It is always on now when using tint::CommonFuzzer, and runs before &
after the transform step.
This CL also adds missing API coverage to the Inspector fuzzing code.
Errors found with the Inspector are now reported as fuzzer failures
and should generate bug reports.
BUG=tint:1250,tint:1251,tint:1250
Change-Id: I1c1bcbddf81a35620f89c5b7a648c44e6a1f2952
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66980
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
When enabled, the input spv/wgsl is dumped to a file named
"fuzzer_input_<hash of file>.spv/wgsl".
Note that this adds the setting to all the fuzzers in the root of
fuzzers/, but not to tint_ast_fuzzer, tint_regex_fuzzer, nor
tint_spirv_tools_fuzzer as they currently to their own CLI parsing.
Change-Id: I268ffd842b94be1cbb78eb199d5662712ff71053
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61000
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Adds assertions to check that the SPIR-V Tools fuzzer is not
inadvertently applied to SPIR-V binaries of an invalid size, which
guards against the fuzzer being run in a misconfigured fashion.
The CL also moves a memcpy that populates a SPIR-V binary buffer so
that the memcpy only happens when the input really is SPIR-V. This
avoids frequent redundant memory copies when fuzzing WGSL.
Change-Id: Iafccaa107ff34941d8878ed5be72a2e6d38d0f49
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58386
Auto-Submit: Alastair Donaldson <afdx@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
Fuzzers like to generate silly long source, and formatting large spans of these can take considerable time.
Only format the diagnostic if it is going to be displayed.
Significantly speeds up some fuzzing tests, fixing some timeouts.
Also add a minor optimization to the formatter repeat() implementation.
Fixed: chromium:1230313
Change-Id: Ib1f6ac0b31010f86cb7f4e1432dc703ecbe52cb0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58841
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
We were copying to the address-of the `out` pointer parameter, not the actual pointer.
It's seriously troubling that the fuzzers didn't fail sooner on this.
Fixed: chromium:1230266
Fixed: chromium:1230352
Fixed: chromium:1230356
Fixed: chromium:1230358
Fixed: chromium:1230376
Fixed: chromium:1230377
Fixed: chromium:1230378
Fixed: chromium:1230384
Fixed: chromium:1230395
Fixed: chromium:1230406
Change-Id: I4f67f10127e89f873ab628e5af76b7455d113276
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58681
Auto-Submit: Ben Clayton <bclayton@google.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This change adds a new tint fuzzer that uses SPIRV-Tools to fuzz SPIR-V binaries.
The fuzzer works on a corpus of SPIR-V shaders. For each shader from the corpus it uses
one of `spirv-fuzz`, `spirv-reduce` or `spirv-opt` to mutate and then runs the shader through
the Tint compiler in two steps:
- Converts the mutated shader to WGSL.
- Converts WGSL to some target language specified in the CLI arguments.
The list of all supported CLI arguments and their description is in the cli.h file.
Change-Id: I95c0741b78ccc600dd9a73c371d520bdf7814352
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/41945
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: Alastair Donaldson <allydonaldson@googlemail.com>
Describes what Tint system raised the diagnostic.
Use this information in the fuzzers to distinguish between expected and unexpected failure cases in the Transform fuzzer tests.
Fixed: chromium:1206407
Fixed: chromium:1207154
Change-Id: I3b807acafe384a2fc363d2a4165a29693450b3cf
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/55254
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Handle access control on var declarations instead of via [[access]]
decorations. This change does the minimal work to migrate the WGSL
parser over to the new syntax. Additional changes will be needed
to correctly generate defaulted access qualifiers, as well as
validating access usage.
The [[access]] decorations are still supported by the WGSL parser,
with new deprecated warnings, but not for aliases. Example:
var x : [[access(x)]] alias_to_struct;
Making this work is far more effort than I want to dedicate to backwards
compatibility, and I do not beleive any real-world usage will be doing
this.
Still TODO:
* Adding access control as the optional, third parameter to ptr<>.
* Calculating default accesses for the various storage types.
* Validating usage of variables against the different accesses.
Bug: tint:846
Change-Id: If8ca82e5d16ec319ecd01f9a2cafffd930963bde
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/53088
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: James Price <jrprice@google.com>
Reviewed-by: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Transforms are meant to be reusable. Those that hold state cannot be used concurrently.
State leakage between runs is dangerous.
To fix this:
* Add transform::Data - A new base class for extra information emitted by transforms.
* Add transform::DataMap - A container of Data, keyed by type.
* Add a transform::DataMap field to Transform::Output.
* Have FirstIndexOffset emit a FirstIndexOffset::Data.
* Deprecate the getters on the transform.
Mutability of the transform config is also dangerous as setters can be called while a transform is actively running on another thread.
To fix:
* Expose a VertexPulling::Config structure and add a constructor that accepts this.
* Deprecate the setters on VertexPulling.
Also deprecate Transform::Output::diagnostics.
Put all the transform diagnostics into the returned Program. Reduces error handling of the client.
Change-Id: Ibd228dc2fbf004ede4720e2d6019c024bc5934d1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/42264
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
An unbuilt program doesn't have an ast::Module, so Program::AST() will just explode.
* Have a Program default to false for IsValid()
* Initialize the ast_ field to nullptr. This was previously floating.
* Return from CommonFuzzer::Run() earlier if the InputFormat is not recognised.
Fixed: chromium:1180130
Fixed: chromium:1180157
Change-Id: I9b67daa10746f386f44919a7b9ac5c171092d6e5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/42028
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: David Neto <dneto@google.com>
Remove the Parser classes from the wgsl and spirv namespaces.
These have been replaced with a Parse() method.
Remove the TypeDeterminer::Run() method, this was not called by tint and
the TypeDeterminer is now non-public API.
Change-Id: I5ddb82768da04398ab3958d1647be44f9fe30c21
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/41840
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Program is now immutable*, and remains part of the public Tint
interface.
ProgramBuilder is the mutable builder for Programs, and is not part of
the public Tint interface. ast::Builder has been folded into
ProgramBuilder.
Immutable Programs can be cloned into a mutable ProgramBuilder with
Program::CloneAsBuilder().
Mutable ProgramBuilders can be moved into immutable Programs.
* - mostly immutable. It still has a move constructor and move
assignment operator - required for practical usage - and the
semantic information on AST nodes is still mutable.
Bug: tint:390
Change-Id: Ia856c50b1880c2f95c91467a9eef5024cbc380c6
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/38240
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Enforce all places where Dawn passes in or returns a ast::Module, now takes a `const Program* ` or returns a `Program`.
As the end goal of all this is to have immutable Programs, all Program inputs take a pointer instead of moving the actual object.
As consumers of a Program are now all const, we have to const_cast to work around all the places we've been incorrectly mutating a ast::Module.
These const_casts are temporary, and will be fixed in the next set of changes.
Depends on https://dawn-review.googlesource.com/c/dawn/+/38522
Bug: tint:390
Change-Id: Ie05b112b16134937d1b601e9b713ea4ec4e1c677
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/38541
Reviewed-by: dan sinclair <dsinclair@chromium.org>
This moves the usage of Tint in the fuzzers into a single class. This
will be expanded in the future to support emitting shaders, so fuzzing
tests, just need to indicate which reader & writer they want to use,
instead of having each test implement all of the API usage logic
directly.
BUG=tint:199
Change-Id: Id081a374014b7640a07b267e544ddeba3e6329dd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/36760
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Reviewed-by: dan sinclair <dsinclair@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
