Passing a dereferenced value from Hashmap::Find() directly into Hashmap::Add() is a potential cause of UAF, as the insertion may reallocate the map, invalidating the input reference.
I'll try to think of ways to make this foot-gun harder to do, but this CL fixes the immediate bug found by fuzzers.
Bug: chromium:1383755
Change-Id: I4f8b2fcb0745b008a47ef9947c330afb9ac4e78f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/110020
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
The DXBC asm listing attempts to be helpful when display literals by
making them human readable,but when it displays values as floats, they
will only have a precision of 6.
For example, 0x09909909 ends up getting displayed as 0.000000 because as
a float, this value is 3.48106525683e-33. FXC has an option to output
literals as hex values, so let's use that.
Change-Id: I2b3017bd834eac89248fe01cae85ba1bb4033e59
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109582
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Austin Eng <enga@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Austin Eng <enga@chromium.org>
https://chromium.googlesource.com/vulkan-deps/+log/a7a3fb39310c..c29c532c92db
$ git log a7a3fb393..c29c532c9 --date=short --no-merges --format='%ad %ae %s'
2022-11-10 chromium-autoroll Roll Vulkan-ValidationLayers from 096b2903118c to f276f028ee79 (1 revision)
2022-11-10 chromium-autoroll Roll Vulkan-ValidationLayers from 45b81b398ab4 to 096b2903118c (2 revisions)
2022-11-10 chromium-autoroll Roll Vulkan-ValidationLayers from 983b408199f2 to 45b81b398ab4 (3 revisions)
2022-11-10 chromium-autoroll Roll Vulkan-Headers from f97f29836cb9 to 29c0457cc167 (1 revision)
2022-11-10 chromium-autoroll Roll Vulkan-Tools from e8234991418c to 3a729c0a9d58 (1 revision)
2022-11-10 chromium-autoroll Roll SPIRV-Tools from aae7d4132571 to 68e8327f2932 (2 revisions)
2022-11-10 chromium-autoroll Roll Vulkan-Loader from 1b40be299b02 to 0df63661a5fa (1 revision)
2022-11-10 chromium-autoroll Roll Vulkan-ValidationLayers from e7380d60c9a6 to 983b408199f2 (8 revisions)
2022-11-10 chromium-autoroll Roll Vulkan-Headers from 689821914113 to f97f29836cb9 (1 revision)
2022-11-10 chromium-autoroll Roll Vulkan-ValidationLayers from afd4e9d82d92 to e7380d60c9a6 (3 revisions)
2022-11-10 chromium-autoroll Roll Vulkan-ValidationLayers from fc9da6832a2b to afd4e9d82d92 (1 revision)
2022-11-10 chromium-autoroll Roll Vulkan-ValidationLayers from 1059ee93ebff to fc9da6832a2b (1 revision)
2022-11-10 chromium-autoroll Roll Vulkan-ValidationLayers from 065b8cbc41cb to 1059ee93ebff (1 revision)
2022-11-09 chromium-autoroll Roll Vulkan-Loader from 7e61110364b4 to 1b40be299b02 (2 revisions)
2022-11-09 chromium-autoroll Roll SPIRV-Tools from 525bc38062ab to aae7d4132571 (1 revision)
2022-11-09 chromium-autoroll Roll Vulkan-Loader from 5b054b4333fd to 7e61110364b4 (1 revision)
2022-11-09 chromium-autoroll Roll Vulkan-ValidationLayers from f162411346bb to 065b8cbc41cb (1 revision)
2022-11-09 chromium-autoroll Roll Vulkan-Tools from 6e5bd86b76c0 to e8234991418c (1 revision)
2022-11-09 chromium-autoroll Roll Vulkan-ValidationLayers from 8a253a6c5b7a to f162411346bb (1 revision)
2022-11-09 chromium-autoroll Roll Vulkan-ValidationLayers from e09172e79c0b to 8a253a6c5b7a (1 revision)
2022-11-08 chromium-autoroll Roll Vulkan-Loader from 6442b72aea02 to 5b054b4333fd (1 revision)
2022-11-08 chromium-autoroll Roll glslang from f4cba22d0824 to 2b2523fb951f (1 revision)
2022-11-08 chromium-autoroll Roll Vulkan-ValidationLayers from 212ea587c100 to e09172e79c0b (1 revision)
2022-11-08 chromium-autoroll Roll Vulkan-Headers from ef96d229cb3d to 689821914113 (1 revision)
2022-11-08 chromium-autoroll Roll SPIRV-Tools from 54d4e77fa559 to 525bc38062ab (1 revision)
2022-11-08 chromium-autoroll Roll glslang from 5e08deae050c to f4cba22d0824 (1 revision)
2022-11-08 chromium-autoroll Roll Vulkan-Headers from 1661f3e962f5 to ef96d229cb3d (3 revisions)
2022-11-08 chromium-autoroll Roll Vulkan-ValidationLayers from 2dbf684715c2 to 212ea587c100 (2 revisions)
2022-11-08 chromium-autoroll Roll SPIRV-Tools from a5e766b2b47c to 54d4e77fa559 (1 revision)
2022-11-08 chromium-autoroll Roll Vulkan-ValidationLayers from bcf3a2bd93f2 to 2dbf684715c2 (1 revision)
2022-11-08 chromium-autoroll Roll SPIRV-Cross from abc31207bffb to edd66a2fc9e9 (1 revision)
2022-11-08 chromium-autoroll Roll Vulkan-ValidationLayers from 8382dbcaeb7c to bcf3a2bd93f2 (3 revisions)
2022-11-08 chromium-autoroll Roll Vulkan-ValidationLayers from b5cbd4242593 to 8382dbcaeb7c (2 revisions)
2022-11-08 chromium-autoroll Roll Vulkan-Headers from 91388ba10409 to 1661f3e962f5 (1 revision)
2022-11-07 chromium-autoroll Roll Vulkan-Loader from 6b0551428e57 to 6442b72aea02 (1 revision)
2022-11-07 chromium-autoroll Roll Vulkan-ValidationLayers from 2632b3362f77 to b5cbd4242593 (1 revision)
2022-11-07 chromium-autoroll Roll Vulkan-ValidationLayers from 8a1cdac2bde1 to 2632b3362f77 (1 revision)
2022-11-07 chromium-autoroll Roll Vulkan-ValidationLayers from 94c32cc2541c to 8a1cdac2bde1 (1 revision)
2022-11-07 chromium-autoroll Roll Vulkan-Loader from 8ff839bda370 to 6b0551428e57 (1 revision)
2022-11-07 chromium-autoroll Roll Vulkan-Headers from 52b7c620a540 to 91388ba10409 (1 revision)
2022-11-07 chromium-autoroll Roll Vulkan-ValidationLayers from 62eb78a06365 to 94c32cc2541c (1 revision)
2022-11-07 chromium-autoroll Roll Vulkan-ValidationLayers from 8debb3bd2948 to 62eb78a06365 (2 revisions)
2022-11-07 chromium-autoroll Roll SPIRV-Tools from d35a78db57e6 to a5e766b2b47c (1 revision)
2022-11-05 chromium-autoroll Roll Vulkan-ValidationLayers from 226b595aeec0 to 8debb3bd2948 (1 revision)
2022-11-04 chromium-autoroll Roll Vulkan-Loader from 256a5e3b6d6f to 8ff839bda370 (1 revision)
2022-11-04 chromium-autoroll Roll SPIRV-Tools from c8e1588cfa3f to d35a78db57e6 (1 revision)
2022-11-04 chromium-autoroll Roll Vulkan-ValidationLayers from 37e77914ef0d to 226b595aeec0 (7 revisions)
2022-11-04 chromium-autoroll Roll SPIRV-Headers from 747031e10dea to 47f2465ee3e7 (1 revision)
2022-11-04 chromium-autoroll Roll Vulkan-Loader from 1bc3a2fa8ec1 to 256a5e3b6d6f (8 revisions)
2022-11-04 chromium-autoroll Roll Vulkan-ValidationLayers from a566d5b79346 to 37e77914ef0d (2 revisions)
2022-11-04 chromium-autoroll Roll Vulkan-Loader from 374dbe9df7bd to 1bc3a2fa8ec1 (1 revision)
2022-11-04 chromium-autoroll Roll Vulkan-Headers from ff03306bf986 to 52b7c620a540 (1 revision)
2022-11-04 chromium-autoroll Roll Vulkan-ValidationLayers from e108987ee76c to a566d5b79346 (1 revision)
2022-11-04 chromium-autoroll Roll Vulkan-ValidationLayers from 9a31edfa80d5 to e108987ee76c (7 revisions)
2022-11-04 chromium-autoroll Roll Vulkan-Headers from d4c221772cb2 to ff03306bf986 (1 revision)
2022-11-04 chromium-autoroll Roll Vulkan-ValidationLayers from a38db2b8b172 to 9a31edfa80d5 (1 revision)
2022-11-04 chromium-autoroll Roll Vulkan-ValidationLayers from d5bc5ca269e5 to a38db2b8b172 (1 revision)
2022-11-03 chromium-autoroll Roll glslang from 8da649505887 to 5e08deae050c (1 revision)
2022-11-03 chromium-autoroll Roll Vulkan-Tools from 0bb32875d2e6 to 6e5bd86b76c0 (1 revision)
2022-11-03 chromium-autoroll Roll Vulkan-Loader from da810336e761 to 374dbe9df7bd (1 revision)
2022-11-03 chromium-autoroll Roll SPIRV-Headers from 85a1ed200d50 to 747031e10dea (1 revision)
2022-11-03 chromium-autoroll Roll Vulkan-ValidationLayers from 823f8beb4f70 to d5bc5ca269e5 (2 revisions)
2022-11-03 chromium-autoroll Roll Vulkan-Headers from e12a8f8cde40 to d4c221772cb2 (1 revision)
2022-11-03 chromium-autoroll Roll Vulkan-ValidationLayers from 6d377701f393 to 823f8beb4f70 (1 revision)
2022-11-03 chromium-autoroll Roll Vulkan-Loader from 4f4b32cf7545 to da810336e761 (1 revision)
2022-11-02 chromium-autoroll Roll Vulkan-ValidationLayers from 18a0e59294d1 to 6d377701f393 (2 revisions)
2022-11-02 chromium-autoroll Roll Vulkan-Tools from 292e6ed02141 to 0bb32875d2e6 (1 revision)
2022-11-02 chromium-autoroll Roll Vulkan-Loader from 3f29209dd65d to 4f4b32cf7545 (1 revision)
2022-11-02 chromium-autoroll Roll SPIRV-Tools from a52de681dd17 to c8e1588cfa3f (1 revision)
2022-11-02 chromium-autoroll Roll glslang from 1a8869e4d1be to 8da649505887 (1 revision)
2022-11-02 chromium-autoroll Roll SPIRV-Cross from 744279ec78ff to abc31207bffb (1 revision)
Created with:
roll-dep third_party/vulkan-deps
Change-Id: I24e8219f2226c6ee76a44bc00bb17b30b7a50d32
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109740
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Support function declarations where formal parameters
are textures, samplers, or pointers to them.
Still need to update call sites.
Bug: tint:1039
Change-Id: I5bb3ca73190b2e27c28205e78aa433108efec252
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109540
Commit-Queue: David Neto <dneto@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Currently the presubmit will emit a warning if the formatting fails
but this is easy to miss as the bot goes green. This CL changes
the presubmit to make formatting an error so the issue will be
caught and fixedup before landing.
Change-Id: Ifb83d2a7e524fd086e86b47f7518fea1e65f6d3e
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109563
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Austin Eng <enga@chromium.org>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
This CL adds const-eval for `tan` and `tanh`.
Bug: tint:1581
Change-Id: I3d3506a6e7462bba1557cb88065d696ddc21b0f6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109562
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This CL adds const-eval for `cos` and `cosh`.
Bug: tint:1581
Change-Id: I8df8f979a7b351288cadccda88940fdb5a20d18f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109561
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
This CL adds const-eval for `sin` and `sinh`.
Bug: tint:1581
Change-Id: I96345378c826e2c49ffae688b5185764019967d5
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109560
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
This CL adds const-eval for the `acosh` test case. The generation of
`f16` values into test files is also fixed because `acosh` requires the
value to be `>= 1.0`
Bug: tint:1581
Change-Id: Iba2ca4d9d114034845475679346f042c8c66e571
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109341
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
The generator script was not using the test values for `f16`, they
always got a zero initialization. This CL fixes the script to generate
`f16` values.
Change-Id: I95e8f2c7007251a646de05b4f7fe0aad14e740f8
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109342
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
BUG=tint:1755
Change-Id: Ia6098a3149f0ab769f2a904b84522c2c252e6682
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109300
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
This CL adds const-eval for pack and unpack of 2x16 float values.
Bug: tint:1581
Change-Id: I59a1925148124e628c3771ca96d309fad045f27d
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109280
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
This CL adds a `from_bits` method to the f16 number to allow converting
a uint16_t representation to a f16.
Bug: tint:1581
Change-Id: I80882e74a88411963f0e30423a72cfca40370af1
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109201
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: dan sinclair <dsinclair@google.com>
Discard statements no longer affect the behavior or uniformity
analysis. Update the resolver, validator, and several tests to reflect
this.
Some E2E tests were removed as they had loops that are now considered
to be infinite.
Use the DemoteToHelper transform to emulate the correct semantics on
platforms where discard is (or may) terminate the invocation in a
manner that would affect derivative operations.
We no longer need the UnwindDiscardFunctions transform for HLSL, which
already implements the correct semantics. However, we still run the
DemoteToHelper transform for the HLSL backend due to issues with FXC's
handling of discard statements (see crbug.com/tint/1118).
Fixed: tint:1723
Change-Id: Ib49ff187919ae81c4af8675e1b66acd57e2ff7d2
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109003
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
We just need to skip these.
Bug: tint:1723
Change-Id: I311fe0432ecf1f69936eaf08eb57123a6a738175
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109340
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
The updated WGSL validation rule now requires that the memory view of
the argument matches its root identifier.
This allows for code like this:
let p = &v;
foo(p);
Fixed: tint:1754, tint:1734
Change-Id: I3239ec84e1c06398a6ce5bebb1e0b28986764bc6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109221
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
This transform implements demote-to-helper semantics for discard
statements, by setting a global flag and masking any writes to
host-visible memory.
Bug: tint:1723
Change-Id: I619c5661c6ffcc6978aa4f7635b0d680d83de3dd
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109002
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
This is now a well-defined term in the WGSL spec, so we should use it.
Change-Id: Icc46a77f0a465afbfd39cdaec84e506b143c8c0c
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109220
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Auto-Submit: James Price <jrprice@google.com>
This CL fix insertBits polyfill to handle with the left-shifting
behavior in HLSL, i.e. `(1u << 32u) == (1u << 0u) == 1u` where we want
the result to be `0u`.
Fixed: tint:1743
Change-Id: Ibb82abe4ab2f76dbb0fa06057fb19f15f961d969
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108166
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
If count is highest and offset is non-zero, or vice-versa, we'd overflow
the count + offset > bit-width check. This CL fixes this case.
Bug: tint:1581
Bug: chromium:1381810
Change-Id: I6ee60ec1a13230fca6f4bb6407cd33bcc6730eb7
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109162
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
BUG=tint:1753
Change-Id: Ia41db957422c069a195eb732e8b0ec43cd3b96ba
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109140
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
In preparation for SPIRV-Tools change where its internals
use the C++11 headers.
This patch works with SPIRV-Tools using the old C header
and using the C++11 header.
This patch includes some complex machinery inside "three_sided_patch"
namespaces that can be removed after third_party/vulkan-deps/spirv-tools has
fully transitioned into using the C++11 headers.
Change-Id: I36f358fe3edcc5e613625708017fb8d7919c40c6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108780
Reviewed-by: Alan Baker <alanbaker@google.com>
Commit-Queue: David Neto <dneto@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This CL removes the logic to handle fallthrough in the AST fuzzer.
Bug: tint:1644
Change-Id: Ie636e2377bed8acfd7a644d2af6827efaf37a60e
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109000
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Wang Qing
Dawn Autoroller
Ben Clayton
Antonio Maiorano
Ryan Harrison
David Neto
dan sinclair
James Price
Zhaoming Jiang
Jiawei Shao