Overriding the alignment to 1 would cause nested structures to be
incorrectly laid out. The fix: Don't override the alignment.
All struct layout validation works on the sem offsets, so none of this
has to change.
Bug: tint:1776
Change-Id: Ic01d45fb2790cd823ed9a55e336860ebdc351aea
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/112603
Kokoro: Ben Clayton <bclayton@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Update CreateASTTypeFor() to handle a potential edge-case described in tint:1764.
We haven't seen this issue happen in production, nor can I find a way to trigger this with the tint executable, but try to handle this before we encounter a nasty bug.
Fixed: tint:1764
Change-Id: I496932955a6fdcbe26eacef8dcd04988f92545a1
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/111040
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
There's a reason the overload of `ctx.Replace()` that takes a pointer to the replacement is deprecated - it doesn't play well when used as part of another replacement.
Switch to using the callback overload of Replace() to fix bad transform output.
Bug: tint:1386647
Change-Id: I94292eeb65d24d7b2446b16b8b4ad13bdd27965a
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/111000
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Passing a dereferenced value from Hashmap::Find() directly into Hashmap::Add() is a potential cause of UAF, as the insertion may reallocate the map, invalidating the input reference.
I'll try to think of ways to make this foot-gun harder to do, but this CL fixes the immediate bug found by fuzzers.
Bug: chromium:1383755
Change-Id: I4f8b2fcb0745b008a47ef9947c330afb9ac4e78f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/110020
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Discard statements no longer affect the behavior or uniformity
analysis. Update the resolver, validator, and several tests to reflect
this.
Some E2E tests were removed as they had loops that are now considered
to be infinite.
Use the DemoteToHelper transform to emulate the correct semantics on
platforms where discard is (or may) terminate the invocation in a
manner that would affect derivative operations.
We no longer need the UnwindDiscardFunctions transform for HLSL, which
already implements the correct semantics. However, we still run the
DemoteToHelper transform for the HLSL backend due to issues with FXC's
handling of discard statements (see crbug.com/tint/1118).
Fixed: tint:1723
Change-Id: Ib49ff187919ae81c4af8675e1b66acd57e2ff7d2
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109003
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Replace the ShouldRun() method with Apply() which will do the
transformation if it needs to be done, otherwise returns
'SkipTransform'.
This reduces a bunch of duplicated scanning between the old ShouldRun()
and Transform().
This change also adjusts code style to make the transforms more
consistent.
Change-Id: I9a6b10cb8b4ed62676b12ef30fb7764d363386c6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107681
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
This CL make transform AddBlockAttribute always try to wrap types used
by buffer variables into a struct, in order to generate valid GLSL code
for assigning one buffer struct variable to another buffer struct
variable.
Fixed: tint:1735
Change-Id: I009d8a9ca7ecea1dc0ad6164275c964a18acb33f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108023
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Attempting to paper over all the MSL standard library holes for packed_vector in the MSL writer added complexity to the writer, produced messy output, and didn't actually catch all the cases where casts were needed.
Add a new PackedVec3 transform that applies the packed_vector -> vec casts in a smarter, more precise way.
Fixed: tint:1534
Change-Id: I73ce7e5a62fbc9cb04e1093133070f5fb8965dce
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107340
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
This CL removes the parsing of a `-` in front of numerics when lexed.
This will cause the number to become a UnaryOperator negation then the
number instead of a negative number.
Bug: tint:1679, tint:1141, tint:1570
Change-Id: I217c0ffcbe5be934c8d56bd83141b47ade83bc60
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106463
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
This CL fix the spv code generated for atomicCompareExchangeWeak,
specifically the emulated `exchanged` field of the returned struct.
It should be true if and only if the `old_value`, i.e. the return value
of spv `OpAtomicCompareExchange`, equals to the comparator, rather than
equals to new value.
Fixed: tint:1663
Change-Id: I1cb0de6bb6b90ae681f5053b8bdd6f6b247146f6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107180
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
In WGSL, we can shift left abstracts by >= 64, as long as the result is
representable in the data type we choose for it. When shifting 0, we can
shift by any positive u32 value (result is always 0), but in C++, it's
UB to shift by more than the bit width of the data type, so we need to
handle this. This bug was caught by ClusterFuzz.
Bug: chromium:1372963
Change-Id: I638ca190b93538908ca6472f3735627ea8531c5a
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106266
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
This CL rearranges testcases for E2E test/tint/bug/chromium/1367602,
now it has testcases for both function, private, and storage address
space array variable, with and without explicit initializer, and array
count less than 65536.
Bug: chromium:1367602
Change-Id: Ica0ec9c36586bc7eae0d46473575284e9b734092
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/105282
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
