spirv-tools fuzzer
This change adds a new tint fuzzer that uses SPIRV-Tools to fuzz SPIR-V binaries.
The fuzzer works on a corpus of SPIR-V shaders. For each shader from the corpus it uses
one of `spirv-fuzz`, `spirv-reduce` or `spirv-opt` to mutate and then runs the shader through
the Tint compiler in two steps:
- Converts the mutated shader to WGSL.
- Converts WGSL to some target language specified in the CLI arguments.

The list of all supported CLI arguments and their description is in the cli.h file.

Change-Id: I95c0741b78ccc600dd9a73c371d520bdf7814352
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/41945
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: Alastair Donaldson <allydonaldson@googlemail.com>
2021-06-24 18:10:46 +00:00
Ben Clayton 6b358c3f21 Fix tint fuzzer build
Enable the fuzzers for Kokoro presubmits so we can actually know when we break it.

Change-Id: I7270390045353f79c27a7f661afcc7e888628fcd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/53385
Kokoro: Kokoro <noreply+kokoro@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
2021-06-07 08:07:11 +00:00
Ryan Harrison a0174e613f Add fuzzing for transform::VertexPulling
Includes a significant refactoring of helper functions in
tint_common_fuzzer.cc/.h

BUG=tint:722

Change-Id: I1fdab0113bae02c4a0bf8da0d1b7729f05a2fc5b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49902
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-05-06 15:43:33 +00:00
Ryan Harrison 52456c69c8 Add fuzzing for transform::SingleEntryPoint
BUG=tint:722

Change-Id: I83dfb2cb196f6e80ffb48dc41ff385621a5d629e
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49580
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-29 20:49:25 +00:00
Ryan Harrison b5c908f700 Add fuzzing for transform::BindingRemapper
BUG=tint:722

Change-Id: I742f1e536ef0429c2e7b8c9ea6c13b836a2ec0c2
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/49360
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-04-28 15:35:43 +00:00
Ben Clayton 5d5ec24571 src/transform: Remove deprecated APIs
These have now been removed from Dawn.

Change-Id: I50e784141e6eb07f4f0d3f508bb8c6199429dd63
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/48044
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-04-26 20:38:36 +00:00
Ryan Harrison 1870a48d5f Add fuzzer for Inspector
BUG=tint:445

Change-Id: Ic342c7e83827bcc57bfd134dec92b03cb9708a70
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/37540
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-01-13 15:50:11 +00:00
Ryan Harrison 0b5d1dd5d8 Re-land fuzzing work with fix
Revert "Revert 3 fuzzing CLs, since they are preventing rolling into Chromium."

This reverts commit 1d9935cf37.

Also adjusts BUILD.gn file, so that Chromium build can find all the
needed symbols.

BUG=tint:58,tint:59,tint:193,tint:194,tint:199,tint:436

Change-Id: I3fe71ff52c8156f30fccfaab0bf7f647f158aea4
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/37460
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-12 16:23:48 +00:00
Ryan Harrison 1d9935cf37 Revert 3 fuzzing CLs, since they are preventing rolling into Chromium.
Revert "Adding fuzzing for Transforms"

This reverts commit 4a29008c7e.

Revert "Add fuzzers for various emission paths"

This reverts commit 39545b7e7c.

Revert "Create common utility class for fuzzing"

This reverts commit 766e31d507.

Change-Id: Ia4e4ea2a4a5f423ea5bfa8ca9659c4028b558b45
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/37180
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-11 15:22:19 +00:00
Ryan Harrison 4a29008c7e Adding fuzzing for Transforms
Fuzz all transforms being applied together, and fuzz each transform
separately.

BUG=tint:436

Change-Id: I53cf2e05c69f495f27bfa428f55ec033a85a612a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/36945
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
2021-01-08 02:42:43 +00:00
Ryan Harrison 39545b7e7c Add fuzzers for various emission paths
BUG=tint:58,tint:59,tint:194,tint:195

Change-Id: Ibca5efbcd608489dcb7c6c45a5fcf596b97165dc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/36901
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
2021-01-07 20:33:22 +00:00
Ryan Harrison 766e31d507 Create common utility class for fuzzing
This moves the usage of Tint in the fuzzers into a single class. This
will be expanded in the future to support emitting shaders, so fuzzing
tests, just need to indicate which reader & writer they want to use,
instead of having each test implement all of the API usage logic
directly.

BUG=tint:199

Change-Id: Id081a374014b7640a07b267e544ddeba3e6329dd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/36760
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
2021-01-07 16:20:32 +00:00