Commit Graph

12 Commits

Author SHA1 Message Date
Ryan Harrison 71763c84c2 Update remaining fuzzers to use TransforBuilder
Missed some fuzzers in my last fix, because I was trying to git grep
between repos...

This should fix any outstanding issues with
NULL being passed into SetTransformManager in TintCommonFuzzer.

BUG=chromium:1255313

Change-Id: Idf71bc34bb75041accec303df3da0bc6f9cd15cc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65940
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-10-05 19:19:26 +00:00
Ryan Harrison c57642cbd5 Refactor fuzzer transform generation
Also splits out various utility classes from tint_common_fuzzer and
uses consistent naming for utility classes.

BUG=tint:1106

Change-Id: Ic343741eea799366850c46834865d50885554a84
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65301
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
2021-09-30 18:58:32 +00:00
Ryan Harrison 5dc0ea7cce Unify fuzzer random number generation into a single class
BUG=tint:1098

Change-Id: I84931804515487d931bbbb5f0d5239d03ca76dfc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63300
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
2021-09-03 00:59:35 +00:00
Alastair Donaldson 44a0adf9b4 Fuzzers: Avoid passing target backend as parameter
Changes various fuzz targets so that the target back-end language (HLSL,
MSL, SPIR-V or WGSL) is no longer passed as a command line argument, but
instead baked into the fuzzer's binary. This avoids a problem whereby a
ClusterFuzz bug reproducer does not use the required back-end command
line argument.

Change-Id: I64402a23391ca0f24c9d1ffd2aa2f218cc7106b1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63163
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-08-31 22:07:17 +00:00
Ryan Harrison 5085efb748 Add robustness pass to ast and regex fuzzers
Fixed: tint:1104
Change-Id: I4ea3aa283c1c4b5e55f507dbc104b21c8bedb63b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61521
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: James Price <jrprice@google.com>
2021-08-11 13:02:45 +00:00
Vasyl Teliman badec55068 Fix null char in AST fuzzer
There is no need to take the null char into account when copying
mutated data with memcpy in AST fuzzer.

Change-Id: I78530c3679a31f252d2eaebd6de2a1261d346a57
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59449
Auto-Submit: Vasyl Teliman <vasniktel@gmail.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-07-26 11:25:17 +00:00
Ben Clayton b29396e472 fuzzers: Don't pointlessly format diagnostics
Fuzzers like to generate silly long source, and formatting large spans of these can take considerable time.
Only format the diagnostic if it is going to be displayed.

Significantly speeds up some fuzzing tests, fixing some timeouts.

Also add a minor optimization to the formatter repeat() implementation.

Fixed: chromium:1230313
Change-Id: Ib1f6ac0b31010f86cb7f4e1432dc703ecbe52cb0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58841
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-07-20 14:39:50 +00:00
Vasyl Teliman fa4d4341f4 Fix AST fuzzer message serialization
Currently, AST fuzzer requires that all fuzzed binaries are serialized protobuf messages.
In principle, we don't need this when we don't record mutations (which is the case right
now). Hence, this CL removes that requirement.

Change-Id: Ibe677d1ac7d34d640d6e3a368af50df5b4fe474a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58225
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
2021-07-16 17:50:04 +00:00
Vasyl Teliman 979a0b4446 Fix CLI parameters in fuzzers
This CL changes the prefix of CLI parameters in AST and SPIRV-Tools
fuzzers from `--` to `-` to make these fuzzers compatible with ClusterFuzz.
Additionally, a `tint_` prefix was added to all CLI arguments to prevent their
name collisions with LibFuzzer arguments.

Change-Id: Id2e087e59f04b495d5a7edb3b62d55de652c1acd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58226
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-07-16 10:26:34 +00:00
Vasyl Teliman 365af046ca Fix SPIRV-Tools fuzzer
This CL fixes a regression in SPIRV-Tools fuzzer after the changes in https://dawn-review.googlesource.com/c/tint/+/57101. Additionally, a bunch of sanity fixes are added to the CommonFuzzer.

Change-Id: Ie6512ddca20572d23634c4b5265b39540a42b4bd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58224
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
2021-07-16 09:25:14 +00:00
James Price 5db7d38c13 fuzzers: Switch AST fuzzers to new generator API
Change-Id: If9f843a318be6e9bbb44bc852814811a5e42baf0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57980
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-07-14 12:49:32 +00:00
Vasyl Teliman c6bcab02fd Implement AST fuzzer
This change implements a new fuzzer. It mutates a WGSL shader by traversing
the AST of a program and applying various transformations that might or might not
be semantics preserving.

Change-Id: I6b144bd1067444c3f0b815ba1a646aaf6e739b52
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/52160
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Alastair Donaldson <allydonaldson@googlemail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-07-13 12:01:25 +00:00