There's a reason the overload of `ctx.Replace()` that takes a pointer to the replacement is deprecated - it doesn't play well when used as part of another replacement.
Switch to using the callback overload of Replace() to fix bad transform output.
Bug: tint:1386647
Change-Id: I94292eeb65d24d7b2446b16b8b4ad13bdd27965a
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/111000
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Passing a dereferenced value from Hashmap::Find() directly into Hashmap::Add() is a potential cause of UAF, as the insertion may reallocate the map, invalidating the input reference.
I'll try to think of ways to make this foot-gun harder to do, but this CL fixes the immediate bug found by fuzzers.
Bug: chromium:1383755
Change-Id: I4f8b2fcb0745b008a47ef9947c330afb9ac4e78f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/110020
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Discard statements no longer affect the behavior or uniformity
analysis. Update the resolver, validator, and several tests to reflect
this.
Some E2E tests were removed as they had loops that are now considered
to be infinite.
Use the DemoteToHelper transform to emulate the correct semantics on
platforms where discard is (or may) terminate the invocation in a
manner that would affect derivative operations.
We no longer need the UnwindDiscardFunctions transform for HLSL, which
already implements the correct semantics. However, we still run the
DemoteToHelper transform for the HLSL backend due to issues with FXC's
handling of discard statements (see crbug.com/tint/1118).
Fixed: tint:1723
Change-Id: Ib49ff187919ae81c4af8675e1b66acd57e2ff7d2
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/109003
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
This CL moves reserved words from a deprecation to an error.
Bug: tint:1463
Change-Id: I5c66baa15dc748215877c8152171c690495bc0c2
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108861
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Replace the ShouldRun() method with Apply() which will do the
transformation if it needs to be done, otherwise returns
'SkipTransform'.
This reduces a bunch of duplicated scanning between the old ShouldRun()
and Transform().
This change also adjusts code style to make the transforms more
consistent.
Change-Id: I9a6b10cb8b4ed62676b12ef30fb7764d363386c6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107681
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Involves expanding the source range of a variable declaration so we can point at something that can include the 'const'.
Fixed: tint:1740
Change-Id: Ie8f784de34a1792002aaa708c1b77053be54f1b5
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108120
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
This CL make transform AddBlockAttribute always try to wrap types used
by buffer variables into a struct, in order to generate valid GLSL code
for assigning one buffer struct variable to another buffer struct
variable.
Fixed: tint:1735
Change-Id: I009d8a9ca7ecea1dc0ad6164275c964a18acb33f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/108023
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Renames all symbols
Add a test for tint:1725
Bug: tint:1725
Change-Id: Idac45c677d15361d76510068ad756e2f9bffacb0
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106880
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
...to `min(max(e, low), high)` as defined by the WGSL spec.
Fixed: tint:1479
Fixed: tint:1539
Change-Id: I39406d5256a155a781e44bd9d6081ce7a9bf5a68
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107640
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Ben Clayton <bclayton@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
I got the rules around this wrong. This should be allowed, but the array types cannot compare equal if they are unnamed override-expressions.
Fixed tint:1737
Change-Id: I83dc49703eed015e9c183e804474886da5dad7b9
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107685
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
For "vec3(vec3<T>) -> vec3<T>", this CL makes T also include abstract
int and float (all scalars).
Bug: tint:1731
Change-Id: I776c7ba6872c3d680982dbec6b0970389e720611
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107540
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
This CL adds const-eval for the `sign` builtin.
Bug: tint:1581
Change-Id: I5d9bfd3f3f742bcba69fbb0d7f47dc57ce18e134
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107460
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Attempting to paper over all the MSL standard library holes for packed_vector in the MSL writer added complexity to the writer, produced messy output, and didn't actually catch all the cases where casts were needed.
Add a new PackedVec3 transform that applies the packed_vector -> vec casts in a smarter, more precise way.
Fixed: tint:1534
Change-Id: I73ce7e5a62fbc9cb04e1093133070f5fb8965dce
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107340
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
To match the spec.
Also add a bunch of missing texture test cases to
src/tint/ast/builtin_texture_helper_test.cc. Fix all the tests that were
broken because these were not being exercised.
Fixed: tint:1526
Change-Id: I207b51d307bbdc054b595e0e0e0fd3330607e171
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106681
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This CL removes the parsing of a `-` in front of numerics when lexed.
This will cause the number to become a UnaryOperator negation then the
number instead of a negative number.
Bug: tint:1679, tint:1141, tint:1570
Change-Id: I217c0ffcbe5be934c8d56bd83141b47ade83bc60
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106463
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
This CL fix the spv code generated for atomicCompareExchangeWeak,
specifically the emulated `exchanged` field of the returned struct.
It should be true if and only if the `old_value`, i.e. the return value
of spv `OpAtomicCompareExchange`, equals to the comparator, rather than
equals to new value.
Fixed: tint:1663
Change-Id: I1cb0de6bb6b90ae681f5053b8bdd6f6b247146f6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/107180
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
DXC will bail if these get too deeply nested (~256).
This is also a risk for stack-overflows, so apply a limit agreed by the
WGSL working group.
Fixed: tint:1518
Change-Id: Idacdba85b36b27a0a89a3a7958fd4c6cce7dc84d
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/105964
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
This CL adds support for `break-if` to Tint.
Bug: tint:1633, tint:1451
Change-Id: I30dfd62a3e09255624ff76ebe0cdd3a3c7cf9c5f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106420
Auto-Submit: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: dan sinclair <dsinclair@google.com>
Rules for shift left of concrete values are now split between signed and
unsigned. Shifting unsigned values no longer fails with "sign change"
errors. Furthermore, shifting unsigned values must only shift out 0s.
See https://github.com/gpuweb/gpuweb/pull/3539.
Bug: tint:1701
Bug: tint:1717
Change-Id: Iba2799f4b02cdc77cc58a6c7c104aaa408f0f0f9
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106381
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
In WGSL, we can shift left abstracts by >= 64, as long as the result is
representable in the data type we choose for it. When shifting 0, we can
shift by any positive u32 value (result is always 0), but in C++, it's
UB to shift by more than the bit width of the data type, so we need to
handle this. This bug was caught by ClusterFuzz.
Bug: chromium:1372963
Change-Id: I638ca190b93538908ca6472f3735627ea8531c5a
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/106266
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
This CL rearranges testcases for E2E test/tint/bug/chromium/1367602,
now it has testcases for both function, private, and storage address
space array variable, with and without explicit initializer, and array
count less than 65536.
Bug: chromium:1367602
Change-Id: Ica0ec9c36586bc7eae0d46473575284e9b734092
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/105282
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Zhaoming Jiang <zhaoming.jiang@intel.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
Similar to the handling of packed values in the arithmetic operators
the shift operators need to cast to the unpacked type before doing the
as_type casts.
Bug: tint:1542
Change-Id: I4289c45ab0a067ce122f61675fe5e251a83b6f8b
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/105720
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Demonstrates that this is not an issue.
Fixed: tint:1563
Change-Id: I5a33e6805cf0a5c52a6306f6d7e5949cee5636a5
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/105641
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
In 104681 the vectors were cast to themselves to fixup an issue
with `packed_int`. That CL used an `as_type` which does a bit cast.
A `packed_int` can not be bitcast to an `int`. This CL changes to
a type cast, so instead of `as_type<int3>()` it does `int3()`.
Bug: tint:1677
Change-Id: I72218c06853e4e5ae1a0d34e2fc3e1ca597de993
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/104682
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Auto-Submit: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
This CL adds element count limits to arrays. In FXC there is a maximum
of 65536 elements in an array. This limit is not yet in WGSL, but adding
this here allows us to fix the issue with large arrays and GLSL.
Bug: chromium:1367602
Change-Id: I7df9d3e4f6c3e5107420d5f8e576d1f33e453161
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/104240
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Currently in the MSL backend we cast int values to uint in order to get
the correct WGSL behaviour for over/under flow. This fails in the case
of host shareable buffers as they use `packed` types which need to get
cast to the non-packed version first.
Bug: tint:1677
Change-Id: I57b70abaa8ca614472a26d63f19c1aef2bd64668
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/103986
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Dan Sinclair <dsinclair@chromium.org>
I added the forcing of the "loop" attribute to all loops to address FXC
failing on uniformity errors related to gradients in loops. Since then,
Tint now implements UA and it recently became an error, so we no longer
need this hack. As a result, FXC is now better able to cope with loops
that it determines executes 0 times.
Most e2e tests are affected because so many use loops, but 27 tests that
were previously failing are now passing with this change:
tint/bug/tint/1538.wgsl.expected.fxc.hlsl
tint/bug/tint/1604.wgsl.expected.fxc.hlsl
tint/bug/tint/1605.wgsl.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserCFGTest_ClassifyCFGEdges_LoopBreak_FromLoopHeader_SingleBlockLoop_TrueBranch.spvasm.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserCFGTest_ComputeBlockOrder_Loop_HeaderHasBreakUnless.spvasm.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserCFGTest_EmitBody_IfSelection_TrueBranch_LoopBreak.spvasm.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserCFGTest_FindIfSelectionInternalHeaders_TrueBranch_LoopBreak_Ok.spvasm.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserFunctionVarTest_EmitStatement_Phi_MultiBlockLoopIndex.spvasm.expected.fxc.hlsl
tint/unittest/reader/spirv/SpvParserFunctionVarTest_EmitStatement_Phi_SingleBlockLoopIndex.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/cov-dead-code-unreachable-merge/0-opt.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/cov-dead-code-unreachable-merge/0-opt.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/similar-nested-ifs/0-opt.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/similar-nested-ifs/0-opt.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/spv-load-from-frag-color/1.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/spv-load-from-frag-color/1.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-false-if-discard-loop/0.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-false-if-discard-loop/0.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-fragcoord-less-than-zero/0.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-fragcoord-less-than-zero/0.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-fragcoord-less-than-zero/1.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-fragcoord-less-than-zero/1.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-with-loop-read-write-global/0-opt.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-with-loop-read-write-global/0-opt.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-with-loop-read-write-global/1.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/stable-binarysearch-tree-with-loop-read-write-global/1.wgsl.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/write-red-after-search/0-opt.spvasm.expected.fxc.hlsl
tint/vk-gl-cts/graphicsfuzz/write-red-after-search/0-opt.wgsl.expected.fxc.hlsl
Bug: tint:1522
Bug: tint:1538
Bug: tint:1604
Bug: tint:1605
Change-Id: I530b846b6b8df122ab351ff7b85d3e1c9ac11526
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/104121
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Antonio Maiorano <amaiorano@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
These have been warnings for multiple months.
Time to properly turn this on.
Bug: tint:880
Change-Id: I3b38f672309b5acd48c12a38dc5a1675f3c62470
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/103480
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Dan Sinclair <dsinclair@chromium.org>
This CL fixes the usage of overrides in array sizes. Currently
the usage will generate a validation error as we check that the
array size is const.
Bug: tint:1660
Change-Id: Ibf440905c30a73b581d55b0c071b8621b61605e6
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/101900
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: dan sinclair <dsinclair@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>