Commit Graph

28 Commits

Author SHA1 Message Date
Ryan Harrison d21ebe74bd Suppress "Wreserved-identifier" for the AST Fuzzer
This is a check that has been added to newer versions of clang and is
tripping for me locally. The actual issue is in code being generated
by protobuf.

Updating protobufs has cross-dependency issues with spriv-tools, so is
non-trivial. There is already a special case suppression for internal
protobuf issues, so I am just adding to the carve out.

BUG=tint:1419

Change-Id: I3ecd111a778fb4c65a113382ded8d6160deab462
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/79841
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2022-02-08 21:37:56 +00:00
Ben Clayton 01e4b6fc18 wgsl: Replace [[decoration]] with @decoration
Deprecate the old syntax. Migrate everything to the new syntax.

Bug: tint:1382
Change-Id: Ide12b2e927b17dc93b9714c7049090864cc568d3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/77260
Reviewed-by: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: David Neto <dneto@google.com>
2022-01-19 22:46:57 +00:00
Ryan Harrison 1c1b9762ce Add tests for fuzzers::RandomGenerator
BUG=tint:1019

Change-Id: Ia462080877a97348c5589bfa71231a832a7ebfd3
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/70081
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
2021-11-24 14:55:05 +00:00
Ben Clayton 6595b386b5 ast: Rename 'array accessor' to 'index accessor'
This cleans up the remnants of ArrayAccessorExpression which was renamed
in a838bb718.

Change-Id: Ie2c67a49e63774d8b153ec17c3185652708a91e5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/68942
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
2021-11-10 19:23:07 +00:00
Ben Clayton a838bb718b ast: Rename ArrayAccessorExpression to IndexAccessorExpression
The object is not always an array. The index can be applied to vectors
too.

Change-Id: Ifb63d1862090d28cb48d692870e9dd01ddbce5df
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/68841
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
2021-11-09 09:35:00 +00:00
Ben Clayton a9156ff091 Rework Resolver so that we construct semantic types in a single pass.
The semantic nodes cannot be fully immutable, as they contain cyclic
references. Remove Resolver::CreateSemanticNodes(), and instead
construct and mutate the semantic nodes in the single traversal pass.

Give up on trying to maintain the 'authored' type names (aliased names).
These are a nightmare to maintain, and provided limited use.

Significantly simplfies the Resolver, and allows us to generate more
semantic to semantic references, reducing sem -> ast -> sem hops.

Note: This change introduces constant value propagation across constant
variables. This is unlocked by the earlier construction of the
sem::Variable.

Change-Id: I592092fdc47fe24d30e512952511c9ab7c16d7a1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/68406
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
2021-11-05 16:51:38 +00:00
Ryan Harrison 8645953be2 Refactor Inspector fuzzing
It is always on now when using tint::CommonFuzzer, and runs before &
after the transform step.

This CL also adds missing API coverage to the Inspector fuzzing code.

Errors found with the Inspector are now reported as fuzzer failures
and should generate bug reports.

BUG=tint:1250,tint:1251,tint:1250

Change-Id: I1c1bcbddf81a35620f89c5b7a648c44e6a1f2952
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66980
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
2021-10-20 05:01:03 +00:00
Ben Clayton 8648120bbe Make all ast and sem pointers const
And remove a whole load of const_cast hackery.

Semantic nodes may contain internally mutable fields (although only ever modified during resolving), so these are always passed by `const` pointer.

While all AST nodes are internally immutable, we have decided that pointers to AST nodes should also be marked `const`, for consistency.

There's still a collection of const_cast calls in the Resolver. These will be fixed up in a later change.

Bug: tint:745
Change-Id: I046309b8e586772605fc0fe6b2d27f28806d40ef
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66606
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Reviewed-by: David Neto <dneto@google.com>
2021-10-19 18:38:54 +00:00
Ben Clayton 4f3ff57c28 ast: Keep style consistent
Methods and functions are `CamelCase()`
Public fields are `snake_case` with no trailing `_`
Private fields are `snake_case` with a trailing `_`

Remove pointless getters on fully immutable fields.
They provide no value, and just add `()` noise on use.

Remove unused methods.

Bug: tint:1231
Change-Id: If32efd039df48938efd5bc2186d51fe4853e9840
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/66600
Reviewed-by: David Neto <dneto@google.com>
Commit-Queue: Ben Clayton <bclayton@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
2021-10-15 17:33:10 +00:00
Ryan Harrison 71763c84c2 Update remaining fuzzers to use TransforBuilder
Missed some fuzzers in my last fix, because I was trying to git grep
between repos...

This should fix any outstanding issues with
NULL being passed into SetTransformManager in TintCommonFuzzer.

BUG=chromium:1255313

Change-Id: Idf71bc34bb75041accec303df3da0bc6f9cd15cc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65940
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-10-05 19:19:26 +00:00
Ryan Harrison c57642cbd5 Refactor fuzzer transform generation
Also splits out various utility classes from tint_common_fuzzer and
uses consistent naming for utility classes.

BUG=tint:1106

Change-Id: Ic343741eea799366850c46834865d50885554a84
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/65301
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>
2021-09-30 18:58:32 +00:00
Ryan Harrison 5dc0ea7cce Unify fuzzer random number generation into a single class
BUG=tint:1098

Change-Id: I84931804515487d931bbbb5f0d5239d03ca76dfc
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63300
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Alastair Donaldson <afdx@google.com>
2021-09-03 00:59:35 +00:00
Alastair Donaldson 44a0adf9b4 Fuzzers: Avoid passing target backend as parameter
Changes various fuzz targets so that the target back-end language (HLSL,
MSL, SPIR-V or WGSL) is no longer passed as a command line argument, but
instead baked into the fuzzer's binary. This avoids a problem whereby a
ClusterFuzz bug reproducer does not use the required back-end command
line argument.

Change-Id: I64402a23391ca0f24c9d1ffd2aa2f218cc7106b1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/63163
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-08-31 22:07:17 +00:00
Shiyu Liu 36747d7046 Remove const from GetNode return type
This is to make sure that compiler won't crash when creating data
types using the result from GetNode function from node_id_map.

Change-Id: I96fad13d3494de4808e29d6952e5e88e697f8516
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61381
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Paul Thomson <paulthomson@google.com>
Commit-Queue: Paul Thomson <paulthomson@google.com>
2021-08-11 16:43:45 +00:00
Vasyl Teliman 4ebede411e Run fuzzer unit tests in Kokoro
This CL adjusts the scripts to be able to run AST and regex
fuzzer unit tests in Kokoro. Only clang is supported for now.

Change-Id: Ibc9ebb9cf0dc40f47317abf88875aa738811919d
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61642
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
2021-08-11 14:10:05 +00:00
Ryan Harrison 5085efb748 Add robustness pass to ast and regex fuzzers
Fixed: tint:1104
Change-Id: I4ea3aa283c1c4b5e55f507dbc104b21c8bedb63b
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61521
Auto-Submit: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: James Price <jrprice@google.com>
2021-08-11 13:02:45 +00:00
Shiyu Liu 0c22b1aaea Update node_id_map & FindMutators structure
Added function in node_id_map to check a given id is valid and fresh.

Currently, the structure of FindMutators declares node_id_map as const, which causes issues when we want to call `GetFreshId` from the argument that is passed by reference. A simple work around is to pass a non-const node_id_map as argument directly. That way `GetFreshId` function in node_id_map can continue to be non-const and conveniently update next fresh id whenever a fresh id has been taken.

Change-Id: Ia7e1d247cf92dfefd2ef7e7c1b4bf32363d9ce3f
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61100
Reviewed-by: Paul Thomson <paulthomson@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Paul Thomson <paulthomson@google.com>
2021-08-10 16:43:15 +00:00
Vasyl Teliman 32e905f4cb Fix infinite loop
Fix the infinite loop caused by 6e459fecb7.
That commit changed the behaviour of a sem::Statement::Block method for
sem::BlockStatement instances. Now, the method returns the block itself
instead of the outer block which causes an infinite loop when iterating
over a chain of blocks.

Change-Id: I0eab3f7f166dbe38477bbefd222edb9cf0da53b5
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61060
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-08-07 17:33:20 +00:00
Vasyl Teliman badec55068 Fix null char in AST fuzzer
There is no need to take the null char into account when copying
mutated data with memcpy in AST fuzzer.

Change-Id: I78530c3679a31f252d2eaebd6de2a1261d346a57
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59449
Auto-Submit: Vasyl Teliman <vasniktel@gmail.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-07-26 11:25:17 +00:00
Ben Clayton b29396e472 fuzzers: Don't pointlessly format diagnostics
Fuzzers like to generate silly long source, and formatting large spans of these can take considerable time.
Only format the diagnostic if it is going to be displayed.

Significantly speeds up some fuzzing tests, fixing some timeouts.

Also add a minor optimization to the formatter repeat() implementation.

Fixed: chromium:1230313
Change-Id: Ib1f6ac0b31010f86cb7f4e1432dc703ecbe52cb0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58841
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2021-07-20 14:39:50 +00:00
Ben Clayton 890363145a fuzzers: Fix function not returning a value warning
This was preventing the dawn -> chromium autoroller

Change-Id: Iea260e8b454766e08cdb69cea65222391a4022bd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58680
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Auto-Submit: Ben Clayton <bclayton@google.com>
2021-07-19 09:35:19 +00:00
Alastair Donaldson 86dc88725a Add gn build support for spirv-tools + AST fuzzers
Allows the new transformation-based fuzzers to be built using gn, so
that they can be deployed on ClusterFuzz.

Fixes: tint:1002
Fixes: tint:1006

Change-Id: Ib9624e507e40836541eb424e710705345a198db1
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58387
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2021-07-16 20:56:55 +00:00
Vasyl Teliman fa4d4341f4 Fix AST fuzzer message serialization
Currently, AST fuzzer requires that all fuzzed binaries are serialized protobuf messages.
In principle, we don't need this when we don't record mutations (which is the case right
now). Hence, this CL removes that requirement.

Change-Id: Ibe677d1ac7d34d640d6e3a368af50df5b4fe474a
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58225
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
2021-07-16 17:50:04 +00:00
Vasyl Teliman 979a0b4446 Fix CLI parameters in fuzzers
This CL changes the prefix of CLI parameters in AST and SPIRV-Tools
fuzzers from `--` to `-` to make these fuzzers compatible with ClusterFuzz.
Additionally, a `tint_` prefix was added to all CLI arguments to prevent their
name collisions with LibFuzzer arguments.

Change-Id: Id2e087e59f04b495d5a7edb3b62d55de652c1acd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58226
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Alastair Donaldson <afdx@google.com>
Commit-Queue: Alastair Donaldson <afdx@google.com>
2021-07-16 10:26:34 +00:00
Vasyl Teliman 365af046ca Fix SPIRV-Tools fuzzer
This CL fixes a regression in SPIRV-Tools fuzzer after the changes in https://dawn-review.googlesource.com/c/tint/+/57101. Additionally, a bunch of sanity fixes are added to the CommonFuzzer.

Change-Id: Ie6512ddca20572d23634c4b5265b39540a42b4bd
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/58224
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Ben Clayton <bclayton@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
2021-07-16 09:25:14 +00:00
James Price 5db7d38c13 fuzzers: Switch AST fuzzers to new generator API
Change-Id: If9f843a318be6e9bbb44bc852814811a5e42baf0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57980
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-07-14 12:49:32 +00:00
Ben Clayton 8751227258 fuzzers: Disable clang warning for clang 12
Fixes build when using clang 12

Change-Id: Ia60e8690e0b6dbe7c33879dfdf1b41bfcf71f6f6
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/57884
Auto-Submit: Ben Clayton <bclayton@google.com>
Commit-Queue: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
2021-07-13 20:04:51 +00:00
Vasyl Teliman c6bcab02fd Implement AST fuzzer
This change implements a new fuzzer. It mutates a WGSL shader by traversing
the AST of a program and applying various transformations that might or might not
be semantics preserving.

Change-Id: I6b144bd1067444c3f0b815ba1a646aaf6e739b52
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/52160
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Alastair Donaldson <allydonaldson@googlemail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
2021-07-13 12:01:25 +00:00